Hello community, here is the log from the commit of package Botan for openSUSE:Factory checked in at 2018-02-24 16:38:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/Botan (Old) and /work/SRC/openSUSE:Factory/.Botan.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "Botan" Sat Feb 24 16:38:39 2018 rev:46 rq:578047 version:2.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/Botan/Botan.changes 2017-11-04 10:24:50.008613873 +0100 +++ /work/SRC/openSUSE:Factory/.Botan.new/Botan.changes 2018-02-24 16:38:42.682892241 +0100 @@ -1,0 +2,305 @@ +Fri Feb 16 16:07:40 UTC 2018 - [email protected] + +- drop explicit package requirements +- split binary package and documentation from dynamic library package +- merge back Botan2 package to Botan with changelog history +- drop Botan patches + aarch64-support.patch - doesn't seem to be required anymore + Botan-fix_install_paths.patch - doesn't seem to be required + no-cpuid-header.patch - SLE11 not target anymore + Botan-fix_pkgconfig.patch - this seem to be wrong + Botan-no-buildtime.patch - not needed anymore + dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there + Botan-inttypes.patch - not required + Botan-ull_constants.patch.bz2 - no reason anymore + +------------------------------------------------------------------- +Wed Feb 14 10:29:44 UTC 2018 - [email protected] + +- change group of libbotan-%{version_suffix} to 'System/Libraries' as + requested on review + +------------------------------------------------------------------- +Mon Feb 12 07:45:50 UTC 2018 - [email protected] + +- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just + need the Update repository present. + +------------------------------------------------------------------- +Mon Feb 12 06:38:47 UTC 2018 - [email protected] + +- Rename libbotan-devel to libbotan2-devel. We can't have clashing + packages in the archive because Botan1 and Botan2 provide the + same -devel binary. Botan2 is also no API compatible with Botan. + +------------------------------------------------------------------- +Sun Feb 11 10:33:35 UTC 2018 - [email protected] + +- fix expected version after bump in baselibs.conf too + +------------------------------------------------------------------- +Thu Feb 8 14:11:08 UTC 2018 - [email protected] + +- fix unknown flag -fstack-clash-protection for openSUSE 42.3 +- rename to Botan2 +- drop Botan2-INT_MAX.patch as not needed anymore +- Bump to libbotan 2.4 + + Changes and new features: + + * Several build improvements requested by downstream packagers, + including the ability to disable building the static library. All + makefile constructs that were specific to nmake or GNU make have + been eliminated, thus the option ``--makefile-style`` which was + previously used to select the makefile type has also been + removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346) + + * Support for negotiating the DH group as specified in RFC 7919 is + now available in TLS (GH #1263) + + * Support for ARIA-GCM ciphersuites are now available in TLS. They + are disabled by default. (GH #1284) + + * Add support for generating and verifying X.509 objects + (certificates, CRLs, etc) using RSA-PSS signatures (GH #1270 and + #1368) + + * Add support for AES key wrapping with padding, as specified in RFC + 5649 and NIST SP 800-38F (GH #1301) + + * OCSP requests made during certificate verification had the + potential to hang forever. Now the sockets are non-blocking and a + timeout is enforced. (GH #1360 fixing GH #1326) + + * Add ``Public_Key::fingerprint_public`` which allows fingerprinting + the public key. + The previously available ``Private_Key::fingerprint`` is + deprecated, now ``Private_Key::fingerprint_private`` should be + used if this is required. (GH #1357) + + * ECC certificates generated by Botan used an invalid encoding for + the parameters field, which was rejected by some certificate + validation libraries notably BouncyCastle. (GH #1367) + + * Loading an ECC key which used OID encoding for the domain + parameters, then saving it, would result in a key using the + explicit parameters encoding. Now the OID encoding is + retained. (GH #1365) + + * Correct various problems in certificate path validation that arose + when multiple paths could be constructed leading to a trusted root + but due to other constraints only some of them validated. (GH + #1363) + + * It is now possible for certificate validation to return warning + indicators, such as that the distinguished name is not within + allowed limits or that a certificate with a negative serial number + was observed. (GH #1363 #1359) + + * XMSS signatures now are multi-threaded for improved performance + (GH #1267) + + * Fix a bug that caused the TLS peer cert list to be empty on a + resumed session. (GH #1303 #1342) + + * Increase the maximum HMAC key length from 512 bytes to 4096 + bytes. This allows using a DH key exchange in TLS with a group + greater than 4096 bits. (GH #1316) + + * Fix a bug in the TLS server where, on receiving an SSLv3 client + hello, it would attempt to negotiate TLS v1.2. Now a + protocol_version alert is sent. Found with tlsfuzzer. (GH #1316) + + * Fix several bugs related to sending the wrong TLS alert type in + various error scenarios, caught with tlsfuzzer. + + * Add support for a ``tls_http_server`` command line utility which + responds to simple GET requests. This is useful for testing + against a browser, or various TLS test tools which expect the + underlying protocol to be HTTP. (GH #1315) + + * Add an interface for generic PSK data stores, as well as an + implementation which encrypts stored values with AES key + wrapping. (GH #1302) + + * Optimize GCM mode on systems both with and without carryless + multiply support. This includes a new base case implementation + (still constant time), a new SSSE3 implementation for systems with + SSSE3 but not clmul, and better algorithms for systems with clmul + and pmull. (GH #1253 #1263) + + * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, + Blowfish, Twofish, CAST-128, and CRC24 (GH #1281) + + * Salsa20 now supports the seek operation. + + * Add ``EC_Group::known_named_groups`` (GH #1339) + + * Symmetric algorithms (block ciphers, stream ciphers, MACs) now + verify that a key was set before accepting data. Previously + attempting to use an unkeyed object would instead result in either + a crash or invalid outputs. (GH #1279) + + * The X509 certificate, CRL and PKCS10 types have been heavily + refactored internally. Previously all data of these types was + serialized to strings, then in the event a more complicated data + structure (such as X509_DN) was needed, it would be recreated from + the string representation. However the round trip process was not + perfect and could cause fields to become lost. This approach is no + longer used, fixing several bugs (GH #1010 #1089 #1242 #1252). The + internal data is now stored in a ``shared_ptr``, so copying such + objects is now very cheap. (GH #884) + + * ASN.1 string objects previously held their contents as ISO 8859-1 + codepoints. However this led to certificates which contained + strings outside of this character set (eg in Cyrillic, Greek, or + Chinese) being rejected. Now the strings are always converted to + UTF-8, which allows representing any character. In addition, UCS-4 + strings are now supported. (GH #1113 #1250 #1287 #1289) + + * It is now possible to create an uninitialized X509_Certificate + object. Such an object will throw if any attempt to access its + members is made. (GH #1335) + + * In BER decoder, avoid unbounded stack recursion when parsing + nested indefinite length values. Now at most 16 nested indefinite + length values are accepted, anything deeper resulting in a + decoding error. (GH #1304 OSS-Fuzz 4353). + + * A new ASN.1 printer API allows generating a string representation + of arbitrary BER data. This is used in the ``asn1print`` command + line utility and may be useful in other applications, for instance + for debugging. + + * New functions for bit rotations that distinguish rotating by a + compile-time constant vs a runtime variable rotation. This allows + better optimizations in both cases. Notably performance of + CAST-128 and CAST-256 are substantially improved. (GH #1247) + + * TLS CBC ciphersuites now are implemented using the standard CBC + code, instead of reimplementing CBC inside the TLS stack. This + allows for parallel decryption of TLS CBC ciphertexts, and + improves performance especially when using AES hardware + support. (GH #1269) + + * Add callbacks to make it possible for an application using TLS to + provide custom implementations of signature schemes, eg when + offloading the computations to another device. (GH #1332) + + * Use a direct calculation for calendar computations instead of + relying on non-portable operating system interfaces. (GH #1336) + + * Fix a bug in the amalgamation generation which could cause build + failures on some systems including macOS. (GH #1264 #1265) + + * A particular code sequence in TLS handshake would always (with an + ECC ciphersuite) result in an exception being thrown and then + caught. This has changed so no exception is thrown. (GH #1275) ++++ 108 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/Botan/Botan.changes ++++ and /work/SRC/openSUSE:Factory/.Botan.new/Botan.changes Old: ---- Botan-1.10.17.tgz Botan-1.10.17.tgz.asc Botan-fix_install_paths.patch Botan-fix_pkgconfig.patch Botan-inttypes.patch Botan-no-buildtime.patch Botan-ull_constants.patch.bz2 aarch64-support.patch dont-set-mach-value.diff no-cpuid-header.patch New: ---- Botan-2.4.0.tgz Botan-2.4.0.tgz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Botan.spec ++++++ --- /var/tmp/diff_new_pack.VcV14G/_old 2018-02-24 16:38:43.866849631 +0100 +++ /var/tmp/diff_new_pack.VcV14G/_new 2018-02-24 16:38:43.866849631 +0100 @@ -1,7 +1,7 @@ # # spec file for package Botan # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,44 +16,29 @@ # -%define version_suffix 1_10-1 -%define short_version 1.10 +%define version_suffix 2-4 +%define short_version 2 Name: Botan -Version: 1.10.17 +Version: 2.4.0 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause Group: Development/Libraries/C and C++ Url: http://botan.randombit.net -Source0: http://botan.randombit.net/releases/%{name}-%{version}.tgz -Source1: http://botan.randombit.net/releases/%{name}-%{version}.tgz.asc +Source0: http://botan.randombit.net/releases/Botan-%{version}.tgz +Source1: http://botan.randombit.net/releases/Botan-%{version}.tgz.asc Source2: %{name}.keyring Source3: baselibs.conf -Patch0: Botan-inttypes.patch -Patch1: Botan-ull_constants.patch.bz2 -Patch2: Botan-fix_install_paths.patch -Patch4: Botan-no-buildtime.patch -Patch6: Botan-fix_pkgconfig.patch -Patch7: dont-set-mach-value.diff -Patch8: aarch64-support.patch -Patch10: no-cpuid-header.patch BuildRequires: bzip2 >= 1.0.2 BuildRequires: gcc-c++ +# FIXME: is this dependency correct? BuildRequires: gmp-devel >= 4.1 +#Requires: gmp >= 4.1 BuildRequires: libbz2-devel -# Botan 1.x doesn't build with OpenSSL 1.1, so explicitly require OpenSSL 1.0.x -%if %{suse_version} < 1330 BuildRequires: openssl-devel -%else -BuildRequires: libopenssl-1_0_0-devel -%endif -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: python3 BuildRequires: zlib-devel -Requires: bzip2 >= 1.0.2 -Requires: gmp >= 4.1 -Requires: zlib -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Botan is a C++ library that provides support for many common @@ -63,7 +48,7 @@ %package -n libbotan-%{version_suffix} Summary: A C++ Crypto Library -Group: Development/Libraries/C and C++ +Group: System/Libraries %description -n libbotan-%{version_suffix} Botan is a C++ library that provides support for many common @@ -72,10 +57,8 @@ supported, including RSA, DSA, DES, AES, MD5, and SHA-1. %package -n libbotan-devel -%define botan_docdir %{_docdir}/%{name}-%{version} Summary: Development files for Botan Group: Development/Libraries/C and C++ -Requires: gmp-devel >= 4.1 Requires: libbotan-%{version_suffix} = %{version} Requires: libbz2-devel Provides: Botan-devel = %{version} @@ -85,54 +68,65 @@ This package contains the header files and libraries needed to develop programs that use the Botan library. +%package -n python3-botan +Summary: Botan python bindings +Group: Development/Languages/Python +Requires: python3 + +%description -n python3-botan +This package contains the python bindings to libbotan's C98 interface. + +%package doc +%define botan_docdir %{_docdir}/botan-%{version} +Summary: Documentation of Botan +Group: Development/Libraries/C and C++ + +%description doc +Documentation of Botan package. + %prep -%setup -q -%patch0 -%patch1 -%patch2 -%patch4 -%patch6 -%patch7 -p1 -%patch8 -p1 -%if 0%{?suse_version} == 1110 -%patch10 -p1 -%endif +%setup -q -n Botan-%{version} %build export RPM_OPT_FLAGS - python3 ./configure.py \ --prefix=%{_prefix} \ + --bindir=%{_bindir} \ --libdir=%{_libdir} \ --docdir=%{_defaultdocdir} \ --includedir=%{_includedir} \ --with-bzip2 \ --with-zlib \ - --with-gnump \ --with-openssl \ - --with-tr1-implementation=system \ --cpu=%{_target_cpu} make %{?_smp_mflags} WARN_FLAGS="%{optflags}" %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +sed -i 's/env python/env python3/' src/scripts/install.py +%make_install rm -f %{buildroot}/%{_libdir}/libbotan*.a +chmod +x %{buildroot}%{python3_sitearch}/botan2.py +sed -i '1s@^#!/.*@#!%{_bindir}/python3@' %{buildroot}%{python3_sitearch}/botan2.py %post -n libbotan-%{version_suffix} -p /sbin/ldconfig - %postun -n libbotan-%{version_suffix} -p /sbin/ldconfig -%files -n libbotan-%{version_suffix} -%defattr(-,root,root) +%files +%{_bindir}/botan + +%files doc %docdir %{botan_docdir} %{botan_docdir} + +%files -n libbotan-%{version_suffix} %{_libdir}/libbotan-%{short_version}.so.* %files -n libbotan-devel -%defattr(-,root,root) %{_libdir}/libbotan-%{short_version}.so %{_libdir}/pkgconfig/botan-%{short_version}.pc %{_includedir}/botan-%{short_version} -%{_bindir}/botan-config-%{short_version} + +%files -n python3-botan +%{python3_sitearch}/botan2.py %changelog ++++++ Botan-1.10.17.tgz -> Botan-2.4.0.tgz ++++++ /work/SRC/openSUSE:Factory/Botan/Botan-1.10.17.tgz /work/SRC/openSUSE:Factory/.Botan.new/Botan-2.4.0.tgz differ: char 5, line 1 ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.VcV14G/_old 2018-02-24 16:38:43.962846176 +0100 +++ /var/tmp/diff_new_pack.VcV14G/_new 2018-02-24 16:38:43.962846176 +0100 @@ -1,4 +1,4 @@ -libbotan-1_10-1 +libbotan-2-4 libbotan-devel requires -libbotan-<targettype> = <version> - requires "libbotan-1_10-1-<targettype> = <version>" + requires "libbotan-2-4-<targettype> = <version>"
