+ +* Fix a potential denial of service caused by accepting arbitrary + length primes as potential elliptic curve parameters in ASN.1 + encodings. With very large inputs the primality verification + can become computationally expensive. Now any prime field larger + than 1024 bits is rejected immediately. Reported by Bing Shi. + (GH #3913)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b08eae1d92f362ff9b39d0d974aa9f59695ca50 commit 8b08eae1d92f362ff9b39d0d974aa9f59695ca50 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-21 09:46:51 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 10:02:17 +0000 dev-libs/botan: drop kw for 3.3.0 Has a test failure. Bug: https://github.com/randombit/botan/issues/3917 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/botan-3.3.0.ebuild | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efbc79628420cd81dacc55fbd5762a41a8771a5b commit efbc79628420cd81dacc55fbd5762a41a8771a5b Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-21 09:46:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 10:02:16 +0000 dev-libs/botan: drop kw for 2.19.4 Has a test failure. Bug: https://github.com/randombit/botan/issues/3916 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/botan-2.19.4.ebuild | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94c175b2dd8bc1496a5386f807889ccb79f5fbc9 commit 94c175b2dd8bc1496a5386f807889ccb79f5fbc9 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-21 08:54:18 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 10:02:16 +0000 dev-libs/botan: add 2.19.4 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/Manifest | 4 + dev-libs/botan/botan-2.19.4.ebuild | 200 +++++++++++++++++++++++++++++++++++++ 2 files changed, 204 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=829ba39e7e73b6387749f076d2b3f55ac36c64d2 commit 829ba39e7e73b6387749f076d2b3f55ac36c64d2 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-21 08:12:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-21 10:02:15 +0000 dev-libs/botan: add 3.3.0 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/Manifest | 2 + dev-libs/botan/botan-3.3.0.ebuild | 223 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 225 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c61b3da860312a8fa6ca55a7e96218fb0375135 commit 6c61b3da860312a8fa6ca55a7e96218fb0375135 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-03-31 23:35:25 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-03-31 23:35:25 +0000 dev-libs/botan: drop 3.1.1, 3.2.0-r1, 3.2.0-r2, 3.6.1 Bug: https://bugs.gentoo.org/925147 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/botan/Manifest | 6 - dev-libs/botan/botan-3.1.1.ebuild | 218 -------------- dev-libs/botan/botan-3.2.0-r1.ebuild | 229 --------------- dev-libs/botan/botan-3.2.0-r2.ebuild | 229 --------------- dev-libs/botan/botan-3.6.1.ebuild | 229 --------------- dev-libs/botan/files/botan-3.2.0-ninja.patch | 20 -- dev-libs/botan/files/botan-3.6.1-boost-1.87.patch | 322 --------------------- dev-libs/botan/files/botan-3.6.1-no-avx2.patch | 29 -- .../botan-3.6.1-tests-glibcxx_assertions.patch | 40 --- 9 files changed, 1322 deletions(-)
