SHA256
1
0
forked from pool/Botan

Accepting request 826938 from devel:libraries:c_c++

- update to 2.15:
  Fix a bug where the name constraint extension did not constrain the alternative
  DN field which can be included in a subject alternative name. This would allow
  a corrupted sub-CA which was otherwise constrained by a name constraint to
  issue a certificate with a prohibited DN.
  Fix a bug in the TLS server during client authentication where where if a
  (disabled by default) static RSA ciphersuite was selected, then no certificate
  request would be sent. This would have an equivalent effect to a client which
  simply replied with an empty Certificate message. (GH #2367)
  Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
  a result AES is now constant time on all processors. (GH #2346 #2348 #2353
  #2329 #2355)
  In TLS, enforce that the key usage given in the server certificate allows the
  operation being performed in the ciphersuite. (GH #2367)
  In X.509 certificates, verify that the algorithm parameters are the expected
  NULL or empty. (GH #2367)
  Change the HMAC key schedule to attempt to reduce the information leaked from
  the key schedule with regards to the length of the key, as this is at times (as
  for example in PBKDF2) sensitive information. (GH #2362)
  Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
  previous RDRAND_RNG interface is deprecated. (GH #2352)
  The documentation claimed that mlocked pages were created with a guard page
  both before and after. However only a trailing guard page was used. Add a
  leading guard page. (GH #2334)
  Add support for generating and verifying DER-encoded ECDSA signatures in the C
  and Python interfaces. (GH #2357 #2356)
  Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
  #2322)
  When building documentation using Sphinx avoid parallel builds with version 3.0
  due to a bug in that version (GH #2326 #2324)

OBS-URL: https://build.opensuse.org/request/show/826938
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=54
This commit is contained in:
Dominique Leuenberger 2020-08-17 10:04:03 +00:00 committed by Git OBS Bridge
commit 7055bd1c61
7 changed files with 70 additions and 18 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0c10f12b424a40ee19bde00292098e201d7498535c062d8d5b586d07861a54b5
size 5958948

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAl6LEUEACgkQYhHr8e+6
37zeyAf/XR0IcWdTE5mW7yRmkYMm+1kDkmiTk4Zow+kTZhRegX691PX3jAMNCi0A
Gxp7waf0bYT0Qu6LvncqXINCPaSTsjilO6WCDcfIe4FOJzCLRc+TCVNwGxImCxzr
Zhs4d3YtaQk7Qh4+eu9nwJ1K9N0AC9QfdCMY2DPVEBMYm2PxrXl19WhLzCJQi+tP
+Rju2N3SQPCeGkgY3PCQfIX2N8GqVRa4MhacUD3hcUhTPngI+z5Fchbm/BdKo1qW
YDFh1Se8SvdxGzaCB6iIHayGTueyzUzCzc5fIElbo4vZ+VMKinxY8I/Ly5VOdZNy
IHlGHk+vKJkklnW/Wf1WQgrYfqETOQ==
=Okhl
-----END PGP SIGNATURE-----

3
Botan-2.15.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d88af1307f1fefac79aa4f2f524699478d69ce15a857cf2d0a90ac6bf2a50009
size 5920688

11
Botan-2.15.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAl8EZW8ACgkQYhHr8e+6
37ziJQf/WyGSyiSOT97oF2vfYZKzEIbSauIjAZX8EsLzFp0tW0fTA+WOeBixio1B
i7nT3o/ntOyJTjDuavUfzam9PTNfluklsNjX/xQH/+G3dgz7Vit6Bzam3h9yFOJI
UHw0AsUSpnVesWwEEiUPz9EFD40ExafH+jkE8xxTItWUGz3qEqTdUJGATQAcUsaq
jCw+Lxy0TSNkdbLTOUcU38Ds9paysSxKI9GSzlBR0etZNrXHT97HT1iwneGn64qu
NMjt+XmHP/7nYw6+vmM2FWvrOYViV60UaMfDqPtyDwd22XHkkw6YpkVscIkfc9ZE
0cSn1bY/+tLAkpK885cxA3DtYd+IWg==
=kUJO
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,55 @@
-------------------------------------------------------------------
Sun Aug 16 01:57:13 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 2.15:
Fix a bug where the name constraint extension did not constrain the alternative
DN field which can be included in a subject alternative name. This would allow
a corrupted sub-CA which was otherwise constrained by a name constraint to
issue a certificate with a prohibited DN.
Fix a bug in the TLS server during client authentication where where if a
(disabled by default) static RSA ciphersuite was selected, then no certificate
request would be sent. This would have an equivalent effect to a client which
simply replied with an empty Certificate message. (GH #2367)
Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
a result AES is now constant time on all processors. (GH #2346 #2348 #2353
#2329 #2355)
In TLS, enforce that the key usage given in the server certificate allows the
operation being performed in the ciphersuite. (GH #2367)
In X.509 certificates, verify that the algorithm parameters are the expected
NULL or empty. (GH #2367)
Change the HMAC key schedule to attempt to reduce the information leaked from
the key schedule with regards to the length of the key, as this is at times (as
for example in PBKDF2) sensitive information. (GH #2362)
Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
previous RDRAND_RNG interface is deprecated. (GH #2352)
The documentation claimed that mlocked pages were created with a guard page
both before and after. However only a trailing guard page was used. Add a
leading guard page. (GH #2334)
Add support for generating and verifying DER-encoded ECDSA signatures in the C
and Python interfaces. (GH #2357 #2356)
Workaround a bug in GCCs UbSan which triggered on a code sequence in XMSS (GH
#2322)
When building documentation using Sphinx avoid parallel builds with version 3.0
due to a bug in that version (GH #2326 #2324)
Fix a memory leak in the CommonCrypto block cipher calls (GH #2371)
Fix a flaky test that would occasionally fail when running the tests with a
large number of threads. (GH #2325 #2197)
Additional algorithms are now deprecated: XTEA, GOST, and Tiger. They will be
removed in a future major release.
-------------------------------------------------------------------
Wed Apr 8 08:19:50 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>

View File

@ -16,10 +16,10 @@
#
%define version_suffix 2-13
%define version_suffix 2-15
%define short_version 2
Name: Botan
Version: 2.14.0
Version: 2.15.0
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause

View File

@ -1,4 +1,4 @@
libbotan-2-13
libbotan-2-15
libbotan-devel
requires -libbotan-<targettype> = <version>
requires "libbotan-2-13-<targettype> = <version>"
requires "libbotan-2-15-<targettype> = <version>"