SHA256
1
0
forked from pool/Botan

Accepting request 593756 from devel:libraries:c_c++

- Update to Botan 2.5
  * Fix error in certificate wildcard matching (CVE-2018-9127), where a
    wildcard cert for b*.example.com would be accepted as a match for any host
    with name *b*.example.com (GH #1519)
  * Add support for RSA-PSS signatures in TLS (GH #1285)
  * Ed25519 certificates are now supported (GH #1501)
  * Many optimizations in ECC operations. ECDSA signatures are 8-10 times
    faster. ECDSA verification is about twice as fast. ECDH key agreement is
    3-4 times faster. (GH #1457 #1478)
  * Implement product scanning Montgomery reduction, which improves
    Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
    #1472)
  * DSA signing and verification performance has improved by 30-50%.
  * Add a new Credentials_Manager callback that specifies which CAs the server
    has indicated it trusts (GH #1395 fixing #1261)
  * Add new TLS::Callbacks methods that allow creating or removing extensions,
    as well as examining extensions sent by the peer (GH #1394 #1186)
  * Add new TLS::Callbacks methods that allow an application to negotiate use
    of custom elliptic curves. (GH #1448)
  * Add ability to create custom elliptic curves (GH #1441 #1444)
  * Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
  * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
    #986)
  * The default encoding of ECC public keys has changed from compressed to
    uncompressed point representation. This improves compatability with some
    common software packages including Golang’s standard library. (GH #1480
    #1483)
  * It is now possible to create DNs with custom components. (GH #1490 #1492)
  * It is now possible to specify the serial number of created certificates,
    instead of using the default 128-bit random integer. (GH #1489 #1491)

OBS-URL: https://build.opensuse.org/request/show/593756
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=48
This commit is contained in:
Dominique Leuenberger 2018-04-06 15:47:28 +00:00 committed by Git OBS Bridge
commit 507ebbccd8
7 changed files with 139 additions and 21 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ed9464e2a5cfee4cd3d9bd7a8f80673b45c8a0718db2181a73f5465a606608a5
size 6530714

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlpTjj0ACgkQYhHr8e+6
37y8gQf/Z9fXByA70qe3CRKpdO3WYiHTg4ff0YyRPCN5Ud5Sp5nWncyNpdDGgD/l
HjBL6nAydp1g/3M2JLpIuepkqwP8iZLw3ZA+3eDhlnbNAY0sw+0SGpqVrv5zE57j
F69c+ZYqXkabFNBGZHtTilevYyW29G8i0dbCyzYxX2JOAu0JoRs2IYDRYUl60Fz9
TYCBZjcOGFw7FdE33dR4paRziSOMJV0RsnMRquM0P/CvFn6k/UG2Wx/s+UrhD2Oy
f5t/N5cs8jahQaOYXft0V+Bgv8JyA8mHerxSioI7z10dIYQykAnpkX3x1k8vbJRn
LKIAvJaMDKGMNw4xarWLUqqtShMwUw==
=DSh9
-----END PGP SIGNATURE-----

3
Botan-2.5.0.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b8a31fe03e7f048a5bd3967ecd04b6a48966215e78792df06e333b0eede4fb1b
size 6596225

11
Botan-2.5.0.tgz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlrCMRMACgkQYhHr8e+6
37yzrAf/aiXeISEKVstL7x5thRR9iz9L1KqzQXDBQOxTYeilEGcvuddqYfJ8f6hY
zaFSigYLDjX1i8lDprtCV0JwluW9HCgF9JfZnzLPgn6JdGmvHGc/c0OPHV0iUlhX
cUfRwVF/lburg3HD139KvaKJycJOa6KWhaQImpTA8l+Xh819Q8Zd51w8PbnBKAOn
7xVlOqdj5Pe10qn5LOsaHEzsbTGpqbvYlr1vfZwQym0lilpjabMZvX6nZKE9a6gf
rYrv+m9uriDBqlmn+RlwgZwBlrjnEse1b9pXMZpkbzcQlH6KEWYxdvSmITTrCPG3
61LP5ZIjp0U0bwgHHGlZjY3oMjA6kw==
=Wj1M
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,119 @@
-------------------------------------------------------------------
Tue Apr 3 08:06:46 UTC 2018 - daniel.molkentin@suse.com
- Update to Botan 2.5
* Fix error in certificate wildcard matching (CVE-2018-9127), where a
wildcard cert for b*.example.com would be accepted as a match for any host
with name *b*.example.com (GH #1519)
* Add support for RSA-PSS signatures in TLS (GH #1285)
* Ed25519 certificates are now supported (GH #1501)
* Many optimizations in ECC operations. ECDSA signatures are 8-10 times
faster. ECDSA verification is about twice as fast. ECDH key agreement is
3-4 times faster. (GH #1457 #1478)
* Implement product scanning Montgomery reduction, which improves
Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
#1472)
* DSA signing and verification performance has improved by 30-50%.
* Add a new Credentials_Manager callback that specifies which CAs the server
has indicated it trusts (GH #1395 fixing #1261)
* Add new TLS::Callbacks methods that allow creating or removing extensions,
as well as examining extensions sent by the peer (GH #1394 #1186)
* Add new TLS::Callbacks methods that allow an application to negotiate use
of custom elliptic curves. (GH #1448)
* Add ability to create custom elliptic curves (GH #1441 #1444)
* Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
* Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
#986)
* The default encoding of ECC public keys has changed from compressed to
uncompressed point representation. This improves compatability with some
common software packages including Golangs standard library. (GH #1480
#1483)
* It is now possible to create DNs with custom components. (GH #1490 #1492)
* It is now possible to specify the serial number of created certificates,
instead of using the default 128-bit random integer. (GH #1489 #1491)
* Change DL_Group and EC_Group to store their data as shared_ptr for fast
copying. Also both classes precompute additional useful values (eg for
modular reductions). (GH #1435 #1454)
* Make it possible for PKCS10 requests to include custom extensions. This
also makes it possible to use muliple SubjectAlternativeNames of a single
type in a request, which was previously not possible. (GH #1429 #1428)
* Add new optimized interface for FE1 format preserving encryption. By
caching a number of values computed in the course of the FPE calculation,
it provides a 6-7x speedup versus the old API. (GH #1469)
* Add DSA and ElGamal keygen functions to FFI (#1426)
* Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402)
* Fix a memory leak in the OpenSSL block cipher integration, introduced in
* 2.2.0
* Use an improved algorithm for generating safe primes which is several tens
of times faster. Also, fix a bug in the prime sieving algorithm which
caused standard prime generation (like for RSA keys) to be slower than
necessary. (GH #1413 #1411)
* Correct the return value of PK_Encryptor::maximum_input_size which reported
a much too small value (GH #1410)
* Remove use of CPU specific optimization flags, instead the user should set
these via CXXFLAGS if desired. (GH #1392)
* Resolve an issue that would cause a crash in the tests if they were run on
a machine without SSE2/NEON/VMX instructions. (GH #1495)
* The Python module now tries to load DLLs from a list of names and uses the
first one which successfully loads and indicates it supports the desired
API level. (GH #1497)
* Various minor optimizations for SHA-3 (GH #1433 #1434)
* The output of botan --help has been improved (GH #1387)
* Add --der-format flag to command line utils, making it possible verify
DSA/ECDSA signatures generated by OpenSSL command line (GH #1409)
* Add support for --library-suffix option to configure.py (GH #1405 #1404)
* Use feature flags to enable/disable system specific code (GH #1378)
* Add --msvc-runtime option to allow using static runtime (GH #1499 #210)
* Add enable-sanitizers= option to allow specifying which sanitizers to
enable. The existing --with-sanitizers option just enables some default set
which is known to work with the minimum required compiler versions.
* Use either rst2man or rst2man.py for generating man page as distributions
differ on where this program is installed (GH #1516)
* The threefish module has been renamed threefish_512 since that is the
algorithm it provides. (GH #1477)
* The Perl XS based wrapper has been removed, as it was unmaintained and
broken. (GH #1412)
* The sqlite3 encryption patch under contrib has been removed. It is still
maintained by the original author at
https://github.com/OlivierJG/botansqlite3
-------------------------------------------------------------------
Fri Feb 16 16:07:40 UTC 2018 - sleep_walker@opensuse.org
@ -272,9 +388,6 @@ Thu Feb 8 14:11:08 UTC 2018 - sleep_walker@opensuse.org
header. The timestamp can be set by passing it to the
``Gzip_Compression`` constructor.
* Resolve a performance regression on Windows involving the system
stats entropy source. (GH #1369)
* Add an OID for RIPEMD-160
* Fixes for CMake build (GH #1251)

View File

@ -16,10 +16,10 @@
#
%define version_suffix 2-4
%define version_suffix 2-5
%define short_version 2
Name: Botan
Version: 2.4.0
Version: 2.5.0
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause
@ -99,7 +99,12 @@ python3 ./configure.py \
--with-bzip2 \
--with-zlib \
--with-openssl \
%ifarch %ix86
--cpu=x86_32
%else
--cpu=%{_target_cpu}
%endif
make %{?_smp_mflags} WARN_FLAGS="%{optflags}"
%install

View File

@ -1,4 +1,4 @@
libbotan-2-4
libbotan-2-5
libbotan-devel
requires -libbotan-<targettype> = <version>
requires "libbotan-2-4-<targettype> = <version>"
requires "libbotan-2-5-<targettype> = <version>"