diff --git a/mbedtls-2.25.0.tar.gz b/mbedtls-2.25.0.tar.gz deleted file mode 100644 index e54056b..0000000 --- a/mbedtls-2.25.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f838f670f51070bc6b4ebf0c084affd9574652ded435b064969f36ce4e8b586d -size 3994316 diff --git a/mbedtls-2.26.0.tar.gz b/mbedtls-2.26.0.tar.gz new file mode 100644 index 0000000..9263a83 --- /dev/null +++ b/mbedtls-2.26.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:37949e823c7e1f6695fc56858578df355da0770c284b1c1304cfc8b396d539cd +size 4081036 diff --git a/mbedtls-4237.patch b/mbedtls-4237.patch new file mode 100644 index 0000000..75a22ac --- /dev/null +++ b/mbedtls-4237.patch @@ -0,0 +1,150 @@ +From 29b641688d038143a193c69eac4d6e8eacc934d8 Mon Sep 17 00:00:00 2001 +From: Paul Elliott +Date: Wed, 17 Mar 2021 13:02:02 +0000 +Subject: [PATCH 1/2] Fix printf format issue in programs + +Fix issues that were missed as part of previous printf attribute +cleanup + +Signed-off-by: Paul Elliott +--- + programs/random/gen_random_havege.c | 2 +- + programs/ssl/ssl_pthread_server.c | 22 ++++++++++++---------- + 2 files changed, 13 insertions(+), 11 deletions(-) + +diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c +index ccca7f3d470..e82e62769e8 100644 +--- a/programs/random/gen_random_havege.c ++++ b/programs/random/gen_random_havege.c +@@ -81,7 +81,7 @@ int main( int argc, char *argv[] ) + if( ( ret = mbedtls_havege_random( &hs, buf, sizeof( buf ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_havege_random returned -0x%04X", +- -ret ); ++ ( unsigned int ) -ret ); + goto exit; + } + +diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c +index c8ab21522ed..c4c6ef1037b 100644 +--- a/programs/ssl/ssl_pthread_server.c ++++ b/programs/ssl/ssl_pthread_server.c +@@ -142,7 +142,7 @@ static void *handle_ssl_connection( void *data ) + if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 ) + { + mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n", +- thread_id, -ret ); ++ thread_id, ( unsigned int ) -ret ); + goto thread_exit; + } + +@@ -158,7 +158,7 @@ static void *handle_ssl_connection( void *data ) + if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n", +- thread_id, -ret ); ++ thread_id, ( unsigned int ) -ret ); + goto thread_exit; + } + } +@@ -195,7 +195,7 @@ static void *handle_ssl_connection( void *data ) + + default: + mbedtls_printf( " [ #%ld ] mbedtls_ssl_read returned -0x%04x\n", +- thread_id, -ret ); ++ thread_id, ( unsigned int ) -ret ); + goto thread_exit; + } + } +@@ -229,7 +229,7 @@ static void *handle_ssl_connection( void *data ) + if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n", +- thread_id, ret ); ++ thread_id, ( unsigned int ) ret ); + goto thread_exit; + } + } +@@ -246,7 +246,7 @@ static void *handle_ssl_connection( void *data ) + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n", +- thread_id, ret ); ++ thread_id, ( unsigned int ) ret ); + goto thread_exit; + } + } +@@ -263,7 +263,7 @@ static void *handle_ssl_connection( void *data ) + char error_buf[100]; + mbedtls_strerror( ret, error_buf, 100 ); + mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n", +- thread_id, -ret, error_buf ); ++ thread_id, ( unsigned int ) -ret, error_buf ); + } + #endif + +@@ -408,7 +408,7 @@ int main( void ) + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", +- -ret ); ++ ( unsigned int ) -ret ); + goto exit; + } + +@@ -425,7 +425,7 @@ int main( void ) + MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) + { + mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n", +- -ret ); ++ ( unsigned int ) -ret ); + goto exit; + } + +@@ -470,7 +470,8 @@ int main( void ) + { + char error_buf[100]; + mbedtls_strerror( ret, error_buf, 100 ); +- mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf ); ++ mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", ( unsigned int ) -ret, ++ error_buf ); + } + #endif + +@@ -482,7 +483,8 @@ int main( void ) + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, + NULL, 0, NULL ) ) != 0 ) + { +- mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret ); ++ mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ++ ( unsigned int ) ret ); + goto exit; + } + + +From 2065a8d8af27c6cb1e40c9462b5933336dca7434 Mon Sep 17 00:00:00 2001 +From: Paul Elliott +Date: Wed, 17 Mar 2021 13:12:22 +0000 +Subject: [PATCH 2/2] Reduce level of -Wformat-truncation + +Reduce level of format truncation warnings due to issues with false +positives (an unknown size buffer is always treated as size 1) + +Signed-off-by: Paul Elliott +--- + CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 2ab2e01ebf0..14ca7b69625 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -198,7 +198,7 @@ if(CMAKE_COMPILER_IS_GNU) + endif() + endif() + if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) +- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2") ++ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation") + endif() + set(CMAKE_C_FLAGS_RELEASE "-O2") + set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") diff --git a/mbedtls.changes b/mbedtls.changes index fcb19c1..d938050 100644 --- a/mbedtls.changes +++ b/mbedtls.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Mar 22 15:54:07 UTC 2021 - Guillaume GARDET + +- Update to 2.26.0: + * * This release of Mbed TLS provides bug fixes, minor enhancements and new + features. This release includes fixes for security issues. + * see https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0 +- Fix build with patch from https://github.com/ARMmbed/mbedtls/pull/4237 + ------------------------------------------------------------------- Tue Jan 19 20:25:34 UTC 2021 - Luigi Baldoni diff --git a/mbedtls.spec b/mbedtls.spec index f8ea58e..2e4cb86 100644 --- a/mbedtls.spec +++ b/mbedtls.spec @@ -15,12 +15,11 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # - %define lib_tls libmbedtls13 %define lib_crypto libmbedcrypto6 %define lib_x509 libmbedx509-1 Name: mbedtls -Version: 2.25.0 +Version: 2.26.0 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 @@ -28,6 +27,8 @@ Group: Development/Libraries/C and C++ URL: https://tls.mbed.org Source: https://github.com/ARMmbed/mbedtls/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM - https://github.com/ARMmbed/mbedtls/issues/4233 +Patch1: mbedtls-4237.patch BuildRequires: cmake BuildRequires: ninja BuildRequires: pkgconfig @@ -87,7 +88,7 @@ a suite of libraries for cryptographic functions and the SSL/TLS protocol suite. %prep -%autosetup +%autosetup -p1 sed -i 's|//\(#define MBEDTLS_ZLIB_SUPPORT\)|\1|' include/mbedtls/config.h sed -i 's|//\(#define MBEDTLS_HAVEGE_C\)|\1|' include/mbedtls/config.h sed -i 's|//\(#define MBEDTLS_THREADING_C\)|\1|' include/mbedtls/config.h