Hi,
Nettle has a fairly significant bug in ECDSA signature verification:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985652
We'd like to address this by uploading the upstream release fix 3.7.2.
You can review the diff at:
https://salsa.debian.org/ametzler/nettle/-/compare/9d122ba18817c0f3e2fa235e30565eb536a85e9c...3361d1e55eea83c8533cc67f18ae7da9fc235e63
(I might adjust it slightly, mainly w.r.t. the symbols files.)
Scroll down to NEWS fore an overview of changes.
The fix for the bug in chacha counter update logic was already included
in the 3.7-2.1 NMU by Andreas. The only new features added are
pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 (same as pbkdf2_hmac_sha256
but with other PRFs).
The one change that doesn't seem to be mentioned in NEWS or ChangeLog is
https://git.lysator.liu.se/nettle/nettle/-/commit/62dc4ce42fbebd7cad1f431dc6cd92bb66bf6242
Andreas says:
> I think 3.7.2 matches the freeze policy ("Only small, targeted fixes").
> Cherry-pincking the patches would result in only slightly smaller diff,
> and having a clean 3.7.2 instead of patched 3.7 has the big benefit of
> later no-fuzz security and stable updates (if necessary).
Nettle has good test coverage and Dr. Möller (a fellow Swede b.t.w.)
monitors the Debian BTS and we have good communication. I think the risks
are low. What do you think?
--
Magnus Holmgren holmgren@debian.org
Debian Developer Attachment:
signature.asc
Description: This is a digitally signed message part.