From 5960f3cfdcd83b3c7e4196327e2b307c296d9c3e7699859b63620526a79ceb4a Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Sun, 16 Aug 2020 02:17:19 +0000 Subject: [PATCH] =?UTF-8?q?-=20update=20to=202.15:=20=20=20Fix=20a=20bug?= =?UTF-8?q?=20where=20the=20name=20constraint=20extension=20did=20not=20co?= =?UTF-8?q?nstrain=20the=20alternative=20=20=20DN=20field=20which=20can=20?= =?UTF-8?q?be=20included=20in=20a=20subject=20alternative=20name.=20This?= =?UTF-8?q?=20would=20allow=20=20=20a=20corrupted=20sub-CA=20which=20was?= =?UTF-8?q?=20otherwise=20constrained=20by=20a=20name=20constraint=20to=20?= =?UTF-8?q?=20=20issue=20a=20certificate=20with=20a=20prohibited=20DN.=20?= =?UTF-8?q?=20=20Fix=20a=20bug=20in=20the=20TLS=20server=20during=20client?= =?UTF-8?q?=20authentication=20where=20where=20if=20a=20=20=20(disabled=20?= =?UTF-8?q?by=20default)=20static=20RSA=20ciphersuite=20was=20selected,=20?= =?UTF-8?q?then=20no=20certificate=20=20=20request=20would=20be=20sent.=20?= =?UTF-8?q?This=20would=20have=20an=20equivalent=20effect=20to=20a=20clien?= =?UTF-8?q?t=20which=20=20=20simply=20replied=20with=20an=20empty=20Certif?= =?UTF-8?q?icate=20message.=20(GH=20#2367)=20=20=20Replace=20the=20T-Table?= =?UTF-8?q?s=20implementation=20of=20AES=20with=20a=2032-bit=20bitsliced?= =?UTF-8?q?=20version.=20As=20=20=20a=20result=20AES=20is=20now=20constant?= =?UTF-8?q?=20time=20on=20all=20processors.=20(GH=20#2346=20#2348=20#2353?= =?UTF-8?q?=20=20=20#2329=20#2355)=20=20=20In=20TLS,=20enforce=20that=20th?= =?UTF-8?q?e=20key=20usage=20given=20in=20the=20server=20certificate=20all?= =?UTF-8?q?ows=20the=20=20=20operation=20being=20performed=20in=20the=20ci?= =?UTF-8?q?phersuite.=20(GH=20#2367)=20=20=20In=20X.509=20certificates,=20?= =?UTF-8?q?verify=20that=20the=20algorithm=20parameters=20are=20the=20expe?= =?UTF-8?q?cted=20=20=20NULL=20or=20empty.=20(GH=20#2367)=20=20=20Change?= =?UTF-8?q?=20the=20HMAC=20key=20schedule=20to=20attempt=20to=20reduce=20t?= =?UTF-8?q?he=20information=20leaked=20from=20=20=20the=20key=20schedule?= =?UTF-8?q?=20with=20regards=20to=20the=20length=20of=20the=20key,=20as=20?= =?UTF-8?q?this=20is=20at=20times=20(as=20=20=20for=20example=20in=20PBKDF?= =?UTF-8?q?2)=20sensitive=20information.=20(GH=20#2362)=20=20=20Add=20Proc?= =?UTF-8?q?essor=5FRNG=20which=20wraps=20RDRAND=20or=20the=20POWER=20DARN?= =?UTF-8?q?=20RNG=20instructions.=20The=20=20=20previous=20RDRAND=5FRNG=20?= =?UTF-8?q?interface=20is=20deprecated.=20(GH=20#2352)=20=20=20The=20docum?= =?UTF-8?q?entation=20claimed=20that=20mlocked=20pages=20were=20created=20?= =?UTF-8?q?with=20a=20guard=20page=20=20=20both=20before=20and=20after.=20?= =?UTF-8?q?However=20only=20a=20trailing=20guard=20page=20was=20used.=20Ad?= =?UTF-8?q?d=20a=20=20=20leading=20guard=20page.=20(GH=20#2334)=20=20=20Ad?= =?UTF-8?q?d=20support=20for=20generating=20and=20verifying=20DER-encoded?= =?UTF-8?q?=20ECDSA=20signatures=20in=20the=20C=20=20=20and=20Python=20int?= =?UTF-8?q?erfaces.=20(GH=20#2357=20#2356)=20=20=20Workaround=20a=20bug=20?= =?UTF-8?q?in=20GCC=E2=80=99s=20UbSan=20which=20triggered=20on=20a=20code?= =?UTF-8?q?=20sequence=20in=20XMSS=20(GH=20=20=20#2322)=20=20=20When=20bui?= =?UTF-8?q?lding=20documentation=20using=20Sphinx=20avoid=20parallel=20bui?= =?UTF-8?q?lds=20with=20version=203.0=20=20=20due=20to=20a=20bug=20in=20th?= =?UTF-8?q?at=20version=20(GH=20#2326=20#2324)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=94 --- Botan-2.14.0.tar.xz | 3 --- Botan-2.14.0.tar.xz.asc | 11 --------- Botan-2.15.0.tar.xz | 3 +++ Botan-2.15.0.tar.xz.asc | 11 +++++++++ Botan.changes | 52 +++++++++++++++++++++++++++++++++++++++++ Botan.spec | 4 ++-- baselibs.conf | 4 ++-- 7 files changed, 70 insertions(+), 18 deletions(-) delete mode 100644 Botan-2.14.0.tar.xz delete mode 100644 Botan-2.14.0.tar.xz.asc create mode 100644 Botan-2.15.0.tar.xz create mode 100644 Botan-2.15.0.tar.xz.asc diff --git a/Botan-2.14.0.tar.xz b/Botan-2.14.0.tar.xz deleted file mode 100644 index d4b45a8..0000000 --- a/Botan-2.14.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0c10f12b424a40ee19bde00292098e201d7498535c062d8d5b586d07861a54b5 -size 5958948 diff --git a/Botan-2.14.0.tar.xz.asc b/Botan-2.14.0.tar.xz.asc deleted file mode 100644 index 053b8e6..0000000 --- a/Botan-2.14.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAl6LEUEACgkQYhHr8e+6 -37zeyAf/XR0IcWdTE5mW7yRmkYMm+1kDkmiTk4Zow+kTZhRegX691PX3jAMNCi0A -Gxp7waf0bYT0Qu6LvncqXINCPaSTsjilO6WCDcfIe4FOJzCLRc+TCVNwGxImCxzr -Zhs4d3YtaQk7Qh4+eu9nwJ1K9N0AC9QfdCMY2DPVEBMYm2PxrXl19WhLzCJQi+tP -+Rju2N3SQPCeGkgY3PCQfIX2N8GqVRa4MhacUD3hcUhTPngI+z5Fchbm/BdKo1qW -YDFh1Se8SvdxGzaCB6iIHayGTueyzUzCzc5fIElbo4vZ+VMKinxY8I/Ly5VOdZNy -IHlGHk+vKJkklnW/Wf1WQgrYfqETOQ== -=Okhl ------END PGP SIGNATURE----- diff --git a/Botan-2.15.0.tar.xz b/Botan-2.15.0.tar.xz new file mode 100644 index 0000000..dcdaba5 --- /dev/null +++ b/Botan-2.15.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d88af1307f1fefac79aa4f2f524699478d69ce15a857cf2d0a90ac6bf2a50009 +size 5920688 diff --git a/Botan-2.15.0.tar.xz.asc b/Botan-2.15.0.tar.xz.asc new file mode 100644 index 0000000..975b198 --- /dev/null +++ b/Botan-2.15.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAl8EZW8ACgkQYhHr8e+6 +37ziJQf/WyGSyiSOT97oF2vfYZKzEIbSauIjAZX8EsLzFp0tW0fTA+WOeBixio1B +i7nT3o/ntOyJTjDuavUfzam9PTNfluklsNjX/xQH/+G3dgz7Vit6Bzam3h9yFOJI +UHw0AsUSpnVesWwEEiUPz9EFD40ExafH+jkE8xxTItWUGz3qEqTdUJGATQAcUsaq +jCw+Lxy0TSNkdbLTOUcU38Ds9paysSxKI9GSzlBR0etZNrXHT97HT1iwneGn64qu +NMjt+XmHP/7nYw6+vmM2FWvrOYViV60UaMfDqPtyDwd22XHkkw6YpkVscIkfc9ZE +0cSn1bY/+tLAkpK885cxA3DtYd+IWg== +=kUJO +-----END PGP SIGNATURE----- diff --git a/Botan.changes b/Botan.changes index 6d2369c..944c2f9 100644 --- a/Botan.changes +++ b/Botan.changes @@ -1,3 +1,55 @@ +------------------------------------------------------------------- +Sun Aug 16 01:57:13 UTC 2020 - Dirk Mueller + +- update to 2.15: + Fix a bug where the name constraint extension did not constrain the alternative + DN field which can be included in a subject alternative name. This would allow + a corrupted sub-CA which was otherwise constrained by a name constraint to + issue a certificate with a prohibited DN. + + Fix a bug in the TLS server during client authentication where where if a + (disabled by default) static RSA ciphersuite was selected, then no certificate + request would be sent. This would have an equivalent effect to a client which + simply replied with an empty Certificate message. (GH #2367) + + Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As + a result AES is now constant time on all processors. (GH #2346 #2348 #2353 + #2329 #2355) + + In TLS, enforce that the key usage given in the server certificate allows the + operation being performed in the ciphersuite. (GH #2367) + + In X.509 certificates, verify that the algorithm parameters are the expected + NULL or empty. (GH #2367) + + Change the HMAC key schedule to attempt to reduce the information leaked from + the key schedule with regards to the length of the key, as this is at times (as + for example in PBKDF2) sensitive information. (GH #2362) + + Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The + previous RDRAND_RNG interface is deprecated. (GH #2352) + + The documentation claimed that mlocked pages were created with a guard page + both before and after. However only a trailing guard page was used. Add a + leading guard page. (GH #2334) + + Add support for generating and verifying DER-encoded ECDSA signatures in the C + and Python interfaces. (GH #2357 #2356) + + Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH + #2322) + + When building documentation using Sphinx avoid parallel builds with version 3.0 + due to a bug in that version (GH #2326 #2324) + + Fix a memory leak in the CommonCrypto block cipher calls (GH #2371) + + Fix a flaky test that would occasionally fail when running the tests with a + large number of threads. (GH #2325 #2197) + + Additional algorithms are now deprecated: XTEA, GOST, and Tiger. They will be + removed in a future major release. + ------------------------------------------------------------------- Wed Apr 8 08:19:50 UTC 2020 - Paolo Stivanin diff --git a/Botan.spec b/Botan.spec index 6768fc7..704791a 100644 --- a/Botan.spec +++ b/Botan.spec @@ -16,10 +16,10 @@ # -%define version_suffix 2-13 +%define version_suffix 2-15 %define short_version 2 Name: Botan -Version: 2.14.0 +Version: 2.15.0 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause diff --git a/baselibs.conf b/baselibs.conf index 0ec628d..5e37b43 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,4 +1,4 @@ -libbotan-2-13 +libbotan-2-15 libbotan-devel requires -libbotan- = - requires "libbotan-2-13- = " + requires "libbotan-2-15- = "