package/botan: security bump to version 3.3.0

- Fix a potential denial of service caused by accepting arbitrary length primes as potential elliptic curve parameters in ASN.1 encodings. With very large inputs the primality verification can become computationally expensive. Now any prime field larger than 1024 bits is rejected immediately. https://botan.randombit.net/news.html#version-3-3-0-2024-02-20 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2024-04-07 19:09:36 +02:00 · 2024-04-07 19:09:36 +02:00 · 2fcc74594c
commit 2fcc74594c
parent 3a2891621c
2 changed files with 2 additions and 2 deletions
--- a/package/botan/botan.hash
+++ b/package/botan/botan.hash
@ -1,4 +1,4 @@
 # From https://botan.randombit.net/releases/sha256sums.txt
-sha256  049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3  Botan-3.2.0.tar.xz
+sha256  368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9  Botan-3.3.0.tar.xz
 # Locally computed
 sha256  1833cde7c7cc03296b1ef2ddc178b1cd7fd1c476840f32cf6aedb09ab0bc9004  license.txt
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-BOTAN_VERSION = 3.2.0
+BOTAN_VERSION = 3.3.0
 BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
 BOTAN_SITE = http://botan.randombit.net/releases
 BOTAN_LICENSE = BSD-2-Clause