+ +* Fix a potential denial of service caused by accepting arbitrary + length primes as potential elliptic curve parameters in ASN.1 + encodings. With very large inputs the primality verification + can become computationally expensive. Now any prime field larger + than 1024 bits is rejected immediately. Reported by Bing Shi. + (GH #3913)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b08eae1d92f362ff9b39d0d974aa9f59695ca50 commit 8b08eae1d92f362ff9b39d0d974aa9f59695ca50 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-21 09:46:51 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 10:02:17 +0000 dev-libs/botan: drop kw for 3.3.0 Has a test failure. Bug: https://github.com/randombit/botan/issues/3917 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/botan-3.3.0.ebuild | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efbc79628420cd81dacc55fbd5762a41a8771a5b commit efbc79628420cd81dacc55fbd5762a41a8771a5b Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-21 09:46:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 10:02:16 +0000 dev-libs/botan: drop kw for 2.19.4 Has a test failure. Bug: https://github.com/randombit/botan/issues/3916 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/botan-2.19.4.ebuild | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94c175b2dd8bc1496a5386f807889ccb79f5fbc9 commit 94c175b2dd8bc1496a5386f807889ccb79f5fbc9 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-21 08:54:18 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 10:02:16 +0000 dev-libs/botan: add 2.19.4 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/Manifest | 4 + dev-libs/botan/botan-2.19.4.ebuild | 200 +++++++++++++++++++++++++++++++++++++ 2 files changed, 204 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=829ba39e7e73b6387749f076d2b3f55ac36c64d2 commit 829ba39e7e73b6387749f076d2b3f55ac36c64d2 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-21 08:12:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 10:02:15 +0000 dev-libs/botan: add 3.3.0 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/Manifest | 2 + dev-libs/botan/botan-3.3.0.ebuild | 223 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 225 insertions(+)