Navigation:
Browse pkgsrc
(this page)
security botan2
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2024-02-26 22:01:13 by Niclas Rosenvik | Files touched by this commit (4) |
Log message: Update botan2 to version 2.19.4 Pkgsrc changes: Add pkg-config override. Changes From changelog: * Fix a potential denial of service caused by accepting arbitrary length primes as potential elliptic curve parameters in ASN.1 encodings. With very large inputs the primality verification can become computationally expensive. Now any prime field larger than 1024 bits is rejected immediately. Reported by Bing Shi. (GH #3914) * Switch to using a constant time binary algorithm for computing GCD (GH #3912) * Fix a bug in SHAKE_Cipher which could cause incorrect output if set_key was called multiple times. (GH #3192) * Fix a bug in RSA-KEM encryption where the shared secret key was incorrectly not padded to exactly the byte length of the modulus. This would cause an incorrect shared key with ~1/256 probability. (GH #3380) * In RSA decryption and signature verification, reject bytestrings which are longer than the public modulus. Previously, otherwise valid signatures/ciphertexts with additional leading zero bytes would also be accepted. (GH #3380) * Add support for short nonces in XTS (GH #3384 #3336) * Fix NIST keywrap which was incorrect when wrapping 64-bit keys (GH #3384 #3340) * Fix nonce handling bug in EAX (GH #3382 #3335) * Fix a bug in PKCS11 AttributeContainer where adding an attribute that already existed could cause incorrect references to the existing attributes. (GH #3185) * Apply patches which allow GCC 4.7 to compile Botan 2.x. Previously at least GCC 4.8 had been required. (GH #3273) * Fix a build time problem affecting VCpkg (GH #3071) * Fix a build problem affecting Windows ARM with Visual C++ (GH #3871) |
| 2023-12-29 19:25:02 by Adam Ciarcinski | Files touched by this commit (254) |
Log message: revbump for boost-libs |
| 2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247) |
Log message: *: recursive bump for Python 3.11 as new default |
2023-06-26 13:41:00 by Thomas Klausner | Files touched by this commit (1) |  |
Log message: botan2: update DESCR |
| 2023-04-23 16:26:33 by Adam Ciarcinski | Files touched by this commit (271) |
Log message: revbump for boost |
| 2023-01-22 17:28:39 by Ryo ONODERA | Files touched by this commit (271) |
Log message: *: Recursive revbump from Boost 1.81.0 |
| 2022-12-19 18:39:40 by Niclas Rosenvik | Files touched by this commit (2) |
Log message: botan2: fix build of os_utils.cpp on SunOS os_utils.cpp needs priv.h to be included on SunOS for the patch to build. Use Botans own BOTAN_TARGET_OS_IS_SOLARIS instead of __sun as indicator for building on SunOS. |
| 2022-11-24 12:59:30 by Thomas Klausner | Files touched by this commit (3) | |
Log message: botan: update to 2.19.3. Version 2.19.3, 2022-11-16 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * CVE-2022-43705: A malicious OCSP responder could forge OCSP responses due to a failure to validate that an embedded certificate was issued by the end-entity issuing certificate authority. |
New packages: