Bug 230666 - security/botan2: Update to 2.7.0
Summary: security/botan2: Update to 2.7.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Steve Wills
URL: https://botan.randombit.net/news.html...
Keywords: security
Depends on:
Blocks:
 
Reported: 2018-08-16 08:50 UTC by Ralf van der Enden
Modified: 2018-08-22 18:20 UTC (History)
2 users (show)

See Also:
koobs: merge-quarterly?

Attachments
Update to Botan 2.7.0 (1.86 KB, patch)
2018-08-16 08:50 UTC, Ralf van der Enden 		tremere: maintainer-approval+
Details | Diff
Bump PORTREVISION of dependent ports (1.38 KB, patch)
2018-08-16 08:52 UTC, Ralf van der Enden 		tremere: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf van der Enden 2018-08-16 08:50:22 UTC 
Created attachment 196248 [details]
Update to Botan 2.7.0

Most notable fix:
2018-06-13 (CVE-2018-12435): ECDSA side channel

A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group.

Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.

Full changelog: https://botan.randombit.net/news.html#version-2-7-0-2018-07-02

Poudriere buildlog: https://pkg.cainites.net/build.html?mastername=freebsd_11x64-system&build=2018-08-16_10h32m16s
Comment 1 Ralf van der Enden 2018-08-16 08:52:56 UTC 
Created attachment 196249 [details]
Bump PORTREVISION of dependent ports
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-08-17 21:08:01 UTC 
A commit references this bug:

Author: swills
Date: Fri Aug 17 21:07:32 UTC 2018
New revision: 477448
URL: https://svnweb.freebsd.org/changeset/ports/477448

Log:
  Document issue in security/botan2

  PR:		230666

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-08-17 21:09:04 UTC 
A commit references this bug:

Author: swills
Date: Fri Aug 17 21:07:59 UTC 2018
New revision: 477449
URL: https://svnweb.freebsd.org/changeset/ports/477449

Log:
  security/botan2: update to 2.7.0

  While here, bump PORTREVISION on dependent ports

  PR:		230666
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer
  MFH:		2018Q3
  Security:	7762d7ad-2e38-41d2-9785-c51f653ba8bd

Changes:
  head/dns/powerdns/Makefile
  head/dns/powerdns-recursor/Makefile
  head/editors/encryptpad/Makefile
  head/security/botan2/Makefile
  head/security/botan2/distinfo
  head/security/botan2/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-08-22 18:19:19 UTC 
A commit references this bug:

Author: swills
Date: Wed Aug 22 18:18:45 UTC 2018
New revision: 477808
URL: https://svnweb.freebsd.org/changeset/ports/477808

Log:
  MFH: r477449

  security/botan2: update to 2.7.0

  While here, bump PORTREVISION on dependent ports

  PR:		230666
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer
  Security:	7762d7ad-2e38-41d2-9785-c51f653ba8bd

  Approved by:	ports-secteam (implicit)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/dns/powerdns/Makefile
  branches/2018Q3/dns/powerdns-recursor/Makefile
  branches/2018Q3/editors/encryptpad/Makefile
  branches/2018Q3/security/botan2/Makefile
  branches/2018Q3/security/botan2/distinfo
  branches/2018Q3/security/botan2/pkg-plist