diff mbox series

[meta-oe,07/14] libsodium: upgrade 1.0.20 -> 1.0.21

Message ID 20260309100630.404637-7-andrej.kozemcak@siemens.com
State New
Headers show
Series [meta-oe,01/14] asio: upgrade 1.30.2 -> 1.36.0 | expand

Commit Message

Andrej Kozemcak March 9, 2026, 10:06 a.m. UTC 
License-Update: copyright years refreshed

Removed patch included in this release

Changelog:
  https://github.com/jedisct1/libsodium/releases/tag/1.0.21-RELEASE

Changes:

Version 1.0.21
- security fix for the crypto_core_ed25519_is_valid_point() function
- new crypto_ipcrypt_* functions
- sodium_bin2ip and sodium_ip2bin helper functions
- XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions

Version 1.0.20-stable
- XCFramework: cross-compilation is now forced on Apple Silicon to avoid Rosetta-related build issues
- The Fil-C compiler is supported out of the box
- The CompCert compiler is supported out of the box
- MSVC 2026 (Visual Studio 2026) is now supported
- Zig builds now support FreeBSD targets
- Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers
- Android binaries have been added to the NuGet package
- Windows ARM binaries have been added to the NuGet package
- The Android build script has been improved. The base SDK is now 27c, and the default platform is 21, supporting 16 KB page sizes.
- The library can now be compiled with Zig 0.15 and Zig 0.16
- Zig builds now generate position-independent static libraries by default on targets that support PIC
- arm64e builds have been added to the XCFramework packages
- XCFramework packages are now full builds instead of minimal builds
- MSVC builds have been enabled for ARM64
- iOS 32-bit (armv7/armv7s) support has been removed from the XCFramework build script
- Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options.
- Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup
- ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero
- A cross-compilation issue with old clang versions has been fixed
- JavaScript: support for Cloudflare Workers has been added
- JavaScript: WASM_BIGINT is forcibly disabled to retain compatibility with older runtimes
- A compilation issue with old toolchains on Solaris has been fixed
- crypto_aead_aes256gcm_is_available is exported to JavaScript
- libsodium is now compatible with Emscripten 4.x
- Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete
- Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation.

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
---
 .../libsodium/libsodium/CVE-2025-69277.patch  | 61 -------------------
 ...ibsodium_1.0.20.bb => libsodium_1.0.21.bb} |  5 +-
 2 files changed, 2 insertions(+), 64 deletions(-)
 delete mode 100644 meta-oe/recipes-crypto/libsodium/libsodium/CVE-2025-69277.patch
 rename meta-oe/recipes-crypto/libsodium/{libsodium_1.0.20.bb => libsodium_1.0.21.bb} (58%)
diff mbox series

Patch

diff --git a/meta-oe/recipes-crypto/libsodium/libsodium/CVE-2025-69277.patch b/meta-oe/recipes-crypto/libsodium/libsodium/CVE-2025-69277.patch
deleted file mode 100644
index a2ced62760..0000000000
--- a/meta-oe/recipes-crypto/libsodium/libsodium/CVE-2025-69277.patch
+++ /dev/null
@@ -1,61 +0,0 @@ 
-From ad3004ec8731730e93fcfbbc824e67eadc1c1bae Mon Sep 17 00:00:00 2001
-From: Frank Denis <github@pureftpd.org>
-Date: Mon, 29 Dec 2025 23:22:15 +0100
-Subject: [PATCH] core_ed25519_is_valid_point: check Y==Z in addition to X==0
-
-CVE: CVE-2025-69277
-Upstream-Status: Backport [https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c | 5 ++++-
- test/default/core_ed25519.c                             | 7 ++++++-
- 2 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
-index d3020132..4b824f6d 100644
---- a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
-+++ b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
-@@ -1141,10 +1141,13 @@ int
- ge25519_is_on_main_subgroup(const ge25519_p3 *p)
- {
-     ge25519_p3 pl;
-+    fe25519    t;
- 
-     ge25519_mul_l(&pl, p);
- 
--    return fe25519_iszero(pl.X);
-+    fe25519_sub(t, pl.Y, pl.Z);
-+
-+    return fe25519_iszero(pl.X) & fe25519_iszero(t);
- }
- 
- int
-diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c
-index bc457493..02f72bd6 100644
---- a/test/default/core_ed25519.c
-+++ b/test/default/core_ed25519.c
-@@ -13,6 +13,10 @@ static const unsigned char max_canonical_p[32] = {
-     0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
- };
-+static const unsigned char not_main_subgroup_p[32] = {
-+    0x95, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
-+    0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99
-+};
- static const unsigned char L_p1[32] = {
-     0xee, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
-@@ -133,11 +137,12 @@ main(void)
-     assert(crypto_core_ed25519_is_valid_point(p) == 0);
- 
-     p[0] = 9;
--    assert(crypto_core_ed25519_is_valid_point(p) == 1);
-+    assert(crypto_core_ed25519_is_valid_point(p) == 0);
- 
-     assert(crypto_core_ed25519_is_valid_point(max_canonical_p) == 1);
-     assert(crypto_core_ed25519_is_valid_point(non_canonical_invalid_p) == 0);
-     assert(crypto_core_ed25519_is_valid_point(non_canonical_p) == 0);
-+    assert(crypto_core_ed25519_is_valid_point(not_main_subgroup_p) == 0);
- 
-     memcpy(p2, p, crypto_core_ed25519_BYTES);
-     add_P(p2);
diff --git a/meta-oe/recipes-crypto/libsodium/libsodium_1.0.20.bb b/meta-oe/recipes-crypto/libsodium/libsodium_1.0.21.bb
similarity index 58%
rename from meta-oe/recipes-crypto/libsodium/libsodium_1.0.20.bb
rename to meta-oe/recipes-crypto/libsodium/libsodium_1.0.21.bb
index 972b8b8694..5616dbc55e 100644
--- a/meta-oe/recipes-crypto/libsodium/libsodium_1.0.20.bb
+++ b/meta-oe/recipes-crypto/libsodium/libsodium_1.0.21.bb
@@ -2,12 +2,11 @@  SUMMARY = "The Sodium crypto library"
 HOMEPAGE = "http://libsodium.org/"
 BUGTRACKER = "https://github.com/jedisct1/libsodium/issues"
 LICENSE = "ISC"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=c59be7bb29f8e431b5f2d690b6734185"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=4942a8ebbbc7f2212bd68a47df264a4f"
 
 SRC_URI = "https://download.libsodium.org/libsodium/releases/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "ebb65ef6ca439333c2bb41a0c1990587288da07f6c7fd07cb3a18cc18d30ce19"
+SRC_URI[sha256sum] = "9e4285c7a419e82dedb0be63a72eea357d6943bc3e28e6735bf600dd4883feaf"
 
-SRC_URI += "file://CVE-2025-69277.patch"
 
 inherit autotools