SHA256
1
0
forked from pool/Botan
Commit Graph

67 Commits

Author SHA256 Message Date
Dominique Leuenberger
1ae618f0b9 Accepting request 447972 from devel:libraries:c_c++
Fix the last known security bug

OBS-URL: https://build.opensuse.org/request/show/447972
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=41
2017-01-15 10:09:49 +00:00
Philipp Thomas
775d045da9 - Update to 1.10.14
* Fix integer overflow during BER decoding, found by Falko Strenzke.
      This bug is not thought to be directly exploitable but upgrading ASAP
      is advised. (CVE-2016-9132)
    * Fix two cases where (in error situations) an exception would be
      thrown from a destructor, causing a call to std::terminate.
    * When RC4 is disabled in the build, also prevent it from being
      included in the OpenSSL provider. (GH #638)
  * Use constant time modular inverse algorithm to avoid possible side 
    channel attack against ECDSA (CVE-2016-2849)
  * Use constant time PKCS #1 unpadding to avoid possible side channel
    attack against RSA decryption (CVE-2015-7827)
  * Avoid a compilation problem in OpenSSL engine when ECDSA was
    disabled. Gentoo bug 542010

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=62
2016-12-28 12:34:03 +00:00
Dominique Leuenberger
e2dec8dc08 Accepting request 440337 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/440337
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=40
2016-11-16 12:46:17 +00:00
da9ea5b459 Accepting request 440097 from home:netsroth:branches:devel:libraries:c_c++
Update to 1.10.13

OBS-URL: https://build.opensuse.org/request/show/440097
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=60
2016-11-15 09:07:39 +00:00
Dominique Leuenberger
43b484b8b3 Accepting request 395169 from devel:libraries:c_c++
Fix paths

OBS-URL: https://build.opensuse.org/request/show/395169
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=39
2016-05-19 10:04:18 +00:00
Philipp Thomas
e6d452b4ab Accepting request 395112 from home:dfaure:branches:devel:libraries:c_c++
Fix paths in botan-config and .pc files, cleanup Qt dependency

OBS-URL: https://build.opensuse.org/request/show/395112
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=58
2016-05-13 09:33:07 +00:00
Dominique Leuenberger
638e78b73c Accepting request 357528 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/357528
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=38
2016-02-11 11:32:24 +00:00
Ismail Dönmez
d9be67b223 Accepting request 357517 from home:stroeder:branches:devel:libraries:c_c++
update to 1.10.12 (somewhat a security update)

OBS-URL: https://build.opensuse.org/request/show/357517
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=56
2016-02-03 12:16:12 +00:00
Dominique Leuenberger
b87bff91aa Accepting request 350686 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/350686
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=37
2015-12-27 00:58:45 +00:00
Ismail Dönmez
47190eff56 Accepting request 350661 from home:pluskalm:branches:devel:libraries:c_c++
- Add gpg signature
- Cleanup spec file with spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/350661
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=54
2015-12-24 13:34:07 +00:00
Dominique Leuenberger
dff41aed89 Accepting request 323035 from devel:libraries:c_c++
- Fix Source0 URL

- bump SONAME to libbotan-1_10-1
- Update to 1.10.10
  * SECURITY: The BER decoder would crash due to reading from offset 0
    of an empty vector if it encountered a BIT STRING which did not
    contain any data at all. As the type requires a 1 byte field this
    is not valid BER but could occur in malformed data. Found with
    afl. CVE-2015-5726
  * SECURITY: The BER decoder would allocate a fairly arbitrary amount
    of memory in a length field, even if there was no chance the read
    request would succeed. This might cause the process to run out of
    memory or invoke the OOM killer. Found with afl. CVE-2015-5727
  * Due to an ABI incompatible (though not API incompatible) change in
    this release, the version number of the shared object has been
    increased.
  * The default TLS policy no longer allows RC4.
  * Fix a signed integer overflow in Blue Midnight Wish that may cause
    incorrect computations or undefined behavior.
- Update to 1.10.9
  * Fixed EAX tag verification to run in constant time
  * The default TLS policy now disables SSLv3.
  * A crash could occur when reading from a blocking random device if
    the device initially indicated that entropy was available but a
    concurrent process drained the entropy pool before the read was
    initiated.
  * Fix decoding indefinite length BER constructs that contain a
    context sensitive tag of zero. Github pull 26 from Janusz Chorko.
  * The botan-config script previously tried to guess its prefix from
    the location of the binary. However this was error prone, and now

OBS-URL: https://build.opensuse.org/request/show/323035
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=36
2015-08-15 09:38:55 +00:00
Michal Vyskocil
45099f3156 - Fix Source0 URL
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=52
2015-08-14 08:58:15 +00:00
Michal Vyskocil
ee861a620e Accepting request 322627 from home:netsroth:branches:devel:libraries:c_c++
- bump SONAME to libbotan-1_10-1
- Update to 1.10.10
  * SECURITY: The BER decoder would crash due to reading from offset 0
    of an empty vector if it encountered a BIT STRING which did not
    contain any data at all. As the type requires a 1 byte field this
    is not valid BER but could occur in malformed data. Found with
    afl. CVE-2015-5726
  * SECURITY: The BER decoder would allocate a fairly arbitrary amount
    of memory in a length field, even if there was no chance the read
    request would succeed. This might cause the process to run out of
    memory or invoke the OOM killer. Found with afl. CVE-2015-5727
  * Due to an ABI incompatible (though not API incompatible) change in
    this release, the version number of the shared object has been
    increased.
  * The default TLS policy no longer allows RC4.
  * Fix a signed integer overflow in Blue Midnight Wish that may cause
    incorrect computations or undefined behavior.
- Update to 1.10.9
  * Fixed EAX tag verification to run in constant time
  * The default TLS policy now disables SSLv3.
  * A crash could occur when reading from a blocking random device if
    the device initially indicated that entropy was available but a
    concurrent process drained the entropy pool before the read was
    initiated.
  * Fix decoding indefinite length BER constructs that contain a
    context sensitive tag of zero. Github pull 26 from Janusz Chorko.
  * The botan-config script previously tried to guess its prefix from
    the location of the binary. However this was error prone, and now
    the script assumes the final installation prefix matches the value
    set during the build. Github issue 29.

OBS-URL: https://build.opensuse.org/request/show/322627
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=51
2015-08-14 05:57:04 +00:00
Stephan Kulow
cc42bf70b4 Accepting request 313845 from devel:libraries:c_c++
1

OBS-URL: https://build.opensuse.org/request/show/313845
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=35
2015-07-14 15:20:28 +00:00
3a6f9eff8a Accepting request 313592 from home:amazingfate
Some qt5 apps has "symbol lookup error", change the build dep to libqt5-qtbase-devel can solve it.

OBS-URL: https://build.opensuse.org/request/show/313592
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=49
2015-06-26 14:21:06 +00:00
Stephan Kulow
3dab71f13e Accepting request 233386 from devel:libraries:c_c++
- Update to 1.10.8
  * Fix a bug in primality testing introduced in 1.8.3 which caused
    only a single random base, rather than a sequence of random bases,
    to be used in the Miller-Rabin test. This increased the
    probability that a non-prime would be accepted, for instance a
    1024 bit number would be incorrectly classed as prime with
    probability around 2^-40. Reported by Jeff Marrison.
  * The key length limit on HMAC has been raised to 512 bytes,
    allowing the use of very long passphrases with PBKDF2.
- Update to 1.10.7
  * OAEP had two bugs, one of which allowed it to be used even if the
    key was too small, and the other of which would cause a crash
    during decryption if the EME data was too large for the associated
    key. (forwarded request 233310 from netsroth)

OBS-URL: https://build.opensuse.org/request/show/233386
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=33
2014-05-11 12:16:33 +00:00
Stephan Kulow
261d37f502 Accepting request 233310 from home:netsroth:branches:devel:libraries:c_c++
- Update to 1.10.8
  * Fix a bug in primality testing introduced in 1.8.3 which caused
    only a single random base, rather than a sequence of random bases,
    to be used in the Miller-Rabin test. This increased the
    probability that a non-prime would be accepted, for instance a
    1024 bit number would be incorrectly classed as prime with
    probability around 2^-40. Reported by Jeff Marrison.
  * The key length limit on HMAC has been raised to 512 bytes,
    allowing the use of very long passphrases with PBKDF2.
- Update to 1.10.7
  * OAEP had two bugs, one of which allowed it to be used even if the
    key was too small, and the other of which would cause a crash
    during decryption if the EME data was too large for the associated
    key.

OBS-URL: https://build.opensuse.org/request/show/233310
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=47
2014-05-10 21:01:59 +00:00
Stephan Kulow
c441eff24d Accepting request 224457 from devel:libraries:c_c++
- change license to BSD-2-Clause as requested by legal (forwarded request 224433 from oertel)

OBS-URL: https://build.opensuse.org/request/show/224457
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=32
2014-03-04 12:20:42 +00:00
Thorsten Behrens
fd5acb04b7 Accepting request 224433 from home:oertel:branches:devel:libraries:c_c++
- change license to BSD-2-Clause as requested by legal

OBS-URL: https://build.opensuse.org/request/show/224433
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=45
2014-03-03 13:59:48 +00:00
Stephan Kulow
a30db6ccc8 Accepting request 209925 from devel:libraries:c_c++
- Add ppc64le architecture
- added patches:
  * ppc64le-support.patch (forwarded request 209893 from k0da)

OBS-URL: https://build.opensuse.org/request/show/209925
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=31
2013-12-11 10:28:14 +00:00
Thorsten Behrens
89fb4566e2 Accepting request 209893 from openSUSE:Factory:PowerLE
- Add ppc64le architecture
- added patches:
  * ppc64le-support.patch

OBS-URL: https://build.opensuse.org/request/show/209893
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=43
2013-12-09 09:36:17 +00:00
Stephan Kulow
84b1674458 Accepting request 206606 from devel:libraries:c_c++
Update Botan to 1.10.6 (forwarded request 206590 from netsroth)

OBS-URL: https://build.opensuse.org/request/show/206606
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=30
2013-11-12 14:03:29 +00:00
Ismail Dönmez
e793bb0512 Accepting request 206590 from home:netsroth:branches:devel:libraries:c_c++
Update Botan to 1.10.6

OBS-URL: https://build.opensuse.org/request/show/206590
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=41
2013-11-12 09:09:16 +00:00
Stephan Kulow
cbd3f9a9b4 Accepting request 159819 from devel:libraries:c_c++
Update to 1.10.5 (forwarded request 159650 from cgiboudeaux)

OBS-URL: https://build.opensuse.org/request/show/159819
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=28
2013-03-19 11:10:52 +00:00
Ismail Dönmez
73ce913dff Accepting request 159650 from home:cgiboudeaux:branches:devel:libraries:c_c++
Update to 1.10.5

OBS-URL: https://build.opensuse.org/request/show/159650
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=39
2013-03-18 14:19:03 +00:00
Stephan Kulow
4f790a26f7 Accepting request 158550 from devel:libraries:c_c++
- aarch64-support.patch: add support for aarch64

OBS-URL: https://build.opensuse.org/request/show/158550
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=27
2013-03-12 10:06:36 +00:00
1a851e4a23 - aarch64-support.patch: add support for aarch64
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=37
2013-03-11 16:01:35 +00:00
Stephan Kulow
a404985fa7 Accepting request 135080 from devel:libraries:c_c++
Needed for upcoming qt-creator

OBS-URL: https://build.opensuse.org/request/show/135080
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=25
2012-09-20 13:59:55 +00:00
Stephan Kulow
20518965af Accepting request 134378 from home:posophe:branches:devel:libraries:c_c++
fix patch removing in .changes file

OBS-URL: https://build.opensuse.org/request/show/134378
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=35
2012-09-15 06:55:58 +00:00
Ismail Dönmez
7984e7d6ed Accepting request 131026 from devel:libraries:c_c++
- don't fiddle with march settings, we want the distro defaults
  (fixes build on ARM) (forwarded request 131010 from dirkmueller)

OBS-URL: https://build.opensuse.org/request/show/131026
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=24
2012-08-22 12:36:00 +00:00
Ismail Dönmez
f94b14708a Accepting request 131010 from openSUSE:Factory:ARM
- don't fiddle with march settings, we want the distro defaults
  (fixes build on ARM)

OBS-URL: https://build.opensuse.org/request/show/131010
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=33
2012-08-16 11:36:27 +00:00
Stephan Kulow
95885bdd9f Accepting request 102974 from devel:libraries:c_c++
- little spec cleanup

OBS-URL: https://build.opensuse.org/request/show/102974
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=22
2012-02-08 14:37:06 +00:00
Stephan Kulow
6be638a831 - little spec cleanup
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=30
2012-02-07 08:04:15 +00:00
0d353cf381 Resolve merge conflict in Botan.spec
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=29
2012-01-28 18:48:48 +00:00
Stephan Kulow
94a8273b73 replace license with spdx.org variant
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=21
2011-12-06 17:01:30 +00:00
Lars Vogdt
380230654c Accepting request 82563 from devel:libraries:c_c++
- Implement baselibs.conf for package
- Remove obsolete/redundant tags (forwarded request 82560 from jengelh)

OBS-URL: https://build.opensuse.org/request/show/82563
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=19
2011-09-19 13:23:34 +00:00
Ismail Dönmez
d6aaff58da Accepting request 82560 from home:jengelh:bl
- Implement baselibs.conf for package
- Remove obsolete/redundant tags

OBS-URL: https://build.opensuse.org/request/show/82560
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=26
2011-09-16 21:19:04 +00:00
Sascha Peilicke
c779c55db6 Autobuild autoformatter for 75336
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=18
2011-07-05 08:38:02 +00:00
OBS User buildservice-autocommit
0309c58460 Updating link to change in openSUSE:Factory/Botan revision 18.0
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=c4f91e22a81ee05fad9ddcf248a2e469
2011-07-05 08:38:02 +00:00
Sascha Peilicke
d3f2d5f848 Accepting request 75336 from devel:libraries:c_c++
Make Botan own its docdir

OBS-URL: https://build.opensuse.org/request/show/75336
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=17
2011-07-05 08:37:48 +00:00
Philipp Thomas
882de4a2a1 - Make package own its docdir.
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=24
2011-07-04 15:14:52 +00:00
0300c000ff merge
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=23
2011-06-23 13:42:03 +00:00
Sascha Peilicke
b587dcd5bd Autobuild autoformatter for 74320
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=16
2011-06-23 09:44:13 +00:00
OBS User buildservice-autocommit
7a20d1e80a Updating link to change in openSUSE:Factory/Botan revision 16.0
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=2294fd0853537035ee2a6369cc07016d
2011-06-23 09:44:13 +00:00
Sascha Peilicke
5dce1d2904 Accepting request 74320 from devel:libraries:c_c++
Update to 1.10.0

OBS-URL: https://build.opensuse.org/request/show/74320
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=15
2011-06-23 09:44:04 +00:00
Philipp Thomas
e9908b0d88 - Fix Requires for devel package.
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=19
2011-06-22 14:10:57 +00:00
Philipp Thomas
9cac7e1d7b - Devel package now is versioned so multiple devel packages may
be installed in parallel.
- Devel package renamed back to Botan-devel to keep rpmlint from
  thinking it is a library package ...

- Update to 1.10.0:
  New Features:
  * SSL (SSLv3, TLS 1.0, and TLS 1.1 are currently supported)
  * GOST 34.10-2001 signature scheme (a Russian ECC signature standard
    analogous to ECDSA)
  * The SHA-3 candidates Keccak and Blue Midnight Wish
  * Bcrypt password hashing
  * XSalsa20
  * AES key wrapping
  * Comb4P hash combinator.
  Other Changes:
  * The block cipher interface now exposes any possible parallelism
    available to the implementation, and XTS, CTR, and CBC modes have been
    changed to use them.
  * SIMD implementations of Serpent, XTEA, Noekeon, and IDEA have been
    added, as has an implementation of AES using SSSE3 which runs both in
    constant time and, on recent processors, significantly faster than the
    usual table based implementation.  There have also been numerous
    optimizations to elliptic curves.
  * The documentation, previously written in LaTeX, is now in
    reStructuredText, which is converted into HTML with Sphinx.  This new
    format is significantly easier to write, encouraging more documentation
    to be written and updated.  And, indeed, a number of features never
    before documented are now described in the manual.

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=18
2011-06-22 14:07:02 +00:00
OBS User autobuild
05d5bd9487 Accepting request 46980 from devel:libraries:c_c++
Copy from devel:libraries:c_c++/Botan based on submit request 46980 from user psmt

OBS-URL: https://build.opensuse.org/request/show/46980
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=13
2010-09-03 11:51:23 +00:00
OBS User autobuild
b06576eceb Accepting request 46980 from devel:libraries:c_c++
checked in (request 46980)

OBS-URL: https://build.opensuse.org/request/show/46980
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=17
2010-09-03 11:51:22 +00:00
Philipp Thomas
42e563e349 - Prefix last patch with Botan-.
- Enable building of the qt_mutex module. This means that from now
  on libbotan requires libQtCore.
- Fix test for thread/mutex support to also work for Qt4.
- Update to 1.8.10:
  * This release changes a number of aspects of how private keys are
    encrypted. The default encryption algorithm has changed from 3DES
    to AES-256
  * The default iteration count for PBES1 and PBES2 encryption schemes
    (which are used primarily to encrypt asymmetric keys like RSA or
    DSA) has increased from 2048 to 10000, which should make brute
    force key cracking substantially harder.
  * The first round of AES now uses a smaller set of lookup tables;
    this only reduces performance slightly but some timing and cache
    analysis attacks against AES are substantially harder when AES is
    implemented this way.
  * The class known as S2K was renamed PBKDF in 1.9, with a typedef
    for backwards compatibility. For providing an equivalent forward
    compatibility path, 1.8.10 includes a typedef for PBKDF and a new
    accessor function get_pbkdf. It also includes a new interface for
    deriving keys with a passphrase which takes both the passphrase
    and desired output length as well as the salt and iteration
    count; in many cases this call is actually significantly more
    convenient than the older API.

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=16
2010-09-02 10:07:50 +00:00