Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mbedtls for openSUSE:Factory checked 
in at 2025-07-02 12:11:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mbedtls (Old)
 and      /work/SRC/openSUSE:Factory/.mbedtls.new.7067 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mbedtls"

Wed Jul  2 12:11:45 2025 rev:48 rq:1289615 version:3.6.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes  2024-10-21 
16:25:47.247913656 +0200
+++ /work/SRC/openSUSE:Factory/.mbedtls.new.7067/mbedtls.changes        
2025-07-02 12:14:55.596269757 +0200
@@ -1,0 +2,839 @@
+Tue Jul 01 14:39:38 UTC 2025 - Jaime Marquínez Ferrándiz 
<jaime.marquinez.ferran...@fastmail.net>
+
+- Update to version 3.6.4:
+  * Added generated files
+  * Version bump 3.6.4
+  * Assemble ChangeLog
+  * Properly initialize SSL endpoint objects
+  * Fix accidentally skipped test assertion
+  * Update framework pointer (release-sync)
+  * fix: additional MSVC v142 build issue with tls1.3 configuration enabled.
+  * Remove blank line
+  * Simplify changelog
+  * Add a note about processor memory reordering
+  * Add changelog
+  * Replace __attribute__((nonstring)) with macro 
MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
+  * Improve some explanations
+  * Don't mutate dst_size
+  * Add __attribute__ ((nonstring)) to remove 
unterminated-string-initialization warning
+  * Note that GCM is also impacted
+  * Adjust test case with invalid base64
+  * Fix race condition in mbedtls_aesni_has_support
+  * mbedtls_base64_decode: test dst=NULL with dlen>0
+  * Explain some aspects of the tests
+  * mbedtls_base64_decode: insist on correct padding
+  * Added CVE's to ChangeLogs
+  * lms.c: Updated documentation
+  * test_suite_lms.data: Updated comments
+  * Fix mbedtls_base64_decode() accepting invalid inputs with 4n+1 digits
+  * mbedtls_base64_decode: assert sloppy behavior with bad number of =
+  * mbedtls_base64_decode: test the reported output length
+  * test_suite_lms: Added negative test for corrupted Merkle path
+  * test_suite_lms: Added a test for importing invalid sized key
+  * Added changelog for check return of merkle leaf
+  * Added changelog for lms enum casting
+  * Added changelog for lms overread
+  * Fix change log entry
+  * Fix build test programs in MSVC (due to a warning treated as error in 
winbase.h)
+  * Built-in lms driver: always zeroize output-buffer in 
create_merkle_leaf_value
+  * Built-in lms driver:Check return values of Merkle node creation
+  * Built-in lms/lmots driver: Harden public key import against enum truncation
+  * Built-in lms driver: Added input guard
+  * Add changelog
+  * Add fix for PEM underflow
+  * Add test using underflow-causing PEM keyfile
+  * Update framework with additional operation initialization checks
+  * Fix possible UB in mbedtls_asn1_write_raw_buffer()
+  * Fix psa_pake_operation_s member types
+  * Move PAKE size calculation macros, cipher suite and operation structs
+  * Add change log
+  * Move the inclusion of crypto_sizes.h and crypto_struct.h in crypto.h
+  * Add ChangeLog entry
+  * Improve unit tests for mbedtls_asn1_store_named_data
+  * Fix bug in mbedtls_asn1_store_named_data()
+  * Add tests for bug in mbedtls_x509_string_to_names()
+  * Restore standard initializers in _init tests
+  * Use short initializers for multipart operation structures
+  * Avoid a useless copy in cert_{req,write}
+  * Mark ssl_tls12_preset_suiteb_sig_algs const
+  * Mark ssl_tls12_preset_default_sig_algs const
+  * Fix type in ChangeLog
+  * Add comment on apparent type mismatch
+  * Remove redundant free loop
+  * Fix ECDSA documentation: blinding is no longer optional
+  * ECDSA is a special flower
+  * Note functions that store the RNG callback in a context
+  * Reference mbedtls_f_rng_t in public documentation
+  * Name and document the type of random generator callbacks
+  * Add credit to the reporters of the PKCS7 issue
+  * Grammar in comments
+  * Remove .gitmodules
+  * Changelog entry for the union initialization fixes
+  * Test with GCC 15 with sloppy union initialization
+  * Initialize MAC context in internal functions for one-shot MAC
+  * Initialize MAC context in internal functions for KDF
+  * Initialize driver context in setup functions
+  * Add unit test for new behaviour of string_to_names()
+  * Fix memory leak in cert_write & cert_req
+  * Fix runtime error in cert_write & cert_req
+  * Restore behaviour of mbedtls_x509write_set_foo_name()
+  * Fix undocumented free() in x509_string_to_names()
+  * Improve comments
+  * Update framework
+  * Allow gcc-15 to be in $PATH
+  * Enable drivers when testing with GCC 15
+  * GCC 15: Silence -Wunterminated-string-initialization
+  * Test with GCC 15
+  * Disable warning from gcc -pedantic on dlsym/dlopen
+  * Move persistent key tests to a separate .data file
+  * Move concurrent tests to a separate .data file
+  * Update obsolete section title
+  * Complain about a missing comma in multiline lists of strings
+  * Prepare framework for pylint check-str-concat-over-line-jumps
+  * framework: update reference
+  * Constify cipher_wrap:mbedtls_cipher_base_lookup_table
+  * Fix some test helper functions returning 0 on some failures
+  * Check the status of mbedtls_ssl_set_hostname()
+  * Add missing ifdef for mbedtls_ssl_tls13_exporter
+  * Add label_len argument to non-PSA tls_prf_generic
+  * Fix dependencies for TLS-Exporter tests
+  * Fix doxygen for MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
+  * Fix mistake in previous comment change
+  * Fix HkdfLabel comment
+  * Allow maximum label length in Hkdf-Expand-Label
+  * Exporter: Add min. and max. label tests
+  * Fix max. label length in key material exporter
+  * Document BAD_INPUT_DATA error in key material exporter
+  * Fix requirements for TLS 1.3 Exporter compat test
+  * Use mbedtls_calloc, not regular calloc
+  * Add fixed compatibility test for TLS 1.3 Exporter
+  * Remove exporter compatibility test for TLS 1.3
+  * Fix openssl s_client invocation
+  * Print names of new tests properly
+  * Fix memory leak in example programs
+  * ssl-opt.sh: Add tests for keying material export
+  * mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints
+  * Exporter tests: Don't use unavailbable constant
+  * Exporter tests: Add missing depends-ons
+  * Use one maximum key_len for all exported keys
+  * Exporter tests: Reduce key size in long key tests
+  * Exporter tests: Free endpoints before PSA_DONE()
+  * Exporter tests: Fix possible uninitialized variable use
+  * Coding style cleanup
+  * Exporter tests: Initialize allocated memory
+  * Exportert tests: Free endpoints and options
+  * Fix output size check for key material exporter
+  * Increase allowed output size of HKDF-Expand-Label
+  * Add more tests for keying material export
+  * Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log
+  * Fix #endif comment
+  * Enable MBEDTLS_SSL_KEYING_MATERIAL_EXPORT by default
+  * Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option
+  * Remove TLS 1.2 Exporter if we don't have randbytes
+  * Revert "Store randbytes for TLS 1.2 TLS-Exporter"
+  * Fix typos in comments
+  * Use fewer magic numbers in TLS-Exporter functions
+  * Add label length argument to tls_prf_generic()
+  * Store randbytes for TLS 1.2 TLS-Exporter
+  * Fix coding style
+  * Fix build when one of TLS 1.2 or 1.3 is disabled
+  * Fix coding style
+  * Fix TLS exporter changelog entry
+  * Fix doxygen comment parameter name
+  * Fix typos in comment
+  * Fix mismatches in function declarations
+  * Fix key_len check in TLS-Exporter
+  * Actually set exporter defaults in ssl_client2
+  * Simplify mbedtls_ssl_tls13_exporter
+  * Add test for TLS-Exporter in TLS 1.3
+  * Fix commented out function declaration
+  * Add changelog entry for TLS-Exporter feature
+  * Add TLS-Exporter options to ssl_client2
+  * Add TLS-Exporter options to ssl_server2
+  * Implement TLS-Exporter feature
+  * programs: demo: do not source project_detection.sh directly
+  * Fix record insertion
+  * programs: demo: source project_detection.sh
+  * framework: update reference
+  * Update feature macro for 3.6
+  * Use HANDSHAKE_OVER in nominal test cases
+  * Improve comments
+  * Adapt dependencies to the 3.6 branch
+  * Use same dependencies for helper functions
+  * Tighten dependencies again
+  * Improve dependency declarations
+  * Tighten dependency declarations
+  * Improve documentation
+  * Remove redundant setup
+  * Fix copypasta
+  * Simulate closing the connection mid-message
+  * Also test inserting non-empty, non-handshake records
+  * Fix the build without MBEDTLS_DEBUG_C
+  * Fix the build in PSK-only configurations
+  * Fix printf of enum
+  * Pacify ancient clang -Wmissing-initializer
+  * Test split, coalesced-split and empty handshake records
+  * Create handshake record coalescing tests
+  * Document gotcha of move_handshake_to_state
+  * Add a log message on every SSL state transition
+  * Always call mbedtls_ssl_handshake_set_state
+  * Document assumption of mbedtls_get_pkcs_padding
+  * Modify ChangeLog entry to full plaintext recovery
+  * Add testcase for maximum padding length
+  * Remove unnecessary TEST_CF_PUBLIC macro call
+  * Update to the new name in usages as well
+  * Add missing credit for set_hostname issue
+  * cmake: Generate test_keys.h and test_certs.h in the build tree
+  * Update framework pointer
+  * Revert "Add auto-generated files"
+  * Restored framework as a submodule
+  * Deleted flattened framework dir.
+  * Appease check-names with prefix
+  * Disable check-names for static padding function
+  * Add ChangeLog entry for PKCS#7 side channel fix
+  * Fix timing side-channel in PKCS7 padding
+  * Add constant-flow testing for PKCS7 padding
+
+-------------------------------------------------------------------
+Wed May 07 22:09:39 UTC 2025 - Yoshio Sato <vasua.ukra...@gmail.com>
+
+- Update _service file to easier obtain new sources.
+- Update to version 3.6.3:
+  * Add auto-generated files
+  * Added framework as a flattened directory
+  * Unlinked framework as a submodule.
+  * Updated BRANCHES.md
+  * Finalise ChangeLog
+  * Version Bump for 3.6.3
+  * Assemble Changelog
+  * Changelog: Added CVE.
+  * ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server 
initiated reneg
+  * ssl-opt: Fixed a minor typo.
+  * Reword slightly to be more tentative
+  * Re-introduce log asserts on positive cases
+  * Improve a test assertion
+  * Fix a typo
+  * Add test cases for EOF in the middle of fragments
+  * Adjust logic around log pattern
+  * Add test for length larger than 2^16
+  * Adapt "large ClientHello" tests to incremental
+  * Cleanly reject non-HS in-between HS fragments
+  * Reduce the level of logging used in tests
+  * Move new tests to their own data file
+  * Fix dependency issues
+  * New test function for large ClientHello
+  * Fix hash dependencies for TLS 1.2 tests
+  * Fix curve dependencies
+  * Add missing dependency declaration
+  * Fix dependency issues
+  * Add test with non-HS record in-between HS fragments
+  * Add test to TLS 1.3 ClientHello fragmentation
+  * Add reference tests with 1.3 ClientHello
+  * Add supported_curves/groups extension
+  * New test function inject_client_content_on_the_wire()
+  * ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation.
+  * ssl-opt: Updated documentation.
+  * ssl-opt: Added client-initiated server-rejected renegotation test.
+  * ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS 
renegotiation with certificates.
+  * ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation 
argument.
+  * ssl-opt: Fragmented HS renegotiation, removed 
requires_certificate_authentication dependency.
+  * ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x 
dependency.
+  * ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency.
+  * ssl-opt: Fragmented HS renegotiation, updated matching regex
+  * ssl-opt: Added coverage for client-initiated fragmented HS renegotiation 
tests.
+  * ssl-opt: Refactored fragmented HS renegotiation tests.
+  * ssl-opt: Fragmented HS renegotiation, updated documentation.
+  * ssl-opt: Removed mock-tests from HS renegotiation.
+  * sll-opt: Added refence fix for the Mock HS Defrag test using 
renegotitiation delay
+  * programs -> ssl_client2.c: Added option renego_delay to set record buffer 
depth.
+  * Added Mock Renegotiation negative test for testing.
+  * ssl-opt: Added fragmented HS tests for server-initiated renegotiation.
+  * ssl-opt: Added fragmented HS tests for client-initiated renegotiation.
+  * ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH.
+  * Add note about MBEDTLS_PRIVATE() in 3.6
+  * Fix typos in the 3.0 migration guide
+  * mbedtls_net_send API description typo fix
+  * Use an array of strings instead of pointer smuggling
+  * Use dummy typedef instead of macro
+  * Clarify changelog
+  * Updated framework pointer.
+  * Update the location of defragmentation limitations
+  * State globally that the limitations don't apply to DTLS
+  * Clarify DTLS
+  * ClientHello may be fragmented in renegotiation
+  * Move the defragmentation documentation to mbedtls_ssl_handshake
+  * Refer to the API documentation for details
+  * Document the limitations of TLS handshake message defragmentation
+  * Add changelog entry for TLS 1.2 Finished fix
+  * More generally, what needs psa_crypto_init also needs threading
+  * PSA core: Allow enabling one volatile/builtin key
+  * Cleanly reject non-HS in-between HS fragments
+  * Replace zero by PSA_ALG_NONE in key derivation input functions
+  * Fix comments
+  * Update changelog to call out MinGW
+  * TLS1.2: Check for failures in Finished calculation
+  * Never use %zu on MinGW
+  * Remove Everest VS2010 compatibility headers
+  * Fix MSVC version guard for C99 format size specifiers
+  * Disable fatal assertions in Windows printf tests
+  * Add testcase for MBEDTLS_PRINTF_MS_TIME
+  * Test handling of format macros defined in debug.h
+  * Run test_suite_debug without MBEDTLS_SSL_TLS_C
+  * Fix a log message
+  * Note unused variables when debugging is disabled
+  * Pacify uncrustify
+  * Fix uninitialized variable
+  * Unify handshake fragment log messages
+  * Fix handshake defragmentation when the record has multiple messages
+  * Fix end check before memmove
+  * Zeroize temporary heap buffers used when deriving an ECC key
+  * Zeroize temporary heap buffers used in PSA operations
+  * Update framework
+  * Make conversion explicit to silence MSVC warning
+  * Fix dodgy printf calls
+  * Handshake defragmentation: reassemble incrementally
+  * mbedtls_ssl_prepare_handshake_record(): log offsets after decryption
+  * mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep
+  * Tweak handshake fragment log message
++++ 542 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes
++++ and /work/SRC/openSUSE:Factory/.mbedtls.new.7067/mbedtls.changes

Old:
----
  mbedtls-3.6.2.obscpio

New:
----
  mbedtls-3.6.4.obscpio
  mbedtls-enable-srtp.patch

----------(New B)----------
  New:- Enable SRTP protocol needed by some software.
  * Add patch mbedtls-enable-srtp.patch
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mbedtls.spec ++++++
--- /var/tmp/diff_new_pack.vC45Z2/_old  2025-07-02 12:14:56.688319554 +0200
+++ /var/tmp/diff_new_pack.vC45Z2/_new  2025-07-02 12:14:56.692319737 +0200
@@ -22,7 +22,7 @@
 %define lib_everest libeverest
 %define lib_p256m   libp256m
 Name:           mbedtls
-Version:        3.6.2
+Version:        3.6.4
 Release:        0
 Summary:        Libraries for crypto and SSL/TLS protocols
 License:        Apache-2.0 OR GPL-2.0-or-later
@@ -31,6 +31,8 @@
 Source99:       baselibs.conf
 # PATCH-FEATURE-OPENSUSE - enable MBEDTLS_THREADING_PTHREAD and 
MBEDTLS_THREADING_C
 Patch1:         mbedtls-enable-pthread.patch
+# PATCH-FEATURE-OPENSUSE - enable MBEDTLS_SSL_DTLS_SRTP
+Patch2:         mbedtls-enable-srtp.patch
 BuildRequires:  cmake
 BuildRequires:  ninja
 %{?suse_build_hwcaps_libs}

++++++ _service ++++++
--- /var/tmp/diff_new_pack.vC45Z2/_old  2025-07-02 12:14:56.728321379 +0200
+++ /var/tmp/diff_new_pack.vC45Z2/_new  2025-07-02 12:14:56.732321561 +0200
@@ -1,11 +1,11 @@
 <services>
   <service name="obs_scm" mode="manual">
-    <param name="versionformat">3.6.2</param>
     <param name="url">https://github.com/Mbed-TLS/mbedtls.git</param>
     <param name="scm">git</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="revision">refs/tags/v3.6.4</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
-    <param name="exclude">.*</param>
-    <param name="revision">refs/tags/v3.6.2</param>
   </service>
   <service name="tar" mode="buildtime"/>
   <service name="recompress" mode="buildtime">

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.vC45Z2/_old  2025-07-02 12:14:56.752322473 +0200
+++ /var/tmp/diff_new_pack.vC45Z2/_new  2025-07-02 12:14:56.752322473 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://github.com/Mbed-TLS/mbedtls.git</param>
-              <param 
name="changesrevision">107ea89daaefb9867ea9121002fbbdf926780e98</param></service></servicedata>
+              <param 
name="changesrevision">c765c831e5c2a0971410692f92f7a81d6ec65ec2</param></service></servicedata>
 (No newline at EOF)
 

++++++ mbedtls-3.6.2.obscpio -> mbedtls-3.6.4.obscpio ++++++
++++ 181213 lines of diff (skipped)

++++++ mbedtls-enable-srtp.patch ++++++
--- mbedtls-3.6.2.orig/include/mbedtls/mbedtls_config.h 2025-05-06 
19:21:15.440302375 +0300
+++ mbedtls-3.6.2/include/mbedtls/mbedtls_config.h      2025-05-06 
19:22:15.156469574 +0300
@@ -2024,7 +2024,7 @@
  *
  * Uncomment this to enable support for use_srtp extension.
  */
-//#define MBEDTLS_SSL_DTLS_SRTP
+#define MBEDTLS_SSL_DTLS_SRTP
 
 /**
  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE

++++++ mbedtls.obsinfo ++++++
--- /var/tmp/diff_new_pack.vC45Z2/_old  2025-07-02 12:14:58.404397808 +0200
+++ /var/tmp/diff_new_pack.vC45Z2/_new  2025-07-02 12:14:58.404397808 +0200
@@ -1,5 +1,5 @@
 name: mbedtls
-version: 3.6.2
-mtime: 1728898458
-commit: 107ea89daaefb9867ea9121002fbbdf926780e98
+version: 3.6.4
+mtime: 1750881360
+commit: c765c831e5c2a0971410692f92f7a81d6ec65ec2
 

Reply via email to