diff --git a/mbedtls-1.3.15-gpl.tgz b/mbedtls-1.3.15-gpl.tgz deleted file mode 100644 index 9b541db..0000000 --- a/mbedtls-1.3.15-gpl.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed0be9905ba08f614772ac2b6dcce0c65cf3fb235cab7e6894838efc19518da3 -size 1758935 diff --git a/mbedtls-1.3.16-gpl.tgz b/mbedtls-1.3.16-gpl.tgz new file mode 100644 index 0000000..4a50f3e --- /dev/null +++ b/mbedtls-1.3.16-gpl.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f413146c177c52d4ad8f48015e2fb21dd3a029ca30a2ea000cbc4f9bd092c933 +size 1760112 diff --git a/mbedtls.changes b/mbedtls.changes index 997303f..ec0d435 100644 --- a/mbedtls.changes +++ b/mbedtls.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Sun Jan 10 13:08:11 UTC 2016 - mpluskal@suse.com + +- Update to 1.3.16 + * Fixes a potential double free when + mbedtls_asn1_store_named_data() fails to allocate memory. This + was only used for certificate generation and was not + triggerable remotely in SSL/TLS. boo#961290 + * Disables by default MD5 handshake signatures in TLS 1.2 to + prevent the SLOTH (CVE-2015-7575) attack on TLS 1.2 server + authentication (other attacks from the SLOTH paper do not apply + to any version of mbed TLS or PolarSSL). boo#961284 + * Fixes an over-restrictive length limit in GCM. + * Fixes a bug in certificate validation that caused valid chains + to be rejected when the first intermediate certificate has a + pathLenConstraint equal to zero. + * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign() + * Added config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES to + control use of MD5-based signatures for TLS 1.2 handshake + (disabled by default). + ------------------------------------------------------------------- Wed Nov 18 13:29:03 UTC 2015 - mpluskal@suse.com diff --git a/mbedtls.spec b/mbedtls.spec index 8ac59c0..d7b39d7 100644 --- a/mbedtls.spec +++ b/mbedtls.spec @@ -1,7 +1,7 @@ # # spec file for package mbedtls # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define lib_name lib%{name}9 Name: mbedtls -Version: 1.3.15 +Version: 1.3.16 Release: 0 Summary: Open Source embedded SSL/TLS cryptographic library License: GPL-2.0+ @@ -44,7 +44,7 @@ A portable, easy to use, readable and flexible SSL library. %package devel Summary: Open Source embedded SSL/TLS cryptographic library Group: Development/Libraries/C and C++ -Requires: %{lib_name} = %{version} +Requires: %{lib_name} = %{version}-%{release} Provides: libpolarssl-devel = %{version} Obsoletes: libpolarssl-devel < %{version} Provides: polarssl-devel = %{version} @@ -60,11 +60,10 @@ sed -i 's|//\(#define POLARSSL_THREADING_PTHREAD\)|\1|' include/polarssl/config. %build %cmake \ - -DUSE_SHARED_MBEDTLS_LIBRARY=ON \ - -DUSE_STATIC_MBEDTLS_LIBRARY=OFF \ - -DENABLE_ZLIB_SUPPORT=ON \ - -DENABLE_PROGRAMS=OFF - + -DUSE_SHARED_MBEDTLS_LIBRARY=ON \ + -DUSE_STATIC_MBEDTLS_LIBRARY=OFF \ + -DENABLE_ZLIB_SUPPORT=ON \ + -DENABLE_PROGRAMS=OFF make VERBOSE=1 %{?_smp_mflags} %install