Commit Graph

128 Commits

Author SHA256 Message Date
a44d081064 Update to Botan 3.6.0 - the latest stable release 2024-10-25 15:58:50 +03:00
Git SCM Staging
478415c803 Merge pull request 'Bump 'Botan' src package to Botan3' (#6) from ayankov/Botan:factory into factory 2024-08-01 22:05:39 +02:00
13cdc02dbf Bump 'Botan' src package to Botan3
Some checks failed
obs/scm/build
Botan 2 is EOL 2024. Moving this to the new version, so we can
transition packages to depend on this instead of botan-2 before EOL
hits.
2024-08-01 11:27:54 +03:00
Ana Guerrero
fdbb1be950 Accepting request 1187484 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1187484
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=65
2024-07-15 17:49:47 +00:00
024f7dca2b Accepting request 1187477 from home:ayankov:branches:devel:libraries:c_c++
- Update to 2.19.5:
  * Fix multiple Denial of service attacks due to X.509 cert processing:
  * CVE-2024-34702 - bsc#1227238
  * CVE-2024-34703 - bsc#1227607
  * CVE-2024-39312 - bsc#1227608
  * Fix a crash in OCB
  * Fix a test failure in compression with certain versions of zlib 
  * Fix some iterator debugging errors in TLS CBC decryption. 
  * Avoid a miscompilation in ARIA when using XCode 14

OBS-URL: https://build.opensuse.org/request/show/1187477
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=118
2024-07-15 08:03:40 +00:00
Ana Guerrero
144e30991d Accepting request 1127662 from devel:libraries:c_c++
- remove botan binary (moves to Botan3)

OBS-URL: https://build.opensuse.org/request/show/1127662
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=64
2023-11-20 20:20:14 +00:00
1167ce2344 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=116 2023-11-17 14:47:04 +00:00
f35c78cd27 - remove botan binary (moves to Botan3)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=115
2023-11-17 13:19:41 +00:00
Dominique Leuenberger
4dc58255e3 Accepting request 1036531 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1036531
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=63
2022-11-18 14:43:37 +00:00
Jason Sikes
20b1648d1b Accepting request 1036530 from home:jsikes:branches:devel:libraries:c_c++
Fixed CVE-2022-43705! Enjoy.

OBS-URL: https://build.opensuse.org/request/show/1036530
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=113
2022-11-18 04:49:47 +00:00
Dominique Leuenberger
06bf1dd762 Accepting request 982375 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/982375
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=62
2022-06-13 11:03:05 +00:00
a85f6a63e6 Accepting request 981369 from home:dirkmueller:Factory
- update to 2.19.2:
  * Add support for parallel computation in Argon2
  * Add SSSE3 implementation of Argon2
  * The OpenSSL provider was incompatible with OpenSSL 3.0.
    It has been removed
  * Avoid using reserve in secure_vector appending, which caused
    a performance problem
  * Fix TLS::Text_Policy behavior when X25519 is disabled
    at build time
  * Fix several warnings from Clang

OBS-URL: https://build.opensuse.org/request/show/981369
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=111
2022-06-13 08:27:25 +00:00
Dominique Leuenberger
bbf87d5f64 Accepting request 951397 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/951397
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=61
2022-02-04 20:48:59 +00:00
9eb8fc307c Accepting request 948194 from home:AndreasStieger:branches:devel:libraries:c_c++
Botan 2.19.1

OBS-URL: https://build.opensuse.org/request/show/948194
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=110
2022-02-03 21:09:33 +00:00
Dominique Leuenberger
7be2bf4805 Accepting request 935173 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/935173
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=60
2021-12-02 21:30:13 +00:00
fff33fb6e7 Accepting request 935053 from home:AndreasStieger:branches:devel:libraries:c_c++
CVE-2021-40529 boo#1190244

OBS-URL: https://build.opensuse.org/request/show/935053
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=109
2021-12-02 12:54:24 +00:00
2aadc8f2c5 - update to 2.18.2:
* Avoid using short exponents when encrypting in ElGamal, as some PGP
    implementations generate keys with parameters that are weak when
    short exponents are used
  * Fix a low risk OAEP decryption side channel
  * Work around a miscompilation of SHA-3 caused by a bug in Clang 12
    and XCode 13
  * Remove support in OpenSSL provider for algorithms which are
    disabled by default in OpenSSL 3.0
  * Add CI based on GitHub actions to replace Travis CI
  * Fix the online OCSP test, as the certificate involved had expired.
  * Fix some test failures induced by the expiration of the trust root
    "DST Root CA X3"

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=108
2021-11-24 20:13:49 +00:00
Dominique Leuenberger
0c36588f47 Accepting request 892202 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/892202
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=59
2021-05-11 21:04:15 +00:00
ab0899528c Accepting request 892036 from home:AndreasStieger:branches:devel:libraries:c_c++
Botan 2.18.1

OBS-URL: https://build.opensuse.org/request/show/892036
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=106
2021-05-11 09:38:29 +00:00
Dominique Leuenberger
9577ecad7c Accepting request 887274 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/887274
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=58
2021-04-21 19:00:25 +00:00
26ea3dbb76 Accepting request 886088 from home:susnux:branches:devel:libraries:c_c++
Botan 2.18.0, enable and run tests

OBS-URL: https://build.opensuse.org/request/show/886088
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=104
2021-04-21 10:41:43 +00:00
Dominique Leuenberger
e1c4c72953 Accepting request 858330 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/858330
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=57
2020-12-23 13:22:17 +00:00
9146cb8cdf Accepting request 858318 from home:AndreasStieger:branches:devel:libraries:c_c++
Botan 2.17.3

OBS-URL: https://build.opensuse.org/request/show/858318
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=102
2020-12-23 10:02:30 +00:00
Dominique Leuenberger
4bf06d240d Accepting request 848508 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/848508
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=56
2020-11-17 20:22:11 +00:00
9745d7eb87 Accepting request 848420 from home:AndreasStieger:branches:devel:libraries:c_c++
Botan 2.17.2

OBS-URL: https://build.opensuse.org/request/show/848420
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=100
2020-11-14 13:17:23 +00:00
5e5ee94adc Accepting request 847073 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/847073
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=99
2020-11-09 08:45:06 +00:00
6fa62b070d Accepting request 846877 from home:AndreasStieger:branches:devel:libraries:c_c++
Botan 2.17.1

OBS-URL: https://build.opensuse.org/request/show/846877
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=98
2020-11-09 08:36:44 +00:00
Dominique Leuenberger
93d978b58f Accepting request 845615 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/845615
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=55
2020-11-03 14:16:42 +00:00
9214051a3f Accepting request 844383 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 2.16.0:
  * Now userspace PRNG objects (such as AutoSeeded_RNG and HMAC_DRBG)
    use an internal lock, which allows safe concurrent use. This
    however is purely a precaution in case of accidental sharing of
    such RNG objects; for performance reasons it is always preferable
    to use a RNG per thread if a userspace RNG is needed.
  * DL_Group and EC_Group objects now track if they were created
    from a known trusted group (such as P-256 or an IPsec DH
    parameter). If so, then verification tests can be relaxed, as
    compared to parameters which may have been maliciously
    constructed in order to pass primality checks.
  * RandomNumberGenerator::add_entropy_T assumed its input was a POD
    type but did not verify this.
  * Support OCSP responders that live on a non-standard port.
  * Add support for Solaris sandbox.
  * Support suffixes on release numbers for alpha/beta releases.
  * Fix a bug in EAX which allowed requesting a 0 length tag, which
    had the effect of using a full length tag. Instead omit the
    length field, or request the full tag length explicitly.
  * Fix a memory leak in GCM where if passed an unsuitable block
    cipher (eg not 128 bit) it would throw an exception and leak
    the cipher object.

OBS-URL: https://build.opensuse.org/request/show/844383
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=96
2020-11-03 08:16:18 +00:00
Dominique Leuenberger
7055bd1c61 Accepting request 826938 from devel:libraries:c_c++
- update to 2.15:
  Fix a bug where the name constraint extension did not constrain the alternative
  DN field which can be included in a subject alternative name. This would allow
  a corrupted sub-CA which was otherwise constrained by a name constraint to
  issue a certificate with a prohibited DN.
  Fix a bug in the TLS server during client authentication where where if a
  (disabled by default) static RSA ciphersuite was selected, then no certificate
  request would be sent. This would have an equivalent effect to a client which
  simply replied with an empty Certificate message. (GH #2367)
  Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
  a result AES is now constant time on all processors. (GH #2346 #2348 #2353
  #2329 #2355)
  In TLS, enforce that the key usage given in the server certificate allows the
  operation being performed in the ciphersuite. (GH #2367)
  In X.509 certificates, verify that the algorithm parameters are the expected
  NULL or empty. (GH #2367)
  Change the HMAC key schedule to attempt to reduce the information leaked from
  the key schedule with regards to the length of the key, as this is at times (as
  for example in PBKDF2) sensitive information. (GH #2362)
  Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
  previous RDRAND_RNG interface is deprecated. (GH #2352)
  The documentation claimed that mlocked pages were created with a guard page
  both before and after. However only a trailing guard page was used. Add a
  leading guard page. (GH #2334)
  Add support for generating and verifying DER-encoded ECDSA signatures in the C
  and Python interfaces. (GH #2357 #2356)
  Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
  #2322)
  When building documentation using Sphinx avoid parallel builds with version 3.0
  due to a bug in that version (GH #2326 #2324)

OBS-URL: https://build.opensuse.org/request/show/826938
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=54
2020-08-17 10:04:03 +00:00
5960f3cfdc - update to 2.15:
Fix a bug where the name constraint extension did not constrain the alternative
  DN field which can be included in a subject alternative name. This would allow
  a corrupted sub-CA which was otherwise constrained by a name constraint to
  issue a certificate with a prohibited DN.
  Fix a bug in the TLS server during client authentication where where if a
  (disabled by default) static RSA ciphersuite was selected, then no certificate
  request would be sent. This would have an equivalent effect to a client which
  simply replied with an empty Certificate message. (GH #2367)
  Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
  a result AES is now constant time on all processors. (GH #2346 #2348 #2353
  #2329 #2355)
  In TLS, enforce that the key usage given in the server certificate allows the
  operation being performed in the ciphersuite. (GH #2367)
  In X.509 certificates, verify that the algorithm parameters are the expected
  NULL or empty. (GH #2367)
  Change the HMAC key schedule to attempt to reduce the information leaked from
  the key schedule with regards to the length of the key, as this is at times (as
  for example in PBKDF2) sensitive information. (GH #2362)
  Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
  previous RDRAND_RNG interface is deprecated. (GH #2352)
  The documentation claimed that mlocked pages were created with a guard page
  both before and after. However only a trailing guard page was used. Add a
  leading guard page. (GH #2334)
  Add support for generating and verifying DER-encoded ECDSA signatures in the C
  and Python interfaces. (GH #2357 #2356)
  Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
  #2322)
  When building documentation using Sphinx avoid parallel builds with version 3.0
  due to a bug in that version (GH #2326 #2324)

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=94
2020-08-16 02:17:19 +00:00
Dominique Leuenberger
77a5960d2a Accepting request 795525 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/795525
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=53
2020-04-21 11:05:48 +00:00
d2b7843e95 Accepting request 792362 from home:polslinux:branches:devel:libraries:c_c++
- Update to Botan 2.14:
  * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247)
  * Optimize the vector permute AES implementation, especially improving
    performance on ARMv7, Aarch64, and POWER. (GH #2243)
  * Use a new algorithm for modular inversions which is both faster
    and more resistant to side channel attacks. (GH #2287 #2296 #2301)
  * Address an issue in CBC padding which would leak the length of the plaintext
    which was being padded. Unpadding during decryption was not affected.
  * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295)
  * Increase the size of the ECC blinding mask and scale it based on the
    size of the group order. (GH #880 #893 #2308)
  * Add server side support for the TLS asio wrapper. (GH #2229)
  * Add support for using Windows certificate store on MinGW (GH #2280)
  * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter.
  * Add Roughtime client (GH #2143 #1842)
  * Add support for XMSS X.509 certificates (GH #2172)
  * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213)
  * Add AVX2 implementation of SHACAL2 (GH #2196)
  * Support more functionality for X.509 in the Python API (GH #2165)
  * Add generic CPU target useful when building for some new or unusual platform.
  * Disable MD5 in BSI or NIST modes (GH #2188)
  * Many currently public headers are being deprecated. If any such header is included by
    an application, a warning is issued at compile time.
    Headers issuing this warning will be made internal in a future major release.
  * RSA signature performance improvements (GH #2068 #2070)
  * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and
    ChaCha20Poly1305 (GH #2117), especially for small messages.
  * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100)
  * Improve performance of POWER8 AES instructions (GH #2096)
  * Add support for the POWER9 hardware random number generator (GH #2026)
  * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022)
  * In DTLS server, support a client crashing and then reconnecting from the same
    source port, as described in RFC 6347 sec 4.2.8 (GH #2029)
  * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042)
  * Add support for the TLS v1.3 downgrade indicator. (GH #2027)
  * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987)
  * Add Bcrypt-PBKDF (GH #1990)
  * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999)
  * Add support for the TLS v1.3 supported_versions extension. (GH #1976)
  * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000)
  * Add support for OCSP stapling on server side. (GH #1703 #1967)
  * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992)
  * Add a certificate store for Linux/Unix systems. (GH #1885 #1936)
  * Various Fixes

OBS-URL: https://build.opensuse.org/request/show/792362
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=92
2020-04-19 12:59:35 +00:00
Dominique Leuenberger
74f977c8a3 Accepting request 691275 from devel:libraries:c_c++
- Update to Botan 2.10
  * Bump SONAME
  * Warning: XMSS currently implements draft-06 which is not compatible with
    the final RFC 8391 specification. A PR is open to fix this, however it will
    break all current uses of XMSS. If you are currently using XMSS please
    comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR
    will be merged and support for draft-06 will be removed starting in 2.11.
  * Added a new certificate store implementation that can access the MacOS
    keychain certificate store. (GH #1830)
  * Redesigned Memory_Pool class, which services allocations out of a set of
    pages locked into memory (using mlock/VirtualLock). It is now faster and
    with improved exploit mitigations. (GH #1800)
  * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by
    25-35% on common CPUs. (GH #1815)
  * Unroll SHA-3 computation improving performance by 10-12% (GH #1838)
  * Add a Thread_Pool class. It is now possible to run the tests in multiple
    threads with --test-threads=N flag to select the number of threads to use.
    Use --test-threads=0 to run with as many CPU cores as are available on the
    current system. The default remains single threaded. (GH #1819)
  * XMSS signatures now uses a global thread pool instead of spawning new
    threads for each usage. This improves signature generation performance by
    between 10% and 60% depending on architecture and core count. (GH #1864)
  * Some functions related to encoding and decoding BigInts have been
    deprecated. (GH #1817)
  * Binary encoding and decoding of BigInts has been optimized by performing
    word-size operations when possible. (GH #1817)
  * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to
    make its meaning and usage more clear. The old name remains as a typedef.
    (GH #1816)
  * Support for using Boost filesystem and MSVC’s std::filesystem have been

OBS-URL: https://build.opensuse.org/request/show/691275
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=52
2019-04-05 09:56:49 +00:00
Daniel Molkentin
42e270e1b3 Accepting request 690656 from home:dmolkentin:branches:devel:libraries:c_c++
- Update to Botan 2.10
  * Bump SONAME
  * Warning: XMSS currently implements draft-06 which is not compatible with
    the final RFC 8391 specification. A PR is open to fix this, however it will
    break all current uses of XMSS. If you are currently using XMSS please
    comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR
    will be merged and support for draft-06 will be removed starting in 2.11.
  * Added a new certificate store implementation that can access the MacOS
    keychain certificate store. (GH #1830)
  * Redesigned Memory_Pool class, which services allocations out of a set of
    pages locked into memory (using mlock/VirtualLock). It is now faster and
    with improved exploit mitigations. (GH #1800)
  * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by
    25-35% on common CPUs. (GH #1815)
  * Unroll SHA-3 computation improving performance by 10-12% (GH #1838)
  * Add a Thread_Pool class. It is now possible to run the tests in multiple
    threads with --test-threads=N flag to select the number of threads to use.
    Use --test-threads=0 to run with as many CPU cores as are available on the
    current system. The default remains single threaded. (GH #1819)
  * XMSS signatures now uses a global thread pool instead of spawning new
    threads for each usage. This improves signature generation performance by
    between 10% and 60% depending on architecture and core count. (GH #1864)
  * Some functions related to encoding and decoding BigInts have been
    deprecated. (GH #1817)
  * Binary encoding and decoding of BigInts has been optimized by performing
    word-size operations when possible. (GH #1817)
  * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to
    make its meaning and usage more clear. The old name remains as a typedef.
    (GH #1816)
  * Support for using Boost filesystem and MSVC’s std::filesystem have been

OBS-URL: https://build.opensuse.org/request/show/690656
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=90
2019-04-02 13:28:17 +00:00
Daniel Molkentin
8befd34bbc Accepting request 689411 from home:dmolkentin:branches:devel:libraries:c_c++
- Update to Botan 2.9
  * Bump SONAME
  * CVE-2018-20187 Address a side channel during ECC key generation, which used an
    unblinded Montgomery ladder. As a result, a timing attack can reveal
    information about the high bits of the secret key.
    
  * Fix bugs in TLS which caused negotiation failures when the client used an
    unknown signature algorithm or version (GH #1711 #1709 #1708)
    
  * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data
    was set after starting a message, the new AD was not reflected in the produced
    tag. Now with these modes setting an AD after beginning a message throws an
    exception.
    
  * Use a smaller sieve which improves performance of prime generation.
    
  * Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256
    GB. (GH #1728)
    
  * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729)
    
  * Optimize AVX2 ChaCha (GH #1730)
    
  * Many more operations in BigInt, ECC and RSA code paths are either fully const
    time or avoid problematic branches that could potentially be exploited in a
    side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765
    #1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797)
    
  * Several optimizations for BigInt and ECC, improving ECDSA performance by as
    much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788)

OBS-URL: https://build.opensuse.org/request/show/689411
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=89
2019-03-29 08:09:19 +00:00
Dominique Leuenberger
f66c68a4cd Accepting request 626674 from devel:libraries:c_c++
- Fix version in baselibs.conf (forwarded request 626673 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/626674
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=51
2018-07-31 14:04:14 +00:00
Daniel Molkentin
3e1fdaff7a Accepting request 626673 from home:dmolkentin:branches:devel:libraries:c_c++
- Fix version in baselibs.conf

OBS-URL: https://build.opensuse.org/request/show/626673
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=87
2018-07-31 10:53:48 +00:00
Daniel Molkentin
478b61a34f Accepting request 621856 from home:dmolkentin:branches:devel:libraries:c_c++
- Update to Botan 2.7
  * CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH
    #1604)
  * Avoid a side channel in RSA key generation due to use of a non-constant
    time gcd algorithm. (GH #1542 #1556)
  * Optimize prime generation, especially improving RSA key generation. (GH
    #1542)
  * Make Karatsuba multiplication, Montgomery field operations, Barrett
    reduction and Montgomery exponentiation const time (GH #1540 #1606 #1609
    #1610)
  * Optimizations for elliptic curve operations especially improving reductions
    and inversions modulo NIST primes (GH #1534 #1538 #1545 #1546 #1547 #1550)
  * Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by
    ~25%. (GH #1564)
  * Unroll Montgomery reduction for specific sizes (GH #1603)
  * Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and
    GOST by 10-15%.
  * XMSS optimizations (GH #1583 #1585)
  * Fix an error that meant XMSS would only sign half as many signatures as is
    allowed (GH #1582)
  * Add support for base32 encoding/decoding (GH #1541)
  * Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584)
  * Allow the year to be up to 2200 in ASN.1 time objects. Previously this was
    limited to 2100. (GH #1536)
  * Add support for Scrypt password hashing (GH #1570)
  * Add support for using Scrypt for private key encryption (GH #1574)
  * Optimizations for DES/3DES, approx 50% faster when used in certain modes
    such as CBC decrypt or CTR.
  * XMSS signature verification did not check that the signature was of the
    expected length which could lead to a crash. (GH #1537)

OBS-URL: https://build.opensuse.org/request/show/621856
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=86
2018-07-10 09:45:11 +00:00
Yuchen Lin
8071d64e4a Accepting request 596223 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/596223
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=50
2018-04-13 10:52:18 +00:00
Daniel Molkentin
5ae9619815 Accepting request 596015 from home:kasimir:ToTest
- fixed to build on armv6 and armv7

OBS-URL: https://build.opensuse.org/request/show/596015
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=84
2018-04-13 08:38:59 +00:00
Yuchen Lin
0b4917e1e8 Accepting request 595522 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/595522
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=49
2018-04-11 12:03:56 +00:00
Daniel Molkentin
cb392e42e0 Accepting request 595519 from home:dmolkentin:branches:devel:libraries:c_c++
- Update to Botan 2.6
  * CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a
    malformed ciphertext cause the decryptor to read and HMAC an additional 64K
    bytes of data which is not part of the record. This could cause a crash if
    the read went into unmapped memory. No information leak or out of bounds
    write occurs.
  * Add support for OAEP labels (GH #1508)
  * RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster.
  * Add exponent blinding to RSA (GH #1523)
  * Add Cipher_Mode::create and AEAD_Mode::create (GH #1527)
  * Fix bug in TLS server introduced in 2.5 which caused connection to fail if
    the client offered any signature algorithm not known to the server (for
    example RSA/SHA-224).
  * Fix a bug in inline asm that would with GCC 7.3 cause incorrect
    computations and an infinite loop during the tests. (GH #1524 #1529)

OBS-URL: https://build.opensuse.org/request/show/595519
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=82
2018-04-11 08:07:34 +00:00
Dominique Leuenberger
507ebbccd8 Accepting request 593756 from devel:libraries:c_c++
- Update to Botan 2.5
  * Fix error in certificate wildcard matching (CVE-2018-9127), where a
    wildcard cert for b*.example.com would be accepted as a match for any host
    with name *b*.example.com (GH #1519)
  * Add support for RSA-PSS signatures in TLS (GH #1285)
  * Ed25519 certificates are now supported (GH #1501)
  * Many optimizations in ECC operations. ECDSA signatures are 8-10 times
    faster. ECDSA verification is about twice as fast. ECDH key agreement is
    3-4 times faster. (GH #1457 #1478)
  * Implement product scanning Montgomery reduction, which improves
    Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
    #1472)
  * DSA signing and verification performance has improved by 30-50%.
  * Add a new Credentials_Manager callback that specifies which CAs the server
    has indicated it trusts (GH #1395 fixing #1261)
  * Add new TLS::Callbacks methods that allow creating or removing extensions,
    as well as examining extensions sent by the peer (GH #1394 #1186)
  * Add new TLS::Callbacks methods that allow an application to negotiate use
    of custom elliptic curves. (GH #1448)
  * Add ability to create custom elliptic curves (GH #1441 #1444)
  * Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
  * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
    #986)
  * The default encoding of ECC public keys has changed from compressed to
    uncompressed point representation. This improves compatability with some
    common software packages including Golang’s standard library. (GH #1480
    #1483)
  * It is now possible to create DNs with custom components. (GH #1490 #1492)
  * It is now possible to specify the serial number of created certificates,
    instead of using the default 128-bit random integer. (GH #1489 #1491)

OBS-URL: https://build.opensuse.org/request/show/593756
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=48
2018-04-06 15:47:28 +00:00
89a3b0e9cb OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=80 2018-04-05 10:02:41 +00:00
b1aadb78c2 Accepting request 593097 from home:dmolkentin:branches:devel:libraries:c_c++
- Update to Botan 2.5
  * Fix error in certificate wildcard matching (CVE-2018-9127), where a
    wildcard cert for b*.example.com would be accepted as a match for any host
    with name *b*.example.com (GH #1519)
  * Add support for RSA-PSS signatures in TLS (GH #1285)
  * Ed25519 certificates are now supported (GH #1501)
  * Many optimizations in ECC operations. ECDSA signatures are 8-10 times
    faster. ECDSA verification is about twice as fast. ECDH key agreement is
    3-4 times faster. (GH #1457 #1478)
  * Implement product scanning Montgomery reduction, which improves
    Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
    #1472)
  * DSA signing and verification performance has improved by 30-50%.
  * Add a new Credentials_Manager callback that specifies which CAs the server
    has indicated it trusts (GH #1395 fixing #1261)
  * Add new TLS::Callbacks methods that allow creating or removing extensions,
    as well as examining extensions sent by the peer (GH #1394 #1186)
  * Add new TLS::Callbacks methods that allow an application to negotiate use
    of custom elliptic curves. (GH #1448)
  * Add ability to create custom elliptic curves (GH #1441 #1444)
  * Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
  * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
    #986)
  * The default encoding of ECC public keys has changed from compressed to
    uncompressed point representation. This improves compatability with some
    common software packages including Golang’s standard library. (GH #1480
    #1483)
  * It is now possible to create DNs with custom components. (GH #1490 #1492)
  * It is now possible to specify the serial number of created certificates,
    instead of using the default 128-bit random integer. (GH #1489 #1491)

OBS-URL: https://build.opensuse.org/request/show/593097
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=79
2018-04-04 10:16:36 +00:00
Dominique Leuenberger
cd1b50cd2b Accepting request 580043 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/580043
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=47
2018-02-26 22:25:46 +00:00
5595db6a85 Accepting request 578283 from home:sleep_walker:branches:devel:libraries:c_c++
and make documentation package noarch

OBS-URL: https://build.opensuse.org/request/show/578283
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=77
2018-02-26 06:42:32 +00:00
Dominique Leuenberger
1c2fc36eef Accepting request 578047 from devel:libraries:c_c++
- drop explicit package requirements
- split binary package and documentation from dynamic library package
- merge back Botan2 package to Botan with changelog history
- drop Botan patches
    aarch64-support.patch - doesn't seem to be required anymore
    Botan-fix_install_paths.patch - doesn't seem to be required
    no-cpuid-header.patch - SLE11 not target anymore
    Botan-fix_pkgconfig.patch - this seem to be wrong
    Botan-no-buildtime.patch - not needed anymore
    dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there
    Botan-inttypes.patch - not required
    Botan-ull_constants.patch.bz2 - no reason anymore

- change group of libbotan-%{version_suffix} to 'System/Libraries' as
  requested on review

- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just
  need the Update repository present.

- Rename libbotan-devel to libbotan2-devel. We can't have clashing
  packages in the archive because Botan1 and Botan2 provide the
  same -devel binary. Botan2 is also no API compatible with Botan.

- fix expected version after bump in baselibs.conf too

- fix unknown flag -fstack-clash-protection for openSUSE 42.3
- rename to Botan2
- drop Botan2-INT_MAX.patch as not needed anymore
- Bump to libbotan 2.4
  Changes and new features: (forwarded request 578006 from sleep_walker)

OBS-URL: https://build.opensuse.org/request/show/578047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Botan?expand=0&rev=46
2018-02-24 15:38:39 +00:00
Philipp Thomas
6607bcf30d Accepting request 578006 from home:sleep_walker:branches:devel:libraries:c_c++
- drop explicit package requirements
- split binary package and documentation from dynamic library package
- merge back Botan2 package to Botan with changelog history
- drop Botan patches
    aarch64-support.patch - doesn't seem to be required anymore
    Botan-fix_install_paths.patch - doesn't seem to be required
    no-cpuid-header.patch - SLE11 not target anymore
    Botan-fix_pkgconfig.patch - this seem to be wrong
    Botan-no-buildtime.patch - not needed anymore
    dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there
    Botan-inttypes.patch - not required
    Botan-ull_constants.patch.bz2 - no reason anymore

- change group of libbotan-%{version_suffix} to 'System/Libraries' as
  requested on review

- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just
  need the Update repository present.

- Rename libbotan-devel to libbotan2-devel. We can't have clashing
  packages in the archive because Botan1 and Botan2 provide the
  same -devel binary. Botan2 is also no API compatible with Botan.

- fix expected version after bump in baselibs.conf too

- fix unknown flag -fstack-clash-protection for openSUSE 42.3
- rename to Botan2
- drop Botan2-INT_MAX.patch as not needed anymore
- Bump to libbotan 2.4
  Changes and new features:

OBS-URL: https://build.opensuse.org/request/show/578006
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=75
2018-02-19 13:39:26 +00:00