<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-crypto/libsodium, branch master-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-04-14T15:59:32+00:00</updated>
<entry>
<title>libsodium: upgrade 1.0.21 -&gt; 1.0.22</title>
<updated>2026-04-14T15:59:32+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2026-04-14T10:38:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e5546d6d09eeb1bfa76437e9d26d1864db18f489'/>
<id>urn:sha1:e5546d6d09eeb1bfa76437e9d26d1864db18f489</id>
<content type='text'>
0001-Fix-compilation-with-GCC-on-aarch64.patch
removed since it's included in 1.0.22

Changelog:
============
- Post-quantum key encapsulation is now available. ML-KEM768, the
  NIST-standardized lattice-based KEM, is accessible through the
  'crypto_kem_mlkem768_*()' functions.
- X-Wing, a hybrid KEM combining ML-KEM768 with X25519 for protection
  against both classical and quantum adversaries, is available through the
  'crypto_kem_*()' functions. X-Wing is the recommended KEM for most
  applications.
- SHA-3 hash functions are now available as 'crypto_hash_sha3256_*()'
  and 'crypto_hash_sha3512_*()', with both one-shot and streaming APIs.
- Performance: NEON optimizations for Argon2 on ARM platforms.
- Performance: SHA3 (Keccak1600) now leverages ARM SHA3 instructions when
  available on ARM platforms.
- Performance: WebAssembly SIMD implementations of Argon2 have been added.
- Emscripten: LTO is now disabled. With Emscripten 4, LTO produced
  WebAssembly modules with functions that ran significantly slower than
  without it.
- Emscripten: a new option allows compilation with SIMD support.
- Emscripten: native ESM module generation is now supported.
- JavaScript sumo builds now allow up to 80 MiB memory usage, so that
  'crypto_pwhash' with the interactive settings can be used in pure
  JavaScript, not just WebAssembly.
- XOF state alignment has been relaxed.
- 'crypto_core_keccak1600_state' has been added.
- Export missing 'crypto_ipcrypt_nd_keygen()' helper function.
- 'crypto_auth_hmacsha256_init' and 'crypto_auth_hmacsha512_init' now
  accept NULL key pointers (with a zero key length), for consistency with
  other '_init' functions.
- apple-xcframework: headers are now in a Clibsodium subdirectory
  to prevent module.modulemap collisions with other xcframeworks.
- Fixed compilation with GCC on aarch64 and gcc 4.x.
- On aarch64, aes256-gcm is now enabled even when not using clang,
  including MSVC.
- Added compatibility with Visual Studio 2026 when toolsets do not
  define PlatformToolsetVersion.
- Libsodium can be directly used as a dependency in a Zig project.
- Performance of MSVC builds has been improved.

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>libsodium: mark CVE-2025-69277 patched</title>
<updated>2026-03-18T21:33:31+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-03-17T17:23:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=1cad6f53a40db5268ad0054b0526367b11a00bdf'/>
<id>urn:sha1:1cad6f53a40db5268ad0054b0526367b11a00bdf</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69277

The vulnerability has been fixed[1] since version 1.0.20, but NVD
tracks it without version info. Mark it patched explicitly.

[1]: https://github.com/jedisct1/libsodium/commit/f2da4cd8cb26599a0285a6ab0c02948e361a674a

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsodium: upgrade 1.0.20 -&gt; 1.0.21</title>
<updated>2026-03-18T21:33:28+00:00</updated>
<author>
<name>Andrej Kozemcak</name>
<email>andrej.kozemcak@siemens.com</email>
</author>
<published>2026-03-16T13:51:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=04ef8fb242afed697f0740925247a3fe5b41381e'/>
<id>urn:sha1:04ef8fb242afed697f0740925247a3fe5b41381e</id>
<content type='text'>
License-Update: copyright years refreshed

Removed patch included in this release

Add path to fix compilation with gcc on aarch64

Changelog:
  https://github.com/jedisct1/libsodium/releases/tag/1.0.21-RELEASE

Changes:

Version 1.0.21
- security fix for the crypto_core_ed25519_is_valid_point() function
- new crypto_ipcrypt_* functions
- sodium_bin2ip and sodium_ip2bin helper functions
- XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions

Version 1.0.20-stable
- XCFramework: cross-compilation is now forced on Apple Silicon to avoid Rosetta-related build issues
- The Fil-C compiler is supported out of the box
- The CompCert compiler is supported out of the box
- MSVC 2026 (Visual Studio 2026) is now supported
- Zig builds now support FreeBSD targets
- Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers
- Android binaries have been added to the NuGet package
- Windows ARM binaries have been added to the NuGet package
- The Android build script has been improved. The base SDK is now 27c, and the default platform is 21, supporting 16 KB page sizes.
- The library can now be compiled with Zig 0.15 and Zig 0.16
- Zig builds now generate position-independent static libraries by default on targets that support PIC
- arm64e builds have been added to the XCFramework packages
- XCFramework packages are now full builds instead of minimal builds
- MSVC builds have been enabled for ARM64
- iOS 32-bit (armv7/armv7s) support has been removed from the XCFramework build script
- Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options.
- Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup
- ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero
- A cross-compilation issue with old clang versions has been fixed
- JavaScript: support for Cloudflare Workers has been added
- JavaScript: WASM_BIGINT is forcibly disabled to retain compatibility with older runtimes
- A compilation issue with old toolchains on Solaris has been fixed
- crypto_aead_aes256gcm_is_available is exported to JavaScript
- libsodium is now compatible with Emscripten 4.x
- Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete
- Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation.

Signed-off-by: Andrej Kozemcak &lt;andrej.kozemcak@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsodium: patch CVE-2025-69277</title>
<updated>2026-01-12T18:25:55+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-01-10T19:58:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=264d8acc9232f68eb28703d5110b1b6ce6a3fb48'/>
<id>urn:sha1:264d8acc9232f68eb28703d5110b1b6ce6a3fb48</id>
<content type='text'>
Pick patch per [1].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-69277

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsodium: upgrade 1.0.19 -&gt; 1.0.20</title>
<updated>2024-06-07T16:11:58+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2024-06-06T09:06:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=2d78fc20107936dfb72091fc55d903b511e31ff3'/>
<id>urn:sha1:2d78fc20107936dfb72091fc55d903b511e31ff3</id>
<content type='text'>
License-Update: Copyright year updated to 2024.

0001-fix-aarch64-Move-target-pragma-after-arm_neon.h-incl.patch
removed since it's included in 1.0.20

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsodium: Fix build with clang on aarch64</title>
<updated>2023-11-06T16:49:52+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2023-11-06T05:14:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=fe8ee3c8d608ecd6973b8f624836ebf49c1a9d80'/>
<id>urn:sha1:fe8ee3c8d608ecd6973b8f624836ebf49c1a9d80</id>
<content type='text'>
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsodium: upgrade 1.0.18 -&gt; 1.0.19</title>
<updated>2023-11-06T16:49:52+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2023-11-04T00:19:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=294b2e9ae951e22ffe8ac5d7c8b5e2114db17b03'/>
<id>urn:sha1:294b2e9ae951e22ffe8ac5d7c8b5e2114db17b03</id>
<content type='text'>
License-Update: Copyright years changed

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsodium: upgrade 1.0.17 -&gt; 1.0.18</title>
<updated>2019-08-03T01:04:41+00:00</updated>
<author>
<name>Zang Ruochen</name>
<email>zangrc.fnst@cn.fujitsu.com</email>
</author>
<published>2019-08-01T07:51:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=a58021bd40ad00ed15d9e76101430efafa2bf3ea'/>
<id>urn:sha1:a58021bd40ad00ed15d9e76101430efafa2bf3ea</id>
<content type='text'>
Signed-off-by: Zang Ruochen &lt;zangrc.fnst@cn.fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsodium: update to 1.0.17</title>
<updated>2019-03-15T20:57:47+00:00</updated>
<author>
<name>Oleksandr Kravchuk</name>
<email>open.source@oleksandr-kravchuk.com</email>
</author>
<published>2019-03-15T17:15:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d3bfe0a626f1dd84bb5a9e372c1cda566ecdb5bd'/>
<id>urn:sha1:d3bfe0a626f1dd84bb5a9e372c1cda566ecdb5bd</id>
<content type='text'>
License checkusm has been changed due to the copiright year change in
the LICENSE file.

Signed-off-by: Oleksandr Kravchuk &lt;open.source@oleksandr-kravchuk.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsodium: update to 1.0.16</title>
<updated>2018-06-14T16:01:12+00:00</updated>
<author>
<name>Oleksandr Kravchuk</name>
<email>open.source@oleksandr-kravchuk.com</email>
</author>
<published>2018-06-12T18:19:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=edf011c30375104b667423fba794769f72ef5ed6'/>
<id>urn:sha1:edf011c30375104b667423fba794769f72ef5ed6</id>
<content type='text'>
Added link to bug tracker and updated md5sum of LICENSE, which has been
updated with the copyright year.

Signed-off-by: Oleksandr Kravchuk &lt;dev@sashko.rv.ua&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
