libsodium-1.0.20-160000.2.2

- Update to 1.0.20
  * When using the traditional build system, -O3 is used instead of -Ofast.
  * Improved detection of the compiler flags required on aarch64.
  * Improved compatibility with custom build systems on aarch64.
  * crypto_kdf_hkdf_sha512_statebytes() was added.
  * Compatibility issues with LLVM 18 and AVX512 have been addressed.
    For the full changelog see: https://github.com/jedisct1/libsodium/releases/tag/1.0.20-RELEASE
  * Update baselibs.conf
- Included from 1.0.19
  * New AEADs: AEGIS-128L and AEGIS-256 are now available in the
    crypto_aead_aegis128l_*() and crypto_aead_aegis256_*() namespaces. AEGIS is
    a family of authenticated ciphers for high-performance applications,
    leveraging hardware AES acceleration on x86_64 and aarch64. In addition to
    performance, AEGIS ciphers have unique properties making them easier and
    safer to use than AES-GCM. They can also be used as high-performance MACs.
  * The HKDF key derivation mechanism, required by many standard protocols, is
    now available in the crypto_kdf_hkdf_*() namespace. It is implemented for
    the SHA-256 and SHA-512 hash functions.

-  Revert previous change about cpuid as previous change rejected
  in https://build.opensuse.org/request/show/724809
-  Disable LTO as bypass boo#1148184

-  Add libsodium_configure_cpuid_chg.patch and call autoconf
  to regenerate configure script with proper CPUID checking.
  Required at least for PowerPC and ARM now that LTO enabled.

- Update to 1.0.18
  - Enterprise versions of Visual Studio are now supported.
  - Visual Studio 2019 is now supported.
  - 32-bit binaries for Visual Studio 2010 are now provided.
  - A test designed to trigger an OOM condition didn't work on
    Linux systems with memory overcommit turned on. It has been
    removed in order to fix Ansible builds.
  - Emscripten: print and printErr functions are overridden to send
    errors to the console, if there is one.
  - Emscripten: UTF8ToString() is now exported since
    Pointer_stringify() has been deprecated.
  - Libsodium version detection has been fixed in the CMake recipe.
  - Generic hashing got a 10% speedup on AVX2.
  - New target: WebAssembly/WASI
    (compile with dist-builds/wasm32-wasi.sh).
  - New functions to map a hash to an edwards25519 point
    or get a random point:
    core_ed25519_from_hash() and core_ed25519_random().
  - crypto_core_ed25519_scalar_mul() has been implemented for
    scalar*scalar (mod L) multiplication.
  - Support for the Ristretto group has been implemented for
    interoperability with wasm-crypto.
  - Improvements have been made to the test suite.
  - Portability improvements have been made.
  - getentropy() is now used on systems providing this system call.
  - randombytes_salsa20 has been renamed to randombytes_internal.
  - Support for NativeClient has been removed.
  - Most ((nonnull)) attributes have been relaxed to allow 0-length
    inputs to be NULL.
  - The -ftree-vectorize and -ftree-slp-vectorize compiler switches
    are now used, if available, for optimized builds.

- Update to 1.0.17
  - Bug fix: sodium_pad() didn't properly support block sizes
    >= 256 bytes.
  - JS/WebAssembly: some old iOS versions can't instantiate the
    WebAssembly module; fall back to Javascript on these.
  - JS/WebAssembly: compatibility with newer Emscripten versions.
  - Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
    crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't
    returnEINVAL` on input strings with a short length, unlike
    their high-level counterpart.
  - Added a workaround for Visual Studio 2010 bug causing CPU
    features not to be detected.
  - Portability improvements.
  - Test vectors from Project Wycheproof have been added.
  - New low-level APIs for arithmetic mod the order of the prime
    order group:
  - crypto_core_ed25519_scalar_random(),
    crypto_core_ed25519_scalar_reduce(),
  - crypto_core_ed25519_scalar_invert(),
    crypto_core_ed25519_scalar_negate(),
  - crypto_core_ed25519_scalar_complement(),
    crypto_core_ed25519_scalar_add() and
    crypto_core_ed25519_scalar_sub().
  - New low-level APIs for scalar multiplication without clamping:
    crypto_scalarmult_ed25519_base_noclamp() and
    crypto_scalarmult_ed25519_noclamp().
    These new APIs are especially useful for blinding.
  - sodium_sub() has been implemented.
  - Support for WatchOS has been added.
  - getrandom(2) is now used on FreeBSD 12+.
  - The nonnull attribute has been added to all relevant
    prototypes.
  - More reliable AVX512 detection.
  - Javascript/Webassembly builds now use dynamic memory growth.

- Add baselibs.conf: build libsodium23-32bit, which is required by
  zeromq's -32bit packages.

- Add gpg signature
- Modernise spec file with spec-cleaner

- Enable verbose make output when building tests

- Update to 1.0.16
  * Signatures computations and verifications are now way faster
    on 64-bit platforms with compilers supporting 128-bit
    arithmetic (gcc, clang, icc). This includes the WebAssembly
    target.
  * New low-level APIs for computations over edwards25519:
    crypto_scalarmult_ed25519(), crypto_scalarmult_ed25519_base(),
    crypto_core_ed25519_is_valid_point(), crypto_core_ed25519_add(),
    crypto_core_ed25519_sub() and crypto_core_ed25519_from_uniform()
    (elligator representative to point).
  * crypto_sign_open(), crypto_sign_verify_detached() and
    crypto_sign_edwards25519sha512batch_open` now reject public
    keys in non-canonical form in addition to low-order points.
  * The library can be built with ED25519_NONDETERMINISTIC defined
    in order to use synthetic nonces for EdDSA. This is disabled
    by default.
  * sodium_stackzero() was added to wipe content off the stack.
  * The Salsa20-based PRNG example is now thread-safe on platforms
    with support for thread-local storage, optionally mixes bits
    from RDRAND.
  * Argon2 and scrypt are slightly faster on Linux.

- Refresh spec-file.
- Update to 1.0.15.
  * Release notes: https://github.com/jedisct1/libsodium/releases/tag/1.0.15
  * The default password hashing algorithm is now Argon2id.
  * The pwhash_str_verify() function can still verify Argon2i hashes without any changes,
    and pwhash() can still compute Argon2i hashes as well.
  * The aes128ctr primitive was removed. It was slow, non-standard, not authenticated,
    and didn't seem to be used by any opensource project.
  * Argon2id required at least 3 passes like Argon2i, despite a minimum of 1
    as defined by the OPSLIMIT_MIN constant. This has been fixed.
  * The secretstream construction was slightly changed to be consistent with forthcoming variants.
  * The Javascript and Webassembly versions have been merged, and the module now returns
    a .ready promise that will resolve after the Webassembly code is loaded and compiled.
  * Note that due to these incompatible changes, the library version major was bumped up.