libsodium-1.0.21-160000.1.1

- Drop libsodium-CVE-2025-15444.patch, merged upstream

- Update to 1.0.21: [bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277]
  * The new crypto_ipcrypt_* functions implement mechanisms for securely
    encrypting and anonymizing IP addresses.
  * The sodium_bin2ip and sodium_ip2bin helper functions have been added to
    complement the crypto_ipcrypt_* functions and easily convert addresses
    between bytes and strings.
  * XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are
  * standard
    extendable output functions. From input of any length, they can derive
    output of any length with the same properties as hash functions. These
    primitives are required by many post-quantum mechanisms, but can also be
    used for a wide range of applications, including key derivation, session
    encryption and more.
  * Performance of AES256-GCM and AEGIS on ARM has been improved with some
    compilers
  * Security: optblockers have been introduced in critical code paths to prevent
    compilers from introducing unwanted side channels via conditional jumps. This
    was observed on RISC-V targets with specific compilers and options.
  * Security: crypto_core_ed25519_is_valid_point() now properly rejects
    small-order points that are not in the main subgroup
  * ((nonnull)) attributes have been relaxed on some crypto_stream* functions to
    allow NULL output buffers when the output length is zero
  * A cross-compilation issue with old clang versions has been fixed
  * crypto_aead_aes256gcm_is_available is exported to JavaScript
  * Security: memory fences have been added after MAC verification in AEAD to
    prevent speculative access to plaintext before authentication is complete
  * Assembly files now include .gnu.property notes for proper IBT and Shadow
    Stack support when building with CET instrumentation.
- Add patch libsodium-Fix-compilation-with-GCC-on-aarch64.patch

- Security fix: [bsc#1256070, CVE-2025-15444]
  * check Y==Z in addition to X==0
  * Add patch libsodium-CVE-2025-15444.patch

- Update to 1.0.20
  * When using the traditional build system, -O3 is used instead of -Ofast.
  * Improved detection of the compiler flags required on aarch64.
  * Improved compatibility with custom build systems on aarch64.
  * crypto_kdf_hkdf_sha512_statebytes() was added.
  * Compatibility issues with LLVM 18 and AVX512 have been addressed.
    For the full changelog see: https://github.com/jedisct1/libsodium/releases/tag/1.0.20-RELEASE
  * Update baselibs.conf
- Included from 1.0.19
  * New AEADs: AEGIS-128L and AEGIS-256 are now available in the
    crypto_aead_aegis128l_*() and crypto_aead_aegis256_*() namespaces. AEGIS is
    a family of authenticated ciphers for high-performance applications,
    leveraging hardware AES acceleration on x86_64 and aarch64. In addition to
    performance, AEGIS ciphers have unique properties making them easier and
    safer to use than AES-GCM. They can also be used as high-performance MACs.
  * The HKDF key derivation mechanism, required by many standard protocols, is
    now available in the crypto_kdf_hkdf_*() namespace. It is implemented for
    the SHA-256 and SHA-512 hash functions.

-  Revert previous change about cpuid as previous change rejected
  in https://build.opensuse.org/request/show/724809
-  Disable LTO as bypass boo#1148184

-  Add libsodium_configure_cpuid_chg.patch and call autoconf
  to regenerate configure script with proper CPUID checking.
  Required at least for PowerPC and ARM now that LTO enabled.

- Update to 1.0.18
  - Enterprise versions of Visual Studio are now supported.
  - Visual Studio 2019 is now supported.
  - 32-bit binaries for Visual Studio 2010 are now provided.
  - A test designed to trigger an OOM condition didn't work on
    Linux systems with memory overcommit turned on. It has been
    removed in order to fix Ansible builds.
  - Emscripten: print and printErr functions are overridden to send
    errors to the console, if there is one.
  - Emscripten: UTF8ToString() is now exported since
    Pointer_stringify() has been deprecated.
  - Libsodium version detection has been fixed in the CMake recipe.
  - Generic hashing got a 10% speedup on AVX2.
  - New target: WebAssembly/WASI
    (compile with dist-builds/wasm32-wasi.sh).
  - New functions to map a hash to an edwards25519 point
    or get a random point:
    core_ed25519_from_hash() and core_ed25519_random().
  - crypto_core_ed25519_scalar_mul() has been implemented for
    scalar*scalar (mod L) multiplication.
  - Support for the Ristretto group has been implemented for
    interoperability with wasm-crypto.
  - Improvements have been made to the test suite.
  - Portability improvements have been made.
  - getentropy() is now used on systems providing this system call.
  - randombytes_salsa20 has been renamed to randombytes_internal.
  - Support for NativeClient has been removed.
  - Most ((nonnull)) attributes have been relaxed to allow 0-length
    inputs to be NULL.
  - The -ftree-vectorize and -ftree-slp-vectorize compiler switches
    are now used, if available, for optimized builds.

- Update to 1.0.17
  - Bug fix: sodium_pad() didn't properly support block sizes
    >= 256 bytes.
  - JS/WebAssembly: some old iOS versions can't instantiate the
    WebAssembly module; fall back to Javascript on these.
  - JS/WebAssembly: compatibility with newer Emscripten versions.
  - Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
    crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't
    returnEINVAL` on input strings with a short length, unlike
    their high-level counterpart.
  - Added a workaround for Visual Studio 2010 bug causing CPU
    features not to be detected.
  - Portability improvements.
  - Test vectors from Project Wycheproof have been added.
  - New low-level APIs for arithmetic mod the order of the prime
    order group:
  - crypto_core_ed25519_scalar_random(),
    crypto_core_ed25519_scalar_reduce(),
  - crypto_core_ed25519_scalar_invert(),
    crypto_core_ed25519_scalar_negate(),
  - crypto_core_ed25519_scalar_complement(),
    crypto_core_ed25519_scalar_add() and
    crypto_core_ed25519_scalar_sub().
  - New low-level APIs for scalar multiplication without clamping:
    crypto_scalarmult_ed25519_base_noclamp() and
    crypto_scalarmult_ed25519_noclamp().
    These new APIs are especially useful for blinding.
  - sodium_sub() has been implemented.
  - Support for WatchOS has been added.
  - getrandom(2) is now used on FreeBSD 12+.
  - The nonnull attribute has been added to all relevant
    prototypes.
  - More reliable AVX512 detection.
  - Javascript/Webassembly builds now use dynamic memory growth.

- Add baselibs.conf: build libsodium23-32bit, which is required by
  zeromq's -32bit packages.

- Add gpg signature
- Modernise spec file with spec-cleaner