Botan/Botan.spec

144 lines
4.1 KiB
RPMSpec
Raw Normal View History

#
# spec file for package Botan
#
Accepting request 792362 from home:polslinux:branches:devel:libraries:c_c++ - Update to Botan 2.14: * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247) * Optimize the vector permute AES implementation, especially improving performance on ARMv7, Aarch64, and POWER. (GH #2243) * Use a new algorithm for modular inversions which is both faster and more resistant to side channel attacks. (GH #2287 #2296 #2301) * Address an issue in CBC padding which would leak the length of the plaintext which was being padded. Unpadding during decryption was not affected. * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295) * Increase the size of the ECC blinding mask and scale it based on the size of the group order. (GH #880 #893 #2308) * Add server side support for the TLS asio wrapper. (GH #2229) * Add support for using Windows certificate store on MinGW (GH #2280) * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter. * Add Roughtime client (GH #2143 #1842) * Add support for XMSS X.509 certificates (GH #2172) * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213) * Add AVX2 implementation of SHACAL2 (GH #2196) * Support more functionality for X.509 in the Python API (GH #2165) * Add generic CPU target useful when building for some new or unusual platform. * Disable MD5 in BSI or NIST modes (GH #2188) * Many currently public headers are being deprecated. If any such header is included by an application, a warning is issued at compile time. Headers issuing this warning will be made internal in a future major release. * RSA signature performance improvements (GH #2068 #2070) * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and ChaCha20Poly1305 (GH #2117), especially for small messages. * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100) * Improve performance of POWER8 AES instructions (GH #2096) * Add support for the POWER9 hardware random number generator (GH #2026) * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022) * In DTLS server, support a client crashing and then reconnecting from the same source port, as described in RFC 6347 sec 4.2.8 (GH #2029) * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042) * Add support for the TLS v1.3 downgrade indicator. (GH #2027) * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987) * Add Bcrypt-PBKDF (GH #1990) * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999) * Add support for the TLS v1.3 supported_versions extension. (GH #1976) * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000) * Add support for OCSP stapling on server side. (GH #1703 #1967) * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992) * Add a certificate store for Linux/Unix systems. (GH #1885 #1936) * Various Fixes OBS-URL: https://build.opensuse.org/request/show/792362 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=92
2020-04-19 14:59:35 +02:00
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
Accepting request 689411 from home:dmolkentin:branches:devel:libraries:c_c++ - Update to Botan 2.9 * Bump SONAME * CVE-2018-20187 Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key. * Fix bugs in TLS which caused negotiation failures when the client used an unknown signature algorithm or version (GH #1711 #1709 #1708) * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data was set after starting a message, the new AD was not reflected in the produced tag. Now with these modes setting an AD after beginning a message throws an exception. * Use a smaller sieve which improves performance of prime generation. * Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256 GB. (GH #1728) * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729) * Optimize AVX2 ChaCha (GH #1730) * Many more operations in BigInt, ECC and RSA code paths are either fully const time or avoid problematic branches that could potentially be exploited in a side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765 #1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797) * Several optimizations for BigInt and ECC, improving ECDSA performance by as much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788) OBS-URL: https://build.opensuse.org/request/show/689411 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=89
2019-03-29 09:09:19 +01:00
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
- update to 2.15: Fix a bug where the name constraint extension did not constrain the alternative DN field which can be included in a subject alternative name. This would allow a corrupted sub-CA which was otherwise constrained by a name constraint to issue a certificate with a prohibited DN. Fix a bug in the TLS server during client authentication where where if a (disabled by default) static RSA ciphersuite was selected, then no certificate request would be sent. This would have an equivalent effect to a client which simply replied with an empty Certificate message. (GH #2367) Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As a result AES is now constant time on all processors. (GH #2346 #2348 #2353 #2329 #2355) In TLS, enforce that the key usage given in the server certificate allows the operation being performed in the ciphersuite. (GH #2367) In X.509 certificates, verify that the algorithm parameters are the expected NULL or empty. (GH #2367) Change the HMAC key schedule to attempt to reduce the information leaked from the key schedule with regards to the length of the key, as this is at times (as for example in PBKDF2) sensitive information. (GH #2362) Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The previous RDRAND_RNG interface is deprecated. (GH #2352) The documentation claimed that mlocked pages were created with a guard page both before and after. However only a trailing guard page was used. Add a leading guard page. (GH #2334) Add support for generating and verifying DER-encoded ECDSA signatures in the C and Python interfaces. (GH #2357 #2356) Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH #2322) When building documentation using Sphinx avoid parallel builds with version 3.0 due to a bug in that version (GH #2326 #2324) OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=94
2020-08-16 04:17:19 +02:00
%define version_suffix 2-15
%define short_version 2
Name: Botan
- update to 2.15: Fix a bug where the name constraint extension did not constrain the alternative DN field which can be included in a subject alternative name. This would allow a corrupted sub-CA which was otherwise constrained by a name constraint to issue a certificate with a prohibited DN. Fix a bug in the TLS server during client authentication where where if a (disabled by default) static RSA ciphersuite was selected, then no certificate request would be sent. This would have an equivalent effect to a client which simply replied with an empty Certificate message. (GH #2367) Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As a result AES is now constant time on all processors. (GH #2346 #2348 #2353 #2329 #2355) In TLS, enforce that the key usage given in the server certificate allows the operation being performed in the ciphersuite. (GH #2367) In X.509 certificates, verify that the algorithm parameters are the expected NULL or empty. (GH #2367) Change the HMAC key schedule to attempt to reduce the information leaked from the key schedule with regards to the length of the key, as this is at times (as for example in PBKDF2) sensitive information. (GH #2362) Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The previous RDRAND_RNG interface is deprecated. (GH #2352) The documentation claimed that mlocked pages were created with a guard page both before and after. However only a trailing guard page was used. Add a leading guard page. (GH #2334) Add support for generating and verifying DER-encoded ECDSA signatures in the C and Python interfaces. (GH #2357 #2356) Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH #2322) When building documentation using Sphinx avoid parallel builds with version 3.0 due to a bug in that version (GH #2326 #2324) OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=94
2020-08-16 04:17:19 +02:00
Version: 2.15.0
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause
Group: Development/Libraries/C and C++
Accepting request 792362 from home:polslinux:branches:devel:libraries:c_c++ - Update to Botan 2.14: * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247) * Optimize the vector permute AES implementation, especially improving performance on ARMv7, Aarch64, and POWER. (GH #2243) * Use a new algorithm for modular inversions which is both faster and more resistant to side channel attacks. (GH #2287 #2296 #2301) * Address an issue in CBC padding which would leak the length of the plaintext which was being padded. Unpadding during decryption was not affected. * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295) * Increase the size of the ECC blinding mask and scale it based on the size of the group order. (GH #880 #893 #2308) * Add server side support for the TLS asio wrapper. (GH #2229) * Add support for using Windows certificate store on MinGW (GH #2280) * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter. * Add Roughtime client (GH #2143 #1842) * Add support for XMSS X.509 certificates (GH #2172) * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213) * Add AVX2 implementation of SHACAL2 (GH #2196) * Support more functionality for X.509 in the Python API (GH #2165) * Add generic CPU target useful when building for some new or unusual platform. * Disable MD5 in BSI or NIST modes (GH #2188) * Many currently public headers are being deprecated. If any such header is included by an application, a warning is issued at compile time. Headers issuing this warning will be made internal in a future major release. * RSA signature performance improvements (GH #2068 #2070) * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and ChaCha20Poly1305 (GH #2117), especially for small messages. * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100) * Improve performance of POWER8 AES instructions (GH #2096) * Add support for the POWER9 hardware random number generator (GH #2026) * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022) * In DTLS server, support a client crashing and then reconnecting from the same source port, as described in RFC 6347 sec 4.2.8 (GH #2029) * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042) * Add support for the TLS v1.3 downgrade indicator. (GH #2027) * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987) * Add Bcrypt-PBKDF (GH #1990) * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999) * Add support for the TLS v1.3 supported_versions extension. (GH #1976) * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000) * Add support for OCSP stapling on server side. (GH #1703 #1967) * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992) * Add a certificate store for Linux/Unix systems. (GH #1885 #1936) * Various Fixes OBS-URL: https://build.opensuse.org/request/show/792362 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=92
2020-04-19 14:59:35 +02:00
URL: http://botan.randombit.net
Source0: http://botan.randombit.net/releases/Botan-%{version}.tar.xz
Source1: http://botan.randombit.net/releases/Botan-%{version}.tar.xz.asc
Source2: %{name}.keyring
Source3: baselibs.conf
BuildRequires: bzip2 >= 1.0.2
BuildRequires: gcc-c++
# FIXME: is this dependency correct?
BuildRequires: gmp-devel >= 4.1
#Requires: gmp >= 4.1
BuildRequires: libbz2-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: python3
BuildRequires: zlib-devel
%description
Botan is a C++ library that provides support for many common
cryptographic operations, including encryption, authentication, and
X.509v3 certificates and CRLs. A wide variety of algorithms is
supported, including RSA, DSA, DES, AES, MD5, and SHA-1.
%package -n libbotan-%{version_suffix}
Summary: A C++ Crypto Library
Group: System/Libraries
%description -n libbotan-%{version_suffix}
Botan is a C++ library that provides support for many common
cryptographic operations, including encryption, authentication, and
X.509v3 certificates and CRLs. A wide variety of algorithms is
supported, including RSA, DSA, DES, AES, MD5, and SHA-1.
%package -n libbotan-devel
Summary: Development files for Botan
Group: Development/Libraries/C and C++
Requires: libbotan-%{version_suffix} = %{version}
Requires: libbz2-devel
Provides: Botan-devel = %{version}
Obsoletes: Botan-devel < %{version}
%description -n libbotan-devel
This package contains the header files and libraries needed to develop
programs that use the Botan library.
%package -n python3-botan
Summary: Botan python bindings
Group: Development/Languages/Python
Requires: python3
%description -n python3-botan
This package contains the python bindings to libbotan's C98 interface.
%package doc
%define botan_docdir %{_docdir}/botan-%{version}
Summary: Documentation of Botan
Group: Development/Libraries/C and C++
BuildArch: noarch
%description doc
Documentation of Botan package.
%prep
%setup -q -n Botan-%{version}
%build
Accepting request 792362 from home:polslinux:branches:devel:libraries:c_c++ - Update to Botan 2.14: * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247) * Optimize the vector permute AES implementation, especially improving performance on ARMv7, Aarch64, and POWER. (GH #2243) * Use a new algorithm for modular inversions which is both faster and more resistant to side channel attacks. (GH #2287 #2296 #2301) * Address an issue in CBC padding which would leak the length of the plaintext which was being padded. Unpadding during decryption was not affected. * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295) * Increase the size of the ECC blinding mask and scale it based on the size of the group order. (GH #880 #893 #2308) * Add server side support for the TLS asio wrapper. (GH #2229) * Add support for using Windows certificate store on MinGW (GH #2280) * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter. * Add Roughtime client (GH #2143 #1842) * Add support for XMSS X.509 certificates (GH #2172) * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213) * Add AVX2 implementation of SHACAL2 (GH #2196) * Support more functionality for X.509 in the Python API (GH #2165) * Add generic CPU target useful when building for some new or unusual platform. * Disable MD5 in BSI or NIST modes (GH #2188) * Many currently public headers are being deprecated. If any such header is included by an application, a warning is issued at compile time. Headers issuing this warning will be made internal in a future major release. * RSA signature performance improvements (GH #2068 #2070) * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and ChaCha20Poly1305 (GH #2117), especially for small messages. * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100) * Improve performance of POWER8 AES instructions (GH #2096) * Add support for the POWER9 hardware random number generator (GH #2026) * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022) * In DTLS server, support a client crashing and then reconnecting from the same source port, as described in RFC 6347 sec 4.2.8 (GH #2029) * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042) * Add support for the TLS v1.3 downgrade indicator. (GH #2027) * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987) * Add Bcrypt-PBKDF (GH #1990) * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999) * Add support for the TLS v1.3 supported_versions extension. (GH #1976) * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000) * Add support for OCSP stapling on server side. (GH #1703 #1967) * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992) * Add a certificate store for Linux/Unix systems. (GH #1885 #1936) * Various Fixes OBS-URL: https://build.opensuse.org/request/show/792362 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=92
2020-04-19 14:59:35 +02:00
%define _lto_cflags %{nil}
export RPM_OPT_FLAGS
python3 ./configure.py \
--prefix=%{_prefix} \
--bindir=%{_bindir} \
--libdir=%{_libdir} \
--docdir=%{_defaultdocdir} \
--includedir=%{_includedir} \
--with-bzip2 \
--with-zlib \
--with-openssl \
%ifarch %ix86
--cpu=x86_32
%else
%ifarch %{arm}
--cpu=arm
%else
--cpu=%{_target_cpu}
%endif
%endif
make %{?_smp_mflags} WARN_FLAGS="%{optflags}"
%install
sed -i 's/env python/env python3/' src/scripts/install.py
%make_install
rm -f %{buildroot}/%{_libdir}/libbotan*.a
chmod +x %{buildroot}%{python3_sitearch}/botan2.py
sed -i '1s@^#!/.*@#!%{_bindir}/python3@' %{buildroot}%{python3_sitearch}/botan2.py
%post -n libbotan-%{version_suffix} -p /sbin/ldconfig
%postun -n libbotan-%{version_suffix} -p /sbin/ldconfig
%files
%{_bindir}/botan
%files doc
%docdir %{botan_docdir}
%{botan_docdir}
%files -n libbotan-%{version_suffix}
%{_libdir}/libbotan-%{short_version}.so.*
%files -n libbotan-devel
%{_libdir}/libbotan-%{short_version}.so
%{_libdir}/pkgconfig/botan-%{short_version}.pc
%{_includedir}/botan-%{short_version}
%files -n python3-botan
%{python3_sitearch}/botan2.py
%changelog