Accepting request 593097 from home:dmolkentin:branches:devel:libraries:c_c++

- Update to Botan 2.5
  * Fix error in certificate wildcard matching (CVE-2018-9127), where a
    wildcard cert for b*.example.com would be accepted as a match for any host
    with name *b*.example.com (GH #1519)
  * Add support for RSA-PSS signatures in TLS (GH #1285)
  * Ed25519 certificates are now supported (GH #1501)
  * Many optimizations in ECC operations. ECDSA signatures are 8-10 times
    faster. ECDSA verification is about twice as fast. ECDH key agreement is
    3-4 times faster. (GH #1457 #1478)
  * Implement product scanning Montgomery reduction, which improves
    Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
    #1472)
  * DSA signing and verification performance has improved by 30-50%.
  * Add a new Credentials_Manager callback that specifies which CAs the server
    has indicated it trusts (GH #1395 fixing #1261)
  * Add new TLS::Callbacks methods that allow creating or removing extensions,
    as well as examining extensions sent by the peer (GH #1394 #1186)
  * Add new TLS::Callbacks methods that allow an application to negotiate use
    of custom elliptic curves. (GH #1448)
  * Add ability to create custom elliptic curves (GH #1441 #1444)
  * Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
  * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
    #986)
  * The default encoding of ECC public keys has changed from compressed to
    uncompressed point representation. This improves compatability with some
    common software packages including Golang’s standard library. (GH #1480
    #1483)
  * It is now possible to create DNs with custom components. (GH #1490 #1492)
  * It is now possible to specify the serial number of created certificates,
    instead of using the default 128-bit random integer. (GH #1489 #1491)

OBS-URL: https://build.opensuse.org/request/show/593097
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=79

Botan-2.4.0.tgz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ed9464e2a5cfee4cd3d9bd7a8f80673b45c8a0718db2181a73f5465a606608a5
-size 6530714

Botan-2.4.0.tgz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlpTjj0ACgkQYhHr8e+6
-37y8gQf/Z9fXByA70qe3CRKpdO3WYiHTg4ff0YyRPCN5Ud5Sp5nWncyNpdDGgD/l
-HjBL6nAydp1g/3M2JLpIuepkqwP8iZLw3ZA+3eDhlnbNAY0sw+0SGpqVrv5zE57j
-F69c+ZYqXkabFNBGZHtTilevYyW29G8i0dbCyzYxX2JOAu0JoRs2IYDRYUl60Fz9
-TYCBZjcOGFw7FdE33dR4paRziSOMJV0RsnMRquM0P/CvFn6k/UG2Wx/s+UrhD2Oy
-f5t/N5cs8jahQaOYXft0V+Bgv8JyA8mHerxSioI7z10dIYQykAnpkX3x1k8vbJRn
-LKIAvJaMDKGMNw4xarWLUqqtShMwUw==
-=DSh9
------END PGP SIGNATURE-----

Botan-2.5.0.tgz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b8a31fe03e7f048a5bd3967ecd04b6a48966215e78792df06e333b0eede4fb1b
+size 6596225

Botan-2.5.0.tgz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlrCMRMACgkQYhHr8e+6
+37yzrAf/aiXeISEKVstL7x5thRR9iz9L1KqzQXDBQOxTYeilEGcvuddqYfJ8f6hY
+zaFSigYLDjX1i8lDprtCV0JwluW9HCgF9JfZnzLPgn6JdGmvHGc/c0OPHV0iUlhX
+cUfRwVF/lburg3HD139KvaKJycJOa6KWhaQImpTA8l+Xh819Q8Zd51w8PbnBKAOn
+7xVlOqdj5Pe10qn5LOsaHEzsbTGpqbvYlr1vfZwQym0lilpjabMZvX6nZKE9a6gf
+rYrv+m9uriDBqlmn+RlwgZwBlrjnEse1b9pXMZpkbzcQlH6KEWYxdvSmITTrCPG3
+61LP5ZIjp0U0bwgHHGlZjY3oMjA6kw==
+=Wj1M
+-----END PGP SIGNATURE-----

Botan.changes

@@ -1,3 +1,119 @@
+-------------------------------------------------------------------
+Tue Apr  3 08:06:46 UTC 2018 - daniel.molkentin@suse.com
+
+- Update to Botan 2.5
+
+  * Fix error in certificate wildcard matching (CVE-2018-9127), where a
+    wildcard cert for b*.example.com would be accepted as a match for any host
+    with name *b*.example.com (GH #1519)
+
+  * Add support for RSA-PSS signatures in TLS (GH #1285)
+
+  * Ed25519 certificates are now supported (GH #1501)
+
+  * Many optimizations in ECC operations. ECDSA signatures are 8-10 times
+    faster. ECDSA verification is about twice as fast. ECDH key agreement is
+    3-4 times faster. (GH #1457 #1478)
+
+  * Implement product scanning Montgomery reduction, which improves
+    Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
+    #1472)
+
+  * DSA signing and verification performance has improved by 30-50%.
+
+  * Add a new Credentials_Manager callback that specifies which CAs the server
+    has indicated it trusts (GH #1395 fixing #1261)
+
+  * Add new TLS::Callbacks methods that allow creating or removing extensions,
+    as well as examining extensions sent by the peer (GH #1394 #1186)
+
+  * Add new TLS::Callbacks methods that allow an application to negotiate use
+    of custom elliptic curves. (GH #1448)
+
+  * Add ability to create custom elliptic curves (GH #1441 #1444)
+
+  * Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
+
+  * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
+    #986)
+
+  * The default encoding of ECC public keys has changed from compressed to
+    uncompressed point representation. This improves compatability with some
+    common software packages including Golang’s standard library. (GH #1480
+    #1483)
+
+  * It is now possible to create DNs with custom components. (GH #1490 #1492)
+
+  * It is now possible to specify the serial number of created certificates,
+    instead of using the default 128-bit random integer. (GH #1489 #1491)
+
+  * Change DL_Group and EC_Group to store their data as shared_ptr for fast
+    copying. Also both classes precompute additional useful values (eg for
+    modular reductions). (GH #1435 #1454)
+
+  * Make it possible for PKCS10 requests to include custom extensions. This
+    also makes it possible to use muliple SubjectAlternativeNames of a single
+    type in a request, which was previously not possible. (GH #1429 #1428)
+
+  * Add new optimized interface for FE1 format preserving encryption. By
+    caching a number of values computed in the course of the FPE calculation,
+    it provides a 6-7x speedup versus the old API. (GH #1469)
+
+  * Add DSA and ElGamal keygen functions to FFI (#1426)
+
+  * Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402)
+
+  * Fix a memory leak in the OpenSSL block cipher integration, introduced in
+  * 2.2.0
+
+  * Use an improved algorithm for generating safe primes which is several tens
+    of times faster. Also, fix a bug in the prime sieving algorithm which
+    caused standard prime generation (like for RSA keys) to be slower than
+    necessary. (GH #1413 #1411)
+
+  * Correct the return value of PK_Encryptor::maximum_input_size which reported
+    a much too small value (GH #1410)
+
+  * Remove use of CPU specific optimization flags, instead the user should set
+    these via CXXFLAGS if desired. (GH #1392)
+
+  * Resolve an issue that would cause a crash in the tests if they were run on
+    a machine without SSE2/NEON/VMX instructions. (GH #1495)
+
+  * The Python module now tries to load DLLs from a list of names and uses the
+    first one which successfully loads and indicates it supports the desired
+    API level. (GH #1497)
+
+  * Various minor optimizations for SHA-3 (GH #1433 #1434)
+
+  * The output of botan --help has been improved (GH #1387)
+
+  * Add --der-format flag to command line utils, making it possible verify
+    DSA/ECDSA signatures generated by OpenSSL command line (GH #1409)
+
+  * Add support for --library-suffix option to configure.py (GH #1405 #1404)
+
+  * Use feature flags to enable/disable system specific code (GH #1378)
+
+  * Add --msvc-runtime option to allow using static runtime (GH #1499 #210)
+
+  * Add –enable-sanitizers= option to allow specifying which sanitizers to
+    enable. The existing --with-sanitizers option just enables some default set
+    which is known to work with the minimum required compiler versions.
+
+  * Use either rst2man or rst2man.py for generating man page as distributions
+    differ on where this program is installed (GH #1516)
+
+  * The threefish module has been renamed threefish_512 since that is the
+    algorithm it provides. (GH #1477)
+
+  * The Perl XS based wrapper has been removed, as it was unmaintained and
+    broken. (GH #1412)
+
+  * The sqlite3 encryption patch under contrib has been removed. It is still
+    maintained by the original author at
+    https://github.com/OlivierJG/botansqlite3
+
 -------------------------------------------------------------------
 Fri Feb 16 16:07:40 UTC 2018 - sleep_walker@opensuse.org
 
@@ -272,9 +388,6 @@ Thu Feb  8 14:11:08 UTC 2018 - sleep_walker@opensuse.org
     header.  The timestamp can be set by passing it to the
     ``Gzip_Compression`` constructor.
 
-  * Resolve a performance regression on Windows involving the system
-    stats entropy source. (GH #1369)
-
   * Add an OID for RIPEMD-160
 
   * Fixes for CMake build (GH #1251)

Botan.spec

@@ -16,10 +16,10 @@
 #
 
 
-%define version_suffix 2-4
+%define version_suffix 2-5
 %define short_version 2
 Name:           Botan
-Version:        2.4.0
+Version:        2.5.0
 Release:        0
 Summary:        A C++ Crypto Library
 License:        BSD-2-Clause

baselibs.conf

@@ -1,4 +1,4 @@
-libbotan-2-4
+libbotan-2-5
 libbotan-devel
 	requires -libbotan-<targettype> = <version>
-	requires "libbotan-2-4-<targettype> = <version>"
+	requires "libbotan-2-5-<targettype> = <version>"