diff mbox series

[meta-oe,1/7] botan: upgrade 3.11.0 -> 3.11.1

Message ID 20260406120314.3514982-1-skandigraun@gmail.com
State Under Review
Headers show
Series [meta-oe,1/7] botan: upgrade 3.11.0 -> 3.11.1 | expand

Commit Message

Gyorgy Sarvari April 6, 2026, 12:03 p.m. UTC 
Contains fixes for CVE-2026-35580 and CVE-2026-35582

Changelog: https://botan.randombit.net/news.html#version-3-11-1-2026-03-31

-CVE-2026-35580: Resolve certificate verification bypass bug introduced in 3.11.0
-CVE-2026-35582: Resolve TLS 1.3 client authentication bypass
-Add optimized Argon2 implementation using AVX512
-Add optimized and constant-time Twofish implementation using AVX512/GFNI
-Add optimized and constant-time SEED implementation using AVX512/GFNI
-Add optimized and constant-time Whirlpool implementations using AVX2 and AVX512
-Add SSSE3/NEON and AVX2 optimized codepaths for CTR
-Add constant time implementations of Camellia, ARIA, SEED and SM4 using
 AES-NI or ARMv8 AES instructions to implement sbox lookups
-Improve performance of the AVX512 implementation of SHA-512 especially for Clang
-Optimizations for the IDEA modular multiplication
-Fix various minor TLS conformance issues flagged by TLS-Anvil
-Fix bug in Ed25519 where an invalid signature checked with PK_Verifier
 might cause a later valid signature to be rejected.
-Fix a bug in handling of ECDSA DER-encode signatures where an invalid
 signature checked with PK_Verifier might cause a later valid signature to be rejected.
-Fix a problem introduced in 3.11.0 which could cause crashes on processors without
 SSSE3 support, particularly when compiled by GCC.
-Fix various new warnings from clang-tidy 22
-Fix a compilation error introduced in 3.11.0 which prevented using ffi
 unless bcrypt was also enabled.
-Avoid a macro collision with Microsoft headers that could cause a compilation
 problem in amalgamation mode.
-Enable explicit_bzero, getentropy, getrandom on Hurd

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../recipes-crypto/botan/{botan_3.11.0.bb => botan_3.11.1.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-crypto/botan/{botan_3.11.0.bb => botan_3.11.1.bb} (95%)
diff mbox series

Patch

diff --git a/meta-oe/recipes-crypto/botan/botan_3.11.0.bb b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb
similarity index 95%
rename from meta-oe/recipes-crypto/botan/botan_3.11.0.bb
rename to meta-oe/recipes-crypto/botan/botan_3.11.1.bb
index e60d826459..d3d0498ec6 100644
--- a/meta-oe/recipes-crypto/botan/botan_3.11.0.bb
+++ b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb
@@ -6,7 +6,7 @@  SECTION = "libs"
 
 SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \
            file://run-ptest"
-SRC_URI[sha256sum] = "e8dd48556818da2c03a9a30932ad05db9e50b12fec90809301ecc64ea51bd11e"
+SRC_URI[sha256sum] = "c1cd7152519f4188591fa4f6ddeb116bc1004491f5f3c58aa99b00582eb8a137"
 
 S = "${UNPACKDIR}/Botan-${PV}"