Accepting request 408503 from devel:libraries:c_c++

- Update to version 1.3.17 (boo#988956):

OBS-URL: https://build.opensuse.org/request/show/408503
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=8

mbedtls.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Thu Jul 14 12:00:56 UTC 2016 - mpluskal@suse.com
+
+- Update to version 1.3.17 (boo#988956):
+	* Security
+    + Fix missing padding length check in 
+      mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2
+    + Fix a potential integer underflow to buffer overread in 
+      mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable 
+      remotely in SSL/TLS.
+    + Fix potential integer overflow to buffer overflow in 
+      mbedtls_rsa_rsaes_pkcs1_v15_encrypt and 
+      mbedtls_rsa_rsaes_oaep_encrypt
+  * Bugfix
+    + Fix bug in mbedtls_mpi_add_mpi() that caused wrong results 
+      when the three arguments where the same (in-place doubling). 
+      Found and fixed by Janos Follath. #309
+    + Fix issue in Makefile that prevented building using armar.
+    + Fix issue that caused a hang up when generating RSA keys of 
+      odd bitlength
+    + Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made 
+      null pointer dereference possible.
+    + Fix issue that caused a crash if invalid curves were passed 
+      to mbedtls_ssl_conf_curves. #373
+    * Changes
+      + On ARM platforms, when compiling with -O0 with GCC, Clang or 
+        armcc5, don't use the optimized assembly for bignum 
+        multiplication. This removes the need to pass 
+        -fomit-frame-pointer to avoid a build error with -O0.
+      + Disabled SSLv3 in the default configuration.
+      + Fix non-compliance server extension handling. Extensions for 
+        SSLv3 are now ignored, as required by RFC6101.
+
 -------------------------------------------------------------------
 Sun Jan 10 13:08:11 UTC 2016 - mpluskal@suse.com