Accepting request 357517 from home:stroeder:branches:devel:libraries:c_c++

update to 1.10.12 (somewhat a security update)

OBS-URL: https://build.opensuse.org/request/show/357517
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=56
This commit is contained in:
Ismail Dönmez 2016-02-03 12:16:12 +00:00 committed by Git OBS Bridge
parent 47190eff56
commit d9be67b223
6 changed files with 35 additions and 15 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6b67b14746410461fe4a8ce6a625e7eef789243454fe30eab7329d5984be4163
size 2706592

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCgAGBQJVvvClAAoJEGIR6/Hvut+8DnIH/j5EW84EEcBKETvBQJqoPJt7
Gsq4GKHDo75gBnWn2a2WGbbFIRuwjW4rpbUxxn6Nxazr87Hvg/RpRmd03/VYNvDO
jai2oetGAbaV4e9kzSMI96jN6k3vpjtUqeY851PXnZxaILrx1iBqwppjVOZfIbNF
hxzNgDgd1lA/dgfsh/BGr3MWDihNOxpICAbxmnXJU8bjiNT3RqebyOmins/Q6eVr
Tl6D2CxeYV1QlxOOnd93PJW6RAJtgzw4kjUWIHB74DxhjtB06XV8jHQxlTRCEC/Q
QDy2WlymjDQapyW6OzB0nRYCKtJQyQiZVCk4cIBq/8X3M4vjk7jErwqKvNPGcCU=
=s4gl
-----END PGP SIGNATURE-----

3
Botan-1.10.12.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:affc3a79919577943f896e64d3e4a4dcc4970c5bf80cc98c7f3a3144745eac27
size 2707397

11
Botan-1.10.12.tgz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJWsbSyAAoJEGIR6/Hvut+8yZ8IAKZkFvG/j+nmWQPaoU0FKAJY
q37r0gIOSkZ+K4Q3k8Gc5uEmVcobP52JlDJZeG6yYERwJdN1aO/LcUpqxDvF8SNk
qrfsgItJ06SW+jLI9xS7abQGoVmfBEC5EcmqlPLLyJ4mPTR3XDDn6ITyN1i40Byr
rVMdm0dOwPiFrVJNlSjEnv/sQEPf6nrXAhu6vhGsWk1u6BbZRhVTk+0QAI0Dz950
MpRmIzEZAIAgvZpYGvvnULzfnNVwPswxw321Cp0JH368/sJjX2Mkp8yJ1wypGaMT
3gqkhGsyNqQjKjv9DmE04N/l+P7SIMBGn4+BOS0sfEXhxdpRMrezoNx/E2rJ5AU=
=tUsf
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Wed Feb 3 10:52:19 UTC 2016 - michael@stroeder.com
- Update to 1.10.12
- Version 1.10.12, 2016-02-03
* In 1.10.11, the check in PointGFp intended to check the affine y
argument actually checked the affine x again. Reported by Remi Gacogne
* The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an
additional check in the multiplication function itself which was also
added in that release, so there are no security implications from the
missed check. However to avoid confusion the change was pushed in a new
release immediately.
* The 1.10.11 release notes incorrectly identified CVE-2016-2195 as
CVE-2016-2915
- Version 1.10.11, 2016-02-01
* Resolve heap overflow in ECC point decoding. CVE-2016-2195
Resolve infinite loop in modular square root algorithm. CVE-2016-2194
Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Dec 24 10:48:11 UTC 2015 - mpluskal@suse.com Thu Dec 24 10:48:11 UTC 2015 - mpluskal@suse.com

View File

@ -19,7 +19,7 @@
%define version_suffix 1_10-1 %define version_suffix 1_10-1
%define short_version 1.10 %define short_version 1.10
Name: Botan Name: Botan
Version: 1.10.10 Version: 1.10.12
Release: 0 Release: 0
Summary: A C++ Crypto Library Summary: A C++ Crypto Library
License: BSD-2-Clause License: BSD-2-Clause