Subject: CVS commit: pkgsrc/security/botan
From: Joerg Sonnenberger
Date: 2017-04-10 22:26:31
Message id: 20170410202631.3FE90FBE4@cvs.NetBSD.org

Log Message:
Update Botan to 1.10.16:
    Fix a bug in X509 DN string comparisons that could result in out of
    bound reads. This could result in information leakage, denial of
    service, or potentially incorrect certificate validation results.
    (CVE-2017-2801)

    Avoid throwing during a destructor since this is undefined in
    C++11 and rarely a good idea. (GH #930)

    Fix a bug causing modular exponentiations done modulo even numbers
    to almost always be incorrect, unless the values were small. This
    bug is not known to affect any cryptographic operation in Botan. (GH
    #754)

    Avoid use of C++11 std::to_string in some code added in 1.10.14
    (GH #747 #834)

    Fix integer overflow during BER decoding, found by Falko Strenzke.
    This bug is not thought to be directly exploitable but upgrading ASAP
    is advised. (CVE-2016-9132)

    Fix two cases where (in error situations) an exception would be thrown
    from a destructor, causing a call to std::terminate.

    When RC4 is disabled in the build, also prevent it from being included
    in the OpenSSL provider. (GH #638)

Files:
RevisionActionfile
1.43modifypkgsrc/security/botan/Makefile
1.7modifypkgsrc/security/botan/PLIST
1.20modifypkgsrc/security/botan/distinfo