Mailinglist Archive: opensuse-commit (1903 mails)

< Previous Next >
commit Botan for openSUSE:Factory
Hello community,

here is the log from the commit of package Botan for openSUSE:Factory checked
in at 2019-04-05 11:56:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/Botan (Old)
and /work/SRC/openSUSE:Factory/.Botan.new.3908 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "Botan"

Fri Apr 5 11:56:49 2019 rev:52 rq:691275 version:2.10.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/Botan/Botan.changes 2018-07-31
16:04:27.568062808 +0200
+++ /work/SRC/openSUSE:Factory/.Botan.new.3908/Botan.changes 2019-04-05
11:56:50.882344514 +0200
@@ -1,0 +2,296 @@
+Tue Apr 2 12:54:40 UTC 2019 - Daniel Molkentin <daniel.molkentin@xxxxxxxx>
+
+- Update to Botan 2.10
+
+ * Bump SONAME
+
+ * Warning: XMSS currently implements draft-06 which is not compatible with
+ the final RFC 8391 specification. A PR is open to fix this, however it will
+ break all current uses of XMSS. If you are currently using XMSS please
+ comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR
+ will be merged and support for draft-06 will be removed starting in 2.11.
+
+ * Added a new certificate store implementation that can access the MacOS
+ keychain certificate store. (GH #1830)
+
+ * Redesigned Memory_Pool class, which services allocations out of a set of
+ pages locked into memory (using mlock/VirtualLock). It is now faster and
+ with improved exploit mitigations. (GH #1800)
+
+ * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by
+ 25-35% on common CPUs. (GH #1815)
+
+ * Unroll SHA-3 computation improving performance by 10-12% (GH #1838)
+
+ * Add a Thread_Pool class. It is now possible to run the tests in multiple
+ threads with --test-threads=N flag to select the number of threads to use.
+ Use --test-threads=0 to run with as many CPU cores as are available on the
+ current system. The default remains single threaded. (GH #1819)
+
+ * XMSS signatures now uses a global thread pool instead of spawning new
+ threads for each usage. This improves signature generation performance by
+ between 10% and 60% depending on architecture and core count. (GH #1864)
+
+ * Some functions related to encoding and decoding BigInts have been
+ deprecated. (GH #1817)
+
+ * Binary encoding and decoding of BigInts has been optimized by performing
+ word-size operations when possible. (GH #1817)
+
+ * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to
+ make its meaning and usage more clear. The old name remains as a typedef.
+ (GH #1816)
+
+ * Support for using Boost filesystem and MSVC’s std::filesystem have been
+ removed, since already POSIX and Win32 versions had to be maintained for
+ portability. (GH #1814)
+
+ * Newly generated McEliece and XMSS keys now default to being encrypted using
+ SIV mode, support for which was added in 2.8.0. Previously GCM was used by
+ default for these algorithms.
+
+ * Use arc4random on Android systems (GH #1851)
+
+ * Fix the encoding of PGP-S2K iteration counts (GH #1853 #1854)
+
+ * Add a facility for sandboxing the command line util. Currently FreeBSD
+ (Capsicum) and OpenBSD (pledge) sandboxes are supported. (GH #1808)
+
+ * Use if constexpr when available.
+
+ * Disable building shared libs on iOS as it was broken and it is not clear
+ shared libraries are ever useful on iOS (GH #1865)
+
+ * Renamed the darwin build target to macos. This should not cause any
+ user-visible change. (GH #1866)
+
+ * Add support for using sccache to cache the Windows CI build (GH #1807)
+
+ * Add --extra-cxxflags option which allows adding compilation flags without
+ overriding the default set. (GH #1826)
+
+ * Add --format= option to the hash cli which allows formatting the output as
+ base64 or base58, default output remains hex.
+
+ * Add base58_enc and base58_dec cli utils for base58 encoding/decoding. (GH
#1848)
+
+ * Enable getentropy by default on macOS (GH #1862)
+
+ * Avoid using -momit-leaf-frame-pointer flags, since -fomit-frame-pointer is
+ already the default with recent versions of GCC.
+
+ * Fix XLC sanitizer flags.
+
+ * Rename Blake2b class to BLAKE2b to match the official name. There is a
typedef for compat.
+
+ * Fix a bug where loading a raw Ed25519_PublicKey of incorrect length would
+ lead to a crash. (GH #1850)
+
+ * Fix a bug that caused compilation problems using CryptoNG PRNG. (GH #1832)
+
+ * Extended SHAKE-128 cipher to support any key between 1 and 160 bytes,
+ instead of only multiples of 8 bytes.
+
+ * Minor HMAC optimizations.
+
+ * Build fixes for GNU/Hurd.
+
+ * Fix a bug that prevented generating or verifying Ed25519 signatures in the
+ CLI (GH #1828 #1829)
+
+ * Fix a compilation error when building the amalgamation outside of the
+ original source directory when AVX2 was enabled. (GH #1812)
+
+ * Fix a crash when creating the amalgamation if a header file was edited on
+ Windows but then the amalgamation was built on Linux (GH #1763)
+
+-------------------------------------------------------------------
+Thu Jan 10 10:04:33 UTC 2019 - Daniel Molkentin <daniel.molkentin@xxxxxxxx>
+
+- Update to Botan 2.9
+
+ * Bump SONAME
+
+ * CVE-2018-20187 Address a side channel during ECC key generation, which
used an
+ unblinded Montgomery ladder. As a result, a timing attack can reveal
+ information about the high bits of the secret key.
+
+ * Fix bugs in TLS which caused negotiation failures when the client used an
+ unknown signature algorithm or version (GH #1711 #1709 #1708)
+
+ * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated
data
+ was set after starting a message, the new AD was not reflected in the
produced
+ tag. Now with these modes setting an AD after beginning a message throws an
+ exception.
+
+ * Use a smaller sieve which improves performance of prime generation.
+
+ * Fixed a bug that caused ChaCha to produce incorrect output after
encrypting 256
+ GB. (GH #1728)
+
+ * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729)
+
+ * Optimize AVX2 ChaCha (GH #1730)
+
+ * Many more operations in BigInt, ECC and RSA code paths are either fully
const
+ time or avoid problematic branches that could potentially be exploited in a
+ side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762
#1765
+ #1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797)
+
+ * Several optimizations for BigInt and ECC, improving ECDSA performance by as
+ much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788)
+
+ * Support recovering an ECDSA public key from a message/signature pair (GH
#664
+ #1784)
+
+ * Add base58 encoding/decoding functions (GH #1783)
+
+ * In the command line interface, add support for reading passphrases from the
+ terminal with echo disabled (GH #1756)
+
+ * Add CT::Mask type to simplify const-time programming (GH #1751)
+
+ * Add new configure options --disable-bmi2, --disable-rdrand, and
+ --disable-rdseed to prevent use of those instruction sets.
+
+ * Add error_type and error_code functions to Exception type (GH #1744)
+
+ * Now on POSIX systems posix_memalign is used instead of mmap for allocating
the
+ page-locked memory pool. This avoids issues with fork. (GH #602 #1798)
+
+ * When available, use RDRAND to generate the additional data in
+ Stateful_RNG::randomize_with_ts_input
+
+ * Use vzeroall/vzeroupper intrinsics to avoid AVX2/SSE transition penalties.
+
+ * Support for Visual C++ 2013 has been removed (GH #1557 #1697)
+
+ * Resolve a memory leak when verifying ECDSA signatures with versions of
OpenSSL
+ before 1.1.0 (GH #1698)
+
+ * Resolve a memory leak using ECDH via OpenSSL (GH #1767)
+
+ * Fix an error in XTS which prohibited encrypting values which were exactly
the
+ same length as the underlying block size. Messages of this size are
allowed by
+ the standard and other XTS implementations. (GH #1706)
+
+ * Resolve a bug in TSS which resulted in it using an incorrect length field
in
+ the shares. Now the correct length is encoded, but either correct or buggy
+ lengths are accepted when decoding. (GH #1722)
+
+ * Correct a bug when reducing a negative BigInt modulo a small power of 2.
(GH
+ #1755)
+
+ * Add CLI utils for threshold secret splitting. (GH #1722)
+
+ * Fix a bug introduced in 2.8.0 that caused compilation failure if using a
single
+ amalgamation file with AVX2 enabled. (GH #1700)
+
+ * Add an explicit OS target for Emscripten and improve support for it. (GH
#1702)
+
+ * Fix small issues when building for QNX
+
+ * Switch the Travis CI build to using Ubuntu 16.04 (GH #1767)
+
+ * Add options to configure.py to disable generation of pkg-config file, and
(for
+ systems where pkg-config support defaults to off, like Windows), to enable
+ generating it. (GH #1268)
++++ 99 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/Botan/Botan.changes
++++ and /work/SRC/openSUSE:Factory/.Botan.new.3908/Botan.changes

Old:
----
Botan-2.7.0.tgz
Botan-2.7.0.tgz.asc

New:
----
Botan-2.10.0.tgz
Botan-2.10.0.tgz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ Botan.spec ++++++
--- /var/tmp/diff_new_pack.QO9BIx/_old 2019-04-05 11:56:51.778345151 +0200
+++ /var/tmp/diff_new_pack.QO9BIx/_new 2019-04-05 11:56:51.782345154 +0200
@@ -1,7 +1,7 @@
#
# spec file for package Botan
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,14 +12,14 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


-%define version_suffix 2-7
+%define version_suffix 2-10
%define short_version 2
Name: Botan
-Version: 2.7.0
+Version: 2.10.0
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause

++++++ Botan-2.7.0.tgz -> Botan-2.10.0.tgz ++++++
/work/SRC/openSUSE:Factory/Botan/Botan-2.7.0.tgz
/work/SRC/openSUSE:Factory/.Botan.new.3908/Botan-2.10.0.tgz differ: char 5,
line 1


++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.QO9BIx/_old 2019-04-05 11:56:51.838345194 +0200
+++ /var/tmp/diff_new_pack.QO9BIx/_new 2019-04-05 11:56:51.838345194 +0200
@@ -1,4 +1,4 @@
-libbotan-2-7
+libbotan-2-10
libbotan-devel
requires -libbotan-<targettype> = <version>
- requires "libbotan-2-7-<targettype> = <version>"
+ requires "libbotan-2-10-<targettype> = <version>"


< Previous Next >
This Thread
  • No further messages