Accepting request 531133 from home:dmolkentin:branches:devel:libraries:c_c++
- Update to 1.10.17 - Address a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function. (GH #1192 #1148 #882, bsc#1060433) - Add SecureVector::data() function which returns the start of the buffer. This makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. When compiled by a C++11 (or later) compiler, a template typedef of SecureVector, secure_vector, is added. In 2.x this class is a std::vector with a custom allocator, so has a somewhat different interface than SecureVector in 1.10. But this makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. - Fix a bug that prevented configure.py from running under Python3 - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against 1.1 or later. (GH #753) - Import patches from Debian adding basic support for building on aarch64, ppc64le, or1k, and mipsn32 platforms. * obsoletes CVE-2017-14737.patch * refreshes aarch64-support.patch * drop ppc64le-support.patch for upstream version (disables altivec support as per concerns by upstream) - Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation allows local attacker to recover information about RSA secret keys. * add CVE-2017-14737.patch OBS-URL: https://build.opensuse.org/request/show/531133 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=71
This commit is contained in:
parent
3903a8bec2
commit
8b274fb891
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52
|
||||
size 2711177
|
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAljkQzcACgkQYhHr8e+6
|
||||
37zwOAf9G0+rAaNoq5K9m4LZq4A1jP1B4HBsrddLu0PFCCDD8usYNTJkSUhoVTTt
|
||||
BZqFa9NK8+NV/cELnRiiVw1mvMCN981tzl2rBiE6yw3CrfvuLYGX21Vc3RNIIjYs
|
||||
rdH5oIvRP7C7zmRP3uuybFefsI6XXUVppjFcP6N14zDNXQxl2eoW9LZbxl0m28Dp
|
||||
tMum3qSIaQemcJzOpfoXYW1A/Q3Rz8Wh3Xh1Jfjm8kUY9GOGtf9vQwO8Jb4jn9kJ
|
||||
ftyoDlBWMQAgPd3DXKx/tfn7YcshbgmCW6lrqrwMIz84ESqkqZt8h/olPrJK/8tO
|
||||
cdPl7ovtfSfQXWRJzAL3ehF1HeKZVg==
|
||||
=EDPN
|
||||
-----END PGP SIGNATURE-----
|
3
Botan-1.10.17.tgz
Normal file
3
Botan-1.10.17.tgz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613
|
||||
size 2706678
|
11
Botan-1.10.17.tgz.asc
Normal file
11
Botan-1.10.17.tgz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlnSZaQACgkQYhHr8e+6
|
||||
37xtgwf+KcmgrrfzAF6HLJJwOvMom+SnpHShvoMPqfmXwhvKELCQ8TypARF7Zbjw
|
||||
e6M6Nvb/u2PhEoEX4p2vYPLxxtz+la5xXBa+UDbSO9nppFe0z6qIyR793gYWaUUT
|
||||
vBonBeComOtn5vYEQ6Xj+X8JjH3xK1oKX+jNWHLKHcMUoNdRdu3dYS9Tkbvyy9DY
|
||||
yjUrOE9/N8ATjSN9dEC0Xa29CMhgYxquIz6FuMspPxJHHD5/GrP+h5LfnR76vkaK
|
||||
CBilE9VEYoLSTDQyHb6g0/Fz1l+YM159oe2SmFdOGBzI02EkYGBXxYc9fSpw92oH
|
||||
rokKA1Q23WpaK0bzduvduBreYtIpsw==
|
||||
=1D+U
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,41 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 4 07:49:54 UTC 2017 - daniel.molkentin@suse.com
|
||||
|
||||
- Update to 1.10.17
|
||||
- Address a side channel affecting modular exponentiation. An attacker
|
||||
capable of a local or cross-VM cache analysis attack may be able to recover
|
||||
bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
|
||||
a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
|
||||
(GH #1192 #1148 #882, bsc#1060433)
|
||||
- Add SecureVector::data() function which returns the start of the buffer.
|
||||
This makes it slightly simpler to support both 1.10 and 2.x APIs in the
|
||||
same codebase. When compiled by a C++11 (or later) compiler, a template
|
||||
typedef of SecureVector, secure_vector, is added. In 2.x this class is a
|
||||
std::vector with a custom allocator, so has a somewhat different interface
|
||||
than SecureVector in 1.10. But this makes it slightly simpler to support
|
||||
both 1.10 and 2.x APIs in the same codebase.
|
||||
- Fix a bug that prevented configure.py from running under Python3
|
||||
- Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
|
||||
#error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
|
||||
1.1 or later. (GH #753)
|
||||
- Import patches from Debian adding basic support for
|
||||
building on aarch64, ppc64le, or1k, and mipsn32 platforms.
|
||||
|
||||
* obsoletes CVE-2017-14737.patch
|
||||
|
||||
* refreshes aarch64-support.patch
|
||||
|
||||
* drop ppc64le-support.patch for upstream version
|
||||
(disables altivec support as per concerns by upstream)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 26 13:03:46 UTC 2017 - daniel.molkentin@suse.com
|
||||
|
||||
- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
|
||||
implementation allows local attacker to recover information about RSA secret
|
||||
keys.
|
||||
* add CVE-2017-14737.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 21 09:48:17 UTC 2017 - vcizek@suse.com
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
%define version_suffix 1_10-1
|
||||
%define short_version 1.10
|
||||
Name: Botan
|
||||
Version: 1.10.16
|
||||
Version: 1.10.17
|
||||
Release: 0
|
||||
Summary: A C++ Crypto Library
|
||||
License: BSD-2-Clause
|
||||
@ -36,7 +36,6 @@ Patch4: Botan-no-buildtime.patch
|
||||
Patch6: Botan-fix_pkgconfig.patch
|
||||
Patch7: dont-set-mach-value.diff
|
||||
Patch8: aarch64-support.patch
|
||||
Patch9: ppc64le-support.patch
|
||||
Patch10: no-cpuid-header.patch
|
||||
BuildRequires: bzip2 >= 1.0.2
|
||||
BuildRequires: gcc-c++
|
||||
@ -94,8 +93,7 @@ programs that use the Botan library.
|
||||
%patch4
|
||||
%patch6
|
||||
%patch7 -p1
|
||||
%patch8
|
||||
%patch9
|
||||
%patch8 -p1
|
||||
%if 0%{?suse_version} == 1110
|
||||
%patch10 -p1
|
||||
%endif
|
||||
|
@ -1,11 +1,11 @@
|
||||
Index: src/build-data/arch/aarch64.txt
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ src/build-data/arch/aarch64.txt
|
||||
@@ -0,0 +1,6 @@
|
||||
+endian little
|
||||
+
|
||||
+<aliases>
|
||||
+arm64
|
||||
+armv8
|
||||
+</aliases>
|
||||
diff --git a/src/build-data/arch/aarch64.txt b/src/build-data/arch/aarch64.txt
|
||||
index 863b000c5..9ea51c936 100644
|
||||
--- a/src/build-data/arch/aarch64.txt
|
||||
+++ b/src/build-data/arch/aarch64.txt
|
||||
@@ -2,5 +2,6 @@ endian little
|
||||
|
||||
<aliases>
|
||||
arm64 # For Debian
|
||||
+armv8 # For SUSE
|
||||
</aliases>
|
||||
|
||||
|
@ -1,18 +0,0 @@
|
||||
--- /dev/null 2013-11-30 20:09:56.080000808 +0100
|
||||
+++ src/build-data/arch/ppc64le.txt 2013-12-08 23:56:25.465510000 +0100
|
||||
@@ -0,0 +1,15 @@
|
||||
+endian little
|
||||
+
|
||||
+family ppc
|
||||
+
|
||||
+<aliases>
|
||||
+powerpc64le
|
||||
+</aliases>
|
||||
+
|
||||
+<submodels>
|
||||
+power7
|
||||
+</submodels>
|
||||
+
|
||||
+<isa_extn>
|
||||
+altivec:power7
|
||||
+</isa_extn>
|
Loading…
Reference in New Issue
Block a user