Accepting request 357528 from devel:libraries:c_c++

1

OBS-URL: https://build.opensuse.org/request/show/357528
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=38

Botan-1.10.10.tgz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6b67b14746410461fe4a8ce6a625e7eef789243454fe30eab7329d5984be4163
-size 2706592

Botan-1.10.10.tgz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQEcBAABCgAGBQJVvvClAAoJEGIR6/Hvut+8DnIH/j5EW84EEcBKETvBQJqoPJt7
-Gsq4GKHDo75gBnWn2a2WGbbFIRuwjW4rpbUxxn6Nxazr87Hvg/RpRmd03/VYNvDO
-jai2oetGAbaV4e9kzSMI96jN6k3vpjtUqeY851PXnZxaILrx1iBqwppjVOZfIbNF
-hxzNgDgd1lA/dgfsh/BGr3MWDihNOxpICAbxmnXJU8bjiNT3RqebyOmins/Q6eVr
-Tl6D2CxeYV1QlxOOnd93PJW6RAJtgzw4kjUWIHB74DxhjtB06XV8jHQxlTRCEC/Q
-QDy2WlymjDQapyW6OzB0nRYCKtJQyQiZVCk4cIBq/8X3M4vjk7jErwqKvNPGcCU=
-=s4gl
------END PGP SIGNATURE-----

Botan-1.10.12.tgz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:affc3a79919577943f896e64d3e4a4dcc4970c5bf80cc98c7f3a3144745eac27
+size 2707397

Botan-1.10.12.tgz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQEcBAABCAAGBQJWsbSyAAoJEGIR6/Hvut+8yZ8IAKZkFvG/j+nmWQPaoU0FKAJY
+q37r0gIOSkZ+K4Q3k8Gc5uEmVcobP52JlDJZeG6yYERwJdN1aO/LcUpqxDvF8SNk
+qrfsgItJ06SW+jLI9xS7abQGoVmfBEC5EcmqlPLLyJ4mPTR3XDDn6ITyN1i40Byr
+rVMdm0dOwPiFrVJNlSjEnv/sQEPf6nrXAhu6vhGsWk1u6BbZRhVTk+0QAI0Dz950
+MpRmIzEZAIAgvZpYGvvnULzfnNVwPswxw321Cp0JH368/sJjX2Mkp8yJ1wypGaMT
+3gqkhGsyNqQjKjv9DmE04N/l+P7SIMBGn4+BOS0sfEXhxdpRMrezoNx/E2rJ5AU=
+=tUsf
+-----END PGP SIGNATURE-----

Botan.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Wed Feb  3 10:52:19 UTC 2016 - michael@stroeder.com
+
+- Update to 1.10.12
+
+- Version 1.10.12, 2016-02-03
+  * In 1.10.11, the check in PointGFp intended to check the affine y 
+    argument actually checked the affine x again. Reported by Remi Gacogne
+  * The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an 
+    additional check in the multiplication function itself which was also 
+    added in that release, so there are no security implications from the 
+    missed check. However to avoid confusion the change was pushed in a new 
+    release immediately.
+  * The 1.10.11 release notes incorrectly identified CVE-2016-2195 as 
+    CVE-2016-2915
+- Version 1.10.11, 2016-02-01
+  * Resolve heap overflow in ECC point decoding. CVE-2016-2195
+    Resolve infinite loop in modular square root algorithm. CVE-2016-2194
+    Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239
+
 -------------------------------------------------------------------
 Thu Dec 24 10:48:11 UTC 2015 - mpluskal@suse.com
 

Botan.spec

@@ -19,7 +19,7 @@
 %define version_suffix 1_10-1
 %define short_version 1.10
 Name:           Botan
-Version:        1.10.10
+Version:        1.10.12
 Release:        0
 Summary:        A C++ Crypto Library
 License:        BSD-2-Clause