Hello community, here is the log from the commit of package Botan for openSUSE:Factory checked in at 2019-04-05 11:56:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/Botan (Old) and /work/SRC/openSUSE:Factory/.Botan.new.3908 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "Botan" Fri Apr 5 11:56:49 2019 rev:52 rq:691275 version:2.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/Botan/Botan.changes 2018-07-31 16:04:27.568062808 +0200 +++ /work/SRC/openSUSE:Factory/.Botan.new.3908/Botan.changes 2019-04-05 11:56:50.882344514 +0200 @@ -1,0 +2,296 @@ +Tue Apr 2 12:54:40 UTC 2019 - Daniel Molkentin <[email protected]> + +- Update to Botan 2.10 + + * Bump SONAME + + * Warning: XMSS currently implements draft-06 which is not compatible with + the final RFC 8391 specification. A PR is open to fix this, however it will + break all current uses of XMSS. If you are currently using XMSS please + comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR + will be merged and support for draft-06 will be removed starting in 2.11. + + * Added a new certificate store implementation that can access the MacOS + keychain certificate store. (GH #1830) + + * Redesigned Memory_Pool class, which services allocations out of a set of + pages locked into memory (using mlock/VirtualLock). It is now faster and + with improved exploit mitigations. (GH #1800) + + * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by + 25-35% on common CPUs. (GH #1815) + + * Unroll SHA-3 computation improving performance by 10-12% (GH #1838) + + * Add a Thread_Pool class. It is now possible to run the tests in multiple + threads with --test-threads=N flag to select the number of threads to use. + Use --test-threads=0 to run with as many CPU cores as are available on the + current system. The default remains single threaded. (GH #1819) + + * XMSS signatures now uses a global thread pool instead of spawning new + threads for each usage. This improves signature generation performance by + between 10% and 60% depending on architecture and core count. (GH #1864) + + * Some functions related to encoding and decoding BigInts have been + deprecated. (GH #1817) + + * Binary encoding and decoding of BigInts has been optimized by performing + word-size operations when possible. (GH #1817) + + * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to + make its meaning and usage more clear. The old name remains as a typedef. + (GH #1816) + + * Support for using Boost filesystem and MSVC’s std::filesystem have been + removed, since already POSIX and Win32 versions had to be maintained for + portability. (GH #1814) + + * Newly generated McEliece and XMSS keys now default to being encrypted using + SIV mode, support for which was added in 2.8.0. Previously GCM was used by + default for these algorithms. + + * Use arc4random on Android systems (GH #1851) + + * Fix the encoding of PGP-S2K iteration counts (GH #1853 #1854) + + * Add a facility for sandboxing the command line util. Currently FreeBSD + (Capsicum) and OpenBSD (pledge) sandboxes are supported. (GH #1808) + + * Use if constexpr when available. + + * Disable building shared libs on iOS as it was broken and it is not clear + shared libraries are ever useful on iOS (GH #1865) + + * Renamed the darwin build target to macos. This should not cause any + user-visible change. (GH #1866) + + * Add support for using sccache to cache the Windows CI build (GH #1807) + + * Add --extra-cxxflags option which allows adding compilation flags without + overriding the default set. (GH #1826) + + * Add --format= option to the hash cli which allows formatting the output as + base64 or base58, default output remains hex. + + * Add base58_enc and base58_dec cli utils for base58 encoding/decoding. (GH #1848) + + * Enable getentropy by default on macOS (GH #1862) + + * Avoid using -momit-leaf-frame-pointer flags, since -fomit-frame-pointer is + already the default with recent versions of GCC. + + * Fix XLC sanitizer flags. + + * Rename Blake2b class to BLAKE2b to match the official name. There is a typedef for compat. + + * Fix a bug where loading a raw Ed25519_PublicKey of incorrect length would + lead to a crash. (GH #1850) + + * Fix a bug that caused compilation problems using CryptoNG PRNG. (GH #1832) + + * Extended SHAKE-128 cipher to support any key between 1 and 160 bytes, + instead of only multiples of 8 bytes. + + * Minor HMAC optimizations. + + * Build fixes for GNU/Hurd. + + * Fix a bug that prevented generating or verifying Ed25519 signatures in the + CLI (GH #1828 #1829) + + * Fix a compilation error when building the amalgamation outside of the + original source directory when AVX2 was enabled. (GH #1812) + + * Fix a crash when creating the amalgamation if a header file was edited on + Windows but then the amalgamation was built on Linux (GH #1763) + +------------------------------------------------------------------- +Thu Jan 10 10:04:33 UTC 2019 - Daniel Molkentin <[email protected]> + +- Update to Botan 2.9 + + * Bump SONAME + + * CVE-2018-20187 Address a side channel during ECC key generation, which used an + unblinded Montgomery ladder. As a result, a timing attack can reveal + information about the high bits of the secret key. + + * Fix bugs in TLS which caused negotiation failures when the client used an + unknown signature algorithm or version (GH #1711 #1709 #1708) + + * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data + was set after starting a message, the new AD was not reflected in the produced + tag. Now with these modes setting an AD after beginning a message throws an + exception. + + * Use a smaller sieve which improves performance of prime generation. + + * Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256 + GB. (GH #1728) + + * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729) + + * Optimize AVX2 ChaCha (GH #1730) + + * Many more operations in BigInt, ECC and RSA code paths are either fully const + time or avoid problematic branches that could potentially be exploited in a + side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765 + #1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797) + + * Several optimizations for BigInt and ECC, improving ECDSA performance by as + much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788) + + * Support recovering an ECDSA public key from a message/signature pair (GH #664 + #1784) + + * Add base58 encoding/decoding functions (GH #1783) + + * In the command line interface, add support for reading passphrases from the + terminal with echo disabled (GH #1756) + + * Add CT::Mask type to simplify const-time programming (GH #1751) + + * Add new configure options --disable-bmi2, --disable-rdrand, and + --disable-rdseed to prevent use of those instruction sets. + + * Add error_type and error_code functions to Exception type (GH #1744) + + * Now on POSIX systems posix_memalign is used instead of mmap for allocating the + page-locked memory pool. This avoids issues with fork. (GH #602 #1798) + + * When available, use RDRAND to generate the additional data in + Stateful_RNG::randomize_with_ts_input + + * Use vzeroall/vzeroupper intrinsics to avoid AVX2/SSE transition penalties. + + * Support for Visual C++ 2013 has been removed (GH #1557 #1697) + + * Resolve a memory leak when verifying ECDSA signatures with versions of OpenSSL + before 1.1.0 (GH #1698) + + * Resolve a memory leak using ECDH via OpenSSL (GH #1767) + + * Fix an error in XTS which prohibited encrypting values which were exactly the + same length as the underlying block size. Messages of this size are allowed by + the standard and other XTS implementations. (GH #1706) + + * Resolve a bug in TSS which resulted in it using an incorrect length field in + the shares. Now the correct length is encoded, but either correct or buggy + lengths are accepted when decoding. (GH #1722) + + * Correct a bug when reducing a negative BigInt modulo a small power of 2. (GH + #1755) + + * Add CLI utils for threshold secret splitting. (GH #1722) + + * Fix a bug introduced in 2.8.0 that caused compilation failure if using a single + amalgamation file with AVX2 enabled. (GH #1700) + + * Add an explicit OS target for Emscripten and improve support for it. (GH #1702) + + * Fix small issues when building for QNX + + * Switch the Travis CI build to using Ubuntu 16.04 (GH #1767) + + * Add options to configure.py to disable generation of pkg-config file, and (for + systems where pkg-config support defaults to off, like Windows), to enable + generating it. (GH #1268) ++++ 99 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/Botan/Botan.changes ++++ and /work/SRC/openSUSE:Factory/.Botan.new.3908/Botan.changes Old: ---- Botan-2.7.0.tgz Botan-2.7.0.tgz.asc New: ---- Botan-2.10.0.tgz Botan-2.10.0.tgz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Botan.spec ++++++ --- /var/tmp/diff_new_pack.QO9BIx/_old 2019-04-05 11:56:51.778345151 +0200 +++ /var/tmp/diff_new_pack.QO9BIx/_new 2019-04-05 11:56:51.782345154 +0200 @@ -1,7 +1,7 @@ # # spec file for package Botan # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,14 +12,14 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define version_suffix 2-7 +%define version_suffix 2-10 %define short_version 2 Name: Botan -Version: 2.7.0 +Version: 2.10.0 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause ++++++ Botan-2.7.0.tgz -> Botan-2.10.0.tgz ++++++ /work/SRC/openSUSE:Factory/Botan/Botan-2.7.0.tgz /work/SRC/openSUSE:Factory/.Botan.new.3908/Botan-2.10.0.tgz differ: char 5, line 1 ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.QO9BIx/_old 2019-04-05 11:56:51.838345194 +0200 +++ /var/tmp/diff_new_pack.QO9BIx/_new 2019-04-05 11:56:51.838345194 +0200 @@ -1,4 +1,4 @@ -libbotan-2-7 +libbotan-2-10 libbotan-devel requires -libbotan-<targettype> = <version> - requires "libbotan-2-7-<targettype> = <version>" + requires "libbotan-2-10-<targettype> = <version>"
