Accepting request 509216 from devel:libraries:c_c++

- Update to version 2.5.1:

OBS-URL: https://build.opensuse.org/request/show/509216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=12

mbedtls.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Mon Jul 10 14:17:59 UTC 2017 - mpluskal@suse.com
+
+- Update to version 2.5.1:
+  * Adds hardware acceleration support for the Elliptic Curve Point
+    module. This has involved exposing parts of the internal
+    interface to enable replacing the core functions and adding an
+    alternative, module level replacement to support for enabling
+    the extension of the interface.
+  * Adds a new configuration option to mbedtls_ssl_config() to
+    enable suppressing the CA list in Certificate Request messages.
+    The default behaviour has not changed, namely every configured
+    CA's name is included.
+  * Fixes an unlimited overread of heap-based buffers in
+    mbedtls_ssl_read(). The issue could only happen client-side
+    with renegotiation enabled. This could result in a Denial of
+    Service (such as crashing the application) or information leak.
+  * Adds exponent blinding to RSA private operations as a
+    countermeasure against side-channel attacks like the cache
+    attack described in https://arxiv.org/abs/1702.08719v2.
+  * Wipes stack buffers in RSA private key operations
+    (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()).
+  * Removes SHA-1 and RIPEMD-160 from the default hash algorithms
+    for certificate verification. SHA-1 can be turned back on with
+    a compile-time option if needed.
+  * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to
+    fail to detect it sometimes. Reported by Hugo Leisink.
+  * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
+    potential Bleichenbacher/BERserk-style attack.
+
 -------------------------------------------------------------------
 Sat Mar 11 15:50:12 UTC 2017 - mpluskal@suse.com