[Botan-announce] Botan 1.11.18 released

Jack Lloyd lloyd at randombit.net
Sun Jul 5 22:26:15 EDT 2015


I'm happy to announce Botan 1.11.18 has been released.

Perhaps the most notable change in this release has nothing to do with the
code itself: Botan has switched from using the monotone version control system
to using git and github for all project management. The latest code can be
found at https://github.com/randombit/botan. We are now making use of a number
of features tied to Github including CI services providing build/test cycles
on Linux, OS X, and Windows with a variety of compilers, which should
dramatically reduce the number of build breakages that occur. All credit for
the CI integration to Simon Warta and Rene Korthaus.

There were a large series of changes by Simon Warta and Daniel Seither to
support GCC and MSVC debug iterators. Almost all of the constructs that
triggered checks were harmless, but they still prevented applications from
using these useful debugging features.

Enabling debug iterators also allowed finding a serious bug in the TLS client,
which called std::set_difference with an invalid iterator pair. The exact
consequences of this are not clear. Depending on the STL implementation, it is
conceivable that a malicious server might be able to cause a client to crash.
Remote code execution seems unlikely but cannot be ruled out, so I recommend
anyone using the TLS client upgrade as soon as possible.

Cheers,
  Jack


More information about the botan-announce mailing list