1
0
forked from pool/Botan

- Update to 1.10.14

* Fix integer overflow during BER decoding, found by Falko Strenzke.
      This bug is not thought to be directly exploitable but upgrading ASAP
      is advised. (CVE-2016-9132)
    * Fix two cases where (in error situations) an exception would be
      thrown from a destructor, causing a call to std::terminate.
    * When RC4 is disabled in the build, also prevent it from being
      included in the OpenSSL provider. (GH #638)
  * Use constant time modular inverse algorithm to avoid possible side 
    channel attack against ECDSA (CVE-2016-2849)
  * Use constant time PKCS #1 unpadding to avoid possible side channel
    attack against RSA decryption (CVE-2015-7827)
  * Avoid a compilation problem in OpenSSL engine when ECDSA was
    disabled. Gentoo bug 542010

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=62
This commit is contained in:
Philipp Thomas 2016-12-28 12:34:03 +00:00 committed by Git OBS Bridge
parent da9ea5b459
commit 775d045da9
7 changed files with 42 additions and 23 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90
size 2710181

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJXIhwhAAoJEGIR6/Hvut+8crwH/jkm5Nr0xM+Sqmi11nS5lRcr
iRw+qB5LxPPunmwQ1uoMe2B7ZowXNtu30bZD3D0dL5TY/ngXx91yvTznteqlXIry
Qo3zfUlNc9EXFUpUniYi0ek+04Fyqy4sWI+gUrGjY6EWEI6lchacR9gt5R8NyOSl
mTe5efp062O09vjwae4FwUdyOsCfxeMmNKZXIHxhjW17xCSg3b3gQKsyTPxuIyz/
qDoaXetbfgcvc+mGx+SRNVbtG5LQi4+4asP6STAy9ZCvYBMh0EBrWelaxJv2lEXi
oLcwbXBrdoFSosVbvIp46FxKwWFluAq2uvniCMvQ1VfYJVTyWglaiHNVlhhxY3M=
=F/Hg
-----END PGP SIGNATURE-----

3
Botan-1.10.14.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:10ed0b394db165733ac9557d8656356b7e9744d38c61c2b9c44cba6d84ff4c1c
size 2710757

11
Botan-1.10.14.tgz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlg8DKMACgkQYhHr8e+6
37xl/gf+OoUkiVu7Mi+UvOozBoQ8k9KPrj+afhTPlSgpXJHLhrtm7k1JMyGFzYJf
PwEUEI2POI5SQ6sEX++MhN09XYQDle3LWEwsgBmZh0aoIr+3aYHNKgH6U3FjLT6t
B0gk7RWygEDbm8NGdxqWducHrFdLR/MVSuYjuX4zgOjR0Nr69pimdjAGc1r4KH/3
EHrSnSFeMMWqfN0CShQg30gp00et4P7rWo4NLNXVigkVif0TvQ4dAVejWr8UWkKN
OId+XTfngj7ynpQnkBfUZ7O9N+ybbaiLaKaEbn1xN5WwFIqYt8DeUcX3RjOT11eF
XbMK5bJDzcpE2+crlXodw8B6KkqY7A==
=e8ta
-----END PGP SIGNATURE-----

View File

@ -1,10 +1,25 @@
-------------------------------------------------------------------
Wed Dec 28 12:02:11 CET 2016 - pth@suse.de
- Update to 1.10.14
* Fix integer overflow during BER decoding, found by Falko Strenzke.
This bug is not thought to be directly exploitable but upgrading ASAP
is advised. (CVE-2016-9132)
* Fix two cases where (in error situations) an exception would be
thrown from a destructor, causing a call to std::terminate.
* When RC4 is disabled in the build, also prevent it from being
included in the OpenSSL provider. (GH #638)
-------------------------------------------------------------------
Sun Nov 13 01:32:18 UTC 2016 - netsroth@opensuse.org
- Update to 1.10.13
* Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA (CVE-2016-2849)
* Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption (CVE-2015-7827)
* Avoid a compilation problem in OpenSSL engine when ECDSA was disabled. Gentoo bug 542010
* Use constant time modular inverse algorithm to avoid possible side
channel attack against ECDSA (CVE-2016-2849)
* Use constant time PKCS #1 unpadding to avoid possible side channel
attack against RSA decryption (CVE-2015-7827)
* Avoid a compilation problem in OpenSSL engine when ECDSA was
disabled. Gentoo bug 542010
-------------------------------------------------------------------
Fri May 13 07:31:21 UTC 2016 - faure@kde.org

View File

@ -19,7 +19,7 @@
%define version_suffix 1_10-1
%define short_version 1.10
Name: Botan
Version: 1.10.13
Version: 1.10.14
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause

View File

@ -1,8 +1,12 @@
diff --git a/configure.py b/configure.py
index b606e06..f184939 100755
--- a/configure.py
+++ b/configure.py
@@ -1135,7 +1135,7 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
---
configure.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: Botan-1.10.14/configure.py
===================================================================
--- Botan-1.10.14.orig/configure.py 2016-11-28 11:52:20.000000000 +0100
+++ Botan-1.10.14/configure.py 2016-12-28 10:59:39.592584921 +0100
@@ -1140,7 +1140,7 @@ def create_template_vars(build_config, o
options.cpu, options.debug_build),
'lib_opt': cc.library_opt_flags(options),