Bug 230666

Summary: security/botan2: Update to 2.7.0
Product: Ports & Packages Reporter: Ralf van der Enden <tremere>
Component: Individual Port(s)Assignee: Steve Wills <swills>
Status: Closed FIXED    
Severity: Affects Some People CC: ports-secteam, swills
Priority: --- Keywords: security
Version: LatestFlags: koobs: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://botan.randombit.net/news.html#version-2-7-0-2018-07-02
Attachments:
Description Flags
Update to Botan 2.7.0
tremere: maintainer-approval+
Bump PORTREVISION of dependent ports tremere: maintainer-approval+

Description Ralf van der Enden 2018-08-16 08:50:22 UTC 
Created attachment 196248 [details]
Update to Botan 2.7.0

Most notable fix:
2018-06-13 (CVE-2018-12435): ECDSA side channel

A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group.

Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.

Full changelog: https://botan.randombit.net/news.html#version-2-7-0-2018-07-02

Poudriere buildlog: https://pkg.cainites.net/build.html?mastername=freebsd_11x64-system&build=2018-08-16_10h32m16s
Comment 1 Ralf van der Enden 2018-08-16 08:52:56 UTC 
Created attachment 196249 [details]
Bump PORTREVISION of dependent ports
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-08-17 21:08:01 UTC 
A commit references this bug:

Author: swills
Date: Fri Aug 17 21:07:32 UTC 2018
New revision: 477448
URL: https://svnweb.freebsd.org/changeset/ports/477448

Log:
  Document issue in security/botan2

  PR:		230666

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-08-17 21:09:04 UTC 
A commit references this bug:

Author: swills
Date: Fri Aug 17 21:07:59 UTC 2018
New revision: 477449
URL: https://svnweb.freebsd.org/changeset/ports/477449

Log:
  security/botan2: update to 2.7.0

  While here, bump PORTREVISION on dependent ports

  PR:		230666
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer
  MFH:		2018Q3
  Security:	7762d7ad-2e38-41d2-9785-c51f653ba8bd

Changes:
  head/dns/powerdns/Makefile
  head/dns/powerdns-recursor/Makefile
  head/editors/encryptpad/Makefile
  head/security/botan2/Makefile
  head/security/botan2/distinfo
  head/security/botan2/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-08-22 18:19:19 UTC 
A commit references this bug:

Author: swills
Date: Wed Aug 22 18:18:45 UTC 2018
New revision: 477808
URL: https://svnweb.freebsd.org/changeset/ports/477808

Log:
  MFH: r477449

  security/botan2: update to 2.7.0

  While here, bump PORTREVISION on dependent ports

  PR:		230666
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer
  Security:	7762d7ad-2e38-41d2-9785-c51f653ba8bd

  Approved by:	ports-secteam (implicit)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/dns/powerdns/Makefile
  branches/2018Q3/dns/powerdns-recursor/Makefile
  branches/2018Q3/editors/encryptpad/Makefile
  branches/2018Q3/security/botan2/Makefile
  branches/2018Q3/security/botan2/distinfo
  branches/2018Q3/security/botan2/pkg-plist