import nettle-3.9.1-1.el9

.gitignore

@@ -0,0 +1,2 @@
+SOURCES/gmp-6.2.1.tar.xz
+SOURCES/nettle-3.9.1-hobbled.tar.xz

.nettle.metadata

@@ -0,0 +1,2 @@
+0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz
+eda5b879d1574e895f511cfb8c9582ecb51aa7d5 SOURCES/nettle-3.9.1-hobbled.tar.xz

SOURCES/gmp-6.2.1-zeroize-allocator.patch

@@ -0,0 +1,53 @@
+diff -r e3123b88d012 memory.c
+--- a/memory.c	Tue Aug 16 22:02:45 2022 +0200
++++ b/memory.c	Fri Aug 19 06:25:37 2022 +0900
+@@ -29,7 +29,8 @@
+ see https://www.gnu.org/licenses/.  */
+ 
+ #include <stdio.h>
+-#include <stdlib.h> /* for malloc, realloc, free */
++#include <stdlib.h> /* for malloc, free */
++#include <string.h> /* for memcpy, explicit_bzero */
+ 
+ #include "gmp-impl.h"
+ 
+@@ -98,11 +99,28 @@
+   new_size += 2 * GMP_LIMB_BYTES;
+ #endif
+ 
+-  ret = realloc (oldptr, new_size);
+-  if (ret == 0)
++  if (new_size == 0)
++    {
++      explicit_bzero (oldptr, old_size);
++      free (oldptr);
++      return NULL;
++    }
++  else if (old_size == new_size)
++    return oldptr;
++  else
+     {
+-      fprintf (stderr, "GNU MP: Cannot reallocate memory (old_size=%lu new_size=%lu)\n", (long) old_size, (long) new_size);
+-      abort ();
++      /* We can't simply call realloc, as it may allocate memory from
++	 a different arena.  */
++      ret = malloc (new_size);
++      if (ret == NULL)
++	{
++	  fprintf (stderr, "GNU MP: Cannot reallocate memory (old_size=%lu new_size=%lu)\n", (long) old_size, (long) new_size);
++	  explicit_bzero(oldptr, old_size);
++	  abort();
++	}
++      memcpy (ret, oldptr, MIN(old_size, new_size));
++      explicit_bzero (oldptr, old_size);
++      free (oldptr);
+     }
+ 
+ #ifdef DEBUG
+@@ -141,5 +159,6 @@
+     blk_ptr = p - 1;
+   }
+ #endif
++  explicit_bzero (blk_ptr, blk_size);
+   free (blk_ptr);
+ }

SOURCES/nettle-3.8-zeroize-stack.patch

@@ -0,0 +1,334 @@
+From 24a4cb910a51f35dff89842e8cce27f88e8e78c3 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Wed, 24 Aug 2022 17:19:57 +0900
+Subject: [PATCH] Clear any intermediate data allocate on stack
+
+Signed-off-by: Daiki Ueno <dueno@redhat.com>
+---
+ cbc.c                 |  3 +++
+ cfb.c                 | 13 +++++++++++++
+ ctr.c                 |  4 ++++
+ ctr16.c               |  2 ++
+ ecc-random.c          |  3 +++
+ ecdsa-keygen.c        |  2 ++
+ ecdsa-sign.c          |  2 ++
+ ed25519-sha512-sign.c |  2 ++
+ ed448-shake256-sign.c |  2 ++
+ gostdsa-sign.c        |  2 ++
+ hmac.c                | 10 +++++++---
+ nettle-internal.h     |  5 +++++
+ pbkdf2.c              |  5 ++++-
+ pss-mgf1.c            |  5 ++++-
+ pss.c                 |  4 ++++
+ 15 files changed, 59 insertions(+), 5 deletions(-)
+
+diff --git a/cbc.c b/cbc.c
+index 76b6492d..b9da3aa0 100644
+--- a/cbc.c
++++ b/cbc.c
+@@ -128,6 +128,9 @@ cbc_decrypt(const void *ctx, nettle_cipher_func *f,
+ 	      length - block_size);
+       /* Writes first block. */
+       memxor3(dst, buffer, initial_iv, block_size);
++
++      TMP_CLEAR(buffer, buffer_size);
++      TMP_CLEAR(initial_iv, block_size);
+     }
+ }
+ 
+diff --git a/cfb.c b/cfb.c
+index b9da3159..b1b01b9e 100644
+--- a/cfb.c
++++ b/cfb.c
+@@ -83,6 +83,8 @@ cfb_encrypt(const void *ctx, nettle_cipher_func *f,
+       /* We do not care about updating IV here. This is the last call in
+        * message sequence and one has to set IV afterwards anyway */
+     }
++
++  TMP_CLEAR(buffer, block_size);
+ }
+ 
+ /* Don't allocate any more space than this on the stack */
+@@ -115,6 +117,8 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
+ 
+ 	  f(ctx, block_size, buffer, iv);
+ 	  memxor3(dst + length, src + length, buffer, left);
++
++	  TMP_CLEAR(buffer, block_size);
+ 	}
+     }
+   else
+@@ -160,6 +164,9 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
+ 	  f(ctx, block_size, buffer, iv);
+ 	  memxor(dst, buffer, left);
+ 	}
++
++      TMP_CLEAR(buffer, buffer_size);
++      TMP_CLEAR(initial_iv, block_size);
+     }
+ }
+ 
+@@ -196,6 +203,9 @@ cfb8_encrypt(const void *ctx, nettle_cipher_func *f,
+       pos ++;
+     }
+   memcpy(iv, buffer + pos, block_size);
++
++  TMP_CLEAR(buffer, block_size * 2);
++  TMP_CLEAR(outbuf, block_size);
+ }
+ 
+ void
+@@ -235,4 +245,7 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
+     }
+ 
+   memcpy(iv, buffer + i, block_size);
++
++  TMP_CLEAR(buffer, block_size * 2);
++  TMP_CLEAR(outbuf, block_size * 2);
+ }
+diff --git a/ctr.c b/ctr.c
+index 8c6b4626..217d1abb 100644
+--- a/ctr.c
++++ b/ctr.c
+@@ -137,6 +137,8 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
+ 	  f(ctx, block_size, block, ctr);
+ 	  INCREMENT(block_size, ctr);
+ 	  memxor3(dst + filled, src + filled, block, length - filled);
++
++	  TMP_CLEAR(block, block_size);
+ 	}
+     }
+   else
+@@ -173,5 +175,7 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
+ 	  INCREMENT(block_size, ctr);
+ 	  memxor(dst, buffer, length);
+ 	}
++
++      TMP_CLEAR(buffer, buffer_size);
+     }
+ }
+diff --git a/ctr16.c b/ctr16.c
+index d744d2a9..ec0abd72 100644
+--- a/ctr16.c
++++ b/ctr16.c
+@@ -102,5 +102,7 @@ _nettle_ctr_crypt16(const void *ctx, nettle_cipher_func *f,
+ 	done:
+ 	  memxor3 (dst + i, src + i, buffer->b, length - i);
+ 	}
++
++      TMP_CLEAR(buffer, MIN(blocks, CTR_BUFFER_LIMIT / 16));
+     }
+ }
+diff --git a/ecc-random.c b/ecc-random.c
+index a7b48d6a..676f5933 100644
+--- a/ecc-random.c
++++ b/ecc-random.c
+@@ -36,6 +36,7 @@
+ #endif
+ 
+ #include <assert.h>
++#include <string.h>
+ 
+ #include "ecc.h"
+ #include "ecc-internal.h"
+@@ -79,4 +80,6 @@ ecc_scalar_random (struct ecc_scalar *x,
+   TMP_ALLOC (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
+ 
+   ecc_mod_random (&x->ecc->q, x->p, random_ctx, random, scratch);
++
++  TMP_CLEAR (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
+ }
+diff --git a/ecdsa-keygen.c b/ecdsa-keygen.c
+index 870282b0..05dd827a 100644
+--- a/ecdsa-keygen.c
++++ b/ecdsa-keygen.c
+@@ -59,4 +59,6 @@ ecdsa_generate_keypair (struct ecc_point *pub,
+   ecc_mod_random (&ecc->q, key->p, random_ctx, random, p);
+   ecc->mul_g (ecc, p, key->p, p + 3*ecc->p.size);
+   ecc->h_to_a (ecc, 0, pub->p, p, p + 3*ecc->p.size);
++
++  TMP_CLEAR (p, itch);
+ }
+diff --git a/ecdsa-sign.c b/ecdsa-sign.c
+index e6fb3287..e6b960bf 100644
+--- a/ecdsa-sign.c
++++ b/ecdsa-sign.c
+@@ -68,4 +68,6 @@ ecdsa_sign (const struct ecc_scalar *key,
+       mpz_limbs_finish (signature->s, size);
+     }
+   while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
++
++  TMP_CLEAR (k, size + ECC_ECDSA_SIGN_ITCH (size));
+ }
+diff --git a/ed25519-sha512-sign.c b/ed25519-sha512-sign.c
+index 389a157e..52a46ea5 100644
+--- a/ed25519-sha512-sign.c
++++ b/ed25519-sha512-sign.c
+@@ -38,6 +38,7 @@
+ 
+ #include "ecc-internal.h"
+ #include "sha2.h"
++#include <string.h>
+ 
+ void
+ ed25519_sha512_sign (const uint8_t *pub,
+@@ -61,6 +62,7 @@ ed25519_sha512_sign (const uint8_t *pub,
+ 	       length, msg, signature, scratch_out);
+ 
+   gmp_free_limbs (scratch, itch);
++  explicit_bzero (digest, sizeof(digest));
+ #undef k1
+ #undef k2
+ #undef scratch_out
+diff --git a/ed448-shake256-sign.c b/ed448-shake256-sign.c
+index c524593d..01abf457 100644
+--- a/ed448-shake256-sign.c
++++ b/ed448-shake256-sign.c
+@@ -39,6 +39,7 @@
+ #include "ecc-internal.h"
+ #include "eddsa-internal.h"
+ #include "sha3.h"
++#include <string.h>
+ 
+ void
+ ed448_shake256_sign (const uint8_t *pub,
+@@ -63,6 +64,7 @@ ed448_shake256_sign (const uint8_t *pub,
+ 	       length, msg, signature, scratch_out);
+ 
+   gmp_free_limbs (scratch, itch);
++  explicit_bzero (digest, sizeof(digest));
+ #undef k1
+ #undef k2
+ #undef scratch_out
+diff --git a/gostdsa-sign.c b/gostdsa-sign.c
+index 892c0742..a7e0c21d 100644
+--- a/gostdsa-sign.c
++++ b/gostdsa-sign.c
+@@ -71,4 +71,6 @@ gostdsa_sign (const struct ecc_scalar *key,
+       mpz_limbs_finish (signature->s, size);
+     }
+   while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
++
++  TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
+ }
+diff --git a/hmac.c b/hmac.c
+index ea356970..6a55551b 100644
+--- a/hmac.c
++++ b/hmac.c
+@@ -53,6 +53,8 @@ hmac_set_key(void *outer, void *inner, void *state,
+ {
+   TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
+   TMP_ALLOC(pad, hash->block_size);
++  TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
++  TMP_ALLOC(digest, hash->digest_size);
+   
+   hash->init(outer);
+   hash->init(inner);
+@@ -62,9 +64,6 @@ hmac_set_key(void *outer, void *inner, void *state,
+       /* Reduce key to the algorithm's hash size. Use the area pointed
+        * to by state for the temporary state. */
+ 
+-      TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
+-      TMP_ALLOC(digest, hash->digest_size);
+-
+       hash->init(state);
+       hash->update(state, key_length, key);
+       hash->digest(state, hash->digest_size, digest);
+@@ -86,6 +85,9 @@ hmac_set_key(void *outer, void *inner, void *state,
+   hash->update(inner, hash->block_size, pad);
+ 
+   memcpy(state, inner, hash->context_size);
++
++  TMP_CLEAR(pad, hash->block_size);
++  TMP_CLEAR(digest, hash->digest_size);
+ }
+ 
+ void
+@@ -112,4 +114,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
+   hash->digest(state, length, dst);
+ 
+   memcpy(state, inner, hash->context_size);
++
++  TMP_CLEAR(digest, hash->digest_size);
+ }
+diff --git a/nettle-internal.h b/nettle-internal.h
+index c41f3ee0..62b89e11 100644
+--- a/nettle-internal.h
++++ b/nettle-internal.h
+@@ -76,6 +76,11 @@
+   do { assert((size_t)(size) <= (sizeof(name))); } while (0)
+ #endif 
+ 
++#include <string.h>		/* explicit_bzero */
++
++#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
++#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
++
+ /* Limits that apply to systems that don't have alloca */
+ #define NETTLE_MAX_HASH_BLOCK_SIZE 144  /* For sha3_224*/
+ #define NETTLE_MAX_HASH_DIGEST_SIZE 64
+diff --git a/pbkdf2.c b/pbkdf2.c
+index 291d138a..a8ecba5b 100644
+--- a/pbkdf2.c
++++ b/pbkdf2.c
+@@ -92,8 +92,11 @@ pbkdf2 (void *mac_ctx,
+       if (length <= digest_size)
+ 	{
+ 	  memcpy (dst, T, length);
+-	  return;
++	  break;
+ 	}
+       memcpy (dst, T, digest_size);
+     }
++
++  TMP_CLEAR (U, digest_size);
++  TMP_CLEAR (T, digest_size);
+ }
+diff --git a/pss-mgf1.c b/pss-mgf1.c
+index 3f5e204b..3644c642 100644
+--- a/pss-mgf1.c
++++ b/pss-mgf1.c
+@@ -66,8 +66,11 @@ pss_mgf1(const void *seed, const struct nettle_hash *hash,
+       if (length <= hash->digest_size)
+ 	{
+ 	  hash->digest(state, length, mask);
+-	  return;
++	  break;
+ 	}
+       hash->digest(state, hash->digest_size, mask);
+     }
++
++  TMP_CLEAR(h, hash->digest_size);
++  TMP_CLEAR_ALIGN(state, hash->context_size);
+ }
+diff --git a/pss.c b/pss.c
+index d28e7b13..8106ebf2 100644
+--- a/pss.c
++++ b/pss.c
+@@ -77,6 +77,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
+   if (key_size < hash->digest_size + salt_length + 2)
+     {
+       TMP_GMP_FREE(em);
++      TMP_CLEAR_ALIGN(state, hash->context_size);
+       return 0;
+     }
+ 
+@@ -111,6 +112,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
+ 
+   nettle_mpz_set_str_256_u(m, key_size, em);
+   TMP_GMP_FREE(em);
++  TMP_CLEAR_ALIGN(state, hash->context_size);
+   return 1;
+ }
+ 
+@@ -194,5 +196,7 @@ pss_verify_mgf1(const mpz_t m, size_t bits,
+   ret = 1;
+  cleanup:
+   TMP_GMP_FREE(em);
++  TMP_CLEAR(h2, hash->digest_size);
++  TMP_CLEAR_ALIGN(state, hash->context_size);
+   return ret;
+ }
+-- 
+2.41.0
+

SPECS/nettle.spec

@@ -0,0 +1,415 @@
+# Recent so-version, so we do not bump accidentally.
+%global nettle_so_ver 8
+%global hogweed_so_ver 6
+
+# Set to 1 when building a bootstrap for a bumped so-name.
+%global bootstrap 0
+
+%if 0%{?bootstrap}
+%global version_old 3.5.1
+%global nettle_so_ver_old 7
+%global hogweed_so_ver_old 5
+%endif
+
+%bcond_without fips
+
+Name:           nettle
+Version:        3.9.1
+Release:        1%{?dist}
+Summary:        A low-level cryptographic library
+
+License:        LGPLv3+ or GPLv2+
+URL:            http://www.lysator.liu.se/~nisse/nettle/
+Source0:	%{name}-%{version}-hobbled.tar.xz
+#Source0:        http://www.lysator.liu.se/~nisse/archive/%%{name}-%%{version}.tar.gz
+%if 0%{?bootstrap}
+Source1:	%{name}-%{version_old}-hobbled.tar.xz
+Source2:	nettle-3.5-remove-ecc-testsuite.patch
+%endif
+Patch:		nettle-3.8-zeroize-stack.patch
+
+Source100:	gmp-6.2.1.tar.xz
+# Taken from the main gmp package
+Source101:	gmp-6.2.1-intel-cet.patch
+Source102:	gmp-6.2.1-zeroize-allocator.patch
+
+BuildRequires: make
+BuildRequires:  gcc
+%if !%{with fips}
+BuildRequires:  gmp-devel
+%endif
+BuildRequires:  m4
+BuildRequires:	libtool, automake, autoconf, gettext-devel
+%if %{with fips}
+BuildRequires:  fipscheck
+%endif
+
+%package devel
+Summary:        Development headers for a low-level cryptographic library
+Requires:       %{name} = %{version}-%{release}
+Requires:       gmp-devel%{?_isa}
+
+%description
+Nettle is a cryptographic library that is designed to fit easily in more
+or less any context: In crypto toolkits for object-oriented languages
+(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
+kernel space.
+
+%description devel
+Nettle is a cryptographic library that is designed to fit easily in more
+or less any context: In crypto toolkits for object-oriented languages
+(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
+kernel space.  This package contains the files needed for developing 
+applications with nettle.
+
+
+%prep
+%autosetup -Tb 0 -p1
+
+%if %{with fips}
+mkdir -p bundled_gmp
+pushd bundled_gmp
+tar --strip-components=1 -xf %{SOURCE100}
+patch -p1 < %{SOURCE101}
+patch -p1 < %{SOURCE102}
+popd
+
+# Prevent -lgmp appearing in the compiler command line in dependent components
+sed -i '/^Libs.private:/d' hogweed.pc.in
+%endif
+
+%if 0%{?bootstrap}
+mkdir -p bootstrap_ver
+pushd bootstrap_ver
+tar --strip-components=1 -xf %{SOURCE1}
+patch -p1 < %{SOURCE2}
+
+# Disable -ggdb3 which makes debugedit unhappy
+sed s/ggdb3/g/ -i configure
+popd
+%endif
+
+# Disable -ggdb3 which makes debugedit unhappy
+sed s/ggdb3/g/ -i configure
+
+%build
+%if %{with fips}
+pushd bundled_gmp
+autoreconf -ifv
+%configure --disable-cxx --disable-shared --enable-fat --with-pic
+%make_build
+popd
+%endif
+
+autoreconf -ifv
+
+export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
+
+%configure --enable-shared --enable-fat \
+%if %{with fips}
+--with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
+%endif
+%{nil}
+
+unset ASM_FLAGS
+
+%make_build
+
+%if 0%{?bootstrap}
+pushd bootstrap_ver
+autoconf
+%configure --with-tests
+%make_build
+popd
+%endif
+
+%if %{with fips}
+%define fipshmac() \
+	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/%1.* \
+	file=`basename $RPM_BUILD_ROOT%{_libdir}/%1.*.hmac` && \
+	mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && \
+	ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.%1.hmac
+
+%if 0%{?bootstrap}
+%define bootstrap_fips 1
+%endif
+
+%define __spec_install_post \
+	%{?__debug_package:%{__debug_install_post}} \
+	%{__arch_install_post} \
+	%{__os_install_post} \
+	%fipshmac libnettle.so.%{nettle_so_ver} \
+	%fipshmac libhogweed.so.%{hogweed_so_ver} \
+	%{?bootstrap_fips:%fipshmac libnettle.so.%{nettle_so_ver_old}} \
+	%{?bootstrap_fips:%fipshmac libhogweed.so.%{hogweed_so_ver_old}} \
+%{nil}
+%endif
+
+
+%install
+%if 0%{?bootstrap}
+make -C bootstrap_ver install-shared-nettle DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
+make -C bootstrap_ver install-shared-hogweed DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
+
+chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.%{nettle_so_ver_old}.*
+chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.*
+%endif
+
+%make_install
+make install-shared DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
+mkdir -p $RPM_BUILD_ROOT%{_infodir}
+install -p -m 644 nettle.info $RPM_BUILD_ROOT%{_infodir}/
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
+rm -f $RPM_BUILD_ROOT%{_infodir}/dir
+rm -f $RPM_BUILD_ROOT%{_bindir}/nettle-lfib-stream
+rm -f $RPM_BUILD_ROOT%{_bindir}/pkcs1-conv
+rm -f $RPM_BUILD_ROOT%{_bindir}/sexp-conv
+rm -f $RPM_BUILD_ROOT%{_bindir}/nettle-hash
+rm -f $RPM_BUILD_ROOT%{_bindir}/nettle-pbkdf2
+
+chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.%{nettle_so_ver}.*
+chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.%{hogweed_so_ver}.*
+
+%check
+make check
+
+%files
+%doc AUTHORS NEWS README
+%license COPYINGv2 COPYING.LESSERv3
+%{_infodir}/nettle.info.*
+%{_libdir}/libnettle.so.%{nettle_so_ver}
+%{_libdir}/libnettle.so.%{nettle_so_ver}.*
+%{_libdir}/libhogweed.so.%{hogweed_so_ver}
+%{_libdir}/libhogweed.so.%{hogweed_so_ver}.*
+%if 0%{?bootstrap}
+%{_libdir}/libnettle.so.%{nettle_so_ver_old}
+%{_libdir}/libnettle.so.%{nettle_so_ver_old}.*
+%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}
+%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.*
+%endif
+%if %{with fips}
+%{_libdir}/.libhogweed.so.*.hmac
+%{_libdir}/.libnettle.so.*.hmac
+%endif
+
+%files devel
+%doc descore.README nettle.html nettle.pdf
+%{_includedir}/nettle
+%{_libdir}/libnettle.so
+%{_libdir}/libhogweed.so
+%{_libdir}/pkgconfig/hogweed.pc
+%{_libdir}/pkgconfig/nettle.pc
+
+%ldconfig_scriptlets
+
+
+%changelog
+* Thu Mar 28 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.9.1-1
+- Rebuilt for MSVSphere 9.4 beta
+
+* Wed Nov  1 2023 Daiki Ueno <dueno@redhat.com> - 3.9.1-1
+- Update to nettle 3.9.1 (RHEL-14890)
+
+* Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.8-3
+- Rebuild in new side-tag
+
+* Thu Aug 18 2022 Daiki Ueno <dueno@redhat.com> - 3.8-2
+- Bundle GMP to privatize memory functions
+- Zeroize stack allocated intermediate data
+
+* Tue Jun 28 2022 Daiki Ueno <dueno@redhat.com> - 3.8-1
+- Update to nettle 3.8 (#1992457)
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.3-2
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Wed Jul 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.3-1
+- Update to nettle 3.7.3 (#1986712)
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.2-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Sun Mar 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-1
+- Update to nettle 3.7.2
+- Merge nettle-3.6-remove-ecc-testsuite.patch to hobble-nettle script
+
+* Tue Mar  9 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-1
+- Update to nettle 3.7.1
+
+* Wed Feb 10 2021 Daiki Ueno <dueno@redhat.com> - 3.7-3
+- Port a fix for chacha counter issue on ppc64le
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jan 11 2021 Daiki Ueno <dueno@redhat.com> - 3.7-1
+- Update to nettle 3.7
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.6-2
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Mon May  4 2020 Daiki Ueno <dueno@redhat.com> - 3.6-1
+- Update to nettle 3.6
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 31 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.1-4
+- New upstream release
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jul 16 2019 Daiki Ueno <dueno@redhat.com> - 3.5.1-2
+- Rebuild with bootstrap enabled
+
+* Mon Jul 15 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.1-1
+- New upstream release
+
+* Wed Apr 24 2019 Björn Esser <besser82@fedoraproject.org> - 3.4.1rc1-3
+- Remove hardcoded gzip suffix from GNU info pages
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.1rc1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Nov 30 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.4.1rc1-1
+- New upstream release; provides API for constant memory access RSA operations
+
+* Tue Oct 16 2018 Tomáš Mráz <tmraz@redhat.com> - 3.4-7
+- Generate the .hmac checksums unless --without fips is used
+
+* Tue Oct 16 2018 Tomáš Mráz <tmraz@redhat.com> - 3.4-6
+- Cover the gaps in annotation coverage for assembler sources
+
+* Fri Aug 31 2018 Leigh Scott <leigh123linux@googlemail.com> - 3.4-5
+- update libary versions used for fips
+
+* Sat Jul 28 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 3.4-4
+- Replace obsolete scriptlets
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Nov 20 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.4-1
+- New upstream release
+
+* Wed Aug 09 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.3-5
+- Removed executables from the library to allow parallel installation
+  of x86-64 and x86 packages. The executables had testing purpose, and
+  may be re-introduced in a separate package if needed.
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Jul 19 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.3-1
+- New upstream release
+- Allow arm neon instructions (they are enabled via fat builds)
+
+* Tue Jul 19 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.2-3
+- Backported a fix for more cache silence on RSA and DSA.
+
+* Thu Feb 18 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.2-2
+- Enabled fat builds by default
+
+* Wed Feb  3 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.2-1
+- updated to 3.2 (#1301310)
+- Fixed CVE-2015-8803 secp256r1 calculation bug (#1304305)
+
+* Wed Dec  9 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.1-6
+- Made version.h architecture independent (#1289938)
+
+* Wed Dec  2 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.1-5
+- Disabled arm-neon unconditionally (#1287298)
+
+* Thu Oct 22 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.1-4
+- Fixed SHA3 implementation to conform to published version (#1252935)
+
+* Sun Aug  2 2015 Peter Robinson <pbrobinson@fedoraproject.org> 3.1.1-3
+- No need to ship license in devel too
+- Drop ChangeLog as details are in NEWS
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Thu Apr 30 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.1-1
+- Updated to nettle 3.1.1
+
+* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.7.1-6
+- Rebuilt for Fedora 23 Change
+  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Fri Jan 10 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-3
+- Corrected bug number in previous comment.
+
+* Fri Dec 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-2
+- Added patch nettle-tmpalloc.patch to solve #1051455
+
+* Mon Nov 25 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-1
+- Updated to nettle 2.7.1
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Feb  6 2013 Tomáš Mráz <tmraz@redhat.com> - 2.6-2
+- nettle includes use gmp.h
+
+* Tue Feb  5 2013 Tomáš Mráz <tmraz@redhat.com> - 2.6-1
+- New upstream release
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jul 05 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-3
+- Remove explicit buildroot handling and defattr.
+
+* Wed Jul 04 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-2
+- Review feedback
+
+* Mon Jun 18 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-1
+- Revive package (GnuTLS needs it), disable static, update to current release 2.4
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Thu Apr 10 2008 Ian Weller <ianweller@gmail.com> 1.15-5
+- Moved static lib to -static
+
+* Mon Mar 24 2008 Ian Weller <ianweller@gmail.com> 1.15-4
+- Added libraries and ldconfig
+
+* Mon Feb 18 2008 Ian Weller <ianweller@gmail.com> 1.15-3
+- Added provides -static to -devel
+
+* Sun Feb 17 2008 Ian Weller <ianweller@gmail.com> 1.15-2
+- Removed redundant requires
+- Removed redundant documentation between packages
+- Fixed license tag
+- Fixed -devel description
+- Added the static library back to -devel
+- Added make clean
+
+* Fri Feb 08 2008 Ian Weller <ianweller@gmail.com> 1.15-1
+- First package build.