From 8b274fb891015ad14e631103cae76928d61cf68a6bba6ad37a6c9c840321378a Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Wed, 4 Oct 2017 12:14:40 +0000
Subject: [PATCH] Accepting request 531133 from
 home:dmolkentin:branches:devel:libraries:c_c++
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update to 1.10.17
  - Address a side channel affecting modular exponentiation. An attacker
    capable of a local or cross-VM cache analysis attack may be able to recover
    bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
    a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
    (GH #1192 #1148 #882, bsc#1060433)
  - Add SecureVector::data() function which returns the start of the buffer.
    This makes it slightly simpler to support both 1.10 and 2.x APIs in the
    same codebase.  When compiled by a C++11 (or later) compiler, a template
    typedef of SecureVector, secure_vector, is added. In 2.x this class is a
    std::vector with a custom allocator, so has a somewhat different interface
    than SecureVector in 1.10. But this makes it slightly simpler to support
    both 1.10 and 2.x APIs in the same codebase.
  - Fix a bug that prevented configure.py from running under Python3
  - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
    #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
    1.1 or later. (GH #753)
  - Import patches from Debian adding basic support for
    building on aarch64, ppc64le, or1k, and mipsn32 platforms.
  * obsoletes CVE-2017-14737.patch
  * refreshes aarch64-support.patch
  * drop ppc64le-support.patch for upstream version
    (disables altivec support as per concerns by upstream)

- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
  implementation allows local attacker to recover information about RSA secret
  keys.
  * add CVE-2017-14737.patch

OBS-URL: https://build.opensuse.org/request/show/531133
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=71
---
 Botan-1.10.16.tgz     |  3 ---
 Botan-1.10.16.tgz.asc | 11 -----------
 Botan-1.10.17.tgz     |  3 +++
 Botan-1.10.17.tgz.asc | 11 +++++++++++
 Botan.changes         | 38 ++++++++++++++++++++++++++++++++++++++
 Botan.spec            |  6 ++----
 aarch64-support.patch | 22 +++++++++++-----------
 ppc64le-support.patch | 18 ------------------
 8 files changed, 65 insertions(+), 47 deletions(-)
 delete mode 100644 Botan-1.10.16.tgz
 delete mode 100644 Botan-1.10.16.tgz.asc
 create mode 100644 Botan-1.10.17.tgz
 create mode 100644 Botan-1.10.17.tgz.asc
 delete mode 100644 ppc64le-support.patch

diff --git a/Botan-1.10.16.tgz b/Botan-1.10.16.tgz
deleted file mode 100644
index 924384b..0000000
--- a/Botan-1.10.16.tgz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52
-size 2711177
diff --git a/Botan-1.10.16.tgz.asc b/Botan-1.10.16.tgz.asc
deleted file mode 100644
index 95151a9..0000000
--- a/Botan-1.10.16.tgz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAljkQzcACgkQYhHr8e+6
-37zwOAf9G0+rAaNoq5K9m4LZq4A1jP1B4HBsrddLu0PFCCDD8usYNTJkSUhoVTTt
-BZqFa9NK8+NV/cELnRiiVw1mvMCN981tzl2rBiE6yw3CrfvuLYGX21Vc3RNIIjYs
-rdH5oIvRP7C7zmRP3uuybFefsI6XXUVppjFcP6N14zDNXQxl2eoW9LZbxl0m28Dp
-tMum3qSIaQemcJzOpfoXYW1A/Q3Rz8Wh3Xh1Jfjm8kUY9GOGtf9vQwO8Jb4jn9kJ
-ftyoDlBWMQAgPd3DXKx/tfn7YcshbgmCW6lrqrwMIz84ESqkqZt8h/olPrJK/8tO
-cdPl7ovtfSfQXWRJzAL3ehF1HeKZVg==
-=EDPN
------END PGP SIGNATURE-----
diff --git a/Botan-1.10.17.tgz b/Botan-1.10.17.tgz
new file mode 100644
index 0000000..21f22ce
--- /dev/null
+++ b/Botan-1.10.17.tgz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613
+size 2706678
diff --git a/Botan-1.10.17.tgz.asc b/Botan-1.10.17.tgz.asc
new file mode 100644
index 0000000..513150f
--- /dev/null
+++ b/Botan-1.10.17.tgz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlnSZaQACgkQYhHr8e+6
+37xtgwf+KcmgrrfzAF6HLJJwOvMom+SnpHShvoMPqfmXwhvKELCQ8TypARF7Zbjw
+e6M6Nvb/u2PhEoEX4p2vYPLxxtz+la5xXBa+UDbSO9nppFe0z6qIyR793gYWaUUT
+vBonBeComOtn5vYEQ6Xj+X8JjH3xK1oKX+jNWHLKHcMUoNdRdu3dYS9Tkbvyy9DY
+yjUrOE9/N8ATjSN9dEC0Xa29CMhgYxquIz6FuMspPxJHHD5/GrP+h5LfnR76vkaK
+CBilE9VEYoLSTDQyHb6g0/Fz1l+YM159oe2SmFdOGBzI02EkYGBXxYc9fSpw92oH
+rokKA1Q23WpaK0bzduvduBreYtIpsw==
+=1D+U
+-----END PGP SIGNATURE-----
diff --git a/Botan.changes b/Botan.changes
index 6b4d763..c3573fd 100644
--- a/Botan.changes
+++ b/Botan.changes
@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Wed Oct  4 07:49:54 UTC 2017 - daniel.molkentin@suse.com
+
+- Update to 1.10.17
+  - Address a side channel affecting modular exponentiation. An attacker
+    capable of a local or cross-VM cache analysis attack may be able to recover
+    bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
+    a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
+    (GH #1192 #1148 #882, bsc#1060433)
+  - Add SecureVector::data() function which returns the start of the buffer.
+    This makes it slightly simpler to support both 1.10 and 2.x APIs in the
+    same codebase.  When compiled by a C++11 (or later) compiler, a template
+    typedef of SecureVector, secure_vector, is added. In 2.x this class is a
+    std::vector with a custom allocator, so has a somewhat different interface
+    than SecureVector in 1.10. But this makes it slightly simpler to support
+    both 1.10 and 2.x APIs in the same codebase.
+  - Fix a bug that prevented configure.py from running under Python3
+  - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
+    #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
+    1.1 or later. (GH #753)
+  - Import patches from Debian adding basic support for
+    building on aarch64, ppc64le, or1k, and mipsn32 platforms.
+
+  * obsoletes CVE-2017-14737.patch
+
+  * refreshes aarch64-support.patch
+
+  * drop ppc64le-support.patch for upstream version
+    (disables altivec support as per concerns by upstream)
+
+-------------------------------------------------------------------
+Tue Sep 26 13:03:46 UTC 2017 - daniel.molkentin@suse.com
+
+- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
+  implementation allows local attacker to recover information about RSA secret
+  keys.
+  * add CVE-2017-14737.patch
+
 -------------------------------------------------------------------
 Thu Sep 21 09:48:17 UTC 2017 - vcizek@suse.com
 
diff --git a/Botan.spec b/Botan.spec
index 044c246..149cfda 100644
--- a/Botan.spec
+++ b/Botan.spec
@@ -19,7 +19,7 @@
 %define version_suffix 1_10-1
 %define short_version 1.10
 Name:           Botan
-Version:        1.10.16
+Version:        1.10.17
 Release:        0
 Summary:        A C++ Crypto Library
 License:        BSD-2-Clause
@@ -36,7 +36,6 @@ Patch4:         Botan-no-buildtime.patch
 Patch6:         Botan-fix_pkgconfig.patch
 Patch7:         dont-set-mach-value.diff
 Patch8:         aarch64-support.patch
-Patch9:         ppc64le-support.patch
 Patch10:        no-cpuid-header.patch
 BuildRequires:  bzip2 >= 1.0.2
 BuildRequires:  gcc-c++
@@ -94,8 +93,7 @@ programs that use the Botan library.
 %patch4
 %patch6
 %patch7 -p1
-%patch8
-%patch9
+%patch8 -p1
 %if 0%{?suse_version} == 1110
 %patch10 -p1
 %endif
diff --git a/aarch64-support.patch b/aarch64-support.patch
index 3096dbb..6c8e555 100644
--- a/aarch64-support.patch
+++ b/aarch64-support.patch
@@ -1,11 +1,11 @@
-Index: src/build-data/arch/aarch64.txt
-===================================================================
---- /dev/null
-+++ src/build-data/arch/aarch64.txt
-@@ -0,0 +1,6 @@
-+endian little
-+
-+<aliases>
-+arm64
-+armv8
-+</aliases>
+diff --git a/src/build-data/arch/aarch64.txt b/src/build-data/arch/aarch64.txt
+index 863b000c5..9ea51c936 100644
+--- a/src/build-data/arch/aarch64.txt
++++ b/src/build-data/arch/aarch64.txt
+@@ -2,5 +2,6 @@ endian little
+ 
+ <aliases>
+ arm64 # For Debian
++armv8 # For SUSE
+ </aliases>
+
diff --git a/ppc64le-support.patch b/ppc64le-support.patch
deleted file mode 100644
index 53e1a08..0000000
--- a/ppc64le-support.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- /dev/null	2013-11-30 20:09:56.080000808 +0100
-+++ src/build-data/arch/ppc64le.txt	2013-12-08 23:56:25.465510000 +0100
-@@ -0,0 +1,15 @@
-+endian little 
-+
-+family ppc
-+
-+<aliases>
-+powerpc64le
-+</aliases>
-+
-+<submodels>
-+power7
-+</submodels>
-+
-+<isa_extn>
-+altivec:power7
-+</isa_extn>