nettle-3.9.1-150600.3.2.1<>,cg '>p9| ]bOJꀖ'm k$Ȓz9$ j#.LI1%HSEt ((;@GZUxà;jY 49`1}e(gby8K^wQdRs" a.t6빷#b,>p>)(5U` ha>=wGLž#QuA>N*W=I#NACt>>Y?Yd   0 %OU\      X D\ ( +8 4!9 !: 7!FQGQ,HQdIQXQYQ\Q]R^RbScSdTHeTMfTPlTRuTdvTwXxXyX"zYYYYYCnettle3.9.1150600.3.2.1Cryptographic ToolsNettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. This package contains a few command-line tools to perform cryptographic operations using the nettle library.g '>s390zp32 SUSE Linux Enterprise 15SUSE LLC GPL-2.0-or-later AND LGPL-2.1-or-laterhttps://www.suse.com/Productivity/Securityhttps://www.lysator.liu.se/~nisse/nettle/linuxs390x8@8HH@h@V6 FNA큤A큤g '"g '"g '"g '"g '"g '>dx#dx#dx#dx#g '>dx#dx#dx#6498d3359dc74e552081c4755b3fadc9b54eff17b593df61f184971158d776fe4d81e69ecaaa1292f786cec05ef7c2c40f3518688eaedf8553c18858cfdc07c2fd8b7204f31248f787f8525a57e2cacb672ba5e9ca84f02a0078157e14394fefb0f7b0ecd4551a099c354149c69e9e7bea852c4fb757bf4286a8f7dfe3db2e77d0c6cee51e313867696352d8fe09b878b1edd4a135b7665ddbd18e353456e9b782f7d08cc22fa2460f4c17b5d7fab2fe4dd237eabc227a7ae9cd6ee8100eed5fff48e90c645123d110035ba6f973d165d95a977aea48d3569a1c3c5ce376fee7612e6580aad6ae3c8b590ee47b631f5d2eafc99e7c70b520ef3550e5127da50b02cb98d7b68bd895fe26752c5f10d7eb23623dff90238998e019c26994c6739ba853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643e6037104443f9a7829b2aa7c5370d0789a7bda3ca65a0b904cdc0c2e285d9195rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootlibnettle-3.9.1-150600.3.2.1.src.rpmnettlenettle(s390-64)@@@@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.38)(64bit)libc.so.6(GLIBC_2.4)(64bit)libgmp.so.10()(64bit)libhogweed.so.6()(64bit)libhogweed.so.6(HOGWEED_6)(64bit)libnettle.so.8()(64bit)libnettle.so.8(NETTLE_8)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3d@ddq@dbdxbz@bbaZ@`@`W5@`.V_@^]?]B@\,\ @\l@ZZr@Y@@YXYX=VIVUU<@U8U) U@TE@pmonreal@suse.compmonreal@suse.comandreas.stieger@gmx.deandreas.stieger@gmx.dempluskal@suse.comdmueller@suse.comdmueller@suse.comgmbr3@opensuse.orgpmonreal@suse.cominfo@paolostivanin.comandreas.stieger@gmx.deandreas.stieger@gmx.deandreas.stieger@gmx.deandreas.stieger@gmx.devcizek@suse.comandreas.stieger@gmx.devcizek@suse.comjengelh@inai.depmonrealgonzalez@suse.comfvogt@suse.comastieger@suse.comasn@cryptomilk.orgasn@cryptomilk.orgdimstar@opensuse.orgastieger@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comastieger@suse.comvpereira@suse.comastieger@suse.comtchvatal@suse.commpluskal@suse.com- Add the architecture specific READMEs as provided by upstream.- Include the nettle library manual in HTML and PDF formats in the devel package.- update to 3.9.1: [bsc#1212112, CVE-2023-36660] * Fix bug in the new OCB code may be exploitable for denial of service or worse due to memory corruption- update to 3.9 * rewrite of the C and plain x86_64 assembly implementations of GHASH to use precomputed tables in a different way, with tables always accessed in the same sequential manner. This should make Nettle's GHASH implementation side-channel silent on all platforms, but considerably slower on platforms without carry- less mul instructions. E.g., benchmarks of the C implementation on x86_64 showed a slowdown of 3 times. * Fix bug in ecdsa and gostdsa signature verify operation, for the unlikely corner case that point addition really is point duplication. * Fix for chacha on Power7, nettle's assembly used an instruction only available on later processors * Add support for the SM4 block cipher * Add support for the Balloon password hash * Add support for SIV-GCM authenticated encryption mode * Add support for OCB authenticated encryption mode. * New exported functions md5_compress, sha1_compress, sha256_compress, sha512_compress * multiple performance optimizations * Delete all arcfour assembly code. Affects 32-bit x86, 32-bit and 64-bit sparc- Build AVX2 enabled hwcaps library for x86_64-v3- update to 3.8.1: * Avoid non-posix m4 argument references in the chacha implementation for arm64, powerpc64 and s390x. Reported by Christian Weisgerber, fix contributed by Mamone Tarsha. * Use explicit .machine pseudo-ops where needed in s390x assembly files. Bug report by Andreas K. Huettel, fix contributed by Mamone Tarsha.- update to 3.8: This release includes a couple of new features, and many performance improvements. It adds assembly code for two more architectures: ARM64 and S390x. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.5 and libhogweed.so.6.5, with sonames libnettle.so.8 and libhogweed.so.6. New features: * AES keywrap (RFC 3394), contributed by Nicolas Mora. * SM3 hash function, contributed by Tianjia Zhang. * New functions cbc_aes128_encrypt, cbc_aes192_encrypt, cbc_aes256_encrypt. On processors where AES is fast enough, e.g., x86_64 with aesni instructions, the overhead of using Nettle's general cbc_encrypt can be significant. The new functions can be implemented in assembly, to do multiple blocks with reduced per-block overhead. Note that there's no corresponding new decrypt functions, since the general cbc_decrypt doesn't suffer from the same performance problem. Bug fixes: * Fix fat builds for x86_64 windows, these appear to never have worked. Optimizations: * New ARM64 implementation of AES, GCM, Chacha, SHA1 and SHA256, for processors supporting crypto extensions. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New s390x implementation of AES, GCM, Chacha, memxor, SHA1, SHA256, SHA512 and SHA3. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New PPC64 assembly for ecc modulo/redc operations, contributed by Amitay Isaacs, Martin Schwenke and Alastair D´Silva. * The x86_64 AES implementation using aesni instructions has been reorganized with one separate function per key size, each interleaving the processing of two blocks at a time (when the caller processes multiple blocks with each call). This gives a modest performance improvement on some processors. * Rewritten and faster x86_64 poly1305 assembly. - drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8)- Make shared libraries executable- Provide s390x CPACF/SHA/AES Support for Crypto Libraries * Add libnettle-s390x-CPACF-SHA-AES-support.patch [jsc#SLE-20733]- GNU Nettle 3.7.3: [CVE-2021-3580, bsc#1187060] * Fix crash for zero input to rsa_sec_decrypt and rsa_decrypt_tr. Potential denial of service vector. * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return failure for out of range inputs, instead of either crashing, or silently reducing input modulo n. Potential denial of service vector. * Ensure that rsa_decrypt returns failure for out of range inputs, instead of silently reducing input modulo n. * Ensure that rsa_sec_decrypt returns failure if the message size is too large for the given key. Unlike the other bugs, this would typically be triggered by invalid local configuration, rather than by processing untrusted remote data.- GNU Nettle 3.7.2: * fix a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results (CVE-2021-20305, boo#1184401) * fix a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger- GNU Nettle 3.7.1: * Fix bug in chacha counter update logic (ppc64 and ppc64el) * Restore support for big-endian ARM platforms * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 * Remove poorly performing ARM Neon code for doing single-block Salsa20 and Chacha- GNU Nettle 3.7: * add bcrypt password hashing * add optimizations: PowerPC64 assembly - remove deprecated texinfo packaing macros- GNU Nettle 3.6: * removal of internal and undocumented poly1305 functions * Support for Curve448 and ED448 signatures * Support for SHAKE256, SIV-CMAC, CMAC64, "CryptoPro" variant of the GOST hash (as gosthash94cp), GOST DSA signatures, including GOST curves gc256b and gc512a * Support for Intel CET in x86 and x86_64 assembly files, if enabled via CFLAGS (gcc --fcf-protection=full) * A few new functions to improve support for the Chacha variant with 96-bit nonce and 32-bit block counter (the existing functions use nonce and counter of 64-bit each), and functions to set the counter. * New interface, struct nettle_mac, for MAC (message authentication code) algorithms. This abstraction is only for MACs that don't require a per-message nonce. For HMAC, the key size is fixed, and equal the digest size of the underlying hash function * multiple bug fixes - drop nettle-respect-cflags.patch - silence packaging warning raised by HMAC files (bsc#1152692, jsc#SLE-9518)- Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)- update to 3.5.1: * correct upstream source packaging problems - new in 3.5: * gcm_crypt will now call the underlying block cipher to process more than one block at a time * Support for CFB8 (Cipher Feedback Mode, processing a single octet per block cipher operation) * Support for CMAC (RFC 4493) * Support for XTS mode * various improvements- Update to 3.4.1 release * Fix CVE-2018-16869 (bsc#1118086) All functions using RSA private keys are now side-channel silent, meaning that they try hard to avoid any branches or memory accesses depending on secret data. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. * Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. * New features: A new function rsa_sec_decrypt. * Bug fixes: - Fix bug in pkcs1-conv, missing break statements in the parsing of PEM input files. - Fix link error on the pss-mgf1-test test, affecting builds without public key support.- Adjust SRPM group.- libnettle 3.4.1rc1: [bsc#1118086, CVE-2018-16869] * pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around _pkcs1_sec_decrypt_variable. Improves side-channel silence of the only caller, rsa_decrypt. * rsa-sec-compute-root.c (sec_mul, sec_mod_mul, sec_powm): New local helper functions, with their own itch functions. (_rsa_sec_compute_root_itch, _rsa_sec_compute_root): Rewrote to use helpers, for clarity. * rsa-decrypt-tr.c (rsa_decrypt_tr): Use NETTLE_OCTET_SIZE_TO_LIMB_SIZE. * rsa-sec-compute-root.c (_rsa_sec_compute_root): Avoid calls to mpz_sizeinbase, since that potentially leaks most significant bits of private key parameters a and b. * rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use _rsa_sec_compute_root. * testsuite/rsa-sec-compute-root-test.c: Add more tests for new side-channel silent functions. * rsa-sign.c (rsa_private_key_prepare): Check that qn + cn >= pn, since that is required for one of the GMP calls in _rsa_sec_compute_root. * rsa-decrypt-tr.c: Switch to use side-channel silent functions. * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt_variable): New private function. Variable size version for backwards compatibility. * testsuite/rsa-sec-decrypt-test.c: Adds more tests. * rsa-sec-decrypt.c (rsa_sec_decrypt): New function. Fixed length side-channel silent version of rsa-decrypt. * testsuite/rsa-encrypt-test.c: add tests for the new fucntion. * testsuite/pkcs1-sec-decrypt-test.c: Adds tests for _pkcs1_sec_decrypt. * gmp-glue.c (mpn_get_base256): New function. * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): New private function. Fixed length side-channel silent version of pkcs1-decrypt. * cnd-memcpy.c (cnd_memcpy): New function. * testsuite/cnd-memcpy-test.c: New test case. * rsa-sign-tr.c (rsa_sec_compute_root_tr): New function that uses _rsa_sec_compute_root, as well as side-channel silent RSA blinding. (rsa_compute_root_tr) Rewritten as a wrapper around rsa_sec_compute_root_tr. (rsa_sec_blind, rsa_sec_unblind, sec_equal, rsa_sec_check_root) (cnd_mpn_zero): New helper functions. (rsa_sec_compute_root_tr) [NETTLE_USE_MINI_GMP]: Defined as a not side-channel silent wrapper around rsa_compute_root_tr, and the latter function left unchanged. * rsa-sec-compute-root.c (_rsa_sec_compute_root_itch) (_rsa_sec_compute_root): New file, new private functions. Side-channel silent version of rsa_compute_root. * rsa-internal.h: New header file with declarations. * gmp-glue.h (NETTLE_OCTET_SIZE_TO_LIMB_SIZE): New macro. * tools/pkcs1-conv.c (convert_file): Add missing break statements. * nettle-internal.c (des_set_key_wrapper, des3_set_key_wrapper) (blowfish128_set_key_wrapper): Wrapper functions, to avoid cast between incompatible function types (which gcc-8 warns about). Wrappers are expected to compile to a single jmp instruction. * des-compat.c (des_compat_des3_decrypt): Change length argument type to size_t.- Use %license (boo#1082318)- libnettle 3.4: * Fixed an improper use of GMP mpn_mul, breaking curve2559 and eddsa on certain platforms * Fixed memory leak when handling invalid signatures in ecdsa_verify. Fix contributed by Nikos Mavrogiannopoulos. * Reorganized the way certain data items are made available: Nettle header files now define the symbols nettle_hashes, nettle_ciphers, and nettle_aeads, as preprocessor macros invoking a corresponding accessor function. For backwards ABI compatibility, the symbols are still present in the compiled libraries, and with the same sizes as in nettle-3.3. * Support for RSA-PSS signatures * Support for the HKDF key derivation function, defined by RFC 5869 * Support for the Cipher Feedback Mode (CFB) * New accessor functions: nettle_get_hashes, nettle_get_ciphers, nettle_get_aeads, nettle_get_secp_192r1, nettle_get_secp_224r1, nettle_get_secp_256r1, nettle_get_secp_384r1, nettle_get_secp_521r1. Direct access to data items is deprecated going forward. * The base16 and base64 functions now use the type char * for ascii data, rather than uint8_t *. This eliminates the last pointer-signedness warnings when building Nettle * The contents of the header file nettle/version.h is now architecture independent, except in --enable-mini-gmp * Prevent data sizes from leaking into the ABI - Fixes previously carried as patches: * Fix compilation error with --enable-fat om ARM Drop nettle-3.3-fix-fat-arm.patch- Add patch to fix build of fat-arm: * nettle-3.3-fix-fat-arm.patch- Build nettle with AES-NI support (bsc#1056980)- Explicitly BuildRequire m4- libnettle 3.3: * Invalid private RSA keys, with an even modulo, are now rejected by rsa_private_key_prepare. (Earlier versions allowed such keys, even if results of using them were bogus). Nettle applications are required to call rsa_private_key_prepare and check the return value, before using any other RSA private key functions; failing to do so may result in crashes for invalid private keys. * Ignore bit 255 of the x coordinate of the input point to curve25519_mul, as required by RFC 7748. To differentiate at compile time, curve25519.h defines the constant NETTLE_CURVE25519_RFC7748. * RSA and DSA now use side-channel silent modular exponentiation, to defend against attacks on the private key from evil processes sharing the same processor cache. This attack scenario is of particular relevance when running an HTTPS server on a virtual machine, where you don't know who you share the cache hardware with. bsc#991464 CVE-2016-6489 * Fix sexp-conv crashes on invalid input * Fix out-of-bounds read in des_weak_p * Fix a couple of formally undefined shift operations * Fix compilation with c89 * New function memeql_sec, for side-channel silent comparison of two memory areas. * Building the public key support of nettle now requires GMP version 5.0 or later (unless --enable-mini-gmp is used).- Fix postun->preun on info packages regenerating- Version update to 3.2 release bnc#964849 CVE-2015-8805 bnc#964847 CVE-2015-8804 bnc#964845 CVE-2015-8803: * New functions for RSA private key operations, identified by the "_tr" suffix, with better resistance to side channel attacks and to hardware or software failures which could break the CRT optimization * SHA3 implementation is updated according to the FIPS 202 standard * New ARM Neon implementation of the chacha stream cipher * Should be compatible binary with 3.1 series - Add patch to fix build with cflags: * nettle-respect-cflags.patch- Remove off-by-one-test-suite.patch as it was fixed by upstream differently- nettle 3.1.1 Non-critical bugfix release, binary compatible to 3.1 * By accident, nettle-3.1 disabled the assembly code for the secp_224r1 and secp_521r1 elliptic curves on all x86_64 configurations, making signature operations on those curves 10%-30% slower. This code is now re-enabled. * The x86_64 assembly implementation of gcm hashing has been fixed to work with the Sun/Oracle assembler.added patch: off-by-one-test-suite.patch - Address Sanitizer, found a off-by-one error in the test suite (bnc#928328)- nettle 3.1 (libnettle6, libhogweed4) - bug fixes in 3.1: * Fixed a missing include of , which made the camellia implementation fail on all 64-bit non-x86 platforms. * Eliminate out-of-bounds reads in the C implementation of memxor (related to valgrind's --partial-loads-ok flag). [bso#926745) - interface changes in 3.1: * Declarations of many internal functions are moved from ecc.h to ecc-internal.h. - interface changes in 3.0: * contains developer relevant incompatible interface changes - Removed features: * nettle_next_prime, use GMP's mpz_nextprime * Deleted the RSAREF compatibility - New features in 3.1: * Support for curve25519 and for EdDSA25519 signatures. * Support for "fat builds" on x86_64 and arm (not enabled) * Support for building the hogweed library (public key support) using "mini-gmp" (not enabled) * The shared libraries are now built with versioned symbols. * Support for "URL-safe" base64 encoding and decoding - New features in 3.0: * new DSA, AES, Camellia interfaces * Support for Poly1305-AES MAC. * Support for the ChaCha stream cipher and EXPERIMENTAL support for the ChaCha-Poly1305 AEAD mode. * Support for EAX mode. * Support for CCM mode. * Additional variants of SHA512 with output size of 224 and 256 bits * New interface, struct nettle_aead, for mechanisms providing authenticated encryption with associated data (AEAD). * DSA: Support a wider range for the size of q and a wider range for the digest size. * New command line tool nettle-pbkdf2. - Optimizations in 3.1: * New x86_64 implementation of AES, using the "aesni" instructions - Optimizations in 3.0: * New x86_64 assembly for GCM and MD5. Modest speedups on the order of 10%-20%.- Add url to the spec- Revert back to 2.7s390zp32 1728653118 3.9.1-150600.3.2.13.9.1-150600.3.2.1nettle-hashnettle-lfib-streamnettle-pbkdf2pkcs1-convsexp-convnettleAUTHORSChangeLogNEWSREADMEnettleCOPYING.LESSERv3COPYINGv2COPYINGv3/usr/bin//usr/share/doc/packages//usr/share/doc/packages/nettle//usr/share/licenses//usr/share/licenses/nettle/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:35975/SUSE_SLE-15-SP6_Update/ecf44949a59febf283931371ee5544fa-libnettle.SUSE_SLE-15-SP6_Updatedrpmxz5s390x-suse-linuxELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=c308e44e272ce8c503f49af0d64a6fdee8e9a7f2, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=00ec420c44e4f4e5c02d7f9468753510a0df7c85, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=1e162374f1b6d45814df4832ca2eb6656e3b0a77, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=0ccda229b5bdcab2395a7bd9ed5a10d8fe1f4c22, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=c0d9cdedd895dfb42cec4281aeb06c3bc4b0a2f3, for GNU/Linux 3.2.0, strippeddirectoryUTF-8 Unicode textASCII text  R RRRRRR RRRRRR RRRRRRR RRRRRRRRR RRRRR29bS[CpGutf-89e9e00955931e6ad1214afcd20cf0577234088bf73114de68028426d8509cae6? 7zXZ !t/_]"k%n&b@5!;4Iv2yv4[}[AOxO,ŶN-oQ &+ON!&-}9*Fh/.f&ȳsay 3rwp,ǭW}ָ &y_B&-㌋jSx)7: \K$Iܿ I)]|$m~,6md}\ y:$ pu"h:P35TjpO/aOtk>q]G[HIO7p"/kҶ?x 7*;͎1SD}}95]]!a@p9u)Csr骐nOj[&[F5uYT~$&{u?`k@}H&W4,Jֻ0bb_Hj0qIP}:٨M֎&̚ui$1Ns}[X˗~5)dP ;~(5+=S^TE F  5dso`G И52'i>d\g.&00RP(ӯ}޾'>X#{[_>qe}UU`)pSM}8U$ 3̡j7: $ҩ*ZdqiAⷠĶILQ?Zŧّ=e@]9i!@0Ǝ~wxKՄK?e⥒=€n4䛨lB1~϶k`}w iN( q@#AxGa Z5`hGjBh[R,rWNCeِŠ/1U6t_$#݈1`we 'QM3& {tUaސ{wJ`/B1Ut#L#0sE(Uܬ9T ɢy 7tc, ޚk,|fҎ~s GUUO[ 1ECO\JOB5Awm{` qt7eKu%"ajqPD ?*&-  (0 YZ