Package: src:botan1.10; Maintainer for src:botan1.10 is Ondřej Surý <ondrej@debian.org>;
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 1 Oct 2017 18:57:01 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in versions botan1.10/1.10.16-1, botan1.10/1.10.8-2
Fixed in version botan1.10/1.10.17-0.1
Done: Christian Hofstaedtler <zeha@debian.org>
Forwarded to https://github.com/randombit/botan/issues/1222
Reply or subscribe to this bug.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ondřej Surý <ondrej@debian.org>
:
Bug#877436
; Package src:botan1.10
.
(Sun, 01 Oct 2017 18:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ondřej Surý <ondrej@debian.org>
.
(Sun, 01 Oct 2017 18:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: botan1.10 Version: 1.10.16-1 Severity: grave Tags: patch upstream security Forwarded: https://github.com/randombit/botan/issues/1222 Hi, the following vulnerability was published for botan1.10. CVE-2017-14737[0]: | A cryptographic cache-based side channel in the RSA implementation in | Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local | attacker to recover information about RSA secret keys, as demonstrated | by CacheD. This occurs because an array is indexed with bits derived | from a secret key. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14737 [1] https://github.com/randombit/botan/issues/1222 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Changed Bug title to 'botan1.10: CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation allows local attacker to recover information about RSA secret keys' from 'botan1.10: CVE-2017-14737:A cryptographic cache-based side channel in the RSA implementation allows local attacker to recover information about RSA secret keys'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 01 Oct 2017 19:03:03 GMT) (full text, mbox, link).
Marked as found in versions botan1.10/1.10.8-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 01 Oct 2017 19:06:04 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 01 Oct 2017 19:06:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Ondřej Surý <ondrej@debian.org>
:
Bug#877436
; Package src:botan1.10
.
(Mon, 09 Oct 2017 09:48:03 GMT) (full text, mbox, link).
Acknowledgement sent
to zeha@debian.org
:
Extra info received and forwarded to list. Copy sent to Ondřej Surý <ondrej@debian.org>
.
(Mon, 09 Oct 2017 09:48:03 GMT) (full text, mbox, link).
Message #16 received at 877436@bugs.debian.org (full text, mbox, reply):
Control: tags 877436 + pending Dear Ondřej, I've prepared an NMU for botan1.10 (versioned as 1.10.17-0.1) and will upload it to DELAYED/4. Please feel free to tell me if I should delay it longer. Cheers, Chris diff -Nru botan1.10-1.10.16/botan_version.py botan1.10-1.10.17/botan_version.py --- botan1.10-1.10.16/botan_version.py 2017-04-05 01:07:02.000000000 +0000 +++ botan1.10-1.10.17/botan_version.py 2017-10-02 06:00:00.000000000 +0000 @@ -1,11 +1,11 @@ release_major = 1 release_minor = 10 -release_patch = 16 +release_patch = 17 release_so_abi_rev = 1 # These are set by the distribution script -release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e' -release_datestamp = 20170404 -release_type = 'released' +release_vc_rev = 'git:f7fe6beb5b3b6f944aa7bac491a3455e48ef6ebb' +release_datestamp = 20171002 +release_type = 'release' diff -Nru botan1.10-1.10.16/configure.py botan1.10-1.10.17/configure.py --- botan1.10-1.10.16/configure.py 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/configure.py 2017-10-02 06:00:00.000000000 +0000 @@ -59,9 +59,6 @@ logging.debug('Monotone reported revision %s' % (rev)) return 'mtn:' + rev - except OSError as e: - logging.debug('Error getting rev from monotone - %s' % (e[1])) - return 'unknown' except Exception as e: logging.debug('Error getting rev from monotone - %s' % (e)) return 'unknown' diff -Nru botan1.10-1.10.16/debian/changelog botan1.10-1.10.17/debian/changelog --- botan1.10-1.10.16/debian/changelog 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/changelog 2017-10-09 09:19:15.000000000 +0000 @@ -1,3 +1,13 @@ +botan1.10 (1.10.17-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * New upstream release 1.10.17 (Closes: #877436) + + [CVE-2017-14737]: Side channel affecting modular exponentiation + + Upstream has imported Debian architecture support patches, removed + them. + + -- Christian Hofstaedtler <zeha@debian.org> Mon, 09 Oct 2017 09:19:15 +0000 + botan1.10 (1.10.16-1) unstable; urgency=high * Update d/watch to match new upstream download directory diff -Nru botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch --- botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> -Date: Tue, 29 Nov 2016 15:10:20 +0100 -Subject: add-mips64-mipsn32-support - ---- - src/build-data/arch/mipsn32.txt | 22 ++++++++++++++++++++++ - src/build-data/cc/clang.txt | 2 ++ - src/build-data/cc/gcc.txt | 1 + - 3 files changed, 25 insertions(+) - create mode 100644 src/build-data/arch/mipsn32.txt - -diff --git a/src/build-data/arch/mipsn32.txt b/src/build-data/arch/mipsn32.txt -new file mode 100644 -index 0000000..96ced25 ---- /dev/null -+++ b/src/build-data/arch/mipsn32.txt -@@ -0,0 +1,22 @@ -+<aliases> -+mipsn32el # For Debian -+</aliases> -+ -+<submodels> -+r4000 -+r4100 -+r4300 -+r4400 -+r4600 -+r4560 -+r5000 -+r8000 -+r10000 -+</submodels> -+ -+<submodel_aliases> -+r4k -> r4000 -+r5k -> r5000 -+r8k -> r8000 -+r10k -> r10000 -+</submodel_aliases> -diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt -index cbcfd89..23237e3 100644 ---- a/src/build-data/cc/clang.txt -+++ b/src/build-data/cc/clang.txt -@@ -39,6 +39,8 @@ westmere -> "-march=corei7 -maes" - - <mach_abi_linking> - x86_64 -> "-m64" -+mips32 -> "-mabi=32" -+mipsn32 -> "-mabi=n32" - mips64 -> "-mabi=64" - s390 -> "-m31" - s390x -> "-m64" -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt -index 1fc6831..938c065 100644 ---- a/src/build-data/cc/gcc.txt -+++ b/src/build-data/cc/gcc.txt -@@ -80,6 +80,7 @@ hppa -> "-march=SUBMODEL" hppa - ia64 -> "-mtune=SUBMODEL" - m68k -> "-mSUBMODEL" - mips32 -> "-mips1 -mcpu=SUBMODEL" mips32- -+mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- - mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- - ppc32 -> "-mcpu=SUBMODEL" ppc - ppc64 -> "-mcpu=SUBMODEL" ppc diff -Nru botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch --- botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,109 +0,0 @@ -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> -Date: Tue, 29 Nov 2016 15:10:20 +0100 -Subject: add-powerpc64le-support - ---- - src/build-data/arch/ppc64.txt | 5 ++++- - src/build-data/arch/ppc64le.txt | 21 +++++++++++++++++++++ - src/build-data/cc/gcc.txt | 1 + - src/math/mp/mp_asm64/info.txt | 1 + - src/utils/cpuid.cpp | 6 ++++++ - 5 files changed, 33 insertions(+), 1 deletion(-) - create mode 100644 src/build-data/arch/ppc64le.txt - -diff --git a/src/build-data/arch/ppc64.txt b/src/build-data/arch/ppc64.txt -index 954d918..f6f568e 100644 ---- a/src/build-data/arch/ppc64.txt -+++ b/src/build-data/arch/ppc64.txt -@@ -17,6 +17,9 @@ power4 - power5 - power6 - power7 -+power7p -+power8 -+power8e - cellppu - </submodels> - -@@ -25,5 +28,5 @@ cellbroadbandengine -> cellppu - </submodel_aliases> - - <isa_extn> --altivec:cellppu,ppc970,power6,power7 -+altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e - </isa_extn> -diff --git a/src/build-data/arch/ppc64le.txt b/src/build-data/arch/ppc64le.txt -new file mode 100644 -index 0000000..da93668 ---- /dev/null -+++ b/src/build-data/arch/ppc64le.txt -@@ -0,0 +1,21 @@ -+endian little -+ -+family ppc -+ -+<aliases> -+powerpc64le -+ppc64el -+</aliases> -+ -+<submodels> -+power7 -+power7p -+power8 -+power8e -+</submodels> -+ -+# This should be enabled for all targets, but the Altivec code currently -+# makes lots of endian assumptions that I don't have the time to fix up: -+#<isa_extn> -+#altivec:all -+#</isa_extn> -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt -index 938c065..32e19c9 100644 ---- a/src/build-data/cc/gcc.txt -+++ b/src/build-data/cc/gcc.txt -@@ -84,6 +84,7 @@ mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- - mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- - ppc32 -> "-mcpu=SUBMODEL" ppc - ppc64 -> "-mcpu=SUBMODEL" ppc -+ppc64le -> "-mcpu=power7 -mtune=power8" ppc - sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32- - sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" - x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer" -diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info.txt -index 9af7c4a..2704718 100644 ---- a/src/math/mp/mp_asm64/info.txt -+++ b/src/math/mp/mp_asm64/info.txt -@@ -12,6 +12,7 @@ alpha - ia64 - mips64 - ppc64 -+ppc64le - sparc64 - </arch> - -diff --git a/src/utils/cpuid.cpp b/src/utils/cpuid.cpp -index f6581f0..eba5b18 100644 ---- a/src/utils/cpuid.cpp -+++ b/src/utils/cpuid.cpp -@@ -157,6 +157,9 @@ bool altivec_check_pvr_emul() - const u16bit PVR_G5_970GX = 0x0045; - const u16bit PVR_POWER6 = 0x003E; - const u16bit PVR_POWER7 = 0x003F; -+ const u16bit PVR_POWER7p = 0x004A; -+ const u16bit PVR_POWER8 = 0x004D; -+ const u16bit PVR_POWER8E = 0x004B; - const u16bit PVR_CELL_PPU = 0x0070; - - // Motorola produced G4s with PVR 0x800[0123C] (at least) -@@ -177,6 +180,9 @@ bool altivec_check_pvr_emul() - altivec_capable |= (pvr == PVR_G5_970GX); - altivec_capable |= (pvr == PVR_POWER6); - altivec_capable |= (pvr == PVR_POWER7); -+ altivec_capable |= (pvr == PVR_POWER7p); -+ altivec_capable |= (pvr == PVR_POWER8); -+ altivec_capable |= (pvr == PVR_POWER8E); - altivec_capable |= (pvr == PVR_CELL_PPU); - #endif - diff -Nru botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch --- botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> -Date: Tue, 29 Nov 2016 15:10:20 +0100 -Subject: add-arm64-support.patch - ---- - src/build-data/arch/aarch64.txt | 6 ++++++ - src/build-data/cc/gcc.txt | 1 + - src/math/mp/mp_asm64/info.txt | 1 + - 3 files changed, 8 insertions(+) - create mode 100644 src/build-data/arch/aarch64.txt - -diff --git a/src/build-data/arch/aarch64.txt b/src/build-data/arch/aarch64.txt -new file mode 100644 -index 0000000..863b000 ---- /dev/null -+++ b/src/build-data/arch/aarch64.txt -@@ -0,0 +1,6 @@ -+endian little -+ -+<aliases> -+arm64 # For Debian -+</aliases> -+ -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt -index 32e19c9..db729b4 100644 ---- a/src/build-data/cc/gcc.txt -+++ b/src/build-data/cc/gcc.txt -@@ -75,6 +75,7 @@ sh4 -> "-m4 -mieee" - - alpha -> "-mcpu=SUBMODEL" alpha- - arm -> "-march=SUBMODEL" -+aarch64 -> "-mtune=generic" - superh -> "-mSUBMODEL" sh - hppa -> "-march=SUBMODEL" hppa - ia64 -> "-mtune=SUBMODEL" -diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info.txt -index 2704718..2664740 100644 ---- a/src/math/mp/mp_asm64/info.txt -+++ b/src/math/mp/mp_asm64/info.txt -@@ -8,6 +8,7 @@ mp_generic:mp_asmi.h - </header:internal> - - <arch> -+aarch64 - alpha - ia64 - mips64 diff -Nru botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch --- botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> -Date: Tue, 29 Nov 2016 15:10:20 +0100 -Subject: add-or1k-support - ---- - src/build-data/arch/or1k.txt | 4 ++++ - 1 file changed, 4 insertions(+) - create mode 100644 src/build-data/arch/or1k.txt - -diff --git a/src/build-data/arch/or1k.txt b/src/build-data/arch/or1k.txt -new file mode 100644 -index 0000000..c5fdc32 ---- /dev/null -+++ b/src/build-data/arch/or1k.txt -@@ -0,0 +1,4 @@ -+endian big -+<submodels> -+or1k -+</submodels> diff -Nru botan1.10-1.10.16/debian/patches/series botan1.10-1.10.17/debian/patches/series --- botan1.10-1.10.16/debian/patches/series 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -0001-add-mips64-mipsn32-support.patch -0002-add-powerpc64le-support.patch -0003-add-arm64-support.patch.patch -0004-add-or1k-support.patch diff -Nru botan1.10-1.10.16/doc/log.txt botan1.10-1.10.17/doc/log.txt --- botan1.10-1.10.16/doc/log.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/doc/log.txt 2017-10-02 06:00:00.000000000 +0000 @@ -7,6 +7,36 @@ Series 1.10 ---------------------------------------- +Version 1.10.17, 1.10.17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Address a side channel affecting modular exponentiation. An attacker + capabable of a local or cross-VM cache analysis attack may be able + to recover bits of secret exponents as used in RSA, DH, etc. + CVE-2017-14737 + +* Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 + hash function. (GH #1192 #1148 #882) + +* Add SecureVector::data() function which returns the start of the + buffer. This makes it slightly simpler to support both 1.10 and 2.x + APIs in the same codebase. + +* When compiled by a C++11 (or later) compiler, a template typedef of + SecureVector, secure_vector, is added. In 2.x this class is a + std::vector with a custom allocator, so has a somewhat different + interface than SecureVector in 1.10. But this makes it slightly + simpler to support both 1.10 and 2.x APIs in the same codebase. + +* Fix a bug that prevented `configure.py` from running under Python3 + +* Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build + will `#error` if OpenSSL 1.1 is detected. Avoid `--with-openssl` + if compiling against 1.1 or later. (GH #753) + +* Import patches from Debian adding basic support for building on + aarch64, ppc64le, or1k, and mipsn32 platforms. + Version 1.10.16, 2017-04-04 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff -Nru botan1.10-1.10.16/readme.txt botan1.10-1.10.17/readme.txt --- botan1.10-1.10.16/readme.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/readme.txt 2017-10-02 06:00:00.000000000 +0000 @@ -1,6 +1,6 @@ This branch (1.10) of Botan is only supported for security fixes until -the end of 2017. Please upgrade to 2.0 API as soon as possible. +the end of 2017. Please upgrade to 2.x as soon as possible. Botan is a C++ library for performing a wide variety of cryptographic diff -Nru botan1.10-1.10.16/src/alloc/secmem.h botan1.10-1.10.17/src/alloc/secmem.h --- botan1.10-1.10.16/src/alloc/secmem.h 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/alloc/secmem.h 2017-10-02 06:00:00.000000000 +0000 @@ -50,6 +50,12 @@ * Get a pointer to the first element in the buffer. * @return pointer to the first element in the buffer */ + T* data() { return buf; } + + /** + * Get a pointer to the first element in the buffer. + * @return pointer to the first element in the buffer + */ T* begin() { return buf; } /** @@ -369,6 +375,13 @@ } }; +#if __cplusplus >= 201103 + +// For better compatability with 2.x API + template<typename T> + using secure_vector = SecureVector<T>; +#endif + template<typename T> MemoryRegion<T>& operator+=(MemoryRegion<T>& out, const MemoryRegion<T>& in) diff -Nru botan1.10-1.10.16/src/build-data/arch/aarch64.txt botan1.10-1.10.17/src/build-data/arch/aarch64.txt --- botan1.10-1.10.16/src/build-data/arch/aarch64.txt 1970-01-01 00:00:00.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/aarch64.txt 2017-10-02 06:00:00.000000000 +0000 @@ -0,0 +1,6 @@ +endian little + +<aliases> +arm64 # For Debian +</aliases> + diff -Nru botan1.10-1.10.16/src/build-data/arch/mipsn32.txt botan1.10-1.10.17/src/build-data/arch/mipsn32.txt --- botan1.10-1.10.16/src/build-data/arch/mipsn32.txt 1970-01-01 00:00:00.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/mipsn32.txt 2017-10-02 06:00:00.000000000 +0000 @@ -0,0 +1,22 @@ +<aliases> +mipsn32el # For Debian +</aliases> + +<submodels> +r4000 +r4100 +r4300 +r4400 +r4600 +r4560 +r5000 +r8000 +r10000 +</submodels> + +<submodel_aliases> +r4k -> r4000 +r5k -> r5000 +r8k -> r8000 +r10k -> r10000 +</submodel_aliases> diff -Nru botan1.10-1.10.16/src/build-data/arch/or1k.txt botan1.10-1.10.17/src/build-data/arch/or1k.txt --- botan1.10-1.10.16/src/build-data/arch/or1k.txt 1970-01-01 00:00:00.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/or1k.txt 2017-10-02 06:00:00.000000000 +0000 @@ -0,0 +1,4 @@ +endian big +<submodels> +or1k +</submodels> diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64le.txt botan1.10-1.10.17/src/build-data/arch/ppc64le.txt --- botan1.10-1.10.16/src/build-data/arch/ppc64le.txt 1970-01-01 00:00:00.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/ppc64le.txt 2017-10-02 06:00:00.000000000 +0000 @@ -0,0 +1,21 @@ +endian little + +family ppc + +<aliases> +powerpc64le +ppc64el +</aliases> + +<submodels> +power7 +power7p +power8 +power8e +</submodels> + +# This should be enabled for all targets, but the Altivec code currently +# makes lots of endian assumptions that I don't have the time to fix up: +#<isa_extn> +#altivec:all +#</isa_extn> diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64.txt botan1.10-1.10.17/src/build-data/arch/ppc64.txt --- botan1.10-1.10.16/src/build-data/arch/ppc64.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/ppc64.txt 2017-10-02 06:00:00.000000000 +0000 @@ -17,6 +17,9 @@ power5 power6 power7 +power7p +power8 +power8e cellppu </submodels> @@ -25,5 +28,5 @@ </submodel_aliases> <isa_extn> -altivec:cellppu,ppc970,power6,power7 +altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e </isa_extn> diff -Nru botan1.10-1.10.16/src/build-data/cc/clang.txt botan1.10-1.10.17/src/build-data/cc/clang.txt --- botan1.10-1.10.16/src/build-data/cc/clang.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/cc/clang.txt 2017-10-02 06:00:00.000000000 +0000 @@ -39,6 +39,8 @@ <mach_abi_linking> x86_64 -> "-m64" +mips32 -> "-mabi=32" +mipsn32 -> "-mabi=n32" mips64 -> "-mabi=64" s390 -> "-m31" s390x -> "-m64" diff -Nru botan1.10-1.10.16/src/build-data/cc/gcc.txt botan1.10-1.10.17/src/build-data/cc/gcc.txt --- botan1.10-1.10.16/src/build-data/cc/gcc.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/cc/gcc.txt 2017-10-02 06:00:00.000000000 +0000 @@ -75,14 +75,17 @@ alpha -> "-mcpu=SUBMODEL" alpha- arm -> "-march=SUBMODEL" +aarch64 -> "-mtune=generic" superh -> "-mSUBMODEL" sh hppa -> "-march=SUBMODEL" hppa ia64 -> "-mtune=SUBMODEL" m68k -> "-mSUBMODEL" mips32 -> "-mips1 -mcpu=SUBMODEL" mips32- +mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- ppc32 -> "-mcpu=SUBMODEL" ppc ppc64 -> "-mcpu=SUBMODEL" ppc +ppc64le -> "-mcpu=power7 -mtune=power8" ppc sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32- sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer" @@ -98,6 +101,7 @@ sparc32 -> "-m32 -mno-app-regs" sparc64 -> "-m64 -mno-app-regs" ppc64 -> "-m64" +ppc64le -> "-m64" # This should probably be used on most/all targets, but the docs are unclear openbsd -> "-pthread" diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp --- botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -8,6 +8,10 @@ #include <botan/internal/openssl_engine.h> #include <openssl/evp.h> +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" +#endif + namespace Botan { namespace { diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp --- botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -8,6 +8,10 @@ #include <botan/internal/openssl_engine.h> #include <openssl/evp.h> +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" +#endif + namespace Botan { namespace { diff -Nru botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp --- botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -90,8 +90,11 @@ // P transformation for(size_t k = 0; k != 4; ++k) + { + const uint64_t UVk = U[k] ^ V[k]; for(size_t l = 0; l != 8; ++l) - key[4*l+k] = get_byte(l, U[k]) ^ get_byte(l, V[k]); + key[4*l+k] = get_byte(l, UVk); + } cipher.set_key(key, 32); cipher.encrypt(&hash[8*j], S + 8*j); diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.cpp botan1.10-1.10.17/src/math/bigint/bigint.cpp --- botan1.10-1.10.16/src/math/bigint/bigint.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/math/bigint/bigint.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -10,6 +10,7 @@ #include <botan/get_byte.h> #include <botan/parsing.h> #include <botan/internal/rounding.h> +#include <botan/internal/ct_utils.h> namespace Botan { @@ -373,4 +374,25 @@ binary_decode(buf, buf.size()); } +void BigInt::shrink_to_fit() + { + reg.resize(sig_words()); + } + +void BigInt::const_time_lookup(SecureVector<word>& output, + const std::vector<BigInt>& vec, + size_t idx) + { + const size_t words = output.size(); + + clear_mem(output.data(), output.size()); + + for(size_t i = 0; i != vec.size(); ++i) + { + for(size_t w = 0; w != words; ++w) + output[w] |= CT::select<word>(CT::is_equal(i, idx), vec[i].word_at(w), 0); + } + } + + } diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.h botan1.10-1.10.17/src/math/bigint/bigint.h --- botan1.10-1.10.16/src/math/bigint/bigint.h 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/math/bigint/bigint.h 2017-10-02 06:00:00.000000000 +0000 @@ -500,6 +500,12 @@ */ BigInt(NumberType type, size_t n); + void shrink_to_fit(); + + static void const_time_lookup(SecureVector<word>& output, + const std::vector<BigInt>& vec, + size_t idx); + private: SecureVector<word> reg; Sign signedness; diff -Nru botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt --- botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt 2017-10-02 06:00:00.000000000 +0000 @@ -8,10 +8,12 @@ </header:internal> <arch> +aarch64 alpha ia64 mips64 ppc64 +ppc64le sparc64 </arch> diff -Nru botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp --- botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -68,6 +68,7 @@ &workspace[0]); g[i].assign(&z[0], mod_words + 1); + g[i].grow_to(mod_words); } } @@ -81,6 +82,7 @@ BigInt x = R_mod; SecureVector<word> z(2 * (mod_words + 1)); SecureVector<word> workspace(2 * (mod_words + 1)); + SecureVector<word> e(mod_words); for(size_t i = exp_nibbles; i > 0; --i) { @@ -98,12 +100,13 @@ const u32bit nibble = exp.get_substring(window_bits*(i-1), window_bits); - const BigInt& y = g[nibble]; - zeroise(z); + + BigInt::const_time_lookup(e, g, nibble); + bigint_monty_mul(&z[0], z.size(), x.data(), x.size(), x.sig_words(), - y.data(), y.size(), y.sig_words(), + e.data(), e.size(), e.size(), modulus.data(), mod_words, mod_prime, &workspace[0]); diff -Nru botan1.10-1.10.16/src/utils/cpuid.cpp botan1.10-1.10.17/src/utils/cpuid.cpp --- botan1.10-1.10.16/src/utils/cpuid.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/utils/cpuid.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -157,6 +157,9 @@ const u16bit PVR_G5_970GX = 0x0045; const u16bit PVR_POWER6 = 0x003E; const u16bit PVR_POWER7 = 0x003F; + const u16bit PVR_POWER7p = 0x004A; + const u16bit PVR_POWER8 = 0x004D; + const u16bit PVR_POWER8E = 0x004B; const u16bit PVR_CELL_PPU = 0x0070; // Motorola produced G4s with PVR 0x800[0123C] (at least) @@ -177,6 +180,9 @@ altivec_capable |= (pvr == PVR_G5_970GX); altivec_capable |= (pvr == PVR_POWER6); altivec_capable |= (pvr == PVR_POWER7); + altivec_capable |= (pvr == PVR_POWER7p); + altivec_capable |= (pvr == PVR_POWER8); + altivec_capable |= (pvr == PVR_POWER8E); altivec_capable |= (pvr == PVR_CELL_PPU); #endif
Added tag(s) pending.
Request was from zeha@debian.org
to 877436-submit@bugs.debian.org
.
(Mon, 09 Oct 2017 09:48:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Ondřej Surý <ondrej@debian.org>
:
Bug#877436
; Package src:botan1.10
.
(Mon, 09 Oct 2017 11:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@sury.org>
:
Extra info received and forwarded to list. Copy sent to Ondřej Surý <ondrej@debian.org>
.
(Mon, 09 Oct 2017 11:30:04 GMT) (full text, mbox, link).
Message #23 received at 877436@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
No, please go ahead an upload directly. Thanks for the NMU. Ondrej On 9 October 2017 at 11:33, <zeha@debian.org> wrote: > Control: tags 877436 + pending > > Dear Ondřej, > > I've prepared an NMU for botan1.10 (versioned as 1.10.17-0.1) and > will upload it to DELAYED/4. Please feel free to tell me if I > should delay it longer. > > Cheers, > Chris > > > diff -Nru botan1.10-1.10.16/botan_version.py botan1.10-1.10.17/botan_ > version.py > --- botan1.10-1.10.16/botan_version.py 2017-04-05 01:07:02.000000000 > +0000 > +++ botan1.10-1.10.17/botan_version.py 2017-10-02 06:00:00.000000000 > +0000 > @@ -1,11 +1,11 @@ > > release_major = 1 > release_minor = 10 > -release_patch = 16 > +release_patch = 17 > > release_so_abi_rev = 1 > > # These are set by the distribution script > -release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e' > -release_datestamp = 20170404 > -release_type = 'released' > +release_vc_rev = 'git:f7fe6beb5b3b6f944aa7bac491a3455e48ef6ebb' > +release_datestamp = 20171002 > +release_type = 'release' > diff -Nru botan1.10-1.10.16/configure.py botan1.10-1.10.17/configure.py > --- botan1.10-1.10.16/configure.py 2017-04-05 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/configure.py 2017-10-02 06:00:00.000000000 +0000 > @@ -59,9 +59,6 @@ > logging.debug('Monotone reported revision %s' % (rev)) > > return 'mtn:' + rev > - except OSError as e: > - logging.debug('Error getting rev from monotone - %s' % (e[1])) > - return 'unknown' > except Exception as e: > logging.debug('Error getting rev from monotone - %s' % (e)) > return 'unknown' > diff -Nru botan1.10-1.10.16/debian/changelog botan1.10-1.10.17/debian/ > changelog > --- botan1.10-1.10.16/debian/changelog 2017-05-29 11:45:02.000000000 > +0000 > +++ botan1.10-1.10.17/debian/changelog 2017-10-09 09:19:15.000000000 > +0000 > @@ -1,3 +1,13 @@ > +botan1.10 (1.10.17-0.1) unstable; urgency=medium > + > + * Non-maintainer upload. > + * New upstream release 1.10.17 (Closes: #877436) > + + [CVE-2017-14737]: Side channel affecting modular exponentiation > + + Upstream has imported Debian architecture support patches, removed > + them. > + > + -- Christian Hofstaedtler <zeha@debian.org> Mon, 09 Oct 2017 09:19:15 > +0000 > + > botan1.10 (1.10.16-1) unstable; urgency=high > > * Update d/watch to match new upstream download directory > diff -Nru botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch > botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch > --- botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch > 2017-05-29 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch > 1970-01-01 00:00:00.000000000 +0000 > @@ -1,64 +0,0 @@ > -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> > -Date: Tue, 29 Nov 2016 15:10:20 +0100 > -Subject: add-mips64-mipsn32-support > - > ---- > - src/build-data/arch/mipsn32.txt | 22 ++++++++++++++++++++++ > - src/build-data/cc/clang.txt | 2 ++ > - src/build-data/cc/gcc.txt | 1 + > - 3 files changed, 25 insertions(+) > - create mode 100644 src/build-data/arch/mipsn32.txt > - > -diff --git a/src/build-data/arch/mipsn32.txt > b/src/build-data/arch/mipsn32.txt > -new file mode 100644 > -index 0000000..96ced25 > ---- /dev/null > -+++ b/src/build-data/arch/mipsn32.txt > -@@ -0,0 +1,22 @@ > -+<aliases> > -+mipsn32el # For Debian > -+</aliases> > -+ > -+<submodels> > -+r4000 > -+r4100 > -+r4300 > -+r4400 > -+r4600 > -+r4560 > -+r5000 > -+r8000 > -+r10000 > -+</submodels> > -+ > -+<submodel_aliases> > -+r4k -> r4000 > -+r5k -> r5000 > -+r8k -> r8000 > -+r10k -> r10000 > -+</submodel_aliases> > -diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt > -index cbcfd89..23237e3 100644 > ---- a/src/build-data/cc/clang.txt > -+++ b/src/build-data/cc/clang.txt > -@@ -39,6 +39,8 @@ westmere -> "-march=corei7 -maes" > - > - <mach_abi_linking> > - x86_64 -> "-m64" > -+mips32 -> "-mabi=32" > -+mipsn32 -> "-mabi=n32" > - mips64 -> "-mabi=64" > - s390 -> "-m31" > - s390x -> "-m64" > -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt > -index 1fc6831..938c065 100644 > ---- a/src/build-data/cc/gcc.txt > -+++ b/src/build-data/cc/gcc.txt > -@@ -80,6 +80,7 @@ hppa -> "-march=SUBMODEL" hppa > - ia64 -> "-mtune=SUBMODEL" > - m68k -> "-mSUBMODEL" > - mips32 -> "-mips1 -mcpu=SUBMODEL" mips32- > -+mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- > - mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- > - ppc32 -> "-mcpu=SUBMODEL" ppc > - ppc64 -> "-mcpu=SUBMODEL" ppc > diff -Nru botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch > botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch > --- botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch > 2017-05-29 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch > 1970-01-01 00:00:00.000000000 +0000 > @@ -1,109 +0,0 @@ > -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> > -Date: Tue, 29 Nov 2016 15:10:20 +0100 > -Subject: add-powerpc64le-support > - > ---- > - src/build-data/arch/ppc64.txt | 5 ++++- > - src/build-data/arch/ppc64le.txt | 21 +++++++++++++++++++++ > - src/build-data/cc/gcc.txt | 1 + > - src/math/mp/mp_asm64/info.txt | 1 + > - src/utils/cpuid.cpp | 6 ++++++ > - 5 files changed, 33 insertions(+), 1 deletion(-) > - create mode 100644 src/build-data/arch/ppc64le.txt > - > -diff --git a/src/build-data/arch/ppc64.txt b/src/build-data/arch/ppc64. > txt > -index 954d918..f6f568e 100644 > ---- a/src/build-data/arch/ppc64.txt > -+++ b/src/build-data/arch/ppc64.txt > -@@ -17,6 +17,9 @@ power4 > - power5 > - power6 > - power7 > -+power7p > -+power8 > -+power8e > - cellppu > - </submodels> > - > -@@ -25,5 +28,5 @@ cellbroadbandengine -> cellppu > - </submodel_aliases> > - > - <isa_extn> > --altivec:cellppu,ppc970,power6,power7 > -+altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e > - </isa_extn> > -diff --git a/src/build-data/arch/ppc64le.txt > b/src/build-data/arch/ppc64le.txt > -new file mode 100644 > -index 0000000..da93668 > ---- /dev/null > -+++ b/src/build-data/arch/ppc64le.txt > -@@ -0,0 +1,21 @@ > -+endian little > -+ > -+family ppc > -+ > -+<aliases> > -+powerpc64le > -+ppc64el > -+</aliases> > -+ > -+<submodels> > -+power7 > -+power7p > -+power8 > -+power8e > -+</submodels> > -+ > -+# This should be enabled for all targets, but the Altivec code currently > -+# makes lots of endian assumptions that I don't have the time to fix up: > -+#<isa_extn> > -+#altivec:all > -+#</isa_extn> > -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt > -index 938c065..32e19c9 100644 > ---- a/src/build-data/cc/gcc.txt > -+++ b/src/build-data/cc/gcc.txt > -@@ -84,6 +84,7 @@ mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- > - mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- > - ppc32 -> "-mcpu=SUBMODEL" ppc > - ppc64 -> "-mcpu=SUBMODEL" ppc > -+ppc64le -> "-mcpu=power7 -mtune=power8" ppc > - sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32- > - sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" > - x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer" > -diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info. > txt > -index 9af7c4a..2704718 100644 > ---- a/src/math/mp/mp_asm64/info.txt > -+++ b/src/math/mp/mp_asm64/info.txt > -@@ -12,6 +12,7 @@ alpha > - ia64 > - mips64 > - ppc64 > -+ppc64le > - sparc64 > - </arch> > - > -diff --git a/src/utils/cpuid.cpp b/src/utils/cpuid.cpp > -index f6581f0..eba5b18 100644 > ---- a/src/utils/cpuid.cpp > -+++ b/src/utils/cpuid.cpp > -@@ -157,6 +157,9 @@ bool altivec_check_pvr_emul() > - const u16bit PVR_G5_970GX = 0x0045; > - const u16bit PVR_POWER6 = 0x003E; > - const u16bit PVR_POWER7 = 0x003F; > -+ const u16bit PVR_POWER7p = 0x004A; > -+ const u16bit PVR_POWER8 = 0x004D; > -+ const u16bit PVR_POWER8E = 0x004B; > - const u16bit PVR_CELL_PPU = 0x0070; > - > - // Motorola produced G4s with PVR 0x800[0123C] (at least) > -@@ -177,6 +180,9 @@ bool altivec_check_pvr_emul() > - altivec_capable |= (pvr == PVR_G5_970GX); > - altivec_capable |= (pvr == PVR_POWER6); > - altivec_capable |= (pvr == PVR_POWER7); > -+ altivec_capable |= (pvr == PVR_POWER7p); > -+ altivec_capable |= (pvr == PVR_POWER8); > -+ altivec_capable |= (pvr == PVR_POWER8E); > - altivec_capable |= (pvr == PVR_CELL_PPU); > - #endif > - > diff -Nru botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch > botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch > --- botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch > 2017-05-29 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch > 1970-01-01 00:00:00.000000000 +0000 > @@ -1,47 +0,0 @@ > -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> > -Date: Tue, 29 Nov 2016 15:10:20 +0100 > -Subject: add-arm64-support.patch > - > ---- > - src/build-data/arch/aarch64.txt | 6 ++++++ > - src/build-data/cc/gcc.txt | 1 + > - src/math/mp/mp_asm64/info.txt | 1 + > - 3 files changed, 8 insertions(+) > - create mode 100644 src/build-data/arch/aarch64.txt > - > -diff --git a/src/build-data/arch/aarch64.txt > b/src/build-data/arch/aarch64.txt > -new file mode 100644 > -index 0000000..863b000 > ---- /dev/null > -+++ b/src/build-data/arch/aarch64.txt > -@@ -0,0 +1,6 @@ > -+endian little > -+ > -+<aliases> > -+arm64 # For Debian > -+</aliases> > -+ > -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt > -index 32e19c9..db729b4 100644 > ---- a/src/build-data/cc/gcc.txt > -+++ b/src/build-data/cc/gcc.txt > -@@ -75,6 +75,7 @@ sh4 -> "-m4 -mieee" > - > - alpha -> "-mcpu=SUBMODEL" alpha- > - arm -> "-march=SUBMODEL" > -+aarch64 -> "-mtune=generic" > - superh -> "-mSUBMODEL" sh > - hppa -> "-march=SUBMODEL" hppa > - ia64 -> "-mtune=SUBMODEL" > -diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info. > txt > -index 2704718..2664740 100644 > ---- a/src/math/mp/mp_asm64/info.txt > -+++ b/src/math/mp/mp_asm64/info.txt > -@@ -8,6 +8,7 @@ mp_generic:mp_asmi.h > - </header:internal> > - > - <arch> > -+aarch64 > - alpha > - ia64 > - mips64 > diff -Nru botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch > botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch > --- botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch > 2017-05-29 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch > 1970-01-01 00:00:00.000000000 +0000 > @@ -1,19 +0,0 @@ > -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> > -Date: Tue, 29 Nov 2016 15:10:20 +0100 > -Subject: add-or1k-support > - > ---- > - src/build-data/arch/or1k.txt | 4 ++++ > - 1 file changed, 4 insertions(+) > - create mode 100644 src/build-data/arch/or1k.txt > - > -diff --git a/src/build-data/arch/or1k.txt b/src/build-data/arch/or1k.txt > -new file mode 100644 > -index 0000000..c5fdc32 > ---- /dev/null > -+++ b/src/build-data/arch/or1k.txt > -@@ -0,0 +1,4 @@ > -+endian big > -+<submodels> > -+or1k > -+</submodels> > diff -Nru botan1.10-1.10.16/debian/patches/series > botan1.10-1.10.17/debian/patches/series > --- botan1.10-1.10.16/debian/patches/series 2017-05-29 > 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/series 1970-01-01 > 00:00:00.000000000 +0000 > @@ -1,4 +0,0 @@ > -0001-add-mips64-mipsn32-support.patch > -0002-add-powerpc64le-support.patch > -0003-add-arm64-support.patch.patch > -0004-add-or1k-support.patch > diff -Nru botan1.10-1.10.16/doc/log.txt botan1.10-1.10.17/doc/log.txt > --- botan1.10-1.10.16/doc/log.txt 2017-04-05 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/doc/log.txt 2017-10-02 06:00:00.000000000 +0000 > @@ -7,6 +7,36 @@ > Series 1.10 > ---------------------------------------- > > +Version 1.10.17, 1.10.17 > +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > + > +* Address a side channel affecting modular exponentiation. An attacker > + capabable of a local or cross-VM cache analysis attack may be able > + to recover bits of secret exponents as used in RSA, DH, etc. > + CVE-2017-14737 > + > +* Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 > + hash function. (GH #1192 #1148 #882) > + > +* Add SecureVector::data() function which returns the start of the > + buffer. This makes it slightly simpler to support both 1.10 and 2.x > + APIs in the same codebase. > + > +* When compiled by a C++11 (or later) compiler, a template typedef of > + SecureVector, secure_vector, is added. In 2.x this class is a > + std::vector with a custom allocator, so has a somewhat different > + interface than SecureVector in 1.10. But this makes it slightly > + simpler to support both 1.10 and 2.x APIs in the same codebase. > + > +* Fix a bug that prevented `configure.py` from running under Python3 > + > +* Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build > + will `#error` if OpenSSL 1.1 is detected. Avoid `--with-openssl` > + if compiling against 1.1 or later. (GH #753) > + > +* Import patches from Debian adding basic support for building on > + aarch64, ppc64le, or1k, and mipsn32 platforms. > + > Version 1.10.16, 2017-04-04 > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > diff -Nru botan1.10-1.10.16/readme.txt botan1.10-1.10.17/readme.txt > --- botan1.10-1.10.16/readme.txt 2017-04-05 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/readme.txt 2017-10-02 06:00:00.000000000 +0000 > @@ -1,6 +1,6 @@ > > This branch (1.10) of Botan is only supported for security fixes until > -the end of 2017. Please upgrade to 2.0 API as soon as possible. > +the end of 2017. Please upgrade to 2.x as soon as possible. > > > Botan is a C++ library for performing a wide variety of cryptographic > diff -Nru botan1.10-1.10.16/src/alloc/secmem.h > botan1.10-1.10.17/src/alloc/secmem.h > --- botan1.10-1.10.16/src/alloc/secmem.h 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/alloc/secmem.h 2017-10-02 > 06:00:00.000000000 +0000 > @@ -50,6 +50,12 @@ > * Get a pointer to the first element in the buffer. > * @return pointer to the first element in the buffer > */ > + T* data() { return buf; } > + > + /** > + * Get a pointer to the first element in the buffer. > + * @return pointer to the first element in the buffer > + */ > T* begin() { return buf; } > > /** > @@ -369,6 +375,13 @@ > } > }; > > +#if __cplusplus >= 201103 > + > +// For better compatability with 2.x API > + template<typename T> > + using secure_vector = SecureVector<T>; > +#endif > + > template<typename T> > MemoryRegion<T>& operator+=(MemoryRegion<T>& out, > const MemoryRegion<T>& in) > diff -Nru botan1.10-1.10.16/src/build-data/arch/aarch64.txt > botan1.10-1.10.17/src/build-data/arch/aarch64.txt > --- botan1.10-1.10.16/src/build-data/arch/aarch64.txt 1970-01-01 > 00:00:00.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/aarch64.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -0,0 +1,6 @@ > +endian little > + > +<aliases> > +arm64 # For Debian > +</aliases> > + > diff -Nru botan1.10-1.10.16/src/build-data/arch/mipsn32.txt > botan1.10-1.10.17/src/build-data/arch/mipsn32.txt > --- botan1.10-1.10.16/src/build-data/arch/mipsn32.txt 1970-01-01 > 00:00:00.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/mipsn32.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -0,0 +1,22 @@ > +<aliases> > +mipsn32el # For Debian > +</aliases> > + > +<submodels> > +r4000 > +r4100 > +r4300 > +r4400 > +r4600 > +r4560 > +r5000 > +r8000 > +r10000 > +</submodels> > + > +<submodel_aliases> > +r4k -> r4000 > +r5k -> r5000 > +r8k -> r8000 > +r10k -> r10000 > +</submodel_aliases> > diff -Nru botan1.10-1.10.16/src/build-data/arch/or1k.txt > botan1.10-1.10.17/src/build-data/arch/or1k.txt > --- botan1.10-1.10.16/src/build-data/arch/or1k.txt 1970-01-01 > 00:00:00.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/or1k.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -0,0 +1,4 @@ > +endian big > +<submodels> > +or1k > +</submodels> > diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64le.txt > botan1.10-1.10.17/src/build-data/arch/ppc64le.txt > --- botan1.10-1.10.16/src/build-data/arch/ppc64le.txt 1970-01-01 > 00:00:00.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/ppc64le.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -0,0 +1,21 @@ > +endian little > + > +family ppc > + > +<aliases> > +powerpc64le > +ppc64el > +</aliases> > + > +<submodels> > +power7 > +power7p > +power8 > +power8e > +</submodels> > + > +# This should be enabled for all targets, but the Altivec code currently > +# makes lots of endian assumptions that I don't have the time to fix up: > +#<isa_extn> > +#altivec:all > +#</isa_extn> > diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64.txt > botan1.10-1.10.17/src/build-data/arch/ppc64.txt > --- botan1.10-1.10.16/src/build-data/arch/ppc64.txt 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/ppc64.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -17,6 +17,9 @@ > power5 > power6 > power7 > +power7p > +power8 > +power8e > cellppu > </submodels> > > @@ -25,5 +28,5 @@ > </submodel_aliases> > > <isa_extn> > -altivec:cellppu,ppc970,power6,power7 > +altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e > </isa_extn> > diff -Nru botan1.10-1.10.16/src/build-data/cc/clang.txt > botan1.10-1.10.17/src/build-data/cc/clang.txt > --- botan1.10-1.10.16/src/build-data/cc/clang.txt 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/cc/clang.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -39,6 +39,8 @@ > > <mach_abi_linking> > x86_64 -> "-m64" > +mips32 -> "-mabi=32" > +mipsn32 -> "-mabi=n32" > mips64 -> "-mabi=64" > s390 -> "-m31" > s390x -> "-m64" > diff -Nru botan1.10-1.10.16/src/build-data/cc/gcc.txt > botan1.10-1.10.17/src/build-data/cc/gcc.txt > --- botan1.10-1.10.16/src/build-data/cc/gcc.txt 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/cc/gcc.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -75,14 +75,17 @@ > > alpha -> "-mcpu=SUBMODEL" alpha- > arm -> "-march=SUBMODEL" > +aarch64 -> "-mtune=generic" > superh -> "-mSUBMODEL" sh > hppa -> "-march=SUBMODEL" hppa > ia64 -> "-mtune=SUBMODEL" > m68k -> "-mSUBMODEL" > mips32 -> "-mips1 -mcpu=SUBMODEL" mips32- > +mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- > mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- > ppc32 -> "-mcpu=SUBMODEL" ppc > ppc64 -> "-mcpu=SUBMODEL" ppc > +ppc64le -> "-mcpu=power7 -mtune=power8" ppc > sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32- > sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" > x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer" > @@ -98,6 +101,7 @@ > sparc32 -> "-m32 -mno-app-regs" > sparc64 -> "-m64 -mno-app-regs" > ppc64 -> "-m64" > +ppc64le -> "-m64" > > # This should probably be used on most/all targets, but the docs are > unclear > openbsd -> "-pthread" > diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp > botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp > --- botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -8,6 +8,10 @@ > #include <botan/internal/openssl_engine.h> > #include <openssl/evp.h> > > +#if OPENSSL_VERSION_NUMBER >= 0x10100000 > + #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" > +#endif > + > namespace Botan { > > namespace { > diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp > botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp > --- botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -8,6 +8,10 @@ > #include <botan/internal/openssl_engine.h> > #include <openssl/evp.h> > > +#if OPENSSL_VERSION_NUMBER >= 0x10100000 > + #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" > +#endif > + > namespace Botan { > > namespace { > diff -Nru botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp > botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp > --- botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -90,8 +90,11 @@ > > // P transformation > for(size_t k = 0; k != 4; ++k) > + { > + const uint64_t UVk = U[k] ^ V[k]; > for(size_t l = 0; l != 8; ++l) > - key[4*l+k] = get_byte(l, U[k]) ^ get_byte(l, V[k]); > + key[4*l+k] = get_byte(l, UVk); > + } > > cipher.set_key(key, 32); > cipher.encrypt(&hash[8*j], S + 8*j); > diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.cpp > botan1.10-1.10.17/src/math/bigint/bigint.cpp > --- botan1.10-1.10.16/src/math/bigint/bigint.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/math/bigint/bigint.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -10,6 +10,7 @@ > #include <botan/get_byte.h> > #include <botan/parsing.h> > #include <botan/internal/rounding.h> > +#include <botan/internal/ct_utils.h> > > namespace Botan { > > @@ -373,4 +374,25 @@ > binary_decode(buf, buf.size()); > } > > +void BigInt::shrink_to_fit() > + { > + reg.resize(sig_words()); > + } > + > +void BigInt::const_time_lookup(SecureVector<word>& output, > + const std::vector<BigInt>& vec, > + size_t idx) > + { > + const size_t words = output.size(); > + > + clear_mem(output.data(), output.size()); > + > + for(size_t i = 0; i != vec.size(); ++i) > + { > + for(size_t w = 0; w != words; ++w) > + output[w] |= CT::select<word>(CT::is_equal(i, idx), > vec[i].word_at(w), 0); > + } > + } > + > + > } > diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.h > botan1.10-1.10.17/src/math/bigint/bigint.h > --- botan1.10-1.10.16/src/math/bigint/bigint.h 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/math/bigint/bigint.h 2017-10-02 > 06:00:00.000000000 +0000 > @@ -500,6 +500,12 @@ > */ > BigInt(NumberType type, size_t n); > > + void shrink_to_fit(); > + > + static void const_time_lookup(SecureVector<word>& output, > + const std::vector<BigInt>& vec, > + size_t idx); > + > private: > SecureVector<word> reg; > Sign signedness; > diff -Nru botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt > botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt > --- botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -8,10 +8,12 @@ > </header:internal> > > <arch> > +aarch64 > alpha > ia64 > mips64 > ppc64 > +ppc64le > sparc64 > </arch> > > diff -Nru botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp > botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp > --- botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp > 2017-04-05 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp > 2017-10-02 06:00:00.000000000 +0000 > @@ -68,6 +68,7 @@ > &workspace[0]); > > g[i].assign(&z[0], mod_words + 1); > + g[i].grow_to(mod_words); > } > } > > @@ -81,6 +82,7 @@ > BigInt x = R_mod; > SecureVector<word> z(2 * (mod_words + 1)); > SecureVector<word> workspace(2 * (mod_words + 1)); > + SecureVector<word> e(mod_words); > > for(size_t i = exp_nibbles; i > 0; --i) > { > @@ -98,12 +100,13 @@ > > const u32bit nibble = exp.get_substring(window_bits*(i-1), > window_bits); > > - const BigInt& y = g[nibble]; > - > zeroise(z); > + > + BigInt::const_time_lookup(e, g, nibble); > + > bigint_monty_mul(&z[0], z.size(), > x.data(), x.size(), x.sig_words(), > - y.data(), y.size(), y.sig_words(), > + e.data(), e.size(), e.size(), > modulus.data(), mod_words, mod_prime, > &workspace[0]); > > diff -Nru botan1.10-1.10.16/src/utils/cpuid.cpp > botan1.10-1.10.17/src/utils/cpuid.cpp > --- botan1.10-1.10.16/src/utils/cpuid.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/utils/cpuid.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -157,6 +157,9 @@ > const u16bit PVR_G5_970GX = 0x0045; > const u16bit PVR_POWER6 = 0x003E; > const u16bit PVR_POWER7 = 0x003F; > + const u16bit PVR_POWER7p = 0x004A; > + const u16bit PVR_POWER8 = 0x004D; > + const u16bit PVR_POWER8E = 0x004B; > const u16bit PVR_CELL_PPU = 0x0070; > > // Motorola produced G4s with PVR 0x800[0123C] (at least) > @@ -177,6 +180,9 @@ > altivec_capable |= (pvr == PVR_G5_970GX); > altivec_capable |= (pvr == PVR_POWER6); > altivec_capable |= (pvr == PVR_POWER7); > + altivec_capable |= (pvr == PVR_POWER7p); > + altivec_capable |= (pvr == PVR_POWER8); > + altivec_capable |= (pvr == PVR_POWER8E); > altivec_capable |= (pvr == PVR_CELL_PPU); > #endif > > -- Ondřej Surý <ondrej@sury.org>
[Message part 2 (text/html, inline)]
Reply sent
to Christian Hofstaedtler <zeha@debian.org>
:
You have taken responsibility.
(Mon, 09 Oct 2017 11:51:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 09 Oct 2017 11:51:11 GMT) (full text, mbox, link).
Message #28 received at 877436-close@bugs.debian.org (full text, mbox, reply):
Source: botan1.10 Source-Version: 1.10.17-0.1 We believe that the bug you reported is fixed in the latest version of botan1.10, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 877436@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christian Hofstaedtler <zeha@debian.org> (supplier of updated botan1.10 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 09 Oct 2017 09:19:15 +0000 Source: botan1.10 Binary: botan1.10-dbg libbotan-1.10-1 libbotan1.10-dev Architecture: source Version: 1.10.17-0.1 Distribution: unstable Urgency: medium Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Christian Hofstaedtler <zeha@debian.org> Description: botan1.10-dbg - multiplatform crypto library (debug) libbotan-1.10-1 - multiplatform crypto library libbotan1.10-dev - multiplatform crypto library (development) Closes: 877436 Changes: botan1.10 (1.10.17-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream release 1.10.17 (Closes: #877436) + [CVE-2017-14737]: Side channel affecting modular exponentiation + Upstream has imported Debian architecture support patches, removed them. Checksums-Sha1: 0e5db86adc98c3b970a38d5c42f95fb3941f190e 2072 botan1.10_1.10.17-0.1.dsc b36541b441fb116caf068b6157ad7d01d71ecd2e 2706678 botan1.10_1.10.17.orig.tar.gz 570dc6867cec64bf518391b4772675aaa4acc855 39232 botan1.10_1.10.17-0.1.debian.tar.xz ed63281a6bc5a5dbca0a9779d12e9c186284d73b 6043 botan1.10_1.10.17-0.1_source.buildinfo Checksums-Sha256: e3f2946165c929faff2503b12c5e53c6a6b26456cb7b197026517a6c8c7cd4c0 2072 botan1.10_1.10.17-0.1.dsc 6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613 2706678 botan1.10_1.10.17.orig.tar.gz 6861f873066b0d809735b1820e05c93427054fe6f42d3f338e5b1bcac9641405 39232 botan1.10_1.10.17-0.1.debian.tar.xz 3df4dde5a1c939c5695cc194089e64f96052de94b46a5ce03491d413a8dc0964 6043 botan1.10_1.10.17-0.1_source.buildinfo Files: 6305dbbb936095251404257ca05332f8 2072 libs optional botan1.10_1.10.17-0.1.dsc e5ed5dc70edd238c5a2116670b2cb3f3 2706678 libs optional botan1.10_1.10.17.orig.tar.gz 8a211f35bea1ffb8696acecaf9f529de 39232 libs optional botan1.10_1.10.17-0.1.debian.tar.xz 297f2a069ab5ee06c4b12ab5c5ae326d 6043 libs optional botan1.10_1.10.17-0.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlnbQsYQHHplaGFAZGVi aWFuLm9yZwAKCRBcE9bbkwUuA0xpEACjEGS/3Df1XOj9kpjETxoUzZ+IjLmtimE1 9AdnYrP8NQCnEka1c5DFewk64/hCGW4SDPqxvvGwTrX6DRQsKYrcuzZFd+WJWmbl mjvVvderpQbEOCezV2BL3gKj6cXU8rnT/wzreHBtODAkMX/onqu8YMAOX7HXHE8u 8GoNS7pak0TGozIqtyqBmomZGPWkZ5b5ZtGlrBY5tgYB4uCAZA51CEXlqPjgOTVG GGbiS0zhgV9lUoLzX4tlgS+Hd6KeSPJspMdvyH9wD1wYrA0L5yCJ+Rj8A3RSKGv7 dn7yKWNv9pOiAHOsD7OOzhF5/0GdNByUJmIyYwJIdutZgL0lIYxUrSGUmH3TAuVl 5lSi8RpUciLUeFcR71xwqI9nzVrSUKzdwh4MAkw2QSkSApPUbFZYH35fqulO3VxO GvZz8TV4DHmab3C6yq8/eOVm9QLZJDR2Syn6Fgl1rloVyir1F/4KQA/1Snt3mNIs YO8z6+graHkq/3if7TMfyeGUBtCUxVaUgtzpeH4bIzz5mkWt1bdt8KCytO2g+Qh7 K166wcqtNkjb0smp8NSqqE63FsJkDC6TxwqV91DOB6X4rDAHLSzK4RWqYfaD9XD+ ra22QzAWfc2CvXRVgX0g0DVZZcWxUH+3CcrCcEnYDe4OKyQ0sQIKYkqwub+iK+A2 lYRV/+H1SA== =uOOn -----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.