Nettle 3.6:
This release adds a couple of new features, most notable being
support for ED448 signatures.
It is not binary compatible with earlier releases. The shared
library names are libnettle.so.8.0 and libhogweed.so.6.0, with
sonames nibnettle.so.8 and libhogweed.so.6. The changed
sonames are mainly to avoid upgrade problems with recent
GnuTLS versions, that depend on Nettle internals outside of
the advertised ABI. But also because of the removal of
internal poly1305 functions which were undocumented but
declared in an installed header file, see Interface changes
below.
New features:
* Support for Curve448 and ED448 signatures. Contributed by
Daiki Ueno.
* Support for SHAKE256 (SHA3 variant with arbitrary output
size). Contributed by Daiki Ueno.
* Support for SIV-CMAC (Synthetic Initialization Vector) mode,
contributed by Nikos Mavrogiannopoulos.
* Support for CMAC64, contributed by Dmitry Baryshkov.
* Support for the "CryptoPro" variant of the GOST hash
function, as gosthash94cp. Contributed by Dmitry Baryshkov.
* Support for GOST DSA signatures, including GOST curves
gc256b and gc512a. Contributed by Dmitry Baryshkov.
* Support for Intel CET in x86 and x86_64 assembly files, if
enabled via CFLAGS (gcc --fcf-protection=full). Contributed
by H.J. Lu and Simo Sorce.
* A few new functions to improve support for the Chacha
variant with 96-bit nonce and 32-bit block counter (the
existing functions use nonce and counter of 64-bit each),
and functions to set the counter. Contributed by Daiki Ueno.
* New interface, struct nettle_mac, for MAC (message
authentication code) algorithms. This abstraction is only
for MACs that don't require a per-message nonce. For HMAC,
the key size is fixed, and equal the digest size of the
underlying hash function.
Bug fixes:
* Fix bug in cfb8_decrypt. Previously, the IV was not updated
correctly in the case of input data shorter than the block
size. Reported by Stephan Mueller, fixed by Daiki Ueno.
* Fix configure check for __builtin_bswap64, the incorrect
check would result in link errors on platforms missing this
function. Patch contributed by George Koehler.
* All use of old-fashioned suffix rules in the Makefiles have
been replaced with %-pattern rules. Nettle's use of suffix
rules in earlier versions depended on undocumented GNU make
behavior, which is being deprecated in GNU make 4.3.
Building with other make programs than GNU make is untested
and unsupported. (Building with BSD make or Solaris make
used to work years ago, but has not been tested recently).
Interface changes:
* Declarations of internal poly1305.h functions have been
removed from the header file poly1305.h, to make it clear
that they are not part of the advertised API or ABI.
Miscellaneous:
* Building the public key support of nettle now requires GMP
version 6.1.0 or later (unless --enable-mini-gmp is used).
* A fair amount of changes to ECC internals, with a few
deleted and a few new fields in the internal struct
ecc_curve. Files and functions have been renamed to more
consistently match the curve name, e.g., ecc-256.c has been
renamed to ecc-secp256r1.c.
* Documentation for chacha-poly1305 updated. It is no longer
experimental. The implementation was updated to follow RFC
8439 in Nettle-3.1, but that was not documented or announced
at the time.
version 4.2.3
- avcodec/pnmdec: Use unsigned for maxval rescaling
- avcodec/ivi: Clear got_p_frame before decoding a new frame using it
- avcodec/dsddec: Check channels
- avcodec/xvididct: Fix integer overflow in idct_row()
- avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr()
- avcodec/cbs_jpeg: Fix infinite loop in cbs_jpeg_split_fragment()
- avformat/mpegenc: Fix integer overflow with AV_NOPTS_VALUE
- avformat/swfenc: Fix integer overflow in frame rate handling
- avformat/aadec: Check toc_size to contain the minimum to demuxer uses
- avcodec/cbs_h265_syntax_template: Limit num_long_term_pics more strictly
- ffplay: set stream_index to -1 earlier to prevent segfault
- avformat/mov: Free temp buffer upon negative sample_size error.
- avformat/matroskadec: Improve forward compability
- avformat/matroskadec: Don't discard valid packets
- avformat/matroskaenc: Don't segfault when seekability changes
- avformat/utils: Fix memleaks
- avformat/utils: Fix memleaks in avformat_open_input()
- avfilter/vf_dedot: Fix leak of AVFrame if making it writable fails
- avfilter/vf_paletteuse: Fix potential double-free of AVFrame
- avformat/mov: Don't leak MOVFragmentStreamInfo on error
- avformat/mov: Free encryption data on error
- fftools/ffmpeg: Free swresample dictionary during cleanup
- avcodec/mediacodec_wrapper: fix {input,output}_buffers global reference leak
- avformat/webm_chunk: Close IO if writing header fails
- avcodec/cavsdsp: Fix undefined left shifts of negative numbers
- avcodec/ra144enc: Fix invalid left shift of negative number
- avcodec/adxenc: Avoid undefined left shift of negative numbers
- avcodec/adpcm: Fix undefined left shifts of negative numbers
- avcodec/proresenc_anatoliy: Fix invalid left shift of negative number
- avformat/aviobuf: Honor avio_open[2] documentation
- avcodec/cinepakenc: Fix invalid shifts
- avfilter/vf_xbr: Fix left shift of negative number
- avfilter/vf_hqx: Fix undefined left shifts of negative numbers
- avcodec/jpeg2000dwt: Fix undefined shifts of negative numbers
- avcodec/ituh263dec: Fix undefined left shift of negative number
- avcodec/dnxhdenc: Fix undefined left shifts of negative numbers
- swscale/utils: Fix invalid left shifts of negative numbers
- swscale/x86/swscale: Fix undefined left shifts of negative numbers
- fftools/ffmpeg_opt: Fix signed integer overflow
- avcodec/exr: Fix undefined left shifts of negative numbers
- avformat/movenc: Fix undefined shift
- avcodec/pcm: Fix undefined shifts
- avcodec/wavpackenc: Fix undefined shifts
- avutil/encryption_info: Don't pass NULL to memcpy
- avcodec/ac3enc: Fix memleak
- avcodec/ac3enc: Fix invalid shift
- avcodec/g723_1dec: Fix invalid shift
- avcodec/tdsc: Fix undefined shifts
- avcodec/ttaenc: Fix undefined shift
- avformat/avidec: Fix memleak with embedded GAB2 subtitles
- avformat/matroskadec: Don't discard the upper 32bits of TrackNumber
- dump_extradata: Insert extradata even for small packets
- avformat/segafilmenc: Fix undefined left shift of 1 by 31 places
- avformat/wtvdec: Fix memleak when reading header fails
- avformat/dashenc: Fix leak of AVFormatContext on error
- avformat/fitsdec: Fix potential leak of string in AVBPrint
- avformat/matroskadec: Sanitize SeekHead entries
- avformat/matroskaenc: Fix memleak upon encountering bogus chapter
- avformat/matroskaenc: Make ebml_num_size() more robust
- avformat/oggenc: Don't free AVStream's priv_data, fix memleak
- avformat/utils: Fix memleak when decoding subtitle in find_stream_info
- fftools/ffmpeg_opt: Check attachment filesize
- avformat/mpeg: Don't use unintialized value
- avformat/webmdashenc: Check codec types
- avformat/webmdashenc: Fix memleak upon realloc failure
- avformat/subtitles: Don't increment packet counter prematurely
- avformat/bethsoftvid: Fix potential memleak upon reallocation failure
- avformat/smoothstreaming: Fix memleaks on errors
- avformat/matroskaenc: Check BlockAdditional size before use
- avformat/matroskaenc: Check functions that can fail
- avformat/matroskaenc: Check for reformatting errors
- avformat/matroskadec: Check before allocations
- avfilter/vf_unsharp: Don't dereference NULL
- avcodec/zmbvenc: Correct offset in buffer
- avcodec/cbs_h2645: Fix potential out-of-bounds array access
- avformat/mov: Don't allow negative sample sizes.
- mpeg4videoenc: Don't crash with -fsanitize=bounds
- avformat/mpegts: Shuffle avio_seek
- avcodec/binkaudio: Fix 2Ghz sample_rate
- avcodec/adpcm: Fix integer overflow in ADPCM THP
- avcodec/ralf: Check num_blocks before use
- avcodec/iff: Test video_size being non zero
- avcodec/utvideodec: Fix integer overflow in decode_plane()
- avcodec/ttadsp: Fix several integer overflows in tta_filter_process_c()
- avcodec/ralf: Fix integer overflow in decode_block()
- avcodec/nuv: widen buf_size type
- avcodec/iff: Fix several integer overflows
- avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1
- avcodec/alac: Fix integer overflow with 24/20bps samples
- avcodec/dstdec: Check sample rate
- avformat/thp: Require a video stream
- avformat/mpeg: Decrease score by 1 for files with very little valid data
- avcodec/pngdec: Check length in fdAT
- avcodec/g2meet: Check tile_width in epic_jb_decode_tile()
- avcodec/hapdec: Check tex_size more strictly and before using it
- avcodec/vp9dsp_template: Fix integer overflows in idct32_1d()
- avcodec/alacdsp: Fix invalid shift in append_extra_bits()
- libavcodec/wmalosslessdec: prevent sum of positive numbers from becoming negative
- avcodec/dstdec: Fix integer overflow in read_table()
- avcodec/txd: Check for input size against the header size.
- avcodec/svq1dec: Check that there is data left after the header
- avcodec/cbs_h265_syntax_template: Check num_negative/positive_pics when inter_ref_pic_set_prediction_flag is set
- avcodec/intrax8: Check for end of bitstream in ff_intrax8_decode_picture()
- avcodec/hevc_mp4toannexb_bsf: Check nalu_size
- avcodec/iff: Check length before memcpy() in decode_deep_rle32()
- avcodec/iff: Fix invalid pointer intermediates in decode_deep_rle32()
- avcodec/pngdec: Pass ret from decode_iccp_chunk()
- avcodec/rv40dsp: Fix integer overflows in rv40_weight_func_*()
- avcodec/ac3dec_fixed: Fix several invalid left shifts in scale_coefs()
- avcodec/flac_parser: Do not lose header count in find_headers_search()
- avcodec/audiodsp: Fix integer overflow in scalarproduct_int16_c()
- avcodec/cbs_jpeg_syntax_template: Check array index in huffman_table()
- avcodec/cbs_jpeg_syntax_template: Check table index before use in dht()
- avformat/oggdec: Check for EOF after page header
- swscale/yuv2rgb: Fix vertical dither offset with slices
- avcodec/dpcm: clip exponent into supported range in XAN DPCM
- avcodec/flacdsp_template: Fix invalid shifts in decorrelate
- avcodec/xvididct: Fix integer overflow in MULT()
- avcodec/ffwavesynth: Correct undefined overflow of PINK_UNIT
- avcodec/cbs_h264_syntax_template: fix off by 1 error with slice_group_change_cycle
- swscale/output: Fix integer overflow in yuv2rgb_write_full() with out of range input
- swscale/output: Fix integer overflow in alpha computation in yuv2gbrp16_full_X_c()
- libavformat/amr.c: Check return value from avio_read()
- libavformat/mov.c: Free aes_decrypt to avoid leaking memory
- libavformat/oggdec.c: Check return value from avio_read()
- avformat/asfdec_f: Fix overflow check in get_tag()
- avformat/nsvdec: Fix memleaks on errors while reading the header
- avcodec/ffwavesynth: Fix integer overflow in computation of ddphi
- avcodec/cbs_jpeg: Check length for SOS
- avcodec/adpcm: Fix invalid shift in AV_CODEC_ID_ADPCM_PSX
- avcodec/mpeg12dec: Fix invalid shift in mpeg2_fast_decode_block_intra()
- avcodec/cbs_h2645: Treat slices without data as invalid
- avcodec/cbs_h2645: Remove dead code to delete trailing zeroes
- avcodec/cbs_av1_syntax_template: Set seen_frame_header only after successfull uncompressed_header()
- avcodec/mpegaudioenc_template: fix invalid shift of sample
- avcodec/motion_est_template: Fix invalid shifts in no_sub_motion_search()
- libavformat/avienc: Check bits per sample for PAL8
- avformat/mpegts: Improve the position determination for avpriv_mpegts_parse_packet()
- avcodec/magicyuv: Check that there are enough lines for interlacing to be possible
- avformat/mvdec: Check stream numbers
- avcodec/pcm: Fix invalid shift in AV_CODEC_ID_PCM_LXF
- avcodec/qdm2: Check fft_coefs_index
- avformat/utils: Fix integer overflow with complex time bases in avformat_find_stream_info()
- avformat/avidec: Avoid integer overflow in NI switch check
- fftools/ffmpeg: Fix integer overflow in duration computation in seek_to_start()
- avfilter/vf_aspect: Fix integer overflow in compute_dar()
- avcodec/apedec: Fix invalid shift with 24 bps
- avformat/utils: Fix undefined behavior in ff_configure_buffers_for_index()
- avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCM
- avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bits
- avcodec/wmalosslessdec: Fix loop in revert_acfilter()
- avcodec/agm: YUV420 without DCT needs even dimensions
- avcodec/agm: Test remaining data in decode_raw_intra_rgb()
- avcodec/lagarith: Sanity check scale
- avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()
- avcodec/ralf: Fix integer overflow in apply_lpc()
- avcodec/dca_lbr: Fix some error codes and error passing
- avcodec/wmavoice: Fix rounding and integer anomalies in calc_input_response()
- avcodec/wmavoice: sanity check block_align
- avcodec/pcm: Fix invalid shift in pcm_decode_frame for LXF
- avcodec/snappy: Sanity check bytestream2_get_levarint()
- avcodec/mlpdsp: Fix a invalid shift in ff_mlp_rematrix_channel()
- avcodec/avdct: Clear IDCTDSPContext context
- avcodec/x86/diracdsp: Fix high bits on Windows x86_64
- tests/fate/lavf-video.mak: fix fate-lavf-gif dependencies
- avformat/mov: Check STCO location
- avcodec/wmalosslessdec: Fix multiple integer overflows
- avcodec/apedec: Fix undefined integer overflow in decode_array_0000()
- avcodec/smacker: Check space before decoding type
- avcodec/rawdec: Use linesize in b64a
- avcodec/iff: Over-allocate ham_palbuf for HAM6 IFF-PBM
- avcodec/x86/diracdsp: Fix incorrect src addressing in dequant_subband_32()
- avfilter/vf_find_rect: Remove assert
- avfilter/vf_find_rect: Increase worst case score
- swscale/input: Fix several invalid shifts related to rgb2yuv constants
- swscale/output: Fix several invalid shifts in yuv2rgb_full_1_c_template()
- swscale/swscale: Fix several invalid shifts related to vChrDrop
- avcodec/hevc_mp4toannexb_bsf: check that nalu size doesnt overflow
- avcodec/hevc_mp4toannexb_bsf: Avoid NULL memcpy()
- avcodec/cbs_av1: Check leb128 values read
- avcodec/wmalosslessdec: move channel check up
- avcodec/cbs_h2645: Skip all 0 NAL units
- avcodec/adpcm: Fix overflow in FFABS() IMA_EA_EACS
- avcodec/alac: Fix integer overflow in LPC coefficient adaption
- avcodec/g729postfilter: Optimize out overflowing multiplication from apply_tilt_comp()
- avcodec/vc1dec: Check field_mode for sprites
- avcodec/vc1dec: Limit bits by the actual bitstream size
- avcodec/vmdaudio: Check block_align more
- configure: bump year
- avcodec/pgssubdec: Free subtitle on error
- avcodec/nvenc: use framerate if available
- avcodec/cbs_h265: fix writing extension_data bits
- avcodec/nvenc: offset dts to account for b-frame reordering
- Revert "avformat/rtp: Pass sources and block filter addresses via sdp file for rtp"
- avformat/matroskadec: Fix default value of BlockAddID
- avformat/dashdec: Don't allocate and leak strings that are never used
- avformat/matroskaenc: Write level 1 elements in one go
- avformat/rtp: Pass sources and block filter addresses via sdp file for rtp
- avformat/bintext: avoid division by zero
k5start, when run with the -K option to run as a daemon, no longer exits if
the initial authentication fails (unless -x was given). Instead, it reports
the error to standard error and then continues to run, attempting authentication
every minute as if authentication had failed after it had started.
For both k5start with a command or -K and no -x flag, and krenew with the -i
flag, repeatedly retry the initial authentication. The first retry will be
immediate, and then the commands will keep trying with exponential backoff to
one minute intervals, and then continuously at one minute intervals until the
command is killed or authentication succeeds. k5start and krenew will no longer
start any other command until the initial authentication succeeds, fixing
startup behavior when running a command that must have valid Kerberos tickets
immediately on start.
Clean up the temporary ticket cache on k5start failure if -o, -g, or -m were
given.
The -H flag to k5start or krenew may now be used in conjunction with -K and
controls whether the ticket is renewed when the command wakes up. Normally,
the ticket will be renewed if it will expire sooner than two minutes after the
next time the command will wake up. If -H is specified, its value replaces the
default value of two minutes.
Add a new -a option to both k5start and krenew that, when used with -K, tells
those programs to refresh tickets every time they wake up. This is useful with
-t to ensure that the AFS token renewal program is always run, even if something
else renews the ticket cache before k5start or krenew wake up. It also provides
more predictable ticket refresh behavior. This probably should have been the
default with -K from the beginning, but the default wasn't changed to keep
backward compatibility. Consider always using -a with -K.
Fix k5start and krenew to not incorrectly reject the -b flag in conjunction
with -K or a command.
This package (once part of the exsheets package), provides a
framework for providing multilingual features to a LaTeX
package. The package has its own basic dictionaries for
English, Dutch, French, German and Spanish; it aims to use
translation material for English, Dutch, French, German,
Italian, Spanish, Catalan, Turkish, Croatian, Hungarian, Danish
and Portuguese from babel or polyglossia if either is in use in
the document. (Additional languages from the multilingual
packages may be possible: ask the author.)
The package allows the user to filter out unwanted warnings and
error messages issued by LaTeX, packages and classes, so they
won't pop out when there's nothing one can do about them.
Filtering goes from the very broad ("avoid all messages by such
and such") to the fine-grained ("avoid messages that begin
with..."). Messages may be saved to an external file for later
reference.
There are a number of symbols (e.g., \Square) that are defined
by several packages. In order to typeset all the variants in a
document, we have to give the glyph a unique name. To do that,
we define \savesymbol{XXX}, which renames a symbol from \XXX to
\origXXX, and \restoresymbols{yyy}{XXX}, which renames \origXXX
back to \XXX and defines a new command, \yyyXXX, which
corresponds to the most recently loaded version of \XXX.
As an alternative to the LaTeX standard environments quotation
and quote, the package provides a consolidated environment for
displayed text. First-line indentation may be activated by
adding a blank line before the quoting environment. A key-value
interface (using kvoptions) allows the user to configure font
properties and spacing and to control orphans within and after
the environment.
The dashrule package makes it easy to draw a huge variety of
dashed rules (i.e., lines) in LaTeX. dashrule provides a
command, \hdashrule, which is a cross between LaTeX's \rule and
PostScript's setdash command. \hdashrule draws horizontally
dashed rules using the same syntax as \rule, but with an
additional, setdash-like parameter that specifies the pattern
of dash segments and the space between those segments. Because
dashrule's rules are constructed internally using \rule (as
opposed to, e.g., PostScript \specials) they are fully
compatible with every LaTeX back-end processor.
The package provides basic arithmetic operations to 8 decimal
places for plain TeX or LaTeX. Results are exact when they fit
within the digit limits. Along with the basic package is an
optional extension that adds computation of sin, cos, log,
sqrt, exp, powers and angles. These are also exact when
theoretically possible and are otherwise accurate to at least 7
decimal places. In addition, the package provides a stack-based
programing environment.
This package provides commands for formatting dates, times and
time zones and redefines \today to use the same formatting
style. In addition to \today, you can also use \DTMcurrenttime
(current time) or \DTMnow (current date and time). Dates and
times can be saved for later use. The accompanying
datetime2-calc package can be used to convert date-times to
UTC+00:00. Language and regional support is provided by
independently maintained and installed modules. The
datetime2-calc package uses the pgfcalendar package (part of
the PGF/TikZ bundle).
