Hi,
update botan2 to version 2.1.0
fix CVE-2017-7252 CVE-2017-2801
major library bump, forgotten upstream, patched locally
build patches have been accepted upstream
keep patches local that are needed by port system
support for getentropy(2) and arc4random(3) accepted upstream
botan CLI has been renamed to botan2 upstream
ok?
bluhm
Index: security/botan2/Makefile
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/security/botan2/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- security/botan2/Makefile 3 Apr 2017 10:08:17 -0000 1.3
+++ security/botan2/Makefile 7 Apr 2017 20:38:26 -0000
@@ -2,12 +2,11 @@
COMMENT = crypto and TLS for C++11
-VERSION = 2.0.1
-REVISION = 0
+VERSION = 2.1.0
DISTNAME = Botan-${VERSION}
PKGNAME = botan2-${VERSION}
-SHARED_LIBS = botan-2 0.0
+SHARED_LIBS = botan-2 1.1
CATEGORIES = security
@@ -51,7 +50,7 @@ PKG_ARGS = -Dx86=1
PKG_ARGS = -Dx86=0
.endif
-SUBST_VARS = CXX CXXFLAGS
+SUBST_VARS = CXX CXXFLAGS VERSION
pre-configure:
${SUBST_CMD} ${WRKSRC}/src/build-data/cc/gcc.txt
@@ -62,6 +61,6 @@ do-test:
post-install:
${MODPY_BIN} ${MODPY_LIBDIR}/compileall.py \
- ${PREFIX}/lib/python${MODPY_VERSION}/site-packages/botan.py
+ ${PREFIX}/lib/python${MODPY_VERSION}/site-packages/botan2.py
.include <bsd.port.mk>
Index: security/botan2/distinfo
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/security/botan2/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- security/botan2/distinfo 13 Mar 2017 15:00:39 -0000 1.1.1.1
+++ security/botan2/distinfo 5 Apr 2017 12:59:56 -0000
@@ -1,4 +1,4 @@
-SHA256 (Botan-2.0.1.tgz) = oTjtMW0RRQqEBUUbnJZkuOZAqbethNPzrTToBx82Tgs=
-SHA256 (Botan-2.0.1.tgz.asc) = 268Pay7otvnyGqyH71XnYfanF/UFXF9+mEj31MBBoIg=
-SIZE (Botan-2.0.1.tgz) = 4995413
-SIZE (Botan-2.0.1.tgz.asc) = 488
+SHA256 (Botan-2.1.0.tgz) = Rg8tcgWu0RP4mN9JR7H2bM+NCA7sfawinvC3VMmtYpQ=
+SHA256 (Botan-2.1.0.tgz.asc) = YXwQhiBdh2KazZIXg/6jFz3em8zeUwZEy9gqYgxLnEc=
+SIZE (Botan-2.1.0.tgz) = 5073684
+SIZE (Botan-2.1.0.tgz.asc) = 488
Index: security/botan2/patches/patch-botan_version_py
===================================================================
RCS file: security/botan2/patches/patch-botan_version_py
diff -N security/botan2/patches/patch-botan_version_py
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/botan2/patches/patch-botan_version_py 7 Apr 2017 20:41:32
-0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- botan_version.py.orig Wed Apr 5 03:09:59 2017
++++ botan_version.py Fri Apr 7 22:40:26 2017
+@@ -2,7 +2,7 @@
+ release_major = 2
+ release_minor = 1
+ release_patch = 0
+-release_so_abi_rev = 0
++release_so_abi_rev = 1
+
+ # These are set by the distribution script
+ release_vc_rev = 'git:7bdffd52a96e08e9452d1985258376a3925a497b'
Index: security/botan2/patches/patch-configure_py
===================================================================
RCS file:
/data/mirror/openbsd/cvs/ports/security/botan2/patches/patch-configure_py,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 patch-configure_py
--- security/botan2/patches/patch-configure_py 13 Mar 2017 15:00:39 -0000
1.1.1.1
+++ security/botan2/patches/patch-configure_py 7 Apr 2017 20:41:36 -0000
@@ -1,7 +1,7 @@
$OpenBSD: patch-configure_py,v 1.1.1.1 2017/03/13 15:00:39 bluhm Exp $
---- configure.py.orig Tue Jan 10 04:21:31 2017
-+++ configure.py Mon Mar 13 07:15:37 2017
-@@ -2201,10 +2201,6 @@ def main(argv = None):
+--- configure.py.orig Wed Apr 5 03:09:22 2017
++++ configure.py Fri Apr 7 22:40:26 2017
+@@ -2465,10 +2465,6 @@ def main(argv=None):
if have_program('clang++'):
options.compiler = 'clang'
elif options.os == 'openbsd':
Index: security/botan2/patches/patch-src_build-data_os_openbsd_txt
===================================================================
RCS file: security/botan2/patches/patch-src_build-data_os_openbsd_txt
diff -N security/botan2/patches/patch-src_build-data_os_openbsd_txt
--- security/botan2/patches/patch-src_build-data_os_openbsd_txt 16 Mar 2017
12:32:16 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,23 +0,0 @@
-$OpenBSD: patch-src_build-data_os_openbsd_txt,v 1.2 2017/03/16 12:32:16 bluhm
Exp $
-
-commit 6eb7588d45b7b793b11f67788a2c27eeb0d7796e
-Author: Alexander Bluhm <[email protected]>
-Date: Mon Mar 13 16:23:58 2017 +0100
-
- OpenBSD does not have 3 digit soname and library symlinks.
-
- Set library name for openbsd to libbotan-2.so.0.0 and do not install
- symlinks.
-
---- src/build-data/os/openbsd.txt.orig Tue Jan 10 04:21:31 2017
-+++ src/build-data/os/openbsd.txt Fri Mar 10 01:54:13 2017
-@@ -1,6 +1,8 @@
- os_type unix
-
--soname_suffix "so"
-+soname_pattern_base "libbotan-{version_major}.so"
-+soname_pattern_abi "libbotan-{version_major}.so.{abi_rev}"
-+soname_pattern_patch "libbotan-{version_major}.so.{abi_rev}.{version_minor}"
-
- <target_features>
- clock_gettime
Index: security/botan2/patches/patch-src_scripts_install_py
===================================================================
RCS file: security/botan2/patches/patch-src_scripts_install_py
diff -N security/botan2/patches/patch-src_scripts_install_py
--- security/botan2/patches/patch-src_scripts_install_py 16 Mar 2017
12:32:16 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,36 +0,0 @@
-$OpenBSD: patch-src_scripts_install_py,v 1.2 2017/03/16 12:32:16 bluhm Exp $
-
-commit 6eb7588d45b7b793b11f67788a2c27eeb0d7796e
-Author: Alexander Bluhm <[email protected]>
-Date: Mon Mar 13 16:23:58 2017 +0100
-
- OpenBSD does not have 3 digit soname and library symlinks.
-
- Set library name for openbsd to libbotan-2.so.0.0 and do not install
- symlinks.
-
---- src/scripts/install.py.orig Tue Jan 10 04:21:31 2017
-+++ src/scripts/install.py Fri Mar 10 01:54:24 2017
-@@ -171,14 +171,14 @@ def main(args = None):
- copy_executable(os.path.join(out_dir, soname_patch),
- os.path.join(lib_dir, soname_patch))
-
-- prev_cwd = os.getcwd()
--
-- try:
-- os.chdir(lib_dir)
-- force_symlink(soname_patch, soname_abi)
-- force_symlink(soname_patch, soname_base)
-- finally:
-- os.chdir(prev_cwd)
-+ if str(cfg['os']) != "openbsd":
-+ prev_cwd = os.getcwd()
-+ try:
-+ os.chdir(lib_dir)
-+ force_symlink(soname_patch, soname_abi)
-+ force_symlink(soname_patch, soname_base)
-+ finally:
-+ os.chdir(prev_cwd)
-
- copy_executable(os.path.join(out_dir, app_exe), os.path.join(bin_dir,
app_exe))
-
Index: security/botan2/patches/patch-src_tests_test_name_constraint_cpp
===================================================================
RCS file: security/botan2/patches/patch-src_tests_test_name_constraint_cpp
diff -N security/botan2/patches/patch-src_tests_test_name_constraint_cpp
--- security/botan2/patches/patch-src_tests_test_name_constraint_cpp 13 Mar
2017 15:00:39 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,41 +0,0 @@
-$OpenBSD: patch-src_tests_test_name_constraint_cpp,v 1.1.1.1 2017/03/13
15:00:39 bluhm Exp $
-
-commit 6203025a02b052fbaebb4b309104497a22737187
-Author: Jack Lloyd <[email protected]>
-Date: Fri Mar 3 22:24:06 2017 -0500
-
- Change name constraint test to use a fixed reference time
-
- Test certs have expired.
-
---- src/tests/test_name_constraint.cpp.orig Tue Jan 10 04:21:31 2017
-+++ src/tests/test_name_constraint.cpp Thu Mar 9 19:36:02 2017
-@@ -8,7 +8,7 @@
-
- #if defined(BOTAN_HAS_X509_CERTIFICATES)
- #include <botan/x509path.h>
-- #include <botan/internal/filesystem.h>
-+ #include <botan/calendar.h>
- #endif
-
- #include <algorithm>
-@@ -65,6 +65,9 @@ class Name_Constraint_Tests : public Test
- std::vector<Test::Result> results;
- const Botan::Path_Validation_Restrictions restrictions(false, 80);
-
-+ std::chrono::system_clock::time_point validation_time =
-+ Botan::calendar_point(2016,10,21,4,20,0).to_std_timepoint();
-+
- for(const auto& t: test_cases)
- {
- Botan::X509_Certificate root(Test::data_file("name_constraint/" +
std::get<0>(t)));
-@@ -74,7 +77,8 @@ class Name_Constraint_Tests : public Test
-
- trusted.add_certificate(root);
- Botan::Path_Validation_Result path_result =
Botan::x509_path_validate(
-- sub, restrictions, trusted, std::get<2>(t),
Botan::Usage_Type::TLS_SERVER_AUTH);
-+ sub, restrictions, trusted, std::get<2>(t),
Botan::Usage_Type::TLS_SERVER_AUTH,
-+ validation_time);
-
- if(path_result.successful_validation() &&
path_result.trust_root() != root)
- path_result =
Botan::Path_Validation_Result(Botan::Certificate_Status_Code::CANNOT_ESTABLISH_TRUST);
Index: security/botan2/pkg/PLIST
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/security/botan2/pkg/PLIST,v
retrieving revision 1.2
diff -u -p -r1.2 PLIST
--- security/botan2/pkg/PLIST 3 Apr 2017 10:08:17 -0000 1.2
+++ security/botan2/pkg/PLIST 5 Apr 2017 14:28:39 -0000
@@ -77,6 +77,7 @@ include/botan-2/botan/dl_algo.h
include/botan-2/botan/dl_group.h
include/botan-2/botan/dlies.h
include/botan-2/botan/dsa.h
+include/botan-2/botan/dyn_load.h
include/botan-2/botan/eax.h
include/botan-2/botan/ec_group.h
include/botan-2/botan/ecc_key.h
@@ -156,6 +157,17 @@ include/botan-2/botan/ocsp.h
include/botan-2/botan/ocsp_types.h
include/botan-2/botan/ofb.h
include/botan-2/botan/oids.h
+include/botan-2/botan/p11.h
+include/botan-2/botan/p11_ecc_key.h
+include/botan-2/botan/p11_ecdh.h
+include/botan-2/botan/p11_ecdsa.h
+include/botan-2/botan/p11_module.h
+include/botan-2/botan/p11_object.h
+include/botan-2/botan/p11_randomgenerator.h
+include/botan-2/botan/p11_rsa.h
+include/botan-2/botan/p11_session.h
+include/botan-2/botan/p11_slot.h
+include/botan-2/botan/p11_x509.h
include/botan-2/botan/package.h
include/botan-2/botan/par_hash.h
include/botan-2/botan/parsing.h
@@ -171,6 +183,9 @@ include/botan-2/botan/pk_keys.h
include/botan-2/botan/pk_ops.h
include/botan-2/botan/pk_ops_fwd.h
include/botan-2/botan/pkcs10.h
+include/botan-2/botan/pkcs11.h
+include/botan-2/botan/pkcs11f.h
+include/botan-2/botan/pkcs11t.h
include/botan-2/botan/pkcs8.h
include/botan-2/botan/point_gfp.h
include/botan-2/botan/poly1305.h
@@ -207,6 +222,7 @@ include/botan-2/botan/sp800_108.h
include/botan-2/botan/sp800_56c.h
include/botan-2/botan/srp6.h
include/botan-2/botan/stateful_rng.h
+include/botan-2/botan/stl_compatibility.h
include/botan-2/botan/stream_cipher.h
include/botan-2/botan/stream_mode.h
include/botan-2/botan/sym_algo.h
@@ -267,46 +283,48 @@ include/botan-2/botan/zlib.h
lib/libbotan-2.a
@lib lib/libbotan-2.so.${LIBbotan-2_VERSION}
lib/pkgconfig/botan-2.pc
-lib/python${MODPY_VERSION}/site-packages/botan.py
-lib/python${MODPY_VERSION}/site-packages/botan.pyc
-share/doc/botan-2.0.1/
-share/doc/botan-2.0.1/deprecated.txt
-share/doc/botan-2.0.1/license.txt
-share/doc/botan-2.0.1/manual/
-share/doc/botan-2.0.1/manual/bigint.rst
-share/doc/botan-2.0.1/manual/building.rst
-share/doc/botan-2.0.1/manual/cli.rst
-share/doc/botan-2.0.1/manual/compression.rst
-share/doc/botan-2.0.1/manual/contents.rst
-share/doc/botan-2.0.1/manual/credentials_manager.rst
-share/doc/botan-2.0.1/manual/cryptobox.rst
-share/doc/botan-2.0.1/manual/ffi.rst
-share/doc/botan-2.0.1/manual/filters.rst
-share/doc/botan-2.0.1/manual/fpe.rst
-share/doc/botan-2.0.1/manual/goals.rst
-share/doc/botan-2.0.1/manual/hash.rst
-share/doc/botan-2.0.1/manual/index.rst
-share/doc/botan-2.0.1/manual/kdf.rst
-share/doc/botan-2.0.1/manual/lowlevel.rst
-share/doc/botan-2.0.1/manual/mceliece.rst
-share/doc/botan-2.0.1/manual/packaging.rst
-share/doc/botan-2.0.1/manual/passhash.rst
-share/doc/botan-2.0.1/manual/pbkdf.rst
-share/doc/botan-2.0.1/manual/pkcs11.rst
-share/doc/botan-2.0.1/manual/platforms.rst
-share/doc/botan-2.0.1/manual/pubkey.rst
-share/doc/botan-2.0.1/manual/python.rst
-share/doc/botan-2.0.1/manual/rng.rst
-share/doc/botan-2.0.1/manual/secmem.rst
-share/doc/botan-2.0.1/manual/side_channels.rst
-share/doc/botan-2.0.1/manual/srp.rst
-share/doc/botan-2.0.1/manual/support.rst
-share/doc/botan-2.0.1/manual/symmetric_crypto.rst
-share/doc/botan-2.0.1/manual/tls.rst
-share/doc/botan-2.0.1/manual/tpm.rst
-share/doc/botan-2.0.1/manual/versions.rst
-share/doc/botan-2.0.1/manual/x509.rst
-share/doc/botan-2.0.1/news.txt
-share/doc/botan-2.0.1/pgpkey.txt
-share/doc/botan-2.0.1/reading_list.txt
%%x86%%
+lib/python${MODPY_VERSION}/
+lib/python${MODPY_VERSION}/site-packages/
+lib/python${MODPY_VERSION}/site-packages/botan2.py
+lib/python${MODPY_VERSION}/site-packages/botan2.pyc
+share/doc/botan-${VERSION}/
+share/doc/botan-${VERSION}/deprecated.txt
+share/doc/botan-${VERSION}/license.txt
+share/doc/botan-${VERSION}/manual/
+share/doc/botan-${VERSION}/manual/bigint.rst
+share/doc/botan-${VERSION}/manual/building.rst
+share/doc/botan-${VERSION}/manual/cli.rst
+share/doc/botan-${VERSION}/manual/compression.rst
+share/doc/botan-${VERSION}/manual/contents.rst
+share/doc/botan-${VERSION}/manual/credentials_manager.rst
+share/doc/botan-${VERSION}/manual/cryptobox.rst
+share/doc/botan-${VERSION}/manual/ffi.rst
+share/doc/botan-${VERSION}/manual/filters.rst
+share/doc/botan-${VERSION}/manual/fpe.rst
+share/doc/botan-${VERSION}/manual/goals.rst
+share/doc/botan-${VERSION}/manual/hash.rst
+share/doc/botan-${VERSION}/manual/index.rst
+share/doc/botan-${VERSION}/manual/kdf.rst
+share/doc/botan-${VERSION}/manual/lowlevel.rst
+share/doc/botan-${VERSION}/manual/mceliece.rst
+share/doc/botan-${VERSION}/manual/packaging.rst
+share/doc/botan-${VERSION}/manual/passhash.rst
+share/doc/botan-${VERSION}/manual/pbkdf.rst
+share/doc/botan-${VERSION}/manual/pkcs11.rst
+share/doc/botan-${VERSION}/manual/platforms.rst
+share/doc/botan-${VERSION}/manual/pubkey.rst
+share/doc/botan-${VERSION}/manual/python.rst
+share/doc/botan-${VERSION}/manual/rng.rst
+share/doc/botan-${VERSION}/manual/secmem.rst
+share/doc/botan-${VERSION}/manual/side_channels.rst
+share/doc/botan-${VERSION}/manual/srp.rst
+share/doc/botan-${VERSION}/manual/support.rst
+share/doc/botan-${VERSION}/manual/symmetric_crypto.rst
+share/doc/botan-${VERSION}/manual/tls.rst
+share/doc/botan-${VERSION}/manual/tpm.rst
+share/doc/botan-${VERSION}/manual/versions.rst
+share/doc/botan-${VERSION}/manual/x509.rst
+share/doc/botan-${VERSION}/news.txt
+share/doc/botan-${VERSION}/pgpkey.txt
+share/doc/botan-${VERSION}/reading_list.txt
