17 Commits

Author SHA1 Message Date
Khem Raj 6bff9188c7 botan: Make it reproducible
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-08-15 23:20:05 -07:00
Wang Mingyu ed2c9d24a5 botan: upgrade 3.4.0 -> 3.5.0
License-Update: Copyright year updated to 2024.

Changelog:
==========
* CVE-2024-34702: Fix a DoS caused by excessive name constraints.
* CVE-2024-39312: Fix a name constraint processing error, where if
  permitted and excluded rules both applied to a certificate, only the
  permitted rules would be checked.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-07-15 16:36:10 -07:00
Wang Mingyu b2aea7bec1 botan: upgrade 3.2.0 -> 3.4.0
Changelog:
============
- Add Ed448 signatures and X448 key exchange
- X.509 certificate verification now can optionally ignore the expiration date of root certificates.
- Support for "hybrid" EC point encoding is now deprecated.
- Support for creating EC_Group objects with parameters larger than 521 bits is now deprecated
- Add new build options to disable deprecated features, and to enable experimental features.
- Fix a bug affecting use of SIV and CCM ciphers in the FFI interface.
- Add new FFI interface botan_cipher_requires_entire_message
- Internal refactorings of the mp layer to support a new elliptic curve library.
- Use a new method for constant time division in Kyber to avoid a possible side channel where the compiler inserts use of a variable time division.
- Refactor test RNG usage to improve reproducibility.
- Add std::span interfaces to BigInt
- Refactorings and improvements to low level load/store utility functions.
- Fix the amalgamation build on ARM64
- Add Mac ARM based CI build
- Fix a thread serialization bug that caused sporadic test failures.
- Update GH Actions to v4
- Add examples of password based encryption and HTTPS+ASIO client.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-06-07 09:11:55 -07:00
alperak b18bbc7467 botan: upgrade 2.19.3 -> 3.2.0
License-Update: Copyright year updated.

Changelog:

https://botan.randombit.net/news.html#version-3-0-0-2023-04-11
https://botan.randombit.net/news.html#version-3-1-0-2023-07-11
https://botan.randombit.net/news.html#version-3-1-1-2023-07-13
https://botan.randombit.net/news.html#version-3-2-0-2023-10-09

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-17 11:38:25 -08:00
Chen Pei 2392dc7925 botan: upgrade 2.19.2 -> 2.19.3
Version 2.19.3, 2022-11-16
    CVE-2022-43705: A malicious OCSP responder could forge OCSP responses due to a
    failure to validate that an embedded certificate was issued by the end-entity
    issuing certificate authority.

Signed-off-by: Chen Pei <cp0613@linux.alibaba.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-11-25 18:11:10 -08:00
Wang Mingyu 1711600fc5 botan: upgrade 2.19.1 -> 2.19.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-06-06 13:58:43 -07:00
wangmy ac3bf04b28 botan: upgrade 2.18.2 -> 2.19.1
License-Update: year updated to 2022.

Changelog:
=========
Fix a compilation problem affecting macOS XCode (GH #2880)
Fix a build problem preventing amalgamation builds in 2.19.0 (GH #2879)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-25 10:56:04 -08:00
wangmy b8a5f0740b botan: upgrade 2.18.1 -> 2.18.2
Version 2.18.2, 2021-10-25
Avoid using short exponents when encrypting in ElGamal,
as some PGP implementations generate keys with parameters
that are weak when short exponents are used (GH #2794)

Fix a low risk OAEP decryption side channel (GH #2797)

Work around a miscompilation of SHA-3 caused by a bug in Clang 12
and XCode 13. (GH #2826)

Remove support in OpenSSL provider for algorithms which are disabled
by default in OpenSSL 3.0 (GH #2823, #2814)

Add CI based on GitHub actions to replace Travis CI (GH #2632)

Fix the online OCSP test, as the certificate involved had expired.
(GH #2799)

Fix some test failures induced by the expiration of the trust root
"DST Root CA X3" (GH #2820)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-03 06:57:48 -07:00
Martin Jansa c61dc077bb Convert to new override syntax
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03 10:21:25 -07:00
Andreas Müller ed03fea315 botan: upgrade 2.14.0 -> 2.18.1
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-05-24 07:39:35 -07:00
Khem Raj 68c431c2c2 botan: Mark incompatible with riscv32
CPU is not supported _yet_

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-15 12:25:53 -08:00
Pierre-Jean Texier 44abef2c1d botan: upgrade 2.13.0 -> 2.14.0
See full changelog https://botan.randombit.net/news.html#version-2-14-0-2020-04-06

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-04-08 18:15:54 -07:00
Khem Raj c64b204a3a botan: Define --libdir to fix multilib build issues
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-03-17 19:46:35 -07:00
Wang Mingyu 81f14485fc botan: upgrade 2.11.0 -> 2.13.0
-License-Update: Copyright year updated to 2020.

Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-01-07 17:54:00 -08:00
Oleksandr Kravchuk 6817c01328 botan: update to 2.11.0
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-16 18:24:48 -07:00
Khem Raj f58ae7a64b botan: Upgrade to 2.9.0
License-Update: Update copyright years to 2019

https://github.com/randombit/botan/commit/d5edb39e968893bafe87a6a5ef12af45914c0d70#diff-98cd14c95bb22f9d397da0603a77d950

Swith to tarball fetcher

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-30 17:17:54 -08:00
Khem Raj 70a0692211 botan: Add recipe
botan is a common crypto library used by various infrastructures e.g.
qtcreator chromium etc. Its beneficial to build it once for the system
and let apps use it if possible

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-09-29 02:10:12 -07:00