SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libbotan-1_10-1-32bit-1.10.12-4.1.x86_64.rpm :
Wed Feb 3 13:00:00 2016 michaelAATTstroeder.com
- Update to 1.10.12
- Version 1.10.12, 2016-02-03

* In 1.10.11, the check in PointGFp intended to check the affine y
argument actually checked the affine x again. Reported by Remi Gacogne

* The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an
additional check in the multiplication function itself which was also
added in that release, so there are no security implications from the
missed check. However to avoid confusion the change was pushed in a new
release immediately.

* The 1.10.11 release notes incorrectly identified CVE-2016-2195 as
CVE-2016-2915
- Version 1.10.11, 2016-02-01

* Resolve heap overflow in ECC point decoding. CVE-2016-2195
Resolve infinite loop in modular square root algorithm. CVE-2016-2194
Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239

Thu Dec 24 13:00:00 2015 mpluskalAATTsuse.com
- Add gpg signature
- Cleanup spec file with spec-cleaner

Fri Aug 14 14:00:00 2015 mvyskocilAATTopensuse.org
- Fix Source0 URL

Tue Aug 11 14:00:00 2015 netsrothAATTopensuse.org
- bump SONAME to libbotan-1_10-1
- Update to 1.10.10

* SECURITY: The BER decoder would crash due to reading from offset 0
of an empty vector if it encountered a BIT STRING which did not
contain any data at all. As the type requires a 1 byte field this
is not valid BER but could occur in malformed data. Found with
afl. CVE-2015-5726

* SECURITY: The BER decoder would allocate a fairly arbitrary amount
of memory in a length field, even if there was no chance the read
request would succeed. This might cause the process to run out of
memory or invoke the OOM killer. Found with afl. CVE-2015-5727

* Due to an ABI incompatible (though not API incompatible) change in
this release, the version number of the shared object has been
increased.

* The default TLS policy no longer allows RC4.

* Fix a signed integer overflow in Blue Midnight Wish that may cause
incorrect computations or undefined behavior.
- Update to 1.10.9

* Fixed EAX tag verification to run in constant time

* The default TLS policy now disables SSLv3.

* A crash could occur when reading from a blocking random device if
the device initially indicated that entropy was available but a
concurrent process drained the entropy pool before the read was
initiated.

* Fix decoding indefinite length BER constructs that contain a
context sensitive tag of zero. Github pull 26 from Janusz Chorko.

* The botan-config script previously tried to guess its prefix from
the location of the binary. However this was error prone, and now
the script assumes the final installation prefix matches the value
set during the build. Github issue 29.

Wed Jun 24 14:00:00 2015 liujianfeng1994AATTgmail.com
- Change build dependence \"libqt4-devel\" to \"libqt5-qtbase-devel\".

Thu May 8 14:00:00 2014 tbehrensAATTsuse.com
- Update to 1.10.8

* Fix a bug in primality testing introduced in 1.8.3 which caused
only a single random base, rather than a sequence of random bases,
to be used in the Miller-Rabin test. This increased the
probability that a non-prime would be accepted, for instance a
1024 bit number would be incorrectly classed as prime with
probability around 2^-40. Reported by Jeff Marrison.

* The key length limit on HMAC has been raised to 512 bytes,
allowing the use of very long passphrases with PBKDF2.
- Update to 1.10.7

* OAEP had two bugs, one of which allowed it to be used even if the
key was too small, and the other of which would cause a crash
during decryption if the EME data was too large for the associated
key.

Mon Mar 3 13:00:00 2014 roAATTsuse.de
- change license to BSD-2-Clause as requested by legal

Sun Dec 8 13:00:00 2013 dvaleevAATTsuse.com
- Add ppc64le architecture
- added patches:

* ppc64le-support.patch

Mon Nov 11 13:00:00 2013 tbehrensAATTsuse.com
- Update to 1.10.6

* The device reading entropy source now attempts to read from all
available devices. Previously it would break out early if a
partial read from a blocking source occured, not continuing to
read from a non-blocking device. This would cause the library to
fall back on slower and less reliable techniques for collecting
PRNG seed material. Reported by Rickard Bellgrim.

* HMAC_RNG (the default PRNG implementation) now automatically
reseeds itself periodically. Previously reseeds only occured on
explicit application request.

* Fix an encoding error in EC_Group when encoding using
EC_DOMPAR_ENC_OID. Reported by fxdupont on github.

* In EMSA2 and Randpool, avoid calling name() on objects after
deleting them if the provided algorithm objects are not suitable
for use. Found by Clang analyzer, reported by Jeffrey Walton.

* If X509_Store was copied, the u32bit containing how long to cache
validation results was not initialized, potentially causing
results to be cached for significant amounts of time. This could
allow a certificate to be considered valid after its issuing CA’s
cert expired. Expiration of the end-entity cert is always checked,
and reading a CRL always causes the status to be reset, so this
issue does not affect revocation. Found by Coverity scanner.

* Avoid off by one causing a potentially unterminated string to be
passed to the connect system call if the library was configured to
use a very long path name for the EGD socket. Found by Coverity
Scanner.

* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and
PK_Key_Agreement, avoid dereferencing an unitialized pointer if no
engine supported operations on the key object given. Found by
Coverity scanner.

* Avoid leaking a file descriptor in the /dev/random and EGD entropy
sources if stdin (file descriptor 0) was closed. Found by Coverity
scanner.

* Avoid a potentially undefined operation in the bit rotation
operations. Not known to have caused problems under any existing
compiler, but might have caused problems in the future. Caught by
Clang sanitizer, reported by Jeffrey Walton.

* Increase default hash iterations from 10000 to 50000 in PBES1 and
PBES2

* Add a fix for mips64el builds from Brad Smith.

Sat Mar 16 13:00:00 2013 cgiboudeauxAATTgmx.com
- Update to 1.10.5

* A potential crash in the AES-NI implementation of the AES-192 key schedule
(caused by misaligned loads) has been fixed.

* A previously conditional operation in Montgomery multiplication and
squaring is now always performed, removing a possible timing channel.

Sun Mar 10 13:00:00 2013 schwabAATTsuse.de
- aarch64-support.patch: add support for aarch64

Fri Sep 14 14:00:00 2012 p.drouandAATTgmail.com
- update to 1.10.3:

* A change in 1.10.2 accidentally broke ABI compatibility with
1.10.1 and earlier versions, causing programs compiled against
1.10.1 to crash if linked with 1.10.2 at runtime.

* Recent versions of OpenSSL include extra information in ECC
private keys, the presence of which caused an exception when such
a key was loaded by botan. The decoding of ECC private keys has been
changed to ignore these fields if they are set.
- remove Botan-qt_thread_support.patch no needed anymore

Thu Aug 16 14:00:00 2012 dmuellerAATTsuse.com
- don\'t fiddle with march settings, we want the distro defaults
(fixes build on ARM)

Tue Feb 7 13:00:00 2012 cooloAATTsuse.com
- little spec cleanup

Fri Sep 16 14:00:00 2011 jengelhAATTmedozas.de
- Implement baselibs.conf for package
- Remove obsolete/redundant tags

Mon Jul 4 14:00:00 2011 pthAATTsuse.de
- Make package own its docdir.

Thu Jun 23 14:00:00 2011 dmuellerAATTsuse.de
- rename the devel package back to libbotan-devel as the main
package allows to build only one -devel package

Wed Jun 22 14:00:00 2011 pthAATTsuse.de
- Fix Requires for devel package.

Tue Jun 21 14:00:00 2011 pthAATTsuse.de
- Devel package now is versioned so multiple devel packages may
be installed in parallel.
- Devel package renamed back to Botan-devel to keep rpmlint from
thinking it is a library package ...
- Update to 1.10.0:
New Features:

* SSL (SSLv3, TLS 1.0, and TLS 1.1 are currently supported)

* GOST 34.10-2001 signature scheme (a Russian ECC signature standard
analogous to ECDSA)

* The SHA-3 candidates Keccak and Blue Midnight Wish

* Bcrypt password hashing

* XSalsa20

* AES key wrapping

* Comb4P hash combinator.
Other Changes:

* The block cipher interface now exposes any possible parallelism
available to the implementation, and XTS, CTR, and CBC modes have been
changed to use them.

* SIMD implementations of Serpent, XTEA, Noekeon, and IDEA have been
added, as has an implementation of AES using SSSE3 which runs both in
constant time and, on recent processors, significantly faster than the
usual table based implementation. There have also been numerous
optimizations to elliptic curves.

* The documentation, previously written in LaTeX, is now in
reStructuredText, which is converted into HTML with Sphinx. This new
format is significantly easier to write, encouraging more documentation
to be written and updated. And, indeed, a number of features never
before documented are now described in the manual.

Wed Sep 1 14:00:00 2010 pthAATTsuse.de
- Prefix last patch with Botan-.
- Enable building of the qt_mutex module. This means that from now
on libbotan requires libQtCore.
- Fix test for thread/mutex support to also work for Qt4.
- Update to 1.8.10:

* This release changes a number of aspects of how private keys are
encrypted. The default encryption algorithm has changed from 3DES
to AES-256

* The default iteration count for PBES1 and PBES2 encryption schemes
(which are used primarily to encrypt asymmetric keys like RSA or
DSA) has increased from 2048 to 10000, which should make brute
force key cracking substantially harder.

* The first round of AES now uses a smaller set of lookup tables;
this only reduces performance slightly but some timing and cache
analysis attacks against AES are substantially harder when AES is
implemented this way.

* The class known as S2K was renamed PBKDF in 1.9, with a typedef
for backwards compatibility. For providing an equivalent forward
compatibility path, 1.8.10 includes a typedef for PBKDF and a new
accessor function get_pbkdf. It also includes a new interface for
deriving keys with a passphrase which takes both the passphrase
and desired output length as well as the salt and iteration
count; in many cases this call is actually significantly more
convenient than the older API.

Tue Aug 31 14:00:00 2010 ajAATTsuse.de
- Do not include build time and host in package to not trigger rebuilds.
- Add pkg-config build requires as suggested by rpmlint.

Wed Mar 10 13:00:00 2010 roAATTsuse.de
- add patch from fedora to fix build on x86_64
(botan-1.8.8-binutils_lea_offset.patch)

Sun Jan 10 13:00:00 2010 jengelhAATTmedozas.de
- run configure with --cpu=%_target to have correct bitness
selected for SPARC

Mon Dec 21 13:00:00 2009 cooloAATTnovell.com
- do not patch arch specific Makefiles, but simply pass WARN_FLAGS

Sun Dec 20 13:00:00 2009 roAATTsuse.de
- fix requires for devel package

Wed Dec 16 13:00:00 2009 pthAATTsuse.de
- Remove patches that aren\'t needed anymore.

Fri Dec 11 13:00:00 2009 pthAATTsuse.de
- Update to Botan-1.8.8:
- Alter Skein-512 to match the tweaked 1.2 specification
- Fix use of inline asm for access to x86 bswap function
- Allow building the library without AES enabled
- For the complete changes since 1.6.4 see log.txt in
/usr/share/doc/packages/Botan.


  
ICM