Audit and categorize until 927aab8

sehlen-bsi · Jun 13, 2024 · 12c776d · 12c776d
1 parent 8ef573d
commit 12c776d
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 1 deletion.
diff --git a/config/botan.env b/config/botan.env
@@ -28,7 +28,7 @@ BOTAN_VERSION=3.5.0
 # creation of source-code related document generation. Once a Botan release is
 # minted, this may be the git-tag of that release. During development of an
 # upcoming version it should be a concrete commit SHA on Botan's main branch.
-BOTAN_REF=5649a10ec3399d28c8b84ae18fd65fce57bd7bca
+BOTAN_REF=927aab815ff3ffec3ef011eaf4b35cc13c0ba295
 
 # The Botan repository reference that is currently seen as the "trusted source
 # revision". Typically this is the source reference that was audited by the

diff --git a/docs/audit_report/changes/topics/code_chore.yml b/docs/audit_report/changes/topics/code_chore.yml
@@ -98,3 +98,23 @@ patches:
 - pr: 4006  # https://github.com/randombit/botan/pull/4006
   merge_commit: c479ebbc9eefdaa722cb36761703e0c234e35d8d
   classification: info
+
+# Ignore new warnings in clang-tidy from LLVM 17 [ci skip]  (Jack Lloyd)
+- commit: 2b7e2eea2d9ffb6437347cbbc7476609a9476380  # https://github.com/randombit/botan/commit/2b7e2eea2d9ffb6437347cbbc7476609a9476380
+  classification: info
+  auditer: reneme
+
+# Use clang-format 17  (@randombit)
+- pr: 4100  # https://github.com/randombit/botan/pull/4100
+  merge_commit: 19c62311243a6f66237bcc302a9c34bd8e5bef13
+  classification: info
+
+# Fix various issues flagged by clang-tidy 18  (@randombit)
+- pr: 4101  # https://github.com/randombit/botan/pull/4101
+  merge_commit: 1a5cf8729f42f55f5a9336a2fa389c4c0a2dfda3
+  classification: info
+
+# Extend KMAC maximal key length   (@FAlbertDev)
+- pr: 4109  # https://github.com/randombit/botan/pull/4109
+  merge_commit: 7be1498984319abd04d56081567a7dc132b01045
+  classification: info
diff --git a/docs/audit_report/changes/topics/continuous_integration.yml b/docs/audit_report/changes/topics/continuous_integration.yml
@@ -41,3 +41,20 @@ patches:
 - pr: 4078  # https://github.com/randombit/botan/pull/4078
   merge_commit: 100a065bda4219d0cea220859681e65a2714019b
   classification: info
+
+# Convert most Linux CI builds to use Ubuntu 24.04  (@randombit)
+- pr: 4098  # https://github.com/randombit/botan/pull/4098
+  merge_commit: 117f3b351a294c9c29982b11e52822faae47386d
+  classification: info
+
+# Add a workaround for MSVC/GH fuckup  (@randombit)
+- pr: 4105  # https://github.com/randombit/botan/pull/4105
+  merge_commit: 1c3890144aa3d0734dfa51c887b3d5dff542d0af
+  classification: info
+  auditer: reneme
+
+# Use 24.04 image for valgrind CI job  (@randombit)
+- pr: 4106  # https://github.com/randombit/botan/pull/4106
+  merge_commit: 759f12590b4bc14a18f0dec284cb79a8d598264f
+  classification: info
+  auditer: reneme
diff --git a/docs/audit_report/changes/topics/ecc.yml b/docs/audit_report/changes/topics/ecc.yml
@@ -67,3 +67,38 @@ patches:
   classification: info
   comment: |
     This is a follow-up to PR #4056.
+
+# Make application provided EC_Group restrictions a bit stricter  (@randombit)
+- pr: 4089  # https://github.com/randombit/botan/pull/4089
+  merge_commit: d215d2574712e1f4e1597f72ed41b0b540f20a4e
+  classification: info
+  comment: |
+    This restricts application-defined elliptic curves:
+
+    * must be prime order.
+    * must have a cofactor of 1.
+    * prime bitlength must be between 128 and 512 bits
+      (with special allowance for 521-bit Mersenne prime)
+    * prime must be congruent to 3 mod 4.
+
+# Add some further test cases of hash2curve  (@randombit)
+- pr: 4092  # https://github.com/randombit/botan/pull/4092
+  merge_commit: 709e26b86a19235715403401dbb5d492d168cedf
+  classification: info
+
+# Add library for compile time instantiation of elliptic curves  (@randombit)
+- pr: 3979  # https://github.com/randombit/botan/pull/3979
+  merge_commit: 856174ef1ecbbfbd9c4853bb4974f04d82d7f952
+  classification: critical
+  comment: |
+    This is a re-implementation of prime-order elliptic using modern
+    C++ features to allow significantly better compiler optimizations
+    and have a much better side-channel profile.
+
+# Fix: EC private key encoding  (@FAlbertDev)
+- pr: 4110  # https://github.com/randombit/botan/pull/4110
+  merge_commit: 3a87193718db9da4b75cc4faa470d855011558e3
+  classification: info
+  comment: |
+    This fixes an issue that was introduced recently and was never
+    part of an official release.