Accepting request 1033622 from security:tls

OBS-URL: https://build.opensuse.org/request/show/1033622
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=34

mbedtls-2.28.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6519579b836ed78cc549375c7c18b111df5717e86ca0eeff4cb64b2674f424cc
-size 3711231

mbedtls-2.28.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4
+size 3914247

mbedtls.changes

@@ -1,3 +1,124 @@
+-------------------------------------------------------------------
+Fri Nov  4 16:53:36 UTC 2022 - Mia Herkt <mia@0x0.st>
+
+- Update to 2.28.1: (CVE-2022-35409)
+  Default behavior changes
+
+  * mbedtls_cipher_set_iv will now fail with ChaCha20 and
+    ChaCha20+Poly1305 for IV lengths other than 12. The library was
+    silently overwriting this length with 12, but did not inform
+    the caller about it.
+    gh#Mbed-TLS/mbedtls#4301
+
+  Features
+  * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA
+    crypto feature requirements in the file named by the new macro
+    MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default
+    psa/crypto_config.h. Furthermore you may name an additional
+    file to include after the main file with the macro
+    MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
+
+  Security
+  * Zeroize dynamically-allocated buffers used by the PSA Crypto
+    key storage module before freeing them. These buffers contain
+    secret key material, and could thus potentially leak the key
+    through freed heap.
+  * Fix a potential heap buffer overread in TLS 1.2 server-side
+    when MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created
+    with mbedtls_pk_setup_opaque()) is provisioned, and a static
+    ECDH ciphersuite is selected. This may result in an application
+    crash or potentially an information leak.
+  * Fix a buffer overread in DTLS ClientHello parsing in servers
+    with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled.
+    An unauthenticated client or a man-in-the-middle could cause a
+    DTLS server to read up to 255 bytes after the end of the SSL
+    input buffer. The buffer overread only happens when
+    MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that
+    depends on the exact configuration: 258 bytes if using
+    mbedtls_ssl_cookie_check(), and possibly up to 571 bytes with
+    a custom cookie check function.
+    Reported by the Cybeats PSI Team.
+
+  Bugfix
+  * Fix a memory leak if mbedtls_ssl_config_defaults() is called
+    twice.
+  * Fix several bugs (warnings, compiler and linker errors, test
+    failures) in reduced configurations when MBEDTLS_USE_PSA_CRYPTO
+    is enabled.
+  * Fix a bug in (D)TLS curve negotiation: when
+    MBEDTLS_USE_PSA_CRYPTO was enabled and an ECDHE-ECDSA or
+    ECDHE-RSA key exchange was used, the client would fail to check
+    that the curve selected by the server for ECDHE was indeed one
+    that was offered. As a result, the client would accept any
+    curve that it supported, even if that curve was not allowed
+    according to its configuration.
+    gh#Mbed-TLS/mbedtls#5291
+  * Fix unit tests that used 0 as the file UID. This failed on some
+    implementations of PSA ITS.
+    gh#Mbed-TLS/mbedtls#3838
+  * Fix API violation in mbedtls_md_process() test by adding a call
+    to mbedtls_md_starts().
+    gh#Mbed-TLS/mbedtls#2227
+  * Fix compile errors when MBEDTLS_HAVE_TIME is not defined.
+    Add tests to catch bad uses of time.h.
+  * Fix bug in the alert sending function
+    mbedtls_ssl_send_alert_message() potentially leading to
+    corrupted alert messages being sent in case the function needs
+    to be re-called after initially returning
+    MBEDTLS_SSL_WANT_WRITE.
+    gh#Mbed-TLS/mbedtls#1916
+  * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled
+    but none of MBEDTLS_SSL_HW_RECORD_ACCEL,
+    MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C, DTLS handshakes
+    using CID would crash due to a null pointer dereference.
+    Fix this.
+    gh#Mbed-TLS/mbedtls#3998
+  * Fix incorrect documentation of mbedtls_x509_crt_profile. The
+    previous documentation stated that the allowed_pks field
+    applies to signatures only, but in fact it does apply to the
+    public key type of the end entity certificate, too.
+    gh#Mbed-TLS/mbedtls#1992
+  * Fix PSA cipher multipart operations using ARC4. Previously, an
+    IV was required but discarded. Now, an IV is rejected, as it
+    should be.
+  * Fix undefined behavior in mbedtls_asn1_find_named_data(), where
+    val is not NULL and val_len is zero. psa_raw_key_agreement()
+    now returns PSA_ERROR_BUFFER_TOO_SMALL when applicable.
+    gh#Mbed-TLS/mbedtls#5735
+  * Fix a bug in the x25519 example program where the removal of
+    MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run.
+    gh#Mbed-TLS/mbedtls#4901
+    gh#Mbed-TLS/mbedtls#3191
+  * Encode X.509 dates before 1/1/2000 as UTCTime rather than
+    GeneralizedTime.
+    gh#Mbed-TLS/mbedtls#5465
+  * Fix order value of curve x448.
+  * Fix string representation of DNs when outputting values
+    containing commas and other special characters, conforming to
+    RFC 1779.
+    gh#Mbed-TLS/mbedtls#769
+  * Silence a warning from GCC 12 in the selftest program.
+    gh#Mbed-TLS/mbedtls#5974
+  * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of
+    0.
+  * Fix resource leaks in mbedtls_pk_parse_public_key() in low
+    memory conditions.
+  * Fix server connection identifier setting for outgoing encrypted
+    records on DTLS 1.2 session resumption. After DTLS 1.2 session
+    resumption with connection identifier, the Mbed TLS client now
+    properly sends the server connection identifier in encrypted
+    record headers.
+    gh#Mbed-TLS/mbedtls#5872
+  * Fix a null pointer dereference when performing some operations
+    on zero represented with 0 limbs (specifically
+    mbedtls_mpi_mod_int() dividing by 2, and
+    mbedtls_mpi_write_string() in base 2).
+  * Fix record sizes larger than 16384 being sometimes accepted
+    despite being non-compliant. This could not lead to a buffer
+    overflow. In particular, application data size was already
+    checked correctly.
+
+
 -------------------------------------------------------------------
 Mon Jan 17 13:11:33 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
 

mbedtls.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package mbedtls
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
 %define lib_crypto libmbedcrypto7
 %define lib_x509   libmbedx509-1
 Name:           mbedtls
-Version:        2.28.0
+Version:        2.28.1
 Release:        0
 Summary:        Libraries for crypto and SSL/TLS protocols
 License:        Apache-2.0