Accepting request 531133 from home:dmolkentin:branches:devel:libraries:c_c++
- Update to 1.10.17 - Address a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function. (GH #1192 #1148 #882, bsc#1060433) - Add SecureVector::data() function which returns the start of the buffer. This makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. When compiled by a C++11 (or later) compiler, a template typedef of SecureVector, secure_vector, is added. In 2.x this class is a std::vector with a custom allocator, so has a somewhat different interface than SecureVector in 1.10. But this makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. - Fix a bug that prevented configure.py from running under Python3 - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against 1.1 or later. (GH #753) - Import patches from Debian adding basic support for building on aarch64, ppc64le, or1k, and mipsn32 platforms. * obsoletes CVE-2017-14737.patch * refreshes aarch64-support.patch * drop ppc64le-support.patch for upstream version (disables altivec support as per concerns by upstream) - Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation allows local attacker to recover information about RSA secret keys. * add CVE-2017-14737.patch OBS-URL: https://build.opensuse.org/request/show/531133 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=71
This commit is contained in:
parent
3903a8bec2
commit
8b274fb891
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52
|
|
||||||
size 2711177
|
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAljkQzcACgkQYhHr8e+6
|
|
||||||
37zwOAf9G0+rAaNoq5K9m4LZq4A1jP1B4HBsrddLu0PFCCDD8usYNTJkSUhoVTTt
|
|
||||||
BZqFa9NK8+NV/cELnRiiVw1mvMCN981tzl2rBiE6yw3CrfvuLYGX21Vc3RNIIjYs
|
|
||||||
rdH5oIvRP7C7zmRP3uuybFefsI6XXUVppjFcP6N14zDNXQxl2eoW9LZbxl0m28Dp
|
|
||||||
tMum3qSIaQemcJzOpfoXYW1A/Q3Rz8Wh3Xh1Jfjm8kUY9GOGtf9vQwO8Jb4jn9kJ
|
|
||||||
ftyoDlBWMQAgPd3DXKx/tfn7YcshbgmCW6lrqrwMIz84ESqkqZt8h/olPrJK/8tO
|
|
||||||
cdPl7ovtfSfQXWRJzAL3ehF1HeKZVg==
|
|
||||||
=EDPN
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
Botan-1.10.17.tgz
Normal file
3
Botan-1.10.17.tgz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613
|
||||||
|
size 2706678
|
11
Botan-1.10.17.tgz.asc
Normal file
11
Botan-1.10.17.tgz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlnSZaQACgkQYhHr8e+6
|
||||||
|
37xtgwf+KcmgrrfzAF6HLJJwOvMom+SnpHShvoMPqfmXwhvKELCQ8TypARF7Zbjw
|
||||||
|
e6M6Nvb/u2PhEoEX4p2vYPLxxtz+la5xXBa+UDbSO9nppFe0z6qIyR793gYWaUUT
|
||||||
|
vBonBeComOtn5vYEQ6Xj+X8JjH3xK1oKX+jNWHLKHcMUoNdRdu3dYS9Tkbvyy9DY
|
||||||
|
yjUrOE9/N8ATjSN9dEC0Xa29CMhgYxquIz6FuMspPxJHHD5/GrP+h5LfnR76vkaK
|
||||||
|
CBilE9VEYoLSTDQyHb6g0/Fz1l+YM159oe2SmFdOGBzI02EkYGBXxYc9fSpw92oH
|
||||||
|
rokKA1Q23WpaK0bzduvduBreYtIpsw==
|
||||||
|
=1D+U
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,41 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 4 07:49:54 UTC 2017 - daniel.molkentin@suse.com
|
||||||
|
|
||||||
|
- Update to 1.10.17
|
||||||
|
- Address a side channel affecting modular exponentiation. An attacker
|
||||||
|
capable of a local or cross-VM cache analysis attack may be able to recover
|
||||||
|
bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
|
||||||
|
a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
|
||||||
|
(GH #1192 #1148 #882, bsc#1060433)
|
||||||
|
- Add SecureVector::data() function which returns the start of the buffer.
|
||||||
|
This makes it slightly simpler to support both 1.10 and 2.x APIs in the
|
||||||
|
same codebase. When compiled by a C++11 (or later) compiler, a template
|
||||||
|
typedef of SecureVector, secure_vector, is added. In 2.x this class is a
|
||||||
|
std::vector with a custom allocator, so has a somewhat different interface
|
||||||
|
than SecureVector in 1.10. But this makes it slightly simpler to support
|
||||||
|
both 1.10 and 2.x APIs in the same codebase.
|
||||||
|
- Fix a bug that prevented configure.py from running under Python3
|
||||||
|
- Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
|
||||||
|
#error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
|
||||||
|
1.1 or later. (GH #753)
|
||||||
|
- Import patches from Debian adding basic support for
|
||||||
|
building on aarch64, ppc64le, or1k, and mipsn32 platforms.
|
||||||
|
|
||||||
|
* obsoletes CVE-2017-14737.patch
|
||||||
|
|
||||||
|
* refreshes aarch64-support.patch
|
||||||
|
|
||||||
|
* drop ppc64le-support.patch for upstream version
|
||||||
|
(disables altivec support as per concerns by upstream)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Sep 26 13:03:46 UTC 2017 - daniel.molkentin@suse.com
|
||||||
|
|
||||||
|
- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
|
||||||
|
implementation allows local attacker to recover information about RSA secret
|
||||||
|
keys.
|
||||||
|
* add CVE-2017-14737.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Sep 21 09:48:17 UTC 2017 - vcizek@suse.com
|
Thu Sep 21 09:48:17 UTC 2017 - vcizek@suse.com
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
%define version_suffix 1_10-1
|
%define version_suffix 1_10-1
|
||||||
%define short_version 1.10
|
%define short_version 1.10
|
||||||
Name: Botan
|
Name: Botan
|
||||||
Version: 1.10.16
|
Version: 1.10.17
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: A C++ Crypto Library
|
Summary: A C++ Crypto Library
|
||||||
License: BSD-2-Clause
|
License: BSD-2-Clause
|
||||||
@ -36,7 +36,6 @@ Patch4: Botan-no-buildtime.patch
|
|||||||
Patch6: Botan-fix_pkgconfig.patch
|
Patch6: Botan-fix_pkgconfig.patch
|
||||||
Patch7: dont-set-mach-value.diff
|
Patch7: dont-set-mach-value.diff
|
||||||
Patch8: aarch64-support.patch
|
Patch8: aarch64-support.patch
|
||||||
Patch9: ppc64le-support.patch
|
|
||||||
Patch10: no-cpuid-header.patch
|
Patch10: no-cpuid-header.patch
|
||||||
BuildRequires: bzip2 >= 1.0.2
|
BuildRequires: bzip2 >= 1.0.2
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
@ -94,8 +93,7 @@ programs that use the Botan library.
|
|||||||
%patch4
|
%patch4
|
||||||
%patch6
|
%patch6
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8
|
%patch8 -p1
|
||||||
%patch9
|
|
||||||
%if 0%{?suse_version} == 1110
|
%if 0%{?suse_version} == 1110
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%endif
|
%endif
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
Index: src/build-data/arch/aarch64.txt
|
diff --git a/src/build-data/arch/aarch64.txt b/src/build-data/arch/aarch64.txt
|
||||||
===================================================================
|
index 863b000c5..9ea51c936 100644
|
||||||
--- /dev/null
|
--- a/src/build-data/arch/aarch64.txt
|
||||||
+++ src/build-data/arch/aarch64.txt
|
+++ b/src/build-data/arch/aarch64.txt
|
||||||
@@ -0,0 +1,6 @@
|
@@ -2,5 +2,6 @@ endian little
|
||||||
+endian little
|
|
||||||
+
|
<aliases>
|
||||||
+<aliases>
|
arm64 # For Debian
|
||||||
+arm64
|
+armv8 # For SUSE
|
||||||
+armv8
|
</aliases>
|
||||||
+</aliases>
|
|
||||||
|
@ -1,18 +0,0 @@
|
|||||||
--- /dev/null 2013-11-30 20:09:56.080000808 +0100
|
|
||||||
+++ src/build-data/arch/ppc64le.txt 2013-12-08 23:56:25.465510000 +0100
|
|
||||||
@@ -0,0 +1,15 @@
|
|
||||||
+endian little
|
|
||||||
+
|
|
||||||
+family ppc
|
|
||||||
+
|
|
||||||
+<aliases>
|
|
||||||
+powerpc64le
|
|
||||||
+</aliases>
|
|
||||||
+
|
|
||||||
+<submodels>
|
|
||||||
+power7
|
|
||||||
+</submodels>
|
|
||||||
+
|
|
||||||
+<isa_extn>
|
|
||||||
+altivec:power7
|
|
||||||
+</isa_extn>
|
|
Loading…
Reference in New Issue
Block a user