Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libbotan-2-19-2.19.3-2.1 RPM for riscv64

From OpenSuSE Ports Tumbleweed for riscv64

Name: libbotan-2-19 Distribution: openSUSE Tumbleweed
Version: 2.19.3 Vendor: openSUSE
Release: 2.1 Build date: Thu Nov 23 03:49:22 2023
Group: System/Libraries Build host: i01-ch1c
Size: 5271013 Source RPM: Botan-2.19.3-2.1.src.rpm
Summary: A C++ Crypto Library
Botan is a C++ library that provides support for many common
cryptographic operations, including encryption, authentication, and
X.509v3 certificates and CRLs. A wide variety of algorithms is
supported, including RSA, DSA, DES, AES, MD5, and SHA-1.






* Fri Nov 17 2023 Marcus Meissner <>
  - remove botan binary (moves to Botan3)
* Thu Nov 17 2022 Jason Sikes <>
  - Update to 2.19.3:
    * validate that an embedded certificate was issued by the end-entity
      issuing certificate authority when checking OCSP responses.
    * CVE-2022-43705
    * bsc#1205509
* Wed Jun 08 2022 Dirk Müller <>
  - update to 2.19.2:
    * Add support for parallel computation in Argon2
    * Add SSSE3 implementation of Argon2
    * The OpenSSL provider was incompatible with OpenSSL 3.0.
      It has been removed
    * Avoid using reserve in secure_vector appending, which caused
      a performance problem
    * Fix TLS::Text_Policy behavior when X25519 is disabled
      at build time
    * Fix several warnings from Clang
* Sun Jan 23 2022 Andreas Stieger <>
  - update to 2.19.1:
    * Add a forward error correction code compatible with the zfec
* Wed Nov 24 2021 Dirk Müller <>
  - update to 2.18.2:
    * Avoid using short exponents when encrypting in ElGamal, as some PGP
      implementations generate keys with parameters that are weak when
      short exponents are used CVE-2021-40529 boo#1190244
    * Fix a low risk OAEP decryption side channel
    * Work around a miscompilation of SHA-3 caused by a bug in Clang 12
      and XCode 13
    * Remove support in OpenSSL provider for algorithms which are
      disabled by default in OpenSSL 3.0
    * Add CI based on GitHub actions to replace Travis CI
    * Fix the online OCSP test, as the certificate involved had expired.
    * Fix some test failures induced by the expiration of the trust root
      "DST Root CA X3"
* Mon May 10 2021 Andreas Stieger <>
  - Botan 2.18.1:
    * Fix a build regression in 2.18.0 which caused linker flags
      which contain -l within them (such as -fuse-linker-plugin)
      to be misinterpreted
    * Fix a bug which caused decoding a certificate which contained
      more than one name in a single RDN
    * Fix a bug which caused OID lookup failures when run in a locale
      which uses thousands separators (pt_BR was reported as having
      this issue)
    * DNS names in name constraints were compared with case
      sensitivity, which could cause valid certificates to be
    * X.509 name constraint extensions were rejected if non-critical.
      RFC 5280 requires conforming CAs issue such extensions as
      critical, but not all certificates are compliant, and all other
      known implementations do not require this
    * X.509 name constraints were incorrectly applied to the
      certificate which included the constraint
  - build with lzma compression support
  - build with SQLite support
  - build with TPM support
  - fix SLE 12 build
* Fri Apr 16 2021 Ferdinand Thiessen <>
  - Botan 2.18.0
    * Add support for implementing custom RNG objects through the FFI
    * Improve safegcd bounds, improving runtime performance
    * Reject non-TLS messages as quickly as possible without waiting
      for a full record.
    * Fixes for TLS::Stream::async_shutdown
  - Removed unneeded GNU MP build requirement, support was dropped
    with version 1.11.10
  - Enabled check target, verify integrity of build library
* Wed Dec 23 2020 Andreas Stieger <>
  - Botan 2.17.3:
    * Harden against side-channels from decoding secret values by
      changing the base64, base58, base32, and hex encoding and
      decoding opearations to run in constant time
* Fri Nov 13 2020 Andreas Stieger <>
  - Botan 2.17.2:
    * Fix build problem on ppc64
    * Resolve an issue in the modular square root algorithm
* Sat Nov 07 2020 Andreas Stieger <>
  - Botan 2.17.1:
    * Fix bugs in ECDSA signature generation and verifications under
      specific circumstances
    * developer visible changes, including deprecation with warnings
    * optimization in the non-hardware assisted AES key generation
    * Add more detection logic for AVX-512 features
    * Fix a bug parsing deeply nested cipher names
    * Prevent requesting DER encoding of signatures when the
      algorithm did not support it
* Tue Oct 27 2020 Pedro Monreal <>
  - Update to 2.16.0:
    * Now userspace PRNG objects (such as AutoSeeded_RNG and HMAC_DRBG)
      use an internal lock, which allows safe concurrent use. This
      however is purely a precaution in case of accidental sharing of
      such RNG objects; for performance reasons it is always preferable
      to use a RNG per thread if a userspace RNG is needed.
    * DL_Group and EC_Group objects now track if they were created
      from a known trusted group (such as P-256 or an IPsec DH
      parameter). If so, then verification tests can be relaxed, as
      compared to parameters which may have been maliciously
      constructed in order to pass primality checks.
    * RandomNumberGenerator::add_entropy_T assumed its input was a POD
      type but did not verify this.
    * Support OCSP responders that live on a non-standard port.
    * Add support for Solaris sandbox.
    * Support suffixes on release numbers for alpha/beta releases.
    * Fix a bug in EAX which allowed requesting a 0 length tag, which
      had the effect of using a full length tag. Instead omit the
      length field, or request the full tag length explicitly.
    * Fix a memory leak in GCM where if passed an unsuitable block
      cipher (eg not 128 bit) it would throw an exception and leak
      the cipher object.
* Sun Aug 16 2020 Dirk Mueller <>
  - update to 2.15:
    Fix a bug where the name constraint extension did not constrain the alternative
    DN field which can be included in a subject alternative name. This would allow
    a corrupted sub-CA which was otherwise constrained by a name constraint to
    issue a certificate with a prohibited DN.
    Fix a bug in the TLS server during client authentication where where if a
    (disabled by default) static RSA ciphersuite was selected, then no certificate
    request would be sent. This would have an equivalent effect to a client which
    simply replied with an empty Certificate message. (GH #2367)
    Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
    a result AES is now constant time on all processors. (GH #2346 #2348 #2353
    [#2329] #2355)
    In TLS, enforce that the key usage given in the server certificate allows the
    operation being performed in the ciphersuite. (GH #2367)
    In X.509 certificates, verify that the algorithm parameters are the expected
    NULL or empty. (GH #2367)
    Change the HMAC key schedule to attempt to reduce the information leaked from
    the key schedule with regards to the length of the key, as this is at times (as
    for example in PBKDF2) sensitive information. (GH #2362)
    Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
    previous RDRAND_RNG interface is deprecated. (GH #2352)
    The documentation claimed that mlocked pages were created with a guard page
    both before and after. However only a trailing guard page was used. Add a
    leading guard page. (GH #2334)
    Add support for generating and verifying DER-encoded ECDSA signatures in the C
    and Python interfaces. (GH #2357 #2356)
    Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
    When building documentation using Sphinx avoid parallel builds with version 3.0
    due to a bug in that version (GH #2326 #2324)
    Fix a memory leak in the CommonCrypto block cipher calls (GH #2371)
    Fix a flaky test that would occasionally fail when running the tests with a
    large number of threads. (GH #2325 #2197)
    Additional algorithms are now deprecated: XTEA, GOST, and Tiger. They will be
    removed in a future major release.
* Wed Apr 08 2020 Paolo Stivanin <>
  - Update to Botan 2.14:
    * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247)
    * Optimize the vector permute AES implementation, especially improving
      performance on ARMv7, Aarch64, and POWER. (GH #2243)
    * Use a new algorithm for modular inversions which is both faster
      and more resistant to side channel attacks. (GH #2287 #2296 #2301)
    * Address an issue in CBC padding which would leak the length of the plaintext
      which was being padded. Unpadding during decryption was not affected.
    * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295)
    * Increase the size of the ECC blinding mask and scale it based on the
      size of the group order. (GH #880 #893 #2308)
    * Add server side support for the TLS asio wrapper. (GH #2229)
    * Add support for using Windows certificate store on MinGW (GH #2280)
    * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter.
    * Add Roughtime client (GH #2143 #1842)
    * Add support for XMSS X.509 certificates (GH #2172)
    * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213)
    * Add AVX2 implementation of SHACAL2 (GH #2196)
    * Support more functionality for X.509 in the Python API (GH #2165)
    * Add generic CPU target useful when building for some new or unusual platform.
    * Disable MD5 in BSI or NIST modes (GH #2188)
    * Many currently public headers are being deprecated. If any such header is included by
      an application, a warning is issued at compile time.
      Headers issuing this warning will be made internal in a future major release.
    * RSA signature performance improvements (GH #2068 #2070)
    * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and
      ChaCha20Poly1305 (GH #2117), especially for small messages.
    * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100)
    * Improve performance of POWER8 AES instructions (GH #2096)
    * Add support for the POWER9 hardware random number generator (GH #2026)
    * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022)
    * In DTLS server, support a client crashing and then reconnecting from the same
      source port, as described in RFC 6347 sec 4.2.8 (GH #2029)
    * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042)
    * Add support for the TLS v1.3 downgrade indicator. (GH #2027)
    * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987)
    * Add Bcrypt-PBKDF (GH #1990)
    * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999)
    * Add support for the TLS v1.3 supported_versions extension. (GH #1976)
    * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000)
    * Add support for OCSP stapling on server side. (GH #1703 #1967)
    * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992)
    * Add a certificate store for Linux/Unix systems. (GH #1885 #1936)
    * Various Fixes



Generated by rpm2html 1.8.1

Fabrice Bellet, Sun May 19 23:48:44 2024