pool/mbedtls
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 880551 from home:Guillaume_G:branches:security:tls

Browse Source 
- Update to 2.26.0:
  * * This release of Mbed TLS provides bug fixes, minor enhancements and new
  features. This release includes fixes for security issues.
  * see https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
- Fix build with patch from https://github.com/ARMmbed/mbedtls/pull/4237

OBS-URL: https://build.opensuse.org/request/show/880551
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=26
This commit is contained in:
Martin Pluskal 2021-03-23 07:12:35 +00:00 committed by Git OBS Bridge
parent 4cc712ceaf
commit 3df51e185e
5 changed files with 166 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mbedtls-2.25.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f838f670f51070bc6b4ebf0c084affd9574652ded435b064969f36ce4e8b586d
size 3994316

3
mbedtls-2.26.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:37949e823c7e1f6695fc56858578df355da0770c284b1c1304cfc8b396d539cd
size 4081036

150
mbedtls-4237.patch Normal file
View File

@ -0,0 +1,150 @@
From 29b641688d038143a193c69eac4d6e8eacc934d8 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 17 Mar 2021 13:02:02 +0000
Subject: [PATCH 1/2] Fix printf format issue in programs
Fix issues that were missed as part of previous printf attribute
cleanup
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
programs/random/gen_random_havege.c | 2 +-
programs/ssl/ssl_pthread_server.c | 22 ++++++++++++----------
2 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index ccca7f3d470..e82e62769e8 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -81,7 +81,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_havege_random( &hs, buf, sizeof( buf ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_havege_random returned -0x%04X",
- -ret );
+ ( unsigned int ) -ret );
goto exit;
}
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index c8ab21522ed..c4c6ef1037b 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -142,7 +142,7 @@ static void *handle_ssl_connection( void *data )
if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 )
{
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
- thread_id, -ret );
+ thread_id, ( unsigned int ) -ret );
goto thread_exit;
}
@@ -158,7 +158,7 @@ static void *handle_ssl_connection( void *data )
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
- thread_id, -ret );
+ thread_id, ( unsigned int ) -ret );
goto thread_exit;
}
}
@@ -195,7 +195,7 @@ static void *handle_ssl_connection( void *data )
default:
mbedtls_printf( " [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
- thread_id, -ret );
+ thread_id, ( unsigned int ) -ret );
goto thread_exit;
}
}
@@ -229,7 +229,7 @@ static void *handle_ssl_connection( void *data )
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
- thread_id, ret );
+ thread_id, ( unsigned int ) ret );
goto thread_exit;
}
}
@@ -246,7 +246,7 @@ static void *handle_ssl_connection( void *data )
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
- thread_id, ret );
+ thread_id, ( unsigned int ) ret );
goto thread_exit;
}
}
@@ -263,7 +263,7 @@ static void *handle_ssl_connection( void *data )
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n",
- thread_id, -ret, error_buf );
+ thread_id, ( unsigned int ) -ret, error_buf );
}
#endif
@@ -408,7 +408,7 @@ int main( void )
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
- -ret );
+ ( unsigned int ) -ret );
goto exit;
}
@@ -425,7 +425,7 @@ int main( void )
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
- -ret );
+ ( unsigned int ) -ret );
goto exit;
}
@@ -470,7 +470,8 @@ int main( void )
{
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
- mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
+ mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", ( unsigned int ) -ret,
+ error_buf );
}
#endif
@@ -482,7 +483,8 @@ int main( void )
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
- mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret );
+ mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n",
+ ( unsigned int ) ret );
goto exit;
}
From 2065a8d8af27c6cb1e40c9462b5933336dca7434 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 17 Mar 2021 13:12:22 +0000
Subject: [PATCH 2/2] Reduce level of -Wformat-truncation
Reduce level of format truncation warnings due to issues with false
positives (an unknown size buffer is always treated as size 1)
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
CMakeLists.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2ab2e01ebf0..14ca7b69625 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -198,7 +198,7 @@ if(CMAKE_COMPILER_IS_GNU)
endif()
endif()
if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation")
endif()
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")

9
mbedtls.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Mon Mar 22 15:54:07 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update to 2.26.0:
* * This release of Mbed TLS provides bug fixes, minor enhancements and new
features. This release includes fixes for security issues.
* see https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
- Fix build with patch from https://github.com/ARMmbed/mbedtls/pull/4237
-------------------------------------------------------------------
Tue Jan 19 20:25:34 UTC 2021 - Luigi Baldoni <aloisio@gmx.com>

7
mbedtls.spec
View File

@ -15,12 +15,11 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define lib_tls libmbedtls13
%define lib_crypto libmbedcrypto6
%define lib_x509 libmbedx509-1
Name: mbedtls
Version: 2.25.0
Version: 2.26.0
Release: 0
Summary: Libraries for crypto and SSL/TLS protocols
License: Apache-2.0
@ -28,6 +27,8 @@ Group: Development/Libraries/C and C++
URL: https://tls.mbed.org
Source: https://github.com/ARMmbed/mbedtls/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source99: baselibs.conf
# PATCH-FIX-UPSTREAM - https://github.com/ARMmbed/mbedtls/issues/4233
Patch1: mbedtls-4237.patch
BuildRequires: cmake
BuildRequires: ninja
BuildRequires: pkgconfig
@ -87,7 +88,7 @@ a suite of libraries for cryptographic functions and the
SSL/TLS protocol suite.
%prep
%autosetup
%autosetup -p1
sed -i 's|//\(#define MBEDTLS_ZLIB_SUPPORT\)|\1|' include/mbedtls/config.h
sed -i 's|//\(#define MBEDTLS_HAVEGE_C\)|\1|' include/mbedtls/config.h
sed -i 's|//\(#define MBEDTLS_THREADING_C\)|\1|' include/mbedtls/config.h