Bug 236450 - security/botan2: RFC4880_encode_count doesn't return consistent results when processing exact iterations
Summary: security/botan2: RFC4880_encode_count doesn't return consistent results when ...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jan Beich
URL: https://github.com/randombit/botan/is...
Keywords:
Depends on:
Blocks: 236449
  Show dependency treegraph
 
Reported: 2019-03-10 12:35 UTC by Dmitri Goutnik
Modified: 2019-04-08 12:19 UTC (History)
1 user (show)

See Also:
tremere: maintainer-feedback+


Attachments
Replace upper_bound with lower_bound in pgp_s2k #1854 (1.53 KB, patch)
2019-03-19 08:43 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff
Update to 2.10.0 (includes fix for: Replace upper_bound with lower_bound in pgp_s2k #1853, #1854) (1.45 KB, patch)
2019-04-01 07:34 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitri Goutnik freebsd_committer 2019-03-10 12:35:29 UTC
Upstream PR: https://github.com/randombit/botan/issues/1853
Comment 1 Dmitri Goutnik freebsd_committer 2019-03-10 21:14:31 UTC
Upstream pull request: https://github.com/randombit/botan/pull/1854
Comment 2 Ralf van der Enden 2019-03-19 08:43:56 UTC
Created attachment 202977 [details]
Replace upper_bound with lower_bound in pgp_s2k #1854
Comment 3 Ralf van der Enden 2019-03-19 08:45:06 UTC
I've added the patch from the upstream PR. Since I don't run EncryptPad myself, I cannot confirm if this actually fixes the issue.

poudriere buildlog: https://pkg.cainites.net/data/latest-per-pkg/botan2/2.9.0_1/freebsd_12x64-system.log
Comment 4 Ralf van der Enden 2019-04-01 07:34:27 UTC
Created attachment 203287 [details]
Update to 2.10.0 (includes fix for: Replace upper_bound with lower_bound in pgp_s2k #1853, #1854)

The fix is included in the recently released 2.10.0, so I've replaced my previous patch.

Changelog: https://botan.randombit.net/news.html#version-2-10-0-2019-03-30

Poudriere buildlog: https://pkg.cainites.net/data/latest-per-pkg/botan2/2.10.0/freebsd_12x64-system.log
Comment 5 commit-hook freebsd_committer 2019-04-08 11:52:46 UTC
A commit references this bug:

Author: jbeich
Date: Mon Apr  8 11:51:33 UTC 2019
New revision: 498367
URL: https://svnweb.freebsd.org/changeset/ports/498367

Log:
  security/botan2: update to 2.10.0

  PR:		236450 237019
  Submitted by:	Ralf van der Enden (maintainer)

Changes:
  head/dns/powerdns/Makefile
  head/dns/powerdns-recursor/Makefile
  head/editors/encryptpad/Makefile
  head/security/botan2/Makefile
  head/security/botan2/distinfo