Accepting request 447972 from devel:libraries:c_c++

Fix the last known security bug OBS-URL: https://build.opensuse.org/request/show/447972 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=41
2017-01-15 10:09:49 +00:00 · 2017-01-15 10:09:49 +00:00 · 1ae618f0b9
commit 1ae618f0b9
parent e2dec8dc08 775d045da9
7 changed files with 42 additions and 23 deletions
--- a/Botan-1.10.13.tgz
+++ b/Botan-1.10.13.tgz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90
-size 2710181
--- a/Botan-1.10.13.tgz.asc
+++ b/Botan-1.10.13.tgz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQEcBAABCAAGBQJXIhwhAAoJEGIR6/Hvut+8crwH/jkm5Nr0xM+Sqmi11nS5lRcr
-iRw+qB5LxPPunmwQ1uoMe2B7ZowXNtu30bZD3D0dL5TY/ngXx91yvTznteqlXIry
-Qo3zfUlNc9EXFUpUniYi0ek+04Fyqy4sWI+gUrGjY6EWEI6lchacR9gt5R8NyOSl
-mTe5efp062O09vjwae4FwUdyOsCfxeMmNKZXIHxhjW17xCSg3b3gQKsyTPxuIyz/
-qDoaXetbfgcvc+mGx+SRNVbtG5LQi4+4asP6STAy9ZCvYBMh0EBrWelaxJv2lEXi
-oLcwbXBrdoFSosVbvIp46FxKwWFluAq2uvniCMvQ1VfYJVTyWglaiHNVlhhxY3M=
-=F/Hg
-----END PGP SIGNATURE-----
--- a/Botan-1.10.14.tgz
+++ b/Botan-1.10.14.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:10ed0b394db165733ac9557d8656356b7e9744d38c61c2b9c44cba6d84ff4c1c
+size 2710757
--- a/Botan-1.10.14.tgz.asc
+++ b/Botan-1.10.14.tgz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlg8DKMACgkQYhHr8e+6
+37xl/gf+OoUkiVu7Mi+UvOozBoQ8k9KPrj+afhTPlSgpXJHLhrtm7k1JMyGFzYJf
+PwEUEI2POI5SQ6sEX++MhN09XYQDle3LWEwsgBmZh0aoIr+3aYHNKgH6U3FjLT6t
+B0gk7RWygEDbm8NGdxqWducHrFdLR/MVSuYjuX4zgOjR0Nr69pimdjAGc1r4KH/3
+EHrSnSFeMMWqfN0CShQg30gp00et4P7rWo4NLNXVigkVif0TvQ4dAVejWr8UWkKN
+OId+XTfngj7ynpQnkBfUZ7O9N+ybbaiLaKaEbn1xN5WwFIqYt8DeUcX3RjOT11eF
+XbMK5bJDzcpE2+crlXodw8B6KkqY7A==
+=e8ta
+-----END PGP SIGNATURE-----
--- a/Botan.changes
+++ b/Botan.changes
@ -1,10 +1,25 @@
+-------------------------------------------------------------------
+Wed Dec 28 12:02:11 CET 2016 - pth@suse.de
+
+- Update to 1.10.14
+    * Fix integer overflow during BER decoding, found by Falko Strenzke.
+      This bug is not thought to be directly exploitable but upgrading ASAP
+      is advised. (CVE-2016-9132)
+    * Fix two cases where (in error situations) an exception would be
+      thrown from a destructor, causing a call to std::terminate.
+    * When RC4 is disabled in the build, also prevent it from being
+      included in the OpenSSL provider. (GH #638)
+
 -------------------------------------------------------------------
 Sun Nov 13 01:32:18 UTC 2016 - netsroth@opensuse.org

 - Update to 1.10.13
-  * Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA (CVE-2016-2849)
-  * Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption (CVE-2015-7827)
-  * Avoid a compilation problem in OpenSSL engine when ECDSA was disabled. Gentoo bug 542010
+  * Use constant time modular inverse algorithm to avoid possible side 
+    channel attack against ECDSA (CVE-2016-2849)
+  * Use constant time PKCS #1 unpadding to avoid possible side channel
+    attack against RSA decryption (CVE-2015-7827)
+  * Avoid a compilation problem in OpenSSL engine when ECDSA was
+    disabled. Gentoo bug 542010

 -------------------------------------------------------------------
 Fri May 13 07:31:21 UTC 2016 - faure@kde.org
--- a/Botan.spec
+++ b/Botan.spec
@ -19,7 +19,7 @@
 %define version_suffix 1_10-1
 %define short_version 1.10
 Name:           Botan
-Version:        1.10.13
+Version:        1.10.14
 Release:        0
 Summary:        A C++ Crypto Library
 License:        BSD-2-Clause
--- a/dont-set-mach-value.diff
+++ b/dont-set-mach-value.diff
@ -1,8 +1,12 @@
-diff --git a/configure.py b/configure.py
-index b606e06..f184939 100755
--- a/configure.py
-+++ b/configure.py
-@@ -1135,7 +1135,7 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
+---
+ configure.py |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: Botan-1.10.14/configure.py
+===================================================================
+--- Botan-1.10.14.orig/configure.py	2016-11-28 11:52:20.000000000 +0100
+++ Botan-1.10.14/configure.py	2016-12-28 10:59:39.592584921 +0100
+@@ -1140,7 +1140,7 @@ def create_template_vars(build_config, o
                                      options.cpu, options.debug_build),
 
         'lib_opt': cc.library_opt_flags(options),