Accepting request 531133 from home:dmolkentin:branches:devel:libraries:c_c++

- Update to 1.10.17
  - Address a side channel affecting modular exponentiation. An attacker
    capable of a local or cross-VM cache analysis attack may be able to recover
    bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
    a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
    (GH #1192 #1148 #882, bsc#1060433)
  - Add SecureVector::data() function which returns the start of the buffer.
    This makes it slightly simpler to support both 1.10 and 2.x APIs in the
    same codebase.  When compiled by a C++11 (or later) compiler, a template
    typedef of SecureVector, secure_vector, is added. In 2.x this class is a
    std::vector with a custom allocator, so has a somewhat different interface
    than SecureVector in 1.10. But this makes it slightly simpler to support
    both 1.10 and 2.x APIs in the same codebase.
  - Fix a bug that prevented configure.py from running under Python3
  - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
    #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
    1.1 or later. (GH #753)
  - Import patches from Debian adding basic support for
    building on aarch64, ppc64le, or1k, and mipsn32 platforms.
  * obsoletes CVE-2017-14737.patch
  * refreshes aarch64-support.patch
  * drop ppc64le-support.patch for upstream version
    (disables altivec support as per concerns by upstream)

- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
  implementation allows local attacker to recover information about RSA secret
  keys.
  * add CVE-2017-14737.patch

OBS-URL: https://build.opensuse.org/request/show/531133
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=71
This commit is contained in:
Adam Majer 2017-10-04 12:14:40 +00:00 committed by Git OBS Bridge
parent 3903a8bec2
commit 8b274fb891
8 changed files with 65 additions and 47 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52
size 2711177

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAljkQzcACgkQYhHr8e+6
37zwOAf9G0+rAaNoq5K9m4LZq4A1jP1B4HBsrddLu0PFCCDD8usYNTJkSUhoVTTt
BZqFa9NK8+NV/cELnRiiVw1mvMCN981tzl2rBiE6yw3CrfvuLYGX21Vc3RNIIjYs
rdH5oIvRP7C7zmRP3uuybFefsI6XXUVppjFcP6N14zDNXQxl2eoW9LZbxl0m28Dp
tMum3qSIaQemcJzOpfoXYW1A/Q3Rz8Wh3Xh1Jfjm8kUY9GOGtf9vQwO8Jb4jn9kJ
ftyoDlBWMQAgPd3DXKx/tfn7YcshbgmCW6lrqrwMIz84ESqkqZt8h/olPrJK/8tO
cdPl7ovtfSfQXWRJzAL3ehF1HeKZVg==
=EDPN
-----END PGP SIGNATURE-----

3
Botan-1.10.17.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613
size 2706678

11
Botan-1.10.17.tgz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlnSZaQACgkQYhHr8e+6
37xtgwf+KcmgrrfzAF6HLJJwOvMom+SnpHShvoMPqfmXwhvKELCQ8TypARF7Zbjw
e6M6Nvb/u2PhEoEX4p2vYPLxxtz+la5xXBa+UDbSO9nppFe0z6qIyR793gYWaUUT
vBonBeComOtn5vYEQ6Xj+X8JjH3xK1oKX+jNWHLKHcMUoNdRdu3dYS9Tkbvyy9DY
yjUrOE9/N8ATjSN9dEC0Xa29CMhgYxquIz6FuMspPxJHHD5/GrP+h5LfnR76vkaK
CBilE9VEYoLSTDQyHb6g0/Fz1l+YM159oe2SmFdOGBzI02EkYGBXxYc9fSpw92oH
rokKA1Q23WpaK0bzduvduBreYtIpsw==
=1D+U
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Wed Oct 4 07:49:54 UTC 2017 - daniel.molkentin@suse.com
- Update to 1.10.17
- Address a side channel affecting modular exponentiation. An attacker
capable of a local or cross-VM cache analysis attack may be able to recover
bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
(GH #1192 #1148 #882, bsc#1060433)
- Add SecureVector::data() function which returns the start of the buffer.
This makes it slightly simpler to support both 1.10 and 2.x APIs in the
same codebase. When compiled by a C++11 (or later) compiler, a template
typedef of SecureVector, secure_vector, is added. In 2.x this class is a
std::vector with a custom allocator, so has a somewhat different interface
than SecureVector in 1.10. But this makes it slightly simpler to support
both 1.10 and 2.x APIs in the same codebase.
- Fix a bug that prevented configure.py from running under Python3
- Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
#error if OpenSSL 1.1 is detected. Avoid with-openssl if compiling against
1.1 or later. (GH #753)
- Import patches from Debian adding basic support for
building on aarch64, ppc64le, or1k, and mipsn32 platforms.
* obsoletes CVE-2017-14737.patch
* refreshes aarch64-support.patch
* drop ppc64le-support.patch for upstream version
(disables altivec support as per concerns by upstream)
-------------------------------------------------------------------
Tue Sep 26 13:03:46 UTC 2017 - daniel.molkentin@suse.com
- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
implementation allows local attacker to recover information about RSA secret
keys.
* add CVE-2017-14737.patch
-------------------------------------------------------------------
Thu Sep 21 09:48:17 UTC 2017 - vcizek@suse.com

View File

@ -19,7 +19,7 @@
%define version_suffix 1_10-1
%define short_version 1.10
Name: Botan
Version: 1.10.16
Version: 1.10.17
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause
@ -36,7 +36,6 @@ Patch4: Botan-no-buildtime.patch
Patch6: Botan-fix_pkgconfig.patch
Patch7: dont-set-mach-value.diff
Patch8: aarch64-support.patch
Patch9: ppc64le-support.patch
Patch10: no-cpuid-header.patch
BuildRequires: bzip2 >= 1.0.2
BuildRequires: gcc-c++
@ -94,8 +93,7 @@ programs that use the Botan library.
%patch4
%patch6
%patch7 -p1
%patch8
%patch9
%patch8 -p1
%if 0%{?suse_version} == 1110
%patch10 -p1
%endif

View File

@ -1,11 +1,11 @@
Index: src/build-data/arch/aarch64.txt
===================================================================
--- /dev/null
+++ src/build-data/arch/aarch64.txt
@@ -0,0 +1,6 @@
+endian little
+
+<aliases>
+arm64
+armv8
+</aliases>
diff --git a/src/build-data/arch/aarch64.txt b/src/build-data/arch/aarch64.txt
index 863b000c5..9ea51c936 100644
--- a/src/build-data/arch/aarch64.txt
+++ b/src/build-data/arch/aarch64.txt
@@ -2,5 +2,6 @@ endian little
<aliases>
arm64 # For Debian
+armv8 # For SUSE
</aliases>

View File

@ -1,18 +0,0 @@
--- /dev/null 2013-11-30 20:09:56.080000808 +0100
+++ src/build-data/arch/ppc64le.txt 2013-12-08 23:56:25.465510000 +0100
@@ -0,0 +1,15 @@
+endian little
+
+family ppc
+
+<aliases>
+powerpc64le
+</aliases>
+
+<submodels>
+power7
+</submodels>
+
+<isa_extn>
+altivec:power7
+</isa_extn>