Botan/Botan.spec

155 lines
4.4 KiB
RPMSpec
Raw Normal View History

#
# spec file for package Botan
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
Accepting request 689411 from home:dmolkentin:branches:devel:libraries:c_c++ - Update to Botan 2.9 * Bump SONAME * CVE-2018-20187 Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key. * Fix bugs in TLS which caused negotiation failures when the client used an unknown signature algorithm or version (GH #1711 #1709 #1708) * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data was set after starting a message, the new AD was not reflected in the produced tag. Now with these modes setting an AD after beginning a message throws an exception. * Use a smaller sieve which improves performance of prime generation. * Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256 GB. (GH #1728) * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729) * Optimize AVX2 ChaCha (GH #1730) * Many more operations in BigInt, ECC and RSA code paths are either fully const time or avoid problematic branches that could potentially be exploited in a side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765 #1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797) * Several optimizations for BigInt and ECC, improving ECDSA performance by as much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788) OBS-URL: https://build.opensuse.org/request/show/689411 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=89
2019-03-29 09:09:19 +01:00
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{!?make_build: %define make_build make %{?_smp_mflags}}
%define version_suffix 2-19
%define short_version 2
Name: Botan
Version: 2.19.1
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause
Group: Development/Libraries/C and C++
URL: https://botan.randombit.net
Accepting request 792362 from home:polslinux:branches:devel:libraries:c_c++ - Update to Botan 2.14: * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247) * Optimize the vector permute AES implementation, especially improving performance on ARMv7, Aarch64, and POWER. (GH #2243) * Use a new algorithm for modular inversions which is both faster and more resistant to side channel attacks. (GH #2287 #2296 #2301) * Address an issue in CBC padding which would leak the length of the plaintext which was being padded. Unpadding during decryption was not affected. * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295) * Increase the size of the ECC blinding mask and scale it based on the size of the group order. (GH #880 #893 #2308) * Add server side support for the TLS asio wrapper. (GH #2229) * Add support for using Windows certificate store on MinGW (GH #2280) * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter. * Add Roughtime client (GH #2143 #1842) * Add support for XMSS X.509 certificates (GH #2172) * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213) * Add AVX2 implementation of SHACAL2 (GH #2196) * Support more functionality for X.509 in the Python API (GH #2165) * Add generic CPU target useful when building for some new or unusual platform. * Disable MD5 in BSI or NIST modes (GH #2188) * Many currently public headers are being deprecated. If any such header is included by an application, a warning is issued at compile time. Headers issuing this warning will be made internal in a future major release. * RSA signature performance improvements (GH #2068 #2070) * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and ChaCha20Poly1305 (GH #2117), especially for small messages. * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100) * Improve performance of POWER8 AES instructions (GH #2096) * Add support for the POWER9 hardware random number generator (GH #2026) * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022) * In DTLS server, support a client crashing and then reconnecting from the same source port, as described in RFC 6347 sec 4.2.8 (GH #2029) * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042) * Add support for the TLS v1.3 downgrade indicator. (GH #2027) * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987) * Add Bcrypt-PBKDF (GH #1990) * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999) * Add support for the TLS v1.3 supported_versions extension. (GH #1976) * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000) * Add support for OCSP stapling on server side. (GH #1703 #1967) * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992) * Add a certificate store for Linux/Unix systems. (GH #1885 #1936) * Various Fixes OBS-URL: https://build.opensuse.org/request/show/792362 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=92
2020-04-19 14:59:35 +02:00
Source0: http://botan.randombit.net/releases/Botan-%{version}.tar.xz
Source1: http://botan.randombit.net/releases/Botan-%{version}.tar.xz.asc
Source2: %{name}.keyring
Source3: baselibs.conf
BuildRequires: bzip2 >= 1.0.2
BuildRequires: gcc-c++
BuildRequires: libbz2-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: python3
BuildRequires: trousers-devel
BuildRequires: zlib-devel
BuildRequires: pkgconfig(liblzma)
BuildRequires: pkgconfig(sqlite3)
%description
Botan is a C++ library that provides support for many common
cryptographic operations, including encryption, authentication, and
X.509v3 certificates and CRLs. A wide variety of algorithms is
supported, including RSA, DSA, DES, AES, MD5, and SHA-1.
%package -n libbotan-%{version_suffix}
Summary: A C++ Crypto Library
Group: System/Libraries
%description -n libbotan-%{version_suffix}
Botan is a C++ library that provides support for many common
cryptographic operations, including encryption, authentication, and
X.509v3 certificates and CRLs. A wide variety of algorithms is
supported, including RSA, DSA, DES, AES, MD5, and SHA-1.
%package -n libbotan-devel
Summary: Development files for Botan
Group: Development/Libraries/C and C++
Requires: libbotan-%{version_suffix} = %{version}
Requires: libbz2-devel
Requires: trousers-devel
Requires: pkgconfig(liblzma)
Requires: pkgconfig(sqlite3)
Provides: Botan-devel = %{version}
Obsoletes: Botan-devel < %{version}
%description -n libbotan-devel
This package contains the header files and libraries needed to develop
programs that use the Botan library.
%package -n python3-botan
Summary: Botan python bindings
Group: Development/Languages/Python
Requires: python3
%description -n python3-botan
This package contains the python bindings to libbotan's C98 interface.
%package doc
%define botan_docdir %{_docdir}/botan-%{version}
Summary: Documentation of Botan
Group: Development/Libraries/C and C++
BuildArch: noarch
%description doc
Documentation of Botan package.
%prep
%setup -q -n Botan-%{version}
%build
Accepting request 792362 from home:polslinux:branches:devel:libraries:c_c++ - Update to Botan 2.14: * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247) * Optimize the vector permute AES implementation, especially improving performance on ARMv7, Aarch64, and POWER. (GH #2243) * Use a new algorithm for modular inversions which is both faster and more resistant to side channel attacks. (GH #2287 #2296 #2301) * Address an issue in CBC padding which would leak the length of the plaintext which was being padded. Unpadding during decryption was not affected. * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295) * Increase the size of the ECC blinding mask and scale it based on the size of the group order. (GH #880 #893 #2308) * Add server side support for the TLS asio wrapper. (GH #2229) * Add support for using Windows certificate store on MinGW (GH #2280) * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter. * Add Roughtime client (GH #2143 #1842) * Add support for XMSS X.509 certificates (GH #2172) * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213) * Add AVX2 implementation of SHACAL2 (GH #2196) * Support more functionality for X.509 in the Python API (GH #2165) * Add generic CPU target useful when building for some new or unusual platform. * Disable MD5 in BSI or NIST modes (GH #2188) * Many currently public headers are being deprecated. If any such header is included by an application, a warning is issued at compile time. Headers issuing this warning will be made internal in a future major release. * RSA signature performance improvements (GH #2068 #2070) * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and ChaCha20Poly1305 (GH #2117), especially for small messages. * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100) * Improve performance of POWER8 AES instructions (GH #2096) * Add support for the POWER9 hardware random number generator (GH #2026) * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022) * In DTLS server, support a client crashing and then reconnecting from the same source port, as described in RFC 6347 sec 4.2.8 (GH #2029) * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042) * Add support for the TLS v1.3 downgrade indicator. (GH #2027) * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987) * Add Bcrypt-PBKDF (GH #1990) * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999) * Add support for the TLS v1.3 supported_versions extension. (GH #1976) * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000) * Add support for OCSP stapling on server side. (GH #1703 #1967) * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992) * Add a certificate store for Linux/Unix systems. (GH #1885 #1936) * Various Fixes OBS-URL: https://build.opensuse.org/request/show/792362 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=92
2020-04-19 14:59:35 +02:00
%define _lto_cflags %{nil}
export RPM_OPT_FLAGS
python3 ./configure.py \
--prefix=%{_prefix} \
--bindir=%{_bindir} \
--libdir=%{_libdir} \
--docdir=%{_defaultdocdir} \
--includedir=%{_includedir} \
--with-bzip2 \
--with-zlib \
--with-lzma \
--with-openssl \
--with-openmp \
--with-sqlite \
--with-tpm \
%ifarch %{ix86}
--cpu=x86_32
%else
%ifarch %{arm}
--cpu=arm
%else
--cpu=%{_target_cpu}
%endif
%endif
%make_build WARN_FLAGS="%{optflags}"
%install
sed -i 's/env python/env python3/' src/scripts/install.py
%make_install
rm -f %{buildroot}/%{_libdir}/libbotan*.a
chmod +x %{buildroot}%{python3_sitearch}/botan2.py
sed -i '1s@^#!/.*@#!%{_bindir}/python3@' %{buildroot}%{python3_sitearch}/botan2.py
%check
%make_build check
%post -n libbotan-%{version_suffix} -p /sbin/ldconfig
%postun -n libbotan-%{version_suffix} -p /sbin/ldconfig
%files
%{_bindir}/botan
%files doc
%docdir %{botan_docdir}
%{botan_docdir}
%files -n libbotan-%{version_suffix}
%{_libdir}/libbotan-%{short_version}.so.*
%files -n libbotan-devel
%{_libdir}/libbotan-%{short_version}.so
%{_libdir}/pkgconfig/botan-%{short_version}.pc
%{_includedir}/botan-%{short_version}
%files -n python3-botan
%{python3_sitearch}/botan2.py
%changelog