SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libcryptopp8_9_0-8.9.0-110.22.x86_64.rpm :

* Thu Jan 04 2024 pgajdosAATTsuse.com- security update- added patches fix CVE-2023-50981 [bsc#1218222], issue on ModularSquareRoot function leads to potential DoS https://github.com/weidai11/cryptopp/pull/1255 + libcryptopp-CVE-2023-50981.patch
* Thu Dec 21 2023 pgajdosAATTsuse.com- version update to 8.9.0
* Crypto++ 8.9 was released on October 1, 2023. The 8.9 release was a minor, unplanned release. There were no CVEs and one memory error.
* The 8.9 release was driven by the fix for `ProcessData`, and the failures when `inString==outString`. Also see GH #1231, Rabbit Produces null Keystream When inString == outString.
* Release notes
* ===========
* minor release, recompile of programs required
* expanded community input and support
* 88 unique contributors as of this release
* add additional tests to datatest.cpp
* fix SIMON128 Asan finding on POWER8
* fix AES/CFB and AES/CTR modes self test failures when using Cryptogams AES on ARMv7
* fix ARIA/CTR mode self test failures when inString==outString
* fix HIGHT/CTR mode self test failures when inString==outString
* fix Rabbit/CTR mode self test failures when inString==outString
* fix HC128/CTR and HC256/CTR mode self test failures when inString==outString
* fix Prime Table and dangling reference to a temporary
* fix Singleton::Ref() when using C++11 memory fences
* remove unneeded call to Crop() in Randomize()- modified patches % libcryptopp-shared.patch (refreshed)- modified sources % baselibs.conf- added patches fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file + libcryptopp-CVE-2023-50980.patch
* Sun Jul 16 2023 Dirk Müller - update to 8.8.0:
* minor release, recompile of programs required
* expanded community input and support
* 88 unique contributors as of this release
* fix crash in cryptest.exe when invoked with no options
* fix crash in library due to GCC removing live code
* fix RSA with key size 16 may provide an invalid key
* fix failure to build on 32-bit x86
* fix failure to build on iPhone Simulator for arm64
* fix failure to build on Windows arm64
* test for SSSE3 before using the ISA
* fix include of when using MSVC
* improve performance of CRC32C_Update_SSE42 for x86-64
* update documentation
* Wed Aug 10 2022 Bernhard Wiedemann - Enable SSE2 to fix i586 build
* Tue Aug 09 2022 Bernhard Wiedemann - Update to 8.7.0- https://cryptopp.com/release870.html
* fix RSA key generation for small moduli (GH #1136)
* fix AES-GCM with AESNI but without CLMUL (GH #1132)
* rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData (GH #1088, GH #1103) + restored performance and avoided performance penalty of a temp buffer
* fix undersized SecBlock buffer in Integer bit operations (GH #1072)
* work around several GCC 11 & 12 problems
* Sat Sep 25 2021 Dave Plater - Update to 8.6.0-upstream changes:
* This release clears CVE-2021-40530 and fixes a problem with ChaCha20 AVX2 implementation.
* The CVE was due to ElGamal encryption using a work estimate to size encryption exponents instead subgroup order.
* The ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The ChaCha20 issue was difficult to duplicate, so most users should not experience it.
* Wed Mar 17 2021 Dirk Müller - update to 8.5.0:
* minor release, no recompile of programs required
* expanded community input and support
* 70 unique contributors as of this release
* port to Apple M1 hardware
* Sat Jan 02 2021 Dave Plater - Update to version 8.4.0 and remove obsolete patches: 0001-Fix-TCXXFLAGS-using-openSUSE-standard-flags-GH-865.patch, 0001-Fix-missing-if-statement.patch and cve-2019-14318.patch- Upstream changes:
* fix use of macro CRYPTOPP_ALIGN_DATA
* fix potential out-of-bounds read in ECDSA
* fix std::bad_alloc when using ByteQueue in pipeline
* fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang
* fix potential out-of-bounds read in GCM mode
* add configure.sh when preprocessor macros fail
* fix potential out-of-bounds read in SipHash
* fix compile error on POWER9 due to vec_xl_be
* fix K233 curve on POWER8
* add Cirrus CI testing
* fix broken encryption for some 64-bit ciphers
* disable RDRAND and RDSEED for some AMD processors
* fix BLAKE2 hash calculation using Salt and Personalization
* add XTS mode
* fix circular dependency between misc.h and secblock.h
* add Certificate interface
* fix recursion in AES::Encryption without AESNI
* add missing OID for ElGamal encryption
* fix missing override in KeyDerivationFunction-derived classes
* fix RDSEED assemble under MSVC
* fix elliptic curve timing leaks (CVE-2019-14318)
* add link-library variable to Makefiles
* fix SIZE_MAX definition in misc.h
* add GetWord64 and PutWord64 to BufferedTransformation
* use HKDF in AutoSeededX917RNG::Reseed
* fix Asan finding in VMAC on i686 in inline asm
* fix undeclared identifier _mm_roti_epi64 on Gentoo
* fix ECIES and GetSymmetricKeyLength
* fix possible divide by zero in PKCS5_PBKDF2_HMAC
* refine ASN.1 encoders and decoders
* disable BMI2 code paths in Integer class
* fix use of CRYPTOPP_CLANG_VERSION
* add NEON SHA1, SHA256 and SHA512 from Cryptogams
* add ARM SHA1, SHA256 and SHA512 from Cryptogams
* fix reference binding to misaligned address in xed25519
* clear asserts in TestDataNameValuePairs
* fix SIGILL on POWER8 when compiling with GCC 10
* fix potential out-of-bounds write in FixedSizeAllocatorWithCleanup
* revert changes for constant-time elliptic curve algorithms
* Thu Jul 02 2020 Tomáš Chvátal - Simplify the baselibs creation- Do not BR unzip as the tarball is tar.gz- Generate the pc file with cat not bunch of echos
* Sun Aug 11 2019 Dave Plater - Added cve-2019-14318.patch which fixes (1)leak in ECDSA nonce length; and (2) leak in prime fields (ECP class).- See boo#1145187- Disabled LTO for i586 to fix build failure.
  
ICM