Botan 2.5.0 was released today, general feature release but also addresses one security issue (CVE-2018-9127, improper handling of wildcard certificates). For update be sure to base off botan-9999.ebuild rather than botan-2.3.0.ebuild, as the live ebuild reflects improvements to the upstream build system that remove the need for various hacks used in the 2.3 ebuild. (I am library upstream maintainer, and still proxy maintainer of dev-libs/botan package, but I do not use Gentoo anymore so cannot test an ebuild update.)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=581cab67637a9f8e159491f0d0bde735af207532 commit 581cab67637a9f8e159491f0d0bde735af207532 Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2018-04-03 06:27:40 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2018-04-03 06:28:09 +0000 dev-libs/botan: version bump Bug: https://bugs.gentoo.org/show_bug.cgi?id=652254 Package-Manager: Portage-2.3.24, Repoman-2.3.6 dev-libs/botan/Manifest | 1 + dev-libs/botan/{botan-9999.ebuild => botan-2.5.0.ebuild} | 16 +++++++--------- 2 files changed, 8 insertions(+), 9 deletions(-)}
@arches, please stabilize.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=333710817abdda2fbb2ad1859fb317f6f59ed76f commit 333710817abdda2fbb2ad1859fb317f6f59ed76f Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-04 16:02:09 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-04 16:13:41 +0000 dev-libs/botan: amd64 stable Bug: https://bugs.gentoo.org/652254 Package-Manager: Portage-2.3.28, Repoman-2.3.9 dev-libs/botan/botan-2.5.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
x86 stable
@ Maintainer(s): Please cleanup and drop <dev-libs/botan-2.5.0!
Botan 1.10 is not affected by this issue so there is no need to drop it if there are still any extant deps that require 1.10 API
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b2fee6ac6d3e5d35cb0baa7d2c31c32029eaa4c commit 4b2fee6ac6d3e5d35cb0baa7d2c31c32029eaa4c Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2018-04-08 11:10:37 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2018-04-08 19:21:08 +0000 dev-libs/botan: cleanup Bug: https://bugs.gentoo.org/show_bug.cgi?id=652254 Package-Manager: Portage-2.3.24, Repoman-2.3.6 dev-libs/botan/Manifest | 1 - dev-libs/botan/botan-2.3.0.ebuild | 113 --------------------------- dev-libs/botan/files/botan-2.3.0-build.patch | 48 ------------ 3 files changed, 162 deletions(-)}
(In reply to Larry the Git Cow from comment #7) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=4b2fee6ac6d3e5d35cb0baa7d2c31c32029eaa4c > > commit 4b2fee6ac6d3e5d35cb0baa7d2c31c32029eaa4c > Author: Alon Bar-Lev <alonbl@gentoo.org> > AuthorDate: 2018-04-08 11:10:37 +0000 > Commit: Alon Bar-Lev <alonbl@gentoo.org> > CommitDate: 2018-04-08 19:21:08 +0000 > > dev-libs/botan: cleanup > > Bug: https://bugs.gentoo.org/show_bug.cgi?id=652254 > Package-Manager: Portage-2.3.24, Repoman-2.3.6 > > dev-libs/botan/Manifest | 1 - > dev-libs/botan/botan-2.3.0.ebuild | 113 > --------------------------- > dev-libs/botan/files/botan-2.3.0-build.patch | 48 ------------ > 3 files changed, 162 deletions(-)} Thanks, Alon! GLSA Vote: No