Bug 230666 - security/botan2: Update to 2.7.0
Summary: security/botan2: Update to 2.7.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Steve Wills
URL: https://botan.randombit.net/news.html...
Keywords: security
Depends on:
Blocks:
 
Reported: 2018-08-16 08:50 UTC by Ralf van der Enden
Modified: 2018-08-22 18:20 UTC (History)
2 users (show)

See Also:
koobs: merge-quarterly?


Attachments
Update to Botan 2.7.0 (1.86 KB, patch)
2018-08-16 08:50 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff
Bump PORTREVISION of dependent ports (1.38 KB, patch)
2018-08-16 08:52 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf van der Enden 2018-08-16 08:50:22 UTC
Created attachment 196248 [details]
Update to Botan 2.7.0

Most notable fix:
2018-06-13 (CVE-2018-12435): ECDSA side channel

A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group.

Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.

Full changelog: https://botan.randombit.net/news.html#version-2-7-0-2018-07-02

Poudriere buildlog: https://pkg.cainites.net/build.html?mastername=freebsd_11x64-system&build=2018-08-16_10h32m16s
Comment 1 Ralf van der Enden 2018-08-16 08:52:56 UTC
Created attachment 196249 [details]
Bump PORTREVISION of dependent ports
Comment 2 commit-hook freebsd_committer 2018-08-17 21:08:01 UTC
A commit references this bug:

Author: swills
Date: Fri Aug 17 21:07:32 UTC 2018
New revision: 477448
URL: https://svnweb.freebsd.org/changeset/ports/477448

Log:
  Document issue in security/botan2

  PR:		230666

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2018-08-17 21:09:04 UTC
A commit references this bug:

Author: swills
Date: Fri Aug 17 21:07:59 UTC 2018
New revision: 477449
URL: https://svnweb.freebsd.org/changeset/ports/477449

Log:
  security/botan2: update to 2.7.0

  While here, bump PORTREVISION on dependent ports

  PR:		230666
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer
  MFH:		2018Q3
  Security:	7762d7ad-2e38-41d2-9785-c51f653ba8bd

Changes:
  head/dns/powerdns/Makefile
  head/dns/powerdns-recursor/Makefile
  head/editors/encryptpad/Makefile
  head/security/botan2/Makefile
  head/security/botan2/distinfo
  head/security/botan2/pkg-plist
Comment 4 commit-hook freebsd_committer 2018-08-22 18:19:19 UTC
A commit references this bug:

Author: swills
Date: Wed Aug 22 18:18:45 UTC 2018
New revision: 477808
URL: https://svnweb.freebsd.org/changeset/ports/477808

Log:
  MFH: r477449

  security/botan2: update to 2.7.0

  While here, bump PORTREVISION on dependent ports

  PR:		230666
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer
  Security:	7762d7ad-2e38-41d2-9785-c51f653ba8bd

  Approved by:	ports-secteam (implicit)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/dns/powerdns/Makefile
  branches/2018Q3/dns/powerdns-recursor/Makefile
  branches/2018Q3/editors/encryptpad/Makefile
  branches/2018Q3/security/botan2/Makefile
  branches/2018Q3/security/botan2/distinfo
  branches/2018Q3/security/botan2/pkg-plist