libnettle-3.10.1-160000.2.2

- Update to nettle 3.10.1:
  * Bug fixes:
  - Fix buffer overread in the new sha256 assembly for
    powerpc64, as well as a stack alignment issue.
  - Added missing nettle_mac structs for hmac-gosthash.
  - Fix configure test for valgrind, to not attempt to run
    valgrind on executables built using memory sanitizers.
  * Enable back the gcm regression test:
  - Remove libnettle-powerpc64-skip-AES-GCM-test.patch
  * Remove patches upstream:
  - libnettle-powerpc64-sha256-fix-loading-overreads.patch
  - libnettle-powerpc64-sha256-adjust-stack-offset-for-non-volatile-registers.patch
  - libnettle-powerpc64-remove-m4_unquote-sha256.patch

- ppcl64le: POWER10 performance enhancements for cryptography [jsc#PED-9904]
  * powerpc64/sha256: fix loading overreads by loading less and shifting
  * powerpc64/sha256: adjust stack offset for storing non-volatile registers
  * powerpc64: remove use of m4_unquote in the load step for sha256
  * Temporarily skip the gcm test: libnettle-powerpc64-skip-AES-GCM-test.patch
  * Add patches:
  - libnettle-powerpc64-sha256-fix-loading-overreads.patch
  - libnettle-powerpc64-sha256-adjust-stack-offset-for-non-volatile-registers.patch
  - libnettle-powerpc64-remove-m4_unquote-sha256.patch

- Update to 3.10:
  * Bug fixes:
  - Add missing hash functions sha512_224 and sha512_256 to the
    nettle_get_hashes() list. The name values in the
    corresponding nettle_hash structs also changed to use
    underscore instead of dash, for consistency.
  - Fix a few cases of formally undefined calls to memcpy(dst,
    NULL, 0), resulting from valid calls to, e.g.,
    sha256_update(ctx, 0, NULL).
  * New features:
  - Support RSA-OAEP encryption. Contributed by Nicolas Mora and Daiki Ueno.
  - New function sha3_256_shake_output, new functions
    sha3_128_init, sha3_128_update, sha3_128_shake,
    sha3_128_shake_output. Contributed by Daiki Ueno.
  - Added DRBG-CTR with AES256, contributed by Simon Josefsson.
  * Optimizations:
  - New combined gcm-aes assembly for powerpc64, contributed by Danny Tsen.
  - New sha256 assembly for powerpc64, contributed by Eric Richter.
  - Improved performance for powerpc64 AES decrypt, by skipping
    subkey transformations that don't suit the vncipher instructions.
  - Add arm64 CPU feature detection for Android and for Apple systems,
    contributed by Foolbar and Tim Kosse, prespectively.
  * Miscellaneous:
  - New tests for side-channel silence, based on valgrind.
  - Delete all md5 assembly code. Delete all sparc32 assembly code.

- Add the architecture specific READMEs as provided by upstream.

- Include the nettle library manual in HTML and PDF formats in
  the devel package.

- update to 3.9.1: [bsc#1212112, CVE-2023-36660]
  * Fix bug in the new OCB code may be exploitable for denial of
    service or worse due to memory corruption

- update to 3.9
  * rewrite of the C and plain x86_64 assembly implementations of
    GHASH to use precomputed tables in a different way, with tables
    always accessed in the same sequential manner. This should make
    Nettle's GHASH implementation side-channel silent on all
    platforms, but considerably slower on platforms without carry-
    less mul instructions. E.g., benchmarks of the C implementation
    on x86_64 showed a slowdown of 3 times.
  * Fix bug in ecdsa and gostdsa signature verify operation, for
    the unlikely corner case that point addition really is point
    duplication.
  * Fix for chacha on Power7, nettle's assembly used an instruction
    only available on later processors
  * Add support for the SM4 block cipher
  * Add support for the Balloon password hash
  * Add support for SIV-GCM authenticated encryption mode
  * Add support for OCB authenticated encryption mode.
  * New exported functions md5_compress, sha1_compress,
    sha256_compress, sha512_compress
  * multiple performance optimizations
  * Delete all arcfour assembly code. Affects 32-bit x86, 32-bit
    and 64-bit sparc

- Build AVX2 enabled hwcaps library for x86_64-v3

- update to 3.8.1:
  * Avoid non-posix m4 argument references in the chacha
    implementation for arm64, powerpc64 and s390x. Reported by
    Christian Weisgerber, fix contributed by Mamone Tarsha.
  * Use explicit .machine pseudo-ops where needed in s390x
    assembly files. Bug report by Andreas K. Huettel, fix
    contributed by Mamone Tarsha.

- update to 3.8:
  This release includes a couple of new features, and many
  performance improvements. It adds assembly code for two more
  architectures: ARM64 and S390x.
  The new version is intended to be fully source and binary
  compatible with Nettle-3.6. The shared library names are
  libnettle.so.8.5 and libhogweed.so.6.5, with sonames
  libnettle.so.8 and libhogweed.so.6.
  New features:
  * AES keywrap (RFC 3394), contributed by Nicolas Mora.
  * SM3 hash function, contributed by Tianjia Zhang.
  * New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
    cbc_aes256_encrypt.
    On processors where AES is fast enough, e.g., x86_64 with
    aesni instructions, the overhead of using Nettle's general
    cbc_encrypt can be significant. The new functions can be
    implemented in assembly, to do multiple blocks with reduced
    per-block overhead.
    Note that there's no corresponding new decrypt functions,
    since the general cbc_decrypt doesn't suffer from the same
    performance problem.
  Bug fixes:
  * Fix fat builds for x86_64 windows, these appear to never
    have worked.
  Optimizations:
  * New ARM64 implementation of AES, GCM, Chacha, SHA1 and
    SHA256, for processors supporting crypto extensions. Great
    speedups, and fat builds are supported. Contributed by
    Mamone Tarsha.
  * New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
    SHA256, SHA512 and SHA3. Great speedups, and fat builds are
    supported. Contributed by Mamone Tarsha.
  * New PPC64 assembly for ecc modulo/redc operations,
    contributed by Amitay Isaacs, Martin Schwenke and Alastair
    D´Silva.
  * The x86_64 AES implementation using aesni instructions has
    been reorganized with one separate function per key size,
    each interleaving the processing of two blocks at a time
    (when the caller processes multiple blocks with each call).
    This gives a modest performance improvement on some
    processors.
  * Rewritten and faster x86_64 poly1305 assembly.
- drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8)