Accepting request 352824 from devel:libraries:c_c++

- Update to 1.3.16 OBS-URL: https://build.opensuse.org/request/show/352824 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=7
2016-01-15 09:38:38 +00:00
parent 217a612d5a
commit dc276d9720
4 changed files with 31 additions and 11 deletions
--- a/mbedtls.changes
+++ b/mbedtls.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Sun Jan 10 13:08:11 UTC 2016 - mpluskal@suse.com
+
+- Update to 1.3.16
+  * Fixes a potential double free when 
+    mbedtls_asn1_store_named_data() fails to allocate memory. This 
+    was only used for certificate generation and was not 
+    triggerable remotely in SSL/TLS. boo#961290
+  * Disables by default MD5 handshake signatures in TLS 1.2 to 
+    prevent the  SLOTH (CVE-2015-7575) attack on TLS 1.2 server 
+    authentication (other attacks from the SLOTH paper do not apply
+    to any version of mbed TLS or PolarSSL). boo#961284
+  * Fixes an over-restrictive length limit in GCM.
+  * Fixes a bug in certificate validation that caused valid chains 
+    to be rejected when the first intermediate certificate has a 
+    pathLenConstraint equal to zero.
+  * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign()
+  * Added config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES to 
+    control use of MD5-based signatures for TLS 1.2 handshake 
+    (disabled by default).
+
 -------------------------------------------------------------------
 Wed Nov 18 13:29:03 UTC 2015 - mpluskal@suse.com