-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 04 Mar 2013 09:24:12 +0100 Source: botan1.10 Binary: botan1.10-dbg libbotan-1.10-0 libbotan1.10-dev Architecture: source amd64 Version: 1.10.5-1 Distribution: unstable Urgency: low Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Description: botan1.10-dbg - multiplatform crypto library (debug) libbotan-1.10-0 - multiplatform crypto library libbotan1.10-dev - multiplatform crypto library (development) Changes: botan1.10 (1.10.5-1) unstable; urgency=low . * Imported Upstream version 1.10.4 + Avoid a conditional operation in the power mod implementations on if a nibble of the exponent was zero or not. This may help protect against certain forms of side channel attacks. + The SRP6 code was checking for invalid values as specified in RFC 5054, specifically values equal to zero mod p. However SRP would accept negative A/B values, or ones larger than p, neither of which should occur in a normal run of the protocol. These values are now rejected. Credits to Timothy Prepscius for pointing out these values are not normally used and probably signal something fishy. + The return value of version_string is now a compile time constant string, so version information can be more easily extracted from binaries. * Imported Upstream version 1.10.5 + A potential crash in the AES-NI implementation of the AES-192 key schedule (caused by misaligned loads) has been fixed. + A previously conditional operation in Montgomery multiplication and squaring is now always performed, removing a possible timing channel. + Use correct flags for creating a shared library on OS X under Clang. + Fix a compile time incompatibility with Visual C++ 2012. Checksums-Sha1: 5bd51f5a8138c310ce982611a0bb4f86e8b92aaa 1401 botan1.10_1.10.5-1.dsc c203a40f97d6b141803f4bd1ed9d15140fb3c9de 2247439 botan1.10_1.10.5.orig.tar.bz2 2431a4fc5591e20c79fa2d7fb881fddf47c481b1 8222 botan1.10_1.10.5-1.debian.tar.gz 19be08f64a7b76caaf813736f9abfd208f227e48 139118 botan1.10-dbg_1.10.5-1_amd64.deb b81eb368ebca26e176570150c8d37e934f02567e 1175834 libbotan-1.10-0_1.10.5-1_amd64.deb 307e3331db50607d61be0f6df7d390434afa3f8a 2441502 libbotan1.10-dev_1.10.5-1_amd64.deb Checksums-Sha256: 0c5a3308961069a9396475084f8b330f277b015b564c237a3eb59585bc45a823 1401 botan1.10_1.10.5-1.dsc 5f57cf44dc295e63c137f40e6367f1d0f53e92b9b224db150dae321d2a8e712d 2247439 botan1.10_1.10.5.orig.tar.bz2 e4b8084b0b428971cbd0d9c4594a3b6d984cb69642b6cca91d6b6201d8790ada 8222 botan1.10_1.10.5-1.debian.tar.gz bfe2eabacdf8241fcd4b6c5ebab1f224966ba537453736667efccdabb71cdc1a 139118 botan1.10-dbg_1.10.5-1_amd64.deb 0cd8d7893e4ac744aa4c266b130479f9260b31ea21b223540837d6e856c699cb 1175834 libbotan-1.10-0_1.10.5-1_amd64.deb b997eda32a39580ed109f6a55614aa5d502c65e770a6e7d6710e07912eacebd2 2441502 libbotan1.10-dev_1.10.5-1_amd64.deb Files: 37f7b875afdb115465abc9bb2e8cd44c 1401 libs optional botan1.10_1.10.5-1.dsc 89a7002f385c26477af6823c4fe2c930 2247439 libs optional botan1.10_1.10.5.orig.tar.bz2 85597663528c3d2440bf685b9c91f92d 8222 libs optional botan1.10_1.10.5-1.debian.tar.gz 35acb790aeb66d9ebc70e892828c0867 139118 debug extra botan1.10-dbg_1.10.5-1_amd64.deb 292e8d47b059955b42085c1f8752ff1e 1175834 libs optional libbotan-1.10-0_1.10.5-1_amd64.deb f61ba4de15ea9506427f3f814b804ce3 2441502 libdevel optional libbotan1.10-dev_1.10.5-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlE0XBEACgkQ9OZqfMIN8nP9ugCaAvoIUUF99gnmAM0/o+peVbRP Vp8An0JwJuLiKEu3g3dS2QWhjq2MFV+k =JfPi -----END PGP SIGNATURE-----