---
- branch: MAIN
  date: Mon Feb 26 21:01:13 UTC 2024
  files:
  - new: '1.10'
    old: '1.9'
    path: pkgsrc/security/botan2/Makefile
    pathrev: pkgsrc/security/botan2/Makefile@1.10
    type: modified
  - new: '1.4'
    old: '1.3'
    path: pkgsrc/security/botan2/PLIST
    pathrev: pkgsrc/security/botan2/PLIST@1.4
    type: modified
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/security/botan2/buildlink3.mk
    pathrev: pkgsrc/security/botan2/buildlink3.mk@1.8
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/security/botan2/distinfo
    pathrev: pkgsrc/security/botan2/distinfo@1.5
    type: modified
  id: 20240226T210113Z.91429ce11761e52027051adfac64fba1404b4976
  log: |
    Update botan2 to version 2.19.4

    Pkgsrc changes:
    Add pkg-config override.

    Changes From changelog:

    * Fix a potential denial of service caused by accepting arbitrary
      length primes as potential elliptic curve parameters in ASN.1
      encodings. With very large inputs the primality verification
      can become computationally expensive. Now any prime field larger
      than 1024 bits is rejected immediately. Reported by Bing Shi.
      (GH #3914)

    * Switch to using a constant time binary algorithm for computing
      GCD (GH #3912)

    * Fix a bug in SHAKE_Cipher which could cause incorrect output
      if set_key was called multiple times. (GH #3192)

    * Fix a bug in RSA-KEM encryption where the shared secret key
      was incorrectly not padded to exactly the byte length of the
      modulus. This would cause an incorrect shared key with ~1/256
      probability. (GH #3380)

    * In RSA decryption and signature verification, reject bytestrings
      which are longer than the public modulus. Previously, otherwise
      valid signatures/ciphertexts with additional leading zero bytes
      would also be accepted. (GH #3380)

    * Add support for short nonces in XTS (GH #3384 #3336)

    * Fix NIST keywrap which was incorrect when wrapping 64-bit keys
      (GH #3384 #3340)

    * Fix nonce handling bug in EAX (GH #3382 #3335)

    * Fix a bug in PKCS11 AttributeContainer where adding an attribute
      that already existed could cause incorrect references to the
      existing attributes. (GH #3185)

    * Apply patches which allow GCC 4.7 to compile Botan 2.x. Previously
      at least GCC 4.8 had been required. (GH #3273)

    * Fix a build time problem affecting VCpkg (GH #3071)

    * Fix a build problem affecting Windows ARM with Visual C++ (GH #3871)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/botan2'
  unixtime: '1708981273'
  user: nros