Compare commits
2 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
d39ac181a5
|
|||
|
25ae60cd6f
|
BIN
libsodium-1.0.20.tar.gz
LFS
BIN
libsodium-1.0.20.tar.gz
LFS
Binary file not shown.
Binary file not shown.
BIN
libsodium-1.0.21.tar.gz
LFS
Normal file
BIN
libsodium-1.0.21.tar.gz
LFS
Normal file
Binary file not shown.
BIN
libsodium-1.0.21.tar.gz.sig
Normal file
BIN
libsodium-1.0.21.tar.gz.sig
Normal file
Binary file not shown.
49
libsodium-Fix-compilation-with-GCC-on-aarch64.patch
Normal file
49
libsodium-Fix-compilation-with-GCC-on-aarch64.patch
Normal file
@@ -0,0 +1,49 @@
|
||||
From 6702f69bef6044163acc7715e6ac7e430890ce78 Mon Sep 17 00:00:00 2001
|
||||
From: Frank Denis <github@pureftpd.org>
|
||||
Date: Wed, 7 Jan 2026 12:00:49 +0100
|
||||
Subject: [PATCH] Fix compilation with GCC on aarch64
|
||||
|
||||
Use unsigned NEON intrinsics everywhere
|
||||
|
||||
Fixes #1502
|
||||
|
||||
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
|
||||
---
|
||||
src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
|
||||
index c5a27e92..bad4ce38 100644
|
||||
--- a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
|
||||
+++ b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
|
||||
@@ -37,7 +37,7 @@ typedef uint64x2_t BlockVec;
|
||||
# define XOR128_3(a, b, c) veorq_u64(veorq_u64((a), (b)), (c))
|
||||
# define SET64x2(a, b) vsetq_lane_u64((uint64_t) (a), vmovq_n_u64((uint64_t) (b)), 1)
|
||||
# define BYTESHL128(a, b) \
|
||||
- vreinterpretq_u64_u8(vextq_s8(vdupq_n_s8(0), vreinterpretq_s8_u64(a), 16 - (b)))
|
||||
+ vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(a), 16 - (b)))
|
||||
|
||||
# define AES_XENCRYPT(block_vec, rkey) \
|
||||
vreinterpretq_u64_u8( \
|
||||
@@ -348,12 +348,12 @@ pfx_set_bit(uint8_t ip16[16], const unsigned int bit_index, const uint8_t bit_va
|
||||
static void
|
||||
pfx_shift_left(uint8_t ip16[16])
|
||||
{
|
||||
- BlockVec v = LOAD128(ip16);
|
||||
- const BlockVec shl = vshlq_n_u8(vreinterpretq_u8_u64(v), 1);
|
||||
- const BlockVec msb = vshrq_n_u8(vreinterpretq_u8_u64(v), 7);
|
||||
- const BlockVec zero = vdupq_n_u8(0);
|
||||
- const BlockVec carries = vextq_u8(vreinterpretq_u8_u64(msb), zero, 1);
|
||||
- v = vreinterpretq_u64_u8(vorrq_u8(shl, carries));
|
||||
+ BlockVec v = LOAD128(ip16);
|
||||
+ const uint8x16_t shl = vshlq_n_u8(vreinterpretq_u8_u64(v), 1);
|
||||
+ const uint8x16_t msb = vshrq_n_u8(vreinterpretq_u8_u64(v), 7);
|
||||
+ const uint8x16_t zero = vdupq_n_u8(0);
|
||||
+ const uint8x16_t carries = vextq_u8(msb, zero, 1);
|
||||
+ v = vreinterpretq_u64_u8(vorrq_u8(shl, carries));
|
||||
STORE128(ip16, v);
|
||||
}
|
||||
|
||||
--
|
||||
2.52.0
|
||||
|
||||
@@ -1,3 +1,36 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 9 12:40:53 UTC 2026 - Lucas Mulling <lucas.mulling@suse.com>
|
||||
|
||||
- Update to 1.0.21: [bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277]
|
||||
* The new crypto_ipcrypt_* functions implement mechanisms for securely
|
||||
encrypting and anonymizing IP addresses.
|
||||
* The sodium_bin2ip and sodium_ip2bin helper functions have been added to
|
||||
complement the crypto_ipcrypt_* functions and easily convert addresses
|
||||
between bytes and strings.
|
||||
* XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are
|
||||
* standard
|
||||
extendable output functions. From input of any length, they can derive
|
||||
output of any length with the same properties as hash functions. These
|
||||
primitives are required by many post-quantum mechanisms, but can also be
|
||||
used for a wide range of applications, including key derivation, session
|
||||
encryption and more.
|
||||
* Performance of AES256-GCM and AEGIS on ARM has been improved with some
|
||||
compilers
|
||||
* Security: optblockers have been introduced in critical code paths to prevent
|
||||
compilers from introducing unwanted side channels via conditional jumps. This
|
||||
was observed on RISC-V targets with specific compilers and options.
|
||||
* Security: crypto_core_ed25519_is_valid_point() now properly rejects
|
||||
small-order points that are not in the main subgroup
|
||||
* ((nonnull)) attributes have been relaxed on some crypto_stream* functions to
|
||||
allow NULL output buffers when the output length is zero
|
||||
* A cross-compilation issue with old clang versions has been fixed
|
||||
* crypto_aead_aes256gcm_is_available is exported to JavaScript
|
||||
* Security: memory fences have been added after MAC verification in AEAD to
|
||||
prevent speculative access to plaintext before authentication is complete
|
||||
* Assembly files now include .gnu.property notes for proper IBT and Shadow
|
||||
Stack support when building with CET instrumentation.
|
||||
- Add patch libsodium-Fix-compilation-with-GCC-on-aarch64.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 16 16:56:02 UTC 2024 - Lucas Mulling <lucas.mulling@suse.com>
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
%define sover 26
|
||||
%define lname %{name}%{sover}
|
||||
Name: libsodium
|
||||
Version: 1.0.20
|
||||
Version: 1.0.21
|
||||
Release: 0
|
||||
Summary: Portable NaCl-based crypto library
|
||||
License: ISC
|
||||
@@ -31,6 +31,7 @@ Source0: https://download.libsodium.org/libsodium/releases/%{name}-%{vers
|
||||
Source1: https://download.libsodium.org/libsodium/releases/%{name}-%{version}.tar.gz.sig
|
||||
Source2: %{name}.keyring
|
||||
Source99: baselibs.conf
|
||||
Patch0: libsodium-Fix-compilation-with-GCC-on-aarch64.patch
|
||||
BuildRequires: pkgconfig
|
||||
|
||||
%description
|
||||
|
||||
Reference in New Issue
Block a user