Accepting request 1321757 from devel:libraries:c_c++

- Update to 0.15.0:
  * Significant changes:
    - Integrated SLH-DSA implementation from pq-code-package/slhdsa-c
    - SLH-DSA ACVP tests (#2237)
    - Integrate SLH-DSA-C Library (#2175)
    - Added NTRU back (#2176)
    - Removed all Dilithium implementations (#2275)
    - Replaced SPHINCS+ with SLH-DSA for CMake build option
      OQS_ALGS_ENABLED=STD (#2290)
    - Updated CROSS to version 2.2 (#2247)
    - Included DeriveEncapsulation functionality (#2221)
    - Integrated ML-KEM implementation from ICICLE-PQC (#2216)
  * Bug fixes:
    - Fixed erroneously disabled LMS variants with build flag
      OQS_ENABLE_SIG_STFL_LMS (#2310)
    - Fixed incorrect import in OV-III-pkc_skc (#2299)
    - Fixed incorrect actual signature length in signature full-cycle
      speed test (#2293)
    - Fixed ICICLE ML-KEM integration (#2288)
    - Disabled strict aliasing on SPHINCS+-SHAKE (#2264)
    - Fixed uninitialized length_encaps_seed for NTRU implementations (#2266)
    - Changed 64 bit add to 32 bit add to wrap on 32 bit counter for
      AES-CTR AES-NI implementation (#2252)
    - Improved random number generator security (#2225)
    - Added Classic McEliece sanitization patch (#2218)
  * Miscellaneous:
    - Deprecated noregress scripts (#2295)
    - Updated no-pass explanation for constant-time testing (#2294)
    - Re-enabled all ACVP tests (#2283)
    - Updated license info for ML-KEM (#2250) (forwarded request 1321746 from pmonrealgonzalez)

OBS-URL: https://build.opensuse.org/request/show/1321757
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/liboqs?expand=0&rev=20

0.15.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3983f7cd1247f37fb76a040e6fd684894d44a84cecdcfbdb90559b3216684b5c
+size 57000994

baselibs.conf

@@ -1,2 +1,2 @@
-liboqs7
+liboqs9
 liboqs-devel

liboqs-fix-prototypemismatch.patch

@@ -1,18 +1,20 @@
-Index: liboqs-0.13.0/src/kem/frodokem/kem_frodokem.h
+Index: liboqs-0.15.0/src/kem/frodokem/kem_frodokem.h
 ===================================================================
---- liboqs-0.13.0.orig/src/kem/frodokem/kem_frodokem.h
-+++ liboqs-0.13.0/src/kem/frodokem/kem_frodokem.h
-@@ -12,10 +12,10 @@
- #define OQS_KEM_frodokem_640_aes_length_shared_secret 16
+--- liboqs-0.15.0.orig/src/kem/frodokem/kem_frodokem.h
++++ liboqs-0.15.0/src/kem/frodokem/kem_frodokem.h
+@@ -13,11 +13,11 @@
  #define OQS_KEM_frodokem_640_aes_length_keypair_seed 0
+ #define OQS_KEM_frodokem_640_aes_length_encaps_seed 0
  OQS_KEM *OQS_KEM_frodokem_640_aes_new(void);
 -OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(uint8_t *public_key, uint8_t *secret_key);
 -OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed);
 -OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+-OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps_derand(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key, const uint8_t *seed);
 -OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
 +OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(unsigned char *public_key, unsigned char *secret_key);
 +OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair_derand(unsigned char *public_key, unsigned char *secret_key, const unsigned char *seed);
 +OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(unsigned char *ciphertext, unsigned char *shared_secret, const unsigned char *public_key);
++OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps_derand(unsigned char *ciphertext, unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *seed);
 +OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(unsigned char *shared_secret, const unsigned char *ciphertext, const unsigned char *secret_key);
  #endif
  

liboqs.changes

@@ -1,3 +1,70 @@
+-------------------------------------------------------------------
+Tue Dec  9 08:34:02 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 0.15.0:
+  * Significant changes:
+    - Integrated SLH-DSA implementation from pq-code-package/slhdsa-c
+    - SLH-DSA ACVP tests (#2237)
+    - Integrate SLH-DSA-C Library (#2175)
+    - Added NTRU back (#2176)
+    - Removed all Dilithium implementations (#2275)
+    - Replaced SPHINCS+ with SLH-DSA for CMake build option
+      OQS_ALGS_ENABLED=STD (#2290)
+    - Updated CROSS to version 2.2 (#2247)
+    - Included DeriveEncapsulation functionality (#2221)
+    - Integrated ML-KEM implementation from ICICLE-PQC (#2216)
+  * Bug fixes:
+    - Fixed erroneously disabled LMS variants with build flag
+      OQS_ENABLE_SIG_STFL_LMS (#2310)
+    - Fixed incorrect import in OV-III-pkc_skc (#2299)
+    - Fixed incorrect actual signature length in signature full-cycle
+      speed test (#2293)
+    - Fixed ICICLE ML-KEM integration (#2288)
+    - Disabled strict aliasing on SPHINCS+-SHAKE (#2264)
+    - Fixed uninitialized length_encaps_seed for NTRU implementations (#2266)
+    - Changed 64 bit add to 32 bit add to wrap on 32 bit counter for
+      AES-CTR AES-NI implementation (#2252)
+    - Improved random number generator security (#2225)
+    - Added Classic McEliece sanitization patch (#2218)
+  * Miscellaneous:
+    - Deprecated noregress scripts (#2295)
+    - Updated no-pass explanation for constant-time testing (#2294)
+    - Re-enabled all ACVP tests (#2283)
+    - Updated license info for ML-KEM (#2250)
+    - Added Poutine SASL (#2213)
+    - Updated ACVP to 1.1.0.40 (#2172)
+    - Switched to dev mode for 0.14.1 (#2199)
+  * Deprecation notice: liboqs 0.15.0 is the last version to officially
+    support SPHINCS+. SPHINCS+ will be removed in the 0.16.0 release and
+    replaced by SLH-DSA. liboqs 0.15.0 also removes support for Dilithium.
+  * Rebase liboqs-fix-prototypemismatch.patch
+
+-------------------------------------------------------------------
+Thu Jul 10 19:15:53 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- Updated to 0.14.0:
+  * Key encapsulation mechanisms:
+    - HQC: Disabled compiler optimizations to avoid secret-dependent branching in certain configurations. HQC remains disabled by default.
+    - ML-KEM: Updated the default ML-KEM implementation to [PQCP's mlkem-native v1.0.0](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.0.0).
+  * Digital signature schemes:
+    - New API: added an API function to check if a signature scheme supports signing with a context string.
+    - SNOVA: added [SNOVA](https://snova.pqclab.org/) from NIST Additional Signature Schemes Round 2.
+
+  * Other changes:
+     - Added an AVX512VL-optimized backend for SHA3.
+     - Improved memory management throughout the codebase.
+
+- CVE-2025-52473: Disabled compiler optimizations for HQC to avoid
+  secret-dependent branches. Thank you to Zhenzhi Lai and Zhiyuan Zhang
+  from from the University of Melbourne and the Max Planck Institute
+  for Security and Privacy for identifying the issue. (bsc#1246301)
+- new major library version liboqs.so.8
+
+-------------------------------------------------------------------
+Thu Jun 26 15:21:36 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- enable testsuite
+
 -------------------------------------------------------------------
 Mon May 12 09:30:45 UTC 2025 - Marcus Meissner <meissner@suse.com>
 

liboqs.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package liboqs
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,8 +16,9 @@
 #
 
 
+%define         liboqs_sover 9
 Name:           liboqs
-Version:        0.13.0
+Version:        0.15.0
 Release:        0
 Summary:        C library for quantum-resistant cryptographic algorithms
 License:        MIT
@@ -27,27 +28,32 @@ Source:         https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{
 Source1:        baselibs.conf
 Patch0:         liboqs-fix-build.patch
 Patch1:         liboqs-fix-prototypemismatch.patch
+#PATCH-FIX-OPENSUSE boo#1101107 Do not embed the buildhost's kernel version
 Patch2:         reproducible.patch
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  libopenssl-devel
+# for tests
+BuildRequires:  python3-pytest
+BuildRequires:  python3-PyYAML
+BuildRequires:  python3-pytest-xdist
 
 %description
 liboqs is a C library for quantum-resistant cryptographic algorithms.
 See the bundled README.md for particular limitations on intended use.
 
-%package -n liboqs7
+%package -n liboqs%{liboqs_sover}
 Summary:        C library for quantum-resistant cryptographic algorithms
 Group:          System/Libraries
 
-%description -n liboqs7
+%description -n liboqs%{liboqs_sover}
 liboqs is a C library for quantum-resistant cryptographic algorithms.
 See the bundled README.md for particular limitations on intended use.
 
 %package devel
 Summary:        Headers for liboqs, a library for quantum-resistant cryptography
 Group:          Development/Languages/C and C++
-Requires:       liboqs7 = %{version}
+Requires:       liboqs%{liboqs_sover} = %{version}
 
 %description devel
 liboqs is a C library for quantum-resistant cryptographic algorithms.
@@ -73,19 +79,24 @@ popd
 # need to find out what cmake option is needed
 mv %{buildroot}%{_prefix}/local/* %{buildroot}%{_prefix}
 
-#if [ "%{_lib}" != "lib" ]; then
-  # mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir}
+#if [ "%%{_lib}" != "lib" ]; then
+  # mv %%{buildroot}%%{_prefix}/lib %%{buildroot}%%{_libdir}
 #fi
 
 rmdir %{buildroot}%{_prefix}/local/
 
-%post -n liboqs7 -p /sbin/ldconfig
-%postun -n liboqs7 -p /sbin/ldconfig
+%check
+pushd build
+make run_tests
+popd
 
-%files -n liboqs7
+%post -n liboqs%{liboqs_sover} -p /sbin/ldconfig
+%postun -n liboqs%{liboqs_sover} -p /sbin/ldconfig
+
+%files -n liboqs%{liboqs_sover}
 %license LICENSE.txt
-%{_libdir}/liboqs.so.%version
-%{_libdir}/liboqs.so.7
+%{_libdir}/liboqs.so.%{version}
+%{_libdir}/liboqs.so.%{liboqs_sover}
 %doc README.md
 
 %files devel