Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsodium for openSUSE:Factory checked in at 2026-01-09 17:02:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsodium (Old) and /work/SRC/openSUSE:Factory/.libsodium.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsodium" Fri Jan 9 17:02:49 2026 rev:29 rq:1325971 version:1.0.21 Changes: -------- --- /work/SRC/openSUSE:Factory/libsodium/libsodium.changes 2024-05-28 17:28:03.326334070 +0200 +++ /work/SRC/openSUSE:Factory/.libsodium.new.1928/libsodium.changes 2026-01-09 17:03:00.878749812 +0100 @@ -1,0 +2,33 @@ +Thu Jan 8 13:04:50 UTC 2026 - Lucas Mulling <[email protected]> + +- Update to 1.0.21: + * The new crypto_ipcrypt_* functions implement mechanisms for securely + encrypting and anonymizing IP addresses. + * The sodium_bin2ip and sodium_ip2bin helper functions have been added to + complement the crypto_ipcrypt_* functions and easily convert addresses + between bytes and strings. + * XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are + * standard + extendable output functions. From input of any length, they can derive + output of any length with the same properties as hash functions. These + primitives are required by many post-quantum mechanisms, but can also be + used for a wide range of applications, including key derivation, session + encryption and more. + * Performance of AES256-GCM and AEGIS on ARM has been improved with some + compilers + * Security: optblockers have been introduced in critical code paths to prevent + compilers from introducing unwanted side channels via conditional jumps. This + was observed on RISC-V targets with specific compilers and options. + * Security: crypto_core_ed25519_is_valid_point() now properly rejects + small-order points that are not in the main subgroup [bsc#1256070, CVE-2025-15444] + * ((nonnull)) attributes have been relaxed on some crypto_stream* functions to + allow NULL output buffers when the output length is zero + * A cross-compilation issue with old clang versions has been fixed + * crypto_aead_aes256gcm_is_available is exported to JavaScript + * Security: memory fences have been added after MAC verification in AEAD to + prevent speculative access to plaintext before authentication is complete + * Assembly files now include .gnu.property notes for proper IBT and Shadow + Stack support when building with CET instrumentation. +- Add patch libsodium-Fix-compilation-with-GCC-on-aarch64.patch + +------------------------------------------------------------------- Old: ---- libsodium-1.0.20.tar.gz libsodium-1.0.20.tar.gz.sig New: ---- libsodium-1.0.21.tar.gz libsodium-1.0.21.tar.gz.sig libsodium-Fix-compilation-with-GCC-on-aarch64.patch ----------(New B)---------- New: Stack support when building with CET instrumentation. - Add patch libsodium-Fix-compilation-with-GCC-on-aarch64.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsodium.spec ++++++ --- /var/tmp/diff_new_pack.rD2it9/_old 2026-01-09 17:03:01.830790115 +0100 +++ /var/tmp/diff_new_pack.rD2it9/_new 2026-01-09 17:03:01.834790284 +0100 @@ -1,7 +1,7 @@ # # spec file for package libsodium # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2024 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -20,7 +20,7 @@ %define sover 26 %define lname %{name}%{sover} Name: libsodium -Version: 1.0.20 +Version: 1.0.21 Release: 0 Summary: Portable NaCl-based crypto library License: ISC @@ -30,6 +30,7 @@ Source1: https://download.libsodium.org/libsodium/releases/%{name}-%{version}.tar.gz.sig Source2: %{name}.keyring Source99: baselibs.conf +Patch0: libsodium-Fix-compilation-with-GCC-on-aarch64.patch BuildRequires: pkgconfig %description ++++++ libsodium-1.0.20.tar.gz -> libsodium-1.0.21.tar.gz ++++++ ++++ 32164 lines of diff (skipped) ++++++ libsodium-Fix-compilation-with-GCC-on-aarch64.patch ++++++ >From 6702f69bef6044163acc7715e6ac7e430890ce78 Mon Sep 17 00:00:00 2001 From: Frank Denis <[email protected]> Date: Wed, 7 Jan 2026 12:00:49 +0100 Subject: [PATCH] Fix compilation with GCC on aarch64 Use unsigned NEON intrinsics everywhere Fixes #1502 Signed-off-by: Lucas Mulling <[email protected]> --- src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c index c5a27e92..bad4ce38 100644 --- a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c +++ b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c @@ -37,7 +37,7 @@ typedef uint64x2_t BlockVec; # define XOR128_3(a, b, c) veorq_u64(veorq_u64((a), (b)), (c)) # define SET64x2(a, b) vsetq_lane_u64((uint64_t) (a), vmovq_n_u64((uint64_t) (b)), 1) # define BYTESHL128(a, b) \ - vreinterpretq_u64_u8(vextq_s8(vdupq_n_s8(0), vreinterpretq_s8_u64(a), 16 - (b))) + vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(a), 16 - (b))) # define AES_XENCRYPT(block_vec, rkey) \ vreinterpretq_u64_u8( \ @@ -348,12 +348,12 @@ pfx_set_bit(uint8_t ip16[16], const unsigned int bit_index, const uint8_t bit_va static void pfx_shift_left(uint8_t ip16[16]) { - BlockVec v = LOAD128(ip16); - const BlockVec shl = vshlq_n_u8(vreinterpretq_u8_u64(v), 1); - const BlockVec msb = vshrq_n_u8(vreinterpretq_u8_u64(v), 7); - const BlockVec zero = vdupq_n_u8(0); - const BlockVec carries = vextq_u8(vreinterpretq_u8_u64(msb), zero, 1); - v = vreinterpretq_u64_u8(vorrq_u8(shl, carries)); + BlockVec v = LOAD128(ip16); + const uint8x16_t shl = vshlq_n_u8(vreinterpretq_u8_u64(v), 1); + const uint8x16_t msb = vshrq_n_u8(vreinterpretq_u8_u64(v), 7); + const uint8x16_t zero = vdupq_n_u8(0); + const uint8x16_t carries = vextq_u8(msb, zero, 1); + v = vreinterpretq_u64_u8(vorrq_u8(shl, carries)); STORE128(ip16, v); } -- 2.52.0
