- remove botan binary (moves to Botan3)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 2.15:
  Fix a bug where the name constraint extension did not constrain the alternative
  DN field which can be included in a subject alternative name. This would allow
  a corrupted sub-CA which was otherwise constrained by a name constraint to
  issue a certificate with a prohibited DN.
  Fix a bug in the TLS server during client authentication where where if a
  (disabled by default) static RSA ciphersuite was selected, then no certificate
  request would be sent. This would have an equivalent effect to a client which
  simply replied with an empty Certificate message. (GH #2367)
  Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
  a result AES is now constant time on all processors. (GH #2346 #2348 #2353
  #2329 #2355)
  In TLS, enforce that the key usage given in the server certificate allows the
  operation being performed in the ciphersuite. (GH #2367)
  In X.509 certificates, verify that the algorithm parameters are the expected
  NULL or empty. (GH #2367)
  Change the HMAC key schedule to attempt to reduce the information leaked from
  the key schedule with regards to the length of the key, as this is at times (as
  for example in PBKDF2) sensitive information. (GH #2362)
  Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
  previous RDRAND_RNG interface is deprecated. (GH #2352)
  The documentation claimed that mlocked pages were created with a guard page
  both before and after. However only a trailing guard page was used. Add a
  leading guard page. (GH #2334)
  Add support for generating and verifying DER-encoded ECDSA signatures in the C
  and Python interfaces. (GH #2357 #2356)
  Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
  #2322)
  When building documentation using Sphinx avoid parallel builds with version 3.0
  due to a bug in that version (GH #2326 #2324)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to Botan 2.10
  * Bump SONAME
  * Warning: XMSS currently implements draft-06 which is not compatible with
    the final RFC 8391 specification. A PR is open to fix this, however it will
    break all current uses of XMSS. If you are currently using XMSS please
    comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR
    will be merged and support for draft-06 will be removed starting in 2.11.
  * Added a new certificate store implementation that can access the MacOS
    keychain certificate store. (GH #1830)
  * Redesigned Memory_Pool class, which services allocations out of a set of
    pages locked into memory (using mlock/VirtualLock). It is now faster and
    with improved exploit mitigations. (GH #1800)
  * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by
    25-35% on common CPUs. (GH #1815)
  * Unroll SHA-3 computation improving performance by 10-12% (GH #1838)
  * Add a Thread_Pool class. It is now possible to run the tests in multiple
    threads with --test-threads=N flag to select the number of threads to use.
    Use --test-threads=0 to run with as many CPU cores as are available on the
    current system. The default remains single threaded. (GH #1819)
  * XMSS signatures now uses a global thread pool instead of spawning new
    threads for each usage. This improves signature generation performance by
    between 10% and 60% depending on architecture and core count. (GH #1864)
  * Some functions related to encoding and decoding BigInts have been
    deprecated. (GH #1817)
  * Binary encoding and decoding of BigInts has been optimized by performing
    word-size operations when possible. (GH #1817)
  * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to
    make its meaning and usage more clear. The old name remains as a typedef.
    (GH #1816)
  * Support for using Boost filesystem and MSVC’s std::filesystem have been

• Files Changed
• Browse Source

- Fix version in baselibs.conf (forwarded request 626673 from dmolkentin)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to Botan 2.5
  * Fix error in certificate wildcard matching (CVE-2018-9127), where a
    wildcard cert for b*.example.com would be accepted as a match for any host
    with name *b*.example.com (GH #1519)
  * Add support for RSA-PSS signatures in TLS (GH #1285)
  * Ed25519 certificates are now supported (GH #1501)
  * Many optimizations in ECC operations. ECDSA signatures are 8-10 times
    faster. ECDSA verification is about twice as fast. ECDH key agreement is
    3-4 times faster. (GH #1457 #1478)
  * Implement product scanning Montgomery reduction, which improves
    Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
    #1472)
  * DSA signing and verification performance has improved by 30-50%.
  * Add a new Credentials_Manager callback that specifies which CAs the server
    has indicated it trusts (GH #1395 fixing #1261)
  * Add new TLS::Callbacks methods that allow creating or removing extensions,
    as well as examining extensions sent by the peer (GH #1394 #1186)
  * Add new TLS::Callbacks methods that allow an application to negotiate use
    of custom elliptic curves. (GH #1448)
  * Add ability to create custom elliptic curves (GH #1441 #1444)
  * Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
  * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
    #986)
  * The default encoding of ECC public keys has changed from compressed to
    uncompressed point representation. This improves compatability with some
    common software packages including Golang’s standard library. (GH #1480
    #1483)
  * It is now possible to create DNs with custom components. (GH #1490 #1492)
  * It is now possible to specify the serial number of created certificates,
    instead of using the default 128-bit random integer. (GH #1489 #1491)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- drop explicit package requirements
- split binary package and documentation from dynamic library package
- merge back Botan2 package to Botan with changelog history
- drop Botan patches
    aarch64-support.patch - doesn't seem to be required anymore
    Botan-fix_install_paths.patch - doesn't seem to be required
    no-cpuid-header.patch - SLE11 not target anymore
    Botan-fix_pkgconfig.patch - this seem to be wrong
    Botan-no-buildtime.patch - not needed anymore
    dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there
    Botan-inttypes.patch - not required
    Botan-ull_constants.patch.bz2 - no reason anymore

- change group of libbotan-%{version_suffix} to 'System/Libraries' as
  requested on review

- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just
  need the Update repository present.

- Rename libbotan-devel to libbotan2-devel. We can't have clashing
  packages in the archive because Botan1 and Botan2 provide the
  same -devel binary. Botan2 is also no API compatible with Botan.

- fix expected version after bump in baselibs.conf too

- fix unknown flag -fstack-clash-protection for openSUSE 42.3
- rename to Botan2
- drop Botan2-INT_MAX.patch as not needed anymore
- Bump to libbotan 2.4
  Changes and new features: (forwarded request 578006 from sleep_walker)

• Files Changed
• Browse Source

• Files Changed
• Browse Source