diff --git a/Botan-2.7.0.tgz b/Botan-2.7.0.tgz deleted file mode 100644 index 62ae869..0000000 --- a/Botan-2.7.0.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e42df91556317588c6ca0e41bf796f9bd5ec5c70e0668e6c97c608c697c24a90 -size 7021654 diff --git a/Botan-2.7.0.tgz.asc b/Botan-2.7.0.tgz.asc deleted file mode 100644 index 45d6f52..0000000 --- a/Botan-2.7.0.tgz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAls6K+sACgkQYhHr8e+6 -37yyPgf/Xcn08HUPP1tHLWsgVbhHdKUsoPyk8voQD1C1RRhS0pMPT8wq1sI0Ctws -QgF7iEk26UvXLrC99Ab29wivuN1AkBdx0D6g9AiTOEQII1uv5t5SXjXlO3z4W44+ -MS310sLnvQ2F2UUOzbEENh/nuFZragh6UGr5cIFGV+T2gCJQ+WKHMDMvOz2rYj5V -01fnTKzuAzm+9ym/R/0q4apfy9XoRZd5PXZil35xGfIZMlkkQ4cPm+fOx5RQJVZY -QHkakmiK6GJZmbJM1/fsh/IXEbCACQalrdtJxTXBWwWe5ngmBv/VeaKyf8UDR54s -il3+LFjya+xMvvUG4BGqKWWgiTOwRw== -=JXvm ------END PGP SIGNATURE----- diff --git a/Botan-2.9.0.tgz b/Botan-2.9.0.tgz new file mode 100644 index 0000000..14e69b6 --- /dev/null +++ b/Botan-2.9.0.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:305564352334dd63ae63db039077d96ae52dfa57a3248871081719b6a9f2d119 +size 7216373 diff --git a/Botan-2.9.0.tgz.asc b/Botan-2.9.0.tgz.asc new file mode 100644 index 0000000..bed13a2 --- /dev/null +++ b/Botan-2.9.0.tgz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlwvhrIACgkQYhHr8e+6 +37wBRwgAnguyxaItqDq9pXGwBgBmTCqowRs4eMW9F9UQlvxSANxNlQWb5Aocoo4L +7GYHAFusznMlXle5fs4PF5Viu3Vu+piF6RSWt9AzHxoKExeQHgAkot5ffm3ycAgB +R2xIbHnvX5EPK+BtOuTsDgK9iAocW99ZfvdSVbVNBPSenHZCyh29CbfOtBJnJ/RQ +rQULL/h2GJUGXjOIaGAfE9BPqiSGrITkm7NLfJ/YCY50RvhFbC5LBdeNrc33AfAy +C4p/kRKcQu0s4T0J3EuJxqd+EWykCcjrBH5rKUh0Gz1qSM2Sa+mc/q9t+Htyaj5m +NzHXFLeE49U/MEDwEQeLMVfSQvGrkQ== +=jN+6 +-----END PGP SIGNATURE----- diff --git a/Botan.changes b/Botan.changes index 2b78499..edf71ed 100644 --- a/Botan.changes +++ b/Botan.changes @@ -1,3 +1,192 @@ +------------------------------------------------------------------- +Thu Jan 10 10:04:33 UTC 2019 - Daniel Molkentin + +- Update to Botan 2.9 + + * Bump SONAME + + * CVE-2018-20187 Address a side channel during ECC key generation, which used an + unblinded Montgomery ladder. As a result, a timing attack can reveal + information about the high bits of the secret key. + + * Fix bugs in TLS which caused negotiation failures when the client used an + unknown signature algorithm or version (GH #1711 #1709 #1708) + + * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data + was set after starting a message, the new AD was not reflected in the produced + tag. Now with these modes setting an AD after beginning a message throws an + exception. + + * Use a smaller sieve which improves performance of prime generation. + + * Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256 + GB. (GH #1728) + + * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729) + + * Optimize AVX2 ChaCha (GH #1730) + + * Many more operations in BigInt, ECC and RSA code paths are either fully const + time or avoid problematic branches that could potentially be exploited in a + side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765 + #1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797) + + * Several optimizations for BigInt and ECC, improving ECDSA performance by as + much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788) + + * Support recovering an ECDSA public key from a message/signature pair (GH #664 + #1784) + + * Add base58 encoding/decoding functions (GH #1783) + + * In the command line interface, add support for reading passphrases from the + terminal with echo disabled (GH #1756) + + * Add CT::Mask type to simplify const-time programming (GH #1751) + + * Add new configure options --disable-bmi2, --disable-rdrand, and + --disable-rdseed to prevent use of those instruction sets. + + * Add error_type and error_code functions to Exception type (GH #1744) + + * Now on POSIX systems posix_memalign is used instead of mmap for allocating the + page-locked memory pool. This avoids issues with fork. (GH #602 #1798) + + * When available, use RDRAND to generate the additional data in + Stateful_RNG::randomize_with_ts_input + + * Use vzeroall/vzeroupper intrinsics to avoid AVX2/SSE transition penalties. + + * Support for Visual C++ 2013 has been removed (GH #1557 #1697) + + * Resolve a memory leak when verifying ECDSA signatures with versions of OpenSSL + before 1.1.0 (GH #1698) + + * Resolve a memory leak using ECDH via OpenSSL (GH #1767) + + * Fix an error in XTS which prohibited encrypting values which were exactly the + same length as the underlying block size. Messages of this size are allowed by + the standard and other XTS implementations. (GH #1706) + + * Resolve a bug in TSS which resulted in it using an incorrect length field in + the shares. Now the correct length is encoded, but either correct or buggy + lengths are accepted when decoding. (GH #1722) + + * Correct a bug when reducing a negative BigInt modulo a small power of 2. (GH + #1755) + + * Add CLI utils for threshold secret splitting. (GH #1722) + + * Fix a bug introduced in 2.8.0 that caused compilation failure if using a single + amalgamation file with AVX2 enabled. (GH #1700) + + * Add an explicit OS target for Emscripten and improve support for it. (GH #1702) + + * Fix small issues when building for QNX + + * Switch the Travis CI build to using Ubuntu 16.04 (GH #1767) + + * Add options to configure.py to disable generation of pkg-config file, and (for + systems where pkg-config support defaults to off, like Windows), to enable + generating it. (GH #1268) + + * Modify configure.py to accept empty lists or trailing/extra commas. (GH #1705) + +- Update to Botan 2.8 + + * Add support for using Apple CommonCrypto library for hashing (GH #1667), + cipher modes (GH #1674) and block ciphers (GH #1673). + + * Support for negotiating TLS versions 1.0 and 1.1 is disabled in the default + TLS policy. In addition, support for negotiating TLS ciphersuites using CBC + or CCM mode is disabled by default. Applications which need to interop with + old peers must enable these in their TLS policy object. (GH #1651) + + * During primality testing, use a Lucas test in addition to Miller-Rabin. It + is possible to construct a composite integer which passes n Miller-Rabin + tests with probability (1/4)^n. So for a incautious verifier using a small + number of tests (under 16 or so) it is possible if unlikely they would + accept such a composite as prime. Adding a Lucas test precludes such an + attack. (GH #1636) + + * Add XChaCha and XChaCha20Poly1305 (GH #1640) + + * Add AVX2 implementations of ChaCha (GH #1662) and Serpent (GH #1660) + + * Add a new password hashing interface in pwdhash.h (GH #1670) + + * C binding improvements. Added functions to get name and supported + keylengths of cipher, hash and MAC objects, support for FE1 format + preserving encryption (GH #1625 #1646), functions to load and save RSA keys + in PKCS #1 format (GH #1621), HOTP and TOTP algorithms, scrypt, certificate + verification (GH #1647), functions to get the output length of public key + operations (GH #1642), and functions for loading and serializing X25519 + keys (GH #1681) + + * Support for building with BOTAN_MP_WORD_BITS set to 8 or 16 has been removed. + + * Previously SM2 had two distinct key types, one for signatures and another + for encryption. They have now been merged into a single key type since in + practice it seems the same key is at times used for both operations. (GH + #1637) + + * The Cipher_Mode class now derives from SymmetricAlgorithm (GH #1639) + + * Add support for using the ARMv8 instructions for SM4 encryption (GH #1622) + + * The entropy source using SecRandomCopyBytes has been removed as it was + redundant with other entropy sources (GH #1668) + + * The Python module has much better error checking and reporting, and offers + new functionality such as scrypt, MPI and FPE. (GH #1643 #1646) + + * Fixed a bug that caused CCM to fail with an exception when used with L=8 (GH #1631 #1632) + + * The default bcrypt work factor has been increased from 10 to 12. + + * The default algorithm used in passhash9 has changed from SHA-256 to + SHA-512, and the default work factor increased from 10 to 15. + + * In ECC private keys, include the public key data for compatibility with GnuTLS (GH #1634 #1635) + + * Add support for using Linux getrandom syscall to access the system PRNG. + This is disabled by default, use --with-os-feature=getrandom to enable. + + * It is now possible to encrypt private keys using SIV mode. + + * The FFI function botan_privkey_load now ignores its rng argument. + + * Resolve a problem when building under Visual C++ 15.8 (GH #1624) + + * Fix a bug in XSalsa20 (192-bit Salsa nonces) where if set_iv was called + twice without calling set_key, the resulting encryption was incorrect. (GH + #1640) + + * Handle an error seen when verifying invalid ECDSA signatures using LibreSSL + on non x86-64 platforms (GH #1627 #1628) + + * Fix bugs in PKCS7 and X9.23 CBC padding schemes, which would ignore the + first byte in the event the padding took up the entire block. (GH #1690) + + * Correct bugs which would cause CFB, OCB, and GCM modes to crash when they + were used in an unkeyed state. (GH #1639) + + * Optimizations for SM4 and Poly1305 + + * Avoid a cache side channel in the AES key schedule + + * Add pk_encrypt and pk_decrypt CLI operations + + * Now asn1print CLI defaults to printing context-specific fields. + + * Use codec_base for Base64, which matches how Base32 is implemented (GH #1597) + + * The cast module has been split up into cast128 and cast256 (GH #1685) + + * When building under Visual C++ 2013, the user must acknowledge the upcoming + removal of support using the configure.py flag --ack-vc2013-deprecated (GH + #1557) + ------------------------------------------------------------------- Tue Jul 31 10:44:02 UTC 2018 - daniel.molkentin@suse.com diff --git a/Botan.spec b/Botan.spec index 7270256..08f7ff5 100644 --- a/Botan.spec +++ b/Botan.spec @@ -1,7 +1,7 @@ # # spec file for package Botan # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,14 +12,14 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define version_suffix 2-7 +%define version_suffix 2-9 %define short_version 2 Name: Botan -Version: 2.7.0 +Version: 2.9.0 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause diff --git a/baselibs.conf b/baselibs.conf index a6651b2..63e278c 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,4 +1,4 @@ -libbotan-2-7 +libbotan-2-9 libbotan-devel requires -libbotan- = requires "libbotan-2-7- = "