Accepting request 523556 from devel:libraries:c_c++

1

OBS-URL: https://build.opensuse.org/request/show/523556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=13

mbedtls-2.5.1-apache.tgz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:559aeb8c8941262d6aad96a0286a230e7ff988ba53efbf609230ca1f81cc81f9
-size 1955461

mbedtls-2.6.0-apache.tgz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:99bc9d4212d3d885eeb96273bcde8ecc649a481404b8d7ea7bb26397c9909687
+size 1973397

mbedtls.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Mon Sep 11 21:03:15 UTC 2017 - fisiu@opensuse.org
+
+-  Update to version 2.6.0:
+  * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
+    and the context struct mbedtls_platform_context to perform
+    platform-specific setup and teardown operations. The macro
+    MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
+    by the user in a platform_alt.h file. These new functions are required in
+    some embedded environments to provide a means of initialising underlying
+    cryptographic acceleration hardware.
+  * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
+    API consistent with mbed TLS 2.5.0. Specifically removed the inline
+    qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
+    mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found
+    by James Cowgill. #978
+  * Certificate verification functions now set flags to -1 in case the full
+    chain was not verified due to an internal error (including in the verify
+    callback) or chain length limitations.
+  * With authmode set to optional, the TLS handshake is now aborted if the
+    verification of the peer's certificate failed due to an overlong chain or
+    a fatal error in the verify callback.
+  * Fix authentication bypass in SSL/TLS: when authmode is set to optional,
+    mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
+    X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
+    (default: 8) intermediates, even when it was not trusted. This could be
+    triggered remotely from either side. (With authmode set to 'required'
+    (the default), the handshake was correctly aborted).
+    Fix for CVE-2017-14032 and boo#1056544.
+  * Reliably wipe sensitive data after use in the AES example applications
+    programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
+    Found by Laurent Simon.
+
 -------------------------------------------------------------------
 Mon Jul 10 14:17:59 UTC 2017 - mpluskal@suse.com
 

mbedtls.spec

@@ -20,7 +20,7 @@
 %define lib_crypto libmbedcrypto0
 %define lib_x509   libmbedx509-0
 Name:           mbedtls
-Version:        2.5.1
+Version:        2.6.0
 Release:        0
 Summary:        Libraries for crypto and SSL/TLS protocols
 License:        Apache-2.0