The NetBSD Project

CVS log for pkgsrc/security/botan-devel/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / botan-devel

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.30 / (download) - annotate - [select for diffs], Thu Apr 25 07:33:15 2019 UTC (4 weeks, 1 day ago) by maya
Branch: MAIN
CVS Tags: HEAD
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)

PKGREVISION bump for anything using python without a PYPKGPREFIX.

This is a semi-manual PKGREVISION bump.

Revision 1.29 / (download) - annotate - [select for diffs], Thu Dec 13 19:51:36 2018 UTC (5 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

revbump for boost 1.69.0

Revision 1.28 / (download) - annotate - [select for diffs], Tue Sep 4 00:02:03 2018 UTC (8 months, 2 weeks ago) by minskim
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.27: +2 -1 lines
Diff to previous 1.27 (colored)

security/botan{,-devel}: Designate doc dir explicitly

Before this change, botan{,-devel} installed documents in
${PREFIX}/doc, not ${PREFIX}/share/doc, on Darwin.

Revision 1.27 / (download) - annotate - [select for diffs], Thu Aug 16 18:54:31 2018 UTC (9 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)

revbump after boost-libs update

Revision 1.26 / (download) - annotate - [select for diffs], Sun Apr 29 21:31:22 2018 UTC (12 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

revbump for boost-libs update

Revision 1.25 / (download) - annotate - [select for diffs], Fri Feb 2 13:56:35 2018 UTC (15 months, 2 weeks ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)

botan-devel: Leave pkgsrc to handle security features.  Fix SunOS.

Revision 1.24 / (download) - annotate - [select for diffs], Mon Jan 1 21:18:10 2018 UTC (16 months, 3 weeks ago) by adam
Branch: MAIN
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)

Revbump after boost update

Revision 1.23 / (download) - annotate - [select for diffs], Sun Nov 26 10:40:05 2017 UTC (17 months, 3 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)

botan-devel: follow redirects

Revision 1.22 / (download) - annotate - [select for diffs], Thu Aug 24 20:03:00 2017 UTC (20 months, 4 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)

Revbump for boost update

Revision 1.21 / (download) - annotate - [select for diffs], Sun Apr 30 01:21:24 2017 UTC (2 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)

Recursive revbump from boost update

Revision 1.20 / (download) - annotate - [select for diffs], Mon Apr 10 21:14:45 2017 UTC (2 years, 1 month ago) by joerg
Branch: MAIN
Changes since 1.19: +2 -3 lines
Diff to previous 1.19 (colored)

Update to Botan 2.1.0, the new stable branch.

Some of the more important changes:

- Fix incorrect truncation in Bcrypt. Passwords in length between 56 and
  72 characters were truncated at 56 characters. Found and reported by
  Solar Designer. (CVE-2017-7252) (GH #938)
- Fix a bug in X509 DN string comparisons that could result in out of
  bound reads. This could result in information leakage, denial of
  service, or potentially incorrect certificate validation results.
  Found independently by Cisco Talos team and OSS-Fuzz. (CVE-2017-2801)
- Correct minimum work factor for Bcrypt password hashes. All other
  implementations require the work factor be at least 4. Previously
  Botan simply required it be greater than zero. (GH #938)
- Converge on a single side channel silent EC blinded multiply
  algorithm. Uses Montgomery ladder with order/2 bits scalar blinding
  and point randomization now by default. (GH #893)
- Add ability to search for certificates using the SHA-256 of the
  distinguished name. (GH #900)
- Support a 0-length IV in ChaCha stream cipher. Such an IV is treated
  identically to an 8-byte IV of all zeros.
- Previously Botan forbid any use of times past 2037 to avoid Y2038
  issues. Now this restriction is only in place on systems which have a
  32-bit time_t. (GH #933 fixing #917)
- Fix a longstanding bug in modular exponentiation which caused most
  exponentiations modulo an even number to have an incorrect result;
  such moduli occur only rarely in cryptographic contexts. (GH #754)
- Fix a bug in BigInt multiply operation, introduced in 1.11.30, which
  could cause incorrect results. Found by OSS-Fuzz fuzzing the ressol
  function, where the bug manifested as an incorrect modular
  exponentiation. OSS-Fuzz bug #287
- Fix a bug that meant the etf/modp/6144and etf/modp/8192  discrete log groups used an incorrect value for the generator,
  specifically the value (p-1)/2 was used instead of the correct value
  of 2.
- DL_Group strong generation previously set the generator to 2. However
  sometimes 2 generates the entire group mod p, rather than the subgroup
  mod q. This is invalid by X9.42 standard, and exposes incautious
  applications to small subgroup attacks. Now DL_Group uses the smallest
  g which is a quadratic residue. (GH #818)
- The default TLS policy now requires 2048 or larger DH groups by
  default.
- The default Path_Validation_Restrictions constructor has changed to
  require at least 110 bit signature strength. This means 1024 bit RSA
  certificates and also SHA-1 certificates are rejected by default. Both
  settings were already the default for certificate validation in TLS
  handshake, but this changes it for applications also.
- Fix integer overflow during BER decoding, found by Falko Strenzke.
  This bug is not thought to be directly exploitable but upgrading ASAP
  is advised. (CVE-2016-9132)
- Add post-quantum signature scheme XMSS. Provides either 128 or 256 bit
  (post-quantum) security, with small public and private keys, fast
  verification, and reasonably small signatures (2500 bytes for 128-bit
  security). Signature generation is very slow, on the order of seconds.
  And very importantly the signature scheme is stateful: each leaf index
  must only be used once, or all security is lost. In the appropriate
  system where signatures are rarely generated (such as code signing)
  XMSS makes an excellent choice. (GH #717 #736)
- Add support for client-side OCSP stapling to TLS. (GH #738)
- Previously both public and private keys performed automatic self
  testing after generation or loading. However this often caused
  unexpected application performance problems, and so has been removed.
  Instead applications must call check_key explicitly. (GH #704)
- Fix TLS session resumption bugs which caused resumption failures if an
  application used a single session cache for both TLS and DTLS. (GH
  #688)
- The default TLS policy now disables static RSA ciphersuites, all DSA
  ciphersuites, and the AES CCM-8 ciphersuites. Disabling static RSA by
  default protects servers from oracle attacks, as well as enforcing a
  forward secure ciphersuite. Some applications may be forced to
  re-enable RSA for interop reasons. DSA and CCM-8 are rarely used, and
  likely should not be negotiated outside of special circumstances.
- The default TLS policy now prefers ChaCha20Poly1305 cipher over any
  AES mode.
- The default TLS policy now orders ECC curve preferences in order by
  performance, with x25519 first, then P-256, then P-521, then the rest.

Revision 1.19 / (download) - annotate - [select for diffs], Sun Jan 1 16:05:59 2017 UTC (2 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)

Revbump after boost update

Revision 1.18 / (download) - annotate - [select for diffs], Wed Nov 23 13:01:54 2016 UTC (2 years, 6 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.17: +13 -1 lines
Diff to previous 1.17 (colored)

Restore explicit CPU selection based on MACHINE_ARCH, needing e.g. on
SmartOS.

Revision 1.17 / (download) - annotate - [select for diffs], Fri Nov 11 19:46:05 2016 UTC (2 years, 6 months ago) by joerg
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

Become maintainer.

Revision 1.16 / (download) - annotate - [select for diffs], Fri Nov 11 19:41:44 2016 UTC (2 years, 6 months ago) by joerg
Branch: MAIN
Changes since 1.15: +2 -13 lines
Diff to previous 1.15 (colored)

Update to Botan-1.11.33:
- avoid side channel with OAEP (CVE-2016-8871)
- avoid Lucky13 timing attack against CBC-based TLS cipher
- added X25519-based key exchange for TLS
- add support for the TLS Supported Point Formats Extension from
  RFC 4492
- add support for the NewHope Ring-LWE key encapsulation algorithm
  for estimated ~200 bit security level against a quantum attacker.
- add support for TLS Encrypt-then-MAC extension
- Fix undefined behavior in Curve25519 for 32bit platforms
- bugfix for GCM when 32-bit counters overflowed
- added ChaCha20Poly1305 TLS cipher

Revision 1.15 / (download) - annotate - [select for diffs], Fri Oct 7 18:25:33 2016 UTC (2 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)

Revbump post boost update

Revision 1.14 / (download) - annotate - [select for diffs], Thu May 19 21:58:43 2016 UTC (3 years ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

Update to Botan 1.11.29:
- CVE-2016-2849: side channel attack against DSA and ECDSA
- CVE-2016-2850: failure to enforce TLS policies could lead to weaker
  algorithms being choosen
- CVE-2016-2195: heap overflow in ECC point decoding
- CVE-2016-2196: heap overflow in P-521 reduction
- CVE-2016-2194: DOS against the modular reduction
- CVE-2015-7824: padding oracle attack against TLS CBC
- CVE-2015-7825: DOS due to certificate chains
- CVE-2015-7826: wildcard certifications verification failures
- CVE-2015-7827: protection against PKCS#1 side channel issues
- CVE-2015-5726: potential DOS with invalid zero-length BER
- CVE-2015-5727: unbound memory use with BER
- deprecation or removal of various insecure crypto primitives
- TLS heartbeat removed
- various other bugfixes and improvements.

Revision 1.13 / (download) - annotate - [select for diffs], Fri Feb 26 11:40:30 2016 UTC (3 years, 2 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1
Changes since 1.12: +1 -2 lines
Diff to previous 1.12 (colored)

Remove manual addition of MAKE_FLAGS to OPSYSVARS, it's now in by default.

Revision 1.12 / (download) - annotate - [select for diffs], Fri Feb 26 09:41:05 2016 UTC (3 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.11: +3 -4 lines
Diff to previous 1.11 (colored)

Use OPSYSVARS.

Revision 1.10.2.1 / (download) - annotate - [select for diffs], Mon Oct 26 20:09:36 2015 UTC (3 years, 6 months ago) by bsiegert
Branch: pkgsrc-2015Q3
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored) next main 1.11 (colored)

Pullup ticket #4843 - requested by joerg
security/botan-devel: build fix

Revisions pulled up:
- security/botan-devel/Makefile                                 1.11

---
   Module Name:	pkgsrc
   Committed By:	joerg
   Date:		Wed Oct 21 21:29:14 UTC 2015

   Modified Files:
   	pkgsrc/security/botan-devel: Makefile

   Log Message:
   For amd64 builds, override the automatic CPU detection. It fails on
   SmartOS for 64bit builds.

Revision 1.11 / (download) - annotate - [select for diffs], Wed Oct 21 21:29:14 2015 UTC (3 years, 7 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)

For amd64 builds, override the automatic CPU detection. It fails on
SmartOS for 64bit builds.

Revision 1.10 / (download) - annotate - [select for diffs], Sun Sep 13 02:31:22 2015 UTC (3 years, 8 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base
Branch point for: pkgsrc-2015Q3
Changes since 1.9: +5 -1 lines
Diff to previous 1.9 (colored)

Add missing stdexcept includes. Add missing libraries for socket
functions on Solaris. Check privileges for mlock use on Solaris before
trying to lock the resource buffer.

Revision 1.9 / (download) - annotate - [select for diffs], Wed May 20 21:57:10 2015 UTC (4 years ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.8: +3 -1 lines
Diff to previous 1.8 (colored)

Add missing header. Patch up Python interpreter. Regen distinfo.

Revision 1.8 / (download) - annotate - [select for diffs], Thu May 14 18:39:24 2015 UTC (4 years ago) by joerg
Branch: MAIN
Changes since 1.7: +8 -6 lines
Diff to previous 1.7 (colored)

Update to Botan 1.11.16:
- Switch to using IETF ALPN extension for negotiating application-level
  protocols for TLS in place of NPN extension.
- Optimizations for ECDSA
- Allow using OpenSSL's RSA implementation
- RC4 is deprecated and will be removed in the future
- Removed global state like the global PRNG.
- Cleaner registration for algorithm etc, potentially requires changes
  for statically linked programs.
- Simple C binding for common operations
- Optimized reductors for P-192, P-224, P-256, P-384, P-521
- Experimental OCB support for TLS
- Reduced memory footprint of CTR
- botan-config has been merged into botan
- Removal of SSLv3 support
- MCEIES, DTLS-STRP, SipHash, Curve25519, Poly1305, ChaCha20Poly1305
  supported
- Changed format of serialized TLS sessions
- TLS heartbeat messages support user-defined size of padding for PMTU
  discovery
- RFC 6979 support for deterministic nouns and signatures with DSA and ECDSA
- Support for TLS fallback signaling

Revision 1.7 / (download) - annotate - [select for diffs], Fri Apr 17 15:52:57 2015 UTC (4 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

Revbump after updating devel/boost-libs

Revision 1.6 / (download) - annotate - [select for diffs], Fri Nov 7 19:39:25 2014 UTC (4 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Revbump after updating boost

Revision 1.5 / (download) - annotate - [select for diffs], Wed Aug 13 10:57:32 2014 UTC (4 years, 9 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

Revbump after boost-libs update

Revision 1.4 / (download) - annotate - [select for diffs], Wed May 21 01:22:14 2014 UTC (5 years ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.3: +10 -1 lines
Diff to previous 1.3 (colored)

Fix build on NetBSD/evbarm.

Revision 1.3 / (download) - annotate - [select for diffs], Sat May 17 16:10:48 2014 UTC (5 years ago) by wiz
Branch: MAIN
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)

Bump applications PKGREVISIONs for python users that might be using
python3, since the default changed from python33 to python34.

I probably bumped too many. I hope I got them all.

Revision 1.2 / (download) - annotate - [select for diffs], Wed Mar 5 21:22:38 2014 UTC (5 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.1: +6 -1 lines
Diff to previous 1.1 (colored)

Fix build on NetBSD and with clang.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Feb 24 20:49:14 2014 UTC (5 years, 2 months ago) by joerg
Branch: MAIN

Add botan 1.11.8, the in-progress version of security/botan. It brings a
heavily changed x509 instructure and TLS support on top.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>