pool/mbedtls
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to version 3.5.0 (resolves bsc#1216078 CVE-2023-45199 and bsc#1216076 CVE-2023-43615):

Browse Source 
* Updated BRANCHES.MD
  * Re-assemble changelog to add missing item, plus a couple of typo fixes.
  * Bump library so-crypto, so-x509, so-tls versions.
  * Ignore tests of built-in interfaces for driver-only testing parity
  * Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
  * Auto-generated files for v3.5.0
  * ChangeLog: Set release date
  * Prepare ChangeLog for 3.5.0 release
  * Bump version to 3.5.0
  * check-generated-files: Added psa_crypto_driver_wrappers_no_static.c file
  * Changelog: Added entry for psa_crypto_driver_wrappers rename
  * Remove leftover local debug line
  * ChangeLog: Added .txt extension to log entries.
  * Avoid compiler warning about size comparison
  * Improve some debug messages and error codes
  * In TLS 1.2, only servers are affected
  * Changelog entry for xxdh_psa_peerkey size validation
  * Improve robustness of ECDH public key length validation
  * Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing
  * Fix buffer overflow in TLS 1.3 ECDH public key parsing
  * Add custom config logic to 3rdparty modules
  * CMake: fix build with 3rdparty module enabled through a custom config
  * Changelog entry for #7298
  * Fix ChangeLog entry for FFDH in PSA
  * Undo not-needed change
  * Remove redundant code
  * Assume get_num_ops cannot fail
  * Always call get_num_ops
  * Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake

OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls?expand=0&rev=44
This commit is contained in:
Martin Pluskal 2023-10-11 10:31:58 +00:00 committed by Git OBS Bridge
parent 568de537a1
commit 5ef5708e1b
8 changed files with 2948 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_service
View File

@ -1,11 +1,11 @@
<services>
<service name="obs_scm" mode="disabled">
<param name="versionformat">3.4.1</param>
<service name="obs_scm" mode="manual">
<param name="versionformat">3.5.0</param>
<param name="url">https://github.com/Mbed-TLS/mbedtls.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
<param name="exclude">.*</param>
<param name="revision">refs/tags/v3.4.1</param>
<param name="revision">refs/tags/v3.5.0</param>
</service>
<service name="tar" mode="buildtime"/>
<service name="recompress" mode="buildtime">

2
_servicedata
View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/Mbed-TLS/mbedtls.git</param>
<param name="changesrevision">72718dd87e087215ce9155a826ee5a66cfbe9631</param></service></servicedata>
<param name="changesrevision">1ec69067fa1351427f904362c1221b31538c8b57</param></service></servicedata>

3
mbedtls-3.4.1.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1526f541c40b33c4e6bde0ee5e8bed223db26be376fee546f36ebb05e7a71cbe
size 37190157

3
mbedtls-3.5.0.obscpio Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:95c0f06329908d495b1a843d9e2bf08a593eb572ab95a1a69957e1f8b65eb9e5
size 43464717

13
mbedtls-enable-pthread.patch
View File

@ -1,7 +1,8 @@
diff -purN a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
--- a/include/mbedtls/mbedtls_config.h 2023-03-27 19:05:28.000000000 +0200
+++ b/include/mbedtls/mbedtls_config.h 2023-05-29 19:15:39.917530360 +0200
@@ -1917,7 +1917,7 @@
Index: mbedtls-3.5.0/include/mbedtls/mbedtls_config.h
===================================================================
--- mbedtls-3.5.0.orig/include/mbedtls/mbedtls_config.h
+++ mbedtls-3.5.0/include/mbedtls/mbedtls_config.h
@@ -2085,7 +2085,7 @@
*
* Uncomment this to enable pthread mutexes.
*/
@ -10,9 +11,9 @@ diff -purN a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
/**
* \def MBEDTLS_USE_PSA_CRYPTO
@@ -3312,7 +3312,7 @@
@@ -3522,7 +3522,7 @@
*
* Enable this layer to allow use of mutexes within mbed TLS
* Enable this layer to allow use of mutexes within Mbed TLS
*/
-//#define MBEDTLS_THREADING_C
+#define MBEDTLS_THREADING_C

2888
mbedtls.changes
View File

File diff suppressed because it is too large Load Diff

6
mbedtls.obsinfo
View File

@ -1,4 +1,4 @@
name: mbedtls
version: 3.4.1
mtime: 1691060708
commit: 72718dd87e087215ce9155a826ee5a66cfbe9631
version: 3.5.0
mtime: 1696459621
commit: 1ec69067fa1351427f904362c1221b31538c8b57

58
mbedtls.spec
View File

@ -16,15 +16,16 @@
#
%define lib_tls libmbedtls19
%define lib_crypto libmbedcrypto14
%define lib_x509 libmbedx509-5
%define lib_tls libmbedtls20
%define lib_crypto libmbedcrypto15
%define lib_x509 libmbedx509-6
%define lib_everest libeverest
%define lib_p256m libp256m
Name: mbedtls
Version: 3.4.1
Version: 3.5.0
Release: 0
Summary: Libraries for crypto and SSL/TLS protocols
License: Apache-2.0
Group: Development/Libraries/C and C++
URL: https://tls.mbed.org
Source: %{name}-%{version}.tar.gz
Source99: baselibs.conf
@ -45,7 +46,6 @@ exchanges.
%package -n %{lib_tls}
Summary: Transport Layer Security protocol suite
Group: System/Libraries
%description -n %{lib_tls}
mbedtls implements the SSL 3.0, TLS 1.0, 1.1 and 1.2 protocols. It
@ -58,7 +58,6 @@ exchanges.
%package -n %{lib_crypto}
Summary: Cryptographic base library for mbedtls
Group: System/Libraries
%description -n %{lib_crypto}
This subpackage of mbedtls contains a library that exposes
@ -67,19 +66,31 @@ AES, MD5, SHA, Elliptic Curves, BigNum, PKCS, ASN.1, BASE64.
%package -n %{lib_x509}
Summary: Library to work with X.509 certificates
Group: System/Libraries
%description -n %{lib_x509}
This subpackage of mbedtls contains a library that can read, verify
and write X.509 certificates, read/write Certificate Signing Requests
and read Certificate Revocation Lists.
%package -n %{lib_everest}
Summary: Library libeverest
%description -n %{lib_everest}
This subpackage of mbedtls contains libeverest
%package -n %{lib_p256m}
Summary: Library libp256m
%description -n %{lib_p256m}
This subpackage of mbedtls contains libp256m
%package devel
Summary: Development files for mbedtls, a SSL/TLS library
Group: Development/Libraries/C and C++
Requires: %{lib_crypto} = %{version}
Requires: %{lib_tls} = %{version}
Requires: %{lib_x509} = %{version}
Requires: %{lib_everest} = %{version}
Requires: %{lib_p256m} = %{version}
%description devel
This subpackage contains the development files for mbedtls,
@ -111,22 +122,31 @@ pushd build
LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
%{_bindir}/ctest --output-on-failure --force-new-ctest-process
%post -n %{lib_tls} -p /sbin/ldconfig
%post -n %{lib_crypto} -p /sbin/ldconfig
%post -n %{lib_x509} -p /sbin/ldconfig
%postun -n %{lib_tls} -p /sbin/ldconfig
%postun -n %{lib_crypto} -p /sbin/ldconfig
%postun -n %{lib_x509} -p /sbin/ldconfig
%ldconfig_scriptlets -n %{lib_tls}
%ldconfig_scriptlets -n %{lib_crypto}
%ldconfig_scriptlets -n %{lib_x509}
%ldconfig_scriptlets -n %{lib_everest}
%ldconfig_scriptlets -n %{lib_p256m}
%files devel
%license LICENSE
%doc ChangeLog README.md
%dir %{_includedir}/mbedtls
%dir %{_includedir}/psa
%dir %{_includedir}/everest
%dir %{_includedir}/everest/kremlin
%dir %{_includedir}/everest/kremlin/internal
%dir %{_includedir}/everest/kremlib
%dir %{_includedir}/everest/vs2013
%dir %{_libdir}/cmake/MbedTLS
%{_libdir}/cmake/MbedTLS/*
%{_includedir}/mbedtls/*.h
%{_includedir}/psa/*.h
%{_includedir}/everest/*.h
%{_includedir}/everest/kremlin/*.h
%{_includedir}/everest/kremlin/internal/*.h
%{_includedir}/everest/kremlib/*.h
%{_includedir}/everest/vs2013/*.h
%{_libdir}/libmbedtls.so
%{_libdir}/libmbedcrypto.so
%{_libdir}/libmbedx509.so
@ -143,4 +163,12 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
%license LICENSE
%{_libdir}/libmbedx509.so.*
%files -n %{lib_everest}
%license LICENSE
%{_libdir}/libeverest.so
%files -n %{lib_p256m}
%license LICENSE
%{_libdir}/libp256m.so
%changelog