File Botan.changes of Package Botan

Tue Apr  2 12:54:40 UTC 2019 - Daniel Molkentin <>

- Update to Botan 2.10

  * Bump SONAME

  * Warning: XMSS currently implements draft-06 which is not compatible with
    the final RFC 8391 specification. A PR is open to fix this, however it will
    break all current uses of XMSS. If you are currently using XMSS please
    comment at Otherwise the PR
    will be merged and support for draft-06 will be removed starting in 2.11.

  * Added a new certificate store implementation that can access the MacOS
    keychain certificate store. (GH #1830)

  * Redesigned Memory_Pool class, which services allocations out of a set of
    pages locked into memory (using mlock/VirtualLock). It is now faster and
    with improved exploit mitigations. (GH #1800)

  * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by
    25-35% on common CPUs. (GH #1815)

  * Unroll SHA-3 computation improving performance by 10-12% (GH #1838)

  * Add a Thread_Pool class. It is now possible to run the tests in multiple
    threads with --test-threads=N flag to select the number of threads to use.
    Use --test-threads=0 to run with as many CPU cores as are available on the
    current system. The default remains single threaded. (GH #1819)

  * XMSS signatures now uses a global thread pool instead of spawning new
    threads for each usage. This improves signature generation performance by
    between 10% and 60% depending on architecture and core count. (GH #1864)

  * Some functions related to encoding and decoding BigInts have been
    deprecated. (GH #1817)

  * Binary encoding and decoding of BigInts has been optimized by performing
    word-size operations when possible. (GH #1817)

  * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to
    make its meaning and usage more clear. The old name remains as a typedef.
    (GH #1816)

  * Support for using Boost filesystem and MSVC’s std::filesystem have been
    removed, since already POSIX and Win32 versions had to be maintained for
    portability. (GH #1814)

  * Newly generated McEliece and XMSS keys now default to being encrypted using
    SIV mode, support for which was added in 2.8.0. Previously GCM was used by
    default for these algorithms.

  * Use arc4random on Android systems (GH #1851)

  * Fix the encoding of PGP-S2K iteration counts (GH #1853 #1854)

  * Add a facility for sandboxing the command line util. Currently FreeBSD
    (Capsicum) and OpenBSD (pledge) sandboxes are supported. (GH #1808)

  * Use if constexpr when available.

  * Disable building shared libs on iOS as it was broken and it is not clear
    shared libraries are ever useful on iOS (GH #1865)

  * Renamed the darwin build target to macos. This should not cause any
    user-visible change. (GH #1866)

  * Add support for using sccache to cache the Windows CI build (GH #1807)

  * Add --extra-cxxflags option which allows adding compilation flags without
    overriding the default set. (GH #1826)

  * Add --format= option to the hash cli which allows formatting the output as
    base64 or base58, default output remains hex.

  * Add base58_enc and base58_dec cli utils for base58 encoding/decoding. (GH #1848)

  * Enable getentropy by default on macOS (GH #1862)

  * Avoid using -momit-leaf-frame-pointer flags, since -fomit-frame-pointer is
    already the default with recent versions of GCC.

  * Fix XLC sanitizer flags.

  * Rename Blake2b class to BLAKE2b to match the official name. There is a typedef for compat.

  * Fix a bug where loading a raw Ed25519_PublicKey of incorrect length would
    lead to a crash. (GH #1850)

  * Fix a bug that caused compilation problems using CryptoNG PRNG. (GH #1832)

  * Extended SHAKE-128 cipher to support any key between 1 and 160 bytes,
    instead of only multiples of 8 bytes.

  * Minor HMAC optimizations.

  * Build fixes for GNU/Hurd.

  * Fix a bug that prevented generating or verifying Ed25519 signatures in the
    CLI (GH #1828 #1829)

  * Fix a compilation error when building the amalgamation outside of the
    original source directory when AVX2 was enabled. (GH #1812)

  * Fix a crash when creating the amalgamation if a header file was edited on
    Windows but then the amalgamation was built on Linux (GH #1763)

Thu Jan 10 10:04:33 UTC 2019 - Daniel Molkentin <>

- Update to Botan 2.9

  * Bump SONAME

  * CVE-2018-20187 Address a side channel during ECC key generation, which used an
    unblinded Montgomery ladder. As a result, a timing attack can reveal
    information about the high bits of the secret key.
  * Fix bugs in TLS which caused negotiation failures when the client used an
    unknown signature algorithm or version (GH #1711 #1709 #1708)
  * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data
    was set after starting a message, the new AD was not reflected in the produced
    tag. Now with these modes setting an AD after beginning a message throws an
  * Use a smaller sieve which improves performance of prime generation.
  * Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256
    GB. (GH #1728)
  * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729)
  * Optimize AVX2 ChaCha (GH #1730)
  * Many more operations in BigInt, ECC and RSA code paths are either fully const
    time or avoid problematic branches that could potentially be exploited in a
    side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765
    #1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797)
  * Several optimizations for BigInt and ECC, improving ECDSA performance by as
    much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788)
  * Support recovering an ECDSA public key from a message/signature pair (GH #664
  * Add base58 encoding/decoding functions (GH #1783)
  * In the command line interface, add support for reading passphrases from the
    terminal with echo disabled (GH #1756)
  * Add CT::Mask type to simplify const-time programming (GH #1751)
  * Add new configure options --disable-bmi2, --disable-rdrand, and
    --disable-rdseed to prevent use of those instruction sets.
  * Add error_type and error_code functions to Exception type (GH #1744)
  * Now on POSIX systems posix_memalign is used instead of mmap for allocating the
    page-locked memory pool. This avoids issues with fork. (GH #602 #1798)
  * When available, use RDRAND to generate the additional data in
  * Use vzeroall/vzeroupper intrinsics to avoid AVX2/SSE transition penalties.
  * Support for Visual C++ 2013 has been removed (GH #1557 #1697)
  * Resolve a memory leak when verifying ECDSA signatures with versions of OpenSSL
    before 1.1.0 (GH #1698)
  * Resolve a memory leak using ECDH via OpenSSL (GH #1767)
  * Fix an error in XTS which prohibited encrypting values which were exactly the
    same length as the underlying block size. Messages of this size are allowed by
    the standard and other XTS implementations. (GH #1706)
  * Resolve a bug in TSS which resulted in it using an incorrect length field in
    the shares. Now the correct length is encoded, but either correct or buggy
    lengths are accepted when decoding. (GH #1722)
  * Correct a bug when reducing a negative BigInt modulo a small power of 2. (GH
  * Add CLI utils for threshold secret splitting. (GH #1722)
  * Fix a bug introduced in 2.8.0 that caused compilation failure if using a single
    amalgamation file with AVX2 enabled. (GH #1700)
  * Add an explicit OS target for Emscripten and improve support for it. (GH #1702)
  * Fix small issues when building for QNX
  * Switch the Travis CI build to using Ubuntu 16.04 (GH #1767)
  * Add options to to disable generation of pkg-config file, and (for
    systems where pkg-config support defaults to off, like Windows), to enable
    generating it. (GH #1268)
  * Modify to accept empty lists or trailing/extra commas. (GH #1705)

- Update to Botan 2.8

  * Add support for using Apple CommonCrypto library for hashing (GH #1667),
    cipher modes (GH #1674) and block ciphers (GH #1673).

  * Support for negotiating TLS versions 1.0 and 1.1 is disabled in the default
    TLS policy. In addition, support for negotiating TLS ciphersuites using CBC
    or CCM mode is disabled by default. Applications which need to interop with
    old peers must enable these in their TLS policy object. (GH #1651)

  * During primality testing, use a Lucas test in addition to Miller-Rabin. It
    is possible to construct a composite integer which passes n Miller-Rabin
    tests with probability (1/4)^n. So for a incautious verifier using a small
    number of tests (under 16 or so) it is possible if unlikely they would
    accept such a composite as prime. Adding a Lucas test precludes such an
    attack. (GH #1636)

  * Add XChaCha and XChaCha20Poly1305 (GH #1640)

  * Add AVX2 implementations of ChaCha (GH #1662) and Serpent (GH #1660)

  * Add a new password hashing interface in pwdhash.h (GH #1670)

  * C binding improvements. Added functions to get name and supported
    keylengths of cipher, hash and MAC objects, support for FE1 format
    preserving encryption (GH #1625 #1646), functions to load and save RSA keys
    in PKCS #1 format (GH #1621), HOTP and TOTP algorithms, scrypt, certificate
    verification (GH #1647), functions to get the output length of public key
    operations (GH #1642), and functions for loading and serializing X25519
    keys (GH #1681)

  * Support for building with BOTAN_MP_WORD_BITS set to 8 or 16 has been removed.

  * Previously SM2 had two distinct key types, one for signatures and another
    for encryption. They have now been merged into a single key type since in
    practice it seems the same key is at times used for both operations. (GH

  * The Cipher_Mode class now derives from SymmetricAlgorithm (GH #1639)

  * Add support for using the ARMv8 instructions for SM4 encryption (GH #1622)

  * The entropy source using SecRandomCopyBytes has been removed as it was
    redundant with other entropy sources (GH #1668)

  * The Python module has much better error checking and reporting, and offers
    new functionality such as scrypt, MPI and FPE. (GH #1643 #1646)

  * Fixed a bug that caused CCM to fail with an exception when used with L=8 (GH #1631 #1632)

  * The default bcrypt work factor has been increased from 10 to 12.

  * The default algorithm used in passhash9 has changed from SHA-256 to
    SHA-512, and the default work factor increased from 10 to 15.

  * In ECC private keys, include the public key data for compatibility with GnuTLS (GH #1634 #1635)

  * Add support for using Linux getrandom syscall to access the system PRNG.
    This is disabled by default, use --with-os-feature=getrandom to enable.

  * It is now possible to encrypt private keys using SIV mode.

  * The FFI function botan_privkey_load now ignores its rng argument.

  * Resolve a problem when building under Visual C++ 15.8 (GH #1624)

  * Fix a bug in XSalsa20 (192-bit Salsa nonces) where if set_iv was called
    twice without calling set_key, the resulting encryption was incorrect. (GH

  * Handle an error seen when verifying invalid ECDSA signatures using LibreSSL
    on non x86-64 platforms (GH #1627 #1628)

  * Fix bugs in PKCS7 and X9.23 CBC padding schemes, which would ignore the
    first byte in the event the padding took up the entire block. (GH #1690)

  * Correct bugs which would cause CFB, OCB, and GCM modes to crash when they
    were used in an unkeyed state. (GH #1639)

  * Optimizations for SM4 and Poly1305

  * Avoid a cache side channel in the AES key schedule

  * Add pk_encrypt and pk_decrypt CLI operations

  * Now asn1print CLI defaults to printing context-specific fields.

  * Use codec_base for Base64, which matches how Base32 is implemented (GH #1597)

  * The cast module has been split up into cast128 and cast256 (GH #1685)

  * When building under Visual C++ 2013, the user must acknowledge the upcoming
    removal of support using the flag --ack-vc2013-deprecated (GH

Tue Jul 31 10:44:02 UTC 2018 -

- Fix version in baselibs.conf 

Tue Jul 10 09:27:35 UTC 2018 -

- Update to Botan 2.7

  * CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH

  * Avoid a side channel in RSA key generation due to use of a non-constant
    time gcd algorithm. (GH #1542 #1556)

  * Optimize prime generation, especially improving RSA key generation. (GH

  * Make Karatsuba multiplication, Montgomery field operations, Barrett
    reduction and Montgomery exponentiation const time (GH #1540 #1606 #1609

  * Optimizations for elliptic curve operations especially improving reductions
    and inversions modulo NIST primes (GH #1534 #1538 #1545 #1546 #1547 #1550)

  * Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by
    ~25%. (GH #1564)

  * Unroll Montgomery reduction for specific sizes (GH #1603)

  * Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and
    GOST by 10-15%.

  * XMSS optimizations (GH #1583 #1585)

  * Fix an error that meant XMSS would only sign half as many signatures as is
    allowed (GH #1582)

  * Add support for base32 encoding/decoding (GH #1541)

  * Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584)

  * Allow the year to be up to 2200 in ASN.1 time objects. Previously this was
    limited to 2100. (GH #1536)

  * Add support for Scrypt password hashing (GH #1570)

  * Add support for using Scrypt for private key encryption (GH #1574)

  * Optimizations for DES/3DES, approx 50% faster when used in certain modes
    such as CBC decrypt or CTR.

  * XMSS signature verification did not check that the signature was of the
    expected length which could lead to a crash. (GH #1537)

  * The bcrypt variants 2b and 2y are now supported.

  * Support for 192-bit Suite B TLS profile is now implemented, as the 128-bit
    Suite B is since 2015 not allowed anymore.

  * Previously botan allowed GCM to be used with an empty nonce, which is not
    allowed by the specification. Now such nonces are rejected.

  * Avoid problems on Windows when compiling in Unicode mode (GH #1615 #1616)

  * Previously for ASN.1 encoded signatures (eg ECDSA) Botan would accept any
    valid BER encoding. Now only the single valid DER encoding is accepted.

  * Correct an error that could in rare cases cause an internal error exception
    when doing computations with the P-224 curve.

  * Optimizations to reduce allocations/copies during DER encoding and BER
    decoding (GH #1571 #1572 #1600)

  * Botan generates X.509 subject key IDs by hashing the public key with
    whatever hash function is being used to sign the certificate. However
    especially for SHA-512 this caused SKIDs that were far longer than
    necessary. Now all SKIDs are truncated to 192 bits.

  * In the test suite use mkstemp to create temporary files instead of creating
    them in the current working directory. (GH #1533 #1530)

  * It is now possible to safely override CXX when invoking make in addition to
    when is run. (GH #1579)

  * OIDs for Camellia and SM4 in CBC and GCM mode are now defined, making it
    possible to use this algorithms for private key encryption.

  * Avoid creating symlinks to the shared object on OpenBSD (#1535)

  * The factor command runs much faster on larger inputs now.

  * Support for Windows Phone/UWP was deprecated starting in 2.5. This
    deprecation has been reversed as it seems UWP is still actively used. (GH
    #1586 #1587)

  * Support for Visual C++ 2013 is deprecated, and will be removed in Jan 2019.

  * Added support for GCC’s –sysroot option to for

Thu Apr 12 16:06:00 UTC 2018 -

- fixed to build on armv6 and armv7

Tue Apr 10 15:07:00 UTC 2018 -

- Update to Botan 2.6

  * CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a
    malformed ciphertext cause the decryptor to read and HMAC an additional 64K
    bytes of data which is not part of the record. This could cause a crash if
    the read went into unmapped memory. No information leak or out of bounds
    write occurs.

  * Add support for OAEP labels (GH #1508)

  * RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster.

  * Add exponent blinding to RSA (GH #1523)

  * Add Cipher_Mode::create and AEAD_Mode::create (GH #1527)

  * Fix bug in TLS server introduced in 2.5 which caused connection to fail if
    the client offered any signature algorithm not known to the server (for
    example RSA/SHA-224).

  * Fix a bug in inline asm that would with GCC 7.3 cause incorrect
    computations and an infinite loop during the tests. (GH #1524 #1529)

Tue Apr  3 08:06:46 UTC 2018 -

- Update to Botan 2.5

  * Fix error in certificate wildcard matching (CVE-2018-9127), where a
    wildcard cert for b* would be accepted as a match for any host
    with name *b* (GH #1519)

  * Add support for RSA-PSS signatures in TLS (GH #1285)

  * Ed25519 certificates are now supported (GH #1501)

  * Many optimizations in ECC operations. ECDSA signatures are 8-10 times
    faster. ECDSA verification is about twice as fast. ECDH key agreement is
    3-4 times faster. (GH #1457 #1478)

  * Implement product scanning Montgomery reduction, which improves
    Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH

  * DSA signing and verification performance has improved by 30-50%.

  * Add a new Credentials_Manager callback that specifies which CAs the server
    has indicated it trusts (GH #1395 fixing #1261)

  * Add new TLS::Callbacks methods that allow creating or removing extensions,
    as well as examining extensions sent by the peer (GH #1394 #1186)

  * Add new TLS::Callbacks methods that allow an application to negotiate use
    of custom elliptic curves. (GH #1448)

  * Add ability to create custom elliptic curves (GH #1441 #1444)

  * Add support for POWER8 AES instructions (GH #1459 #1393 #1206)

  * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502

  * The default encoding of ECC public keys has changed from compressed to
    uncompressed point representation. This improves compatability with some
    common software packages including Golang’s standard library. (GH #1480

  * It is now possible to create DNs with custom components. (GH #1490 #1492)

  * It is now possible to specify the serial number of created certificates,
    instead of using the default 128-bit random integer. (GH #1489 #1491)

  * Change DL_Group and EC_Group to store their data as shared_ptr for fast
    copying. Also both classes precompute additional useful values (eg for
    modular reductions). (GH #1435 #1454)

  * Make it possible for PKCS10 requests to include custom extensions. This
    also makes it possible to use muliple SubjectAlternativeNames of a single
    type in a request, which was previously not possible. (GH #1429 #1428)

  * Add new optimized interface for FE1 format preserving encryption. By
    caching a number of values computed in the course of the FPE calculation,
    it provides a 6-7x speedup versus the old API. (GH #1469)

  * Add DSA and ElGamal keygen functions to FFI (#1426)

  * Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402)

  * Fix a memory leak in the OpenSSL block cipher integration, introduced in
  * 2.2.0

  * Use an improved algorithm for generating safe primes which is several tens
    of times faster. Also, fix a bug in the prime sieving algorithm which
    caused standard prime generation (like for RSA keys) to be slower than
    necessary. (GH #1413 #1411)

  * Correct the return value of PK_Encryptor::maximum_input_size which reported
    a much too small value (GH #1410)

  * Remove use of CPU specific optimization flags, instead the user should set
    these via CXXFLAGS if desired. (GH #1392)

  * Resolve an issue that would cause a crash in the tests if they were run on
    a machine without SSE2/NEON/VMX instructions. (GH #1495)

  * The Python module now tries to load DLLs from a list of names and uses the
    first one which successfully loads and indicates it supports the desired
    API level. (GH #1497)

  * Various minor optimizations for SHA-3 (GH #1433 #1434)

  * The output of botan --help has been improved (GH #1387)

  * Add --der-format flag to command line utils, making it possible verify
    DSA/ECDSA signatures generated by OpenSSL command line (GH #1409)

  * Add support for --library-suffix option to (GH #1405 #1404)

  * Use feature flags to enable/disable system specific code (GH #1378)

  * Add --msvc-runtime option to allow using static runtime (GH #1499 #210)

  * Add –enable-sanitizers= option to allow specifying which sanitizers to
    enable. The existing --with-sanitizers option just enables some default set
    which is known to work with the minimum required compiler versions.

  * Use either rst2man or for generating man page as distributions
    differ on where this program is installed (GH #1516)

  * The threefish module has been renamed threefish_512 since that is the
    algorithm it provides. (GH #1477)

  * The Perl XS based wrapper has been removed, as it was unmaintained and
    broken. (GH #1412)

  * The sqlite3 encryption patch under contrib has been removed. It is still
    maintained by the original author at

Fri Feb 16 16:07:40 UTC 2018 -

- drop explicit package requirements
- split binary package and documentation from dynamic library package
  and make documentation package noarch
- merge back Botan2 package to Botan with changelog history
- drop Botan patches
    aarch64-support.patch - doesn't seem to be required anymore
    Botan-fix_install_paths.patch - doesn't seem to be required
    no-cpuid-header.patch - SLE11 not target anymore
    Botan-fix_pkgconfig.patch - this seem to be wrong
    Botan-no-buildtime.patch - not needed anymore
    dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there
    Botan-inttypes.patch - not required
    Botan-ull_constants.patch.bz2 - no reason anymore

Wed Feb 14 10:29:44 UTC 2018 -

- change group of libbotan-%{version_suffix} to 'System/Libraries' as
  requested on review

Mon Feb 12 07:45:50 UTC 2018 -

- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just
  need the Update repository present.

Mon Feb 12 06:38:47 UTC 2018 -

- Rename libbotan-devel to libbotan2-devel. We can't have clashing
  packages in the archive because Botan1 and Botan2 provide the
  same -devel binary. Botan2 is also no API compatible with Botan.

Sun Feb 11 10:33:35 UTC 2018 -

- fix expected version after bump in baselibs.conf too

Thu Feb  8 14:11:08 UTC 2018 -

- fix unknown flag -fstack-clash-protection for openSUSE 42.3
- rename to Botan2
- drop Botan2-INT_MAX.patch as not needed anymore
- Bump to libbotan 2.4

  Changes and new features:

  * Several build improvements requested by downstream packagers,
    including the ability to disable building the static library. All
    makefile constructs that were specific to nmake or GNU make have
    been eliminated, thus the option ``--makefile-style`` which was
    previously used to select the makefile type has also been
    removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346)

  * Support for negotiating the DH group as specified in RFC 7919 is
    now available in TLS (GH #1263)

  * Support for ARIA-GCM ciphersuites are now available in TLS. They
    are disabled by default. (GH #1284)

  * Add support for generating and verifying X.509 objects
    (certificates, CRLs, etc) using RSA-PSS signatures (GH #1270 and

  * Add support for AES key wrapping with padding, as specified in RFC
    5649 and NIST SP 800-38F (GH #1301)

  * OCSP requests made during certificate verification had the
    potential to hang forever. Now the sockets are non-blocking and a
    timeout is enforced. (GH #1360 fixing GH #1326)

  * Add ``Public_Key::fingerprint_public`` which allows fingerprinting
    the public key.
    The previously available ``Private_Key::fingerprint`` is
    deprecated, now ``Private_Key::fingerprint_private`` should be
    used if this is required.  (GH #1357)

  * ECC certificates generated by Botan used an invalid encoding for
    the parameters field, which was rejected by some certificate
    validation libraries notably BouncyCastle. (GH #1367)

  * Loading an ECC key which used OID encoding for the domain
    parameters, then saving it, would result in a key using the
    explicit parameters encoding.  Now the OID encoding is
    retained. (GH #1365)

  * Correct various problems in certificate path validation that arose
    when multiple paths could be constructed leading to a trusted root
    but due to other constraints only some of them validated. (GH

  * It is now possible for certificate validation to return warning
    indicators, such as that the distinguished name is not within
    allowed limits or that a certificate with a negative serial number
    was observed. (GH #1363 #1359)

  * XMSS signatures now are multi-threaded for improved performance
    (GH #1267)

  * Fix a bug that caused the TLS peer cert list to be empty on a
    resumed session.  (GH #1303 #1342)

  * Increase the maximum HMAC key length from 512 bytes to 4096
    bytes. This allows using a DH key exchange in TLS with a group
    greater than 4096 bits. (GH #1316)

  * Fix a bug in the TLS server where, on receiving an SSLv3 client
    hello, it would attempt to negotiate TLS v1.2. Now a
    protocol_version alert is sent.  Found with tlsfuzzer. (GH #1316)

  * Fix several bugs related to sending the wrong TLS alert type in
    various error scenarios, caught with tlsfuzzer.

  * Add support for a ``tls_http_server`` command line utility which
    responds to simple GET requests. This is useful for testing
    against a browser, or various TLS test tools which expect the
    underlying protocol to be HTTP. (GH #1315)

  * Add an interface for generic PSK data stores, as well as an
    implementation which encrypts stored values with AES key
    wrapping. (GH #1302)

  * Optimize GCM mode on systems both with and without carryless
    multiply support. This includes a new base case implementation
    (still constant time), a new SSSE3 implementation for systems with
    SSSE3 but not clmul, and better algorithms for systems with clmul
    and pmull. (GH #1253 #1263)

  * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b,
    Blowfish, Twofish, CAST-128, and CRC24 (GH #1281)

  * Salsa20 now supports the seek operation.

  * Add ``EC_Group::known_named_groups`` (GH #1339)

  * Symmetric algorithms (block ciphers, stream ciphers, MACs) now
    verify that a key was set before accepting data. Previously
    attempting to use an unkeyed object would instead result in either
    a crash or invalid outputs. (GH #1279)

  * The X509 certificate, CRL and PKCS10 types have been heavily
    refactored internally. Previously all data of these types was
    serialized to strings, then in the event a more complicated data
    structure (such as X509_DN) was needed, it would be recreated from
    the string representation. However the round trip process was not
    perfect and could cause fields to become lost. This approach is no
    longer used, fixing several bugs (GH #1010 #1089 #1242 #1252). The
    internal data is now stored in a ``shared_ptr``, so copying such
    objects is now very cheap. (GH #884)

  * ASN.1 string objects previously held their contents as ISO 8859-1
    codepoints.  However this led to certificates which contained
    strings outside of this character set (eg in Cyrillic, Greek, or
    Chinese) being rejected. Now the strings are always converted to
    UTF-8, which allows representing any character. In addition, UCS-4
    strings are now supported.  (GH #1113 #1250 #1287 #1289)

  * It is now possible to create an uninitialized X509_Certificate
    object. Such an object will throw if any attempt to access its
    members is made. (GH #1335)

  * In BER decoder, avoid unbounded stack recursion when parsing
    nested indefinite length values. Now at most 16 nested indefinite
    length values are accepted, anything deeper resulting in a
    decoding error.  (GH #1304 OSS-Fuzz 4353).

  * A new ASN.1 printer API allows generating a string representation
    of arbitrary BER data. This is used in the ``asn1print`` command
    line utility and may be useful in other applications, for instance
    for debugging.

  * New functions for bit rotations that distinguish rotating by a
    compile-time constant vs a runtime variable rotation. This allows
    better optimizations in both cases. Notably performance of
    CAST-128 and CAST-256 are substantially improved. (GH #1247)

  * TLS CBC ciphersuites now are implemented using the standard CBC
    code, instead of reimplementing CBC inside the TLS stack. This
    allows for parallel decryption of TLS CBC ciphertexts, and
    improves performance especially when using AES hardware
    support. (GH #1269)

  * Add callbacks to make it possible for an application using TLS to
    provide custom implementations of signature schemes, eg when
    offloading the computations to another device. (GH #1332)

  * Use a direct calculation for calendar computations instead of
    relying on non-portable operating system interfaces. (GH #1336)

  * Fix a bug in the amalgamation generation which could cause build
    failures on some systems including macOS. (GH #1264 #1265)

  * A particular code sequence in TLS handshake would always (with an
    ECC ciphersuite) result in an exception being thrown and then
    caught.  This has changed so no exception is thrown. (GH #1275)

  * The code for byteswapping has been improved for ARMv7 and for
    Windows x86-64 systems using MSVC. (GH #1274)

  * The GMAC class no longer derives from GHASH. This should not cause
    any noticeable change for applications. (GH #1253)

  * The base implementation of AES now uses a single 4K table, instead
    of 4 such tables. This offers a significant improvement against
    cache-based side channels without hurting performance too much. In
    addition the table is now guaranteed to be aligned on a cache
    line, which ensures the additional countermeasure of reading each
    cache line works as expected. (GH #1255)

  * In TLS client resumption, avoid sending a OCSP stapling
    request. This caused resumption failures with some servers. (GH

  * The overhead of making a call through the FFI layer has been

  * The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were
    incorrect. They have been changed to use the correct encoding, and
    a test added to ensure such errors do not recur.

  * Counter mode allows setting a configurable width of the
    counter. Previously it was allowed for a counter of even 8 bits
    wide, which would mean the keystream would repeat after just 256
    blocks. Now it requires the width be at least 32 bits. The only
    way this feature could be used was by manually constructing a
    ``CTR_BE`` object and setting the second parameter to something in
    the range of 1 to 3.

  * A new mechanism for formatting ASN.1 data is included in
    ``asn1_print.h``.  This is the same functionality used by the
    command line ``asn1print`` util, now cleaned up and moved to the

  * Add ``Pipe::append_filter``. This is like the existing
    (deprecated) ``Pipe::append``, the difference being that
    ``append_filter`` only allows modification before the first call
    to ``start_msg``. (GH #1306 #1307)

  * The size of ASN1_Tag is increased to 32 bits. This avoids a
    problem with UbSan (GH #751)

  * Fix a bug affecting bzip2 compression. In certain circumstances,
    compression would fail with ``BZ_SEQUENCE_ERROR`` due to calling
    bzlib in an way it does not support. (GH #1308 #1309)

  * In 2.3.0, final annotations were added to many classes including
    the TLS policies (like ``Strict_Policy`` and
    ``BSI_TR_02102_2``). However it is reasonable and useful for an
    application to derive from one of these policies, so as to create
    an application specific policy that is based on a library-provided
    policy, but with a few tweaks. So the final annotations have been
    removed on these classes. (GH #1292)

  * A new option ``--with-pdf`` enables building a PDF copy of the
    handbook.  (GH #1337)

  * A new option ``--with-rst2man`` enables building a man page for
    the command line util using Docutils rst2man. (GH #1349)

  * Support for NEON is now enabled under Clang.

  * Now the compiler version is detected using the preprocessor,
    instead of trying to parse the output of the compiler's version
    string, which was subject to problems with localization. (GH

  * By default the gzip compressor will not include a timestamp in the
    header.  The timestamp can be set by passing it to the
    ``Gzip_Compression`` constructor.

  * Add an OID for RIPEMD-160

  * Fixes for CMake build (GH #1251)

  * Avoid some signed overflow warnings (GH #1220 #1245)

  * As upstream support for Native Client has been deprecated by
    Google, support is now also deprecated in Botan and will be
    removed in a future release.

  * The Perl-XS wrapper has not been maintained in many years. It is
    now deprecated, and if no attempts are made to revive it, it will
    be removed in a future release.

  * Support for building on IRIX has been removed.

Thu Jan 11 12:55:50 UTC 2018 -

- add Botan2-INT_MAX.patch
  * Fix “INT_MAX was not declared in this scope”
    in openSUSE Leap 42.1

Mon Jan  8 11:25:54 UTC 2018 -

- fix build. python3 configure itself is useless,
  we should make package python3 too.

Wed Nov  1 14:26:47 UTC 2017 -

- configure Botan explicitly with python3 

Wed Oct  4 07:49:54 UTC 2017 -

- Update to 1.10.17
  - Address a side channel affecting modular exponentiation. An attacker
    capable of a local or cross-VM cache analysis attack may be able to recover
    bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
    a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
    (GH #1192 #1148 #882, bsc#1060433)
  - Add SecureVector::data() function which returns the start of the buffer.
    This makes it slightly simpler to support both 1.10 and 2.x APIs in the
    same codebase.  When compiled by a C++11 (or later) compiler, a template
    typedef of SecureVector, secure_vector, is added. In 2.x this class is a
    std::vector with a custom allocator, so has a somewhat different interface
    than SecureVector in 1.10. But this makes it slightly simpler to support
    both 1.10 and 2.x APIs in the same codebase.
  - Fix a bug that prevented from running under Python3
  - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
    #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
    1.1 or later. (GH #753)
  - Import patches from Debian adding basic support for
    building on aarch64, ppc64le, or1k, and mipsn32 platforms.

  * obsoletes CVE-2017-14737.patch

  * refreshes aarch64-support.patch

  * drop ppc64le-support.patch for upstream version
    (disables altivec support as per concerns by upstream)

Tue Sep 26 13:03:46 UTC 2017 -

- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
  implementation allows local attacker to recover information about RSA secret
  * add CVE-2017-14737.patch

Thu Sep 21 09:48:17 UTC 2017 -

- Explicitly require libopenssl-1_0_0-devel (bsc#1055322)
  * Botan 1.x won't support OpenSSL 1.1

Wed Apr 12 14:52:45 UTC 2017 -

- Add patch to build SLES11 (allows for simplified backporting, e.g. bsc#968030)
  * add no-cpuid-header.patch
- Clean up spec file

Tue Apr 11 11:57:53 UTC 2017 -

- Update to 1.10.16 (Fixes CVE-2017-2801, bsc#1033605)
    * Fix a bug in X509 DN string comparisons that could result in out of bound
      reads. This could result in information leakage, denial of service, or
      potentially incorrect certificate validation results. (CVE-2017-2801)
    * Avoid use of C++11 std::to_string in some code added in 1.10.14 (GH #747 #834)
- Changes from 1.10.15:
    * Change an unintended behavior of 2.0.0, which named the include directory
      botan-2.0. Since future release of Botan-2 should be compatible with code
      written against old versions, there does not seem to be any reason to
    * version the include directory with the minor number. (GH #830 #833)
    * Fix a bug which caused an error when building on Cygwin or other platforms
      where shared libraries are not supported. (GH #821)
    * Enable use of readdir on Cygwin, which allows the tests to run (GH #824)
    * Switch to readthedocs Sphinx theme by default (GH #822 #823)

Wed Dec 28 12:02:11 CET 2016 -

- Update to 1.10.14
    * Fix integer overflow during BER decoding, found by Falko Strenzke.
      This bug is not thought to be directly exploitable but upgrading ASAP
      is advised. (CVE-2016-9132)
    * Fix two cases where (in error situations) an exception would be
      thrown from a destructor, causing a call to std::terminate.
    * When RC4 is disabled in the build, also prevent it from being
      included in the OpenSSL provider. (GH #638)

Sun Nov 13 01:32:18 UTC 2016 -

- Update to 1.10.13
  * Use constant time modular inverse algorithm to avoid possible side 
    channel attack against ECDSA (CVE-2016-2849)
  * Use constant time PKCS #1 unpadding to avoid possible side channel
    attack against RSA decryption (CVE-2015-7827)
  * Avoid a compilation problem in OpenSSL engine when ECDSA was
    disabled. Gentoo bug 542010

Fri May 13 07:31:21 UTC 2016 -

- Remove Qt5 dependency, since nothing is using it anymore.
- Fix double-prefix in botan-config and pkgconfig file.

Wed Feb  3 10:52:19 UTC 2016 -

- Update to 1.10.12

- Version 1.10.12, 2016-02-03
  * In 1.10.11, the check in PointGFp intended to check the affine y 
    argument actually checked the affine x again. Reported by Remi Gacogne
  * The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an 
    additional check in the multiplication function itself which was also 
    added in that release, so there are no security implications from the 
    missed check. However to avoid confusion the change was pushed in a new 
    release immediately.
  * The 1.10.11 release notes incorrectly identified CVE-2016-2195 as 
- Version 1.10.11, 2016-02-01
  * Resolve heap overflow in ECC point decoding. CVE-2016-2195
    Resolve infinite loop in modular square root algorithm. CVE-2016-2194
    Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239

Thu Dec 24 10:48:11 UTC 2015 -

- Add gpg signature
- Cleanup spec file with spec-cleaner

Fri Aug 14 08:54:09 UTC 2015 -

- Fix Source0 URL

Tue Aug 11 22:49:31 UTC 2015 -

- bump SONAME to libbotan-1_10-1
- Update to 1.10.10
  * SECURITY: The BER decoder would crash due to reading from offset 0
    of an empty vector if it encountered a BIT STRING which did not
    contain any data at all. As the type requires a 1 byte field this
    is not valid BER but could occur in malformed data. Found with
    afl. CVE-2015-5726
  * SECURITY: The BER decoder would allocate a fairly arbitrary amount
    of memory in a length field, even if there was no chance the read
    request would succeed. This might cause the process to run out of
    memory or invoke the OOM killer. Found with afl. CVE-2015-5727
  * Due to an ABI incompatible (though not API incompatible) change in
    this release, the version number of the shared object has been
  * The default TLS policy no longer allows RC4.
  * Fix a signed integer overflow in Blue Midnight Wish that may cause
    incorrect computations or undefined behavior.

- Update to 1.10.9
  * Fixed EAX tag verification to run in constant time
  * The default TLS policy now disables SSLv3.
  * A crash could occur when reading from a blocking random device if
    the device initially indicated that entropy was available but a
    concurrent process drained the entropy pool before the read was
  * Fix decoding indefinite length BER constructs that contain a
    context sensitive tag of zero. Github pull 26 from Janusz Chorko.
  * The botan-config script previously tried to guess its prefix from
    the location of the binary. However this was error prone, and now
    the script assumes the final installation prefix matches the value
    set during the build. Github issue 29.

Wed Jun 24 16:19:12 UTC 2015 -

- Change build dependence "libqt4-devel" to "libqt5-qtbase-devel".

Fri May  8 18:00:00 CET 2014 -

- Update to 1.10.8
  * Fix a bug in primality testing introduced in 1.8.3 which caused
    only a single random base, rather than a sequence of random bases,
    to be used in the Miller-Rabin test. This increased the
    probability that a non-prime would be accepted, for instance a
    1024 bit number would be incorrectly classed as prime with
    probability around 2^-40. Reported by Jeff Marrison.
  * The key length limit on HMAC has been raised to 512 bytes,
    allowing the use of very long passphrases with PBKDF2.

- Update to 1.10.7
  * OAEP had two bugs, one of which allowed it to be used even if the
    key was too small, and the other of which would cause a crash
    during decryption if the EME data was too large for the associated

Mon Mar  3 13:57:13 CET 2014 -

- change license to BSD-2-Clause as requested by legal 

Sun Dec  8 23:46:27 UTC 2013 -

- Add ppc64le architecture

- added patches:
  * ppc64le-support.patch
Mon Nov 11 20:11:43 UTC 2013 -

- Update to 1.10.6
  * The device reading entropy source now attempts to read from all
    available devices. Previously it would break out early if a
    partial read from a blocking source occured, not continuing to
    read from a non-blocking device. This would cause the library to
    fall back on slower and less reliable techniques for collecting
    PRNG seed material. Reported by Rickard Bellgrim.
  * HMAC_RNG (the default PRNG implementation) now automatically
    reseeds itself periodically. Previously reseeds only occured on
    explicit application request.
  * Fix an encoding error in EC_Group when encoding using
    EC_DOMPAR_ENC_OID. Reported by fxdupont on github.
  * In EMSA2 and Randpool, avoid calling name() on objects after
    deleting them if the provided algorithm objects are not suitable
    for use. Found by Clang analyzer, reported by Jeffrey Walton.
  * If X509_Store was copied, the u32bit containing how long to cache
    validation results was not initialized, potentially causing
    results to be cached for significant amounts of time. This could
    allow a certificate to be considered valid after its issuing CA’s
    cert expired. Expiration of the end-entity cert is always checked,
    and reading a CRL always causes the status to be reset, so this
    issue does not affect revocation. Found by Coverity scanner.
  * Avoid off by one causing a potentially unterminated string to be
    passed to the connect system call if the library was configured to
    use a very long path name for the EGD socket. Found by Coverity
  * In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and
    PK_Key_Agreement, avoid dereferencing an unitialized pointer if no
    engine supported operations on the key object given. Found by
    Coverity scanner.
  * Avoid leaking a file descriptor in the /dev/random and EGD entropy
    sources if stdin (file descriptor 0) was closed. Found by Coverity
  * Avoid a potentially undefined operation in the bit rotation
    operations. Not known to have caused problems under any existing
    compiler, but might have caused problems in the future. Caught by
    Clang sanitizer, reported by Jeffrey Walton.
  * Increase default hash iterations from 10000 to 50000 in PBES1 and
  * Add a fix for mips64el builds from Brad Smith.

Sat Mar 16 13:44:43 UTC 2013 -

- Update to 1.10.5
  * A potential crash in the AES-NI implementation of the AES-192 key schedule
    (caused by misaligned loads) has been fixed.
  * A previously conditional operation in Montgomery multiplication and
    squaring is now always performed, removing a possible timing channel.

Sun Mar 10 21:35:25 UTC 2013 -

- aarch64-support.patch: add support for aarch64

Fri Sep 14 20:08:15 UTC 2012 -

- update to 1.10.3:
  * A change in 1.10.2 accidentally broke ABI compatibility with 
    1.10.1 and earlier versions, causing programs compiled against 
    1.10.1 to crash if linked with 1.10.2 at runtime.
  * Recent versions of OpenSSL include extra information in ECC 
    private keys, the presence of which caused an exception when such 
    a key was loaded by botan. The decoding of ECC private keys has been 
    changed to ignore these fields if they are set.
- remove Botan-qt_thread_support.patch no needed anymore
Thu Aug 16 09:06:44 UTC 2012 -

- don't fiddle with march settings, we want the distro defaults
  (fixes build on ARM)

Tue Feb  7 08:04:05 UTC 2012 -

- little spec cleanup

Fri Sep 16 17:36:04 UTC 2011 -

- Implement baselibs.conf for package
- Remove obsolete/redundant tags

Mon Jul  4 17:14:21 CEST 2011 -

- Make package own its docdir.

Thu Jun 23 14:43:48 CEST 2011 -

- rename the devel package back to libbotan-devel as the main
  package allows to build only one -devel package

Wed Jun 22 16:10:32 CEST 2011 -

- Fix Requires for devel package.

Tue Jun 21 16:53:15 CEST 2011 -

- Devel package now is versioned so multiple devel packages may
  be installed in parallel.
- Devel package renamed back to Botan-devel to keep rpmlint from
  thinking it is a library package ...

- Update to 1.10.0:
  New Features:
  * SSL (SSLv3, TLS 1.0, and TLS 1.1 are currently supported)
  * GOST 34.10-2001 signature scheme (a Russian ECC signature standard
    analogous to ECDSA)
  * The SHA-3 candidates Keccak and Blue Midnight Wish
  * Bcrypt password hashing
  * XSalsa20
  * AES key wrapping
  * Comb4P hash combinator.

  Other Changes:
  * The block cipher interface now exposes any possible parallelism
    available to the implementation, and XTS, CTR, and CBC modes have been
    changed to use them.

  * SIMD implementations of Serpent, XTEA, Noekeon, and IDEA have been
    added, as has an implementation of AES using SSSE3 which runs both in
    constant time and, on recent processors, significantly faster than the
    usual table based implementation.  There have also been numerous
    optimizations to elliptic curves.

  * The documentation, previously written in LaTeX, is now in
    reStructuredText, which is converted into HTML with Sphinx.  This new
    format is significantly easier to write, encouraging more documentation
    to be written and updated.  And, indeed, a number of features never
    before documented are now described in the manual.

Wed Sep  1 16:38:40 CEST 2010 -

- Prefix last patch with Botan-.
- Enable building of the qt_mutex module. This means that from now
  on libbotan requires libQtCore.
- Fix test for thread/mutex support to also work for Qt4.

- Update to 1.8.10:

  * This release changes a number of aspects of how private keys are
    encrypted. The default encryption algorithm has changed from 3DES
    to AES-256

  * The default iteration count for PBES1 and PBES2 encryption schemes
    (which are used primarily to encrypt asymmetric keys like RSA or
    DSA) has increased from 2048 to 10000, which should make brute
    force key cracking substantially harder.

  * The first round of AES now uses a smaller set of lookup tables;
    this only reduces performance slightly but some timing and cache
    analysis attacks against AES are substantially harder when AES is
    implemented this way.

  * The class known as S2K was renamed PBKDF in 1.9, with a typedef
    for backwards compatibility. For providing an equivalent forward
    compatibility path, 1.8.10 includes a typedef for PBKDF and a new
    accessor function get_pbkdf. It also includes a new interface for
    deriving keys with a passphrase which takes both the passphrase
    and desired output length as well as the salt and iteration
    count; in many cases this call is actually significantly more
    convenient than the older API.

Tue Aug 31 09:22:59 UTC 2010 -

- Do not include build time and host in package to not trigger rebuilds.
- Add pkg-config build requires as suggested by rpmlint.

Wed Mar 10 01:01:48 CET 2010 -

- add patch from fedora to fix build on x86_64

Sun Jan 10 04:27:38 CET 2010 -

- run configure with --cpu=%_target to have correct bitness
  selected for SPARC

Mon Dec 21 17:34:49 UTC 2009 -

- do not patch arch specific Makefiles, but simply pass WARN_FLAGS

Mon Dec 21 00:32:43 CET 2009 -

- fix requires for devel package 

Wed Dec 16 13:13:16 CET 2009 -

- Remove patches that aren't needed anymore.

Fri Dec 11 19:43:25 CET 2009 -

- Update to Botan-1.8.8:
 - Alter Skein-512 to match the tweaked 1.2 specification
 - Fix use of inline asm for access to x86 bswap function
 - Allow building the library without AES enabled
 - For the complete changes since 1.6.4 see log.txt in

Mon Apr  7 13:20:18 CEST 2008 -

- No macros for package name.

Thu Apr  3 18:39:38 CEST 2008 -

- Update to 1.6.4. While the included fix is uninteresting for
  Linux, it makes it easier to rename the package once again to
  its old name:
    * Fix a compilation problem with Visual Studio C++ 2003 
Fri Aug  3 01:56:12 CEST 2007 -

- update to 1.6.3:
  * fixes various multithreading issues

Thu Jun 21 01:02:20 CEST 2007 -

- update to 1.6.2:
   * Remove a call to abort() that crept into production

Mon Apr 23 18:41:19 CEST 2007 -

- fix -devel package requires

Sat Mar 24 12:19:13 CET 2007 -

- Add libbz2-devel to BuildRequires.

Fri Mar  9 18:46:03 CET 2007 -

- Update to 1.6.1. Changes since 1.4.10:

    * Compilation fixes for the bzip2, zlib, and GNU MP modules
    * Better support for Intel C++ and EKOpath C++ on x86-64 
    * Cleanups in the initialization routines
    * Add some x86-64 assembly for multiply-add
    * Fix problems generating very small (below 384 bit) RSA keys
    * More improvements to the Python bindings 
    * Removed the Algorithm base class
    * Various cleanups in the public key inheritance hierarchy
    * Added x86 assembler implementations of Serpent and low-level MPI code
    * Optimizations for the SHA-1 x86 assembler
    * Various improvements to the Python wrappers
    * Add x86 assembler versions of MD4, MD5, and SHA-1
    * Expand InitializerOptions' language to support on/off switches
    * Fix possible resource leaks in the mmap allocator
    * Slightly optimized buffering in MDx_HashFunction
    * Initialization failures are dealt with somewhat better
    * Add an example implementing Pollard's Rho algorithm
    * Expand the xor_ciph example to support longer keys
    * Fixed bitrot in the AEP engine
    * Fix support for marking certificate/CRL extensions as critical
    * Significant cleanups in the library state / initialization code
    * LibraryInitializer takes an explicit InitializerOptions object
    * Make Mutex_Factory an abstract class, add Default_Mutex_Factory
    * Change configuration access to using global_state()
    * Add support for global named mutexes throughout the library
    * Add some STL wrappers for the delete operator
    * Change how certificates are created to be more flexible and general 
    * Many internal cleanups to the X.509 cert/CRL code
    * Allow for application code to support new X.509 extensions
    * Change the return type of X509_Certificate::{subject,issuer}_info
    * Allow for alternate character set handling mechanisms
    * Fix a bug that was slowing squaring performance somewhat
    * Fix a very hard to hit overflow bug in the C version of word3_muladd
    * Minor cleanups to the assembler modules
    * Further, major changes to the BER/DER coding system
    * Updated the Qt mutex module to use Mutex_Factory
    * Moved the library global state object into an anonymous namespace
    * The low-level DER/BER coding system was redesigned and rewritten
    * Portions of the certificate code were cleaned up internally
    * Use macros to substantially clean up the GCC assembly code
    * Some slight cleanups in X509_PublicKey::key_id 
    * Fixed a potential infinite loop in the memory pool code (Matt Johnston)
    * Made Pooling_Allocator::Memory_Block an actual class of sorts
    * Some small optimizations to the division and modulo computations
    * Cleaned up the implementation of some of the BigInt operators
    * Reduced use of dynamic memory allocation in low-level BigInt functions
    * A few simplifications in the Randpool mixing function
    * Removed power(), as it was not particularly useful (or fast)
    * Fixed some annoying bugs in the benchmark code
    * Added a real credits file 
    * Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
    * Fixed a memory access off-by-one in the Karatsuba code
    * Changed Pooling_Allocator's free list search to a log(N) algorithm
    * Merged ModularReducer with its only subclass, Barrett_Reducer
    * Fixed sign-handling bugs in some of the division and modulo code
    * Renamed the module description files to modinfo.txt
    * Further cleanups in the initialization code
    * Removed BigInt::add and BigInt::sub
    * Merged all the division-related functions into just divide()
    * Modified the <mp_asmi.h> functions to allow for better optimizations
    * Made the number of bits polled from an EntropySource user configurable
    * Avoid including <algorithm> in <botan/secmem.h>
    * Removed some dead code from bigint_modop
    * Fix the definition of same_mem 
    * Many optimizations in the low-level multiple precision integer code
    * Added hooks for assembly implementations of the MPI code
    * Support for the X.509 issuer alternative name extension in new certs
    * Fixed a bug in the decompression modules; found and patched by Matt Johnston
    * mem_pool.cpp was using std::set iterators instead of std::multiset ones
    * Fixed a bug in X509_CA preventing users from disabling particular extensions
    * Fixed the mp_asm64 module, which was entirely broken in 1.5.2
    * Fixed an off-by-one memory read in MISTY1::key()
    * Fixed a nasty memory leak in Output_Buffers::retire()
    * Reimplemented the memory allocator from scratch
    * Improved memory caching in Montgomery exponentiation
    * Optimizations for multiple precision addition and subtraction
    * Fixed a build problem in the hardware timer module on 64-bit PowerPC
    * Changed default Karatsuba cutoff to 12 words (was 14)
    * Removed MemoryRegion::bits(), which was unused and incorrect
    * Changed maximum HMAC keylength to 1024 bits
    * Various minor Makefile and build system changes
    * Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
    * Switched checks/clock.cpp back to using clock() by default
    * Removed the Default_Mutex's unused clone() member function 
    * Implemented Montgomery exponentiation
    * Implemented generalized Karatsuba multiplication and squaring
    * Implemented Comba squaring for 4, 6, and 8 word inputs
    * Added new Modular_Exponentiator and Power_Mod classes
    * Removed FixedBase_Exp and FixedExponent_Exp
    * Fixed a performance regression in get_allocator
    * Engines can now offer S2K algorithms and block cipher padding methods
    * Merged the remaining global 'algolist' code into Default_Engine
    * The low-level MPI code is linked as C again
    * Replaced BigInt's get_nibble with the more general get_substring
    * Moved all global/shared library state into a single object
    * Mutex objects are created through mutex factories instead of a global
    * Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
    * Removed the RNG_Quality enum entirely
    * There is now only a single global-use PRNG
    * Removed the no_aliases and no_oids options for LibraryInitializer
    * Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
    * Fixed an off-by-one memory read in MISTY1::key()
    * Fixed a nasty memory leak in Output_Buffers::retire()
    * Changed maximum HMAC keylength to 1024 bits
    * Changed Whirlpool diffusion matrix to match updated algorithm spec
    * Added a constructor to DataSource_Memory taking a std::string
    * Placing the same Filter in multiple Pipes triggers an exception
    * The configure script accepts --docdir and --libdir
    * Merged doc/rngs.txt into the main API document

Wed Jan 25 21:31:10 CET 2006 -

- converted neededforbuild to BuildRequires

Sat Jan 14 13:07:23 CET 2006 -

- Add gmp-devel to nfb

Mon Dec 19 11:58:35 CET 2005 -

- Update to 1.4.10
  - Bunch of cleanups and bugfixes added
  - Add KASUMI, the block cipher used in 3G phones
  - Binary file I/O can now be used with the data sink and source classes.
  - Pipe has been refactored
  - A possible memory leak in the OpenSSL engine was also fixed.

  - Randpool has been modified to use HMAC instead of a plain hash
    as its mixing operation.

Wed Nov 23 14:12:09 CET 2005 -

- Update to 1.4.9
  - new algorithms including MARS, SEED, Turing, and FORK-256.
  - include optimizations for RC6 and Twofish
  - much better support for 64-bit PowerPC
  - support for high resolution hardware timers on most PowerPC systems

Tue Nov 15 16:48:55 CET 2005 -

- fixed to build on ARM

Thu Sep 15 16:25:59 CEST 2005 -

- Initial package
- Use ISO C99 stdint.h to define integer types.
- Mark 64 bit hex constants as ULL to shut up the compiler.

openSUSE Build Service is sponsored by