aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/contributing.rst23
-rw-r--r--doc/news.rst61
-rwxr-xr-xsrc/scripts/ci/travis/build.sh26
-rwxr-xr-xsrc/scripts/ci/travis/install.sh17
-rw-r--r--src/tests/test_rng.cpp2
5 files changed, 101 insertions, 28 deletions
diff --git a/doc/contributing.rst b/doc/contributing.rst
index 0d160c680..64b609af5 100644
--- a/doc/contributing.rst
+++ b/doc/contributing.rst
@@ -112,9 +112,11 @@ Sending patches
========================================
All contributions should be submitted as pull requests via GitHub
-(https://github.com/randombit/botan). If you are planning a large change email
-the mailing list or open a discussion ticket on github before starting out to
-make sure you are on the right path.
+(https://github.com/randombit/botan). If you are planning a large
+change email the mailing list or open a discussion ticket on github
+before starting out to make sure you are on the right path. And once
+you have something written, free to open a [WIP] PR for early review
+and comment.
If possible please sign your git commits using a PGP key.
See https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work for
@@ -136,6 +138,21 @@ Also, try building and testing it on whatever hardware you have handy,
especially non-x86 platforms, or especially C++11 compilers other than the
regularly tested GCC, Clang, and Visual Studio compilers.
+Git Usage
+========================================
+
+Do *NOT* merge ``master`` into your topic branch, this creates
+needless commits and noise in history. Instead, as needed, rebase your
+branch against master (``git rebase -i master``) and force push the
+branch to update the PR. If the GitHub PR page does not report any
+merge conflicts and nobody asks you to rebase, you don't need to
+rebase.
+
+Try to keep your history clean and use rebase to squash your commits
+as needed. If your diff is less than roughly 100 lines, it should
+probably be a single commit. Only split commits as needed to help with
+review/understanding of the change.
+
External Dependencies
========================================
diff --git a/doc/news.rst b/doc/news.rst
index 6e9b88479..b5cfa86ab 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -36,20 +36,56 @@ Version 1.11.31, Not Yet Released
* Add FRP256v1 curve (GH #551)
* RNG changes: NIST SP900-80's HMAC_DRBG is now the default generator
- for userspace RNG (AutoSeeded_RNG). HMAC_DRBG now attempts to detect
- use of fork (via pid checks)
+ for userspace RNG (in AutoSeeded_RNG). HMAC_DRBG now attempts to detect
+ use of fork via pid checks and perform automatic reseeding.
+ GH #520
-* The X9.31 and HMAC_RNG RNGs are deprecated and will be removed in a
- future release. If you need a userspace PRNG switch to HMAC_DRBG
- (or AutoSeeded_RNG which is HMAC_DRBG with useful defaults).
+* Add RDRAND_RNG which directly exposes the CPU RNG (GH #543)
+
+* Add PKCS #1 v1.5 id for SHA-512/256 (GH #554)
+
+* Add X509_Time::to_std_timepoint (GH #560)
* Fix a bug in ANSI X9.23 padding mode, which returned one byte more
than the given block size (GH #529).
-* Fixes for FreeBSD (GH #517) and OpenBSD (GH #523)
+* Fix bug in SipHash::clear, which did not reset all state (GH #547)
+
+* Fixes for FreeBSD (GH #517) and OpenBSD (GH #523). The compiler defaults
+ to Clang on FreeBSD now.
+
+* SonarQube static analysis integration (GH #592)
+
+* Switched Travis CI to Ubuntu 14.04 LTS (GH #592)
+
+* Clean up in TLS ciphersuite handling (GH #583)
+
+* Threefish-512 AVX2 optimization work (GH #581)
+
+* Remove build configuration host and timestamp from build.h
+ This makes this header reproducible and allows using ccache's direct mode
+ (GH #586 see also #587)
+
+* Prevent building for x86-64 with x86-32 compiler and the reverse (GH #585)
+
+* Avoid build problem on 32-bit userspace ARMv8 (GH #563)
+
+* Refactor of internal MP headers (GH #549)
+
+* Avoid MSVC C4100 warning (GH #525)
+
+* More tests for RSA-KEM (GH #538), DH (GH #556), EME (GH #553),
+ cipher mode padding (GH #529), CTS mode (GH #531),
+ KDF1/ISO18033 (GH #537), OctetString (GH #545), OIDs (GH #546),
+ parallel hash (GH #548), charset handling (GH #555),
+ BigInt (GH #558)
* New deprecations. See the full list in doc/deprecated.txt
+ The X9.31 and HMAC_RNG RNGs are deprecated.
+ If you need a userspace PRNG, use HMAC_DRBG (or AutoSeeded_RNG
+ which is HMAC_DRBG with defaults).
+
Support for getting entropy from EGD is deprecated, and will be
removed in a future release. The developers believe that it is
unlikely that any modern system requires EGD and so the code is now
@@ -296,6 +332,19 @@ Version 1.11.29, 2016-03-20
* Support for locking allocator on Windows using VirtualLock. GH #450
+Version 1.18.15, 2016-02-13
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* NOTE WELL: Botan 1.8 is not supported for security issues anymore.
+ Moving to 1.10 or 1.11 is certainly recommended.
+* Fix CVE-2014-9742: Insufficient randomness in Miller-Rabin primality check
+* Fix CVE-2016-2194: Infinite loop in modulur square root algorithm
+* Fix CVE-2015-5726: Crash in BER decoder
+* Fix CVE-2015-5727: Excess memory allocation in BER decoder
+ Note: Unlike the fix in 1.10 which checks that the source actually
+ contains enough data to satisfy the read before allocating the
+ memory, 1.8.15 simply rejects all ASN.1 blocks larger than 1 MiB.
+ This simpler check avoids the problem without breaking ABI.
+
Version 1.10.12, 2016-02-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/src/scripts/ci/travis/build.sh b/src/scripts/ci/travis/build.sh
index 78fd75c52..8cdb6ccc9 100755
--- a/src/scripts/ci/travis/build.sh
+++ b/src/scripts/ci/travis/build.sh
@@ -20,30 +20,27 @@ if [ "$BOOST" = "y" ]; then
CFG_FLAGS+=(--with-boost)
fi
+CFG_FLAGS+=(--with-pkcs11 --prefix=/tmp/botan-installation)
+
# enable ccache
-if [ "$TRAVIS_OS_NAME" = "linux" ] && [ "$BUILD_MODE" != "sonarqube" ]; then
- ccache --max-size=30M
+if [ "$BUILD_MODE" != "sonarqube" ]; then
+ ccache --max-size=100M
ccache --show-stats
-
export CXX="ccache $CXX"
fi
# configure
if [ "$TARGETOS" = "ios32" ]; then
- ./configure.py "${CFG_FLAGS[@]}" --cpu=armv7 --cc=clang \
- --cc-abi-flags="-arch armv7 -arch armv7s -stdlib=libc++" \
- --with-pkcs11 --prefix=/tmp/botan-installation
+ ./configure.py "${CFG_FLAGS[@]}" --cpu=armv7 --cc=clang --cc-bin="$CXX" \
+ --cc-abi-flags="-arch armv7 -arch armv7s -stdlib=libc++"
elif [ "$TARGETOS" = "ios64" ]; then
- ./configure.py "${CFG_FLAGS[@]}" --cpu=armv8-a --cc=clang \
- --cc-abi-flags="-arch arm64 -stdlib=libc++" \
- --with-pkcs11 --prefix=/tmp/botan-installation
+ ./configure.py "${CFG_FLAGS[@]}" --cpu=armv8-a --cc=clang --cc-bin="$CXX" \
+ --cc-abi-flags="-arch arm64 -stdlib=libc++"
else
- $CXX --version
./configure.py "${CFG_FLAGS[@]}" --cc="$CC" --cc-bin="$CXX" \
- --with-bzip2 --with-lzma --with-openssl --with-sqlite --with-zlib \
- --with-pkcs11 --prefix=/tmp/botan-installation
+ --with-bzip2 --with-lzma --with-openssl --with-sqlite --with-zlib
fi
# build
@@ -55,6 +52,11 @@ else
make -j 2
fi
+# Show post-build ccache stats
+if [ "$BUILD_MODE" != "sonarqube" ]; then
+ ccache --show-stats
+fi
+
# Run SonarQube analysis
if [ "$TRAVIS_BRANCH" = "master" ] && [ "$TRAVIS_PULL_REQUEST" = "false" ] && [ "$BUILD_MODE" = "sonarqube" ]; then
# => This will run a full analysis of the project and push results to the SonarQube server.
diff --git a/src/scripts/ci/travis/install.sh b/src/scripts/ci/travis/install.sh
index 387ccef6c..a9d38ed80 100755
--- a/src/scripts/ci/travis/install.sh
+++ b/src/scripts/ci/travis/install.sh
@@ -18,14 +18,19 @@ if [ "$BUILD_MODE" = "sonarqube" ]; then
unzip build-wrapper-linux-x86.zip
fi
-if [ "$TRAVIS_OS_NAME" = "osx" ] && [ "$TARGETOS" != "ios" ]; then
+if [ "$TRAVIS_OS_NAME" = "osx" ]; then
# Workaround for https://github.com/Homebrew/homebrew/issues/42553
brew update || brew update
- brew install xz
- brew install python # python2
- brew install python3
+ brew install ccache
+
+ if [ "$TARGETOS" = "native" ]; then
+ brew install xz
+ brew install python # python2
+ brew install python3
+
+ # Boost 1.58 is installed on Travis OS X images
+ # brew install boost
+ fi
- # Boost 1.58 is installed on Travis OS X images
- # brew install boost
fi
diff --git a/src/tests/test_rng.cpp b/src/tests/test_rng.cpp
index 7b75eca01..920afef67 100644
--- a/src/tests/test_rng.cpp
+++ b/src/tests/test_rng.cpp
@@ -353,7 +353,7 @@ class HMAC_DRBG_Unit_Tests : public Test
return result;
}
- // set max_output_before_reseed = 1, forcing a reseed on every request
+ // set reseed_interval = 1, forcing a reseed for every RNG request
Request_Counting_RNG counting_rng;
Botan::HMAC_DRBG rng(std::move(mac), counting_rng, 1);