rpm/mbedtls-2
SHA256
1
0
Fork 0
forked from pool/mbedtls-2
Code Pull Requests Activity

Accepting request 1198387 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1198387
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls-2?expand=0&rev=8
This commit is contained in:
Dominique Leuenberger 2024-09-03 11:38:58 +00:00 committed by Git OBS Bridge
commit edff8d6d74
5 changed files with 90 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
fix_calloc-transposed-args.patch Normal file
View File

@ -0,0 +1,59 @@
From 990a88cd53d40ff42481a2c200b05f656507f326 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyich@gmail.com>
Date: Thu, 25 Jan 2024 20:48:56 +0000
Subject: [PATCH] tests: fix `calloc()` argument list (`gcc-14` fix)
`gcc-14` added a new `-Wcalloc-transposed-args` warning recently. It
detected minor infelicity in `calloc()` API usage in `mbedtls`:
In file included from /build/mbedtls/tests/include/test/ssl_helpers.h:19,
from /build/mbedtls/tests/src/test_helpers/ssl_helpers.c:11:
/build/mbedtls/tests/src/test_helpers/ssl_helpers.c: In function 'mbedtls_test_init_handshake_options':
/build/mbedtls/tests/include/test/macros.h:128:46:
error: 'calloc' sizes specified with 'sizeof' in the earlier argument
and not in the later argument [-Werror=calloc-transposed-args]
128 | (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
| ^
Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
---
tests/include/test/macros.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index 894fc6727cc8..3c347e17e901 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -135,8 +135,8 @@
do { \
TEST_ASSERT((pointer) == NULL); \
if ((item_count) != 0) { \
- (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
- (item_count)); \
+ (pointer) = mbedtls_calloc((item_count), \
+ sizeof(*(pointer))); \
TEST_ASSERT((pointer) != NULL); \
} \
} while (0)
@@ -165,8 +165,8 @@
#define TEST_CALLOC_NONNULL(pointer, item_count) \
do { \
TEST_ASSERT((pointer) == NULL); \
- (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
- (item_count)); \
+ (pointer) = mbedtls_calloc((item_count), \
+ sizeof(*(pointer))); \
if (((pointer) == NULL) && ((item_count) == 0)) { \
(pointer) = mbedtls_calloc(1, 1); \
} \
@@ -185,8 +185,8 @@
do { \
TEST_ASSERT((pointer) == NULL); \
if ((item_count) != 0) { \
- (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
- (item_count)); \
+ (pointer) = mbedtls_calloc((item_count), \
+ sizeof(*(pointer))); \
TEST_ASSUME((pointer) != NULL); \
} \
} while (0)

3
mbedtls-2.28.8.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4fef7de0d8d542510d726d643350acb3cdb9dc76ad45611b59c9aa08372b4213
size 4039097

3
mbedtls-2.28.9.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e4dbcf86a4fb31506482888560f02b161e0ecfb82fee0643abcfc86abee5817e
size 4075616

25
mbedtls-2.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Mon Sep 2 19:59:03 UTC 2024 - Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net>
- Update to version 2.28.9:
Security
* Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
CVE-2024-45157
Bugfix
* Fix the build in some configurations when check_config.h is not included.
Fix gh#Mbed-TLS/mbedtls#9152.
* Fix issue of redefinition warning messages for _GNU_SOURCE in
entropy_poll.c and sha_256.c. There was a build warning during building for
linux platform. Resolves gh#Mbed-TLS/mbedtls#9026
* Fix error handling when creating a key in a dynamic secure element
(feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
the creation could return PSA_SUCCESS but using or destroying the key would
not work. Fixes gh#Mbed-TLS/mbedtls#8537.
* Fix a memory leak that could occur when failing to process an RSA
key through some PSA functions due to low memory conditions. Document and
enforce the limitation of mbedtls_psa_register_se_key()
to persistent keys. Resolves gh#Mbed-TLS/mbedtls#9253.
- Add fix_calloc-transposed-args.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Mar 31 12:10:53 UTC 2024 - Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net> Sun Mar 31 12:10:53 UTC 2024 - Jaime Marquínez Ferrándiz <jaime.marquinez.ferrandiz@fastmail.net>

4
mbedtls-2.spec
View File

@ -21,7 +21,7 @@
%define lib_x509 libmbedx509-1 %define lib_x509 libmbedx509-1
%define _rname mbedtls %define _rname mbedtls
Name: mbedtls-2 Name: mbedtls-2
Version: 2.28.8 Version: 2.28.9
Release: 0 Release: 0
Summary: Libraries for crypto and SSL/TLS protocols Summary: Libraries for crypto and SSL/TLS protocols
License: Apache-2.0 OR GPL-2.0-or-later License: Apache-2.0 OR GPL-2.0-or-later
@ -29,6 +29,8 @@ Group: Development/Libraries/C and C++
URL: https://tls.mbed.org URL: https://tls.mbed.org
Source: https://github.com/ARMmbed/mbedtls/archive/v%{version}.tar.gz#/%{_rname}-%{version}.tar.gz Source: https://github.com/ARMmbed/mbedtls/archive/v%{version}.tar.gz#/%{_rname}-%{version}.tar.gz
Source99: baselibs.conf Source99: baselibs.conf
# PATCH-FIX-UPSTREAM: https://github.com/Mbed-TLS/mbedtls/pull/9529
Patch0: fix_calloc-transposed-args.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: ninja BuildRequires: ninja
BuildRequires: pkgconfig BuildRequires: pkgconfig