236450 – security/botan2: RFC4880_encode_count doesn't return consistent results when processing exact iterations

Bug 236450 - security/botan2: RFC4880_encode_count doesn't return consistent results when processing exact iterations

Summary: security/botan2: RFC4880_encode_count doesn't return consistent results when ...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Jan Beich

URL:	https://github.com/randombit/botan/is...
Keywords:

Depends on:
Blocks:	236449
	Show dependency tree / graph

Reported:	2019-03-10 12:35 UTC by Dmitri Goutnik
Modified:	2019-04-08 12:19 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	tremere: maintainer-feedback+

Attachments
Replace upper_bound with lower_bound in pgp_s2k #1854 (1.53 KB, patch) 2019-03-19 08:43 UTC, Ralf van der Enden	tremere: maintainer-approval+	Details \| Diff
Update to 2.10.0 (includes fix for: Replace upper_bound with lower_bound in pgp_s2k #1853, #1854) (1.45 KB, patch) 2019-04-01 07:34 UTC, Ralf van der Enden	tremere: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dmitri Goutnik freebsd_committer

2019-03-10 12:35:29 UTC

Upstream PR: https://github.com/randombit/botan/issues/1853

Comment 1 Dmitri Goutnik freebsd_committer

2019-03-10 21:14:31 UTC

Upstream pull request: https://github.com/randombit/botan/pull/1854

Comment 2 Ralf van der Enden 2019-03-19 08:43:56 UTC

Created attachment 202977 [details]
Replace upper_bound with lower_bound in pgp_s2k #1854

Comment 3 Ralf van der Enden 2019-03-19 08:45:06 UTC

I've added the patch from the upstream PR. Since I don't run EncryptPad myself, I cannot confirm if this actually fixes the issue.

poudriere buildlog: https://pkg.cainites.net/data/latest-per-pkg/botan2/2.9.0_1/freebsd_12x64-system.log

Comment 4 Ralf van der Enden 2019-04-01 07:34:27 UTC

Created attachment 203287 [details]
Update to 2.10.0 (includes fix for: Replace upper_bound with lower_bound in pgp_s2k #1853, #1854)

The fix is included in the recently released 2.10.0, so I've replaced my previous patch.

Changelog: https://botan.randombit.net/news.html#version-2-10-0-2019-03-30

Poudriere buildlog: https://pkg.cainites.net/data/latest-per-pkg/botan2/2.10.0/freebsd_12x64-system.log

Comment 5 commit-hook freebsd_committer

2019-04-08 11:52:46 UTC

A commit references this bug:

Author: jbeich
Date: Mon Apr  8 11:51:33 UTC 2019
New revision: 498367
URL: https://svnweb.freebsd.org/changeset/ports/498367

Log:
  security/botan2: update to 2.10.0

  PR:		236450 237019
  Submitted by:	Ralf van der Enden (maintainer)

Changes:
  head/dns/powerdns/Makefile
  head/dns/powerdns-recursor/Makefile
  head/editors/encryptpad/Makefile
  head/security/botan2/Makefile
  head/security/botan2/distinfo