libbotan-devel-2.19.5-bp156.3.3.1<>,fފI%z P4?wK.4!y(7-ZKX2 @TX̲=Y~Gqzq5+da\=ɪvLqqNcr,&We!>ŮJM[Mt֫h+r"YѨT0޵Q|epKZ㵇ХtOgfaNۺ`R4noXD5lCd@Ә)d1!H^њ`S{&=Ē%m= NrljIs;YZuAѭa~yS;Nq[S5N aҽ ֽp.){j0ffy| a b?•tI\bʶ̡%IQyi>At?td $ @ (DJT@T@ @  T@ T@ `@ b,@g,@ml@ss@xy y@ z (z/8z8*9z*:o*BDFDGD@HI@IN@XPYP(ZP\[P`\Ph@]Uh@^bbc:ccddedfdldud@viwj(@xo(@yt(zt0t@tDtJtClibbotan-devel2.19.5bp156.3.3.1Development files for BotanThis package contains the header files and libraries needed to develop programs that use the Botan library.fh02-ch1cYDSUSE Linux Enterprise 15openSUSEBSD-2-Clausehttp://bugs.opensuse.orgDevelopment/Libraries/C and C++https://botan.randombit.netlinuxx86_64 3d9  Y X*-K xl~ /?>  rjU   ^h'49gM&*P &7 \ )   + r N)m g < l ah 2S:V=e #  8 D c6 s ] Nb" `ElD &|O6? %!g 'k{+e8/ & l= k%2 2T,c(0Xj* }Ou1BIO ET  uk/Q$F h RyWB8 N 5 :! M o22L&@ WI{ t bK)1J=qEMP 7 '}A ' &!(D#8PI8   ed2//+ [5AA큤ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff516a1f20cfc8d510013a533fafbb0d974846f1321da2087b90b437707b386d60db3f815f946c38b93fcd473a6bd477c719f5717a7b864197c83a26c653163a704685e57b8db5a636604d7d76abd0ace68a61c807f1b02d74b28216ae521a8e4e3398502efdff1c5894d7397a3f116dd4a20503180615ad3462216c99ef323192fe3e27988f9cbf5e21039660f2730d46bc3602dac4e2ef9bccc4e689ecba4ccc3137a8c89722489039417281fc04093beacb70ace82a5e37d30cc7dbb560588e650208c91cf4ea66e383478bdfb52a96fc0e5fd299adacad7ab2c59dbe191fd8459ee57ae519f5f980ba27d28b7d63ccb543e23820edd1fe3f2f3a26e6be6779589c89e92e5d316c2c8fce017d226e5dc0ad3c0d9a6f64aafa2b4369bc13253931a237fd90121cf72da8ee54aefe62982cd98a65605a04e32a113c57748e1d1467ce2932eaabbf0b5123e54535f0fc7d3d8c8879fb9ab5650f7cca7070350b2cff6d024faf41fe766d7e02721a35542d8cf644c38a61224de5a65083d5cf5407b98b00c82351e15c6590a634b930acacd39eda3f307b8970bb9f87b4219f1ab8434fbc76415a75b107ab6eafd0a9bd50309514b8b91352085e00f88d9ca6c645029f1e03213000375a9333a48b6dd32030e294b367a53493d5538261ee16fb5b72fee5645aff578c7d3f0a7ecc2192ddf972c39e73b8f454d450f833cb726f21c029293b205b210566c12b1858dd1e89febb33c4ec934208422fe39041f146a6b0e5821db10f120379202483cf5d2587ed8763188faa8fefd69b04a8a28a352e3f6b9adcedc5f4e0d2df55ba5502fd6339c7fc073b43fcc96b293034d7e5013fbcb0f99f8351fbd24ad6b3dde708d6684f944c173b306db93aab79d7f9f4c9d55425a39232f9e4d7234f90d84018b41e327f5999d28b02b2a59017a73afec1b916e1e8cf1b7bc2e81bb68df3dc9941822f84935dacd565f965c8206bb33981a7e7def56ad208feddc95290025368967ae44035e1da4f3b41f24d54c9e91f766b607f74cccf58b95ac6c946da82177dde04df4ebe215b8430e69e57de631f424837453d9ff3da14bb10db12eaac355aa1309b2ede50a28af10f14bdafe870f8ce2306b813d72a855b3945d78a5d739d946ff868bc4b260557e0f5595cd747f22eed8522c4e58caf4d9cb2269621bb22056fce840b386d8cd0c1c645d494ccfc79e6030f13c71395bc919b5840c215602217cc4cbb094e5161a07c89a8ce6079667ac7247c2e2126e259a1a43021d839c640586330dbe53513184176ecbb2498891b348f23152bc4ab064db7aee5a8d3d3e6788e46ad869f7acb045ba4494d95b72c11364483cfdab6dce4fac82c6ec542b5449995f35fff8fe273a8f42ec98b2860e1163fccbbf51173b17df6453f9a1da86fc751de57d66630903e808b3e8a61b6933411b7a7494847dd5a9807bd2f0c55b3ad6d9f736086f64f1ba011111773607875ad7b6186a7cf2c4a7fe1421243d7fb7a5415ce0a8cc30ed87473f11b192c59f9f4db2382ddd6854b2f887527b86f8158b4d3d44f57a44ca321a2a8dc2ff4a2373c94b3a2a10b391de3e2840bc3c2358a4e36b34b25090e9cc270739d9bf86b2f42a1cc76eb85b9fa95f1092b1d608c536c57b30cfd6f9f4064c2aacffa68ab93f4fb223984a0879c45f3672b8990a3d7f94237d70e40ede8e40d101e61efacdfbb00a3519cc5cca3854cb0fb042dcc12b033b6a81f59013e556c099aefd121fb04528d5e08d5757dfc523af5f4bd69fabbebf1b27f93698282c385f15fedca7887ed1a45afa58c65cfc7108c30b771d62619aba561b614618f580c06430cfd0a3af2704e6e17775d22b4a36480d6a8d5bc49569864494599a5f3c272e45e1b35b51ec8fabc65e442e7d2f1132bc1aa313b2fd723092b5a77cd653e014ea3025037024239e7a94392bc81b5fda138c4c243cfa6ed9b0004781990c852b8f6de839efb0dc44a5adabd58aaa83b87026db44da0a0e84e9493240a50df91de9f7a75520b1998e24aecf91c9d714df0aff498140fb1691598200fd319455eaf09f2edea9a9cca239cc352e5c3b5259ca3b165c15834483e635dda17a1b4d6ca53688dca6989f1508a6f38c666764572d0a98f5be3d8ef6b45ccc65fadcdbb9aa34394412763cf2503c0c6cf7dc0571778662771e8b479274f400573a6e0c8f79a572bda7773b632f67deb3170dc2de43b2f83265164d01623fad89b5d497df17d188e23f9daf2844daa318bcb7670c11b2c2f8214e96dc522f030e8f2c0d34c0636c0d34a1db2c35779e6b6edc4c062fa20fa6b2db90a388773ac7f156d01b21880f771974cbc207c21a9b63359833af1bcf3073505cab475e27cc9c95fdde283c44756d76bdeac5617ef404641b1d07a86bb3a52a59354976371c401235588c7ef5004228df2221dd43c28e41588565e4f7c7764fac25e47c5b4ba7932f838ced4be64b53ae55ee82355c93137c9f48f8f3f0fead751df123cac8ba6854114bf74319dd40ad41a59463bd56e07dee6eaee86d7393b189293ca41010f60bd5f5a83837d6ad6ff1978a16a136188b49bffb7881ba0122453e19e5778b5fae2889ce6820bbd5c9049471763bb17239733ed98b7abe0ed4986af3e07ed458e58c5ffc4bd4aab0df38c9c78e6b91adcce7698c1eceb3a7a76d25548cc645b44442d3ea31838a6657cf1eee11ac77a2dfb3e5d22da8024642c0cba98372c332b44ae0ca0e9f0e4abc0e8852e64b8c26ab2ebc04432938badaf1c25ef06df2ed13d74b5e95d8043bcdd712c9fa3059da9eede79875e2765d85fa9acda0b62c62b80e9369f248c411502e5430f9b684e02cda320dd3d169a851a69f723b234dacbcece6e43c7e718a37046b146a0c00cd99ece0cb530737967bf39d63cd46c0c3522b2f99512319f42fc68ebde5b35c2abe7a29f9ff46ba229db56533e0729900977c2e0ee3e1fa4412f9e6a8a4d8e3baaaa959346301d65eec87580927dfab14a15448bff3995930869f6b592b5c366efaaf3521f2acabcd9f0b955a07dcdee8ecbb09fc029011e735b90f5f356c53503f0e034dbbe326aed24abcafc2a6e05edab6c030eb15e161e3129cbdb5dc742dc8773a175d38212158bfa14cb7713bc3d95545921ed77d8c18e071c4a605f5e33032c034bf4b256a97a1dcfc228146047dc05a39f3ff710d0ef7fed5687b6232916b4200fd269691dab23c5a2a96233b02f481c867084e83da3f5e3a76663a391a9fd58403e696646d086713e10ae96e9ba5a4c534a4ed67eca59e090972b7ed1fb92f1e20712de018202b19c8dfc1a851ca482bb550d7ebfff1f06e285da3de573ea9a66721a839620de2828233f18490bb8aad7ca283cad9355b6592a3aeff22791fc361e8032de94d9e95d560449e1ecb9089790255e35a38f919b0fecc6afbfeeb5a26341e0825ba4835d7e21552a62a003f9b765ccb1519879dd816b3965ee01611d908e867a1d201614b81d344c64b36fb8b0231d641ad54f1e8e3386c45921c49efd3ae35ac15d5e4055a37354b124b9bf94297cf40f8ed5706e5cc68af52b62940205d5e5c32a71fec4a5db967c6d98f1168598c1d16a9c74eb8bc00ea7885fece228156df668c7546a389af6fa0e22f7f9a62719fd2b348d3684448e3618eaac4cf4cc6c58e214d2b77d7a4ad3d29e598f38bf657e7792fd7c1a22ac07401af45cda7638e26ce6a1fef5866471123ebf5ab5dcb283465a2391dd5d3bb82ccecb601bd6324ed846f49b559bc732e81927978dd77748d68e70f94dccbd235fe6a8af1d496357622e0bb0e5f3a383a78299cad61ec8864a931f5997b389129fe75bd4c0f17c0313621bc22e5efd16e4f4c53d4dd1f3e077fe785f42cee358d2df8d49149a6638a10b589fce4a07970ba010d7ccc2bef2580045d8932b42d6629c9865b52b8a0cd85214d7c3df7afc2df8beb7ed7279ba1b740efd9616c124a482e4c6c3b5e153d2537af2837f2b77a8e49f9d6dd9f99fc5912626b23fb26b707cd85075655f8accbaeccac9a8c83ccbcd60763a88789d5c3daaba3074790c83e6d4224b683d16956c7a99d27d1c70680bc4ae20dad11fef308ecb8ff6f6b8c3dc887c187bf3ff69b97fc01a3f6d521929ee39120e681af6763aef6f41c709f5b48f7cf480a176eac4d62d26b06953fec10583c729f138c48a2c0b0c27ae099bada34716f83100e46e437193084219dd054a0b95be1560f7213610e548fa3f6f084331578cd07af07de740159616c381544b514d583d49690df582f1dab32475ff95540ffd8adc2c63ad34df01ab0ba113c55b851d4df3663919d7a08d6b3a9bc32250297b5a666fc1aa3cdf68140732741e824c1cbe6910cf7e57532a2d6cc9cb8358d7af0fa078a251c1d27fff0bd84b101b2ab790cb22b49d17f751ff949af0d5021a4c585b4766789d301e9788ee6d7f49939993b0767a8fdaf7f67433272b00c4fb0b7d8867afb08f64638bb1274357011e65afc531ac3233453ce58d3395dcf8211b6dce1c5834b897580bbc8a315b365b9d6a1ff353b64affbbdeadbea9ace0d5bbd0835e83267c59e1b38edfac9739ae19fbb9d6bccbc09a7e0bafd1060ed5592a52117d7cf833030b72af18f2d2b37110b2a85addbdd02cf41eed7ce538b741572ffed36ace61ba8a1465873410dce2888171bce86e3b0088ff6fb0b43176d21ecd8ae2d490e192a3a3bc55848a60f4e4ea1773c4fa32d83fe61e1fe072fdbf86cd3bd4ed9b18dd9a524b6885a51436a762e1750412f6bfab32b91eea493daec2c3caa05b892a25689b1068651806fb75b666ccd63eaea7696216292d3c93312c6e5b4ca7202e5c46275e650c09eb859e29483d80f69b75e92f7a6ea1fe9220ba47e9d74083a063d67b391c2fade5e0605f52b3794b0fb76800a86c1e6b84d3d3999c76750e01e0f3e12380c3da826642c2586b7d8fdea148c47a0d50a4c0478da2b50abc91afa582e854647ee1e32de769c6c1a5305a687be51ee512d8a03ff19350631b11946f3b8c7d22c895ed099dc67defc3e5ee05ada829d16079e667b6d2bac5fbad4fb20616c268c3c771587b4943e25b5c1600f503f3a70c82c0e15324ca5535f72887acd591992123a252958468fa3b1e46cf549dada3eea94c603e9d372fe6b18c03136285b206e2f692a1ae5464f905d207d0a4363384139143990507bc7d501542004bd4b478a156ee23368488e18fe1fdf140dc06f013a04a78808ed562935561e2925e43dfe876eb0c9f2415422a7261da8628841aadcc509aebe0c179499fdccf7e494d7b0568bc2f84cf946dcf9d7ba5fcda99b944164bfa49c62efe83ce3521d5dd4102021d9a081a4e319f3e2ccfe4f6c3303379853cca6ceca56a08bbe465b0c4672aa343c889789f13f4da4af6ba18d2cdb4c1c5be33ddaa5a7d005baa8c9386beb57f3e81691a4bdc4d1c315b5923e86187015edf54c9ab21cf9a38d9853a495cf61461eca3f826aabf317eb34c9bedba9a0686d57784e084f1c86feb57135dbb7d1f97e542cdac5ba5b5732e2d78c7ac39a958a92c34e0eccecf28674045b9f0485808f745d2f6a3bdea57c5d6bba3e9a87ef4c4d1b0f8d1fd7bad4f2c4d39ad9e25689b5871a1391c7c336d6060cf64801047b11a3e914b8ed7b7001c01a46ff26c88e46ac9cc6b6e3c024809e771b7bed21f1e5171bef6ee4da77b32a7d2fa3bfc47a410a8c3505b5fb79fe4cea7f00bffbfba455d1de61f880937fdfb9d1d491bb5046c2aaf12f7a95a5786205fb207835deafd7e9451e9dd3b400ac01713ad84aff99eeba4a97d388951f93540074f94bc34af6f4cc3902c3d56fe79af6314e76628fb7d9c39db5048691abdde195ef203dc1ed4915eb2ab0a53e190ef0cd76a43456543308c189a1debb1f1d4caefdb2e1c686cb63700b16929905844fd321ad0525ad133338ea714eec1e6373ba03753666245b7264b2730c30462ab3fc297157988e16880c92b669fa4d6d18ad689a4b1e6bca718912aba4fb5f4da7462222fd67fa3234d968a1b2ff7c51403bb2109eacfbe9dd07b090cec04800b18575008c54432759bd1ff79d1dd0c62955958561c327d1751409bbe1a16ca5beeb0f7ede00019c1f42e35567bc909283348ef8b5d2353af44d38e5b7c86cf450e56015bfb0641701e5b94208b40c7167605ac5d0cc5ea1871b3ff82f2e07b77ec91528ed3dac0d03488cc39c4b4c622fceabadd65c9e938f1dee211ea7cb24ef54fd98a236ca52a6a5235e15cdb6087a7b58e049e7e16d6fc39b0bc9fd95128d17a894db0e05d5f023909898c857c9e5bf74d3ba2d84e6a2ed36ad7faf3872e8fc818b04b80f0af6f2acb1013bacc14ff26aacc5f16d1e29a971f1551a3c40bf25754b2822d83c3cb0ae7d95881ccf0a7729e56bc822712ca551cebbb16c9ac97fcaaed972c9df651ffe9718b0cb807bd27225e5ec0d7eea419e97d9c4edaf96739b89f460167affbe43d6fc93e23f1a08a7904fe85c0c94d036eaf9bb20c9507410658e08842644066b28ac0ddf5f7b645b1824605caa53d382390dbe88e7d800a0e3dbe717187d341d8044436dbb221a0c95c51568903ae2f4f939f0fdc369d486cf418e0c69bbb89e89b100f47483da7f1adaf6d816530e8e100d33af2c679d4dd47e8e1005be63b74948613ed344b2a65c81ce00e35b375be9b38fd211f07029d2101cbcd4805ecf55738b189a64fbc35cd421c54b9ffdc2c554755d527f6994fde9347fb39b1fdf38bea93287fb88c8767bdbc10a60638b19b1c34276809add501cd2d78921a5409967693f3693734981a76079290ffa21cd7a779dd30425aed809b8661660d4aa59ca25b57a688689e2e3fef6316047bbd3a68b10b011fd198f5887e4a6a1a42ae78d436510db1f6e1b4f02babdfa5b30340c6862299343b3a88c3a8167eae9f0299b78df4571b9e00b5b8bb617c9f370590784772fa598e450a80ac10dfe595aa4676bd05eedee96a65f5a7caf2586f5233b5cc62184b61e52b20662b5da17be45a8a685adba35fce28bb42e3c2d0ae5b0bd1bfcfcdbb93d98d7698e815d7cbc15398d3ecf298d922acbfb3151f78240d33cdc16ae0532823fa452cd4a99249fef33e23277e3b1c1f4bafe0d3c9e1203400cfcc49774769d686ef64ba82e38d4305cbef43a5b8429f1451a3fa60bdd3f17feaffa69c54242be18d10e843de94417740f04d5dd3fbff47576bc648bee1ce7bc4e6bc320df0ba68e75359709ffdc8622619fda89923d9f19fd9d6096255121894b3f764ba7172f7b750b5c8c5a309890ff209967507dc5cba0783fe925285687a582910ba34eaad61358c9f7513431cf5f483c63476c06e25f57272fa79c53ae926a06697add272415f1072809ea109f4b9cd3caf189be3f2c104ca53fef8d95865911b1b4f468f17587681127a519983d108c86ebb2df607e5e9117f6bee88176d3dc0ff442fff0bdc7eeb9fb83d352217586bff73b313dd8cd95f6f9639aec4f4198172d7632f6cfa085c9ab07534c08537cd487d9e2e0a290433a1a6cbeeb5df713e2eb56ddaef8892e81337ad836768c1dea37831dc12d9c047df18a7311594d8dc6d0d56e3c499b5136c4ab16133b409d749edb36f60648dbb2b40ea86292e991d2187895a7e3a3be96aab6c38419098d88483f39da376576f97cacb135cbf4d70e08abeb9734c79452989772dfecc53d24a64f6353b11e5204789fd3160743f98c333fcae53ccd1c930726369fa37cb7df8690645e65670eb4ae807f5607946bb002549fd931b0970ba6d699b104814713e9804ff18c84d7fde85f00243561de29efe3f60d509b43c0367cccf47dc0ea88cc3968ee3fed00b5010326bee021c977e796a315762a5d72791c68b2fb0290697f3f4eaf599e876a6127a6e645e7c7fa8a0982636bca235baba7c28eebc382690f9f2cc13370012f4110685c442f9bfa767c658ca4fd09e2ff50fdacda28880e3c423a27b21944560eb66b75478eb8941600c88b42139170bb59da098642d5af9d6a87c18baff9f94e7bfd0411c952d191e410f8284c4a1d4ed2cdba92498b816b7d166fce276210c24f2127174b6a783ab813873c70e1f681eafa370e273bcc8a0b0afc9689dfb44de477e13365d4e3441dc397027a4b41b07bbbe565a6f7b0de10851f058b171ac2eb4996712e320b135d3d04cd9b83cb144653dab304ed4379b477790c7912eba447273590ad994d63ef8b8196b7e7bebbe2b149ce011e0f3e6a0fd0930ac8729d27295e7be127bca32acc09ba86b8c7c3309bb3f59360ce4807a764d7c20768076b07b407617fbbe692b44b77b6102b076abd00d906aabe0592212ebb008f663a6450a1e030349b08a13c183ab37f0fa26e33b083b5844754eb4da578f0a28b192d5593046e8dbcaeeecd03bc3d0300c46003f44bb56ff8edc3a0f4b183175bce063ca2815f0334fcbab55976a8971d1fb6606381cfc2a864af779dbc665865c04a4105bac1e99d609709ba4dd299ef58f3fa9ccad2ec091d65df992d9e8f9fcacb67a451f03e3eaf545e3c138de926999e40b278c3952ace84a747d6dd440d17c5e2656400daaaf0da06d5672a33ee592d360cb75a06e2fa1a001c712f6ed53451a42d91887a3c4c76119499fa6bf3e88549d5b505a48f1b05d5aaab22806b33fad612172a3ec3da49b594cff514fe7d26a02776d124ba098e7cc8a11fca944ac9290e456abcfb0f96e98514fbea1fbe952f12c40b8eb52e558feb28d4462866765d78fc2a0a1d23a65f1ad4738b6dc2bdd3e6e38e7275aba38fdf52f9696ec2df3b14ec38c73b6ea2e94916927908ed84672083ce8875d3be045cad73adecc220740c2bb7fc52f344bce1ea7e466867b7ce342bb6dacd7dfce8bf7baaf384482b70be4bee6640ab9c123116cc07c01d9d8e76bc74ef1b4d5921cf8a2f730e7b1c0feee15376e1bd024e5b87c7f7b223c4675a101e0db9373374354cda5b1d575c3f3eb9f3cedb8daa3e4e471d5ae471c95bde0beb2674d68f9602c9b4bc162d350568cf8e57c7fb6d5079d013a512a245bfe1c12c27844a981944770d16842d661df143e56a0d3531513e849e0fd8c5e6cf0bad56a7521cd77e5e4b788d1f7a6dc4aed1aae111155c3af8b69ab3fe3fdea8668c8bfa7fd8419871203f0e3672a33318e50ae5408b095d1d828eca0633606c657c0dc7da781e4a983b2931f230414085c66498bf7a03583ba7c4a5a5f507f112c2e12ed7d3f1291a0354688f0ff943a541467bcd511cb5b403201c3b6132d2d8ff2e13c2840ed8e601bcbbd981b483974cb6b1496b161ed575bda7857baaa7c869befd9f18ac24a675c42cdc341ce55de96c825d6e7a8a6db5c3e9b28faddb9e7c828197d57c0ac1dff98ecf94865834e020312624a7f4fc1605164afe9680e4708af52d6e4090838c27d64526c700fb78725acdacae516e41e507b971756aea3ecbf6efb3d4d1170fe8cb9122d556b9cfcea6e7f74552c95aef623f7824e74fa721007db42b9baa397ca5d56280d6daa8e73141dd6d73b24959c86fab7931cf11f8f538d2f98522141758f54e0864dd35e916f75e3e10c595f0c2645c3d988672aae6cad1e58a680803b3d8afff9f6cbc1975d2d13952a42ab63adb651cd9f2a95fbbc5c15255d0ee111975105c2375c21595440643be05bef907f672d3c4ac31c66fed8114f3bff6aac5c6a46dc802169bdd6f33560fb578796e4dd6aa7e7d22a1b6dc54453c4ce95e4e10c7adb64ffeca2ecad6bc98a9c4f15389501d553b917a74cad35ab357155039e941f7e5791ab729eb2ddf622a3943be1c0ddb7ade62d3229e184f355b741751f5515bdc280a4eae1512591463a12ad9ef1ca7c634b3b7212ddd55c5fce658d8fd19a8520ee8efae929a047705a3c6c6df4afb461c26077ddbafe633b9f45d7d47e959b2479adc6ab925fbb308ebaacbd749a70ce9c8090a2ab6ed930e7a277efee029760ff4cc169d8305b4c92a74c099946bb9b49ecb9e03644ddce035d4096c2b432a703818a4c68ab215b88c491c94b5d6c2d883e7fb05f00e6b5247a636a48d22d96c4e3b32fe8f125308b9c5a53436c78b4535bbb99b36b7dbd6cc7d66c47dfc461404b802ec5fd832023c63b57cf433955f29eeb082b8e3c5de8941231a41490b0c845648a892ca46d319e8f87fada44d9ee17ab94613b86409671aa8dd95cd973731ebf7c9489e2de6f93f4de7b57605fa40e638afd4f1417190842f454afad8d87f2cea03797ee6e79347a882b18abcd6826fa61efb9e1f22f38e2a40d8cced5f45fb2eab30a469288b32b72f4dca785224b05d78e68a56d58d8c3fcdb594a446183d22fcf07577bead7b236b8befb4c6f0f6f27138d0dcfa295dd5ad134480bafe92611e2ab694809731615d376d863c8c0c1320e24aa1d3aca857d17bb4df645f1605051dcb6a951d41d863ce23f7369e4e887a16625fbb8285b8c9fc3f81d5e1df95ad628e6269eeb640b017bc8d26469be821e5b3b71b38dc7389b6836ab0406bb1317a1e479959335092773da2909e064573ad8e1401091fb1854a5878577236aff59ebfe7efe2f49720e1377f4e0b41c28c394d8f6dd261360b10185a40cf7dc16c29b0faaa9b56eb3ddf559666ccd2d7f31e124bd27af66df56178ba9aa7830a2087bea264460a3e7e1bfcb77a4eb0298f5bb3ac33bd2e1c20dbf6c42be24f6d95062af1ad9f6cd97683a45e92dc8a2ca219b6fdabe206016ca753d401480a831b362018a6f08edface0b8dabc7f9ee37aa5bbe15a154d763846b97d226b94bc16d372efa884dfe5df2ec3a69a01b5a0ed71ce03ec7d33a1987659f5cc2f4719aceba130112f7f876000c35256f663465bd9f95ef988bfbc9f0bf636af17fd839b35d76e881cc9426cb0c884cf9bf66685a2df2a381f6d24592a000eefa8449b9bdb81eb89d437e6e14f792322f597cbe025a4cc9584862e5cbb650ac1552e5f502c175d479a9bf3b4b18447ce713fb176f930fac0567c11486e0f9d1c771ed079c67854d67fc8c34797099d3a42ddeed0b98bd302602e66487e1b780ec18bfe04932f0c0401634926431015f43b969c25ad401ffc23bd5ca8fac4391298db7e291f0ee191ecc9ff8c1cd28d53013027eb566d312f8f5b5256f81c5c9d0a9364ef55af0c8e42cdf640d7b9f47eb07f0408a9511be46d459e2399dd4cea56a0bbdb576597a7b2bdb6092d15fa780dc2598536f2ca38570ed2319095a513d1bf466475749a1fad85d7d76c55de388101a9e0409f6a623202604e839bc1a5964fa10d1038691f7a285c209fc942b14414dec26ffef4ece7360f4642b7d3bb78b97724fc0040a71dd0ee66eaa666553194639bdfdceafc5d2bedd0bffcca5ec1c5981731e874b15df5b71f68a2d21c5c5d682563e155ce6377218d2fb50f9419b21b1c7679a5c2835a44161549c0696e68625fb9c31b151d09110c0c25cddbc0033d34b1dad4385bc34dda1e3b0a341e0baf39e204ddeb6682b7083c8e29f70c5846853de12ca6183d2235e46aae2c0caa37b5e9189fae8f56787b1c56ca1344d7d858320c0ad32feed653756cd9ffeead8fb3a86d9dbc75d586c309ef1d7d0c7be7b3dd67339b53c05ebaf7183861847463c3ea59085df6ca134f1c28de37609dc306cffff1e1759a06566cee01b69bb11df50183f5370abb9aa106845a1abb34d299f18ffe5494e876dba27202a3e91881665bba8e49ad110c8548d8ec60474d8daf912c4cefdca6366d2706106a5f39bb47de3ba6b14152949992b73765deb4d1345bf1187ef4f5987198bae57a8cc9c87f818a79b2edc7b1110023cc6f8c48042fa6c8590abe34df38d2a04815aff49b744e232952ad558e402f44b1df7183ffa52789ecebc5242a8979da6616c6216e7a8b2a18d6a10c6ac7debabd17893f2c8c0a81cf271fc06aaa264b9ffd74347d5f7c5e2029b7a36481621f535eb8c8701f1b8367e6ab3f2e13b13775d88ac7a561b8359074d3397da870ec9d040c203650f410d86b307a9b3845994bce9c3eff09a3be75491e9b7968b3c983b9c2609fe585355dd25a18180c7bc9ec6fbb6b3b6ad9d2cb6044cc710dbda9eb7bf1396beff8292fc1a22abe9e23bb431376534761e19c0dea3a27537502d9f6499badf9dcf64274cf7bd5185247d1e79f95fbc2aeb92d17c88e7b56c0b5aaf4a31c051c4557cbb4ecd3b2d4723e6b0972a0aae8e10c6546702d038f09d49aaa27c5fa7588d9415c3b65379149809e9d152383dac5d715a12ae6197d1b0ae735ab6c420df5141f62354a737363db18c1034e739a15d4021b5a36bee17f85c07f686a2ee4fc43b69cea2a8e770b5667bc744db2ef873bb65b2045f13a7304b03af703e94d032b3bb56c43988f611d433f796519b3f44c2a00f6cc36b1566cdad2e839587b400271dde53fb0132a0287dad2dea220b7d1043d7f9b7f2aa340cc7f5d8a857336638555542d4e9b8bbfecffa37ae2fb84cc21775c054ad94b385ff243726a858a9716cdc391ca0f0526d1afd6a84ad48cc13bcd2fcbd9bed9dc65841064bb2aefc33a1aed5f3cb31a566ef09ab781658742cfc015e0da9dacfb87375bf8fa9e7fc9311051b1b942f242186cbff494260a4880d5de3b4fc715ed9ce9093f8e1a6404acecd4cef2e6cf424ef47391c6cfa4c673d6716956fc7c7d72c975a5254f7ac2684eff9f6ebc602caa66966e0626e01476ac327c8a437e214b118eb106b1853b433cb2945b51e8e60f019630ae5bf0cd43dda8bc3eae91cb251913e49a117cd6718fd530aa87913c099fae4d21bfc4fd7dbe76f47695c1fb11ed3f2fbaadf35dc06869d3acfb2e77e1330f27d7e9db9112aa164f1971c1d6781276af0c8443bb3c08873550bc4014edca5544ec50148c6de5cf55fe51d45116be8fc3faf2405266fc8a70896d16014ac15bbd76b38586787671197a23a20b7947e3ccf5fecb123cb2430b345a44c5467d482a062f50074a0396a83a87e07f52bb806b0d6aa7c616abc85cf49e9944a1627a708e24a7c41d051bb0fd01b3857a30d250ce0a9b563242dd0b56eb7183d32eb7dafb6e297bbb9715b87a126739c02fb1ca081c4671f223f638070db448c0d1c30d3a2581aba0d0ab84002eb61b8d5eda952ceb09769941b11971e9945bd1a2f9f0ac9ee8351cb6a19f7fe71fd235a4abcf3e7fcf853ce5b6973c910e98b96825ade59487b3853eed46d2aefb9d8c882bdefaffc7a1566b2e8888dcd111f241e703ae963b758ba0e91d35917c17b24db5f6a522055f820fefe863245a952fe49b2a42ab4e3ed060f222c9434cc11931504e20745743e85c90d10e58b34a48bce3559159d536683d5a2212d4a6ee28a477eb35e96fec506f51e03fe0ad3809f07595fe1fcca3e947032094f45254663b8b8bac936c29fde5e00f9a690cc2fdd943468380c26d23b81f41e929b0b1460a0f0eecda9e39ea481151d112da005a44133ebaa734ddc40f8fbe85b95ae4ed531077061e5ebf161ea47a6ab5d341168fd02fb84819912459ed3449fbeac20e0212e2e925fe605106b2c8bc2c609df1b72e0c92a5b639cfe21438448bcb7882db2184b21bebac4c56ab859aa108ccdbc21c6bfad14eaaf5d6748c78c655f56a63ddbb4b9d945c34ef049846f6d4b84ef214d41faeb18a2ea8a73d21f6c535aa91be02dacc32a0072847865c3495996a1c69f2a214a08f5b05642f19bc39344dafe26c6a70301b278d617e51c0e4d289b08eb2a84c9f72bc69a2f0aaee14eedd8c31d659cad6ce95bed0078b678cd57a30f30a1a2f9b68aed2463da17ca6e06a86b5422dc3803267389b6e06fed60f0182dc1c8f2ef6065b6f7c2d5afe5d5dc762b535cd26748723f571e54371e0a4d3f13e35918ed2b21f32a1f243302718f75c8d3137dc8dce154a51b54cd4ddc0af254323058054ee8fc7e5e2f9a5165a4b62950456e753d1b13cdef8525a60cac05ea4c37de655ba39983d288a9ba99076fbcd9d0249fd9c5283cddb7937f862808805c99a5e769db61e5f0e2a6f1668b16f7f46c15a0f13cbab6776081a40a0f85aa6600dac514fa7b04f6f0de18a92a2bbdbbd4bf349941a4e687347a9f45e7287ece4ecf17de2142cdabf0dc1f0e8f66624dcd441a9ae7d0429c63240972da2344603d74e55a975e809ae31cf5de40d835ea37966f025467f093113cc2565b57e00589d08b0a32d61588a723686a4f3b5f58aaf1e34cdb903aa1d76e53c362a3c53312b90895539f078b04e199291de690ac1ce74e2dlibbotan-2.so.19.19.5rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootBotan-2.19.5-bp156.3.3.1.src.rpmBotan-devellibbotan-devellibbotan-devel(x86-64)pkgconfig(botan-2)@    /usr/bin/pkg-configlibbotan-2-19libbz2-develpkgconfig(liblzma)pkgconfig(sqlite3)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)trousers-devel2.19.53.0.4-14.6.0-14.0-15.2-14.14.3f@cv"@b@aC@a)@` @`y|@_1@_u@_@_ _9^\N\73[`O@[DZJ@Z̧@ZlZZ$ZZZ0@Z|;ZWQZS]@Y@Y@YA@YéXX@Xc@X(UW5VV{@U@UUAngel Yankov Jason Sikes Dirk Müller Andreas Stieger Dirk Müller Andreas Stieger Ferdinand Thiessen Andreas Stieger Andreas Stieger Andreas Stieger Pedro Monreal Dirk Mueller Paolo Stivanin Daniel Molkentin Daniel Molkentin daniel.molkentin@suse.comdaniel.molkentin@suse.comkasimir_@outlook.dedaniel.molkentin@suse.comdaniel.molkentin@suse.comsleep_walker@opensuse.orgsleep_walker@opensuse.orgadam.majer@suse.deadam.majer@suse.desleep_walker@opensuse.orgsleep_walker@opensuse.orgi@marguerite.sui@marguerite.sumimi.vx@gmail.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comvcizek@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.compth@suse.denetsroth@opensuse.orgfaure@kde.orgmichael@stroeder.commpluskal@suse.commvyskocil@opensuse.orgnetsroth@opensuse.orgliujianfeng1994@gmail.com- Update to 2.19.5: * Fix multiple Denial of service attacks due to X.509 cert processing: * CVE-2024-34702 - bsc#1227238 * CVE-2024-34703 - bsc#1227607 * CVE-2024-39312 - bsc#1227608 * Fix a crash in OCB * Fix a test failure in compression with certain versions of zlib * Fix some iterator debugging errors in TLS CBC decryption. * Avoid a miscompilation in ARIA when using XCode 14- Update to 2.19.3: * validate that an embedded certificate was issued by the end-entity issuing certificate authority when checking OCSP responses. * CVE-2022-43705 * bsc#1205509- update to 2.19.2: * Add support for parallel computation in Argon2 * Add SSSE3 implementation of Argon2 * The OpenSSL provider was incompatible with OpenSSL 3.0. It has been removed * Avoid using reserve in secure_vector appending, which caused a performance problem * Fix TLS::Text_Policy behavior when X25519 is disabled at build time * Fix several warnings from Clang- update to 2.19.1: * Add a forward error correction code compatible with the zfec library- update to 2.18.2: * Avoid using short exponents when encrypting in ElGamal, as some PGP implementations generate keys with parameters that are weak when short exponents are used CVE-2021-40529 boo#1190244 * Fix a low risk OAEP decryption side channel * Work around a miscompilation of SHA-3 caused by a bug in Clang 12 and XCode 13 * Remove support in OpenSSL provider for algorithms which are disabled by default in OpenSSL 3.0 * Add CI based on GitHub actions to replace Travis CI * Fix the online OCSP test, as the certificate involved had expired. * Fix some test failures induced by the expiration of the trust root "DST Root CA X3"- Botan 2.18.1: * Fix a build regression in 2.18.0 which caused linker flags which contain -l within them (such as -fuse-linker-plugin) to be misinterpreted * Fix a bug which caused decoding a certificate which contained more than one name in a single RDN * Fix a bug which caused OID lookup failures when run in a locale which uses thousands separators (pt_BR was reported as having this issue) * DNS names in name constraints were compared with case sensitivity, which could cause valid certificates to be rejected * X.509 name constraint extensions were rejected if non-critical. RFC 5280 requires conforming CAs issue such extensions as critical, but not all certificates are compliant, and all other known implementations do not require this * X.509 name constraints were incorrectly applied to the certificate which included the constraint - build with lzma compression support - build with SQLite support - build with TPM support - fix SLE 12 build- Botan 2.18.0 * Add support for implementing custom RNG objects through the FFI interface * Improve safegcd bounds, improving runtime performance * Reject non-TLS messages as quickly as possible without waiting for a full record. * Fixes for TLS::Stream::async_shutdown - Removed unneeded GNU MP build requirement, support was dropped with version 1.11.10 - Enabled check target, verify integrity of build library- Botan 2.17.3: * Harden against side-channels from decoding secret values by changing the base64, base58, base32, and hex encoding and decoding opearations to run in constant time- Botan 2.17.2: * Fix build problem on ppc64 * Resolve an issue in the modular square root algorithm- Botan 2.17.1: * Fix bugs in ECDSA signature generation and verifications under specific circumstances * developer visible changes, including deprecation with warnings * optimization in the non-hardware assisted AES key generation * Add more detection logic for AVX-512 features * Fix a bug parsing deeply nested cipher names * Prevent requesting DER encoding of signatures when the algorithm did not support it- Update to 2.16.0: * Now userspace PRNG objects (such as AutoSeeded_RNG and HMAC_DRBG) use an internal lock, which allows safe concurrent use. This however is purely a precaution in case of accidental sharing of such RNG objects; for performance reasons it is always preferable to use a RNG per thread if a userspace RNG is needed. * DL_Group and EC_Group objects now track if they were created from a known trusted group (such as P-256 or an IPsec DH parameter). If so, then verification tests can be relaxed, as compared to parameters which may have been maliciously constructed in order to pass primality checks. * RandomNumberGenerator::add_entropy_T assumed its input was a POD type but did not verify this. * Support OCSP responders that live on a non-standard port. * Add support for Solaris sandbox. * Support suffixes on release numbers for alpha/beta releases. * Fix a bug in EAX which allowed requesting a 0 length tag, which had the effect of using a full length tag. Instead omit the length field, or request the full tag length explicitly. * Fix a memory leak in GCM where if passed an unsuitable block cipher (eg not 128 bit) it would throw an exception and leak the cipher object.- update to 2.15: Fix a bug where the name constraint extension did not constrain the alternative DN field which can be included in a subject alternative name. This would allow a corrupted sub-CA which was otherwise constrained by a name constraint to issue a certificate with a prohibited DN. Fix a bug in the TLS server during client authentication where where if a (disabled by default) static RSA ciphersuite was selected, then no certificate request would be sent. This would have an equivalent effect to a client which simply replied with an empty Certificate message. (GH #2367) Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As a result AES is now constant time on all processors. (GH #2346 #2348 #2353 [#2329] #2355) In TLS, enforce that the key usage given in the server certificate allows the operation being performed in the ciphersuite. (GH #2367) In X.509 certificates, verify that the algorithm parameters are the expected NULL or empty. (GH #2367) Change the HMAC key schedule to attempt to reduce the information leaked from the key schedule with regards to the length of the key, as this is at times (as for example in PBKDF2) sensitive information. (GH #2362) Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The previous RDRAND_RNG interface is deprecated. (GH #2352) The documentation claimed that mlocked pages were created with a guard page both before and after. However only a trailing guard page was used. Add a leading guard page. (GH #2334) Add support for generating and verifying DER-encoded ECDSA signatures in the C and Python interfaces. (GH #2357 #2356) Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH [#2322]) When building documentation using Sphinx avoid parallel builds with version 3.0 due to a bug in that version (GH #2326 #2324) Fix a memory leak in the CommonCrypto block cipher calls (GH #2371) Fix a flaky test that would occasionally fail when running the tests with a large number of threads. (GH #2325 #2197) Additional algorithms are now deprecated: XTEA, GOST, and Tiger. They will be removed in a future major release.- Update to Botan 2.14: * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247) * Optimize the vector permute AES implementation, especially improving performance on ARMv7, Aarch64, and POWER. (GH #2243) * Use a new algorithm for modular inversions which is both faster and more resistant to side channel attacks. (GH #2287 #2296 #2301) * Address an issue in CBC padding which would leak the length of the plaintext which was being padded. Unpadding during decryption was not affected. * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295) * Increase the size of the ECC blinding mask and scale it based on the size of the group order. (GH #880 #893 #2308) * Add server side support for the TLS asio wrapper. (GH #2229) * Add support for using Windows certificate store on MinGW (GH #2280) * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter. * Add Roughtime client (GH #2143 #1842) * Add support for XMSS X.509 certificates (GH #2172) * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213) * Add AVX2 implementation of SHACAL2 (GH #2196) * Support more functionality for X.509 in the Python API (GH #2165) * Add generic CPU target useful when building for some new or unusual platform. * Disable MD5 in BSI or NIST modes (GH #2188) * Many currently public headers are being deprecated. If any such header is included by an application, a warning is issued at compile time. Headers issuing this warning will be made internal in a future major release. * RSA signature performance improvements (GH #2068 #2070) * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and ChaCha20Poly1305 (GH #2117), especially for small messages. * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100) * Improve performance of POWER8 AES instructions (GH #2096) * Add support for the POWER9 hardware random number generator (GH #2026) * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022) * In DTLS server, support a client crashing and then reconnecting from the same source port, as described in RFC 6347 sec 4.2.8 (GH #2029) * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042) * Add support for the TLS v1.3 downgrade indicator. (GH #2027) * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987) * Add Bcrypt-PBKDF (GH #1990) * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999) * Add support for the TLS v1.3 supported_versions extension. (GH #1976) * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000) * Add support for OCSP stapling on server side. (GH #1703 #1967) * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992) * Add a certificate store for Linux/Unix systems. (GH #1885 #1936) * Various Fixes- Update to Botan 2.10 * Bump SONAME * Warning: XMSS currently implements draft-06 which is not compatible with the final RFC 8391 specification. A PR is open to fix this, however it will break all current uses of XMSS. If you are currently using XMSS please comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR will be merged and support for draft-06 will be removed starting in 2.11. * Added a new certificate store implementation that can access the MacOS keychain certificate store. (GH #1830) * Redesigned Memory_Pool class, which services allocations out of a set of pages locked into memory (using mlock/VirtualLock). It is now faster and with improved exploit mitigations. (GH #1800) * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by 25-35% on common CPUs. (GH #1815) * Unroll SHA-3 computation improving performance by 10-12% (GH #1838) * Add a Thread_Pool class. It is now possible to run the tests in multiple threads with --test-threads=N flag to select the number of threads to use. Use --test-threads=0 to run with as many CPU cores as are available on the current system. The default remains single threaded. (GH #1819) * XMSS signatures now uses a global thread pool instead of spawning new threads for each usage. This improves signature generation performance by between 10% and 60% depending on architecture and core count. (GH #1864) * Some functions related to encoding and decoding BigInts have been deprecated. (GH #1817) * Binary encoding and decoding of BigInts has been optimized by performing word-size operations when possible. (GH #1817) * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to make its meaning and usage more clear. The old name remains as a typedef. (GH #1816) * Support for using Boost filesystem and MSVC’s std::filesystem have been removed, since already POSIX and Win32 versions had to be maintained for portability. (GH #1814) * Newly generated McEliece and XMSS keys now default to being encrypted using SIV mode, support for which was added in 2.8.0. Previously GCM was used by default for these algorithms. * Use arc4random on Android systems (GH #1851) * Fix the encoding of PGP-S2K iteration counts (GH #1853 #1854) * Add a facility for sandboxing the command line util. Currently FreeBSD (Capsicum) and OpenBSD (pledge) sandboxes are supported. (GH #1808) * Use if constexpr when available. * Disable building shared libs on iOS as it was broken and it is not clear shared libraries are ever useful on iOS (GH #1865) * Renamed the darwin build target to macos. This should not cause any user-visible change. (GH #1866) * Add support for using sccache to cache the Windows CI build (GH #1807) * Add --extra-cxxflags option which allows adding compilation flags without overriding the default set. (GH #1826) * Add --format= option to the hash cli which allows formatting the output as base64 or base58, default output remains hex. * Add base58_enc and base58_dec cli utils for base58 encoding/decoding. (GH #1848) * Enable getentropy by default on macOS (GH #1862) * Avoid using -momit-leaf-frame-pointer flags, since -fomit-frame-pointer is already the default with recent versions of GCC. * Fix XLC sanitizer flags. * Rename Blake2b class to BLAKE2b to match the official name. There is a typedef for compat. * Fix a bug where loading a raw Ed25519_PublicKey of incorrect length would lead to a crash. (GH #1850) * Fix a bug that caused compilation problems using CryptoNG PRNG. (GH #1832) * Extended SHAKE-128 cipher to support any key between 1 and 160 bytes, instead of only multiples of 8 bytes. * Minor HMAC optimizations. * Build fixes for GNU/Hurd. * Fix a bug that prevented generating or verifying Ed25519 signatures in the CLI (GH #1828 #1829) * Fix a compilation error when building the amalgamation outside of the original source directory when AVX2 was enabled. (GH #1812) * Fix a crash when creating the amalgamation if a header file was edited on Windows but then the amalgamation was built on Linux (GH #1763)- Update to Botan 2.9 * Bump SONAME * CVE-2018-20187 Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key. * Fix bugs in TLS which caused negotiation failures when the client used an unknown signature algorithm or version (GH #1711 #1709 #1708) * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data was set after starting a message, the new AD was not reflected in the produced tag. Now with these modes setting an AD after beginning a message throws an exception. * Use a smaller sieve which improves performance of prime generation. * Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256 GB. (GH #1728) * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729) * Optimize AVX2 ChaCha (GH #1730) * Many more operations in BigInt, ECC and RSA code paths are either fully const time or avoid problematic branches that could potentially be exploited in a side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765 [#1770] #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797) * Several optimizations for BigInt and ECC, improving ECDSA performance by as much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788) * Support recovering an ECDSA public key from a message/signature pair (GH #664 [#1784]) * Add base58 encoding/decoding functions (GH #1783) * In the command line interface, add support for reading passphrases from the terminal with echo disabled (GH #1756) * Add CT::Mask type to simplify const-time programming (GH #1751) * Add new configure options --disable-bmi2, --disable-rdrand, and - -disable-rdseed to prevent use of those instruction sets. * Add error_type and error_code functions to Exception type (GH #1744) * Now on POSIX systems posix_memalign is used instead of mmap for allocating the page-locked memory pool. This avoids issues with fork. (GH #602 #1798) * When available, use RDRAND to generate the additional data in Stateful_RNG::randomize_with_ts_input * Use vzeroall/vzeroupper intrinsics to avoid AVX2/SSE transition penalties. * Support for Visual C++ 2013 has been removed (GH #1557 #1697) * Resolve a memory leak when verifying ECDSA signatures with versions of OpenSSL before 1.1.0 (GH #1698) * Resolve a memory leak using ECDH via OpenSSL (GH #1767) * Fix an error in XTS which prohibited encrypting values which were exactly the same length as the underlying block size. Messages of this size are allowed by the standard and other XTS implementations. (GH #1706) * Resolve a bug in TSS which resulted in it using an incorrect length field in the shares. Now the correct length is encoded, but either correct or buggy lengths are accepted when decoding. (GH #1722) * Correct a bug when reducing a negative BigInt modulo a small power of 2. (GH [#1755]) * Add CLI utils for threshold secret splitting. (GH #1722) * Fix a bug introduced in 2.8.0 that caused compilation failure if using a single amalgamation file with AVX2 enabled. (GH #1700) * Add an explicit OS target for Emscripten and improve support for it. (GH #1702) * Fix small issues when building for QNX * Switch the Travis CI build to using Ubuntu 16.04 (GH #1767) * Add options to configure.py to disable generation of pkg-config file, and (for systems where pkg-config support defaults to off, like Windows), to enable generating it. (GH #1268) * Modify configure.py to accept empty lists or trailing/extra commas. (GH #1705) - Update to Botan 2.8 * Add support for using Apple CommonCrypto library for hashing (GH #1667), cipher modes (GH #1674) and block ciphers (GH #1673). * Support for negotiating TLS versions 1.0 and 1.1 is disabled in the default TLS policy. In addition, support for negotiating TLS ciphersuites using CBC or CCM mode is disabled by default. Applications which need to interop with old peers must enable these in their TLS policy object. (GH #1651) * During primality testing, use a Lucas test in addition to Miller-Rabin. It is possible to construct a composite integer which passes n Miller-Rabin tests with probability (1/4)^n. So for a incautious verifier using a small number of tests (under 16 or so) it is possible if unlikely they would accept such a composite as prime. Adding a Lucas test precludes such an attack. (GH #1636) * Add XChaCha and XChaCha20Poly1305 (GH #1640) * Add AVX2 implementations of ChaCha (GH #1662) and Serpent (GH #1660) * Add a new password hashing interface in pwdhash.h (GH #1670) * C binding improvements. Added functions to get name and supported keylengths of cipher, hash and MAC objects, support for FE1 format preserving encryption (GH #1625 #1646), functions to load and save RSA keys in PKCS #1 format (GH #1621), HOTP and TOTP algorithms, scrypt, certificate verification (GH #1647), functions to get the output length of public key operations (GH #1642), and functions for loading and serializing X25519 keys (GH #1681) * Support for building with BOTAN_MP_WORD_BITS set to 8 or 16 has been removed. * Previously SM2 had two distinct key types, one for signatures and another for encryption. They have now been merged into a single key type since in practice it seems the same key is at times used for both operations. (GH [#1637]) * The Cipher_Mode class now derives from SymmetricAlgorithm (GH #1639) * Add support for using the ARMv8 instructions for SM4 encryption (GH #1622) * The entropy source using SecRandomCopyBytes has been removed as it was redundant with other entropy sources (GH #1668) * The Python module has much better error checking and reporting, and offers new functionality such as scrypt, MPI and FPE. (GH #1643 #1646) * Fixed a bug that caused CCM to fail with an exception when used with L=8 (GH #1631 #1632) * The default bcrypt work factor has been increased from 10 to 12. * The default algorithm used in passhash9 has changed from SHA-256 to SHA-512, and the default work factor increased from 10 to 15. * In ECC private keys, include the public key data for compatibility with GnuTLS (GH #1634 #1635) * Add support for using Linux getrandom syscall to access the system PRNG. This is disabled by default, use --with-os-feature=getrandom to enable. * It is now possible to encrypt private keys using SIV mode. * The FFI function botan_privkey_load now ignores its rng argument. * Resolve a problem when building under Visual C++ 15.8 (GH #1624) * Fix a bug in XSalsa20 (192-bit Salsa nonces) where if set_iv was called twice without calling set_key, the resulting encryption was incorrect. (GH [#1640]) * Handle an error seen when verifying invalid ECDSA signatures using LibreSSL on non x86-64 platforms (GH #1627 #1628) * Fix bugs in PKCS7 and X9.23 CBC padding schemes, which would ignore the first byte in the event the padding took up the entire block. (GH #1690) * Correct bugs which would cause CFB, OCB, and GCM modes to crash when they were used in an unkeyed state. (GH #1639) * Optimizations for SM4 and Poly1305 * Avoid a cache side channel in the AES key schedule * Add pk_encrypt and pk_decrypt CLI operations * Now asn1print CLI defaults to printing context-specific fields. * Use codec_base for Base64, which matches how Base32 is implemented (GH #1597) * The cast module has been split up into cast128 and cast256 (GH #1685) * When building under Visual C++ 2013, the user must acknowledge the upcoming removal of support using the configure.py flag --ack-vc2013-deprecated (GH [#1557])- Fix version in baselibs.conf- Update to Botan 2.7 * CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH [#1604]) * Avoid a side channel in RSA key generation due to use of a non-constant time gcd algorithm. (GH #1542 #1556) * Optimize prime generation, especially improving RSA key generation. (GH [#1542]) * Make Karatsuba multiplication, Montgomery field operations, Barrett reduction and Montgomery exponentiation const time (GH #1540 #1606 #1609 [#1610]) * Optimizations for elliptic curve operations especially improving reductions and inversions modulo NIST primes (GH #1534 #1538 #1545 #1546 #1547 #1550) * Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by ~25%. (GH #1564) * Unroll Montgomery reduction for specific sizes (GH #1603) * Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and GOST by 10-15%. * XMSS optimizations (GH #1583 #1585) * Fix an error that meant XMSS would only sign half as many signatures as is allowed (GH #1582) * Add support for base32 encoding/decoding (GH #1541) * Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584) * Allow the year to be up to 2200 in ASN.1 time objects. Previously this was limited to 2100. (GH #1536) * Add support for Scrypt password hashing (GH #1570) * Add support for using Scrypt for private key encryption (GH #1574) * Optimizations for DES/3DES, approx 50% faster when used in certain modes such as CBC decrypt or CTR. * XMSS signature verification did not check that the signature was of the expected length which could lead to a crash. (GH #1537) * The bcrypt variants 2b and 2y are now supported. * Support for 192-bit Suite B TLS profile is now implemented, as the 128-bit Suite B is since 2015 not allowed anymore. * Previously botan allowed GCM to be used with an empty nonce, which is not allowed by the specification. Now such nonces are rejected. * Avoid problems on Windows when compiling in Unicode mode (GH #1615 #1616) * Previously for ASN.1 encoded signatures (eg ECDSA) Botan would accept any valid BER encoding. Now only the single valid DER encoding is accepted. * Correct an error that could in rare cases cause an internal error exception when doing computations with the P-224 curve. * Optimizations to reduce allocations/copies during DER encoding and BER decoding (GH #1571 #1572 #1600) * Botan generates X.509 subject key IDs by hashing the public key with whatever hash function is being used to sign the certificate. However especially for SHA-512 this caused SKIDs that were far longer than necessary. Now all SKIDs are truncated to 192 bits. * In the test suite use mkstemp to create temporary files instead of creating them in the current working directory. (GH #1533 #1530) * It is now possible to safely override CXX when invoking make in addition to when configure.py is run. (GH #1579) * OIDs for Camellia and SM4 in CBC and GCM mode are now defined, making it possible to use this algorithms for private key encryption. * Avoid creating symlinks to the shared object on OpenBSD (#1535) * The factor command runs much faster on larger inputs now. * Support for Windows Phone/UWP was deprecated starting in 2.5. This deprecation has been reversed as it seems UWP is still actively used. (GH [#1586] #1587) * Support for Visual C++ 2013 is deprecated, and will be removed in Jan 2019. * Added support for GCC’s –sysroot option to configure.py for cross-compiling.- fixed to build on armv6 and armv7- Update to Botan 2.6 * CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a malformed ciphertext cause the decryptor to read and HMAC an additional 64K bytes of data which is not part of the record. This could cause a crash if the read went into unmapped memory. No information leak or out of bounds write occurs. * Add support for OAEP labels (GH #1508) * RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster. * Add exponent blinding to RSA (GH #1523) * Add Cipher_Mode::create and AEAD_Mode::create (GH #1527) * Fix bug in TLS server introduced in 2.5 which caused connection to fail if the client offered any signature algorithm not known to the server (for example RSA/SHA-224). * Fix a bug in inline asm that would with GCC 7.3 cause incorrect computations and an infinite loop during the tests. (GH #1524 #1529)- Update to Botan 2.5 * Fix error in certificate wildcard matching (CVE-2018-9127), where a wildcard cert for b*.example.com would be accepted as a match for any host with name *b*.example.com (GH #1519) * Add support for RSA-PSS signatures in TLS (GH #1285) * Ed25519 certificates are now supported (GH #1501) * Many optimizations in ECC operations. ECDSA signatures are 8-10 times faster. ECDSA verification is about twice as fast. ECDH key agreement is 3-4 times faster. (GH #1457 #1478) * Implement product scanning Montgomery reduction, which improves Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH [#1472]) * DSA signing and verification performance has improved by 30-50%. * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) * Add new TLS::Callbacks methods that allow creating or removing extensions, as well as examining extensions sent by the peer (GH #1394 #1186) * Add new TLS::Callbacks methods that allow an application to negotiate use of custom elliptic curves. (GH #1448) * Add ability to create custom elliptic curves (GH #1441 #1444) * Add support for POWER8 AES instructions (GH #1459 #1393 #1206) * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502 [#986]) * The default encoding of ECC public keys has changed from compressed to uncompressed point representation. This improves compatability with some common software packages including Golang’s standard library. (GH #1480 [#1483]) * It is now possible to create DNs with custom components. (GH #1490 #1492) * It is now possible to specify the serial number of created certificates, instead of using the default 128-bit random integer. (GH #1489 #1491) * Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values (eg for modular reductions). (GH #1435 #1454) * Make it possible for PKCS10 requests to include custom extensions. This also makes it possible to use muliple SubjectAlternativeNames of a single type in a request, which was previously not possible. (GH #1429 #1428) * Add new optimized interface for FE1 format preserving encryption. By caching a number of values computed in the course of the FPE calculation, it provides a 6-7x speedup versus the old API. (GH #1469) * Add DSA and ElGamal keygen functions to FFI (#1426) * Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402) * Fix a memory leak in the OpenSSL block cipher integration, introduced in * 2.2.0 * Use an improved algorithm for generating safe primes which is several tens of times faster. Also, fix a bug in the prime sieving algorithm which caused standard prime generation (like for RSA keys) to be slower than necessary. (GH #1413 #1411) * Correct the return value of PK_Encryptor::maximum_input_size which reported a much too small value (GH #1410) * Remove use of CPU specific optimization flags, instead the user should set these via CXXFLAGS if desired. (GH #1392) * Resolve an issue that would cause a crash in the tests if they were run on a machine without SSE2/NEON/VMX instructions. (GH #1495) * The Python module now tries to load DLLs from a list of names and uses the first one which successfully loads and indicates it supports the desired API level. (GH #1497) * Various minor optimizations for SHA-3 (GH #1433 #1434) * The output of botan --help has been improved (GH #1387) * Add --der-format flag to command line utils, making it possible verify DSA/ECDSA signatures generated by OpenSSL command line (GH #1409) * Add support for --library-suffix option to configure.py (GH #1405 #1404) * Use feature flags to enable/disable system specific code (GH #1378) * Add --msvc-runtime option to allow using static runtime (GH #1499 #210) * Add –enable-sanitizers= option to allow specifying which sanitizers to enable. The existing --with-sanitizers option just enables some default set which is known to work with the minimum required compiler versions. * Use either rst2man or rst2man.py for generating man page as distributions differ on where this program is installed (GH #1516) * The threefish module has been renamed threefish_512 since that is the algorithm it provides. (GH #1477) * The Perl XS based wrapper has been removed, as it was unmaintained and broken. (GH #1412) * The sqlite3 encryption patch under contrib has been removed. It is still maintained by the original author at https://github.com/OlivierJG/botansqlite3- drop explicit package requirements - split binary package and documentation from dynamic library package and make documentation package noarch - merge back Botan2 package to Botan with changelog history - drop Botan patches aarch64-support.patch - doesn't seem to be required anymore Botan-fix_install_paths.patch - doesn't seem to be required no-cpuid-header.patch - SLE11 not target anymore Botan-fix_pkgconfig.patch - this seem to be wrong Botan-no-buildtime.patch - not needed anymore dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there Botan-inttypes.patch - not required Botan-ull_constants.patch.bz2 - no reason anymore- change group of libbotan-%{version_suffix} to 'System/Libraries' as requested on review- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just need the Update repository present.- Rename libbotan-devel to libbotan2-devel. We can't have clashing packages in the archive because Botan1 and Botan2 provide the same -devel binary. Botan2 is also no API compatible with Botan.- fix expected version after bump in baselibs.conf too- fix unknown flag -fstack-clash-protection for openSUSE 42.3 - rename to Botan2 - drop Botan2-INT_MAX.patch as not needed anymore - Bump to libbotan 2.4 Changes and new features: * Several build improvements requested by downstream packagers, including the ability to disable building the static library. All makefile constructs that were specific to nmake or GNU make have been eliminated, thus the option ``--makefile-style`` which was previously used to select the makefile type has also been removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346) * Support for negotiating the DH group as specified in RFC 7919 is now available in TLS (GH #1263) * Support for ARIA-GCM ciphersuites are now available in TLS. They are disabled by default. (GH #1284) * Add support for generating and verifying X.509 objects (certificates, CRLs, etc) using RSA-PSS signatures (GH #1270 and [#1368]) * Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301) * OCSP requests made during certificate verification had the potential to hang forever. Now the sockets are non-blocking and a timeout is enforced. (GH #1360 fixing GH #1326) * Add ``Public_Key::fingerprint_public`` which allows fingerprinting the public key. The previously available ``Private_Key::fingerprint`` is deprecated, now ``Private_Key::fingerprint_private`` should be used if this is required. (GH #1357) * ECC certificates generated by Botan used an invalid encoding for the parameters field, which was rejected by some certificate validation libraries notably BouncyCastle. (GH #1367) * Loading an ECC key which used OID encoding for the domain parameters, then saving it, would result in a key using the explicit parameters encoding. Now the OID encoding is retained. (GH #1365) * Correct various problems in certificate path validation that arose when multiple paths could be constructed leading to a trusted root but due to other constraints only some of them validated. (GH [#1363]) * It is now possible for certificate validation to return warning indicators, such as that the distinguished name is not within allowed limits or that a certificate with a negative serial number was observed. (GH #1363 #1359) * XMSS signatures now are multi-threaded for improved performance (GH #1267) * Fix a bug that caused the TLS peer cert list to be empty on a resumed session. (GH #1303 #1342) * Increase the maximum HMAC key length from 512 bytes to 4096 bytes. This allows using a DH key exchange in TLS with a group greater than 4096 bits. (GH #1316) * Fix a bug in the TLS server where, on receiving an SSLv3 client hello, it would attempt to negotiate TLS v1.2. Now a protocol_version alert is sent. Found with tlsfuzzer. (GH #1316) * Fix several bugs related to sending the wrong TLS alert type in various error scenarios, caught with tlsfuzzer. * Add support for a ``tls_http_server`` command line utility which responds to simple GET requests. This is useful for testing against a browser, or various TLS test tools which expect the underlying protocol to be HTTP. (GH #1315) * Add an interface for generic PSK data stores, as well as an implementation which encrypts stored values with AES key wrapping. (GH #1302) * Optimize GCM mode on systems both with and without carryless multiply support. This includes a new base case implementation (still constant time), a new SSSE3 implementation for systems with SSSE3 but not clmul, and better algorithms for systems with clmul and pmull. (GH #1253 #1263) * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, Blowfish, Twofish, CAST-128, and CRC24 (GH #1281) * Salsa20 now supports the seek operation. * Add ``EC_Group::known_named_groups`` (GH #1339) * Symmetric algorithms (block ciphers, stream ciphers, MACs) now verify that a key was set before accepting data. Previously attempting to use an unkeyed object would instead result in either a crash or invalid outputs. (GH #1279) * The X509 certificate, CRL and PKCS10 types have been heavily refactored internally. Previously all data of these types was serialized to strings, then in the event a more complicated data structure (such as X509_DN) was needed, it would be recreated from the string representation. However the round trip process was not perfect and could cause fields to become lost. This approach is no longer used, fixing several bugs (GH #1010 #1089 #1242 #1252). The internal data is now stored in a ``shared_ptr``, so copying such objects is now very cheap. (GH #884) * ASN.1 string objects previously held their contents as ISO 8859-1 codepoints. However this led to certificates which contained strings outside of this character set (eg in Cyrillic, Greek, or Chinese) being rejected. Now the strings are always converted to UTF-8, which allows representing any character. In addition, UCS-4 strings are now supported. (GH #1113 #1250 #1287 #1289) * It is now possible to create an uninitialized X509_Certificate object. Such an object will throw if any attempt to access its members is made. (GH #1335) * In BER decoder, avoid unbounded stack recursion when parsing nested indefinite length values. Now at most 16 nested indefinite length values are accepted, anything deeper resulting in a decoding error. (GH #1304 OSS-Fuzz 4353). * A new ASN.1 printer API allows generating a string representation of arbitrary BER data. This is used in the ``asn1print`` command line utility and may be useful in other applications, for instance for debugging. * New functions for bit rotations that distinguish rotating by a compile-time constant vs a runtime variable rotation. This allows better optimizations in both cases. Notably performance of CAST-128 and CAST-256 are substantially improved. (GH #1247) * TLS CBC ciphersuites now are implemented using the standard CBC code, instead of reimplementing CBC inside the TLS stack. This allows for parallel decryption of TLS CBC ciphertexts, and improves performance especially when using AES hardware support. (GH #1269) * Add callbacks to make it possible for an application using TLS to provide custom implementations of signature schemes, eg when offloading the computations to another device. (GH #1332) * Use a direct calculation for calendar computations instead of relying on non-portable operating system interfaces. (GH #1336) * Fix a bug in the amalgamation generation which could cause build failures on some systems including macOS. (GH #1264 #1265) * A particular code sequence in TLS handshake would always (with an ECC ciphersuite) result in an exception being thrown and then caught. This has changed so no exception is thrown. (GH #1275) * The code for byteswapping has been improved for ARMv7 and for Windows x86-64 systems using MSVC. (GH #1274) * The GMAC class no longer derives from GHASH. This should not cause any noticeable change for applications. (GH #1253) * The base implementation of AES now uses a single 4K table, instead of 4 such tables. This offers a significant improvement against cache-based side channels without hurting performance too much. In addition the table is now guaranteed to be aligned on a cache line, which ensures the additional countermeasure of reading each cache line works as expected. (GH #1255) * In TLS client resumption, avoid sending a OCSP stapling request. This caused resumption failures with some servers. (GH [#1276]) * The overhead of making a call through the FFI layer has been reduced. * The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. They have been changed to use the correct encoding, and a test added to ensure such errors do not recur. * Counter mode allows setting a configurable width of the counter. Previously it was allowed for a counter of even 8 bits wide, which would mean the keystream would repeat after just 256 blocks. Now it requires the width be at least 32 bits. The only way this feature could be used was by manually constructing a ``CTR_BE`` object and setting the second parameter to something in the range of 1 to 3. * A new mechanism for formatting ASN.1 data is included in ``asn1_print.h``. This is the same functionality used by the command line ``asn1print`` util, now cleaned up and moved to the library. * Add ``Pipe::append_filter``. This is like the existing (deprecated) ``Pipe::append``, the difference being that ``append_filter`` only allows modification before the first call to ``start_msg``. (GH #1306 #1307) * The size of ASN1_Tag is increased to 32 bits. This avoids a problem with UbSan (GH #751) * Fix a bug affecting bzip2 compression. In certain circumstances, compression would fail with ``BZ_SEQUENCE_ERROR`` due to calling bzlib in an way it does not support. (GH #1308 #1309) * In 2.3.0, final annotations were added to many classes including the TLS policies (like ``Strict_Policy`` and ``BSI_TR_02102_2``). However it is reasonable and useful for an application to derive from one of these policies, so as to create an application specific policy that is based on a library-provided policy, but with a few tweaks. So the final annotations have been removed on these classes. (GH #1292) * A new option ``--with-pdf`` enables building a PDF copy of the handbook. (GH #1337) * A new option ``--with-rst2man`` enables building a man page for the command line util using Docutils rst2man. (GH #1349) * Support for NEON is now enabled under Clang. * Now the compiler version is detected using the preprocessor, instead of trying to parse the output of the compiler's version string, which was subject to problems with localization. (GH [#1358]) * By default the gzip compressor will not include a timestamp in the header. The timestamp can be set by passing it to the ``Gzip_Compression`` constructor. * Add an OID for RIPEMD-160 * Fixes for CMake build (GH #1251) * Avoid some signed overflow warnings (GH #1220 #1245) * As upstream support for Native Client has been deprecated by Google, support is now also deprecated in Botan and will be removed in a future release. * The Perl-XS wrapper has not been maintained in many years. It is now deprecated, and if no attempts are made to revive it, it will be removed in a future release. * Support for building on IRIX has been removed.- add Botan2-INT_MAX.patch * Fix “INT_MAX was not declared in this scope” in openSUSE Leap 42.1- fix build. python3 configure itself is useless, we should make package python3 too.- configure Botan explicitly with python3- Update to 1.10.17 - Address a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function. (GH #1192 #1148 #882, bsc#1060433) - Add SecureVector::data() function which returns the start of the buffer. This makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. When compiled by a C++11 (or later) compiler, a template typedef of SecureVector, secure_vector, is added. In 2.x this class is a std::vector with a custom allocator, so has a somewhat different interface than SecureVector in 1.10. But this makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. - Fix a bug that prevented configure.py from running under Python3 - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will [#]error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against 1.1 or later. (GH #753) - Import patches from Debian adding basic support for building on aarch64, ppc64le, or1k, and mipsn32 platforms. * obsoletes CVE-2017-14737.patch * refreshes aarch64-support.patch * drop ppc64le-support.patch for upstream version (disables altivec support as per concerns by upstream)- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation allows local attacker to recover information about RSA secret keys. * add CVE-2017-14737.patch- Explicitly require libopenssl-1_0_0-devel (bsc#1055322) * Botan 1.x won't support OpenSSL 1.1 (https://github.com/randombit/botan/issues/753)- Add patch to build SLES11 (allows for simplified backporting, e.g. bsc#968030) * add no-cpuid-header.patch - Clean up spec file- Update to 1.10.16 (Fixes CVE-2017-2801, bsc#1033605) * Fix a bug in X509 DN string comparisons that could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results. (CVE-2017-2801) * Avoid use of C++11 std::to_string in some code added in 1.10.14 (GH #747 #834) - Changes from 1.10.15: * Change an unintended behavior of 2.0.0, which named the include directory botan-2.0. Since future release of Botan-2 should be compatible with code written against old versions, there does not seem to be any reason to * version the include directory with the minor number. (GH #830 #833) * Fix a bug which caused an error when building on Cygwin or other platforms where shared libraries are not supported. (GH #821) * Enable use of readdir on Cygwin, which allows the tests to run (GH #824) * Switch to readthedocs Sphinx theme by default (GH #822 #823)- Update to 1.10.14 * Fix integer overflow during BER decoding, found by Falko Strenzke. This bug is not thought to be directly exploitable but upgrading ASAP is advised. (CVE-2016-9132) * Fix two cases where (in error situations) an exception would be thrown from a destructor, causing a call to std::terminate. * When RC4 is disabled in the build, also prevent it from being included in the OpenSSL provider. (GH #638)- Update to 1.10.13 * Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA (CVE-2016-2849) * Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption (CVE-2015-7827) * Avoid a compilation problem in OpenSSL engine when ECDSA was disabled. Gentoo bug 542010- Remove Qt5 dependency, since nothing is using it anymore. - Fix double-prefix in botan-config and pkgconfig file.- Update to 1.10.12 - Version 1.10.12, 2016-02-03 * In 1.10.11, the check in PointGFp intended to check the affine y argument actually checked the affine x again. Reported by Remi Gacogne * The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an additional check in the multiplication function itself which was also added in that release, so there are no security implications from the missed check. However to avoid confusion the change was pushed in a new release immediately. * The 1.10.11 release notes incorrectly identified CVE-2016-2195 as CVE-2016-2915 - Version 1.10.11, 2016-02-01 * Resolve heap overflow in ECC point decoding. CVE-2016-2195 Resolve infinite loop in modular square root algorithm. CVE-2016-2194 Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239- Add gpg signature - Cleanup spec file with spec-cleaner- Fix Source0 URL- bump SONAME to libbotan-1_10-1 - Update to 1.10.10 * SECURITY: The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. As the type requires a 1 byte field this is not valid BER but could occur in malformed data. Found with afl. CVE-2015-5726 * SECURITY: The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer. Found with afl. CVE-2015-5727 * Due to an ABI incompatible (though not API incompatible) change in this release, the version number of the shared object has been increased. * The default TLS policy no longer allows RC4. * Fix a signed integer overflow in Blue Midnight Wish that may cause incorrect computations or undefined behavior. - Update to 1.10.9 * Fixed EAX tag verification to run in constant time * The default TLS policy now disables SSLv3. * A crash could occur when reading from a blocking random device if the device initially indicated that entropy was available but a concurrent process drained the entropy pool before the read was initiated. * Fix decoding indefinite length BER constructs that contain a context sensitive tag of zero. Github pull 26 from Janusz Chorko. * The botan-config script previously tried to guess its prefix from the location of the binary. However this was error prone, and now the script assumes the final installation prefix matches the value set during the build. Github issue 29.- Change build dependence "libqt4-devel" to "libqt5-qtbase-devel".Botan-develh02-ch1c 1721049054  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@2.19.52.19.5-bp156.3.3.12.19.5-bp156.3.3.12.19.52.19.5botan-2botanadler32.haead.haes.halg_id.hargon2.haria.hasn1_alt_name.hasn1_attribute.hasn1_obj.hasn1_oid.hasn1_print.hasn1_str.hasn1_time.hassert.hauto_rng.hb64_filt.hbase32.hbase58.hbase64.hbasefilt.hbcrypt.hbcrypt_pbkdf.hber_dec.hbigint.hblake2b.hblinding.hblock_cipher.hblowfish.hbotan.hbswap.hbuf_comp.hbuf_filt.hbuild.hbzip2.hcalendar.hcamellia.hcascade.hcast128.hcast256.hcbc.hcbc_mac.hccm.hcecpq1.hcert_status.hcertstor.hcertstor_flatfile.hcertstor_sql.hcertstor_sqlite.hcertstor_system.hcfb.hchacha.hchacha20poly1305.hchacha_rng.hcharset.hcipher_filter.hcipher_mode.hcmac.hcomb4p.hcomp_filter.hcompiler.hcompression.hcpuid.hcrc24.hcrc32.hcredentials_manager.hcrl_ent.hcryptobox.hctr.hcurve25519.hcurve_gfp.hcurve_nistp.hdata_snk.hdata_src.hdatabase.hdatastor.hder_enc.hdes.hdesx.hdh.hdivide.hdl_algo.hdl_group.hdlies.hdsa.hdyn_load.heax.hec_group.hecc_key.hecdh.hecdsa.hecgdsa.hecies.heckcdsa.hed25519.helgamal.heme.heme_pkcs.heme_raw.hemsa.hemsa1.hemsa_pkcs1.hemsa_raw.hemsa_x931.hentropy_src.hexceptn.hfd_unix.hffi.hfilter.hfilters.hfpe_fe1.hgcm.hgf2m_small_m.hghash.hgmac.hgost_28147.hgost_3410.hgost_3411.hhash.hhash_id.hhex.hhex_filt.hhkdf.hhmac.hhmac_drbg.hhotp.hhttp_util.hidea.hinit.hiso9796.hkasumi.hkdf.hkdf1.hkdf1_iso18033.hkdf2.hkeccak.hkey_constraint.hkey_filt.hkey_spec.hkeypair.hlion.hloadstor.hlocking_allocator.hlookup.hlzma.hmac.hmceies.hmceliece.hmd4.hmd5.hmdx_hash.hmem_ops.hmgf1.hmisty1.hmode_pad.hmonty.hmul128.hmutex.hname_constraint.hnewhope.hnist_keywrap.hnoekeon.hnumthry.hoaep.hocb.hocsp.hocsp_types.hofb.hoids.hotp.hp11.hp11_ecc_key.hp11_ecdh.hp11_ecdsa.hp11_module.hp11_object.hp11_randomgenerator.hp11_rsa.hp11_session.hp11_slot.hp11_types.hp11_x509.hpackage.hpar_hash.hparsing.hpasshash9.hpbes2.hpbkdf.hpbkdf1.hpbkdf2.hpem.hpgp_s2k.hpipe.hpk_algs.hpk_keys.hpk_ops.hpk_ops_fwd.hpkcs10.hpkcs11.hpkcs11f.hpkcs11t.hpkcs8.hpkix_enums.hpkix_types.hpoint_gfp.hpoly1305.hpolyn_gf2m.hpow_mod.hprf_tls.hprf_x942.hprocessor_rng.hpsk_db.hpsk_db_sql.hpssr.hpubkey.hpwdhash.hrc4.hrdrand_rng.hreducer.hrfc3394.hrfc6979.hrmd160.hrng.hrotate.hroughtime.hrsa.hsalsa20.hscan_name.hscrypt.hsecmem.hsecqueue.hseed.hserpent.hsha160.hsha2_32.hsha2_64.hsha3.hshacal2.hshake.hshake_cipher.hsiphash.hsiv.hskein_512.hsm2.hsm2_enc.hsm3.hsm4.hsodium.hsp800_108.hsp800_56a.hsp800_56c.hsqlite3.hsrp6.hstateful_rng.hstl_compatibility.hstream_cipher.hstream_mode.hstreebog.hsym_algo.hsymkey.hsystem_rng.hthreefish.hthreefish_512.htiger.htls_alert.htls_algos.htls_blocking.htls_callbacks.htls_channel.htls_ciphersuite.htls_client.htls_exceptn.htls_extensions.htls_handshake_msg.htls_magic.htls_messages.htls_policy.htls_server.htls_server_info.htls_session.htls_session_manager.htls_session_manager_sql.htls_session_manager_sqlite.htls_version.htotp.htpm.htss.htwofish.htypes.huuid.hversion.hwhrlpool.hworkfactor.hx509_ca.hx509_crl.hx509_dn.hx509_ext.hx509_key.hx509_obj.hx509cert.hx509path.hx509self.hx919_mac.hxmss.hxmss_hash.hxmss_key_pair.hxmss_parameters.hxmss_privatekey.hxmss_publickey.hxmss_wots.hxmss_wots_parameters.hxmss_wots_privatekey.hxmss_wots_publickey.hxtea.hxts.hzfec.hzlib.hlibbotan-2.sobotan-2.pc/usr/include//usr/include/botan-2//usr/include/botan-2/botan//usr/lib64//usr/lib64/pkgconfig/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protectionobs://build.opensuse.org/openSUSE:Maintenance:18468/openSUSE_Backports_SLE-15-SP6_Update/1d7345a62d022490cd8027938493aa41-Botan.openSUSE_Backports_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryC++ source, ASCII textC source, ASCII textC++ source, UTF-8 Unicode textC source, UTF-8 Unicode textpkgconfig filePRc^fq4n{ ϒutf-89c2c6854a82a9d1d72910a7ab413ec8b62c1fea69e708c940f22221e4b8cc317?7zXZ !t/#]"k%AKTp #92WDž>q4.5*]\iX4YLs=Eá __j0U;vydLtqs*)=> 6mUAQǑq~54ԃ5h`vkW.f.̙*#hakP源?)ȐտLד#g6v%zbu2Y.M(Q^uXr^]8-zFm7R<:9c>^1۳('p.wBE~Re? xk8:*ޝY_86a"Q[W Vui'(Dss+kY&#U? Љ='aD4ν)1\te%>6pԘCs/Gb%7 JJ35[ ։ŋsqqTHJV[HQ&U@/d9$A#S'ePi~j_E;E} ,3N)Wwk,jlrIjƘ3?4@39М2^S]Q.t3ˢ{@c>/sZcq]v/=zqY&zc%>/E )}1-u钕|nn辠̐[!rQIc8X gncI P#D WWt @ 3燐|x0PSX^T<C7Q]AS;1!lu9 v,!LTRA4ZaCTc&Y"a_ =KԻI{x1l/m c![@Kz:a+cC XtĎQjOe*HMgH$|~;Tl:qL~ ja7ю#]o3㾑(DtuqGO^x!_@`t0 RZ#Ov:azy0hR݋p`zאQCF 놛%_Rό3clo )fDur˖w##ЕG| Eo&t~!vf~{Q~n A{h4O$H7oMD+"b`^3&ʧ| 8@,ş!$REYN@7>Nc J^rUCҩֲgn׻Oѣ;6N)"9݈W,eiE0F, fJH-x;6nK&kZzNrPC;6U&#i9BK1 Oɰ+{z319mNj0TP7 |49b7xX 䎊("k߭:;H;lULŃ[z( Vf1h^vZ-1s%E疔㟆Ik)cD\fv$/_ _S4$`7Z6) | "heRIhV 8/T,xgK\Av-Q.sLeU,-)K4,AP'wt2m֌o=rv_bGq//~i敧I9ª O*{8L hb ̹q LP-`:g Kq=1-Nە6?phv)yDFTǻR%֍n+a 4r'@E-/ǚL80pN-`T7`fHfb?27KI54Ⱦ3<=@f@fwH6)MX?:yEݒ`<=婲{§nC+*2r8D/؜t6*Q $j\Ap*j-򗱥1ƽ["~|)TUxw7ⱹ!噡{c/e:sL5#0XF;qa%5wI!y&+bG<4.b5!LY.RonI-۾<]OV%6ȍSUϒ ݒD΃<刳@*udQcuf 7$Fx u:6 BG5_xY6M Zy fJsp%T%n X!q,rD޹ύ2lp/Wý.i1^[΢^R|廨+|o]0NSb`Kv9>eI=iplRe2sS dʷSs#7OSIX75)Z> KCo) {uDQpV!chv31`Rp.}QM*C6i-(Ga[s T ՃA orcq%c|D)2*v"`Nnk9ȱ1 -+PN8!֣I%0$i2A):},~ƋvI(j zȒ/8FgK{mj|=.TXBJR(Z,S|e=M3ʓVOMλi6o99ϭB^@y yq2BLe>NM x?d]M$x}5/X#~WDq7؍&p{m,rwt@1X[_m7CSII  ÿer<|-#n^6-He^iCmx~߁=OQ X[t q>UR_dop4t09=_ #g_ W:m5/”dOуܕn%RMÐ)d6S&؇+[p[Qw$DvO\ !iZq$% V \PjUDkwbh3q(X1փ .ئ_pZ쬩Yx!elUEs9-P Q[~K>'y1fū꿨sd;飧v5 5_:AVx3*?-lude`rV j{?zAPgqC.siDZwc+=է jIl+6\_7 GW YZ