SHA256
1
0
forked from pool/Botan

Accepting request 595519 from home:dmolkentin:branches:devel:libraries:c_c++

- Update to Botan 2.6
  * CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a
    malformed ciphertext cause the decryptor to read and HMAC an additional 64K
    bytes of data which is not part of the record. This could cause a crash if
    the read went into unmapped memory. No information leak or out of bounds
    write occurs.
  * Add support for OAEP labels (GH #1508)
  * RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster.
  * Add exponent blinding to RSA (GH #1523)
  * Add Cipher_Mode::create and AEAD_Mode::create (GH #1527)
  * Fix bug in TLS server introduced in 2.5 which caused connection to fail if
    the client offered any signature algorithm not known to the server (for
    example RSA/SHA-224).
  * Fix a bug in inline asm that would with GCC 7.3 cause incorrect
    computations and an infinite loop during the tests. (GH #1524 #1529)

OBS-URL: https://build.opensuse.org/request/show/595519
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=82
This commit is contained in:
Daniel Molkentin 2018-04-11 08:07:34 +00:00 committed by Git OBS Bridge
parent 89a3b0e9cb
commit cb392e42e0
6 changed files with 41 additions and 15 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b8a31fe03e7f048a5bd3967ecd04b6a48966215e78792df06e333b0eede4fb1b
size 6596225

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlrCMRMACgkQYhHr8e+6
37yzrAf/aiXeISEKVstL7x5thRR9iz9L1KqzQXDBQOxTYeilEGcvuddqYfJ8f6hY
zaFSigYLDjX1i8lDprtCV0JwluW9HCgF9JfZnzLPgn6JdGmvHGc/c0OPHV0iUlhX
cUfRwVF/lburg3HD139KvaKJycJOa6KWhaQImpTA8l+Xh819Q8Zd51w8PbnBKAOn
7xVlOqdj5Pe10qn5LOsaHEzsbTGpqbvYlr1vfZwQym0lilpjabMZvX6nZKE9a6gf
rYrv+m9uriDBqlmn+RlwgZwBlrjnEse1b9pXMZpkbzcQlH6KEWYxdvSmITTrCPG3
61LP5ZIjp0U0bwgHHGlZjY3oMjA6kw==
=Wj1M
-----END PGP SIGNATURE-----

3
Botan-2.6.0.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c1f261555bba702c73608dde7bd743ef2d6377a41a1c295915b25c5babaf5cc5
size 6599127

11
Botan-2.6.0.tgz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlrMubEACgkQYhHr8e+6
37ycHgf/R0IMmiQLI+ycU3GaTV/GsjJxcBE44NCwJPUBxqgvjNpY7sUv5ROkaKy5
wSKVneOjZf8KJSEZlb3FqYuGLEsph6e0qO0C8wjKGJs4Le1kVp6oJaKI6AXaDUHf
EbKYRXDiSGnAbA57ncFOICNHXKjvj9E7NdxbYVLLak9ILzGAKH7gouCYLEIil0mx
pfpb4FEoWYIJoKCGyBFZrdRYtBAEUG15QASJ5UDbCF2io4BL1T07cCeD3TnoHmwd
3PXCaD6cE9c2p3cDuXsYStpPK8yCPr4F6gBQrJeP3x/wndK6j8JhuqsVQzXaTJm6
vYCQEzULrRqVkfTDl1j8FtaWi0s5UA==
=MSIv
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Tue Apr 10 15:07:00 UTC 2018 - daniel.molkentin@suse.com
- Update to Botan 2.6
* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a
malformed ciphertext cause the decryptor to read and HMAC an additional 64K
bytes of data which is not part of the record. This could cause a crash if
the read went into unmapped memory. No information leak or out of bounds
write occurs.
* Add support for OAEP labels (GH #1508)
* RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster.
* Add exponent blinding to RSA (GH #1523)
* Add Cipher_Mode::create and AEAD_Mode::create (GH #1527)
* Fix bug in TLS server introduced in 2.5 which caused connection to fail if
the client offered any signature algorithm not known to the server (for
example RSA/SHA-224).
* Fix a bug in inline asm that would with GCC 7.3 cause incorrect
computations and an infinite loop during the tests. (GH #1524 #1529)
-------------------------------------------------------------------
Tue Apr 3 08:06:46 UTC 2018 - daniel.molkentin@suse.com

View File

@ -19,7 +19,7 @@
%define version_suffix 2-5
%define short_version 2
Name: Botan
Version: 2.5.0
Version: 2.6.0
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause