Accepting request 826938 from devel:libraries:c_c++
- update to 2.15: Fix a bug where the name constraint extension did not constrain the alternative DN field which can be included in a subject alternative name. This would allow a corrupted sub-CA which was otherwise constrained by a name constraint to issue a certificate with a prohibited DN. Fix a bug in the TLS server during client authentication where where if a (disabled by default) static RSA ciphersuite was selected, then no certificate request would be sent. This would have an equivalent effect to a client which simply replied with an empty Certificate message. (GH #2367) Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As a result AES is now constant time on all processors. (GH #2346 #2348 #2353 #2329 #2355) In TLS, enforce that the key usage given in the server certificate allows the operation being performed in the ciphersuite. (GH #2367) In X.509 certificates, verify that the algorithm parameters are the expected NULL or empty. (GH #2367) Change the HMAC key schedule to attempt to reduce the information leaked from the key schedule with regards to the length of the key, as this is at times (as for example in PBKDF2) sensitive information. (GH #2362) Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The previous RDRAND_RNG interface is deprecated. (GH #2352) The documentation claimed that mlocked pages were created with a guard page both before and after. However only a trailing guard page was used. Add a leading guard page. (GH #2334) Add support for generating and verifying DER-encoded ECDSA signatures in the C and Python interfaces. (GH #2357 #2356) Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH #2322) When building documentation using Sphinx avoid parallel builds with version 3.0 due to a bug in that version (GH #2326 #2324) OBS-URL: https://build.opensuse.org/request/show/826938 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=54
This commit is contained in:
commit
7055bd1c61
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0c10f12b424a40ee19bde00292098e201d7498535c062d8d5b586d07861a54b5
|
||||
size 5958948
|
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAl6LEUEACgkQYhHr8e+6
|
||||
37zeyAf/XR0IcWdTE5mW7yRmkYMm+1kDkmiTk4Zow+kTZhRegX691PX3jAMNCi0A
|
||||
Gxp7waf0bYT0Qu6LvncqXINCPaSTsjilO6WCDcfIe4FOJzCLRc+TCVNwGxImCxzr
|
||||
Zhs4d3YtaQk7Qh4+eu9nwJ1K9N0AC9QfdCMY2DPVEBMYm2PxrXl19WhLzCJQi+tP
|
||||
+Rju2N3SQPCeGkgY3PCQfIX2N8GqVRa4MhacUD3hcUhTPngI+z5Fchbm/BdKo1qW
|
||||
YDFh1Se8SvdxGzaCB6iIHayGTueyzUzCzc5fIElbo4vZ+VMKinxY8I/Ly5VOdZNy
|
||||
IHlGHk+vKJkklnW/Wf1WQgrYfqETOQ==
|
||||
=Okhl
|
||||
-----END PGP SIGNATURE-----
|
3
Botan-2.15.0.tar.xz
Normal file
3
Botan-2.15.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d88af1307f1fefac79aa4f2f524699478d69ce15a857cf2d0a90ac6bf2a50009
|
||||
size 5920688
|
11
Botan-2.15.0.tar.xz.asc
Normal file
11
Botan-2.15.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAl8EZW8ACgkQYhHr8e+6
|
||||
37ziJQf/WyGSyiSOT97oF2vfYZKzEIbSauIjAZX8EsLzFp0tW0fTA+WOeBixio1B
|
||||
i7nT3o/ntOyJTjDuavUfzam9PTNfluklsNjX/xQH/+G3dgz7Vit6Bzam3h9yFOJI
|
||||
UHw0AsUSpnVesWwEEiUPz9EFD40ExafH+jkE8xxTItWUGz3qEqTdUJGATQAcUsaq
|
||||
jCw+Lxy0TSNkdbLTOUcU38Ds9paysSxKI9GSzlBR0etZNrXHT97HT1iwneGn64qu
|
||||
NMjt+XmHP/7nYw6+vmM2FWvrOYViV60UaMfDqPtyDwd22XHkkw6YpkVscIkfc9ZE
|
||||
0cSn1bY/+tLAkpK885cxA3DtYd+IWg==
|
||||
=kUJO
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,55 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Aug 16 01:57:13 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
||||
|
||||
- update to 2.15:
|
||||
Fix a bug where the name constraint extension did not constrain the alternative
|
||||
DN field which can be included in a subject alternative name. This would allow
|
||||
a corrupted sub-CA which was otherwise constrained by a name constraint to
|
||||
issue a certificate with a prohibited DN.
|
||||
|
||||
Fix a bug in the TLS server during client authentication where where if a
|
||||
(disabled by default) static RSA ciphersuite was selected, then no certificate
|
||||
request would be sent. This would have an equivalent effect to a client which
|
||||
simply replied with an empty Certificate message. (GH #2367)
|
||||
|
||||
Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
|
||||
a result AES is now constant time on all processors. (GH #2346 #2348 #2353
|
||||
#2329 #2355)
|
||||
|
||||
In TLS, enforce that the key usage given in the server certificate allows the
|
||||
operation being performed in the ciphersuite. (GH #2367)
|
||||
|
||||
In X.509 certificates, verify that the algorithm parameters are the expected
|
||||
NULL or empty. (GH #2367)
|
||||
|
||||
Change the HMAC key schedule to attempt to reduce the information leaked from
|
||||
the key schedule with regards to the length of the key, as this is at times (as
|
||||
for example in PBKDF2) sensitive information. (GH #2362)
|
||||
|
||||
Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
|
||||
previous RDRAND_RNG interface is deprecated. (GH #2352)
|
||||
|
||||
The documentation claimed that mlocked pages were created with a guard page
|
||||
both before and after. However only a trailing guard page was used. Add a
|
||||
leading guard page. (GH #2334)
|
||||
|
||||
Add support for generating and verifying DER-encoded ECDSA signatures in the C
|
||||
and Python interfaces. (GH #2357 #2356)
|
||||
|
||||
Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
|
||||
#2322)
|
||||
|
||||
When building documentation using Sphinx avoid parallel builds with version 3.0
|
||||
due to a bug in that version (GH #2326 #2324)
|
||||
|
||||
Fix a memory leak in the CommonCrypto block cipher calls (GH #2371)
|
||||
|
||||
Fix a flaky test that would occasionally fail when running the tests with a
|
||||
large number of threads. (GH #2325 #2197)
|
||||
|
||||
Additional algorithms are now deprecated: XTEA, GOST, and Tiger. They will be
|
||||
removed in a future major release.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 8 08:19:50 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
|
||||
|
||||
|
@ -16,10 +16,10 @@
|
||||
#
|
||||
|
||||
|
||||
%define version_suffix 2-13
|
||||
%define version_suffix 2-15
|
||||
%define short_version 2
|
||||
Name: Botan
|
||||
Version: 2.14.0
|
||||
Version: 2.15.0
|
||||
Release: 0
|
||||
Summary: A C++ Crypto Library
|
||||
License: BSD-2-Clause
|
||||
|
@ -1,4 +1,4 @@
|
||||
libbotan-2-13
|
||||
libbotan-2-15
|
||||
libbotan-devel
|
||||
requires -libbotan-<targettype> = <version>
|
||||
requires "libbotan-2-13-<targettype> = <version>"
|
||||
requires "libbotan-2-15-<targettype> = <version>"
|
||||
|
Loading…
Reference in New Issue
Block a user