From 547a91b29f7406effd4594606caa86469c1c85b576fec99653e32eea681baa5d Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 21 Jul 2016 05:52:59 +0000 Subject: [PATCH] Accepting request 408503 from devel:libraries:c_c++ - Update to version 1.3.17 (boo#988956): OBS-URL: https://build.opensuse.org/request/show/408503 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=8 --- mbedtls-1.3.16-gpl.tgz | 3 --- mbedtls-1.3.17-gpl.tgz | 3 +++ mbedtls.changes | 33 +++++++++++++++++++++++++++++++++ mbedtls.spec | 5 ++--- 4 files changed, 38 insertions(+), 6 deletions(-) delete mode 100644 mbedtls-1.3.16-gpl.tgz create mode 100644 mbedtls-1.3.17-gpl.tgz diff --git a/mbedtls-1.3.16-gpl.tgz b/mbedtls-1.3.16-gpl.tgz deleted file mode 100644 index 4a50f3e..0000000 --- a/mbedtls-1.3.16-gpl.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f413146c177c52d4ad8f48015e2fb21dd3a029ca30a2ea000cbc4f9bd092c933 -size 1760112 diff --git a/mbedtls-1.3.17-gpl.tgz b/mbedtls-1.3.17-gpl.tgz new file mode 100644 index 0000000..72f3ac9 --- /dev/null +++ b/mbedtls-1.3.17-gpl.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f5beb43e850283915e3e0f8d37495eade3bfb5beedfb61e7b8da70d4c68edb82 +size 1766596 diff --git a/mbedtls.changes b/mbedtls.changes index ec0d435..04113b5 100644 --- a/mbedtls.changes +++ b/mbedtls.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Thu Jul 14 12:00:56 UTC 2016 - mpluskal@suse.com + +- Update to version 1.3.17 (boo#988956): + * Security + + Fix missing padding length check in + mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 + + Fix a potential integer underflow to buffer overread in + mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable + remotely in SSL/TLS. + + Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and + mbedtls_rsa_rsaes_oaep_encrypt + * Bugfix + + Fix bug in mbedtls_mpi_add_mpi() that caused wrong results + when the three arguments where the same (in-place doubling). + Found and fixed by Janos Follath. #309 + + Fix issue in Makefile that prevented building using armar. + + Fix issue that caused a hang up when generating RSA keys of + odd bitlength + + Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made + null pointer dereference possible. + + Fix issue that caused a crash if invalid curves were passed + to mbedtls_ssl_conf_curves. #373 + * Changes + + On ARM platforms, when compiling with -O0 with GCC, Clang or + armcc5, don't use the optimized assembly for bignum + multiplication. This removes the need to pass + -fomit-frame-pointer to avoid a build error with -O0. + + Disabled SSLv3 in the default configuration. + + Fix non-compliance server extension handling. Extensions for + SSLv3 are now ignored, as required by RFC6101. + ------------------------------------------------------------------- Sun Jan 10 13:08:11 UTC 2016 - mpluskal@suse.com diff --git a/mbedtls.spec b/mbedtls.spec index d7b39d7..c68adc8 100644 --- a/mbedtls.spec +++ b/mbedtls.spec @@ -18,7 +18,7 @@ %define lib_name lib%{name}9 Name: mbedtls -Version: 1.3.16 +Version: 1.3.17 Release: 0 Summary: Open Source embedded SSL/TLS cryptographic library License: GPL-2.0+ @@ -27,7 +27,7 @@ Url: https://tls.mbed.org Source: https://tls.mbed.org/download/%{name}-%{version}-gpl.tgz Source99: baselibs.conf BuildRequires: cmake -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -76,7 +76,6 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{_builddir}/%{name}-%{version}/build/li make -C build test %{?_smp_mflags} %post -n %{lib_name} -p /sbin/ldconfig - %postun -n %{lib_name} -p /sbin/ldconfig %files devel