Subject: CVS commit: pkgsrc/security/botan-devel
From: Joerg Sonnenberger
Date: 2016-05-19 23:58:43
Message id: 20160519215843.9E5ADFBBA@cvs.NetBSD.org
Log Message:
Update to Botan 1.11.29:
- CVE-2016-2849: side channel attack against DSA and ECDSA
- CVE-2016-2850: failure to enforce TLS policies could lead to weaker
  algorithms being choosen
- CVE-2016-2195: heap overflow in ECC point decoding
- CVE-2016-2196: heap overflow in P-521 reduction
- CVE-2016-2194: DOS against the modular reduction
- CVE-2015-7824: padding oracle attack against TLS CBC
- CVE-2015-7825: DOS due to certificate chains
- CVE-2015-7826: wildcard certifications verification failures
- CVE-2015-7827: protection against PKCS#1 side channel issues
- CVE-2015-5726: potential DOS with invalid zero-length BER
- CVE-2015-5727: unbound memory use with BER
- deprecation or removal of various insecure crypto primitives
- TLS heartbeat removed
- various other bugfixes and improvements.
Files:
RevisionActionfile
1.14modifypkgsrc/security/botan-devel/Makefile
1.6modifypkgsrc/security/botan-devel/PLIST
1.8modifypkgsrc/security/botan-devel/distinfo
1.1addpkgsrc/security/botan-devel/patches/patch-src_lib_utils_os__utils.cpp
1.1removepkgsrc/security/botan-devel/patches/patch-src_build-data_arch_arm.txt
1.3removepkgsrc/security/botan-devel/patches/patch-src_build-data_makefile_header.in
1.4removepkgsrc/security/botan-devel/patches/patch-src_lib_alloc_locking__allocator_locking__allocator.cpp
1.1removepkgsrc/security/botan-devel/patches/patch-src_lib_pubkey_mce_gf2m__small__m.cpp
1.1removepkgsrc/security/botan-devel/patches/patch-src_lib_utils_read__cfg.cpp