Skip to content

Commit

Permalink
*botan3: update to 3.3.0
Browse files Browse the repository at this point in the history
Version 3.3.0, 2024-02-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix a potential denial of service caused by accepting arbitrary
  length primes as potential elliptic curve parameters in ASN.1
  encodings. With very large inputs the primality verification
  can become computationally expensive. Now any prime field larger
  than 1024 bits is rejected immediately. Reported by Bing Shi.
  (GH #3913)

* Add FrodoKEM post-quantum KEM (GH #3679 #3807 #3892)

* Add support for Blake2s (GH #3796)

* Add support for RFC 7250 in TLS 1.3 to allow authenticating peers
  using raw public keys (GH #3771)

* Update the BSI TLS policy to match the latest TR, particularly
  enabling support for TLS 1.3 (GH #3809)

* Add AsymmetricKey::generate_another() to generate a new key of the
  same type and parameters as an existing key (GH #3770 #3786)

* Add Private_Key::remaining_operations() that indicates the number of
  remaining signatures for stateful hash-based signatures (GH #3821)

* Add implementation of EC_PrivateKey::check_key() (GH #3782 #3804)

* Add hardware acceleration for SHA-512 on ARMv8 (GH #3860 #3864)

* X.509 certificates that contain Authority Information Access (AIA)
  extensions can now be encoded (GH #3784)

* Various functions defined in ``mem_ops.h`` are now deprecated
  for public use (GH #3759 #3752 #3757)

* The ASIO TLS stream can now be used with C++20 coroutines (GH #3764)

* New public header asio_compat.h to check compatibility of the ASIO
  TLS stream with the available boost version (1.73.0+) (GH #3765)

* Flatten input buffer sequences in the ASIO TLS stream to avoid
  creating unnecessarily small TLS records (GH #3839)

* Hard-rename the potentially harmful build configuration flag
  --terminate-on-asserts to --unsafe-terminate-on-asserts (GH #3755)

* Use modern SQLite3 APIs with integer width annotations from SQLite3 3.37
  (GH #3788 #3793)

* Generate and install a CMake package config file (botan-config.cmake)
  (GH #3722 #3827 #3830 #3825)

* Add TLS::Channel::is_handshake_complete() predicate method (GH #3762)

* Add support for setting thread names on Haiku OS and DragonflyBSD
  (GH #3758 #3785)

* Use /Zc:throwingNew with MSVC (GH #3858)

* Work around a warning in GCC 13 (GH #3852)

* Add a CLI utility for testing RSA side channels using the MARVIN
  toolkit (GH #3749)

* CLI utility 'tls_http_server' is now based on Boost Beast
  (GH #3763 #3791)

* CLI utility 'tls_client_hello' can detect and handle TLS 1.3 messages
  (GH #3820)

* Add a detailed migration guide for users of OpenSSL 1.1 (GH #3815)

* Various updates to the documentation and code examples
  (GH #3777 #3805 #3802 #3794 #3815 #3823 #3828 #3842 #3841 #3849 #3745)

* Fixes and improvements to the build experience using ``ninja``
  (GH #3751 #3750 #3769 #3798 #3848)

* Fix handling of cofactors when performing scalar blinding in EC (GH #3803)

* Fix potential timing side channels in Kyber (GH #3846 #3874)

* Fix a potential dangling reference resulting in a crash in the OCB
  mode of operation (GH #3814)

* Fix validity checks in the construction of the ASIO TLS stream
  (GH #3766)

* Fix error code handling in ASIO TLS stream (GH #3795 #3801 #3773)

* Fix a TLS 1.3 assertion failure that would trigger if the
  application callback returned an empty certificate chain. (GH #3754)

* Fix a RFC 7919 conformance bug introduced in 3.2.0, where the TLS
  server would fail to reject a client hello that advertised (only)
  FFDHE groups that are not known to us. (GH #3743 #3742 #3729)

* Fix that modifications made in TLS::Callbacks::tls_modify_extensions()
  for the TLS 1.3 Certificate message were not being applied. (GH #3792)

* Fix string mapping of the PKCS#11 mechanism RSA signing mechanism that
  use SHA-384 (GH #3868)

* Fix a build issue on NetBSD (GH #3767)

* Fix the configure.py to avoid recursing out of our source tree (GH #3748)

* Fix various clang-tidy warnings (GH #3822)

* Fix CLI tests on windows and enable them in CI (GH #3845)

* Use ``BufferStuffer`` and ``concat`` helpers in public key code
  (GH #3756 #3753)

* Add a nightly test to ensure hybrid TLS 1.3 PQ/T compatibility with
  external implementations (GH #3740)

* Internal memory operation helpers are now memory container agnostic
  using C++20 ranges (GH #3715 #3707)

* Public and internal headers are now clearly separated in the build
  directory. That restricts the examples build target to public headers.
  (GH #3880)

* House keeping for better code formatting with clang-format
  (GH #3862 #3865)

* Build documentation in CI and fail on warnings or errors (GH #3838)

* Work around a GitHub Actions CI issue (actions/runner-images#8659)
  (GH #3783 #3833 #3888)
  • Loading branch information
0-wiz-0 committed Feb 25, 2024
1 parent 526c4b9 commit 71defd7
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 14 deletions.
4 changes: 2 additions & 2 deletions security/botan3/Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
# $NetBSD: Makefile,v 1.8 2023/12/29 18:24:57 adam Exp $
# $NetBSD: Makefile,v 1.9 2024/02/25 14:58:00 wiz Exp $

PKGREVISION= 2
.include "Makefile.common"

PKGNAME= ${DISTNAME:S/Botan/botan3/}
Expand All @@ -12,6 +11,7 @@ HAS_CONFIGURE= yes
USE_LANGUAGES= c++
USE_TOOLS+= gmake
GCC_REQD+= 11
USE_CXX_FEATURES+= c++20

PYTHON_FOR_BUILD_ONLY= yes

Expand Down
5 changes: 3 additions & 2 deletions security/botan3/Makefile.common
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
# $NetBSD: Makefile.common,v 1.4 2023/10/19 15:17:20 wiz Exp $
# $NetBSD: Makefile.common,v 1.5 2024/02/25 14:58:00 wiz Exp $
#
# used by security/py-botan3/Makefile

DISTNAME= Botan-3.2.0
DISTNAME= Botan-3.3.0
CATEGORIES= security
MASTER_SITES= https://botan.randombit.net/releases/
EXTRACT_SUFX= .tar.xz
Expand Down
16 changes: 13 additions & 3 deletions security/botan3/PLIST
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
@comment $NetBSD: PLIST,v 1.4 2023/10/19 15:17:20 wiz Exp $
@comment $NetBSD: PLIST,v 1.5 2024/02/25 14:58:00 wiz Exp $
bin/botan3
include/botan-3/botan/aead.h
include/botan-3/botan/allocator.h
include/botan-3/botan/argon2.h
include/botan-3/botan/argon2fmt.h
include/botan-3/botan/asio_async_ops.h
include/botan-3/botan/asio_compat.h
include/botan-3/botan/asio_context.h
include/botan-3/botan/asio_error.h
include/botan-3/botan/asio_stream.h
Expand Down Expand Up @@ -62,6 +64,8 @@ include/botan-3/botan/ffi.h
include/botan-3/botan/filter.h
include/botan-3/botan/filters.h
include/botan-3/botan/fpe_fe1.h
include/botan-3/botan/frodo_mode.h
include/botan-3/botan/frodokem.h
include/botan-3/botan/gost_3410.h
include/botan-3/botan/hash.h
include/botan-3/botan/hex.h
Expand Down Expand Up @@ -95,6 +99,7 @@ include/botan-3/botan/pgp_s2k.h
include/botan-3/botan/pipe.h
include/botan-3/botan/pk_algs.h
include/botan-3/botan/pk_keys.h
include/botan-3/botan/pk_ops.h
include/botan-3/botan/pk_ops_fwd.h
include/botan-3/botan/pkcs10.h
include/botan-3/botan/pkcs11.h
Expand Down Expand Up @@ -171,10 +176,12 @@ include/botan-3/botan/xmss_parameters.h
include/botan-3/botan/xof.h
include/botan-3/botan/zfec.h
include/botan-3/botan/zlib.h
lib/cmake/Botan-${PKGVERSION}/botan-config-version.cmake
lib/cmake/Botan-${PKGVERSION}/botan-config.cmake
lib/libbotan-3.a
lib/libbotan-3.so
lib/libbotan-3.so.2
lib/libbotan-3.so.2.2.0
lib/libbotan-3.so.3
lib/libbotan-3.so.3.3.0
lib/pkgconfig/botan-3.pc
share/doc/${PKGNAME}/authors.txt
share/doc/${PKGNAME}/handbook/abi.rst
Expand All @@ -199,6 +206,7 @@ share/doc/${PKGNAME}/handbook/api_ref/otp.rst
share/doc/${PKGNAME}/handbook/api_ref/passhash.rst
share/doc/${PKGNAME}/handbook/api_ref/pbkdf.rst
share/doc/${PKGNAME}/handbook/api_ref/pkcs11.rst
share/doc/${PKGNAME}/handbook/api_ref/providers.rst
share/doc/${PKGNAME}/handbook/api_ref/psk_db.rst
share/doc/${PKGNAME}/handbook/api_ref/pubkey.rst
share/doc/${PKGNAME}/handbook/api_ref/python.rst
Expand Down Expand Up @@ -232,9 +240,11 @@ share/doc/${PKGNAME}/handbook/dev_ref/release_process.rst
share/doc/${PKGNAME}/handbook/dev_ref/test_framework.rst
share/doc/${PKGNAME}/handbook/dev_ref/todo.rst
share/doc/${PKGNAME}/handbook/goals.rst
share/doc/${PKGNAME}/handbook/hardware_acceleration.rst
share/doc/${PKGNAME}/handbook/index.rst
share/doc/${PKGNAME}/handbook/migration_guide.rst
share/doc/${PKGNAME}/handbook/old_news.rst
share/doc/${PKGNAME}/handbook/openssl_migration_guide.rst
share/doc/${PKGNAME}/handbook/packaging.rst
share/doc/${PKGNAME}/handbook/pgpkey.txt
share/doc/${PKGNAME}/handbook/roadmap.rst
Expand Down
9 changes: 4 additions & 5 deletions security/botan3/distinfo
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
$NetBSD: distinfo,v 1.4 2023/10/19 15:21:40 wiz Exp $
$NetBSD: distinfo,v 1.5 2024/02/25 14:58:00 wiz Exp $

BLAKE2s (Botan-3.2.0.tar.xz) = cdcb67817ff32606c6649d936af56c0e997d5eed93eb4a2460372fbfa513d88e
SHA512 (Botan-3.2.0.tar.xz) = 526cf71144584fef6e73f14f6aa1e2a7b03a92a3e51436287764bb61e742a94e02926bcc2aab038f08ef2169cb511152c8ecd71d51e06deb4875dc676875c2d9
Size (Botan-3.2.0.tar.xz) = 8998204 bytes
SHA1 (patch-src_lib_utils_os__utils.cpp) = 1db2ea94c4bd48b3567e69382d136d560720e3cf
BLAKE2s (Botan-3.3.0.tar.xz) = d590464efbb88c78d7bb9661a9a436b0f6ad878f2eefef1b12f4a2fa4a55d6e3
SHA512 (Botan-3.3.0.tar.xz) = 90930add225a2b4376046b3ed0177c71e7d19e983fb2b99c40751de5e6c3959b520eaa1e836782eb02ebc8aff8e9a4fd928f585de5e6b1798a8ad4aa0464f19b
Size (Botan-3.3.0.tar.xz) = 7164024 bytes
SHA1 (patch-src_scripts_install.py) = c8ac2a6315e0e53a0292447e8e6b967572de9d24
3 changes: 1 addition & 2 deletions security/py-botan3/Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
# $NetBSD: Makefile,v 1.3 2023/12/29 18:24:58 adam Exp $
# $NetBSD: Makefile,v 1.4 2024/02/25 14:58:00 wiz Exp $

PKGREVISION= 1
.include "../../security/botan3/Makefile.common"

PKGNAME= ${PYPKGPREFIX}-${DISTNAME:S/Botan/botan3/}
Expand Down

0 comments on commit 71defd7

Please sign in to comment.