From ee861a620e1164cc41aeea4a1c729d6782d79e3dd9c0d340400a25a366a5e2fa Mon Sep 17 00:00:00 2001
From: Michal Vyskocil <michal.vyskocil@gmail.com>
Date: Fri, 14 Aug 2015 05:57:04 +0000
Subject: [PATCH 1/2] Accepting request 322627 from
 home:netsroth:branches:devel:libraries:c_c++

- bump SONAME to libbotan-1_10-1
- Update to 1.10.10
  * SECURITY: The BER decoder would crash due to reading from offset 0
    of an empty vector if it encountered a BIT STRING which did not
    contain any data at all. As the type requires a 1 byte field this
    is not valid BER but could occur in malformed data. Found with
    afl. CVE-2015-5726
  * SECURITY: The BER decoder would allocate a fairly arbitrary amount
    of memory in a length field, even if there was no chance the read
    request would succeed. This might cause the process to run out of
    memory or invoke the OOM killer. Found with afl. CVE-2015-5727
  * Due to an ABI incompatible (though not API incompatible) change in
    this release, the version number of the shared object has been
    increased.
  * The default TLS policy no longer allows RC4.
  * Fix a signed integer overflow in Blue Midnight Wish that may cause
    incorrect computations or undefined behavior.
- Update to 1.10.9
  * Fixed EAX tag verification to run in constant time
  * The default TLS policy now disables SSLv3.
  * A crash could occur when reading from a blocking random device if
    the device initially indicated that entropy was available but a
    concurrent process drained the entropy pool before the read was
    initiated.
  * Fix decoding indefinite length BER constructs that contain a
    context sensitive tag of zero. Github pull 26 from Janusz Chorko.
  * The botan-config script previously tried to guess its prefix from
    the location of the binary. However this was error prone, and now
    the script assumes the final installation prefix matches the value
    set during the build. Github issue 29.

OBS-URL: https://build.opensuse.org/request/show/322627
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=51
---
 Botan-1.10.10.tgz |  3 +++
 Botan-1.10.8.tbz  |  3 ---
 Botan.changes     | 35 +++++++++++++++++++++++++++++++++++
 Botan.spec        |  8 ++++----
 baselibs.conf     |  4 ++--
 5 files changed, 44 insertions(+), 9 deletions(-)
 create mode 100644 Botan-1.10.10.tgz
 delete mode 100644 Botan-1.10.8.tbz

diff --git a/Botan-1.10.10.tgz b/Botan-1.10.10.tgz
new file mode 100644
index 0000000..fe35bb9
--- /dev/null
+++ b/Botan-1.10.10.tgz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b67b14746410461fe4a8ce6a625e7eef789243454fe30eab7329d5984be4163
+size 2706592
diff --git a/Botan-1.10.8.tbz b/Botan-1.10.8.tbz
deleted file mode 100644
index a80774b..0000000
--- a/Botan-1.10.8.tbz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bc2fd5fe904bba7cd688df021689f53a2d2f87ae728b647196a6b5954d184ea0
-size 2211993
diff --git a/Botan.changes b/Botan.changes
index 791396a..b7764f1 100644
--- a/Botan.changes
+++ b/Botan.changes
@@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Tue Aug 11 22:49:31 UTC 2015 - netsroth@opensuse.org
+
+- bump SONAME to libbotan-1_10-1
+- Update to 1.10.10
+  * SECURITY: The BER decoder would crash due to reading from offset 0
+    of an empty vector if it encountered a BIT STRING which did not
+    contain any data at all. As the type requires a 1 byte field this
+    is not valid BER but could occur in malformed data. Found with
+    afl. CVE-2015-5726
+  * SECURITY: The BER decoder would allocate a fairly arbitrary amount
+    of memory in a length field, even if there was no chance the read
+    request would succeed. This might cause the process to run out of
+    memory or invoke the OOM killer. Found with afl. CVE-2015-5727
+  * Due to an ABI incompatible (though not API incompatible) change in
+    this release, the version number of the shared object has been
+    increased.
+  * The default TLS policy no longer allows RC4.
+  * Fix a signed integer overflow in Blue Midnight Wish that may cause
+    incorrect computations or undefined behavior.
+
+- Update to 1.10.9
+  * Fixed EAX tag verification to run in constant time
+  * The default TLS policy now disables SSLv3.
+  * A crash could occur when reading from a blocking random device if
+    the device initially indicated that entropy was available but a
+    concurrent process drained the entropy pool before the read was
+    initiated.
+  * Fix decoding indefinite length BER constructs that contain a
+    context sensitive tag of zero. Github pull 26 from Janusz Chorko.
+  * The botan-config script previously tried to guess its prefix from
+    the location of the binary. However this was error prone, and now
+    the script assumes the final installation prefix matches the value
+    set during the build. Github issue 29.
+
 -------------------------------------------------------------------
 Wed Jun 24 16:19:12 UTC 2015 - liujianfeng1994@gmail.com
 
diff --git a/Botan.spec b/Botan.spec
index 9146ff8..99c76cc 100644
--- a/Botan.spec
+++ b/Botan.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package Botan
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,17 +16,17 @@
 #
 
 
-%define version_suffix 1_10-0
+%define version_suffix 1_10-1
 %define short_version 1.10
 
 Name:           Botan
-Version:        1.10.8
+Version:        1.10.10
 Release:        0
 Url:            http://botan.randombit.net
 Summary:        A C++ Crypto Library
 License:        BSD-2-Clause
 Group:          Development/Libraries/C and C++
-Source:         https://files.randombit.net/botan/%{name}-%{version}.tbz
+Source:         https://files.randombit.net/botan/%{name}-%{version}.tgz
 Source2:        baselibs.conf
 Patch0:         Botan-inttypes.patch
 Patch1:         Botan-ull_constants.patch.bz2
diff --git a/baselibs.conf b/baselibs.conf
index 4c8d6bc..25f44da 100644
--- a/baselibs.conf
+++ b/baselibs.conf
@@ -1,4 +1,4 @@
-libbotan-1_10-0
+libbotan-1_10-1
 libbotan-devel
 	requires -libbotan-<targettype> = <version>
-	requires "libbotan-1_10-0-<targettype> = <version>"
+	requires "libbotan-1_10-1-<targettype> = <version>"

From 45099f31561166ba45e1da88a2d0123758885d81307cf0a098c01b4febaaffee Mon Sep 17 00:00:00 2001
From: Michal Vyskocil <michal.vyskocil@gmail.com>
Date: Fri, 14 Aug 2015 08:58:15 +0000
Subject: [PATCH 2/2] - Fix Source0 URL

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=52
---
 Botan.changes | 5 +++++
 Botan.spec    | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Botan.changes b/Botan.changes
index b7764f1..cb6f5e4 100644
--- a/Botan.changes
+++ b/Botan.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Aug 14 08:54:09 UTC 2015 - mvyskocil@opensuse.org
+
+- Fix Source0 URL
+
 -------------------------------------------------------------------
 Tue Aug 11 22:49:31 UTC 2015 - netsroth@opensuse.org
 
diff --git a/Botan.spec b/Botan.spec
index 99c76cc..096dbf4 100644
--- a/Botan.spec
+++ b/Botan.spec
@@ -26,7 +26,7 @@ Url:            http://botan.randombit.net
 Summary:        A C++ Crypto Library
 License:        BSD-2-Clause
 Group:          Development/Libraries/C and C++
-Source:         https://files.randombit.net/botan/%{name}-%{version}.tgz
+Source0:        http://botan.randombit.net/releases/%{name}-%{version}.tgz
 Source2:        baselibs.conf
 Patch0:         Botan-inttypes.patch
 Patch1:         Botan-ull_constants.patch.bz2