Accepting request 621856 from home:dmolkentin:branches:devel:libraries:c_c++

- Update to Botan 2.7
  * CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH
    #1604)
  * Avoid a side channel in RSA key generation due to use of a non-constant
    time gcd algorithm. (GH #1542 #1556)
  * Optimize prime generation, especially improving RSA key generation. (GH
    #1542)
  * Make Karatsuba multiplication, Montgomery field operations, Barrett
    reduction and Montgomery exponentiation const time (GH #1540 #1606 #1609
    #1610)
  * Optimizations for elliptic curve operations especially improving reductions
    and inversions modulo NIST primes (GH #1534 #1538 #1545 #1546 #1547 #1550)
  * Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by
    ~25%. (GH #1564)
  * Unroll Montgomery reduction for specific sizes (GH #1603)
  * Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and
    GOST by 10-15%.
  * XMSS optimizations (GH #1583 #1585)
  * Fix an error that meant XMSS would only sign half as many signatures as is
    allowed (GH #1582)
  * Add support for base32 encoding/decoding (GH #1541)
  * Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584)
  * Allow the year to be up to 2200 in ASN.1 time objects. Previously this was
    limited to 2100. (GH #1536)
  * Add support for Scrypt password hashing (GH #1570)
  * Add support for using Scrypt for private key encryption (GH #1574)
  * Optimizations for DES/3DES, approx 50% faster when used in certain modes
    such as CBC decrypt or CTR.
  * XMSS signature verification did not check that the signature was of the
    expected length which could lead to a crash. (GH #1537)

OBS-URL: https://build.opensuse.org/request/show/621856
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=86

Botan-2.6.0.tgz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c1f261555bba702c73608dde7bd743ef2d6377a41a1c295915b25c5babaf5cc5
-size 6599127

Botan-2.6.0.tgz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlrMubEACgkQYhHr8e+6
-37ycHgf/R0IMmiQLI+ycU3GaTV/GsjJxcBE44NCwJPUBxqgvjNpY7sUv5ROkaKy5
-wSKVneOjZf8KJSEZlb3FqYuGLEsph6e0qO0C8wjKGJs4Le1kVp6oJaKI6AXaDUHf
-EbKYRXDiSGnAbA57ncFOICNHXKjvj9E7NdxbYVLLak9ILzGAKH7gouCYLEIil0mx
-pfpb4FEoWYIJoKCGyBFZrdRYtBAEUG15QASJ5UDbCF2io4BL1T07cCeD3TnoHmwd
-3PXCaD6cE9c2p3cDuXsYStpPK8yCPr4F6gBQrJeP3x/wndK6j8JhuqsVQzXaTJm6
-vYCQEzULrRqVkfTDl1j8FtaWi0s5UA==
-=MSIv
------END PGP SIGNATURE-----

Botan-2.7.0.tgz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e42df91556317588c6ca0e41bf796f9bd5ec5c70e0668e6c97c608c697c24a90
+size 7021654

Botan-2.7.0.tgz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAls6K+sACgkQYhHr8e+6
+37yyPgf/Xcn08HUPP1tHLWsgVbhHdKUsoPyk8voQD1C1RRhS0pMPT8wq1sI0Ctws
+QgF7iEk26UvXLrC99Ab29wivuN1AkBdx0D6g9AiTOEQII1uv5t5SXjXlO3z4W44+
+MS310sLnvQ2F2UUOzbEENh/nuFZragh6UGr5cIFGV+T2gCJQ+WKHMDMvOz2rYj5V
+01fnTKzuAzm+9ym/R/0q4apfy9XoRZd5PXZil35xGfIZMlkkQ4cPm+fOx5RQJVZY
+QHkakmiK6GJZmbJM1/fsh/IXEbCACQalrdtJxTXBWwWe5ngmBv/VeaKyf8UDR54s
+il3+LFjya+xMvvUG4BGqKWWgiTOwRw==
+=JXvm
+-----END PGP SIGNATURE-----

Botan.changes

@@ -1,3 +1,100 @@
+-------------------------------------------------------------------
+Tue Jul 10 09:27:35 UTC 2018 - daniel.molkentin@suse.com
+
+- Update to Botan 2.7
+
+  * CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH
+    #1604)
+
+  * Avoid a side channel in RSA key generation due to use of a non-constant
+    time gcd algorithm. (GH #1542 #1556)
+
+  * Optimize prime generation, especially improving RSA key generation. (GH
+    #1542)
+
+  * Make Karatsuba multiplication, Montgomery field operations, Barrett
+    reduction and Montgomery exponentiation const time (GH #1540 #1606 #1609
+    #1610)
+
+  * Optimizations for elliptic curve operations especially improving reductions
+    and inversions modulo NIST primes (GH #1534 #1538 #1545 #1546 #1547 #1550)
+
+  * Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by
+    ~25%. (GH #1564)
+
+  * Unroll Montgomery reduction for specific sizes (GH #1603)
+
+  * Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and
+    GOST by 10-15%.
+
+  * XMSS optimizations (GH #1583 #1585)
+
+  * Fix an error that meant XMSS would only sign half as many signatures as is
+    allowed (GH #1582)
+
+  * Add support for base32 encoding/decoding (GH #1541)
+
+  * Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584)
+
+  * Allow the year to be up to 2200 in ASN.1 time objects. Previously this was
+    limited to 2100. (GH #1536)
+
+  * Add support for Scrypt password hashing (GH #1570)
+
+  * Add support for using Scrypt for private key encryption (GH #1574)
+
+  * Optimizations for DES/3DES, approx 50% faster when used in certain modes
+    such as CBC decrypt or CTR.
+
+  * XMSS signature verification did not check that the signature was of the
+    expected length which could lead to a crash. (GH #1537)
+
+  * The bcrypt variants 2b and 2y are now supported.
+
+  * Support for 192-bit Suite B TLS profile is now implemented, as the 128-bit
+    Suite B is since 2015 not allowed anymore.
+
+  * Previously botan allowed GCM to be used with an empty nonce, which is not
+    allowed by the specification. Now such nonces are rejected.
+
+  * Avoid problems on Windows when compiling in Unicode mode (GH #1615 #1616)
+
+  * Previously for ASN.1 encoded signatures (eg ECDSA) Botan would accept any
+    valid BER encoding. Now only the single valid DER encoding is accepted.
+
+  * Correct an error that could in rare cases cause an internal error exception
+    when doing computations with the P-224 curve.
+
+  * Optimizations to reduce allocations/copies during DER encoding and BER
+    decoding (GH #1571 #1572 #1600)
+
+  * Botan generates X.509 subject key IDs by hashing the public key with
+    whatever hash function is being used to sign the certificate. However
+    especially for SHA-512 this caused SKIDs that were far longer than
+    necessary. Now all SKIDs are truncated to 192 bits.
+
+  * In the test suite use mkstemp to create temporary files instead of creating
+    them in the current working directory. (GH #1533 #1530)
+
+  * It is now possible to safely override CXX when invoking make in addition to
+    when configure.py is run. (GH #1579)
+
+  * OIDs for Camellia and SM4 in CBC and GCM mode are now defined, making it
+    possible to use this algorithms for private key encryption.
+
+  * Avoid creating symlinks to the shared object on OpenBSD (#1535)
+
+  * The factor command runs much faster on larger inputs now.
+
+  * Support for Windows Phone/UWP was deprecated starting in 2.5. This
+    deprecation has been reversed as it seems UWP is still actively used. (GH
+    #1586 #1587)
+
+  * Support for Visual C++ 2013 is deprecated, and will be removed in Jan 2019.
+
+  * Added support for GCC’s –sysroot option to configure.py for
+    cross-compiling.
+
 -------------------------------------------------------------------
 Thu Apr 12 16:06:00 UTC 2018 - kasimir_@outlook.de
 

Botan.spec

@@ -16,10 +16,10 @@
 #
 
 
-%define version_suffix 2-5
+%define version_suffix 2-7
 %define short_version 2
 Name:           Botan
-Version:        2.6.0
+Version:        2.7.0
 Release:        0
 Summary:        A C++ Crypto Library
 License:        BSD-2-Clause

baselibs.conf

@@ -1,4 +1,4 @@
-libbotan-2-5
+libbotan-2-7
 libbotan-devel
 	requires -libbotan-<targettype> = <version>
 	requires "libbotan-2-5-<targettype> = <version>"