Hello community, here is the log from the commit of package Botan for openSUSE:Factory checked in at 2020-08-17 12:04:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/Botan (Old) and /work/SRC/openSUSE:Factory/.Botan.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "Botan" Mon Aug 17 12:04:03 2020 rev:54 rq:826938 version:2.15.0 Changes: -------- --- /work/SRC/openSUSE:Factory/Botan/Botan.changes 2020-04-21 13:05:52.240238291 +0200 +++ /work/SRC/openSUSE:Factory/.Botan.new.3399/Botan.changes 2020-08-17 12:04:44.882673120 +0200 @@ -1,0 +2,52 @@ +Sun Aug 16 01:57:13 UTC 2020 - Dirk Mueller <[email protected]> + +- update to 2.15: + Fix a bug where the name constraint extension did not constrain the alternative + DN field which can be included in a subject alternative name. This would allow + a corrupted sub-CA which was otherwise constrained by a name constraint to + issue a certificate with a prohibited DN. + + Fix a bug in the TLS server during client authentication where where if a + (disabled by default) static RSA ciphersuite was selected, then no certificate + request would be sent. This would have an equivalent effect to a client which + simply replied with an empty Certificate message. (GH #2367) + + Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As + a result AES is now constant time on all processors. (GH #2346 #2348 #2353 + #2329 #2355) + + In TLS, enforce that the key usage given in the server certificate allows the + operation being performed in the ciphersuite. (GH #2367) + + In X.509 certificates, verify that the algorithm parameters are the expected + NULL or empty. (GH #2367) + + Change the HMAC key schedule to attempt to reduce the information leaked from + the key schedule with regards to the length of the key, as this is at times (as + for example in PBKDF2) sensitive information. (GH #2362) + + Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The + previous RDRAND_RNG interface is deprecated. (GH #2352) + + The documentation claimed that mlocked pages were created with a guard page + both before and after. However only a trailing guard page was used. Add a + leading guard page. (GH #2334) + + Add support for generating and verifying DER-encoded ECDSA signatures in the C + and Python interfaces. (GH #2357 #2356) + + Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH + #2322) + + When building documentation using Sphinx avoid parallel builds with version 3.0 + due to a bug in that version (GH #2326 #2324) + + Fix a memory leak in the CommonCrypto block cipher calls (GH #2371) + + Fix a flaky test that would occasionally fail when running the tests with a + large number of threads. (GH #2325 #2197) + + Additional algorithms are now deprecated: XTEA, GOST, and Tiger. They will be + removed in a future major release. + +------------------------------------------------------------------- Old: ---- Botan-2.14.0.tar.xz Botan-2.14.0.tar.xz.asc New: ---- Botan-2.15.0.tar.xz Botan-2.15.0.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Botan.spec ++++++ --- /var/tmp/diff_new_pack.bsGuOj/_old 2020-08-17 12:04:47.046674326 +0200 +++ /var/tmp/diff_new_pack.bsGuOj/_new 2020-08-17 12:04:47.050674329 +0200 @@ -16,10 +16,10 @@ # -%define version_suffix 2-13 +%define version_suffix 2-15 %define short_version 2 Name: Botan -Version: 2.14.0 +Version: 2.15.0 Release: 0 Summary: A C++ Crypto Library License: BSD-2-Clause ++++++ Botan-2.14.0.tar.xz -> Botan-2.15.0.tar.xz ++++++ ++++ 9411 lines of diff (skipped) ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.bsGuOj/_old 2020-08-17 12:04:48.954675390 +0200 +++ /var/tmp/diff_new_pack.bsGuOj/_new 2020-08-17 12:04:48.954675390 +0200 @@ -1,4 +1,4 @@ -libbotan-2-13 +libbotan-2-15 libbotan-devel requires -libbotan-<targettype> = <version> - requires "libbotan-2-13-<targettype> = <version>" + requires "libbotan-2-15-<targettype> = <version>"
