- Update to Botan 2.9
* Bump SONAME
* CVE-2018-20187 Address a side channel during ECC key generation, which used an
unblinded Montgomery ladder. As a result, a timing attack can reveal
information about the high bits of the secret key.

* Fix bugs in TLS which caused negotiation failures when the client used an
unknown signature algorithm or version (GH #1711 #1709 #1708)

* Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data
was set after starting a message, the new AD was not reflected in the produced
tag. Now with these modes setting an AD after beginning a message throws an
exception.

* Use a smaller sieve which improves performance of prime generation.

* Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256
GB. (GH #1728)

* Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729)

* Optimize AVX2 ChaCha (GH #1730)

* Many more operations in BigInt, ECC and RSA code paths are either fully const
time or avoid problematic branches that could potentially be exploited in a
side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765
#1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797)

* Several optimizations for BigInt and ECC, improving ECDSA performance by as
much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788) (forwarded request 689411 from dmolkentin)