------------------------------------------------------------------- Thu May 16 05:53:13 UTC 2024 - pgajdos@suse.com - security update - added patches fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file + libcryptopp-CVE-2023-50980.patch fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS + libcryptopp-CVE-2023-50981.patch ------------------------------------------------------------------- Sun Jul 16 18:55:10 UTC 2023 - Dirk Müller - update to 8.8.0: * minor release, recompile of programs required * expanded community input and support * 88 unique contributors as of this release * fix crash in cryptest.exe when invoked with no options * fix crash in library due to GCC removing live code * fix RSA with key size 16 may provide an invalid key * fix failure to build on 32-bit x86 * fix failure to build on iPhone Simulator for arm64 * fix failure to build on Windows arm64 * test for SSSE3 before using the ISA * fix include of when using MSVC * improve performance of CRC32C_Update_SSE42 for x86-64 * update documentation ------------------------------------------------------------------- Wed Aug 10 04:17:28 UTC 2022 - Bernhard Wiedemann - Enable SSE2 to fix i586 build ------------------------------------------------------------------- Tue Aug 9 07:18:25 UTC 2022 - Bernhard Wiedemann - Update to 8.7.0 - https://cryptopp.com/release870.html * fix RSA key generation for small moduli (GH #1136) * fix AES-GCM with AESNI but without CLMUL (GH #1132) * rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData (GH #1088, GH #1103) + restored performance and avoided performance penalty of a temp buffer * fix undersized SecBlock buffer in Integer bit operations (GH #1072) * work around several GCC 11 & 12 problems ------------------------------------------------------------------- Sat Sep 25 08:00:47 UTC 2021 - Dave Plater - Update to 8.6.0 -upstream changes: *This release clears CVE-2021-40530 and fixes a problem with ChaCha20 AVX2 implementation. *The CVE was due to ElGamal encryption using a work estimate to size encryption exponents instead subgroup order. *The ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The ChaCha20 issue was difficult to duplicate, so most users should not experience it. ------------------------------------------------------------------- Wed Mar 17 20:03:35 UTC 2021 - Dirk Müller - update to 8.5.0: * minor release, no recompile of programs required * expanded community input and support * 70 unique contributors as of this release * port to Apple M1 hardware ------------------------------------------------------------------- Sat Jan 2 10:34:52 UTC 2021 - Dave Plater - Update to version 8.4.0 and remove obsolete patches: 0001-Fix-TCXXFLAGS-using-openSUSE-standard-flags-GH-865.patch, 0001-Fix-missing-if-statement.patch and cve-2019-14318.patch - Upstream changes: *fix use of macro CRYPTOPP_ALIGN_DATA *fix potential out-of-bounds read in ECDSA *fix std::bad_alloc when using ByteQueue in pipeline *fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang *fix potential out-of-bounds read in GCM mode *add configure.sh when preprocessor macros fail *fix potential out-of-bounds read in SipHash *fix compile error on POWER9 due to vec_xl_be *fix K233 curve on POWER8 *add Cirrus CI testing *fix broken encryption for some 64-bit ciphers *disable RDRAND and RDSEED for some AMD processors *fix BLAKE2 hash calculation using Salt and Personalization *add XTS mode *fix circular dependency between misc.h and secblock.h *add Certificate interface *fix recursion in AES::Encryption without AESNI *add missing OID for ElGamal encryption *fix missing override in KeyDerivationFunction-derived classes *fix RDSEED assemble under MSVC *fix elliptic curve timing leaks (CVE-2019-14318) *add link-library variable to Makefiles *fix SIZE_MAX definition in misc.h *add GetWord64 and PutWord64 to BufferedTransformation *use HKDF in AutoSeededX917RNG::Reseed *fix Asan finding in VMAC on i686 in inline asm *fix undeclared identifier _mm_roti_epi64 on Gentoo *fix ECIES and GetSymmetricKeyLength *fix possible divide by zero in PKCS5_PBKDF2_HMAC *refine ASN.1 encoders and decoders *disable BMI2 code paths in Integer class *fix use of CRYPTOPP_CLANG_VERSION *add NEON SHA1, SHA256 and SHA512 from Cryptogams *add ARM SHA1, SHA256 and SHA512 from Cryptogams *fix reference binding to misaligned address in xed25519 *clear asserts in TestDataNameValuePairs *fix SIGILL on POWER8 when compiling with GCC 10 *fix potential out-of-bounds write in FixedSizeAllocatorWithCleanup *revert changes for constant-time elliptic curve algorithms ------------------------------------------------------------------- Thu Jul 2 11:40:59 UTC 2020 - Tomáš Chvátal - Simplify the baselibs creation - Do not BR unzip as the tarball is tar.gz - Generate the pc file with cat not bunch of echos ------------------------------------------------------------------- Sun Aug 11 12:48:14 UTC 2019 - Dave Plater - Added cve-2019-14318.patch which fixes (1)leak in ECDSA nonce length; and (2) leak in prime fields (ECP class). - See boo#1145187 - Disabled LTO for i586 to fix build failure. ------------------------------------------------------------------- Sat Jul 20 09:34:46 UTC 2019 - Dave Plater - Update to major version 8.2.0 - Filter out -flto= flag for arm7 see cryptopp issue#865 - Remove 0001-disable_os_rng_test.patch which is no longer needed. - Rebase libcryptopp-shared.patch - Added patchs from git which is indicated in cryptopp issue#865: 0001-Fix-TCXXFLAGS-using-openSUSE-standard-flags-GH-865.patch and 0001-Fix-missing-if-statement.patch. Upstream changes since 7.0.0: *use PowerPC unaligned loads and stores with Power8 *add SKIPJACK test vectors *fix SHAKE-128 and SHAKE-256 compile *removed IS_NEON from Makefile *fix Aarch64 build on Fedora 29 *fix missing GF2NT_233_Multiply_Reduce_CLMUL in FIPS DLL *add missing BLAKE2 constructors *fix missing BlockSize() in BLAKE2 classes *add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE *add carryless multiplies for NIST b233 and k233 curves *fix OpenMP build due to use of OpenMP 4 with down-level compilers *add SignStream and VerifyStream for ed25519 and large files *fix missing AlgorithmProvider in PanamaHash *add SHAKE-128 and SHAKE-256 *fix AVX2 build due to _mm256_broadcastsi128_si256 *add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305 *add x25519 key exchange and ed25519 signature scheme *add limited Asymmetric Key Package support from RFC 5958 *add Power9 DARN random number generator support *add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck *fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms *cutover to GNU Make-based cpu feature tests *rename files with dashes to underscores *fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC *avoid Singleton when possible, avoid std::call_once completely *fix SPARC alignment problems due to GetAlignmentOf() on word64 *add ARM AES asm implementation from Cryptogams *remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support ------------------------------------------------------------------- Sat Nov 17 14:27:33 UTC 2018 - Adam Mizerski - update to v7.0.0 * changelog available at https://cryptopp.com/release700.html and in packaged Readme.txt - Refreshed patches * 0001-disable_os_rng_test.patch * libcryptopp-shared.patch - Dropped patch reproducible.patch - merged upstream ------------------------------------------------------------------- Sat May 20 19:45:06 UTC 2017 - bwiedemann@suse.com - Add reproducible.patch to sort input files to make build fully reproducible ------------------------------------------------------------------- Fri Mar 3 05:58:37 UTC 2017 - davejplater@gmail.com - Added patch field to soname due to library not following proper API/ABI versioning to fix boo#1027192. - Removed crypto.pc and generate it in the spec file to ensure proper version and directories. - Changed libcryptopp-shared.patch. - Renamed library package and obsoleted old name. - added precheckin_baselibs.sh and updated baselibs.conf ------------------------------------------------------------------- Thu Feb 23 23:16:02 UTC 2017 - adam@mizerski.pl - update to 5.6.5 * Rebase libcryptopp-shared.patch * Rebase 0001-disable_os_rng_test.patch - enable openmp usage ------------------------------------------------------------------- Thu Feb 2 02:03:34 UTC 2017 - jengelh@inai.de - Add obsoletes tag for dropped static lib ------------------------------------------------------------------- Sat Jan 28 20:58:04 UTC 2017 - jengelh@inai.de - Remove libcryptoo-devel-static, this seems unused in Factory. ------------------------------------------------------------------- Sat Jan 28 09:32:22 UTC 2017 - jengelh@inai.de - Update descriptions ------------------------------------------------------------------- Mon Sep 12 08:50:44 UTC 2016 - bwiedemann@suse.com - Update to 5.6.4 * Use proper openSUSE-style library naming * Drop upstream libcryptopp-s390.patch * Drop upstream libcryptopp-m68k.patch * Drop upstream libcryptopp-CVE-2015-2141.patch * Drop upstream cryptopp-gcc6.patch * Rebase libcryptopp-shared.patch * Rebase 0001-disable_os_rng_test.patch ------------------------------------------------------------------- Mon Jun 20 11:09:05 UTC 2016 - i@marguerite.su - add patch cryptopp-gcc6.patch * fix boo#985143 * fix narrowing conversion from unsigned int to int inside {} ------------------------------------------------------------------- Wed Jul 8 08:01:11 UTC 2015 - bwiedemann@suse.com - prevent timing attack to get secret key (bnc#936435, CVE-2015-2141) add libcryptopp-CVE-2015-2141.patch ------------------------------------------------------------------- Fri Aug 15 01:39:59 UTC 2014 - sfalken@opensuse.org - Added 0001-disable_os_rng_test.patch Fixes buildfailure on openSUSE_Factory x86_64 within OBS environment, due to OS supplied Random Number Generator taking too long to respond ------------------------------------------------------------------- Thu Apr 3 13:21:06 UTC 2014 - schwab@suse.de - libcryptopp-m68k.patch: define IS_LITTLE_ENDIAN on m68k ------------------------------------------------------------------- Wed Dec 18 02:40:17 CET 2013 - ro@suse.de - define as big endian on s390/s390x (libcryptopp-s390.patch) ------------------------------------------------------------------- Wed Aug 28 08:29:36 UTC 2013 - dmueller@suse.com - remove noninstallable 32bit -devel baselibs ------------------------------------------------------------------- Fri Mar 1 17:02:43 UTC 2013 - adam@mizerski.pl - update to 5.6.2 - changed license to Boost Software License 1.0 - added SHA-3 (Keccak) - updated DSA to FIPS 186-3 (see DSA2 class) - fixed Blowfish minimum keylength to be 4 bytes (32 bits) - fixed Salsa validation failure when compiling with GCC 4.6 - fixed infinite recursion when on x64, assembly disabled, and no AESNI - ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3, Intel C++ Compiler 13.0 - removed libcryptopp-gcc47.patch - fixed upstream - rebased libcryptopp-shared.patch - added devel-static subpackage - updated license tag ------------------------------------------------------------------- Sun Oct 14 10:58:07 UTC 2012 - adam@mizerski.pl - added baselibs.conf - spec file improved ------------------------------------------------------------------- Sat Mar 17 14:25:26 UTC 2012 - dimstar@opensuse.org - Add libcryptopp-gcc47.patch: Fix build with gcc 4.7. ------------------------------------------------------------------- Sun Feb 5 16:39:49 UTC 2012 - jengelh@medozas.de - Proper shared library versioning ------------------------------------------------------------------- Mon Oct 17 14:33:16 UTC 2011 - jengelh@medozas.de - Remove bogus Conflict against libcrypto++0 (cf. shlib guidelines) ------------------------------------------------------------------- Sat Oct 14 13:37:59 UTC 2011 - toddrme2178@gmail.com - Added pkg-config file from fedora project - Cleaned up spec file formatting ------------------------------------------------------------------- Sun Jul 10 23:43:05 CEST 2011 - meissner@suse.de - add -lpthread for tests ------------------------------------------------------------------- Thu Dec 16 14:40:17 UTC 2010 - andreas.hanke@gmx-topmail.de - Update to version 5.6.1: - added support for AES-NI and CLMUL instruction sets in AES and GMAC/GCM - removed WAKE-CFB - fixed several bugs in the SHA-256 x86/x64 assembly code: * incorrect hash on non-SSE2 x86 machines on non-aligned input * incorrect hash on x86 machines when input crosses 0x80000000 * incorrect hash on x64 when compiled with GCC with optimizations enabled - fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC build configurations - switched to a public domain implementation of MARS - ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010, Intel C++ Compiler 11.1 - renamed the MSVC DLL project to "cryptopp" for compatibility with MSVC 2010 - Changes to library packaging: - update the interface number because there were ABI changes, now matching the Debian package - introduce a conflict with the PackMan package - ship License.txt and Readme.txt - drop the static library ------------------------------------------------------------------- Mon Aug 9 22:29:54 UTC 2010 - pascal.bleser@opensuse.org - initial package (5.6.0)