diff options
-rw-r--r-- | doc/security.rst | 8 | ||||
-rw-r--r-- | news.rst | 11 |
2 files changed, 10 insertions, 9 deletions
diff --git a/doc/security.rst b/doc/security.rst index 96ce0698d..faefca7d5 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -1,4 +1,6 @@ +.. highlight:: none + Security ======================================== @@ -167,9 +169,9 @@ Advisories Otherwise valid certificates using wildcards would be accepted as matching certain hostnames that should they should not according to RFC 6125. For - example a certificate issued for '*.example.com' should match - 'foo.example.com' but not 'example.com' or 'bar.foo.example.com'. Previously - Botan would accept such a certificate as valid for 'bar.foo.example.com'. + example a certificate issued for ``*.example.com`` should match + ``foo.example.com`` but not ``example.com`` or ``bar.foo.example.com``. Previously + Botan would accept such a certificate as also valid for ``bar.foo.example.com``. RFC 6125 also requires that when matching a X.509 certificate against a DNS name, the CN entry is only compared if no subjectAlternativeName entry is @@ -652,7 +652,7 @@ Version 1.11.27, 2016-02-01 * Add Blake2b hash function. GH #413 -* Use m_ prefix on all member variables. GH #398 and #407 +* Use ``m_`` prefix on all member variables. GH #398 and #407 * Use final qualifier on many classes. GH #408 @@ -833,8 +833,8 @@ Version 1.11.23, 2015-10-26 * CVE-2015-7826: X.509 path validation violated RFC 6125 and would accept certificates which should not validate under those rules. In particular botan would accept wildcard certificates as matching in situations where it should - not (for example it would erroneously accept '*.example.com' as a valid - wildcard for 'foo.bar.example.com') + not (for example it would erroneously accept ``*.example.com`` as a valid + wildcard for ``foo.bar.example.com``) * CVE-2015-7827: The routines for decoding PKCS #1 encryption and OAEP blocks have been rewritten to run without secret indexes or branches. These @@ -2046,9 +2046,8 @@ in Python 3.1 has been fixed (Bugzilla 157). The exception catching syntax of configure.py has been changed to the Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but not with any earlier Python 2 release. A simple search and replace -will allow running it under Python 2.5:: - - perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py +will allow running it under Python 2.5: +``perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py`` Note that Python 2.4 is not supported at all. |