SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libbotan-2-4-2.4.0-6.1.x86_64.rpm :
Wed Feb 14 13:00:00 2018 sleep_walkerAATTopensuse.org
- change group of libbotan-%{version_suffix} to \'System/Libraries\' as
requested on review

Mon Feb 12 13:00:00 2018 adam.majerAATTsuse.de
- Don\'t drop -fstack-clash-protection for openSUSE 42.3 - we just
need the Update repository present.

Mon Feb 12 13:00:00 2018 adam.majerAATTsuse.de
- Rename libbotan-devel to libbotan2-devel. We can\'t have clashing
packages in the archive because Botan1 and Botan2 provide the
same -devel binary. Botan2 is also no API compatible with Botan.

Sun Feb 11 13:00:00 2018 sleep_walkerAATTopensuse.org
- fix expected version after bump in baselibs.conf too

Thu Feb 8 13:00:00 2018 sleep_walkerAATTopensuse.org
- fix unknown flag -fstack-clash-protection for openSUSE 42.3
- rename to Botan2
- drop Botan2-INT_MAX.patch as not needed anymore
- Bump to libbotan 2.4
Changes and new features:

* Several build improvements requested by downstream packagers,
including the ability to disable building the static library. All
makefile constructs that were specific to nmake or GNU make have
been eliminated, thus the option ``--makefile-style`` which was
previously used to select the makefile type has also been
removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346)

* Support for negotiating the DH group as specified in RFC 7919 is
now available in TLS (GH #1263)

* Support for ARIA-GCM ciphersuites are now available in TLS. They
are disabled by default. (GH #1284)

* Add support for generating and verifying X.509 objects
(certificates, CRLs, etc) using RSA-PSS signatures (GH #1270 and
[#1368])

* Add support for AES key wrapping with padding, as specified in RFC
5649 and NIST SP 800-38F (GH #1301)

* OCSP requests made during certificate verification had the
potential to hang forever. Now the sockets are non-blocking and a
timeout is enforced. (GH #1360 fixing GH #1326)

* Add ``Public_Key::fingerprint_public`` which allows fingerprinting
the public key.
The previously available ``Private_Key::fingerprint`` is
deprecated, now ``Private_Key::fingerprint_private`` should be
used if this is required. (GH #1357)

* ECC certificates generated by Botan used an invalid encoding for
the parameters field, which was rejected by some certificate
validation libraries notably BouncyCastle. (GH #1367)

* Loading an ECC key which used OID encoding for the domain
parameters, then saving it, would result in a key using the
explicit parameters encoding. Now the OID encoding is
retained. (GH #1365)

* Correct various problems in certificate path validation that arose
when multiple paths could be constructed leading to a trusted root
but due to other constraints only some of them validated. (GH
[#1363])

* It is now possible for certificate validation to return warning
indicators, such as that the distinguished name is not within
allowed limits or that a certificate with a negative serial number
was observed. (GH #1363 #1359)

* XMSS signatures now are multi-threaded for improved performance
(GH #1267)

* Fix a bug that caused the TLS peer cert list to be empty on a
resumed session. (GH #1303 #1342)

* Increase the maximum HMAC key length from 512 bytes to 4096
bytes. This allows using a DH key exchange in TLS with a group
greater than 4096 bits. (GH #1316)

* Fix a bug in the TLS server where, on receiving an SSLv3 client
hello, it would attempt to negotiate TLS v1.2. Now a
protocol_version alert is sent. Found with tlsfuzzer. (GH #1316)

* Fix several bugs related to sending the wrong TLS alert type in
various error scenarios, caught with tlsfuzzer.

* Add support for a ``tls_http_server`` command line utility which
responds to simple GET requests. This is useful for testing
against a browser, or various TLS test tools which expect the
underlying protocol to be HTTP. (GH #1315)

* Add an interface for generic PSK data stores, as well as an
implementation which encrypts stored values with AES key
wrapping. (GH #1302)

* Optimize GCM mode on systems both with and without carryless
multiply support. This includes a new base case implementation
(still constant time), a new SSSE3 implementation for systems with
SSSE3 but not clmul, and better algorithms for systems with clmul
and pmull. (GH #1253 #1263)

* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b,
Blowfish, Twofish, CAST-128, and CRC24 (GH #1281)

* Salsa20 now supports the seek operation.

* Add ``EC_Group::known_named_groups`` (GH #1339)

* Symmetric algorithms (block ciphers, stream ciphers, MACs) now
verify that a key was set before accepting data. Previously
attempting to use an unkeyed object would instead result in either
a crash or invalid outputs. (GH #1279)

* The X509 certificate, CRL and PKCS10 types have been heavily
refactored internally. Previously all data of these types was
serialized to strings, then in the event a more complicated data
structure (such as X509_DN) was needed, it would be recreated from
the string representation. However the round trip process was not
perfect and could cause fields to become lost. This approach is no
longer used, fixing several bugs (GH #1010 #1089 #1242 #1252). The
internal data is now stored in a ``shared_ptr``, so copying such
objects is now very cheap. (GH #884)

* ASN.1 string objects previously held their contents as ISO 8859-1
codepoints. However this led to certificates which contained
strings outside of this character set (eg in Cyrillic, Greek, or
Chinese) being rejected. Now the strings are always converted to
UTF-8, which allows representing any character. In addition, UCS-4
strings are now supported. (GH #1113 #1250 #1287 #1289)

* It is now possible to create an uninitialized X509_Certificate
object. Such an object will throw if any attempt to access its
members is made. (GH #1335)

* In BER decoder, avoid unbounded stack recursion when parsing
nested indefinite length values. Now at most 16 nested indefinite
length values are accepted, anything deeper resulting in a
decoding error. (GH #1304 OSS-Fuzz 4353).

* A new ASN.1 printer API allows generating a string representation
of arbitrary BER data. This is used in the ``asn1print`` command
line utility and may be useful in other applications, for instance
for debugging.

* New functions for bit rotations that distinguish rotating by a
compile-time constant vs a runtime variable rotation. This allows
better optimizations in both cases. Notably performance of
CAST-128 and CAST-256 are substantially improved. (GH #1247)

* TLS CBC ciphersuites now are implemented using the standard CBC
code, instead of reimplementing CBC inside the TLS stack. This
allows for parallel decryption of TLS CBC ciphertexts, and
improves performance especially when using AES hardware
support. (GH #1269)

* Add callbacks to make it possible for an application using TLS to
provide custom implementations of signature schemes, eg when
offloading the computations to another device. (GH #1332)

* Use a direct calculation for calendar computations instead of
relying on non-portable operating system interfaces. (GH #1336)

* Fix a bug in the amalgamation generation which could cause build
failures on some systems including macOS. (GH #1264 #1265)

* A particular code sequence in TLS handshake would always (with an
ECC ciphersuite) result in an exception being thrown and then
caught. This has changed so no exception is thrown. (GH #1275)

* The code for byteswapping has been improved for ARMv7 and for
Windows x86-64 systems using MSVC. (GH #1274)

* The GMAC class no longer derives from GHASH. This should not cause
any noticeable change for applications. (GH #1253)

* The base implementation of AES now uses a single 4K table, instead
of 4 such tables. This offers a significant improvement against
cache-based side channels without hurting performance too much. In
addition the table is now guaranteed to be aligned on a cache
line, which ensures the additional countermeasure of reading each
cache line works as expected. (GH #1255)

* In TLS client resumption, avoid sending a OCSP stapling
request. This caused resumption failures with some servers. (GH
[#1276])

* The overhead of making a call through the FFI layer has been
reduced.

* The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were
incorrect. They have been changed to use the correct encoding, and
a test added to ensure such errors do not recur.

* Counter mode allows setting a configurable width of the
counter. Previously it was allowed for a counter of even 8 bits
wide, which would mean the keystream would repeat after just 256
blocks. Now it requires the width be at least 32 bits. The only
way this feature could be used was by manually constructing a
``CTR_BE`` object and setting the second parameter to something in
the range of 1 to 3.

* A new mechanism for formatting ASN.1 data is included in
``asn1_print.h``. This is the same functionality used by the
command line ``asn1print`` util, now cleaned up and moved to the
library.

* Add ``Pipe::append_filter``. This is like the existing
(deprecated) ``Pipe::append``, the difference being that
``append_filter`` only allows modification before the first call
to ``start_msg``. (GH #1306 #1307)

* The size of ASN1_Tag is increased to 32 bits. This avoids a
problem with UbSan (GH #751)

* Fix a bug affecting bzip2 compression. In certain circumstances,
compression would fail with ``BZ_SEQUENCE_ERROR`` due to calling
bzlib in an way it does not support. (GH #1308 #1309)

* In 2.3.0, final annotations were added to many classes including
the TLS policies (like ``Strict_Policy`` and
``BSI_TR_02102_2``). However it is reasonable and useful for an
application to derive from one of these policies, so as to create
an application specific policy that is based on a library-provided
policy, but with a few tweaks. So the final annotations have been
removed on these classes. (GH #1292)

* A new option ``--with-pdf`` enables building a PDF copy of the
handbook. (GH #1337)

* A new option ``--with-rst2man`` enables building a man page for
the command line util using Docutils rst2man. (GH #1349)

* Support for NEON is now enabled under Clang.

* Now the compiler version is detected using the preprocessor,
instead of trying to parse the output of the compiler\'s version
string, which was subject to problems with localization. (GH
[#1358])

* By default the gzip compressor will not include a timestamp in the
header. The timestamp can be set by passing it to the
``Gzip_Compression`` constructor.

* Resolve a performance regression on Windows involving the system
stats entropy source. (GH #1369)

* Add an OID for RIPEMD-160

* Fixes for CMake build (GH #1251)

* Avoid some signed overflow warnings (GH #1220 #1245)

* As upstream support for Native Client has been deprecated by
Google, support is now also deprecated in Botan and will be
removed in a future release.

* The Perl-XS wrapper has not been maintained in many years. It is
now deprecated, and if no attempts are made to revive it, it will
be removed in a future release.

* Support for building on IRIX has been removed.

Thu Jan 11 13:00:00 2018 iAATTmarguerite.su
- add Botan2-INT_MAX.patch

* Fix “INT_MAX was not declared in this scope”
in openSUSE Leap 42.1

Mon Jan 8 13:00:00 2018 iAATTmarguerite.su
- fix build. python3 configure itself is useless,
we should make package python3 too.

Wed Nov 1 13:00:00 2017 mimi.vxAATTgmail.com
- explictly use python 3 for configure

Wed Oct 4 14:00:00 2017 daniel.molkentinAATTsuse.com
- Bump to libbotan 2.3
Changes and new features:

* Address a side channel affecting modular exponentiation. An attacker
capable of a local or cross-VM cache analysis attack may be able to recover
bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Add the
SHACAL2 block cipher, including optimizations using SIMD and SHA-NI
instructions. (GH #1151, bsc#1060433)

* Add the ARIA block cipher (GH #1004 and #1157)

* Add support for the ARMv8 AES instructions (GH #1182 and #1146)

* Add support for the ARMv8 PMULL instruction (GH #1181 and #842)

* On macOS and iOS the System_RNG class is now implemented using arc4random.
Previously the system RNG class was not available on iOS. (GH #1219)

* Optimized the CMAC polynomial doubling operation, and removed a small
timing channel due to a conditional operation.

* Added support for the ECDHE_PSK AEAD TLS ciphersuites from
draft-ietf-tls-ecdhe-psk-aead-05.

* SM2 encryption and signature schemes were previously hardcoded to use SM3
hash, now any hash is allowed. (GH #1188) SM2 encryption in 2.2.0 followed
an obsolete version of the standard. The format of the ciphertext changed
in a more recent revision of the standard, and now uses an ASN.1 encoding.
Botan has changed to reflect this format, which is compatible with GmSSL
(GH #1218) OCB mode now supports 192, 256 and 512 bit block ciphers. (GH
[#1205])

* XTS mode now supports 256-bit and 512-bit block ciphers.

* Add ids to allow SHA-3 signatures with PKCSv1.5 (GH #1184)

* Add support for PSSR_Raw signatures which PSS sign an externally derived hash. (GH #1212 #1211)

* GCM now supports truncated tags in the range 96…128 bits. GCM had
previously supported 64-bit truncated tags, but these are known to be
insecure and are now deprecated. (GH #1210 #1207)

* Add a new TLS policy hook allow_client_initiated_renegotiation which is the
parallel of the existing allow_server_initiated_renegotiation. If set to
false, servers will reject attempts by the client to renegotiation the
session, instead sending a no_renegotiation warning alert. Note that the
default is false, ie that client renegotiation is now prohibited by
default. (GH #872) Add HKDF-Expand-Label function which is used in TLS v1.3
and QUIC protocols. (GH #1226)

* Fix decoding of ECC keys that use extensions from RFC 5915 (GH #1208)

* The entropy source that called CryptGenRandom has been removed, and
replaced by a version which invokes the system PRNG, which may be
CryptGenRandom or some other source. (GH #1180) Add support for gathering
entropy using the Crypt-NG BCryptGenRandom API. This is necessary to build
for Windows Phone/Windows Store. (GH #1180)

* Extend “Raw” signature padding (which allows signing a hash computed
externally) to optionally take a hash function name. In this case, it will
be verified that the input matches the expected hash size. This also will
control the hash algorithm used for RFC 6979 deterministic nonces;
previously SHA-512 was always used for RFC 6979 nonces with “Raw”. (GH
[#1153]) The advertised FFI API version has increased. This should have
happened already in 2.2 but was neglected. The botan_ffi_supports_api call
will return true for either the current or older versions of the API
version since no backwards incompatible changes have occurred.

* Add new C89 API functions botan_hex_decode, botan_base64_encode,
botan_base64_decode, botan_constant_time_compare. Add new C89 API
functions botan_privkey_load_dh, botan_pubkey_load_dh, and
botan_privkey_create_dh (GH #1155)

* Add is_passhash9_alg_supported (GH #1154)

* The power_mod function now supports negative bases (GH #1179 #1168)

* Add a new command line utility for examining TLS client hellos.

* Added a new target for LLVM bitcode (GH #1169)

* Improve support for Windows Phone (GH #1180 #796 #794)

* Correct return value of botan_pk_op_verify_finish. In 2.2.0 this function
returned -1 on invalid signature, instead of 1 which was used in 2.0, 2.1,
and now again in 2.3. (GH #1189 #1187) Allow loading unencrypted private
keys via FFI API (GH #1197)

* Add new command line options --rng-type=drbg and --drbg-seed which allow
running commands with a deterministic RNG. (GH #1169)

* Fix a number of warnings seen under Visual C++ (GH #1171 #795)

* Workaround a GCC 7 bug that caused miscompilation of the GOST-34.11 hash
function on x86-32. (GH #882 #1148)

* Fix a bug in SIMD_4x32 which affected little-endian PowerPC processors.
This would cause test failures for Serpent, among other problems.

* Fix Altivec runtime detection, which was broken starting in Botan 2.1.0

* Optimized the verification of TLS CBC padding bytes. Previously the check
examined every byte of the record, even though at most 256 bytes of padding
may be appended. (GH #1227)

* Simplified definition of Botan::secure_allocator. In particular, not
defining the construct and destroy methods avoids a performance problem
under MSVC. (GH #1228 and #1229) The secure_allocator class now uses calloc
and free instead of new and delete. In addition the actual allocation
operation is hidden inside of compiled functions, which significantly
reduces code size. (GH #1231)
The secure_scrub_memory function now uses explicit_bzero on OpenBSD.

* Previously ARM feature detection (NEON, AES, …) relied on getauxval, which
is only supported on Linux and Android. Now iOS is supported, by checking
the model name/version and matching it against known versions.
Unfortunately this is the best available technique on iOS. On Aarch64
systems that are not iOS or Linux/Android, a technique based on trial
execution while catching SIGILL is used. (GH #1213)

* The output of botan config libs was incorrect, it produced -lbotan-2.X
where X is the minor version, instead of the actual lib name -lbotan-2.

* Add constant_time_compare as better named equivalent of same_mem.

* Silence a Clang warning in create_private_key (GH #1150)

* The fuzzers have been better integrated with the main build. See the
handbook for details. (GH #1158)

* The Travis CI and AppVeyor CI builds are now run via a Python script. This
makes it easier to replicate the behavior of the CI build locally. Also a
number of changes were made to improve the turnaround time of CI builds.
(GH #1162 #1199)

* Add support for Win32 filesystem operation, so the tests pass completely on
MinGW now (GH #1203)

* Added a script to automate running TLS-Attacker tests.

* The distribution script now creates reproducible outputs, by forcing all
modification times, uids, etc to values fixed by the release date. (GH
[#1217])

* The BOTAN_DLL macro has been split up into BOTAN_PUBLIC_API,
BOTAN_UNSTABLE_API and BOTAN_TEST_API which allows indicating in the header
the API stability of the export. All three are defined as BOTAN_DLL so
overriding just that macro continues to work as before. (GH #1216)

* Optimize bigint_divop when a double-word type is available. (GH #494)

* Fix several memory leaks in the tests. Additionally a false positive leak
seen under valgrind in the fork tests for the RNG was resolved.

* Export CurveGFp_Repr type (only used internally) to resolve a long standing
UBSan warning. (GH #453)

* Now -fstack-protector and similar flags that affect linking are exported in
botan config ldflags as they already were in the pkg-config output. (GH
[#863])

* Remove double underscore in header guards to avoid using names reserved by
ISO C++. (GH #512)

* Additions to the SRP documentation (GH #1029)

* The package transform (in package.h) is now deprecated, and will be removed
in a future release. (GH #1215)

* Add more tests for the const-time utils (GH #1214)

* Fix a bug in FFI tests that caused the test files not to be found when
using --data-dir option (GH #1149)

* C++ final annotations have been added to classes which are not intended for
derivation. This keyword was already in use but was not applied
consistently.

* A typedef SecureVector has been added for the secure_vector type. This
makes porting code from 1.10 to 2.x API slightly simpler.

* Header files have been cleaned up to remove unnecessary inclusions. In some
cases it may be required to include additional botan headers to get all the
declarations that were previously visible. For example, bigint.h no longer
includes rng.h, but just forward declares RandomNumberGenerator.

* Improved support for IBM xlc compiler.

Sun Aug 27 14:00:00 2017 daniel.molkentinAATTsuse.com
- Bump to libbotan 2.2
Changes and new features:
- Ed25519 signatures
- SM2 signature and encryption schemes
- SM3 hash function
- SM4 block cipher
- Streebog hash
- PGP-S2K key derivation
- NIST SP 800-56A KDF
- Support for Intel and ARM SHA-1 and SHA-2 instructions
- HOTP and TOTP one time password algorithms
- Initial BearSSL provider
- Many additions to the FFI (C89) interface
- Dozens of smaller features and bug fixes documented in the release notes
- Drop 0001-Turn-destdir-option-into-an-environment-variable.patch
This patch has been brought upstream in a slightly modified way

Tue Apr 11 14:00:00 2017 daniel.molkentinAATTsuse.com
- Bump to libbotan 2.1

Wed Dec 28 13:00:00 2016 pthAATTsuse.de
- Update to 1.10.14

* Fix integer overflow during BER decoding, found by Falko Strenzke.
This bug is not thought to be directly exploitable but upgrading ASAP
is advised. (CVE-2016-9132)

* Fix two cases where (in error situations) an exception would be
thrown from a destructor, causing a call to std::terminate.

* When RC4 is disabled in the build, also prevent it from being
included in the OpenSSL provider. (GH #638)

Sun Nov 13 13:00:00 2016 netsrothAATTopensuse.org
- Update to 1.10.13

* Use constant time modular inverse algorithm to avoid possible side
channel attack against ECDSA (CVE-2016-2849)

* Use constant time PKCS #1 unpadding to avoid possible side channel
attack against RSA decryption (CVE-2015-7827)

* Avoid a compilation problem in OpenSSL engine when ECDSA was
disabled. Gentoo bug 542010

Fri May 13 14:00:00 2016 faureAATTkde.org
- Remove Qt5 dependency, since nothing is using it anymore.
- Fix double-prefix in botan-config and pkgconfig file.

Wed Feb 3 13:00:00 2016 michaelAATTstroeder.com
- Update to 1.10.12
- Version 1.10.12, 2016-02-03

* In 1.10.11, the check in PointGFp intended to check the affine y
argument actually checked the affine x again. Reported by Remi Gacogne

* The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an
additional check in the multiplication function itself which was also
added in that release, so there are no security implications from the
missed check. However to avoid confusion the change was pushed in a new
release immediately.

* The 1.10.11 release notes incorrectly identified CVE-2016-2195 as
CVE-2016-2915
- Version 1.10.11, 2016-02-01

* Resolve heap overflow in ECC point decoding. CVE-2016-2195
Resolve infinite loop in modular square root algorithm. CVE-2016-2194
Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239

Thu Dec 24 13:00:00 2015 mpluskalAATTsuse.com
- Add gpg signature
- Cleanup spec file with spec-cleaner

Fri Aug 14 14:00:00 2015 mvyskocilAATTopensuse.org
- Fix Source0 URL

Tue Aug 11 14:00:00 2015 netsrothAATTopensuse.org
- bump SONAME to libbotan-1_10-1
- Update to 1.10.10

* SECURITY: The BER decoder would crash due to reading from offset 0
of an empty vector if it encountered a BIT STRING which did not
contain any data at all. As the type requires a 1 byte field this
is not valid BER but could occur in malformed data. Found with
afl. CVE-2015-5726

* SECURITY: The BER decoder would allocate a fairly arbitrary amount
of memory in a length field, even if there was no chance the read
request would succeed. This might cause the process to run out of
memory or invoke the OOM killer. Found with afl. CVE-2015-5727

* Due to an ABI incompatible (though not API incompatible) change in
this release, the version number of the shared object has been
increased.

* The default TLS policy no longer allows RC4.

* Fix a signed integer overflow in Blue Midnight Wish that may cause
incorrect computations or undefined behavior.
- Update to 1.10.9

* Fixed EAX tag verification to run in constant time

* The default TLS policy now disables SSLv3.

* A crash could occur when reading from a blocking random device if
the device initially indicated that entropy was available but a
concurrent process drained the entropy pool before the read was
initiated.

* Fix decoding indefinite length BER constructs that contain a
context sensitive tag of zero. Github pull 26 from Janusz Chorko.

* The botan-config script previously tried to guess its prefix from
the location of the binary. However this was error prone, and now
the script assumes the final installation prefix matches the value
set during the build. Github issue 29.

Wed Jun 24 14:00:00 2015 liujianfeng1994AATTgmail.com
- Change build dependence \"libqt4-devel\" to \"libqt5-qtbase-devel\".

Thu May 8 14:00:00 2014 tbehrensAATTsuse.com
- Update to 1.10.8

* Fix a bug in primality testing introduced in 1.8.3 which caused
only a single random base, rather than a sequence of random bases,
to be used in the Miller-Rabin test. This increased the
probability that a non-prime would be accepted, for instance a
1024 bit number would be incorrectly classed as prime with
probability around 2^-40. Reported by Jeff Marrison.

* The key length limit on HMAC has been raised to 512 bytes,
allowing the use of very long passphrases with PBKDF2.
- Update to 1.10.7

* OAEP had two bugs, one of which allowed it to be used even if the
key was too small, and the other of which would cause a crash
during decryption if the EME data was too large for the associated
key.

Mon Mar 3 13:00:00 2014 roAATTsuse.de
- change license to BSD-2-Clause as requested by legal

Sun Dec 8 13:00:00 2013 dvaleevAATTsuse.com
- Add ppc64le architecture
- added patches:

* ppc64le-support.patch

Mon Nov 11 13:00:00 2013 tbehrensAATTsuse.com
- Update to 1.10.6

* The device reading entropy source now attempts to read from all
available devices. Previously it would break out early if a
partial read from a blocking source occured, not continuing to
read from a non-blocking device. This would cause the library to
fall back on slower and less reliable techniques for collecting
PRNG seed material. Reported by Rickard Bellgrim.

* HMAC_RNG (the default PRNG implementation) now automatically
reseeds itself periodically. Previously reseeds only occured on
explicit application request.

* Fix an encoding error in EC_Group when encoding using
EC_DOMPAR_ENC_OID. Reported by fxdupont on github.

* In EMSA2 and Randpool, avoid calling name() on objects after
deleting them if the provided algorithm objects are not suitable
for use. Found by Clang analyzer, reported by Jeffrey Walton.

* If X509_Store was copied, the u32bit containing how long to cache
validation results was not initialized, potentially causing
results to be cached for significant amounts of time. This could
allow a certificate to be considered valid after its issuing CA’s
cert expired. Expiration of the end-entity cert is always checked,
and reading a CRL always causes the status to be reset, so this
issue does not affect revocation. Found by Coverity scanner.

* Avoid off by one causing a potentially unterminated string to be
passed to the connect system call if the library was configured to
use a very long path name for the EGD socket. Found by Coverity
Scanner.

* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and
PK_Key_Agreement, avoid dereferencing an unitialized pointer if no
engine supported operations on the key object given. Found by
Coverity scanner.

* Avoid leaking a file descriptor in the /dev/random and EGD entropy
sources if stdin (file descriptor 0) was closed. Found by Coverity
scanner.

* Avoid a potentially undefined operation in the bit rotation
operations. Not known to have caused problems under any existing
compiler, but might have caused problems in the future. Caught by
Clang sanitizer, reported by Jeffrey Walton.

* Increase default hash iterations from 10000 to 50000 in PBES1 and
PBES2

* Add a fix for mips64el builds from Brad Smith.

Sat Mar 16 13:00:00 2013 cgiboudeauxAATTgmx.com
- Update to 1.10.5

* A potential crash in the AES-NI implementation of the AES-192 key schedule
(caused by misaligned loads) has been fixed.

* A previously conditional operation in Montgomery multiplication and
squaring is now always performed, removing a possible timing channel.

Sun Mar 10 13:00:00 2013 schwabAATTsuse.de
- aarch64-support.patch: add support for aarch64

Fri Sep 14 14:00:00 2012 p.drouandAATTgmail.com
- update to 1.10.3:

* A change in 1.10.2 accidentally broke ABI compatibility with
1.10.1 and earlier versions, causing programs compiled against
1.10.1 to crash if linked with 1.10.2 at runtime.

* Recent versions of OpenSSL include extra information in ECC
private keys, the presence of which caused an exception when such
a key was loaded by botan. The decoding of ECC private keys has been
changed to ignore these fields if they are set.
- remove Botan-qt_thread_support.patch no needed anymore

Thu Aug 16 14:00:00 2012 dmuellerAATTsuse.com
- don\'t fiddle with march settings, we want the distro defaults
(fixes build on ARM)

Tue Feb 7 13:00:00 2012 cooloAATTsuse.com
- little spec cleanup

Fri Sep 16 14:00:00 2011 jengelhAATTmedozas.de
- Implement baselibs.conf for package
- Remove obsolete/redundant tags

Mon Jul 4 14:00:00 2011 pthAATTsuse.de
- Make package own its docdir.

Thu Jun 23 14:00:00 2011 dmuellerAATTsuse.de
- rename the devel package back to libbotan-devel as the main
package allows to build only one -devel package

Wed Jun 22 14:00:00 2011 pthAATTsuse.de
- Fix Requires for devel package.

Tue Jun 21 14:00:00 2011 pthAATTsuse.de
- Devel package now is versioned so multiple devel packages may
be installed in parallel.
- Devel package renamed back to Botan-devel to keep rpmlint from
thinking it is a library package ...
- Update to 1.10.0:
New Features:

* SSL (SSLv3, TLS 1.0, and TLS 1.1 are currently supported)

* GOST 34.10-2001 signature scheme (a Russian ECC signature standard
analogous to ECDSA)

* The SHA-3 candidates Keccak and Blue Midnight Wish

* Bcrypt password hashing

* XSalsa20

* AES key wrapping

* Comb4P hash combinator.
Other Changes:

* The block cipher interface now exposes any possible parallelism
available to the implementation, and XTS, CTR, and CBC modes have been
changed to use them.

* SIMD implementations of Serpent, XTEA, Noekeon, and IDEA have been
added, as has an implementation of AES using SSSE3 which runs both in
constant time and, on recent processors, significantly faster than the
usual table based implementation. There have also been numerous
optimizations to elliptic curves.

* The documentation, previously written in LaTeX, is now in
reStructuredText, which is converted into HTML with Sphinx. This new
format is significantly easier to write, encouraging more documentation
to be written and updated. And, indeed, a number of features never
before documented are now described in the manual.

Wed Sep 1 14:00:00 2010 pthAATTsuse.de
- Prefix last patch with Botan-.
- Enable building of the qt_mutex module. This means that from now
on libbotan requires libQtCore.
- Fix test for thread/mutex support to also work for Qt4.
- Update to 1.8.10:

* This release changes a number of aspects of how private keys are
encrypted. The default encryption algorithm has changed from 3DES
to AES-256

* The default iteration count for PBES1 and PBES2 encryption schemes
(which are used primarily to encrypt asymmetric keys like RSA or
DSA) has increased from 2048 to 10000, which should make brute
force key cracking substantially harder.

* The first round of AES now uses a smaller set of lookup tables;
this only reduces performance slightly but some timing and cache
analysis attacks against AES are substantially harder when AES is
implemented this way.

* The class known as S2K was renamed PBKDF in 1.9, with a typedef
for backwards compatibility. For providing an equivalent forward
compatibility path, 1.8.10 includes a typedef for PBKDF and a new
accessor function get_pbkdf. It also includes a new interface for
deriving keys with a passphrase which takes both the passphrase
and desired output length as well as the salt and iteration
count; in many cases this call is actually significantly more
convenient than the older API.

Tue Aug 31 14:00:00 2010 ajAATTsuse.de
- Do not include build time and host in package to not trigger rebuilds.
- Add pkg-config build requires as suggested by rpmlint.

Wed Mar 10 13:00:00 2010 roAATTsuse.de
- add patch from fedora to fix build on x86_64
(botan-1.8.8-binutils_lea_offset.patch)

Sun Jan 10 13:00:00 2010 jengelhAATTmedozas.de
- run configure with --cpu=%_target to have correct bitness
selected for SPARC

Mon Dec 21 13:00:00 2009 cooloAATTnovell.com
- do not patch arch specific Makefiles, but simply pass WARN_FLAGS

Sun Dec 20 13:00:00 2009 roAATTsuse.de
- fix requires for devel package

Wed Dec 16 13:00:00 2009 pthAATTsuse.de
- Remove patches that aren\'t needed anymore.

Fri Dec 11 13:00:00 2009 pthAATTsuse.de
- Update to Botan-1.8.8:
- Alter Skein-512 to match the tweaked 1.2 specification
- Fix use of inline asm for access to x86 bswap function
- Allow building the library without AES enabled
- For the complete changes since 1.6.4 see log.txt in
/usr/share/doc/packages/Botan.


  
ICM