libcryptopp/libcryptopp.changes

-------------------------------------------------------------------
Thu Jan  4 09:29:41 UTC 2024 - pgajdos@suse.com

- security update
- added patches
  fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS
  https://github.com/weidai11/cryptopp/pull/1255
  + libcryptopp-CVE-2023-50981.patch

-------------------------------------------------------------------
Thu Dec 21 13:48:35 UTC 2023 - pgajdos@suse.com

- version update to 8.9.0
  * Crypto++ 8.9 was released on October 1, 2023. The 8.9 release
    was a minor, unplanned release. There were no CVEs and one
    memory error.

  * The 8.9 release was driven by the fix for `ProcessData`, and
    the failures when `inString==outString`. Also see GH #1231,
    Rabbit Produces null Keystream When inString == outString.

  * Release notes
  * ===========

  * minor release, recompile of programs required
  * expanded community input and support
  * 88 unique contributors as of this release
  * add additional tests to datatest.cpp
  * fix SIMON128 Asan finding on POWER8
  * fix AES/CFB and AES/CTR modes self test failures when using
    Cryptogams AES on ARMv7
  * fix ARIA/CTR mode self test failures when inString==outString
  * fix HIGHT/CTR mode self test failures when
    inString==outString
  * fix Rabbit/CTR mode self test failures when
    inString==outString
  * fix HC128/CTR and HC256/CTR mode self test failures when
    inString==outString
  * fix Prime Table and dangling reference to a temporary
  * fix Singleton::Ref() when using C++11 memory fences
  * remove unneeded call to Crop() in Randomize()
- modified patches
  % libcryptopp-shared.patch (refreshed)
- modified sources
  % baselibs.conf
- added patches
  fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file
  + libcryptopp-CVE-2023-50980.patch

-------------------------------------------------------------------
Sun Jul 16 18:55:10 UTC 2023 - Dirk Müller <dmueller@suse.com>

- update to 8.8.0:
  * minor release, recompile of programs required
  * expanded community input and support
  * 88 unique contributors as of this release
  * fix crash in cryptest.exe when invoked with no options
  * fix crash in library due to GCC removing live code
  * fix RSA with key size 16 may provide an invalid key
  * fix failure to build on 32-bit x86
  * fix failure to build on iPhone Simulator for arm64
  * fix failure to build on Windows arm64
  * test for SSSE3 before using the ISA
  * fix include of  when using MSVC
  * improve performance of CRC32C_Update_SSE42 for x86-64
  * update documentation

-------------------------------------------------------------------
Wed Aug 10 04:17:28 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>

- Enable SSE2 to fix i586 build

-------------------------------------------------------------------
Tue Aug  9 07:18:25 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>

- Update to 8.7.0
- https://cryptopp.com/release870.html
  * fix RSA key generation for small moduli (GH #1136)
  * fix AES-GCM with AESNI but without CLMUL (GH #1132)
  * rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData (GH #1088, GH #1103)
    + restored performance and avoided performance penalty of a temp buffer
  * fix undersized SecBlock buffer in Integer bit operations (GH #1072)
  * work around several GCC 11 & 12 problems

-------------------------------------------------------------------
Sat Sep 25 08:00:47 UTC 2021 - Dave Plater <davejplater@gmail.com>

- Update to 8.6.0
-upstream changes:
  *This release clears CVE-2021-40530 and fixes a problem with
   ChaCha20 AVX2 implementation.
  *The CVE was due to ElGamal encryption using a work estimate to
   size encryption exponents instead subgroup order.
  *The ChaCha20 issue was due to mishandling a carry in the AVX2
   code path. The ChaCha20 issue was difficult to duplicate, so
   most users should not experience it.

-------------------------------------------------------------------
Wed Mar 17 20:03:35 UTC 2021 - Dirk Müller <dmueller@suse.com>

- update to 8.5.0:
  * minor release, no recompile of programs required
  * expanded community input and support
  * 70 unique contributors as of this release
  * port to Apple M1 hardware 

-------------------------------------------------------------------
Sat Jan  2 10:34:52 UTC 2021 - Dave Plater <davejplater@gmail.com>

- Update to version 8.4.0 and remove obsolete patches:
  0001-Fix-TCXXFLAGS-using-openSUSE-standard-flags-GH-865.patch,
  0001-Fix-missing-if-statement.patch and cve-2019-14318.patch
- Upstream changes:
  *fix use of macro CRYPTOPP_ALIGN_DATA
  *fix potential out-of-bounds read in ECDSA
  *fix std::bad_alloc when using ByteQueue in pipeline
  *fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang
  *fix potential out-of-bounds read in GCM mode
  *add configure.sh when preprocessor macros fail
  *fix potential out-of-bounds read in SipHash
  *fix compile error on POWER9 due to vec_xl_be
  *fix K233 curve on POWER8
  *add Cirrus CI testing
  *fix broken encryption for some 64-bit ciphers
  *disable RDRAND and RDSEED for some AMD processors
  *fix BLAKE2 hash calculation using Salt and Personalization
  *add XTS mode
  *fix circular dependency between misc.h and secblock.h
  *add Certificate interface
  *fix recursion in AES::Encryption without AESNI
  *add missing OID for ElGamal encryption
  *fix missing override in KeyDerivationFunction-derived classes
  *fix RDSEED assemble under MSVC
  *fix elliptic curve timing leaks (CVE-2019-14318)
  *add link-library variable to Makefiles
  *fix SIZE_MAX definition in misc.h
  *add GetWord64 and PutWord64 to BufferedTransformation
  *use HKDF in AutoSeededX917RNG::Reseed
  *fix Asan finding in VMAC on i686 in inline asm
  *fix undeclared identifier _mm_roti_epi64 on Gentoo
  *fix ECIES and GetSymmetricKeyLength
  *fix possible divide by zero in PKCS5_PBKDF2_HMAC
  *refine ASN.1 encoders and decoders
  *disable BMI2 code paths in Integer class
  *fix use of CRYPTOPP_CLANG_VERSION
  *add NEON SHA1, SHA256 and SHA512 from Cryptogams
  *add ARM SHA1, SHA256 and SHA512 from Cryptogams
  *fix reference binding to misaligned address in xed25519
  *clear asserts in TestDataNameValuePairs
  *fix SIGILL on POWER8 when compiling with GCC 10
  *fix potential out-of-bounds write in FixedSizeAllocatorWithCleanup
  *revert changes for constant-time elliptic curve algorithms

-------------------------------------------------------------------
Thu Jul  2 11:40:59 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>

- Simplify the baselibs creation
- Do not BR unzip as the tarball is tar.gz
- Generate the pc file with cat not bunch of echos

-------------------------------------------------------------------
Sun Aug 11 12:48:14 UTC 2019 - Dave Plater <davejplater@gmail.com>

- Added cve-2019-14318.patch which fixes (1)leak in ECDSA nonce
  length; and (2) leak in prime fields (ECP class).
- See boo#1145187
- Disabled LTO for i586 to fix build failure.

-------------------------------------------------------------------
Sat Jul 20 09:34:46 UTC 2019 - Dave Plater <davejplater@gmail.com>

- Update to major version 8.2.0
- Filter out -flto= flag for arm7 see cryptopp issue#865
- Remove 0001-disable_os_rng_test.patch which is no longer needed.
- Rebase libcryptopp-shared.patch
- Added patchs from git which is indicated in cryptopp issue#865:
  0001-Fix-TCXXFLAGS-using-openSUSE-standard-flags-GH-865.patch
  and 0001-Fix-missing-if-statement.patch.
  Upstream changes since 7.0.0:
  *use PowerPC unaligned loads and stores with Power8
  *add SKIPJACK test vectors
  *fix SHAKE-128 and SHAKE-256 compile
  *removed IS_NEON from Makefile
  *fix Aarch64 build on Fedora 29
  *fix missing GF2NT_233_Multiply_Reduce_CLMUL in FIPS DLL
  *add missing BLAKE2 constructors
  *fix missing BlockSize() in BLAKE2 classes
  *add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE
  *add carryless multiplies for NIST b233 and k233 curves
  *fix OpenMP build due to use of OpenMP 4 with down-level compilers
  *add SignStream and VerifyStream for ed25519 and large files
  *fix missing AlgorithmProvider in PanamaHash
  *add SHAKE-128 and SHAKE-256
  *fix AVX2 build due to _mm256_broadcastsi128_si256
  *add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305
  *add x25519 key exchange and ed25519 signature scheme
  *add limited Asymmetric Key Package support from RFC 5958
  *add Power9 DARN random number generator support
  *add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck
  *fix FixedSizeAllocatorWithCleanup may be unaligned on some
   platforms
  *cutover to GNU Make-based cpu feature tests
  *rename files with dashes to underscores
  *fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC
  *avoid Singleton<T> when possible, avoid std::call_once completely
  *fix SPARC alignment problems due to GetAlignmentOf<T>() on word64
  *add ARM AES asm implementation from Cryptogams
  *remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support

-------------------------------------------------------------------
Sat Nov 17 14:27:33 UTC 2018 - Adam Mizerski <adam@mizerski.pl>

- update to v7.0.0
  * changelog available at https://cryptopp.com/release700.html
    and in packaged Readme.txt
- Refreshed patches
  * 0001-disable_os_rng_test.patch
  * libcryptopp-shared.patch
- Dropped patch reproducible.patch - merged upstream

-------------------------------------------------------------------
Sat May 20 19:45:06 UTC 2017 - bwiedemann@suse.com

- Add reproducible.patch to sort input files to make build fully reproducible

-------------------------------------------------------------------
Fri Mar  3 05:58:37 UTC 2017 - davejplater@gmail.com

- Added patch field to soname due to library not following proper
  API/ABI versioning to fix boo#1027192.
- Removed crypto.pc and generate it in the spec file to ensure
  proper version and directories.
- Changed libcryptopp-shared.patch.
- Renamed library package and obsoleted old name.
- added precheckin_baselibs.sh and updated baselibs.conf

-------------------------------------------------------------------
Thu Feb 23 23:16:02 UTC 2017 - adam@mizerski.pl

- update to 5.6.5
  * Rebase libcryptopp-shared.patch
  * Rebase 0001-disable_os_rng_test.patch
- enable openmp usage

-------------------------------------------------------------------
Thu Feb  2 02:03:34 UTC 2017 - jengelh@inai.de

- Add obsoletes tag for dropped static lib

-------------------------------------------------------------------
Sat Jan 28 20:58:04 UTC 2017 - jengelh@inai.de

- Remove libcryptoo-devel-static, this seems unused in Factory.

-------------------------------------------------------------------
Sat Jan 28 09:32:22 UTC 2017 - jengelh@inai.de

- Update descriptions

-------------------------------------------------------------------
Mon Sep 12 08:50:44 UTC 2016 - bwiedemann@suse.com

- Update to 5.6.4
  * Use proper openSUSE-style library naming
  * Drop upstream libcryptopp-s390.patch
  * Drop upstream libcryptopp-m68k.patch
  * Drop upstream libcryptopp-CVE-2015-2141.patch
  * Drop upstream cryptopp-gcc6.patch
  * Rebase libcryptopp-shared.patch
  * Rebase 0001-disable_os_rng_test.patch

-------------------------------------------------------------------
Mon Jun 20 11:09:05 UTC 2016 - i@marguerite.su

- add patch cryptopp-gcc6.patch
  * fix boo#985143
  * fix narrowing conversion from unsigned int to int inside {}

-------------------------------------------------------------------
Wed Jul  8 08:01:11 UTC 2015 - bwiedemann@suse.com

- prevent timing attack to get secret key (bnc#936435, CVE-2015-2141)
  add libcryptopp-CVE-2015-2141.patch

-------------------------------------------------------------------
Fri Aug 15 01:39:59 UTC 2014 - sfalken@opensuse.org

- Added 0001-disable_os_rng_test.patch
  Fixes buildfailure on openSUSE_Factory x86_64 within OBS environment,
  due to OS supplied Random Number Generator taking too long to respond 

-------------------------------------------------------------------
Thu Apr  3 13:21:06 UTC 2014 - schwab@suse.de

- libcryptopp-m68k.patch: define IS_LITTLE_ENDIAN on m68k

-------------------------------------------------------------------
Wed Dec 18 02:40:17 CET 2013 - ro@suse.de

- define as big endian on s390/s390x (libcryptopp-s390.patch)

-------------------------------------------------------------------
Wed Aug 28 08:29:36 UTC 2013 - dmueller@suse.com

- remove noninstallable 32bit -devel baselibs 

-------------------------------------------------------------------
Fri Mar  1 17:02:43 UTC 2013 - adam@mizerski.pl

- update to 5.6.2
  - changed license to Boost Software License 1.0
  - added SHA-3 (Keccak)
  - updated DSA to FIPS 186-3 (see DSA2 class)
  - fixed Blowfish minimum keylength to be 4 bytes (32 bits)
  - fixed Salsa validation failure when compiling with GCC 4.6
  - fixed infinite recursion when on x64, assembly disabled, and
    no AESNI
  - ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3,
    Intel C++ Compiler 13.0
- removed libcryptopp-gcc47.patch - fixed upstream
- rebased libcryptopp-shared.patch
- added devel-static subpackage
- updated license tag

-------------------------------------------------------------------
Sun Oct 14 10:58:07 UTC 2012 - adam@mizerski.pl

- added baselibs.conf
- spec file improved

-------------------------------------------------------------------
Sat Mar 17 14:25:26 UTC 2012 - dimstar@opensuse.org

- Add libcryptopp-gcc47.patch: Fix build with gcc 4.7.

-------------------------------------------------------------------
Sun Feb  5 16:39:49 UTC 2012 - jengelh@medozas.de

- Proper shared library versioning

-------------------------------------------------------------------
Mon Oct 17 14:33:16 UTC 2011 - jengelh@medozas.de

- Remove bogus Conflict against libcrypto++0 (cf. shlib guidelines)

-------------------------------------------------------------------
Sat Oct 14 13:37:59 UTC 2011 - toddrme2178@gmail.com

- Added pkg-config file from fedora project
- Cleaned up spec file formatting

-------------------------------------------------------------------
Sun Jul 10 23:43:05 CEST 2011 - meissner@suse.de

- add -lpthread for tests

-------------------------------------------------------------------
Thu Dec 16 14:40:17 UTC 2010 - andreas.hanke@gmx-topmail.de

- Update to version 5.6.1:
  - added support for AES-NI and CLMUL instruction sets in AES and
    GMAC/GCM
  - removed WAKE-CFB
  - fixed several bugs in the SHA-256 x86/x64 assembly code:
    * incorrect hash on non-SSE2 x86 machines on non-aligned input
    * incorrect hash on x86 machines when input crosses 0x80000000
    * incorrect hash on x64 when compiled with GCC with optimizations
      enabled
  - fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC
    build configurations
  - switched to a public domain implementation of MARS
  - ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010,
    Intel C++ Compiler 11.1
  - renamed the MSVC DLL project to "cryptopp" for compatibility with
    MSVC 2010
- Changes to library packaging:
  - update the interface number because there were ABI changes, now
    matching the Debian package
  - introduce a conflict with the PackMan package
  - ship License.txt and Readme.txt
  - drop the static library

-------------------------------------------------------------------
Mon Aug  9 22:29:54 UTC 2010 - pascal.bleser@opensuse.org

- initial package (5.6.0)