diff --git a/_service b/_service index eb336ac..731b143 100644 --- a/_service +++ b/_service @@ -1,11 +1,11 @@ - 3.5.1 + 3.5.2 https://github.com/Mbed-TLS/mbedtls.git git enable .* - refs/tags/v3.5.1 + refs/tags/v3.5.2 diff --git a/_servicedata b/_servicedata index 49a777d..207579e 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/Mbed-TLS/mbedtls.git - edb8fec9882084344a314368ac7fd957a187519c \ No newline at end of file + daca7a3979c22da155ec9dce49ab1abf3b65d3a9 \ No newline at end of file diff --git a/mbedtls-3.5.1.obscpio b/mbedtls-3.5.1.obscpio deleted file mode 100644 index 6e92dda..0000000 --- a/mbedtls-3.5.1.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18a7cdaba3c7433fef4ef37b25c5f2fd73cf5c69123ed5fc3452cc46f7e9f8b8 -size 43188749 diff --git a/mbedtls-3.5.2.obscpio b/mbedtls-3.5.2.obscpio new file mode 100644 index 0000000..2d02a50 --- /dev/null +++ b/mbedtls-3.5.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:347e7c72f46473a8e990a4439d9309feb7dac429b9f6d4acf4782dae3ff65d8d +size 43192333 diff --git a/mbedtls.changes b/mbedtls.changes index 2004c19..d2b2717 100644 --- a/mbedtls.changes +++ b/mbedtls.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Wed Jan 31 08:11:12 UTC 2024 - Martin Pluskal + +- Update to version 3.5.2: + * Update BRANCHES.md + * Bump version + * Assemble Changelog + * Update Marvin fix Changelog entry + * Add warning for PKCS 1.5 decryption + * Fix typo + * RSA: improve readability + * RSA: remove unneeded temporaries + * RSA: document Montgomery trick in unblind + * Fix style + * Make local function static + * Add Changelog for the Marvin attack fix + * Extend blinding to RSA result check + * Make RSA unblinding constant flow + * Add Changelog for #8687 + * Add required dependency to the testcase + * Remove unneeded testcase + * Update test-data to use SIZE_MAX + * Add missing newline at the end of test_suite_x509write.data + * Update fix to be more platform-independent + * Fix Issue #8687 + * Add tests for Issue #8687 +- Resolves CVE-2024-23170 boo#1219336 + ------------------------------------------------------------------- Tue Jan 23 11:12:58 UTC 2024 - Lubos Kocman diff --git a/mbedtls.obsinfo b/mbedtls.obsinfo index 405fe72..5972a6d 100644 --- a/mbedtls.obsinfo +++ b/mbedtls.obsinfo @@ -1,4 +1,4 @@ name: mbedtls -version: 3.5.1 -mtime: 1699443360 -commit: edb8fec9882084344a314368ac7fd957a187519c +version: 3.5.2 +mtime: 1706089751 +commit: daca7a3979c22da155ec9dce49ab1abf3b65d3a9 diff --git a/mbedtls.spec b/mbedtls.spec index 5657487..37ed481 100644 --- a/mbedtls.spec +++ b/mbedtls.spec @@ -1,7 +1,7 @@ # # spec file for package mbedtls # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define lib_everest libeverest %define lib_p256m libp256m Name: mbedtls -Version: 3.5.1 +Version: 3.5.2 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 OR GPL-2.0-or-later @@ -87,10 +87,10 @@ This subpackage of mbedtls contains libp256m %package devel Summary: Development files for mbedtls, a SSL/TLS library Requires: %{lib_crypto} = %{version} -Requires: %{lib_tls} = %{version} -Requires: %{lib_x509} = %{version} Requires: %{lib_everest} = %{version} Requires: %{lib_p256m} = %{version} +Requires: %{lib_tls} = %{version} +Requires: %{lib_x509} = %{version} %description devel This subpackage contains the development files for mbedtls,