Hello community, here is the log from the commit of package Botan for openSUSE:Factory checked in at 2018-04-11 14:03:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/Botan (Old) and /work/SRC/openSUSE:Factory/.Botan.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "Botan" Wed Apr 11 14:03:56 2018 rev:49 rq:595522 version:2.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/Botan/Botan.changes 2018-04-06 17:47:41.975494258 +0200 +++ /work/SRC/openSUSE:Factory/.Botan.new/Botan.changes 2018-04-11 14:05:33.755052793 +0200 @@ -1,0 +2,26 @@ +Tue Apr 10 15:07:00 UTC 2018 - daniel.molken...@suse.com + +- Update to Botan 2.6 + + * CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a + malformed ciphertext cause the decryptor to read and HMAC an additional 64K + bytes of data which is not part of the record. This could cause a crash if + the read went into unmapped memory. No information leak or out of bounds + write occurs. + + * Add support for OAEP labels (GH #1508) + + * RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster. + + * Add exponent blinding to RSA (GH #1523) + + * Add Cipher_Mode::create and AEAD_Mode::create (GH #1527) + + * Fix bug in TLS server introduced in 2.5 which caused connection to fail if + the client offered any signature algorithm not known to the server (for + example RSA/SHA-224). + + * Fix a bug in inline asm that would with GCC 7.3 cause incorrect + computations and an infinite loop during the tests. (GH #1524 #1529) + +------------------------------------------------------------------- Old: ---- Botan-2.5.0.tgz Botan-2.5.0.tgz.asc New: ---- Botan-2.6.0.tgz Botan-2.6.0.tgz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Botan.spec ++++++ --- /var/tmp/diff_new_pack.2yCyeg/_old 2018-04-11 14:05:34.787015259 +0200 +++ /var/tmp/diff_new_pack.2yCyeg/_new 2018-04-11 14:05:34.787015259 +0200 @@ -19,7 +19,7 @@ %define version_suffix 2-5 %define short_version 2 Name: Botan -Version: 2.5.0 +Version: 2.6.0 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause ++++++ Botan-2.5.0.tgz -> Botan-2.6.0.tgz ++++++ /work/SRC/openSUSE:Factory/Botan/Botan-2.5.0.tgz /work/SRC/openSUSE:Factory/.Botan.new/Botan-2.6.0.tgz differ: char 5, line 1