Subject: CVS commit: pkgsrc/security/botan3
From: Niclas Rosenvik
Date: 2024-11-01 08:22:45
Message id: 20241101072245.9B321FC7E@cvs.NetBSD.org

Log Message:
Update botan3 and its python binding to version 3.6.1

This version includes the patch to fix build on non-vsx
powerpc cpus by he.

Changes from release notes:
Version 3.6.1, 2024-10-26

* Fix a bug in x86 CPUID detection introduced in 3.6.0 which would
  cause crashes on systems which have BMI1 but not BMI2.
  (GH #4402 #4401)

* Fix a bug in SLH-DSA signing, which did not default to the FIPS
  required randomized variant. (GH #4398)

* Modify how elliptic curve blinding is performed, reducing the number
  of self-additions that may occur during multiplication. (GH #4408)

* In speed command line utility, also iterate keygen several times.
  (GH #4381)

Version 3.6.0, 2024-10-21

* Fully integrate and further optimize the new ECC library first
  introduced in 3.5.0. For common curves, operations are 2 to 3
  times faster. This also introduces a new API for low level EC
  operations, such a point multiplication, using EC_Scalar and
  EC_AffinePoint types.
  (GH #4042 #4113 #4147 #4190 #4191 #4113 #4143 #4171 #4203 #4205 #4207
  #4209 #4210 #4211 #4212 #4213 #4215 #4217 #4218 #4221 #4225 #4226
  #4235 #4237 #4240 #4242 #4256 #4257 #4261 #4264 #4276 #4284 #4300)

* Add support for FIPS 203 ML-KEM, the NIST standardized version of
  Kyber (GH #3893)

* Add support for FIPS 204 ML-DSA, the NIST standardized version of
  Dilithium (GH #4270)

* Add support for FIPS 205 SLH-DSA, the NIST standardized version of
  SPHINCS+ (GH #4291)

* Add support for TPM2 hardware (GH #4337 #4357 #4361)

* Add support for jitterentropy RNG (GH #4325)

* Constant time programming improvements including CT::Option
  (GH #4175 #4197 #4198 #4204 #4207 #4254 #4260)

* Improve performance of hex (GH #4275) and base64 (GH #4271)

* In ECDSA blind the constant time inversion of the nonce, as an extra
  precaution against side channel attacks. (GH #4259)

* Add support for AVX2-VAES instructions (GH #4286 #4287)

* Add GFNI-AVX2 acceleration for SM4 (GH #4289)

* Add support for elliptic curve numsp512d1 (GH #4251)

* Apply const-time checking annotations to Dilithium and Kyber
  (GH #4223), X448/Ed448 (GH #4204), FrodoKEM (GH #4198),
  LMS (GH #4272)

* Refactor internals of Dilithium and Kyber to share common elements
  (GH #4024)

* Add a test suite for validating the const-time annotations (GH #4182)

* Internal refactorings of public key encryption to improve memory
  safety and side channel resistance. (GH #4238 #4239)

* Cache the DER encoding of the OID format of an elliptic curve
  (GH #4193)

* Correct inconsistencies with use of BOTAN_CLEAR_CPUID where dependent
  instruction sets were not always disabled. (GH #4290)

* Deprecate the x25519/Kyber-512-r3 TLS ciphersuite. (GH #4347)

* Add CI nightly test using Intel SDE to test AVX-512 (GH #4296)

* Fix armv7/aarch64 CPU feature detection on FreeBSD (GH #4315)

* Add support for armv7/aarch64/ppc64 CPU feature detection on OpenBSD,
  using a new API added in OpenBSD 7.6 (GH #4312)

* Fix a bug in the speed cli utility which caused it to report
  incorrect values, especially for ciphers/hashes with small input
  sizes. (GH #4311)

* Fix a bug where CMake and pkg-config files might be installed to the
  wrong path (GH #4236 #4231)

* Fix certificate validation when the trust root is a self-signed MD2
  cert. (GH #4247 #4248)

* Internal "strong types" improvments (GH #4170)

* Refactor the speed cli utility (GH #4364 #4367 #4369)

* Fix a test that was somewhat brittle and would fail if a specific
  certificate was not in the system trust root store. (GH #4280)

* Update some documentation comments (GH #4185)

* In Argon2, avoid instantiating a thread pool when p == 1
  (GH #4195 #4199)

* Disable the thread pool by default on Emscripten target
  (GH #4195 #4199)

* Add compile time option to disable all use of inline assembly
  (GH #4273 #4265)

Version 3.5.0, 2024-07-08

* CVE-2024-34702: Fix a DoS caused by excessive name constraints.
  (GH #4186)

* CVE-2024-39312: Fix a name constraint processing error, where if
  permitted and excluded rules both applied to a certificate, only
  the permitted rules would be checked.

* Add a new much faster elliptic curve implementation. In this release,
  this implementation is only used for hash2curve. (GH #3979)

* Add support for LMS hash based signatures (GH #3716 #4059)

* Add support for SSLKEYLOGFILE logging (GH #4043)

* Optimize processing in FFI botan_cipher_update (GH #3951)

* Add Public_Key::raw_public_key_bits (GH #3985)

* Optimize XTS mode (GH #4047)

* Optimize name constraint processing (GH #4047)

* Optimize FrodoKEM-AES (GH #4176 #4174 #4173)

* The build system now distinguishes between LLVM Clang and XCodes
  Clang fork. For the latter, use compiler target xcode. (GH #4010)

* Fix a bug in scrypt autotune where, if it was called with a nominal
  maximum memory limit of zero (meant to indicate no limit) would only
  ever return parameters using 1 MB.

* Constant time programming improvements including CT::value_barrier
  and CT::Choice (GH #4154 #4115 #4096 #4108)

* Refactor and optimize AlternativeName. This includes a new API.
  The old API is retained but deprecated. (GH #4034)

* Kyber internals refactoring (GH #3887)

* Generate Kuznyechik tables at compile time instead of hard coding
  them. (GH #4017)

* Enable using sysctlbyname on iOS (GH #4018)

* Previously Curve25519 was used to refer to key exchange over the
  Montgomery curve modulo 2**255-19. This is now called X25519 in all
  cases. Typedefs and a deprecated header are retained for
  compatibility with older versions. (GH #4012)

* Fix several bugs related to encoding and decoding ASN.1 object
  identifiers when the second arc is larger than 40. (GH #4063 #4023)

* Avoid sending IP addresses in the Server Name Indicator TLS extension,
  if an IP address is used to initialize the TLS_Server_Info struct.
  (GH #4059)

* During X.509 certificate verification, first verify the entire
  sequence of signatures, then do other validation. (GH #4045)

* In DTLS fix a bug affecting retransmission of client hellos. (GH #4037)

* Fix a number of bugs related to name constraint processing. (GH #4074)

* Add support for parsing TNAuthList (secure telephony identity
  credentials extension) from RFC 8226. (GH #4116)

* Add One-Step KDF from SP 800-56C (GH #4121)

* Fix a bug in RFC 6979 mode ECDSA. This only caused problems when
  testing with certain curves and does not have any security or interop
  implications. (GH #4040)

* Previously elliptic curve private keys could be of any size, with the
  effective key reduced modulo the group order. Now during decoding the
  private key must be in the specified bound. (GH #4040)

* Elliptic curve groups now verify that the prime and group order are
  related in the manner expected. (GH #4039 #4041)

* Add a script to run the Limbo X.509 path validation test suite.

* Update the BoGo TLS test suite (GH #4078)

* Deprecate various low level BigInt and elliptic curve interfaces
  (GH #4038 #4056)

* In 3.3.0, support for application specific curves in EC_Group with
  parameters larger than 521 bits was deprecated. This release expands
  that deprecation to further restrict future use of application
  specific curves (see deprecated.rst for details). Add a new EC_Group
  constructor which enforces these restrictions. (GH #4038)

* Fix a bug when creating a PKCS10 request or X.509 self signed
  certificate when SubjectAlternativeName was included in the provided
  extensions. If this occurred, any other values (eg opts.dns) would
  be ignored. (GH #4032)

* Various low level multi precision integer refactorings and
  improvements. (GH #4156 #4149 #4007 #4008 #3989 #3987)

* Increase the maximum supported key length of KMAC to 192 bytes
  (GH #4109)

* Improve the utilities for checked (overflow safe) addition and
  multiplication. (GH #3999)

* Optimize parsing of IPv4 dotted quad strings (GH #4058)

* A system for marking modules as deprecated was introduced in 3.4.0,
  but it did not mark any modules as deprecated. This has now been
  applied to various modules, which will then be disabled if
  --disable-deprecated-features option is used at build time.
  (GH #4050)

* Fix a bug in configure.py that caused --with-stack-protector to not
  work. (GH #3996)

* Upgrade CI to use XCode 15.2 on x86-64 and XCode 15.3 on aarch64.
  (GH #4005)

* Update most CI builds to run on Ubuntu 24.04 (GH #4098)

* Various clang-tidy fixes (GH #4070 #4075)

* Fixes for GCC 14 (GH #4046)

* Fix Roughtime to not reference a deprecated Cloudflare server.
  (GH #4002 #3937)

Version 3.4.0, 2024-04-08

* Add Ed448 signatures and X448 key exchange (GH #3933)

* X.509 certificate verification now can optionally ignore the
  expiration date of root certificates. (GH #3938)

* Support for hybrid EC point encoding is now deprecated. (GH #3981)

* Support for creating EC_Group objects with parameters larger than
  521 bits is now deprecated (GH #3980)

* Add new build options to disable deprecated features, and to enable
  experimental features. (GH #3910)

* Fix a bug affecting use of SIV and CCM ciphers in the FFI interface.
  (GH #3971)

* Add new FFI interface botan_cipher_requires_entire_message (GH #3969)

* Internal refactorings of the mp layer to support a new elliptic curve
  library. (GH #3973 #3977 #3962 #3957 #3964 #3956 #3961 #3950)

* Use a new method for constant time division in Kyber to avoid a
  possible side channel where the compiler inserts use of a variable
  time division. (GH #3959)

* Refactor test RNG usage to improve reproducibility. (GH #3920)

* Add std::span interfaces to BigInt (GH #3866)

* Refactorings and improvements to low level load/store utility
  functions. (GH #3869)

* Fix the amalgamation build on ARM64 (GH #3931)

* Add Mac ARM based CI build (GH #3931)

* Fix a thread serialization bug that caused sporadic test failures.
  (GH #3922)

* Update GH Actions to v4 (GH #3923)

* Add examples of password based encryption and HTTPS+ASIO client.
  (GH #3935 #3910)

Files:
RevisionActionfile
1.14modifypkgsrc/security/botan3/Makefile
1.6modifypkgsrc/security/botan3/Makefile.common
1.6modifypkgsrc/security/botan3/PLIST
1.7modifypkgsrc/security/botan3/buildlink3.mk
1.7modifypkgsrc/security/botan3/distinfo
1.1removepkgsrc/security/botan3/patches/patch-src_lib_utils_simd_simd__32.h