diff options
| author | joerg <joerg> | 2016-05-19 21:58:43 +0000 |
|---|---|---|
| committer | joerg <joerg> | 2016-05-19 21:58:43 +0000 |
| commit | b0cbad509f853ff05892047b4e03f0da53d9082e (patch) | |
| tree | 6a49a724e2ce21429253d446010085a640714f19 /security | |
| parent | 077e26f53e01ce9db1ceeec8a42956f78c6713a3 (diff) | |
| download | pkgsrc-b0cbad509f853ff05892047b4e03f0da53d9082e.tar.gz | |
Update to Botan 1.11.29:
- CVE-2016-2849: side channel attack against DSA and ECDSA
- CVE-2016-2850: failure to enforce TLS policies could lead to weaker
algorithms being choosen
- CVE-2016-2195: heap overflow in ECC point decoding
- CVE-2016-2196: heap overflow in P-521 reduction
- CVE-2016-2194: DOS against the modular reduction
- CVE-2015-7824: padding oracle attack against TLS CBC
- CVE-2015-7825: DOS due to certificate chains
- CVE-2015-7826: wildcard certifications verification failures
- CVE-2015-7827: protection against PKCS#1 side channel issues
- CVE-2015-5726: potential DOS with invalid zero-length BER
- CVE-2015-5727: unbound memory use with BER
- deprecation or removal of various insecure crypto primitives
- TLS heartbeat removed
- various other bugfixes and improvements.
Diffstat (limited to 'security')
9 files changed, 69 insertions, 139 deletions
diff --git a/security/botan-devel/Makefile b/security/botan-devel/Makefile index 20133a0ac30..9d71a66c2de 100644 --- a/security/botan-devel/Makefile +++ b/security/botan-devel/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.13 2016/02/26 11:40:30 jperkin Exp $ +# $NetBSD: Makefile,v 1.14 2016/05/19 21:58:43 joerg Exp $ -DISTNAME= Botan-1.11.16 +DISTNAME= Botan-1.11.29 PKGNAME= ${DISTNAME:tl} CATEGORIES= security MASTER_SITES= http://botan.randombit.net/releases/ diff --git a/security/botan-devel/PLIST b/security/botan-devel/PLIST index d1db1edeec9..ea357cc5006 100644 --- a/security/botan-devel/PLIST +++ b/security/botan-devel/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.5 2015/12/29 06:27:56 dholland Exp $ +@comment $NetBSD: PLIST,v 1.6 2016/05/19 21:58:43 joerg Exp $ bin/botan include/botan-1.11/botan/adler32.h include/botan-1.11/botan/aead.h @@ -18,9 +18,9 @@ include/botan-1.11/botan/b64_filt.h include/botan-1.11/botan/base64.h include/botan-1.11/botan/basefilt.h include/botan-1.11/botan/bcrypt.h -include/botan-1.11/botan/benchmark.h include/botan-1.11/botan/ber_dec.h include/botan-1.11/botan/bigint.h +include/botan-1.11/botan/blake2b.h include/botan-1.11/botan/blinding.h include/botan-1.11/botan/block_cipher.h include/botan-1.11/botan/blowfish.h @@ -40,12 +40,11 @@ include/botan-1.11/botan/ccm.h include/botan-1.11/botan/cert_status.h include/botan-1.11/botan/certstor.h include/botan-1.11/botan/cfb.h -include/botan-1.11/botan/chacha.h include/botan-1.11/botan/chacha20poly1305.h +include/botan-1.11/botan/chacha.h include/botan-1.11/botan/charset.h include/botan-1.11/botan/cipher_mode.h include/botan-1.11/botan/cmac.h -include/botan-1.11/botan/code_based_util.h include/botan-1.11/botan/comb4p.h include/botan-1.11/botan/comp_filter.h include/botan-1.11/botan/compression.h @@ -58,9 +57,10 @@ include/botan-1.11/botan/cryptobox.h include/botan-1.11/botan/ctr.h include/botan-1.11/botan/curve25519.h include/botan-1.11/botan/curve_gfp.h +include/botan-1.11/botan/curve_nistp.h +include/botan-1.11/botan/database.h include/botan-1.11/botan/data_snk.h include/botan-1.11/botan/data_src.h -include/botan-1.11/botan/database.h include/botan-1.11/botan/datastor.h include/botan-1.11/botan/der_enc.h include/botan-1.11/botan/des.h @@ -72,18 +72,18 @@ include/botan-1.11/botan/dl_group.h include/botan-1.11/botan/dlies.h include/botan-1.11/botan/dsa.h include/botan-1.11/botan/eax.h -include/botan-1.11/botan/ec_group.h include/botan-1.11/botan/ecb.h include/botan-1.11/botan/ecc_key.h include/botan-1.11/botan/ecdh.h include/botan-1.11/botan/ecdsa.h +include/botan-1.11/botan/ec_group.h include/botan-1.11/botan/elgamal.h include/botan-1.11/botan/eme.h include/botan-1.11/botan/eme_pkcs.h include/botan-1.11/botan/eme_raw.h -include/botan-1.11/botan/emsa.h -include/botan-1.11/botan/emsa1.h include/botan-1.11/botan/emsa1_bsi.h +include/botan-1.11/botan/emsa1.h +include/botan-1.11/botan/emsa.h include/botan-1.11/botan/emsa_pkcs1.h include/botan-1.11/botan/emsa_raw.h include/botan-1.11/botan/emsa_x931.h @@ -94,23 +94,19 @@ include/botan-1.11/botan/ffi.h include/botan-1.11/botan/filter.h include/botan-1.11/botan/filters.h include/botan-1.11/botan/fpe_fe1.h -include/botan-1.11/botan/fs.h include/botan-1.11/botan/gcm.h -include/botan-1.11/botan/get_byte.h -include/botan-1.11/botan/gf2m_rootfind_dcmp.h include/botan-1.11/botan/gf2m_small_m.h -include/botan-1.11/botan/goppa_code.h include/botan-1.11/botan/gost_28147.h include/botan-1.11/botan/gost_3410.h include/botan-1.11/botan/gost_3411.h include/botan-1.11/botan/has160.h include/botan-1.11/botan/hash.h include/botan-1.11/botan/hash_id.h -include/botan-1.11/botan/hex.h include/botan-1.11/botan/hex_filt.h +include/botan-1.11/botan/hex.h include/botan-1.11/botan/hkdf.h -include/botan-1.11/botan/hmac.h include/botan-1.11/botan/hmac_drbg.h +include/botan-1.11/botan/hmac.h include/botan-1.11/botan/hmac_rng.h include/botan-1.11/botan/http_util.h include/botan-1.11/botan/idea.h @@ -118,24 +114,22 @@ ${PLIST.x86}include/botan-1.11/botan/idea_sse2.h include/botan-1.11/botan/if_algo.h include/botan-1.11/botan/init.h include/botan-1.11/botan/kasumi.h -include/botan-1.11/botan/kdf.h include/botan-1.11/botan/kdf1.h include/botan-1.11/botan/kdf2.h +include/botan-1.11/botan/kdf.h include/botan-1.11/botan/keccak.h include/botan-1.11/botan/key_constraint.h include/botan-1.11/botan/key_filt.h -include/botan-1.11/botan/key_spec.h include/botan-1.11/botan/keypair.h +include/botan-1.11/botan/key_spec.h include/botan-1.11/botan/lion.h include/botan-1.11/botan/loadstor.h include/botan-1.11/botan/locking_allocator.h include/botan-1.11/botan/lookup.h include/botan-1.11/botan/mac.h include/botan-1.11/botan/mars.h -include/botan-1.11/botan/mce_kem.h include/botan-1.11/botan/mceies.h include/botan-1.11/botan/mceliece.h -include/botan-1.11/botan/mceliece_key.h include/botan-1.11/botan/md2.h include/botan-1.11/botan/md4.h include/botan-1.11/botan/md5.h @@ -146,6 +140,7 @@ include/botan-1.11/botan/misty1.h include/botan-1.11/botan/mode_pad.h include/botan-1.11/botan/mp_types.h include/botan-1.11/botan/mul128.h +include/botan-1.11/botan/name_constraint.h include/botan-1.11/botan/noekeon.h include/botan-1.11/botan/noekeon_simd.h include/botan-1.11/botan/nr.h @@ -162,15 +157,15 @@ include/botan-1.11/botan/par_hash.h include/botan-1.11/botan/parsing.h include/botan-1.11/botan/passhash9.h include/botan-1.11/botan/pbes2.h -include/botan-1.11/botan/pbkdf.h include/botan-1.11/botan/pbkdf1.h include/botan-1.11/botan/pbkdf2.h +include/botan-1.11/botan/pbkdf.h include/botan-1.11/botan/pem.h include/botan-1.11/botan/pipe.h -include/botan-1.11/botan/pk_keys.h -include/botan-1.11/botan/pk_ops.h include/botan-1.11/botan/pkcs10.h include/botan-1.11/botan/pkcs8.h +include/botan-1.11/botan/pk_keys.h +include/botan-1.11/botan/pk_ops.h include/botan-1.11/botan/point_gfp.h include/botan-1.11/botan/poly1305.h include/botan-1.11/botan/polyn_gf2m.h @@ -198,18 +193,17 @@ include/botan-1.11/botan/scan_name.h include/botan-1.11/botan/secmem.h include/botan-1.11/botan/secqueue.h include/botan-1.11/botan/seed.h -include/botan-1.11/botan/serp_simd.h include/botan-1.11/botan/serpent.h +include/botan-1.11/botan/serp_simd.h include/botan-1.11/botan/sha160.h ${PLIST.x86}include/botan-1.11/botan/sha1_sse2.h -${PLIST.x86_64}include/botan-1.11/botan/sha1_x86_64.h include/botan-1.11/botan/sha2_32.h include/botan-1.11/botan/sha2_64.h include/botan-1.11/botan/siphash.h include/botan-1.11/botan/siv.h include/botan-1.11/botan/skein_512.h -include/botan-1.11/botan/srp6.h include/botan-1.11/botan/srp6_files.h +include/botan-1.11/botan/srp6.h include/botan-1.11/botan/stream_cipher.h include/botan-1.11/botan/stream_mode.h include/botan-1.11/botan/sym_algo.h @@ -234,8 +228,8 @@ include/botan-1.11/botan/tls_session.h include/botan-1.11/botan/tls_session_manager.h include/botan-1.11/botan/tls_session_manager_sql.h include/botan-1.11/botan/tls_version.h -include/botan-1.11/botan/transform.h include/botan-1.11/botan/transform_filter.h +include/botan-1.11/botan/transform.h include/botan-1.11/botan/tss.h include/botan-1.11/botan/twofish.h include/botan-1.11/botan/types.h @@ -243,12 +237,12 @@ include/botan-1.11/botan/version.h include/botan-1.11/botan/whrlpool.h include/botan-1.11/botan/workfactor.h include/botan-1.11/botan/x509_ca.h +include/botan-1.11/botan/x509cert.h include/botan-1.11/botan/x509_crl.h include/botan-1.11/botan/x509_dn.h include/botan-1.11/botan/x509_ext.h include/botan-1.11/botan/x509_key.h include/botan-1.11/botan/x509_obj.h -include/botan-1.11/botan/x509cert.h include/botan-1.11/botan/x509path.h include/botan-1.11/botan/x509self.h include/botan-1.11/botan/x919_mac.h @@ -259,14 +253,15 @@ include/botan-1.11/botan/xts.h include/botan-1.11/botan/zlib.h lib/libbotan-1.11.a lib/libbotan-1.11.so -lib/libbotan-1.11.so.16 -lib/libbotan-1.11.so.16.16 +lib/libbotan-1.11.so.29 +lib/libbotan-1.11.so.29.29 lib/pkgconfig/botan-1.11.pc ${PYSITELIB}/botan.py share/doc/${PKGNAME}/license.txt share/doc/${PKGNAME}/manual/aead.rst share/doc/${PKGNAME}/manual/bigint.rst share/doc/${PKGNAME}/manual/building.rst +share/doc/${PKGNAME}/manual/compression.rst share/doc/${PKGNAME}/manual/contents.rst share/doc/${PKGNAME}/manual/credentials_manager.rst share/doc/${PKGNAME}/manual/cryptobox.rst @@ -277,6 +272,7 @@ share/doc/${PKGNAME}/manual/fpe.rst share/doc/${PKGNAME}/manual/index.rst share/doc/${PKGNAME}/manual/kdf.rst share/doc/${PKGNAME}/manual/lowlevel.rst +share/doc/${PKGNAME}/manual/mceliece.rst share/doc/${PKGNAME}/manual/ocsp.rst share/doc/${PKGNAME}/manual/passhash.rst share/doc/${PKGNAME}/manual/pbkdf.rst @@ -289,3 +285,5 @@ share/doc/${PKGNAME}/manual/tls.rst share/doc/${PKGNAME}/manual/versions.rst share/doc/${PKGNAME}/manual/x509.rst share/doc/${PKGNAME}/news.txt +share/doc/${PKGNAME}/pgpkey.txt +share/doc/${PKGNAME}/reading_list.txt diff --git a/security/botan-devel/distinfo b/security/botan-devel/distinfo index a69c7ba8b27..60437e5cbc1 100644 --- a/security/botan-devel/distinfo +++ b/security/botan-devel/distinfo @@ -1,11 +1,7 @@ -$NetBSD: distinfo,v 1.7 2015/11/04 01:17:42 agc Exp $ +$NetBSD: distinfo,v 1.8 2016/05/19 21:58:43 joerg Exp $ -SHA1 (Botan-1.11.16.tgz) = 7214da75a638a7b4a233aca4eccd94d8c688fd52 -RMD160 (Botan-1.11.16.tgz) = 7b82dd41243b7bb53d3d667db58afd7e2f948871 -SHA512 (Botan-1.11.16.tgz) = 3301bba49f121263b407c7225bb622415fb4b7e4940980b0fdcb04c277a52940b9aaf3a3567a2d02c9e94c853c9d8dbc22276f2b7f00c2397cfe0dda2bd80320 -Size (Botan-1.11.16.tgz) = 2843785 bytes -SHA1 (patch-src_build-data_arch_arm.txt) = 977a5917ee94e1bafb50f467e99d0f6e1e561ec9 -SHA1 (patch-src_build-data_makefile_header.in) = 517fbad5ef23dbda56759b80fb4981f04db20d8a -SHA1 (patch-src_lib_alloc_locking__allocator_locking__allocator.cpp) = a3cf1a6433ba04a4ff9dc52d04239f65c2f03916 -SHA1 (patch-src_lib_pubkey_mce_gf2m__small__m.cpp) = b0cbb16f0a6ded2f907aae0281b9e39f984ee968 -SHA1 (patch-src_lib_utils_read__cfg.cpp) = 026ca2ef8782e6caa960f3af15e6442c1ecef6d2 +SHA1 (Botan-1.11.29.tgz) = cf1673ff6bb50d4417cafd01c9aa196c77cc81db +RMD160 (Botan-1.11.29.tgz) = e4f982659f9b2470fdfcec6823c07d8114740abc +SHA512 (Botan-1.11.29.tgz) = c6ad6cf3d68c3524b9532e9f52e74d89cc2abfd093f1a46a44efa94a87b0fa50278f11dc5953225160d090cf8ae1c372f54c23b5dffd1f3dae79e210195cfd72 +Size (Botan-1.11.29.tgz) = 3137027 bytes +SHA1 (patch-src_lib_utils_os__utils.cpp) = f7bfadeb1eb614bc10ee8caad4fdddbaf4b43f1e diff --git a/security/botan-devel/patches/patch-src_build-data_arch_arm.txt b/security/botan-devel/patches/patch-src_build-data_arch_arm.txt deleted file mode 100644 index df968563eb7..00000000000 --- a/security/botan-devel/patches/patch-src_build-data_arch_arm.txt +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD: patch-src_build-data_arch_arm.txt,v 1.1 2014/05/21 01:22:14 joerg Exp $ - ---- src/build-data/arch/arm.txt.orig 2014-05-20 11:40:23.000000000 +0000 -+++ src/build-data/arch/arm.txt -@@ -5,6 +5,7 @@ family arm - <aliases> - armel # For Debian - armhf # For Debian -+evbarm # NetBSD - </aliases> - - <submodels> diff --git a/security/botan-devel/patches/patch-src_build-data_makefile_header.in b/security/botan-devel/patches/patch-src_build-data_makefile_header.in deleted file mode 100644 index af2f85360c4..00000000000 --- a/security/botan-devel/patches/patch-src_build-data_makefile_header.in +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-src_build-data_makefile_header.in,v 1.3 2015/09/13 02:31:22 joerg Exp $ - ---- src/build-data/makefile/header.in.orig 2015-08-23 22:18:08.463841376 +0000 -+++ src/build-data/makefile/header.in -@@ -9,7 +9,7 @@ SO_OBJ_FLAGS = %{shared_flags} - LIB_LINK_CMD = %{so_link} - - LIB_LINKS_TO = %{link_to} --APP_LINKS_TO = $(LIB_LINKS_TO) -+APP_LINKS_TO = $(LIB_LINKS_TO) $(USER_APP_LINKS_TO) - TEST_LINKS_TO = $(LIB_LINKS_TO) - - LIB_FLAGS = $(SO_OBJ_FLAGS) $(LANG_FLAGS) $(LIB_OPT) $(WARN_FLAGS) diff --git a/security/botan-devel/patches/patch-src_lib_alloc_locking__allocator_locking__allocator.cpp b/security/botan-devel/patches/patch-src_lib_alloc_locking__allocator_locking__allocator.cpp deleted file mode 100644 index 91d614e461b..00000000000 --- a/security/botan-devel/patches/patch-src_lib_alloc_locking__allocator_locking__allocator.cpp +++ /dev/null @@ -1,50 +0,0 @@ -$NetBSD: patch-src_lib_alloc_locking__allocator_locking__allocator.cpp,v 1.4 2015/09/13 02:31:22 joerg Exp $ - ---- src/lib/alloc/locking_allocator/locking_allocator.cpp.orig 2015-03-30 02:14:22.000000000 +0000 -+++ src/lib/alloc/locking_allocator/locking_allocator.cpp -@@ -8,10 +8,14 @@ - #include <botan/locking_allocator.h> - #include <botan/mem_ops.h> - #include <algorithm> -+#include <cstdlib> - #include <string> - - #include <sys/mman.h> - #include <sys/resource.h> -+#ifdef __sun -+#include <priv.h> -+#endif - - namespace Botan { - -@@ -25,6 +31,7 @@ const size_t ALIGNMENT_MULTIPLE = 2; - - size_t reset_mlock_limit(size_t max_req) - { -+#ifdef RLIMIT_MEMLOCK - struct rlimit limits; - ::getrlimit(RLIMIT_MEMLOCK, &limits); - -@@ -36,6 +39,22 @@ size_t reset_mlock_limit(size_t max_req) - } - - return std::min<size_t>(limits.rlim_cur, max_req); -+#elif defined(__sun) -+ priv_set_t *priv_set = priv_allocset(); -+ if (priv_set == nullptr) -+ return 0; -+ bool can_mlock = false; -+ -+ if(getppriv(PRIV_EFFECTIVE, priv_set) == 0) -+ can_mlock = priv_ismember(priv_set, PRIV_PROC_LOCK_MEMORY); -+ -+ priv_freeset(priv_set); -+ -+ /* XXX how to obtain the real limit? */ -+ return can_mlock ? std::min<size_t>(512 * 1024, max_req) : 0; -+#else -+ return 0; -+#endif - } - - size_t mlock_limit() diff --git a/security/botan-devel/patches/patch-src_lib_pubkey_mce_gf2m__small__m.cpp b/security/botan-devel/patches/patch-src_lib_pubkey_mce_gf2m__small__m.cpp deleted file mode 100644 index cac7dbba5b9..00000000000 --- a/security/botan-devel/patches/patch-src_lib_pubkey_mce_gf2m__small__m.cpp +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD: patch-src_lib_pubkey_mce_gf2m__small__m.cpp,v 1.1 2015/09/13 02:31:22 joerg Exp $ - ---- src/lib/pubkey/mce/gf2m_small_m.cpp.orig 2015-08-23 21:58:46.266355850 +0000 -+++ src/lib/pubkey/mce/gf2m_small_m.cpp -@@ -11,6 +11,7 @@ - #include <botan/gf2m_small_m.h> - #include <botan/code_based_util.h> - #include <string> -+#include <stdexcept> - - namespace Botan { - diff --git a/security/botan-devel/patches/patch-src_lib_utils_os__utils.cpp b/security/botan-devel/patches/patch-src_lib_utils_os__utils.cpp new file mode 100644 index 00000000000..66a55c650c6 --- /dev/null +++ b/security/botan-devel/patches/patch-src_lib_utils_os__utils.cpp @@ -0,0 +1,35 @@ +$NetBSD: patch-src_lib_utils_os__utils.cpp,v 1.1 2016/05/19 21:58:43 joerg Exp $ + +--- src/lib/utils/os_utils.cpp.orig 2016-03-21 01:26:12.000000000 +0000 ++++ src/lib/utils/os_utils.cpp +@@ -19,6 +19,10 @@ + #include <unistd.h> + #endif + ++#ifdef __sun ++#include <priv.h> ++#endif ++ + #if defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) + #include <windows.h> + #endif +@@ -171,6 +175,19 @@ size_t get_memory_locking_limit() + return BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB * 1024ULL; + } + } ++#elif defined(__sun) ++ priv_set_t *priv_set = priv_allocset(); ++ if (priv_set == nullptr) ++ return 0; ++ bool can_mlock = false; ++ ++ if(getppriv(PRIV_EFFECTIVE, priv_set) == 0) ++ can_mlock = priv_ismember(priv_set, PRIV_PROC_LOCK_MEMORY); ++ ++ priv_freeset(priv_set); ++ ++ /* XXX how to obtain the real limit? */ ++ return can_mlock ? std::min<size_t>(512 * 1024, max_req) : 0; + #endif + + return 0; diff --git a/security/botan-devel/patches/patch-src_lib_utils_read__cfg.cpp b/security/botan-devel/patches/patch-src_lib_utils_read__cfg.cpp deleted file mode 100644 index 3b7194b3ae5..00000000000 --- a/security/botan-devel/patches/patch-src_lib_utils_read__cfg.cpp +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD: patch-src_lib_utils_read__cfg.cpp,v 1.1 2015/09/13 02:31:22 joerg Exp $ - ---- src/lib/utils/read_cfg.cpp.orig 2015-08-23 22:01:34.263572670 +0000 -+++ src/lib/utils/read_cfg.cpp -@@ -6,6 +6,7 @@ - */ - - #include <botan/parsing.h> -+#include <stdexcept> - - namespace Botan { - |