From b1aadb78c2655c7acf3c32ebe4ca9d100d03977e8b6ef4b04de3266c20108db5 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 4 Apr 2018 10:16:36 +0000 Subject: [PATCH] Accepting request 593097 from home:dmolkentin:branches:devel:libraries:c_c++ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to Botan 2.5 * Fix error in certificate wildcard matching (CVE-2018-9127), where a wildcard cert for b*.example.com would be accepted as a match for any host with name *b*.example.com (GH #1519) * Add support for RSA-PSS signatures in TLS (GH #1285) * Ed25519 certificates are now supported (GH #1501) * Many optimizations in ECC operations. ECDSA signatures are 8-10 times faster. ECDSA verification is about twice as fast. ECDH key agreement is 3-4 times faster. (GH #1457 #1478) * Implement product scanning Montgomery reduction, which improves Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH #1472) * DSA signing and verification performance has improved by 30-50%. * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) * Add new TLS::Callbacks methods that allow creating or removing extensions, as well as examining extensions sent by the peer (GH #1394 #1186) * Add new TLS::Callbacks methods that allow an application to negotiate use of custom elliptic curves. (GH #1448) * Add ability to create custom elliptic curves (GH #1441 #1444) * Add support for POWER8 AES instructions (GH #1459 #1393 #1206) * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502 #986) * The default encoding of ECC public keys has changed from compressed to uncompressed point representation. This improves compatability with some common software packages including Golang’s standard library. (GH #1480 #1483) * It is now possible to create DNs with custom components. (GH #1490 #1492) * It is now possible to specify the serial number of created certificates, instead of using the default 128-bit random integer. (GH #1489 #1491) OBS-URL: https://build.opensuse.org/request/show/593097 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=79 --- Botan-2.4.0.tgz | 3 -- Botan-2.4.0.tgz.asc | 11 ---- Botan-2.5.0.tgz | 3 ++ Botan-2.5.0.tgz.asc | 11 ++++ Botan.changes | 119 ++++++++++++++++++++++++++++++++++++++++++-- Botan.spec | 4 +- baselibs.conf | 4 +- 7 files changed, 134 insertions(+), 21 deletions(-) delete mode 100644 Botan-2.4.0.tgz delete mode 100644 Botan-2.4.0.tgz.asc create mode 100644 Botan-2.5.0.tgz create mode 100644 Botan-2.5.0.tgz.asc diff --git a/Botan-2.4.0.tgz b/Botan-2.4.0.tgz deleted file mode 100644 index 9d35abd..0000000 --- a/Botan-2.4.0.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed9464e2a5cfee4cd3d9bd7a8f80673b45c8a0718db2181a73f5465a606608a5 -size 6530714 diff --git a/Botan-2.4.0.tgz.asc b/Botan-2.4.0.tgz.asc deleted file mode 100644 index ab2319d..0000000 --- a/Botan-2.4.0.tgz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlpTjj0ACgkQYhHr8e+6 -37y8gQf/Z9fXByA70qe3CRKpdO3WYiHTg4ff0YyRPCN5Ud5Sp5nWncyNpdDGgD/l -HjBL6nAydp1g/3M2JLpIuepkqwP8iZLw3ZA+3eDhlnbNAY0sw+0SGpqVrv5zE57j -F69c+ZYqXkabFNBGZHtTilevYyW29G8i0dbCyzYxX2JOAu0JoRs2IYDRYUl60Fz9 -TYCBZjcOGFw7FdE33dR4paRziSOMJV0RsnMRquM0P/CvFn6k/UG2Wx/s+UrhD2Oy -f5t/N5cs8jahQaOYXft0V+Bgv8JyA8mHerxSioI7z10dIYQykAnpkX3x1k8vbJRn -LKIAvJaMDKGMNw4xarWLUqqtShMwUw== -=DSh9 ------END PGP SIGNATURE----- diff --git a/Botan-2.5.0.tgz b/Botan-2.5.0.tgz new file mode 100644 index 0000000..48053b8 --- /dev/null +++ b/Botan-2.5.0.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b8a31fe03e7f048a5bd3967ecd04b6a48966215e78792df06e333b0eede4fb1b +size 6596225 diff --git a/Botan-2.5.0.tgz.asc b/Botan-2.5.0.tgz.asc new file mode 100644 index 0000000..6629625 --- /dev/null +++ b/Botan-2.5.0.tgz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlrCMRMACgkQYhHr8e+6 +37yzrAf/aiXeISEKVstL7x5thRR9iz9L1KqzQXDBQOxTYeilEGcvuddqYfJ8f6hY +zaFSigYLDjX1i8lDprtCV0JwluW9HCgF9JfZnzLPgn6JdGmvHGc/c0OPHV0iUlhX +cUfRwVF/lburg3HD139KvaKJycJOa6KWhaQImpTA8l+Xh819Q8Zd51w8PbnBKAOn +7xVlOqdj5Pe10qn5LOsaHEzsbTGpqbvYlr1vfZwQym0lilpjabMZvX6nZKE9a6gf +rYrv+m9uriDBqlmn+RlwgZwBlrjnEse1b9pXMZpkbzcQlH6KEWYxdvSmITTrCPG3 +61LP5ZIjp0U0bwgHHGlZjY3oMjA6kw== +=Wj1M +-----END PGP SIGNATURE----- diff --git a/Botan.changes b/Botan.changes index 478c7e8..99c41b1 100644 --- a/Botan.changes +++ b/Botan.changes @@ -1,3 +1,119 @@ +------------------------------------------------------------------- +Tue Apr 3 08:06:46 UTC 2018 - daniel.molkentin@suse.com + +- Update to Botan 2.5 + + * Fix error in certificate wildcard matching (CVE-2018-9127), where a + wildcard cert for b*.example.com would be accepted as a match for any host + with name *b*.example.com (GH #1519) + + * Add support for RSA-PSS signatures in TLS (GH #1285) + + * Ed25519 certificates are now supported (GH #1501) + + * Many optimizations in ECC operations. ECDSA signatures are 8-10 times + faster. ECDSA verification is about twice as fast. ECDH key agreement is + 3-4 times faster. (GH #1457 #1478) + + * Implement product scanning Montgomery reduction, which improves + Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH + #1472) + + * DSA signing and verification performance has improved by 30-50%. + + * Add a new Credentials_Manager callback that specifies which CAs the server + has indicated it trusts (GH #1395 fixing #1261) + + * Add new TLS::Callbacks methods that allow creating or removing extensions, + as well as examining extensions sent by the peer (GH #1394 #1186) + + * Add new TLS::Callbacks methods that allow an application to negotiate use + of custom elliptic curves. (GH #1448) + + * Add ability to create custom elliptic curves (GH #1441 #1444) + + * Add support for POWER8 AES instructions (GH #1459 #1393 #1206) + + * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502 + #986) + + * The default encoding of ECC public keys has changed from compressed to + uncompressed point representation. This improves compatability with some + common software packages including Golang’s standard library. (GH #1480 + #1483) + + * It is now possible to create DNs with custom components. (GH #1490 #1492) + + * It is now possible to specify the serial number of created certificates, + instead of using the default 128-bit random integer. (GH #1489 #1491) + + * Change DL_Group and EC_Group to store their data as shared_ptr for fast + copying. Also both classes precompute additional useful values (eg for + modular reductions). (GH #1435 #1454) + + * Make it possible for PKCS10 requests to include custom extensions. This + also makes it possible to use muliple SubjectAlternativeNames of a single + type in a request, which was previously not possible. (GH #1429 #1428) + + * Add new optimized interface for FE1 format preserving encryption. By + caching a number of values computed in the course of the FPE calculation, + it provides a 6-7x speedup versus the old API. (GH #1469) + + * Add DSA and ElGamal keygen functions to FFI (#1426) + + * Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402) + + * Fix a memory leak in the OpenSSL block cipher integration, introduced in + * 2.2.0 + + * Use an improved algorithm for generating safe primes which is several tens + of times faster. Also, fix a bug in the prime sieving algorithm which + caused standard prime generation (like for RSA keys) to be slower than + necessary. (GH #1413 #1411) + + * Correct the return value of PK_Encryptor::maximum_input_size which reported + a much too small value (GH #1410) + + * Remove use of CPU specific optimization flags, instead the user should set + these via CXXFLAGS if desired. (GH #1392) + + * Resolve an issue that would cause a crash in the tests if they were run on + a machine without SSE2/NEON/VMX instructions. (GH #1495) + + * The Python module now tries to load DLLs from a list of names and uses the + first one which successfully loads and indicates it supports the desired + API level. (GH #1497) + + * Various minor optimizations for SHA-3 (GH #1433 #1434) + + * The output of botan --help has been improved (GH #1387) + + * Add --der-format flag to command line utils, making it possible verify + DSA/ECDSA signatures generated by OpenSSL command line (GH #1409) + + * Add support for --library-suffix option to configure.py (GH #1405 #1404) + + * Use feature flags to enable/disable system specific code (GH #1378) + + * Add --msvc-runtime option to allow using static runtime (GH #1499 #210) + + * Add –enable-sanitizers= option to allow specifying which sanitizers to + enable. The existing --with-sanitizers option just enables some default set + which is known to work with the minimum required compiler versions. + + * Use either rst2man or rst2man.py for generating man page as distributions + differ on where this program is installed (GH #1516) + + * The threefish module has been renamed threefish_512 since that is the + algorithm it provides. (GH #1477) + + * The Perl XS based wrapper has been removed, as it was unmaintained and + broken. (GH #1412) + + * The sqlite3 encryption patch under contrib has been removed. It is still + maintained by the original author at + https://github.com/OlivierJG/botansqlite3 + ------------------------------------------------------------------- Fri Feb 16 16:07:40 UTC 2018 - sleep_walker@opensuse.org @@ -272,9 +388,6 @@ Thu Feb 8 14:11:08 UTC 2018 - sleep_walker@opensuse.org header. The timestamp can be set by passing it to the ``Gzip_Compression`` constructor. - * Resolve a performance regression on Windows involving the system - stats entropy source. (GH #1369) - * Add an OID for RIPEMD-160 * Fixes for CMake build (GH #1251) diff --git a/Botan.spec b/Botan.spec index 6bb4409..191988b 100644 --- a/Botan.spec +++ b/Botan.spec @@ -16,10 +16,10 @@ # -%define version_suffix 2-4 +%define version_suffix 2-5 %define short_version 2 Name: Botan -Version: 2.4.0 +Version: 2.5.0 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause diff --git a/baselibs.conf b/baselibs.conf index 74339b5..94d4550 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,4 +1,4 @@ -libbotan-2-4 +libbotan-2-5 libbotan-devel requires -libbotan- = - requires "libbotan-2-4- = " + requires "libbotan-2-5- = "