Accepting request 531133 from home:dmolkentin:branches:devel:libraries:c_c++
- Update to 1.10.17
- Address a side channel affecting modular exponentiation. An attacker
capable of a local or cross-VM cache analysis attack may be able to recover
bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
(GH #1192 #1148 #882, bsc#1060433)
- Add SecureVector::data() function which returns the start of the buffer.
This makes it slightly simpler to support both 1.10 and 2.x APIs in the
same codebase. When compiled by a C++11 (or later) compiler, a template
typedef of SecureVector, secure_vector, is added. In 2.x this class is a
std::vector with a custom allocator, so has a somewhat different interface
than SecureVector in 1.10. But this makes it slightly simpler to support
both 1.10 and 2.x APIs in the same codebase.
- Fix a bug that prevented configure.py from running under Python3
- Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
#error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
1.1 or later. (GH #753)
- Import patches from Debian adding basic support for
building on aarch64, ppc64le, or1k, and mipsn32 platforms.
* obsoletes CVE-2017-14737.patch
* refreshes aarch64-support.patch
* drop ppc64le-support.patch for upstream version
(disables altivec support as per concerns by upstream)
- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
implementation allows local attacker to recover information about RSA secret
keys.
* add CVE-2017-14737.patch
OBS-URL: https://build.opensuse.org/request/show/531133
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=71
2017-10-04 14:14:40 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 4 07:49:54 UTC 2017 - daniel.molkentin@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.17
|
|
|
|
|
- Address a side channel affecting modular exponentiation. An attacker
|
|
|
|
|
capable of a local or cross-VM cache analysis attack may be able to recover
|
|
|
|
|
bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
|
|
|
|
|
a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
|
|
|
|
|
(GH #1192 #1148 #882, bsc#1060433)
|
|
|
|
|
- Add SecureVector::data() function which returns the start of the buffer.
|
|
|
|
|
This makes it slightly simpler to support both 1.10 and 2.x APIs in the
|
|
|
|
|
same codebase. When compiled by a C++11 (or later) compiler, a template
|
|
|
|
|
typedef of SecureVector, secure_vector, is added. In 2.x this class is a
|
|
|
|
|
std::vector with a custom allocator, so has a somewhat different interface
|
|
|
|
|
than SecureVector in 1.10. But this makes it slightly simpler to support
|
|
|
|
|
both 1.10 and 2.x APIs in the same codebase.
|
|
|
|
|
- Fix a bug that prevented configure.py from running under Python3
|
|
|
|
|
- Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
|
|
|
|
|
#error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
|
|
|
|
|
1.1 or later. (GH #753)
|
|
|
|
|
- Import patches from Debian adding basic support for
|
|
|
|
|
building on aarch64, ppc64le, or1k, and mipsn32 platforms.
|
|
|
|
|
|
|
|
|
|
* obsoletes CVE-2017-14737.patch
|
|
|
|
|
|
|
|
|
|
* refreshes aarch64-support.patch
|
|
|
|
|
|
|
|
|
|
* drop ppc64le-support.patch for upstream version
|
|
|
|
|
(disables altivec support as per concerns by upstream)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 26 13:03:46 UTC 2017 - daniel.molkentin@suse.com
|
|
|
|
|
|
|
|
|
|
- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
|
|
|
|
|
implementation allows local attacker to recover information about RSA secret
|
|
|
|
|
keys.
|
|
|
|
|
* add CVE-2017-14737.patch
|
|
|
|
|
|
2017-09-25 11:11:45 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 21 09:48:17 UTC 2017 - vcizek@suse.com
|
|
|
|
|
|
|
|
|
|
- Explicitly require libopenssl-1_0_0-devel (bsc#1055322)
|
|
|
|
|
* Botan 1.x won't support OpenSSL 1.1
|
|
|
|
|
(https://github.com/randombit/botan/issues/753)
|
|
|
|
|
|
2017-04-12 17:18:32 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 12 14:52:45 UTC 2017 - daniel.molkentin@suse.com
|
|
|
|
|
|
|
|
|
|
- Add patch to build SLES11 (allows for simplified backporting, e.g. bsc#968030)
|
2017-04-12 17:37:33 +02:00
|
|
|
|
* add no-cpuid-header.patch
|
2017-04-12 17:18:32 +02:00
|
|
|
|
- Clean up spec file
|
|
|
|
|
|
2017-04-12 16:18:22 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 11 11:57:53 UTC 2017 - daniel.molkentin@suse.com
|
|
|
|
|
|
2017-04-13 16:11:35 +02:00
|
|
|
|
- Update to 1.10.16 (Fixes CVE-2017-2801, bsc#1033605)
|
2017-04-12 16:18:22 +02:00
|
|
|
|
* Fix a bug in X509 DN string comparisons that could result in out of bound
|
|
|
|
|
reads. This could result in information leakage, denial of service, or
|
|
|
|
|
potentially incorrect certificate validation results. (CVE-2017-2801)
|
|
|
|
|
* Avoid use of C++11 std::to_string in some code added in 1.10.14 (GH #747 #834)
|
|
|
|
|
- Changes from 1.10.15:
|
|
|
|
|
* Change an unintended behavior of 2.0.0, which named the include directory
|
|
|
|
|
botan-2.0. Since future release of Botan-2 should be compatible with code
|
|
|
|
|
written against old versions, there does not seem to be any reason to
|
|
|
|
|
* version the include directory with the minor number. (GH #830 #833)
|
|
|
|
|
* Fix a bug which caused an error when building on Cygwin or other platforms
|
|
|
|
|
where shared libraries are not supported. (GH #821)
|
|
|
|
|
* Enable use of readdir on Cygwin, which allows the tests to run (GH #824)
|
|
|
|
|
* Switch to readthedocs Sphinx theme by default (GH #822 #823)
|
|
|
|
|
|
2016-12-28 13:34:03 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 28 12:02:11 CET 2016 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.14
|
|
|
|
|
* Fix integer overflow during BER decoding, found by Falko Strenzke.
|
|
|
|
|
This bug is not thought to be directly exploitable but upgrading ASAP
|
|
|
|
|
is advised. (CVE-2016-9132)
|
|
|
|
|
* Fix two cases where (in error situations) an exception would be
|
|
|
|
|
thrown from a destructor, causing a call to std::terminate.
|
|
|
|
|
* When RC4 is disabled in the build, also prevent it from being
|
|
|
|
|
included in the OpenSSL provider. (GH #638)
|
|
|
|
|
|
2016-05-13 11:33:07 +02:00
|
|
|
|
-------------------------------------------------------------------
|
2016-11-15 10:07:39 +01:00
|
|
|
|
Sun Nov 13 01:32:18 UTC 2016 - netsroth@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.13
|
2016-12-28 13:34:03 +01:00
|
|
|
|
* Use constant time modular inverse algorithm to avoid possible side
|
|
|
|
|
channel attack against ECDSA (CVE-2016-2849)
|
|
|
|
|
* Use constant time PKCS #1 unpadding to avoid possible side channel
|
|
|
|
|
attack against RSA decryption (CVE-2015-7827)
|
|
|
|
|
* Avoid a compilation problem in OpenSSL engine when ECDSA was
|
|
|
|
|
disabled. Gentoo bug 542010
|
2016-11-15 10:07:39 +01:00
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2016-05-13 11:33:07 +02:00
|
|
|
|
Fri May 13 07:31:21 UTC 2016 - faure@kde.org
|
|
|
|
|
|
|
|
|
|
- Remove Qt5 dependency, since nothing is using it anymore.
|
|
|
|
|
- Fix double-prefix in botan-config and pkgconfig file.
|
|
|
|
|
|
2016-02-03 13:16:12 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 3 10:52:19 UTC 2016 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.12
|
|
|
|
|
|
|
|
|
|
- Version 1.10.12, 2016-02-03
|
|
|
|
|
* In 1.10.11, the check in PointGFp intended to check the affine y
|
|
|
|
|
argument actually checked the affine x again. Reported by Remi Gacogne
|
|
|
|
|
* The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an
|
|
|
|
|
additional check in the multiplication function itself which was also
|
|
|
|
|
added in that release, so there are no security implications from the
|
|
|
|
|
missed check. However to avoid confusion the change was pushed in a new
|
|
|
|
|
release immediately.
|
|
|
|
|
* The 1.10.11 release notes incorrectly identified CVE-2016-2195 as
|
|
|
|
|
CVE-2016-2915
|
|
|
|
|
- Version 1.10.11, 2016-02-01
|
|
|
|
|
* Resolve heap overflow in ECC point decoding. CVE-2016-2195
|
|
|
|
|
Resolve infinite loop in modular square root algorithm. CVE-2016-2194
|
|
|
|
|
Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239
|
|
|
|
|
|
2015-12-24 14:34:07 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 24 10:48:11 UTC 2015 - mpluskal@suse.com
|
|
|
|
|
|
|
|
|
|
- Add gpg signature
|
|
|
|
|
- Cleanup spec file with spec-cleaner
|
|
|
|
|
|
2015-08-14 10:58:15 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 14 08:54:09 UTC 2015 - mvyskocil@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Fix Source0 URL
|
|
|
|
|
|
2015-08-14 07:57:04 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 11 22:49:31 UTC 2015 - netsroth@opensuse.org
|
|
|
|
|
|
|
|
|
|
- bump SONAME to libbotan-1_10-1
|
|
|
|
|
- Update to 1.10.10
|
|
|
|
|
* SECURITY: The BER decoder would crash due to reading from offset 0
|
|
|
|
|
of an empty vector if it encountered a BIT STRING which did not
|
|
|
|
|
contain any data at all. As the type requires a 1 byte field this
|
|
|
|
|
is not valid BER but could occur in malformed data. Found with
|
|
|
|
|
afl. CVE-2015-5726
|
|
|
|
|
* SECURITY: The BER decoder would allocate a fairly arbitrary amount
|
|
|
|
|
of memory in a length field, even if there was no chance the read
|
|
|
|
|
request would succeed. This might cause the process to run out of
|
|
|
|
|
memory or invoke the OOM killer. Found with afl. CVE-2015-5727
|
|
|
|
|
* Due to an ABI incompatible (though not API incompatible) change in
|
|
|
|
|
this release, the version number of the shared object has been
|
|
|
|
|
increased.
|
|
|
|
|
* The default TLS policy no longer allows RC4.
|
|
|
|
|
* Fix a signed integer overflow in Blue Midnight Wish that may cause
|
|
|
|
|
incorrect computations or undefined behavior.
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.9
|
|
|
|
|
* Fixed EAX tag verification to run in constant time
|
|
|
|
|
* The default TLS policy now disables SSLv3.
|
|
|
|
|
* A crash could occur when reading from a blocking random device if
|
|
|
|
|
the device initially indicated that entropy was available but a
|
|
|
|
|
concurrent process drained the entropy pool before the read was
|
|
|
|
|
initiated.
|
|
|
|
|
* Fix decoding indefinite length BER constructs that contain a
|
|
|
|
|
context sensitive tag of zero. Github pull 26 from Janusz Chorko.
|
|
|
|
|
* The botan-config script previously tried to guess its prefix from
|
|
|
|
|
the location of the binary. However this was error prone, and now
|
|
|
|
|
the script assumes the final installation prefix matches the value
|
|
|
|
|
set during the build. Github issue 29.
|
|
|
|
|
|
2015-06-26 16:21:06 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 24 16:19:12 UTC 2015 - liujianfeng1994@gmail.com
|
|
|
|
|
|
|
|
|
|
- Change build dependence "libqt4-devel" to "libqt5-qtbase-devel".
|
|
|
|
|
|
2014-05-10 23:01:59 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 8 18:00:00 CET 2014 - tbehrens@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.8
|
|
|
|
|
* Fix a bug in primality testing introduced in 1.8.3 which caused
|
|
|
|
|
only a single random base, rather than a sequence of random bases,
|
|
|
|
|
to be used in the Miller-Rabin test. This increased the
|
|
|
|
|
probability that a non-prime would be accepted, for instance a
|
|
|
|
|
1024 bit number would be incorrectly classed as prime with
|
|
|
|
|
probability around 2^-40. Reported by Jeff Marrison.
|
|
|
|
|
* The key length limit on HMAC has been raised to 512 bytes,
|
|
|
|
|
allowing the use of very long passphrases with PBKDF2.
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.7
|
|
|
|
|
* OAEP had two bugs, one of which allowed it to be used even if the
|
|
|
|
|
key was too small, and the other of which would cause a crash
|
|
|
|
|
during decryption if the EME data was too large for the associated
|
|
|
|
|
key.
|
|
|
|
|
|
2014-03-03 14:59:48 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 3 13:57:13 CET 2014 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- change license to BSD-2-Clause as requested by legal
|
|
|
|
|
|
2013-11-12 10:09:16 +01:00
|
|
|
|
-------------------------------------------------------------------
|
2013-12-09 10:36:17 +01:00
|
|
|
|
Sun Dec 8 23:46:27 UTC 2013 - dvaleev@suse.com
|
|
|
|
|
|
|
|
|
|
- Add ppc64le architecture
|
|
|
|
|
|
|
|
|
|
- added patches:
|
|
|
|
|
* ppc64le-support.patch
|
|
|
|
|
-------------------------------------------------------------------
|
2013-11-12 10:09:16 +01:00
|
|
|
|
Mon Nov 11 20:11:43 UTC 2013 - tbehrens@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.6
|
|
|
|
|
* The device reading entropy source now attempts to read from all
|
|
|
|
|
available devices. Previously it would break out early if a
|
|
|
|
|
partial read from a blocking source occured, not continuing to
|
|
|
|
|
read from a non-blocking device. This would cause the library to
|
|
|
|
|
fall back on slower and less reliable techniques for collecting
|
|
|
|
|
PRNG seed material. Reported by Rickard Bellgrim.
|
|
|
|
|
* HMAC_RNG (the default PRNG implementation) now automatically
|
|
|
|
|
reseeds itself periodically. Previously reseeds only occured on
|
|
|
|
|
explicit application request.
|
|
|
|
|
* Fix an encoding error in EC_Group when encoding using
|
|
|
|
|
EC_DOMPAR_ENC_OID. Reported by fxdupont on github.
|
|
|
|
|
* In EMSA2 and Randpool, avoid calling name() on objects after
|
|
|
|
|
deleting them if the provided algorithm objects are not suitable
|
|
|
|
|
for use. Found by Clang analyzer, reported by Jeffrey Walton.
|
|
|
|
|
* If X509_Store was copied, the u32bit containing how long to cache
|
|
|
|
|
validation results was not initialized, potentially causing
|
|
|
|
|
results to be cached for significant amounts of time. This could
|
|
|
|
|
allow a certificate to be considered valid after its issuing CA’s
|
|
|
|
|
cert expired. Expiration of the end-entity cert is always checked,
|
|
|
|
|
and reading a CRL always causes the status to be reset, so this
|
|
|
|
|
issue does not affect revocation. Found by Coverity scanner.
|
|
|
|
|
* Avoid off by one causing a potentially unterminated string to be
|
|
|
|
|
passed to the connect system call if the library was configured to
|
|
|
|
|
use a very long path name for the EGD socket. Found by Coverity
|
|
|
|
|
Scanner.
|
|
|
|
|
* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and
|
|
|
|
|
PK_Key_Agreement, avoid dereferencing an unitialized pointer if no
|
|
|
|
|
engine supported operations on the key object given. Found by
|
|
|
|
|
Coverity scanner.
|
|
|
|
|
* Avoid leaking a file descriptor in the /dev/random and EGD entropy
|
|
|
|
|
sources if stdin (file descriptor 0) was closed. Found by Coverity
|
|
|
|
|
scanner.
|
|
|
|
|
* Avoid a potentially undefined operation in the bit rotation
|
|
|
|
|
operations. Not known to have caused problems under any existing
|
|
|
|
|
compiler, but might have caused problems in the future. Caught by
|
|
|
|
|
Clang sanitizer, reported by Jeffrey Walton.
|
|
|
|
|
* Increase default hash iterations from 10000 to 50000 in PBES1 and
|
|
|
|
|
PBES2
|
|
|
|
|
* Add a fix for mips64el builds from Brad Smith.
|
|
|
|
|
|
2013-03-18 15:19:03 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Mar 16 13:44:43 UTC 2013 - cgiboudeaux@gmx.com
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.5
|
|
|
|
|
* A potential crash in the AES-NI implementation of the AES-192 key schedule
|
|
|
|
|
(caused by misaligned loads) has been fixed.
|
|
|
|
|
* A previously conditional operation in Montgomery multiplication and
|
|
|
|
|
squaring is now always performed, removing a possible timing channel.
|
|
|
|
|
|
2013-03-11 17:01:35 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Mar 10 21:35:25 UTC 2013 - schwab@suse.de
|
|
|
|
|
|
|
|
|
|
- aarch64-support.patch: add support for aarch64
|
|
|
|
|
|
2012-08-16 13:36:27 +02:00
|
|
|
|
-------------------------------------------------------------------
|
2012-09-15 08:55:58 +02:00
|
|
|
|
Fri Sep 14 20:08:15 UTC 2012 - p.drouand@gmail.com
|
|
|
|
|
|
|
|
|
|
- update to 1.10.3:
|
|
|
|
|
* A change in 1.10.2 accidentally broke ABI compatibility with
|
|
|
|
|
1.10.1 and earlier versions, causing programs compiled against
|
|
|
|
|
1.10.1 to crash if linked with 1.10.2 at runtime.
|
|
|
|
|
* Recent versions of OpenSSL include extra information in ECC
|
|
|
|
|
private keys, the presence of which caused an exception when such
|
|
|
|
|
a key was loaded by botan. The decoding of ECC private keys has been
|
|
|
|
|
changed to ignore these fields if they are set.
|
|
|
|
|
- remove Botan-qt_thread_support.patch no needed anymore
|
|
|
|
|
-------------------------------------------------------------------
|
2012-08-16 13:36:27 +02:00
|
|
|
|
Thu Aug 16 09:06:44 UTC 2012 - dmueller@suse.com
|
|
|
|
|
|
|
|
|
|
- don't fiddle with march settings, we want the distro defaults
|
|
|
|
|
(fixes build on ARM)
|
|
|
|
|
|
2012-02-07 09:04:15 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 7 08:04:05 UTC 2012 - coolo@suse.com
|
|
|
|
|
|
|
|
|
|
- little spec cleanup
|
|
|
|
|
|
2011-09-16 23:19:04 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Sep 16 17:36:04 UTC 2011 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
- Implement baselibs.conf for package
|
|
|
|
|
- Remove obsolete/redundant tags
|
|
|
|
|
|
2011-07-04 17:14:52 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 4 17:14:21 CEST 2011 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Make package own its docdir.
|
|
|
|
|
|
2011-06-23 15:42:03 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 23 14:43:48 CEST 2011 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
- rename the devel package back to libbotan-devel as the main
|
|
|
|
|
package allows to build only one -devel package
|
|
|
|
|
|
2011-06-22 16:10:57 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 22 16:10:32 CEST 2011 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Fix Requires for devel package.
|
|
|
|
|
|
- Devel package now is versioned so multiple devel packages may
be installed in parallel.
- Devel package renamed back to Botan-devel to keep rpmlint from
thinking it is a library package ...
- Update to 1.10.0:
New Features:
* SSL (SSLv3, TLS 1.0, and TLS 1.1 are currently supported)
* GOST 34.10-2001 signature scheme (a Russian ECC signature standard
analogous to ECDSA)
* The SHA-3 candidates Keccak and Blue Midnight Wish
* Bcrypt password hashing
* XSalsa20
* AES key wrapping
* Comb4P hash combinator.
Other Changes:
* The block cipher interface now exposes any possible parallelism
available to the implementation, and XTS, CTR, and CBC modes have been
changed to use them.
* SIMD implementations of Serpent, XTEA, Noekeon, and IDEA have been
added, as has an implementation of AES using SSSE3 which runs both in
constant time and, on recent processors, significantly faster than the
usual table based implementation. There have also been numerous
optimizations to elliptic curves.
* The documentation, previously written in LaTeX, is now in
reStructuredText, which is converted into HTML with Sphinx. This new
format is significantly easier to write, encouraging more documentation
to be written and updated. And, indeed, a number of features never
before documented are now described in the manual.
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=18
2011-06-22 16:07:02 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 21 16:53:15 CEST 2011 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Devel package now is versioned so multiple devel packages may
|
|
|
|
|
be installed in parallel.
|
|
|
|
|
- Devel package renamed back to Botan-devel to keep rpmlint from
|
|
|
|
|
thinking it is a library package ...
|
|
|
|
|
|
|
|
|
|
- Update to 1.10.0:
|
|
|
|
|
New Features:
|
|
|
|
|
* SSL (SSLv3, TLS 1.0, and TLS 1.1 are currently supported)
|
|
|
|
|
* GOST 34.10-2001 signature scheme (a Russian ECC signature standard
|
|
|
|
|
analogous to ECDSA)
|
|
|
|
|
* The SHA-3 candidates Keccak and Blue Midnight Wish
|
|
|
|
|
* Bcrypt password hashing
|
|
|
|
|
* XSalsa20
|
|
|
|
|
* AES key wrapping
|
|
|
|
|
* Comb4P hash combinator.
|
|
|
|
|
|
|
|
|
|
Other Changes:
|
|
|
|
|
* The block cipher interface now exposes any possible parallelism
|
|
|
|
|
available to the implementation, and XTS, CTR, and CBC modes have been
|
|
|
|
|
changed to use them.
|
|
|
|
|
|
|
|
|
|
* SIMD implementations of Serpent, XTEA, Noekeon, and IDEA have been
|
|
|
|
|
added, as has an implementation of AES using SSSE3 which runs both in
|
|
|
|
|
constant time and, on recent processors, significantly faster than the
|
|
|
|
|
usual table based implementation. There have also been numerous
|
|
|
|
|
optimizations to elliptic curves.
|
|
|
|
|
|
|
|
|
|
* The documentation, previously written in LaTeX, is now in
|
|
|
|
|
reStructuredText, which is converted into HTML with Sphinx. This new
|
|
|
|
|
format is significantly easier to write, encouraging more documentation
|
|
|
|
|
to be written and updated. And, indeed, a number of features never
|
|
|
|
|
before documented are now described in the manual.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 1 16:38:40 CEST 2010 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Prefix last patch with Botan-.
|
|
|
|
|
- Enable building of the qt_mutex module. This means that from now
|
|
|
|
|
on libbotan requires libQtCore.
|
|
|
|
|
- Fix test for thread/mutex support to also work for Qt4.
|
|
|
|
|
|
|
|
|
|
- Update to 1.8.10:
|
|
|
|
|
|
|
|
|
|
* This release changes a number of aspects of how private keys are
|
|
|
|
|
encrypted. The default encryption algorithm has changed from 3DES
|
|
|
|
|
to AES-256
|
|
|
|
|
|
|
|
|
|
* The default iteration count for PBES1 and PBES2 encryption schemes
|
|
|
|
|
(which are used primarily to encrypt asymmetric keys like RSA or
|
|
|
|
|
DSA) has increased from 2048 to 10000, which should make brute
|
|
|
|
|
force key cracking substantially harder.
|
|
|
|
|
|
|
|
|
|
* The first round of AES now uses a smaller set of lookup tables;
|
|
|
|
|
this only reduces performance slightly but some timing and cache
|
|
|
|
|
analysis attacks against AES are substantially harder when AES is
|
|
|
|
|
implemented this way.
|
|
|
|
|
|
|
|
|
|
* The class known as S2K was renamed PBKDF in 1.9, with a typedef
|
|
|
|
|
for backwards compatibility. For providing an equivalent forward
|
|
|
|
|
compatibility path, 1.8.10 includes a typedef for PBKDF and a new
|
|
|
|
|
accessor function get_pbkdf. It also includes a new interface for
|
|
|
|
|
deriving keys with a passphrase which takes both the passphrase
|
|
|
|
|
and desired output length as well as the salt and iteration
|
|
|
|
|
count; in many cases this call is actually significantly more
|
|
|
|
|
convenient than the older API.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 31 09:22:59 UTC 2010 - aj@suse.de
|
|
|
|
|
|
|
|
|
|
- Do not include build time and host in package to not trigger rebuilds.
|
|
|
|
|
- Add pkg-config build requires as suggested by rpmlint.
|
|
|
|
|
|
2010-08-31 14:17:29 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 10 01:01:48 CET 2010 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- add patch from fedora to fix build on x86_64
|
|
|
|
|
(botan-1.8.8-binutils_lea_offset.patch)
|
|
|
|
|
|
2010-01-14 16:37:41 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Jan 10 04:27:38 CET 2010 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
- run configure with --cpu=%_target to have correct bitness
|
|
|
|
|
selected for SPARC
|
|
|
|
|
|
2009-12-21 00:37:40 +01:00
|
|
|
|
-------------------------------------------------------------------
|
2009-12-21 23:35:45 +01:00
|
|
|
|
Mon Dec 21 17:34:49 UTC 2009 - coolo@novell.com
|
|
|
|
|
|
|
|
|
|
- do not patch arch specific Makefiles, but simply pass WARN_FLAGS
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2009-12-21 00:37:40 +01:00
|
|
|
|
Mon Dec 21 00:32:43 CET 2009 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- fix requires for devel package
|
|
|
|
|
|
2009-12-16 16:54:21 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 16 13:13:16 CET 2009 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Remove patches that aren't needed anymore.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Dec 11 19:43:25 CET 2009 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to Botan-1.8.8:
|
|
|
|
|
- Alter Skein-512 to match the tweaked 1.2 specification
|
|
|
|
|
- Fix use of inline asm for access to x86 bswap function
|
|
|
|
|
- Allow building the library without AES enabled
|
|
|
|
|
- For the complete changes since 1.6.4 see log.txt in
|
|
|
|
|
/usr/share/doc/packages/Botan.
|
|
|
|
|
|
2008-04-08 22:30:09 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 7 13:20:18 CEST 2008 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- No macros for package name.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 3 18:39:38 CEST 2008 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to 1.6.4. While the included fix is uninteresting for
|
|
|
|
|
Linux, it makes it easier to rename the package once again to
|
|
|
|
|
its old name:
|
|
|
|
|
* Fix a compilation problem with Visual Studio C++ 2003
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 3 01:56:12 CEST 2007 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
- update to 1.6.3:
|
|
|
|
|
* fixes various multithreading issues
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 21 01:02:20 CEST 2007 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
- update to 1.6.2:
|
|
|
|
|
* Remove a call to abort() that crept into production
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 23 18:41:19 CEST 2007 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
- fix -devel package requires
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Mar 24 12:19:13 CET 2007 - aj@suse.de
|
|
|
|
|
|
|
|
|
|
- Add libbz2-devel to BuildRequires.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Mar 9 18:46:03 CET 2007 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to 1.6.1. Changes since 1.4.10:
|
|
|
|
|
|
|
|
|
|
* Compilation fixes for the bzip2, zlib, and GNU MP modules
|
|
|
|
|
* Better support for Intel C++ and EKOpath C++ on x86-64
|
|
|
|
|
* Cleanups in the initialization routines
|
|
|
|
|
* Add some x86-64 assembly for multiply-add
|
|
|
|
|
* Fix problems generating very small (below 384 bit) RSA keys
|
|
|
|
|
* More improvements to the Python bindings
|
|
|
|
|
* Removed the Algorithm base class
|
|
|
|
|
* Various cleanups in the public key inheritance hierarchy
|
|
|
|
|
* Added x86 assembler implementations of Serpent and low-level MPI code
|
|
|
|
|
* Optimizations for the SHA-1 x86 assembler
|
|
|
|
|
* Various improvements to the Python wrappers
|
|
|
|
|
* Add x86 assembler versions of MD4, MD5, and SHA-1
|
|
|
|
|
* Expand InitializerOptions' language to support on/off switches
|
|
|
|
|
* Fix possible resource leaks in the mmap allocator
|
|
|
|
|
* Slightly optimized buffering in MDx_HashFunction
|
|
|
|
|
* Initialization failures are dealt with somewhat better
|
|
|
|
|
* Add an example implementing Pollard's Rho algorithm
|
|
|
|
|
* Expand the xor_ciph example to support longer keys
|
|
|
|
|
* Fixed bitrot in the AEP engine
|
|
|
|
|
* Fix support for marking certificate/CRL extensions as critical
|
|
|
|
|
* Significant cleanups in the library state / initialization code
|
|
|
|
|
* LibraryInitializer takes an explicit InitializerOptions object
|
|
|
|
|
* Make Mutex_Factory an abstract class, add Default_Mutex_Factory
|
|
|
|
|
* Change configuration access to using global_state()
|
|
|
|
|
* Add support for global named mutexes throughout the library
|
|
|
|
|
* Add some STL wrappers for the delete operator
|
|
|
|
|
* Change how certificates are created to be more flexible and general
|
|
|
|
|
* Many internal cleanups to the X.509 cert/CRL code
|
|
|
|
|
* Allow for application code to support new X.509 extensions
|
|
|
|
|
* Change the return type of X509_Certificate::{subject,issuer}_info
|
|
|
|
|
* Allow for alternate character set handling mechanisms
|
|
|
|
|
* Fix a bug that was slowing squaring performance somewhat
|
|
|
|
|
* Fix a very hard to hit overflow bug in the C version of word3_muladd
|
|
|
|
|
* Minor cleanups to the assembler modules
|
|
|
|
|
* Further, major changes to the BER/DER coding system
|
|
|
|
|
* Updated the Qt mutex module to use Mutex_Factory
|
|
|
|
|
* Moved the library global state object into an anonymous namespace
|
|
|
|
|
* The low-level DER/BER coding system was redesigned and rewritten
|
|
|
|
|
* Portions of the certificate code were cleaned up internally
|
|
|
|
|
* Use macros to substantially clean up the GCC assembly code
|
|
|
|
|
* Some slight cleanups in X509_PublicKey::key_id
|
|
|
|
|
* Fixed a potential infinite loop in the memory pool code (Matt Johnston)
|
|
|
|
|
* Made Pooling_Allocator::Memory_Block an actual class of sorts
|
|
|
|
|
* Some small optimizations to the division and modulo computations
|
|
|
|
|
* Cleaned up the implementation of some of the BigInt operators
|
|
|
|
|
* Reduced use of dynamic memory allocation in low-level BigInt functions
|
|
|
|
|
* A few simplifications in the Randpool mixing function
|
|
|
|
|
* Removed power(), as it was not particularly useful (or fast)
|
|
|
|
|
* Fixed some annoying bugs in the benchmark code
|
|
|
|
|
* Added a real credits file
|
|
|
|
|
* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
|
|
|
|
|
* Fixed a memory access off-by-one in the Karatsuba code
|
|
|
|
|
* Changed Pooling_Allocator's free list search to a log(N) algorithm
|
|
|
|
|
* Merged ModularReducer with its only subclass, Barrett_Reducer
|
|
|
|
|
* Fixed sign-handling bugs in some of the division and modulo code
|
|
|
|
|
* Renamed the module description files to modinfo.txt
|
|
|
|
|
* Further cleanups in the initialization code
|
|
|
|
|
* Removed BigInt::add and BigInt::sub
|
|
|
|
|
* Merged all the division-related functions into just divide()
|
|
|
|
|
* Modified the <mp_asmi.h> functions to allow for better optimizations
|
|
|
|
|
* Made the number of bits polled from an EntropySource user configurable
|
|
|
|
|
* Avoid including <algorithm> in <botan/secmem.h>
|
|
|
|
|
* Removed some dead code from bigint_modop
|
|
|
|
|
* Fix the definition of same_mem
|
|
|
|
|
* Many optimizations in the low-level multiple precision integer code
|
|
|
|
|
* Added hooks for assembly implementations of the MPI code
|
|
|
|
|
* Support for the X.509 issuer alternative name extension in new certs
|
|
|
|
|
* Fixed a bug in the decompression modules; found and patched by Matt Johnston
|
|
|
|
|
* mem_pool.cpp was using std::set iterators instead of std::multiset ones
|
|
|
|
|
* Fixed a bug in X509_CA preventing users from disabling particular extensions
|
|
|
|
|
* Fixed the mp_asm64 module, which was entirely broken in 1.5.2
|
|
|
|
|
* Fixed an off-by-one memory read in MISTY1::key()
|
|
|
|
|
* Fixed a nasty memory leak in Output_Buffers::retire()
|
|
|
|
|
* Reimplemented the memory allocator from scratch
|
|
|
|
|
* Improved memory caching in Montgomery exponentiation
|
|
|
|
|
* Optimizations for multiple precision addition and subtraction
|
|
|
|
|
* Fixed a build problem in the hardware timer module on 64-bit PowerPC
|
|
|
|
|
* Changed default Karatsuba cutoff to 12 words (was 14)
|
|
|
|
|
* Removed MemoryRegion::bits(), which was unused and incorrect
|
|
|
|
|
* Changed maximum HMAC keylength to 1024 bits
|
|
|
|
|
* Various minor Makefile and build system changes
|
|
|
|
|
* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
|
|
|
|
|
* Switched checks/clock.cpp back to using clock() by default
|
|
|
|
|
* Removed the Default_Mutex's unused clone() member function
|
|
|
|
|
* Implemented Montgomery exponentiation
|
|
|
|
|
* Implemented generalized Karatsuba multiplication and squaring
|
|
|
|
|
* Implemented Comba squaring for 4, 6, and 8 word inputs
|
|
|
|
|
* Added new Modular_Exponentiator and Power_Mod classes
|
|
|
|
|
* Removed FixedBase_Exp and FixedExponent_Exp
|
|
|
|
|
* Fixed a performance regression in get_allocator
|
|
|
|
|
* Engines can now offer S2K algorithms and block cipher padding methods
|
|
|
|
|
* Merged the remaining global 'algolist' code into Default_Engine
|
|
|
|
|
* The low-level MPI code is linked as C again
|
|
|
|
|
* Replaced BigInt's get_nibble with the more general get_substring
|
|
|
|
|
* Moved all global/shared library state into a single object
|
|
|
|
|
* Mutex objects are created through mutex factories instead of a global
|
|
|
|
|
* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
|
|
|
|
|
* Removed the RNG_Quality enum entirely
|
|
|
|
|
* There is now only a single global-use PRNG
|
|
|
|
|
* Removed the no_aliases and no_oids options for LibraryInitializer
|
|
|
|
|
* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
|
|
|
|
|
* Fixed an off-by-one memory read in MISTY1::key()
|
|
|
|
|
* Fixed a nasty memory leak in Output_Buffers::retire()
|
|
|
|
|
* Changed maximum HMAC keylength to 1024 bits
|
|
|
|
|
* Changed Whirlpool diffusion matrix to match updated algorithm spec
|
|
|
|
|
* Added a constructor to DataSource_Memory taking a std::string
|
|
|
|
|
* Placing the same Filter in multiple Pipes triggers an exception
|
|
|
|
|
* The configure script accepts --docdir and --libdir
|
|
|
|
|
* Merged doc/rngs.txt into the main API document
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 25 21:31:10 CET 2006 - mls@suse.de
|
|
|
|
|
|
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jan 14 13:07:23 CET 2006 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Add gmp-devel to nfb
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 19 11:58:35 CET 2005 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to 1.4.10
|
|
|
|
|
- Bunch of cleanups and bugfixes added
|
|
|
|
|
- Add KASUMI, the block cipher used in 3G phones
|
|
|
|
|
- Binary file I/O can now be used with the data sink and source classes.
|
|
|
|
|
- Pipe has been refactored
|
|
|
|
|
- A possible memory leak in the OpenSSL engine was also fixed.
|
|
|
|
|
|
|
|
|
|
- Randpool has been modified to use HMAC instead of a plain hash
|
|
|
|
|
as its mixing operation.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 23 14:12:09 CET 2005 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to 1.4.9
|
|
|
|
|
- new algorithms including MARS, SEED, Turing, and FORK-256.
|
|
|
|
|
- include optimizations for RC6 and Twofish
|
|
|
|
|
- much better support for 64-bit PowerPC
|
|
|
|
|
- support for high resolution hardware timers on most PowerPC systems
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 15 16:48:55 CET 2005 - uli@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed to build on ARM
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 15 16:25:59 CEST 2005 - pth@suse.de
|
|
|
|
|
|
|
|
|
|
- Initial package
|
|
|
|
|
- Use ISO C99 stdint.h to define integer types.
|
|
|
|
|
- Mark 64 bit hex constants as ULL to shut up the compiler.
|
|
|
|
|
|