Changelog for
Botan-2.6.0-2.4.x86_64.rpm :
* Thu Apr 12 2018 kasimir_AATToutlook.de- fixed to build on armv6 and armv7
* Tue Apr 10 2018 daniel.molkentinAATTsuse.com- Update to Botan 2.6
* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a malformed ciphertext cause the decryptor to read and HMAC an additional 64K bytes of data which is not part of the record. This could cause a crash if the read went into unmapped memory. No information leak or out of bounds write occurs.
* Add support for OAEP labels (GH #1508)
* RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster.
* Add exponent blinding to RSA (GH #1523)
* Add Cipher_Mode::create and AEAD_Mode::create (GH #1527)
* Fix bug in TLS server introduced in 2.5 which caused connection to fail if the client offered any signature algorithm not known to the server (for example RSA/SHA-224).
* Fix a bug in inline asm that would with GCC 7.3 cause incorrect computations and an infinite loop during the tests. (GH #1524 #1529)
* Tue Apr 03 2018 daniel.molkentinAATTsuse.com- Update to Botan 2.5
* Fix error in certificate wildcard matching (CVE-2018-9127), where a wildcard cert for b
*.example.com would be accepted as a match for any host with name
*b
*.example.com (GH #1519)
* Add support for RSA-PSS signatures in TLS (GH #1285)
* Ed25519 certificates are now supported (GH #1501)
* Many optimizations in ECC operations. ECDSA signatures are 8-10 times faster. ECDSA verification is about twice as fast. ECDH key agreement is 3-4 times faster. (GH #1457 #1478)
* Implement product scanning Montgomery reduction, which improves Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH [#1472])
* DSA signing and verification performance has improved by 30-50%.
* Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261)
* Add new TLS::Callbacks methods that allow creating or removing extensions, as well as examining extensions sent by the peer (GH #1394 #1186)
* Add new TLS::Callbacks methods that allow an application to negotiate use of custom elliptic curves. (GH #1448)
* Add ability to create custom elliptic curves (GH #1441 #1444)
* Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
* Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502 [#986])
* The default encoding of ECC public keys has changed from compressed to uncompressed point representation. This improves compatability with some common software packages including Golang’s standard library. (GH #1480 [#1483])
* It is now possible to create DNs with custom components. (GH #1490 #1492)
* It is now possible to specify the serial number of created certificates, instead of using the default 128-bit random integer. (GH #1489 #1491)
* Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values (eg for modular reductions). (GH #1435 #1454)
* Make it possible for PKCS10 requests to include custom extensions. This also makes it possible to use muliple SubjectAlternativeNames of a single type in a request, which was previously not possible. (GH #1429 #1428)
* Add new optimized interface for FE1 format preserving encryption. By caching a number of values computed in the course of the FPE calculation, it provides a 6-7x speedup versus the old API. (GH #1469)
* Add DSA and ElGamal keygen functions to FFI (#1426)
* Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402)
* Fix a memory leak in the OpenSSL block cipher integration, introduced in
* 2.2.0
* Use an improved algorithm for generating safe primes which is several tens of times faster. Also, fix a bug in the prime sieving algorithm which caused standard prime generation (like for RSA keys) to be slower than necessary. (GH #1413 #1411)
* Correct the return value of PK_Encryptor::maximum_input_size which reported a much too small value (GH #1410)
* Remove use of CPU specific optimization flags, instead the user should set these via CXXFLAGS if desired. (GH #1392)
* Resolve an issue that would cause a crash in the tests if they were run on a machine without SSE2/NEON/VMX instructions. (GH #1495)
* The Python module now tries to load DLLs from a list of names and uses the first one which successfully loads and indicates it supports the desired API level. (GH #1497)
* Various minor optimizations for SHA-3 (GH #1433 #1434)
* The output of botan --help has been improved (GH #1387)
* Add --der-format flag to command line utils, making it possible verify DSA/ECDSA signatures generated by OpenSSL command line (GH #1409)
* Add support for --library-suffix option to configure.py (GH #1405 #1404)
* Use feature flags to enable/disable system specific code (GH #1378)
* Add --msvc-runtime option to allow using static runtime (GH #1499 #210)
* Add –enable-sanitizers= option to allow specifying which sanitizers to enable. The existing --with-sanitizers option just enables some default set which is known to work with the minimum required compiler versions.
* Use either rst2man or rst2man.py for generating man page as distributions differ on where this program is installed (GH #1516)
* The threefish module has been renamed threefish_512 since that is the algorithm it provides. (GH #1477)
* The Perl XS based wrapper has been removed, as it was unmaintained and broken. (GH #1412)
* The sqlite3 encryption patch under contrib has been removed. It is still maintained by the original author at https://github.com/OlivierJG/botansqlite3
* Fri Feb 16 2018 sleep_walkerAATTopensuse.org- drop explicit package requirements- split binary package and documentation from dynamic library package and make documentation package noarch- merge back Botan2 package to Botan with changelog history- drop Botan patches aarch64-support.patch - doesn\'t seem to be required anymore Botan-fix_install_paths.patch - doesn\'t seem to be required no-cpuid-header.patch - SLE11 not target anymore Botan-fix_pkgconfig.patch - this seem to be wrong Botan-no-buildtime.patch - not needed anymore dont-set-mach-value.diff - doesn\'t apply, unclear and undocumented why it is there Botan-inttypes.patch - not required Botan-ull_constants.patch.bz2 - no reason anymore
* Wed Feb 14 2018 sleep_walkerAATTopensuse.org- change group of libbotan-%{version_suffix} to \'System/Libraries\' as requested on review
* Mon Feb 12 2018 adam.majerAATTsuse.de- Don\'t drop -fstack-clash-protection for openSUSE 42.3 - we just need the Update repository present.
* Mon Feb 12 2018 adam.majerAATTsuse.de- Rename libbotan-devel to libbotan2-devel. We can\'t have clashing packages in the archive because Botan1 and Botan2 provide the same -devel binary. Botan2 is also no API compatible with Botan.
* Sun Feb 11 2018 sleep_walkerAATTopensuse.org- fix expected version after bump in baselibs.conf too
* Thu Feb 08 2018 sleep_walkerAATTopensuse.org- fix unknown flag -fstack-clash-protection for openSUSE 42.3- rename to Botan2- drop Botan2-INT_MAX.patch as not needed anymore- Bump to libbotan 2.4 Changes and new features:
* Several build improvements requested by downstream packagers, including the ability to disable building the static library. All makefile constructs that were specific to nmake or GNU make have been eliminated, thus the option ``--makefile-style`` which was previously used to select the makefile type has also been removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346)
* Support for negotiating the DH group as specified in RFC 7919 is now available in TLS (GH #1263)
* Support for ARIA-GCM ciphersuites are now available in TLS. They are disabled by default. (GH #1284)
* Add support for generating and verifying X.509 objects (certificates, CRLs, etc) using RSA-PSS signatures (GH #1270 and [#1368])
* Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301)
* OCSP requests made during certificate verification had the potential to hang forever. Now the sockets are non-blocking and a timeout is enforced. (GH #1360 fixing GH #1326)
* Add ``Public_Key::fingerprint_public`` which allows fingerprinting the public key. The previously available ``Private_Key::fingerprint`` is deprecated, now ``Private_Key::fingerprint_private`` should be used if this is required. (GH #1357)
* ECC certificates generated by Botan used an invalid encoding for the parameters field, which was rejected by some certificate validation libraries notably BouncyCastle. (GH #1367)
* Loading an ECC key which used OID encoding for the domain parameters, then saving it, would result in a key using the explicit parameters encoding. Now the OID encoding is retained. (GH #1365)
* Correct various problems in certificate path validation that arose when multiple paths could be constructed leading to a trusted root but due to other constraints only some of them validated. (GH [#1363])
* It is now possible for certificate validation to return warning indicators, such as that the distinguished name is not within allowed limits or that a certificate with a negative serial number was observed. (GH #1363 #1359)
* XMSS signatures now are multi-threaded for improved performance (GH #1267)
* Fix a bug that caused the TLS peer cert list to be empty on a resumed session. (GH #1303 #1342)
* Increase the maximum HMAC key length from 512 bytes to 4096 bytes. This allows using a DH key exchange in TLS with a group greater than 4096 bits. (GH #1316)
* Fix a bug in the TLS server where, on receiving an SSLv3 client hello, it would attempt to negotiate TLS v1.2. Now a protocol_version alert is sent. Found with tlsfuzzer. (GH #1316)
* Fix several bugs related to sending the wrong TLS alert type in various error scenarios, caught with tlsfuzzer.
* Add support for a ``tls_http_server`` command line utility which responds to simple GET requests. This is useful for testing against a browser, or various TLS test tools which expect the underlying protocol to be HTTP. (GH #1315)
* Add an interface for generic PSK data stores, as well as an implementation which encrypts stored values with AES key wrapping. (GH #1302)
* Optimize GCM mode on systems both with and without carryless multiply support. This includes a new base case implementation (still constant time), a new SSSE3 implementation for systems with SSSE3 but not clmul, and better algorithms for systems with clmul and pmull. (GH #1253 #1263)
* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, Blowfish, Twofish, CAST-128, and CRC24 (GH #1281)
* Salsa20 now supports the seek operation.
* Add ``EC_Group::known_named_groups`` (GH #1339)
* Symmetric algorithms (block ciphers, stream ciphers, MACs) now verify that a key was set before accepting data. Previously attempting to use an unkeyed object would instead result in either a crash or invalid outputs. (GH #1279)
* The X509 certificate, CRL and PKCS10 types have been heavily refactored internally. Previously all data of these types was serialized to strings, then in the event a more complicated data structure (such as X509_DN) was needed, it would be recreated from the string representation. However the round trip process was not perfect and could cause fields to become lost. This approach is no longer used, fixing several bugs (GH #1010 #1089 #1242 #1252). The internal data is now stored in a ``shared_ptr``, so copying such objects is now very cheap. (GH #884)
* ASN.1 string objects previously held their contents as ISO 8859-1 codepoints. However this led to certificates which contained strings outside of this character set (eg in Cyrillic, Greek, or Chinese) being rejected. Now the strings are always converted to UTF-8, which allows representing any character. In addition, UCS-4 strings are now supported. (GH #1113 #1250 #1287 #1289)
* It is now possible to create an uninitialized X509_Certificate object. Such an object will throw if any attempt to access its members is made. (GH #1335)
* In BER decoder, avoid unbounded stack recursion when parsing nested indefinite length values. Now at most 16 nested indefinite length values are accepted, anything deeper resulting in a decoding error. (GH #1304 OSS-Fuzz 4353).
* A new ASN.1 printer API allows generating a string representation of arbitrary BER data. This is used in the ``asn1print`` command line utility and may be useful in other applications, for instance for debugging.
* New functions for bit rotations that distinguish rotating by a compile-time constant vs a runtime variable rotation. This allows better optimizations in both cases. Notably performance of CAST-128 and CAST-256 are substantially improved. (GH #1247)
* TLS CBC ciphersuites now are implemented using the standard CBC code, instead of reimplementing CBC inside the TLS stack. This allows for parallel decryption of TLS CBC ciphertexts, and improves performance especially when using AES hardware support. (GH #1269)
* Add callbacks to make it possible for an application using TLS to provide custom implementations of signature schemes, eg when offloading the computations to another device. (GH #1332)
* Use a direct calculation for calendar computations instead of relying on non-portable operating system interfaces. (GH #1336)
* Fix a bug in the amalgamation generation which could cause build failures on some systems including macOS. (GH #1264 #1265)
* A particular code sequence in TLS handshake would always (with an ECC ciphersuite) result in an exception being thrown and then caught. This has changed so no exception is thrown. (GH #1275)
* The code for byteswapping has been improved for ARMv7 and for Windows x86-64 systems using MSVC. (GH #1274)
* The GMAC class no longer derives from GHASH. This should not cause any noticeable change for applications. (GH #1253)
* The base implementation of AES now uses a single 4K table, instead of 4 such tables. This offers a significant improvement against cache-based side channels without hurting performance too much. In addition the table is now guaranteed to be aligned on a cache line, which ensures the additional countermeasure of reading each cache line works as expected. (GH #1255)
* In TLS client resumption, avoid sending a OCSP stapling request. This caused resumption failures with some servers. (GH [#1276])
* The overhead of making a call through the FFI layer has been reduced.
* The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. They have been changed to use the correct encoding, and a test added to ensure such errors do not recur.
* Counter mode allows setting a configurable width of the counter. Previously it was allowed for a counter of even 8 bits wide, which would mean the keystream would repeat after just 256 blocks. Now it requires the width be at least 32 bits. The only way this feature could be used was by manually constructing a ``CTR_BE`` object and setting the second parameter to something in the range of 1 to 3.
* A new mechanism for formatting ASN.1 data is included in ``asn1_print.h``. This is the same functionality used by the command line ``asn1print`` util, now cleaned up and moved to the library.
* Add ``Pipe::append_filter``. This is like the existing (deprecated) ``Pipe::append``, the difference being that ``append_filter`` only allows modification before the first call to ``start_msg``. (GH #1306 #1307)
* The size of ASN1_Tag is increased to 32 bits. This avoids a problem with UbSan (GH #751)
* Fix a bug affecting bzip2 compression. In certain circumstances, compression would fail with ``BZ_SEQUENCE_ERROR`` due to calling bzlib in an way it does not support. (GH #1308 #1309)
* In 2.3.0, final annotations were added to many classes including the TLS policies (like ``Strict_Policy`` and ``BSI_TR_02102_2``). However it is reasonable and useful for an application to derive from one of these policies, so as to create an application specific policy that is based on a library-provided policy, but with a few tweaks. So the final annotations have been removed on these classes. (GH #1292)
* A new option ``--with-pdf`` enables building a PDF copy of the handbook. (GH #1337)
* A new option ``--with-rst2man`` enables building a man page for the command line util using Docutils rst2man. (GH #1349)
* Support for NEON is now enabled under Clang.
* Now the compiler version is detected using the preprocessor, instead of trying to parse the output of the compiler\'s version string, which was subject to problems with localization. (GH [#1358])
* By default the gzip compressor will not include a timestamp in the header. The timestamp can be set by passing it to the ``Gzip_Compression`` constructor.
* Add an OID for RIPEMD-160
* Fixes for CMake build (GH #1251)
* Avoid some signed overflow warnings (GH #1220 #1245)
* As upstream support for Native Client has been deprecated by Google, support is now also deprecated in Botan and will be removed in a future release.
* The Perl-XS wrapper has not been maintained in many years. It is now deprecated, and if no attempts are made to revive it, it will be removed in a future release.
* Support for building on IRIX has been removed.
* Thu Jan 11 2018 iAATTmarguerite.su- add Botan2-INT_MAX.patch
* Fix “INT_MAX was not declared in this scope” in openSUSE Leap 42.1
* Mon Jan 08 2018 iAATTmarguerite.su- fix build. python3 configure itself is useless, we should make package python3 too.
* Wed Nov 01 2017 mimi.vxAATTgmail.com- configure Botan explicitly with python3
* Wed Oct 04 2017 daniel.molkentinAATTsuse.com- Update to 1.10.17 - Address a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function. (GH #1192 #1148 #882, bsc#1060433) - Add SecureVector::data() function which returns the start of the buffer. This makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. When compiled by a C++11 (or later) compiler, a template typedef of SecureVector, secure_vector, is added. In 2.x this class is a std::vector with a custom allocator, so has a somewhat different interface than SecureVector in 1.10. But this makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. - Fix a bug that prevented configure.py from running under Python3 - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will [#]error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against 1.1 or later. (GH #753) - Import patches from Debian adding basic support for building on aarch64, ppc64le, or1k, and mipsn32 platforms.
* obsoletes CVE-2017-14737.patch
* refreshes aarch64-support.patch
* drop ppc64le-support.patch for upstream version (disables altivec support as per concerns by upstream)
* Tue Sep 26 2017 daniel.molkentinAATTsuse.com- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation allows local attacker to recover information about RSA secret keys.
* add CVE-2017-14737.patch
* Thu Sep 21 2017 vcizekAATTsuse.com- Explicitly require libopenssl-1_0_0-devel (bsc#1055322)
* Botan 1.x won\'t support OpenSSL 1.1 (https://github.com/randombit/botan/issues/753)
* Wed Apr 12 2017 daniel.molkentinAATTsuse.com- Add patch to build SLES11 (allows for simplified backporting, e.g. bsc#968030)
* add no-cpuid-header.patch- Clean up spec file
* Tue Apr 11 2017 daniel.molkentinAATTsuse.com- Update to 1.10.16 (Fixes CVE-2017-2801, bsc#1033605)
* Fix a bug in X509 DN string comparisons that could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results. (CVE-2017-2801)
* Avoid use of C++11 std::to_string in some code added in 1.10.14 (GH #747 #834)- Changes from 1.10.15:
* Change an unintended behavior of 2.0.0, which named the include directory botan-2.0. Since future release of Botan-2 should be compatible with code written against old versions, there does not seem to be any reason to
* version the include directory with the minor number. (GH #830 #833)
* Fix a bug which caused an error when building on Cygwin or other platforms where shared libraries are not supported. (GH #821)
* Enable use of readdir on Cygwin, which allows the tests to run (GH #824)
* Switch to readthedocs Sphinx theme by default (GH #822 #823)
* Wed Dec 28 2016 pthAATTsuse.de- Update to 1.10.14
* Fix integer overflow during BER decoding, found by Falko Strenzke. This bug is not thought to be directly exploitable but upgrading ASAP is advised. (CVE-2016-9132)
* Fix two cases where (in error situations) an exception would be thrown from a destructor, causing a call to std::terminate.
* When RC4 is disabled in the build, also prevent it from being included in the OpenSSL provider. (GH #638)
* Sun Nov 13 2016 netsrothAATTopensuse.org- Update to 1.10.13
* Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA (CVE-2016-2849)
* Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption (CVE-2015-7827)
* Avoid a compilation problem in OpenSSL engine when ECDSA was disabled. Gentoo bug 542010
* Fri May 13 2016 faureAATTkde.org- Remove Qt5 dependency, since nothing is using it anymore.- Fix double-prefix in botan-config and pkgconfig file.
* Wed Feb 03 2016 michaelAATTstroeder.com- Update to 1.10.12- Version 1.10.12, 2016-02-03
* In 1.10.11, the check in PointGFp intended to check the affine y argument actually checked the affine x again. Reported by Remi Gacogne
* The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an additional check in the multiplication function itself which was also added in that release, so there are no security implications from the missed check. However to avoid confusion the change was pushed in a new release immediately.
* The 1.10.11 release notes incorrectly identified CVE-2016-2195 as CVE-2016-2915- Version 1.10.11, 2016-02-01
* Resolve heap overflow in ECC point decoding. CVE-2016-2195 Resolve infinite loop in modular square root algorithm. CVE-2016-2194 Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239
* Thu Dec 24 2015 mpluskalAATTsuse.com- Add gpg signature- Cleanup spec file with spec-cleaner
* Fri Aug 14 2015 mvyskocilAATTopensuse.org- Fix Source0 URL
* Tue Aug 11 2015 netsrothAATTopensuse.org- bump SONAME to libbotan-1_10-1- Update to 1.10.10
* SECURITY: The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. As the type requires a 1 byte field this is not valid BER but could occur in malformed data. Found with afl. CVE-2015-5726
* SECURITY: The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer. Found with afl. CVE-2015-5727
* Due to an ABI incompatible (though not API incompatible) change in this release, the version number of the shared object has been increased.
* The default TLS policy no longer allows RC4.
* Fix a signed integer overflow in Blue Midnight Wish that may cause incorrect computations or undefined behavior.- Update to 1.10.9
* Fixed EAX tag verification to run in constant time
* The default TLS policy now disables SSLv3.
* A crash could occur when reading from a blocking random device if the device initially indicated that entropy was available but a concurrent process drained the entropy pool before the read was initiated.
* Fix decoding indefinite length BER constructs that contain a context sensitive tag of zero. Github pull 26 from Janusz Chorko.
* The botan-config script previously tried to guess its prefix from the location of the binary. However this was error prone, and now the script assumes the final installation prefix matches the value set during the build. Github issue 29.
* Wed Jun 24 2015 liujianfeng1994AATTgmail.com- Change build dependence \"libqt4-devel\" to \"libqt5-qtbase-devel\".