- Update to Botan 2.7
* CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH
#1604)
* Avoid a side channel in RSA key generation due to use of a non-constant
time gcd algorithm. (GH #1542#1556)
* Optimize prime generation, especially improving RSA key generation. (GH
#1542)
* Make Karatsuba multiplication, Montgomery field operations, Barrett
reduction and Montgomery exponentiation const time (GH #1540#1606#1609#1610)
* Optimizations for elliptic curve operations especially improving reductions
and inversions modulo NIST primes (GH #1534#1538#1545#1546#1547#1550)
* Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by
~25%. (GH #1564)
* Unroll Montgomery reduction for specific sizes (GH #1603)
* Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and
GOST by 10-15%.
* XMSS optimizations (GH #1583#1585)
* Fix an error that meant XMSS would only sign half as many signatures as is
allowed (GH #1582)
* Add support for base32 encoding/decoding (GH #1541)
* Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584)
* Allow the year to be up to 2200 in ASN.1 time objects. Previously this was
limited to 2100. (GH #1536)
* Add support for Scrypt password hashing (GH #1570)
* Add support for using Scrypt for private key encryption (GH #1574)
* Optimizations for DES/3DES, approx 50% faster when used in certain modes
such as CBC decrypt or CTR.
* XMSS signature verification did not check that the signature was of the
expected length which could lead to a crash. (GH #1537)
OBS-URL: https://build.opensuse.org/request/show/621856
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=86
- Update to Botan 2.6
* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a
malformed ciphertext cause the decryptor to read and HMAC an additional 64K
bytes of data which is not part of the record. This could cause a crash if
the read went into unmapped memory. No information leak or out of bounds
write occurs.
* Add support for OAEP labels (GH #1508)
* RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster.
* Add exponent blinding to RSA (GH #1523)
* Add Cipher_Mode::create and AEAD_Mode::create (GH #1527)
* Fix bug in TLS server introduced in 2.5 which caused connection to fail if
the client offered any signature algorithm not known to the server (for
example RSA/SHA-224).
* Fix a bug in inline asm that would with GCC 7.3 cause incorrect
computations and an infinite loop during the tests. (GH #1524#1529)
OBS-URL: https://build.opensuse.org/request/show/595519
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=82
- Update to Botan 2.5
* Fix error in certificate wildcard matching (CVE-2018-9127), where a
wildcard cert for b*.example.com would be accepted as a match for any host
with name *b*.example.com (GH #1519)
* Add support for RSA-PSS signatures in TLS (GH #1285)
* Ed25519 certificates are now supported (GH #1501)
* Many optimizations in ECC operations. ECDSA signatures are 8-10 times
faster. ECDSA verification is about twice as fast. ECDH key agreement is
3-4 times faster. (GH #1457#1478)
* Implement product scanning Montgomery reduction, which improves
Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
#1472)
* DSA signing and verification performance has improved by 30-50%.
* Add a new Credentials_Manager callback that specifies which CAs the server
has indicated it trusts (GH #1395 fixing #1261)
* Add new TLS::Callbacks methods that allow creating or removing extensions,
as well as examining extensions sent by the peer (GH #1394#1186)
* Add new TLS::Callbacks methods that allow an application to negotiate use
of custom elliptic curves. (GH #1448)
* Add ability to create custom elliptic curves (GH #1441#1444)
* Add support for POWER8 AES instructions (GH #1459#1393#1206)
* Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502#986)
* The default encoding of ECC public keys has changed from compressed to
uncompressed point representation. This improves compatability with some
common software packages including Golang’s standard library. (GH #1480#1483)
* It is now possible to create DNs with custom components. (GH #1490#1492)
* It is now possible to specify the serial number of created certificates,
instead of using the default 128-bit random integer. (GH #1489#1491)
OBS-URL: https://build.opensuse.org/request/show/593756
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=48
- Update to Botan 2.5
* Fix error in certificate wildcard matching (CVE-2018-9127), where a
wildcard cert for b*.example.com would be accepted as a match for any host
with name *b*.example.com (GH #1519)
* Add support for RSA-PSS signatures in TLS (GH #1285)
* Ed25519 certificates are now supported (GH #1501)
* Many optimizations in ECC operations. ECDSA signatures are 8-10 times
faster. ECDSA verification is about twice as fast. ECDH key agreement is
3-4 times faster. (GH #1457#1478)
* Implement product scanning Montgomery reduction, which improves
Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
#1472)
* DSA signing and verification performance has improved by 30-50%.
* Add a new Credentials_Manager callback that specifies which CAs the server
has indicated it trusts (GH #1395 fixing #1261)
* Add new TLS::Callbacks methods that allow creating or removing extensions,
as well as examining extensions sent by the peer (GH #1394#1186)
* Add new TLS::Callbacks methods that allow an application to negotiate use
of custom elliptic curves. (GH #1448)
* Add ability to create custom elliptic curves (GH #1441#1444)
* Add support for POWER8 AES instructions (GH #1459#1393#1206)
* Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502#986)
* The default encoding of ECC public keys has changed from compressed to
uncompressed point representation. This improves compatability with some
common software packages including Golang’s standard library. (GH #1480#1483)
* It is now possible to create DNs with custom components. (GH #1490#1492)
* It is now possible to specify the serial number of created certificates,
instead of using the default 128-bit random integer. (GH #1489#1491)
OBS-URL: https://build.opensuse.org/request/show/593097
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=79
- drop explicit package requirements
- split binary package and documentation from dynamic library package
- merge back Botan2 package to Botan with changelog history
- drop Botan patches
aarch64-support.patch - doesn't seem to be required anymore
Botan-fix_install_paths.patch - doesn't seem to be required
no-cpuid-header.patch - SLE11 not target anymore
Botan-fix_pkgconfig.patch - this seem to be wrong
Botan-no-buildtime.patch - not needed anymore
dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there
Botan-inttypes.patch - not required
Botan-ull_constants.patch.bz2 - no reason anymore
- change group of libbotan-%{version_suffix} to 'System/Libraries' as
requested on review
- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just
need the Update repository present.
- Rename libbotan-devel to libbotan2-devel. We can't have clashing
packages in the archive because Botan1 and Botan2 provide the
same -devel binary. Botan2 is also no API compatible with Botan.
- fix expected version after bump in baselibs.conf too
- fix unknown flag -fstack-clash-protection for openSUSE 42.3
- rename to Botan2
- drop Botan2-INT_MAX.patch as not needed anymore
- Bump to libbotan 2.4
Changes and new features: (forwarded request 578006 from sleep_walker)
OBS-URL: https://build.opensuse.org/request/show/578047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=46
- drop explicit package requirements
- split binary package and documentation from dynamic library package
- merge back Botan2 package to Botan with changelog history
- drop Botan patches
aarch64-support.patch - doesn't seem to be required anymore
Botan-fix_install_paths.patch - doesn't seem to be required
no-cpuid-header.patch - SLE11 not target anymore
Botan-fix_pkgconfig.patch - this seem to be wrong
Botan-no-buildtime.patch - not needed anymore
dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there
Botan-inttypes.patch - not required
Botan-ull_constants.patch.bz2 - no reason anymore
- change group of libbotan-%{version_suffix} to 'System/Libraries' as
requested on review
- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just
need the Update repository present.
- Rename libbotan-devel to libbotan2-devel. We can't have clashing
packages in the archive because Botan1 and Botan2 provide the
same -devel binary. Botan2 is also no API compatible with Botan.
- fix expected version after bump in baselibs.conf too
- fix unknown flag -fstack-clash-protection for openSUSE 42.3
- rename to Botan2
- drop Botan2-INT_MAX.patch as not needed anymore
- Bump to libbotan 2.4
Changes and new features:
OBS-URL: https://build.opensuse.org/request/show/578006
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=75
- Update to 1.10.17
- Address a side channel affecting modular exponentiation. An attacker
capable of a local or cross-VM cache analysis attack may be able to recover
bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
(GH #1192#1148#882, bsc#1060433)
- Add SecureVector::data() function which returns the start of the buffer.
This makes it slightly simpler to support both 1.10 and 2.x APIs in the
same codebase. When compiled by a C++11 (or later) compiler, a template
typedef of SecureVector, secure_vector, is added. In 2.x this class is a
std::vector with a custom allocator, so has a somewhat different interface
than SecureVector in 1.10. But this makes it slightly simpler to support
both 1.10 and 2.x APIs in the same codebase.
- Fix a bug that prevented configure.py from running under Python3
- Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
#error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
1.1 or later. (GH #753)
- Import patches from Debian adding basic support for
building on aarch64, ppc64le, or1k, and mipsn32 platforms.
* obsoletes CVE-2017-14737.patch
* refreshes aarch64-support.patch
* drop ppc64le-support.patch for upstream version
(disables altivec support as per concerns by upstream)
- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
implementation allows local attacker to recover information about RSA secret
keys.
* add CVE-2017-14737.patch
OBS-URL: https://build.opensuse.org/request/show/531133
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=71
- Update to 1.10.16
* Fix a bug in X509 DN string comparisons that could result in out of bound
reads. This could result in information leakage, denial of service, or
potentially incorrect certificate validation results. (CVE-2017-2801)
* Avoid use of C++11 std::to_string in some code added in 1.10.14 (GH #747#834)
- Changes from 1.10.15:
* Change an unintended behavior of 2.0.0, which named the include directory
botan-2.0. Since future release of Botan-2 should be compatible with code
written against old versions, there does not seem to be any reason to
* version the include directory with the minor number. (GH #830#833)
* Fix a bug which caused an error when building on Cygwin or other platforms
where shared libraries are not supported. (GH #821)
* Enable use of readdir on Cygwin, which allows the tests to run (GH #824)
* Switch to readthedocs Sphinx theme by default (GH #822#823)
OBS-URL: https://build.opensuse.org/request/show/487344
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=64
* Fix integer overflow during BER decoding, found by Falko Strenzke.
This bug is not thought to be directly exploitable but upgrading ASAP
is advised. (CVE-2016-9132)
* Fix two cases where (in error situations) an exception would be
thrown from a destructor, causing a call to std::terminate.
* When RC4 is disabled in the build, also prevent it from being
included in the OpenSSL provider. (GH #638)
* Use constant time modular inverse algorithm to avoid possible side
channel attack against ECDSA (CVE-2016-2849)
* Use constant time PKCS #1 unpadding to avoid possible side channel
attack against RSA decryption (CVE-2015-7827)
* Avoid a compilation problem in OpenSSL engine when ECDSA was
disabled. Gentoo bug 542010
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=62
- Fix Source0 URL
- bump SONAME to libbotan-1_10-1
- Update to 1.10.10
* SECURITY: The BER decoder would crash due to reading from offset 0
of an empty vector if it encountered a BIT STRING which did not
contain any data at all. As the type requires a 1 byte field this
is not valid BER but could occur in malformed data. Found with
afl. CVE-2015-5726
* SECURITY: The BER decoder would allocate a fairly arbitrary amount
of memory in a length field, even if there was no chance the read
request would succeed. This might cause the process to run out of
memory or invoke the OOM killer. Found with afl. CVE-2015-5727
* Due to an ABI incompatible (though not API incompatible) change in
this release, the version number of the shared object has been
increased.
* The default TLS policy no longer allows RC4.
* Fix a signed integer overflow in Blue Midnight Wish that may cause
incorrect computations or undefined behavior.
- Update to 1.10.9
* Fixed EAX tag verification to run in constant time
* The default TLS policy now disables SSLv3.
* A crash could occur when reading from a blocking random device if
the device initially indicated that entropy was available but a
concurrent process drained the entropy pool before the read was
initiated.
* Fix decoding indefinite length BER constructs that contain a
context sensitive tag of zero. Github pull 26 from Janusz Chorko.
* The botan-config script previously tried to guess its prefix from
the location of the binary. However this was error prone, and now
OBS-URL: https://build.opensuse.org/request/show/323035
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=36
- bump SONAME to libbotan-1_10-1
- Update to 1.10.10
* SECURITY: The BER decoder would crash due to reading from offset 0
of an empty vector if it encountered a BIT STRING which did not
contain any data at all. As the type requires a 1 byte field this
is not valid BER but could occur in malformed data. Found with
afl. CVE-2015-5726
* SECURITY: The BER decoder would allocate a fairly arbitrary amount
of memory in a length field, even if there was no chance the read
request would succeed. This might cause the process to run out of
memory or invoke the OOM killer. Found with afl. CVE-2015-5727
* Due to an ABI incompatible (though not API incompatible) change in
this release, the version number of the shared object has been
increased.
* The default TLS policy no longer allows RC4.
* Fix a signed integer overflow in Blue Midnight Wish that may cause
incorrect computations or undefined behavior.
- Update to 1.10.9
* Fixed EAX tag verification to run in constant time
* The default TLS policy now disables SSLv3.
* A crash could occur when reading from a blocking random device if
the device initially indicated that entropy was available but a
concurrent process drained the entropy pool before the read was
initiated.
* Fix decoding indefinite length BER constructs that contain a
context sensitive tag of zero. Github pull 26 from Janusz Chorko.
* The botan-config script previously tried to guess its prefix from
the location of the binary. However this was error prone, and now
the script assumes the final installation prefix matches the value
set during the build. Github issue 29.
OBS-URL: https://build.opensuse.org/request/show/322627
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=51
- Update to 1.10.8
* Fix a bug in primality testing introduced in 1.8.3 which caused
only a single random base, rather than a sequence of random bases,
to be used in the Miller-Rabin test. This increased the
probability that a non-prime would be accepted, for instance a
1024 bit number would be incorrectly classed as prime with
probability around 2^-40. Reported by Jeff Marrison.
* The key length limit on HMAC has been raised to 512 bytes,
allowing the use of very long passphrases with PBKDF2.
- Update to 1.10.7
* OAEP had two bugs, one of which allowed it to be used even if the
key was too small, and the other of which would cause a crash
during decryption if the EME data was too large for the associated
key. (forwarded request 233310 from netsroth)
OBS-URL: https://build.opensuse.org/request/show/233386
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=33
- Update to 1.10.8
* Fix a bug in primality testing introduced in 1.8.3 which caused
only a single random base, rather than a sequence of random bases,
to be used in the Miller-Rabin test. This increased the
probability that a non-prime would be accepted, for instance a
1024 bit number would be incorrectly classed as prime with
probability around 2^-40. Reported by Jeff Marrison.
* The key length limit on HMAC has been raised to 512 bytes,
allowing the use of very long passphrases with PBKDF2.
- Update to 1.10.7
* OAEP had two bugs, one of which allowed it to be used even if the
key was too small, and the other of which would cause a crash
during decryption if the EME data was too large for the associated
key.
OBS-URL: https://build.opensuse.org/request/show/233310
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=47
