Accepting request 352824 from devel:libraries:c_c++

- Update to 1.3.16 OBS-URL: https://build.opensuse.org/request/show/352824 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=7
2016-01-15 09:38:38 +00:00 · 2016-01-15 09:38:38 +00:00 · dc276d9720
commit dc276d9720
parent 217a612d5a
4 changed files with 31 additions and 11 deletions
--- a/mbedtls-1.3.15-gpl.tgz
+++ b/mbedtls-1.3.15-gpl.tgz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ed0be9905ba08f614772ac2b6dcce0c65cf3fb235cab7e6894838efc19518da3
-size 1758935
--- a/mbedtls-1.3.16-gpl.tgz
+++ b/mbedtls-1.3.16-gpl.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f413146c177c52d4ad8f48015e2fb21dd3a029ca30a2ea000cbc4f9bd092c933
+size 1760112
--- a/mbedtls.changes
+++ b/mbedtls.changes
@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Sun Jan 10 13:08:11 UTC 2016 - mpluskal@suse.com
+
+- Update to 1.3.16
+  * Fixes a potential double free when 
+    mbedtls_asn1_store_named_data() fails to allocate memory. This 
+    was only used for certificate generation and was not 
+    triggerable remotely in SSL/TLS. boo#961290
+  * Disables by default MD5 handshake signatures in TLS 1.2 to 
+    prevent the  SLOTH (CVE-2015-7575) attack on TLS 1.2 server 
+    authentication (other attacks from the SLOTH paper do not apply
+    to any version of mbed TLS or PolarSSL). boo#961284
+  * Fixes an over-restrictive length limit in GCM.
+  * Fixes a bug in certificate validation that caused valid chains 
+    to be rejected when the first intermediate certificate has a 
+    pathLenConstraint equal to zero.
+  * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign()
+  * Added config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES to 
+    control use of MD5-based signatures for TLS 1.2 handshake 
+    (disabled by default).
+
 -------------------------------------------------------------------
 Wed Nov 18 13:29:03 UTC 2015 - mpluskal@suse.com

--- a/mbedtls.spec
+++ b/mbedtls.spec
@ -1,7 +1,7 @@
 #
 # spec file for package mbedtls
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %define lib_name lib%{name}9
 Name:           mbedtls
-Version:        1.3.15
+Version:        1.3.16
 Release:        0
 Summary:        Open Source embedded SSL/TLS cryptographic library
 License:        GPL-2.0+
@ -44,7 +44,7 @@ A portable, easy to use, readable and flexible SSL library.
 %package devel
 Summary:        Open Source embedded SSL/TLS cryptographic library
 Group:          Development/Libraries/C and C++
-Requires:       %{lib_name} = %{version}
+Requires:       %{lib_name} = %{version}-%{release}
 Provides:       libpolarssl-devel = %{version}
 Obsoletes:      libpolarssl-devel < %{version}
 Provides:       polarssl-devel = %{version}
@ -60,11 +60,10 @@ sed -i 's|//\(#define POLARSSL_THREADING_PTHREAD\)|\1|' include/polarssl/config.

 %build
 %cmake \
-    -DUSE_SHARED_MBEDTLS_LIBRARY=ON \
-    -DUSE_STATIC_MBEDTLS_LIBRARY=OFF \
-    -DENABLE_ZLIB_SUPPORT=ON \
-    -DENABLE_PROGRAMS=OFF
-
+  -DUSE_SHARED_MBEDTLS_LIBRARY=ON \
+  -DUSE_STATIC_MBEDTLS_LIBRARY=OFF \
+  -DENABLE_ZLIB_SUPPORT=ON \
+  -DENABLE_PROGRAMS=OFF
 make VERBOSE=1 %{?_smp_mflags}

 %install