Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package leancrypto for openSUSE:Factory checked in at 2025-10-30 17:08:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/leancrypto (Old) and /work/SRC/openSUSE:Factory/.leancrypto.new.1980 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "leancrypto" Thu Oct 30 17:08:58 2025 rev:6 rq:1314097 version:1.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/leancrypto/leancrypto.changes 2025-10-16 17:38:07.258832104 +0200 +++ /work/SRC/openSUSE:Factory/.leancrypto.new.1980/leancrypto.changes 2025-10-30 17:09:13.693142070 +0100 @@ -1,0 +2,40 @@ +Thu Oct 23 13:22:46 UTC 2025 - Lucas Mulling <[email protected]> + +- Update to 1.6.0: + * ASN.1: use stack for small generator for small use cases + * X.509: Updates required to support the shim boot loader + * X.509: add lc_gmtime to convert Epoch to time format + * ASN.1: added to Linux kernel (for 64 bit systems only) + * Added AES-GCM and AES-XTS + * Availability: remove assert() calls throughout the code - in case of a self + test error, disable the algorithm. Instead of using assert, apply a centrally + managed test manager that stores the test status. This implies that some + initalization APIs like lc_hash_init, lc_sym_init, lc_hmac_init are changed + such that they return an error code if self tests failed. Thus, the version + is now changed as this is considered to be an ABI change. Although this + sounds heavy, the test manager is relatively small and the runtime state + should be smaller than the old approach considering the old approach uses one + global 32 bit integer per self test to maintain the state. This is now + replaced with a set of 32 bit atomic integers that hold a 3-bit field for + each algorithm. This change also adds the API call of lc_rerun_one_selftest + which allows triggering the reruning of a self test for one given algorithm. + * FIPS: Rearchitect integrity test control value generator: The build process now + uses the host’s objcopy to extract the ELF sections of interest into a separate + file, use a build_machine compiled version of sha3-256sum to generate the + digest of it and reinsert it into the leancrypto-fips.so. This now allows + cross-compilation with FIPS integrity test support. There is no functional + change to leancrypto though. + * Significant reduction of compilation units by almost half by not having + global, but per-test compiled C files. + * Linux kernel: add /proc/leancrypto + * FIPS: Add negative testing support + * Add SHAKE-512 and XDRBG-512 support + * FIPS: Add FIPS indicator which implies that libleancrypto.so has the same + functionality as libleancrypto-fips.so with the exception that the latter + performs an integrity test. + * ARMv9: fix BTI for ML-DSA +- Remove patch: + * leancrypto-fix-aarch64-BTI.patch +- Don't strip debug symbols + +------------------------------------------------------------------- Old: ---- leancrypto-1.5.1.tar.xz leancrypto-1.5.1.tar.xz.asc leancrypto-fix-aarch64-BTI.patch New: ---- leancrypto-1.6.0.tar.xz leancrypto-1.6.0.tar.xz.asc ----------(Old B)---------- Old:- Remove patch: * leancrypto-fix-aarch64-BTI.patch - Don't strip debug symbols ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ leancrypto.spec ++++++ --- /var/tmp/diff_new_pack.fdfO35/_old 2025-10-30 17:09:14.893193071 +0100 +++ /var/tmp/diff_new_pack.fdfO35/_new 2025-10-30 17:09:14.897193242 +0100 @@ -29,24 +29,24 @@ %define pkgname leancrypto %define libname lib%{pkgname} Name: %{pkgname}%{psuffix} -Version: 1.5.1 -Release: 1.1 +Version: 1.6.0 +Release: 0 +%if %{with kmp} +Summary: leancrypto Kernel Module Package +%else Summary: Cryptographic library with stack-only support and PQC-safe algorithms +%endif License: BSD-3-Clause OR GPL-2.0-only URL: https://www.leancrypto.org Source0: https://www.leancrypto.org/%{pkgname}/releases/%{pkgname}-%{version}/%{pkgname}-%{version}.tar.xz Source1: https://www.leancrypto.org/%{pkgname}/releases/%{pkgname}-%{version}/%{pkgname}-%{version}.tar.xz.asc Source2: https://leancrypto.org/about/smuellerDD-2024.asc#/leancrypto.keyring Source3: baselibs.conf -# PATCH-FIX-UPSTREAM - https://github.com/smuellerDD/leancrypto/issues/38 -Patch1: leancrypto-fix-aarch64-BTI.patch BuildRequires: clang BuildRequires: meson %if %{with kmp} BuildRequires: %kernel_module_package_buildreqs - %kernel_module_package -n %{pkgname} - %endif %description @@ -55,7 +55,6 @@ to be used on stack as well as on heap. Accelerated algorithms are transparently enabled if possible. - %if %{without kmp} %package -n %{libname}1 Summary: Cryptographic library with stack-only support and PQC-safe algorithms @@ -114,19 +113,19 @@ enabled if possible. This subpackage holds the tools provided by the library, such as sha*sum. - %else - %package KMP -Summary: Cryptographic library with stack-only support and PQC-safe algorithms +Summary: leancrypto Kernel Module Package Group: System/Kernel %description KMP -Leancrypto provides a general-purpose cryptographic library with PQC-safe -algorithms. Further it only has POSIX dependencies, and allows all algorithms -to be used on stack as well as on heap. Accelerated algorithms are transparently -enabled if possible. +Leancrypto for the Linux Kernel. The leancrypto library is intended to provide +the identical services for user space as well as Linux kernel space. This shall +allow developers to only have one crypto provider which they need to maintain +and learn to develop with. +The user space and kernel space versions of leancrypto are fully independent of +each other. Neither requires the presence of the other for full operation. %endif %prep @@ -142,17 +141,17 @@ %endif %build -%meson -Dseedsource=esdm +%meson -Dseedsource=esdm -Dstrip=false # Only build the lib when we need it, if building the kernel module, just build # the kernel module. %if %{without kmp} %meson_build %else for flavor in %flavors_to_build; do - KERNELRELEASE=`make -s -C /%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor kernelrelease` + KERNELRELEASE=`make -j${RPM_BUILD_NCPUS} -s -C /%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor kernelrelease` rm -rf obj/$flavor cp -r source obj/$flavor - make -C $PWD/obj/$flavor/linux_kernel KERNELRELEASE=$KERNELRELEASE + make -j${RPM_BUILD_NCPUS} -C $PWD/obj/$flavor/linux_kernel KERNELRELEASE=$KERNELRELEASE done %endif @@ -206,5 +205,7 @@ %{_libexecdir}/%{name}/sha3-384sum %{_libexecdir}/%{name}/sha3-512sum %{_libexecdir}/%{name}/ascon256-sum +%{_bindir}/lc_pkcs7_generator +%{_bindir}/lc_x509_generator %endif ++++++ leancrypto-1.5.1.tar.xz -> leancrypto-1.6.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/leancrypto/leancrypto-1.5.1.tar.xz /work/SRC/openSUSE:Factory/.leancrypto.new.1980/leancrypto-1.6.0.tar.xz differ: char 26, line 1
