Commit d20a0116b2 for strongswan.org

commit d20a0116b243d6695175ff7db9644059ef597afc
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Thu Dec 11 17:25:12 2025 +0100

    Use Botan 3.10.0 for tests

    Clean up leak-detective whitelist for newer Botan versions but add
    `botan_private_key_load` as `botan_privkey_load*` won't show up anymore
    without bfd-backtraces due to inlining if we don't call it directly.

    Ref: https://github.com/randombit/botan/discussions/4868

diff --git a/scripts/test.sh b/scripts/test.sh
index 23ff134362..f5cbd1ce60 100755
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -4,7 +4,7 @@
 build_botan()
 {
 	# same revision used in the build recipe of the testing environment
-	BOTAN_REV=3.7.1
+	BOTAN_REV=3.10.0
 	BOTAN_DIR=$DEPS_BUILD_DIR/botan

 	if test -d "$BOTAN_DIR"; then
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 1ae19fd96d..201b0f619b 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -663,12 +663,10 @@ static char *whitelist[] = {
 	"TNC_IMC_NotifyConnectionChange",
 	"TNC_IMV_NotifyConnectionChange",
 	/* Botan */
-	"botan_public_key_load",
 	"botan_privkey_create",
-	"botan_privkey_load_ecdh",
-	"botan_privkey_load",
 	"botan_privkey_load_rsa_pkcs1",
-	"botan_kdf",
+	"botan_privkey_load",
+	"botan_private_key_load",
 	/* C++ due to Botan */
 	"__cxa_get_globals",
 	"__cxa_thread_atexit",
diff --git a/testing/scripts/recipes/011_botan.mk b/testing/scripts/recipes/011_botan.mk
index 96e5dd7c3f..f3c1f984ff 100644
--- a/testing/scripts/recipes/011_botan.mk
+++ b/testing/scripts/recipes/011_botan.mk
@@ -2,7 +2,7 @@

 PKG = botan
 SRC = https://github.com/randombit/$(PKG).git
-REV = 3.7.1
+REV = 3.10.0

 NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)