Packages changed: bzip2 (1.0.6 -> 1.0.7) libsodium (1.0.17 -> 1.0.18) === Details === ==== bzip2 ==== Version update (1.0.6 -> 1.0.7) - Update bug reference - Fix downloaded patches - Update to version 1.0.7: * Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH. * bzip2: Fix return value when combining --test,-t and -q. * bzip2recover: Fix buffer overflow for large argv[0]. * bzip2recover: Fix use after free issue with outFile (CVE-2016-3189). * Make sure nSelectors is not out of range (CVE-2019-12900 bsc#1139083) - Drop patches fixed upstream: * bzip2-unsafe_strcpy.patch. * bzip2-1.0.6-CVE-2016-3189.patch. - Refresh patches with quilt. ==== libsodium ==== Version update (1.0.17 -> 1.0.18) - Update to 1.0.18 - Enterprise versions of Visual Studio are now supported. - Visual Studio 2019 is now supported. - 32-bit binaries for Visual Studio 2010 are now provided. - A test designed to trigger an OOM condition didn't work on Linux systems with memory overcommit turned on. It has been removed in order to fix Ansible builds. - Emscripten: print and printErr functions are overridden to send errors to the console, if there is one. - Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated. - Libsodium version detection has been fixed in the CMake recipe. - Generic hashing got a 10% speedup on AVX2. - New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh). - New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random(). - crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication. - Support for the Ristretto group has been implemented for interoperability with wasm-crypto. - Improvements have been made to the test suite. - Portability improvements have been made. - getentropy() is now used on systems providing this system call. - randombytes_salsa20 has been renamed to randombytes_internal. - Support for NativeClient has been removed. - Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. - The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds.