From d9be67b223c9f642bf54eac61b3159337d78f0652fc7c8065b18d7fc584775e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Wed, 3 Feb 2016 12:16:12 +0000 Subject: [PATCH] Accepting request 357517 from home:stroeder:branches:devel:libraries:c_c++ update to 1.10.12 (somewhat a security update) OBS-URL: https://build.opensuse.org/request/show/357517 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=56 --- Botan-1.10.10.tgz | 3 --- Botan-1.10.10.tgz.asc | 11 ----------- Botan-1.10.12.tgz | 3 +++ Botan-1.10.12.tgz.asc | 11 +++++++++++ Botan.changes | 20 ++++++++++++++++++++ Botan.spec | 2 +- 6 files changed, 35 insertions(+), 15 deletions(-) delete mode 100644 Botan-1.10.10.tgz delete mode 100644 Botan-1.10.10.tgz.asc create mode 100644 Botan-1.10.12.tgz create mode 100644 Botan-1.10.12.tgz.asc diff --git a/Botan-1.10.10.tgz b/Botan-1.10.10.tgz deleted file mode 100644 index fe35bb9..0000000 --- a/Botan-1.10.10.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6b67b14746410461fe4a8ce6a625e7eef789243454fe30eab7329d5984be4163 -size 2706592 diff --git a/Botan-1.10.10.tgz.asc b/Botan-1.10.10.tgz.asc deleted file mode 100644 index 5649ade..0000000 --- a/Botan-1.10.10.tgz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQEcBAABCgAGBQJVvvClAAoJEGIR6/Hvut+8DnIH/j5EW84EEcBKETvBQJqoPJt7 -Gsq4GKHDo75gBnWn2a2WGbbFIRuwjW4rpbUxxn6Nxazr87Hvg/RpRmd03/VYNvDO -jai2oetGAbaV4e9kzSMI96jN6k3vpjtUqeY851PXnZxaILrx1iBqwppjVOZfIbNF -hxzNgDgd1lA/dgfsh/BGr3MWDihNOxpICAbxmnXJU8bjiNT3RqebyOmins/Q6eVr -Tl6D2CxeYV1QlxOOnd93PJW6RAJtgzw4kjUWIHB74DxhjtB06XV8jHQxlTRCEC/Q -QDy2WlymjDQapyW6OzB0nRYCKtJQyQiZVCk4cIBq/8X3M4vjk7jErwqKvNPGcCU= -=s4gl ------END PGP SIGNATURE----- diff --git a/Botan-1.10.12.tgz b/Botan-1.10.12.tgz new file mode 100644 index 0000000..c3d9afb --- /dev/null +++ b/Botan-1.10.12.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:affc3a79919577943f896e64d3e4a4dcc4970c5bf80cc98c7f3a3144745eac27 +size 2707397 diff --git a/Botan-1.10.12.tgz.asc b/Botan-1.10.12.tgz.asc new file mode 100644 index 0000000..7d5e5b2 --- /dev/null +++ b/Botan-1.10.12.tgz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQEcBAABCAAGBQJWsbSyAAoJEGIR6/Hvut+8yZ8IAKZkFvG/j+nmWQPaoU0FKAJY +q37r0gIOSkZ+K4Q3k8Gc5uEmVcobP52JlDJZeG6yYERwJdN1aO/LcUpqxDvF8SNk +qrfsgItJ06SW+jLI9xS7abQGoVmfBEC5EcmqlPLLyJ4mPTR3XDDn6ITyN1i40Byr +rVMdm0dOwPiFrVJNlSjEnv/sQEPf6nrXAhu6vhGsWk1u6BbZRhVTk+0QAI0Dz950 +MpRmIzEZAIAgvZpYGvvnULzfnNVwPswxw321Cp0JH368/sJjX2Mkp8yJ1wypGaMT +3gqkhGsyNqQjKjv9DmE04N/l+P7SIMBGn4+BOS0sfEXhxdpRMrezoNx/E2rJ5AU= +=tUsf +-----END PGP SIGNATURE----- diff --git a/Botan.changes b/Botan.changes index a52d541..b14305e 100644 --- a/Botan.changes +++ b/Botan.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Wed Feb 3 10:52:19 UTC 2016 - michael@stroeder.com + +- Update to 1.10.12 + +- Version 1.10.12, 2016-02-03 + * In 1.10.11, the check in PointGFp intended to check the affine y + argument actually checked the affine x again. Reported by Remi Gacogne + * The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an + additional check in the multiplication function itself which was also + added in that release, so there are no security implications from the + missed check. However to avoid confusion the change was pushed in a new + release immediately. + * The 1.10.11 release notes incorrectly identified CVE-2016-2195 as + CVE-2016-2915 +- Version 1.10.11, 2016-02-01 + * Resolve heap overflow in ECC point decoding. CVE-2016-2195 + Resolve infinite loop in modular square root algorithm. CVE-2016-2194 + Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239 + ------------------------------------------------------------------- Thu Dec 24 10:48:11 UTC 2015 - mpluskal@suse.com diff --git a/Botan.spec b/Botan.spec index ab72cdd..3784c3e 100644 --- a/Botan.spec +++ b/Botan.spec @@ -19,7 +19,7 @@ %define version_suffix 1_10-1 %define short_version 1.10 Name: Botan -Version: 1.10.10 +Version: 1.10.12 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause