diff --git a/Botan-1.10.10.tgz b/Botan-1.10.10.tgz new file mode 100644 index 0000000..fe35bb9 --- /dev/null +++ b/Botan-1.10.10.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6b67b14746410461fe4a8ce6a625e7eef789243454fe30eab7329d5984be4163 +size 2706592 diff --git a/Botan-1.10.8.tbz b/Botan-1.10.8.tbz deleted file mode 100644 index a80774b..0000000 --- a/Botan-1.10.8.tbz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bc2fd5fe904bba7cd688df021689f53a2d2f87ae728b647196a6b5954d184ea0 -size 2211993 diff --git a/Botan.changes b/Botan.changes index 791396a..b7764f1 100644 --- a/Botan.changes +++ b/Botan.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Tue Aug 11 22:49:31 UTC 2015 - netsroth@opensuse.org + +- bump SONAME to libbotan-1_10-1 +- Update to 1.10.10 + * SECURITY: The BER decoder would crash due to reading from offset 0 + of an empty vector if it encountered a BIT STRING which did not + contain any data at all. As the type requires a 1 byte field this + is not valid BER but could occur in malformed data. Found with + afl. CVE-2015-5726 + * SECURITY: The BER decoder would allocate a fairly arbitrary amount + of memory in a length field, even if there was no chance the read + request would succeed. This might cause the process to run out of + memory or invoke the OOM killer. Found with afl. CVE-2015-5727 + * Due to an ABI incompatible (though not API incompatible) change in + this release, the version number of the shared object has been + increased. + * The default TLS policy no longer allows RC4. + * Fix a signed integer overflow in Blue Midnight Wish that may cause + incorrect computations or undefined behavior. + +- Update to 1.10.9 + * Fixed EAX tag verification to run in constant time + * The default TLS policy now disables SSLv3. + * A crash could occur when reading from a blocking random device if + the device initially indicated that entropy was available but a + concurrent process drained the entropy pool before the read was + initiated. + * Fix decoding indefinite length BER constructs that contain a + context sensitive tag of zero. Github pull 26 from Janusz Chorko. + * The botan-config script previously tried to guess its prefix from + the location of the binary. However this was error prone, and now + the script assumes the final installation prefix matches the value + set during the build. Github issue 29. + ------------------------------------------------------------------- Wed Jun 24 16:19:12 UTC 2015 - liujianfeng1994@gmail.com diff --git a/Botan.spec b/Botan.spec index 9146ff8..99c76cc 100644 --- a/Botan.spec +++ b/Botan.spec @@ -1,7 +1,7 @@ # # spec file for package Botan # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,17 +16,17 @@ # -%define version_suffix 1_10-0 +%define version_suffix 1_10-1 %define short_version 1.10 Name: Botan -Version: 1.10.8 +Version: 1.10.10 Release: 0 Url: http://botan.randombit.net Summary: A C++ Crypto Library License: BSD-2-Clause Group: Development/Libraries/C and C++ -Source: https://files.randombit.net/botan/%{name}-%{version}.tbz +Source: https://files.randombit.net/botan/%{name}-%{version}.tgz Source2: baselibs.conf Patch0: Botan-inttypes.patch Patch1: Botan-ull_constants.patch.bz2 diff --git a/baselibs.conf b/baselibs.conf index 4c8d6bc..25f44da 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,4 +1,4 @@ -libbotan-1_10-0 +libbotan-1_10-1 libbotan-devel requires -libbotan- = - requires "libbotan-1_10-0- = " + requires "libbotan-1_10-1- = "