45099f3156
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=52
486 lines
22 KiB
Plaintext
486 lines
22 KiB
Plaintext
-------------------------------------------------------------------
|
||
Fri Aug 14 08:54:09 UTC 2015 - mvyskocil@opensuse.org
|
||
|
||
- Fix Source0 URL
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 11 22:49:31 UTC 2015 - netsroth@opensuse.org
|
||
|
||
- bump SONAME to libbotan-1_10-1
|
||
- Update to 1.10.10
|
||
* SECURITY: The BER decoder would crash due to reading from offset 0
|
||
of an empty vector if it encountered a BIT STRING which did not
|
||
contain any data at all. As the type requires a 1 byte field this
|
||
is not valid BER but could occur in malformed data. Found with
|
||
afl. CVE-2015-5726
|
||
* SECURITY: The BER decoder would allocate a fairly arbitrary amount
|
||
of memory in a length field, even if there was no chance the read
|
||
request would succeed. This might cause the process to run out of
|
||
memory or invoke the OOM killer. Found with afl. CVE-2015-5727
|
||
* Due to an ABI incompatible (though not API incompatible) change in
|
||
this release, the version number of the shared object has been
|
||
increased.
|
||
* The default TLS policy no longer allows RC4.
|
||
* Fix a signed integer overflow in Blue Midnight Wish that may cause
|
||
incorrect computations or undefined behavior.
|
||
|
||
- Update to 1.10.9
|
||
* Fixed EAX tag verification to run in constant time
|
||
* The default TLS policy now disables SSLv3.
|
||
* A crash could occur when reading from a blocking random device if
|
||
the device initially indicated that entropy was available but a
|
||
concurrent process drained the entropy pool before the read was
|
||
initiated.
|
||
* Fix decoding indefinite length BER constructs that contain a
|
||
context sensitive tag of zero. Github pull 26 from Janusz Chorko.
|
||
* The botan-config script previously tried to guess its prefix from
|
||
the location of the binary. However this was error prone, and now
|
||
the script assumes the final installation prefix matches the value
|
||
set during the build. Github issue 29.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 24 16:19:12 UTC 2015 - liujianfeng1994@gmail.com
|
||
|
||
- Change build dependence "libqt4-devel" to "libqt5-qtbase-devel".
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 8 18:00:00 CET 2014 - tbehrens@suse.com
|
||
|
||
- Update to 1.10.8
|
||
* Fix a bug in primality testing introduced in 1.8.3 which caused
|
||
only a single random base, rather than a sequence of random bases,
|
||
to be used in the Miller-Rabin test. This increased the
|
||
probability that a non-prime would be accepted, for instance a
|
||
1024 bit number would be incorrectly classed as prime with
|
||
probability around 2^-40. Reported by Jeff Marrison.
|
||
* The key length limit on HMAC has been raised to 512 bytes,
|
||
allowing the use of very long passphrases with PBKDF2.
|
||
|
||
- Update to 1.10.7
|
||
* OAEP had two bugs, one of which allowed it to be used even if the
|
||
key was too small, and the other of which would cause a crash
|
||
during decryption if the EME data was too large for the associated
|
||
key.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 3 13:57:13 CET 2014 - ro@suse.de
|
||
|
||
- change license to BSD-2-Clause as requested by legal
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 8 23:46:27 UTC 2013 - dvaleev@suse.com
|
||
|
||
- Add ppc64le architecture
|
||
|
||
- added patches:
|
||
* ppc64le-support.patch
|
||
-------------------------------------------------------------------
|
||
Mon Nov 11 20:11:43 UTC 2013 - tbehrens@suse.com
|
||
|
||
- Update to 1.10.6
|
||
* The device reading entropy source now attempts to read from all
|
||
available devices. Previously it would break out early if a
|
||
partial read from a blocking source occured, not continuing to
|
||
read from a non-blocking device. This would cause the library to
|
||
fall back on slower and less reliable techniques for collecting
|
||
PRNG seed material. Reported by Rickard Bellgrim.
|
||
* HMAC_RNG (the default PRNG implementation) now automatically
|
||
reseeds itself periodically. Previously reseeds only occured on
|
||
explicit application request.
|
||
* Fix an encoding error in EC_Group when encoding using
|
||
EC_DOMPAR_ENC_OID. Reported by fxdupont on github.
|
||
* In EMSA2 and Randpool, avoid calling name() on objects after
|
||
deleting them if the provided algorithm objects are not suitable
|
||
for use. Found by Clang analyzer, reported by Jeffrey Walton.
|
||
* If X509_Store was copied, the u32bit containing how long to cache
|
||
validation results was not initialized, potentially causing
|
||
results to be cached for significant amounts of time. This could
|
||
allow a certificate to be considered valid after its issuing CA’s
|
||
cert expired. Expiration of the end-entity cert is always checked,
|
||
and reading a CRL always causes the status to be reset, so this
|
||
issue does not affect revocation. Found by Coverity scanner.
|
||
* Avoid off by one causing a potentially unterminated string to be
|
||
passed to the connect system call if the library was configured to
|
||
use a very long path name for the EGD socket. Found by Coverity
|
||
Scanner.
|
||
* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and
|
||
PK_Key_Agreement, avoid dereferencing an unitialized pointer if no
|
||
engine supported operations on the key object given. Found by
|
||
Coverity scanner.
|
||
* Avoid leaking a file descriptor in the /dev/random and EGD entropy
|
||
sources if stdin (file descriptor 0) was closed. Found by Coverity
|
||
scanner.
|
||
* Avoid a potentially undefined operation in the bit rotation
|
||
operations. Not known to have caused problems under any existing
|
||
compiler, but might have caused problems in the future. Caught by
|
||
Clang sanitizer, reported by Jeffrey Walton.
|
||
* Increase default hash iterations from 10000 to 50000 in PBES1 and
|
||
PBES2
|
||
* Add a fix for mips64el builds from Brad Smith.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 16 13:44:43 UTC 2013 - cgiboudeaux@gmx.com
|
||
|
||
- Update to 1.10.5
|
||
* A potential crash in the AES-NI implementation of the AES-192 key schedule
|
||
(caused by misaligned loads) has been fixed.
|
||
* A previously conditional operation in Montgomery multiplication and
|
||
squaring is now always performed, removing a possible timing channel.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 10 21:35:25 UTC 2013 - schwab@suse.de
|
||
|
||
- aarch64-support.patch: add support for aarch64
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 14 20:08:15 UTC 2012 - p.drouand@gmail.com
|
||
|
||
- update to 1.10.3:
|
||
* A change in 1.10.2 accidentally broke ABI compatibility with
|
||
1.10.1 and earlier versions, causing programs compiled against
|
||
1.10.1 to crash if linked with 1.10.2 at runtime.
|
||
* Recent versions of OpenSSL include extra information in ECC
|
||
private keys, the presence of which caused an exception when such
|
||
a key was loaded by botan. The decoding of ECC private keys has been
|
||
changed to ignore these fields if they are set.
|
||
- remove Botan-qt_thread_support.patch no needed anymore
|
||
-------------------------------------------------------------------
|
||
Thu Aug 16 09:06:44 UTC 2012 - dmueller@suse.com
|
||
|
||
- don't fiddle with march settings, we want the distro defaults
|
||
(fixes build on ARM)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 7 08:04:05 UTC 2012 - coolo@suse.com
|
||
|
||
- little spec cleanup
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 16 17:36:04 UTC 2011 - jengelh@medozas.de
|
||
|
||
- Implement baselibs.conf for package
|
||
- Remove obsolete/redundant tags
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 4 17:14:21 CEST 2011 - pth@suse.de
|
||
|
||
- Make package own its docdir.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 23 14:43:48 CEST 2011 - dmueller@suse.de
|
||
|
||
- rename the devel package back to libbotan-devel as the main
|
||
package allows to build only one -devel package
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 22 16:10:32 CEST 2011 - pth@suse.de
|
||
|
||
- Fix Requires for devel package.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 21 16:53:15 CEST 2011 - pth@suse.de
|
||
|
||
- Devel package now is versioned so multiple devel packages may
|
||
be installed in parallel.
|
||
- Devel package renamed back to Botan-devel to keep rpmlint from
|
||
thinking it is a library package ...
|
||
|
||
- Update to 1.10.0:
|
||
New Features:
|
||
* SSL (SSLv3, TLS 1.0, and TLS 1.1 are currently supported)
|
||
* GOST 34.10-2001 signature scheme (a Russian ECC signature standard
|
||
analogous to ECDSA)
|
||
* The SHA-3 candidates Keccak and Blue Midnight Wish
|
||
* Bcrypt password hashing
|
||
* XSalsa20
|
||
* AES key wrapping
|
||
* Comb4P hash combinator.
|
||
|
||
Other Changes:
|
||
* The block cipher interface now exposes any possible parallelism
|
||
available to the implementation, and XTS, CTR, and CBC modes have been
|
||
changed to use them.
|
||
|
||
* SIMD implementations of Serpent, XTEA, Noekeon, and IDEA have been
|
||
added, as has an implementation of AES using SSSE3 which runs both in
|
||
constant time and, on recent processors, significantly faster than the
|
||
usual table based implementation. There have also been numerous
|
||
optimizations to elliptic curves.
|
||
|
||
* The documentation, previously written in LaTeX, is now in
|
||
reStructuredText, which is converted into HTML with Sphinx. This new
|
||
format is significantly easier to write, encouraging more documentation
|
||
to be written and updated. And, indeed, a number of features never
|
||
before documented are now described in the manual.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 1 16:38:40 CEST 2010 - pth@suse.de
|
||
|
||
- Prefix last patch with Botan-.
|
||
- Enable building of the qt_mutex module. This means that from now
|
||
on libbotan requires libQtCore.
|
||
- Fix test for thread/mutex support to also work for Qt4.
|
||
|
||
- Update to 1.8.10:
|
||
|
||
* This release changes a number of aspects of how private keys are
|
||
encrypted. The default encryption algorithm has changed from 3DES
|
||
to AES-256
|
||
|
||
* The default iteration count for PBES1 and PBES2 encryption schemes
|
||
(which are used primarily to encrypt asymmetric keys like RSA or
|
||
DSA) has increased from 2048 to 10000, which should make brute
|
||
force key cracking substantially harder.
|
||
|
||
* The first round of AES now uses a smaller set of lookup tables;
|
||
this only reduces performance slightly but some timing and cache
|
||
analysis attacks against AES are substantially harder when AES is
|
||
implemented this way.
|
||
|
||
* The class known as S2K was renamed PBKDF in 1.9, with a typedef
|
||
for backwards compatibility. For providing an equivalent forward
|
||
compatibility path, 1.8.10 includes a typedef for PBKDF and a new
|
||
accessor function get_pbkdf. It also includes a new interface for
|
||
deriving keys with a passphrase which takes both the passphrase
|
||
and desired output length as well as the salt and iteration
|
||
count; in many cases this call is actually significantly more
|
||
convenient than the older API.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 31 09:22:59 UTC 2010 - aj@suse.de
|
||
|
||
- Do not include build time and host in package to not trigger rebuilds.
|
||
- Add pkg-config build requires as suggested by rpmlint.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 10 01:01:48 CET 2010 - ro@suse.de
|
||
|
||
- add patch from fedora to fix build on x86_64
|
||
(botan-1.8.8-binutils_lea_offset.patch)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 10 04:27:38 CET 2010 - jengelh@medozas.de
|
||
|
||
- run configure with --cpu=%_target to have correct bitness
|
||
selected for SPARC
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 21 17:34:49 UTC 2009 - coolo@novell.com
|
||
|
||
- do not patch arch specific Makefiles, but simply pass WARN_FLAGS
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 21 00:32:43 CET 2009 - ro@suse.de
|
||
|
||
- fix requires for devel package
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 16 13:13:16 CET 2009 - pth@suse.de
|
||
|
||
- Remove patches that aren't needed anymore.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 11 19:43:25 CET 2009 - pth@suse.de
|
||
|
||
- Update to Botan-1.8.8:
|
||
- Alter Skein-512 to match the tweaked 1.2 specification
|
||
- Fix use of inline asm for access to x86 bswap function
|
||
- Allow building the library without AES enabled
|
||
- For the complete changes since 1.6.4 see log.txt in
|
||
/usr/share/doc/packages/Botan.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 7 13:20:18 CEST 2008 - pth@suse.de
|
||
|
||
- No macros for package name.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 3 18:39:38 CEST 2008 - pth@suse.de
|
||
|
||
- Update to 1.6.4. While the included fix is uninteresting for
|
||
Linux, it makes it easier to rename the package once again to
|
||
its old name:
|
||
* Fix a compilation problem with Visual Studio C++ 2003
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 3 01:56:12 CEST 2007 - dmueller@suse.de
|
||
|
||
- update to 1.6.3:
|
||
* fixes various multithreading issues
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 21 01:02:20 CEST 2007 - dmueller@suse.de
|
||
|
||
- update to 1.6.2:
|
||
* Remove a call to abort() that crept into production
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 23 18:41:19 CEST 2007 - dmueller@suse.de
|
||
|
||
- fix -devel package requires
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 24 12:19:13 CET 2007 - aj@suse.de
|
||
|
||
- Add libbz2-devel to BuildRequires.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 9 18:46:03 CET 2007 - pth@suse.de
|
||
|
||
- Update to 1.6.1. Changes since 1.4.10:
|
||
|
||
* Compilation fixes for the bzip2, zlib, and GNU MP modules
|
||
* Better support for Intel C++ and EKOpath C++ on x86-64
|
||
* Cleanups in the initialization routines
|
||
* Add some x86-64 assembly for multiply-add
|
||
* Fix problems generating very small (below 384 bit) RSA keys
|
||
* More improvements to the Python bindings
|
||
* Removed the Algorithm base class
|
||
* Various cleanups in the public key inheritance hierarchy
|
||
* Added x86 assembler implementations of Serpent and low-level MPI code
|
||
* Optimizations for the SHA-1 x86 assembler
|
||
* Various improvements to the Python wrappers
|
||
* Add x86 assembler versions of MD4, MD5, and SHA-1
|
||
* Expand InitializerOptions' language to support on/off switches
|
||
* Fix possible resource leaks in the mmap allocator
|
||
* Slightly optimized buffering in MDx_HashFunction
|
||
* Initialization failures are dealt with somewhat better
|
||
* Add an example implementing Pollard's Rho algorithm
|
||
* Expand the xor_ciph example to support longer keys
|
||
* Fixed bitrot in the AEP engine
|
||
* Fix support for marking certificate/CRL extensions as critical
|
||
* Significant cleanups in the library state / initialization code
|
||
* LibraryInitializer takes an explicit InitializerOptions object
|
||
* Make Mutex_Factory an abstract class, add Default_Mutex_Factory
|
||
* Change configuration access to using global_state()
|
||
* Add support for global named mutexes throughout the library
|
||
* Add some STL wrappers for the delete operator
|
||
* Change how certificates are created to be more flexible and general
|
||
* Many internal cleanups to the X.509 cert/CRL code
|
||
* Allow for application code to support new X.509 extensions
|
||
* Change the return type of X509_Certificate::{subject,issuer}_info
|
||
* Allow for alternate character set handling mechanisms
|
||
* Fix a bug that was slowing squaring performance somewhat
|
||
* Fix a very hard to hit overflow bug in the C version of word3_muladd
|
||
* Minor cleanups to the assembler modules
|
||
* Further, major changes to the BER/DER coding system
|
||
* Updated the Qt mutex module to use Mutex_Factory
|
||
* Moved the library global state object into an anonymous namespace
|
||
* The low-level DER/BER coding system was redesigned and rewritten
|
||
* Portions of the certificate code were cleaned up internally
|
||
* Use macros to substantially clean up the GCC assembly code
|
||
* Some slight cleanups in X509_PublicKey::key_id
|
||
* Fixed a potential infinite loop in the memory pool code (Matt Johnston)
|
||
* Made Pooling_Allocator::Memory_Block an actual class of sorts
|
||
* Some small optimizations to the division and modulo computations
|
||
* Cleaned up the implementation of some of the BigInt operators
|
||
* Reduced use of dynamic memory allocation in low-level BigInt functions
|
||
* A few simplifications in the Randpool mixing function
|
||
* Removed power(), as it was not particularly useful (or fast)
|
||
* Fixed some annoying bugs in the benchmark code
|
||
* Added a real credits file
|
||
* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
|
||
* Fixed a memory access off-by-one in the Karatsuba code
|
||
* Changed Pooling_Allocator's free list search to a log(N) algorithm
|
||
* Merged ModularReducer with its only subclass, Barrett_Reducer
|
||
* Fixed sign-handling bugs in some of the division and modulo code
|
||
* Renamed the module description files to modinfo.txt
|
||
* Further cleanups in the initialization code
|
||
* Removed BigInt::add and BigInt::sub
|
||
* Merged all the division-related functions into just divide()
|
||
* Modified the <mp_asmi.h> functions to allow for better optimizations
|
||
* Made the number of bits polled from an EntropySource user configurable
|
||
* Avoid including <algorithm> in <botan/secmem.h>
|
||
* Removed some dead code from bigint_modop
|
||
* Fix the definition of same_mem
|
||
* Many optimizations in the low-level multiple precision integer code
|
||
* Added hooks for assembly implementations of the MPI code
|
||
* Support for the X.509 issuer alternative name extension in new certs
|
||
* Fixed a bug in the decompression modules; found and patched by Matt Johnston
|
||
* mem_pool.cpp was using std::set iterators instead of std::multiset ones
|
||
* Fixed a bug in X509_CA preventing users from disabling particular extensions
|
||
* Fixed the mp_asm64 module, which was entirely broken in 1.5.2
|
||
* Fixed an off-by-one memory read in MISTY1::key()
|
||
* Fixed a nasty memory leak in Output_Buffers::retire()
|
||
* Reimplemented the memory allocator from scratch
|
||
* Improved memory caching in Montgomery exponentiation
|
||
* Optimizations for multiple precision addition and subtraction
|
||
* Fixed a build problem in the hardware timer module on 64-bit PowerPC
|
||
* Changed default Karatsuba cutoff to 12 words (was 14)
|
||
* Removed MemoryRegion::bits(), which was unused and incorrect
|
||
* Changed maximum HMAC keylength to 1024 bits
|
||
* Various minor Makefile and build system changes
|
||
* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
|
||
* Switched checks/clock.cpp back to using clock() by default
|
||
* Removed the Default_Mutex's unused clone() member function
|
||
* Implemented Montgomery exponentiation
|
||
* Implemented generalized Karatsuba multiplication and squaring
|
||
* Implemented Comba squaring for 4, 6, and 8 word inputs
|
||
* Added new Modular_Exponentiator and Power_Mod classes
|
||
* Removed FixedBase_Exp and FixedExponent_Exp
|
||
* Fixed a performance regression in get_allocator
|
||
* Engines can now offer S2K algorithms and block cipher padding methods
|
||
* Merged the remaining global 'algolist' code into Default_Engine
|
||
* The low-level MPI code is linked as C again
|
||
* Replaced BigInt's get_nibble with the more general get_substring
|
||
* Moved all global/shared library state into a single object
|
||
* Mutex objects are created through mutex factories instead of a global
|
||
* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
|
||
* Removed the RNG_Quality enum entirely
|
||
* There is now only a single global-use PRNG
|
||
* Removed the no_aliases and no_oids options for LibraryInitializer
|
||
* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
|
||
* Fixed an off-by-one memory read in MISTY1::key()
|
||
* Fixed a nasty memory leak in Output_Buffers::retire()
|
||
* Changed maximum HMAC keylength to 1024 bits
|
||
* Changed Whirlpool diffusion matrix to match updated algorithm spec
|
||
* Added a constructor to DataSource_Memory taking a std::string
|
||
* Placing the same Filter in multiple Pipes triggers an exception
|
||
* The configure script accepts --docdir and --libdir
|
||
* Merged doc/rngs.txt into the main API document
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 25 21:31:10 CET 2006 - mls@suse.de
|
||
|
||
- converted neededforbuild to BuildRequires
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 14 13:07:23 CET 2006 - kukuk@suse.de
|
||
|
||
- Add gmp-devel to nfb
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 19 11:58:35 CET 2005 - pth@suse.de
|
||
|
||
- Update to 1.4.10
|
||
- Bunch of cleanups and bugfixes added
|
||
- Add KASUMI, the block cipher used in 3G phones
|
||
- Binary file I/O can now be used with the data sink and source classes.
|
||
- Pipe has been refactored
|
||
- A possible memory leak in the OpenSSL engine was also fixed.
|
||
|
||
- Randpool has been modified to use HMAC instead of a plain hash
|
||
as its mixing operation.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 23 14:12:09 CET 2005 - pth@suse.de
|
||
|
||
- Update to 1.4.9
|
||
- new algorithms including MARS, SEED, Turing, and FORK-256.
|
||
- include optimizations for RC6 and Twofish
|
||
- much better support for 64-bit PowerPC
|
||
- support for high resolution hardware timers on most PowerPC systems
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 15 16:48:55 CET 2005 - uli@suse.de
|
||
|
||
- fixed to build on ARM
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 15 16:25:59 CEST 2005 - pth@suse.de
|
||
|
||
- Initial package
|
||
- Use ISO C99 stdint.h to define integer types.
|
||
- Mark 64 bit hex constants as ULL to shut up the compiler.
|
||
|