SHA256
1
0
forked from pool/Botan

- Update to 1.10.14

* Fix integer overflow during BER decoding, found by Falko Strenzke.
      This bug is not thought to be directly exploitable but upgrading ASAP
      is advised. (CVE-2016-9132)
    * Fix two cases where (in error situations) an exception would be
      thrown from a destructor, causing a call to std::terminate.
    * When RC4 is disabled in the build, also prevent it from being
      included in the OpenSSL provider. (GH #638)
  * Use constant time modular inverse algorithm to avoid possible side 
    channel attack against ECDSA (CVE-2016-2849)
  * Use constant time PKCS #1 unpadding to avoid possible side channel
    attack against RSA decryption (CVE-2015-7827)
  * Avoid a compilation problem in OpenSSL engine when ECDSA was
    disabled. Gentoo bug 542010

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=62
This commit is contained in:
Philipp Thomas
2016-12-28 12:34:03 +00:00
committed by Git OBS Bridge
parent da9ea5b459
commit 775d045da9
7 changed files with 42 additions and 23 deletions

BIN
Botan-1.10.13.tgz (Stored with Git LFS)

Binary file not shown.

View File

@@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJXIhwhAAoJEGIR6/Hvut+8crwH/jkm5Nr0xM+Sqmi11nS5lRcr
iRw+qB5LxPPunmwQ1uoMe2B7ZowXNtu30bZD3D0dL5TY/ngXx91yvTznteqlXIry
Qo3zfUlNc9EXFUpUniYi0ek+04Fyqy4sWI+gUrGjY6EWEI6lchacR9gt5R8NyOSl
mTe5efp062O09vjwae4FwUdyOsCfxeMmNKZXIHxhjW17xCSg3b3gQKsyTPxuIyz/
qDoaXetbfgcvc+mGx+SRNVbtG5LQi4+4asP6STAy9ZCvYBMh0EBrWelaxJv2lEXi
oLcwbXBrdoFSosVbvIp46FxKwWFluAq2uvniCMvQ1VfYJVTyWglaiHNVlhhxY3M=
=F/Hg
-----END PGP SIGNATURE-----

BIN
Botan-1.10.14.tgz (Stored with Git LFS) Normal file

Binary file not shown.

11
Botan-1.10.14.tgz.asc Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEYh2vZBHhhRxM+aLhYhHr8e+637wFAlg8DKMACgkQYhHr8e+6
37xl/gf+OoUkiVu7Mi+UvOozBoQ8k9KPrj+afhTPlSgpXJHLhrtm7k1JMyGFzYJf
PwEUEI2POI5SQ6sEX++MhN09XYQDle3LWEwsgBmZh0aoIr+3aYHNKgH6U3FjLT6t
B0gk7RWygEDbm8NGdxqWducHrFdLR/MVSuYjuX4zgOjR0Nr69pimdjAGc1r4KH/3
EHrSnSFeMMWqfN0CShQg30gp00et4P7rWo4NLNXVigkVif0TvQ4dAVejWr8UWkKN
OId+XTfngj7ynpQnkBfUZ7O9N+ybbaiLaKaEbn1xN5WwFIqYt8DeUcX3RjOT11eF
XbMK5bJDzcpE2+crlXodw8B6KkqY7A==
=e8ta
-----END PGP SIGNATURE-----

View File

@@ -1,10 +1,25 @@
-------------------------------------------------------------------
Wed Dec 28 12:02:11 CET 2016 - pth@suse.de
- Update to 1.10.14
* Fix integer overflow during BER decoding, found by Falko Strenzke.
This bug is not thought to be directly exploitable but upgrading ASAP
is advised. (CVE-2016-9132)
* Fix two cases where (in error situations) an exception would be
thrown from a destructor, causing a call to std::terminate.
* When RC4 is disabled in the build, also prevent it from being
included in the OpenSSL provider. (GH #638)
-------------------------------------------------------------------
Sun Nov 13 01:32:18 UTC 2016 - netsroth@opensuse.org
- Update to 1.10.13
* Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA (CVE-2016-2849)
* Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption (CVE-2015-7827)
* Avoid a compilation problem in OpenSSL engine when ECDSA was disabled. Gentoo bug 542010
* Use constant time modular inverse algorithm to avoid possible side
channel attack against ECDSA (CVE-2016-2849)
* Use constant time PKCS #1 unpadding to avoid possible side channel
attack against RSA decryption (CVE-2015-7827)
* Avoid a compilation problem in OpenSSL engine when ECDSA was
disabled. Gentoo bug 542010
-------------------------------------------------------------------
Fri May 13 07:31:21 UTC 2016 - faure@kde.org

View File

@@ -19,7 +19,7 @@
%define version_suffix 1_10-1
%define short_version 1.10
Name: Botan
Version: 1.10.13
Version: 1.10.14
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause

View File

@@ -1,8 +1,12 @@
diff --git a/configure.py b/configure.py
index b606e06..f184939 100755
--- a/configure.py
+++ b/configure.py
@@ -1135,7 +1135,7 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
---
configure.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: Botan-1.10.14/configure.py
===================================================================
--- Botan-1.10.14.orig/configure.py 2016-11-28 11:52:20.000000000 +0100
+++ Botan-1.10.14/configure.py 2016-12-28 10:59:39.592584921 +0100
@@ -1140,7 +1140,7 @@ def create_template_vars(build_config, o
options.cpu, options.debug_build),
'lib_opt': cc.library_opt_flags(options),