Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package mbedtls for openSUSE:Factory checked
in at 2025-07-02 12:11:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mbedtls (Old)
and /work/SRC/openSUSE:Factory/.mbedtls.new.7067 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls"
Wed Jul 2 12:11:45 2025 rev:48 rq:1289615 version:3.6.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2024-10-21
16:25:47.247913656 +0200
+++ /work/SRC/openSUSE:Factory/.mbedtls.new.7067/mbedtls.changes
2025-07-02 12:14:55.596269757 +0200
@@ -1,0 +2,839 @@
+Tue Jul 01 14:39:38 UTC 2025 - Jaime Marquínez Ferrándiz
<jaime.marquinez.ferran...@fastmail.net>
+
+- Update to version 3.6.4:
+ * Added generated files
+ * Version bump 3.6.4
+ * Assemble ChangeLog
+ * Properly initialize SSL endpoint objects
+ * Fix accidentally skipped test assertion
+ * Update framework pointer (release-sync)
+ * fix: additional MSVC v142 build issue with tls1.3 configuration enabled.
+ * Remove blank line
+ * Simplify changelog
+ * Add a note about processor memory reordering
+ * Add changelog
+ * Replace __attribute__((nonstring)) with macro
MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
+ * Improve some explanations
+ * Don't mutate dst_size
+ * Add __attribute__ ((nonstring)) to remove
unterminated-string-initialization warning
+ * Note that GCM is also impacted
+ * Adjust test case with invalid base64
+ * Fix race condition in mbedtls_aesni_has_support
+ * mbedtls_base64_decode: test dst=NULL with dlen>0
+ * Explain some aspects of the tests
+ * mbedtls_base64_decode: insist on correct padding
+ * Added CVE's to ChangeLogs
+ * lms.c: Updated documentation
+ * test_suite_lms.data: Updated comments
+ * Fix mbedtls_base64_decode() accepting invalid inputs with 4n+1 digits
+ * mbedtls_base64_decode: assert sloppy behavior with bad number of =
+ * mbedtls_base64_decode: test the reported output length
+ * test_suite_lms: Added negative test for corrupted Merkle path
+ * test_suite_lms: Added a test for importing invalid sized key
+ * Added changelog for check return of merkle leaf
+ * Added changelog for lms enum casting
+ * Added changelog for lms overread
+ * Fix change log entry
+ * Fix build test programs in MSVC (due to a warning treated as error in
winbase.h)
+ * Built-in lms driver: always zeroize output-buffer in
create_merkle_leaf_value
+ * Built-in lms driver:Check return values of Merkle node creation
+ * Built-in lms/lmots driver: Harden public key import against enum truncation
+ * Built-in lms driver: Added input guard
+ * Add changelog
+ * Add fix for PEM underflow
+ * Add test using underflow-causing PEM keyfile
+ * Update framework with additional operation initialization checks
+ * Fix possible UB in mbedtls_asn1_write_raw_buffer()
+ * Fix psa_pake_operation_s member types
+ * Move PAKE size calculation macros, cipher suite and operation structs
+ * Add change log
+ * Move the inclusion of crypto_sizes.h and crypto_struct.h in crypto.h
+ * Add ChangeLog entry
+ * Improve unit tests for mbedtls_asn1_store_named_data
+ * Fix bug in mbedtls_asn1_store_named_data()
+ * Add tests for bug in mbedtls_x509_string_to_names()
+ * Restore standard initializers in _init tests
+ * Use short initializers for multipart operation structures
+ * Avoid a useless copy in cert_{req,write}
+ * Mark ssl_tls12_preset_suiteb_sig_algs const
+ * Mark ssl_tls12_preset_default_sig_algs const
+ * Fix type in ChangeLog
+ * Add comment on apparent type mismatch
+ * Remove redundant free loop
+ * Fix ECDSA documentation: blinding is no longer optional
+ * ECDSA is a special flower
+ * Note functions that store the RNG callback in a context
+ * Reference mbedtls_f_rng_t in public documentation
+ * Name and document the type of random generator callbacks
+ * Add credit to the reporters of the PKCS7 issue
+ * Grammar in comments
+ * Remove .gitmodules
+ * Changelog entry for the union initialization fixes
+ * Test with GCC 15 with sloppy union initialization
+ * Initialize MAC context in internal functions for one-shot MAC
+ * Initialize MAC context in internal functions for KDF
+ * Initialize driver context in setup functions
+ * Add unit test for new behaviour of string_to_names()
+ * Fix memory leak in cert_write & cert_req
+ * Fix runtime error in cert_write & cert_req
+ * Restore behaviour of mbedtls_x509write_set_foo_name()
+ * Fix undocumented free() in x509_string_to_names()
+ * Improve comments
+ * Update framework
+ * Allow gcc-15 to be in $PATH
+ * Enable drivers when testing with GCC 15
+ * GCC 15: Silence -Wunterminated-string-initialization
+ * Test with GCC 15
+ * Disable warning from gcc -pedantic on dlsym/dlopen
+ * Move persistent key tests to a separate .data file
+ * Move concurrent tests to a separate .data file
+ * Update obsolete section title
+ * Complain about a missing comma in multiline lists of strings
+ * Prepare framework for pylint check-str-concat-over-line-jumps
+ * framework: update reference
+ * Constify cipher_wrap:mbedtls_cipher_base_lookup_table
+ * Fix some test helper functions returning 0 on some failures
+ * Check the status of mbedtls_ssl_set_hostname()
+ * Add missing ifdef for mbedtls_ssl_tls13_exporter
+ * Add label_len argument to non-PSA tls_prf_generic
+ * Fix dependencies for TLS-Exporter tests
+ * Fix doxygen for MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
+ * Fix mistake in previous comment change
+ * Fix HkdfLabel comment
+ * Allow maximum label length in Hkdf-Expand-Label
+ * Exporter: Add min. and max. label tests
+ * Fix max. label length in key material exporter
+ * Document BAD_INPUT_DATA error in key material exporter
+ * Fix requirements for TLS 1.3 Exporter compat test
+ * Use mbedtls_calloc, not regular calloc
+ * Add fixed compatibility test for TLS 1.3 Exporter
+ * Remove exporter compatibility test for TLS 1.3
+ * Fix openssl s_client invocation
+ * Print names of new tests properly
+ * Fix memory leak in example programs
+ * ssl-opt.sh: Add tests for keying material export
+ * mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints
+ * Exporter tests: Don't use unavailbable constant
+ * Exporter tests: Add missing depends-ons
+ * Use one maximum key_len for all exported keys
+ * Exporter tests: Reduce key size in long key tests
+ * Exporter tests: Free endpoints before PSA_DONE()
+ * Exporter tests: Fix possible uninitialized variable use
+ * Coding style cleanup
+ * Exporter tests: Initialize allocated memory
+ * Exportert tests: Free endpoints and options
+ * Fix output size check for key material exporter
+ * Increase allowed output size of HKDF-Expand-Label
+ * Add more tests for keying material export
+ * Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log
+ * Fix #endif comment
+ * Enable MBEDTLS_SSL_KEYING_MATERIAL_EXPORT by default
+ * Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option
+ * Remove TLS 1.2 Exporter if we don't have randbytes
+ * Revert "Store randbytes for TLS 1.2 TLS-Exporter"
+ * Fix typos in comments
+ * Use fewer magic numbers in TLS-Exporter functions
+ * Add label length argument to tls_prf_generic()
+ * Store randbytes for TLS 1.2 TLS-Exporter
+ * Fix coding style
+ * Fix build when one of TLS 1.2 or 1.3 is disabled
+ * Fix coding style
+ * Fix TLS exporter changelog entry
+ * Fix doxygen comment parameter name
+ * Fix typos in comment
+ * Fix mismatches in function declarations
+ * Fix key_len check in TLS-Exporter
+ * Actually set exporter defaults in ssl_client2
+ * Simplify mbedtls_ssl_tls13_exporter
+ * Add test for TLS-Exporter in TLS 1.3
+ * Fix commented out function declaration
+ * Add changelog entry for TLS-Exporter feature
+ * Add TLS-Exporter options to ssl_client2
+ * Add TLS-Exporter options to ssl_server2
+ * Implement TLS-Exporter feature
+ * programs: demo: do not source project_detection.sh directly
+ * Fix record insertion
+ * programs: demo: source project_detection.sh
+ * framework: update reference
+ * Update feature macro for 3.6
+ * Use HANDSHAKE_OVER in nominal test cases
+ * Improve comments
+ * Adapt dependencies to the 3.6 branch
+ * Use same dependencies for helper functions
+ * Tighten dependencies again
+ * Improve dependency declarations
+ * Tighten dependency declarations
+ * Improve documentation
+ * Remove redundant setup
+ * Fix copypasta
+ * Simulate closing the connection mid-message
+ * Also test inserting non-empty, non-handshake records
+ * Fix the build without MBEDTLS_DEBUG_C
+ * Fix the build in PSK-only configurations
+ * Fix printf of enum
+ * Pacify ancient clang -Wmissing-initializer
+ * Test split, coalesced-split and empty handshake records
+ * Create handshake record coalescing tests
+ * Document gotcha of move_handshake_to_state
+ * Add a log message on every SSL state transition
+ * Always call mbedtls_ssl_handshake_set_state
+ * Document assumption of mbedtls_get_pkcs_padding
+ * Modify ChangeLog entry to full plaintext recovery
+ * Add testcase for maximum padding length
+ * Remove unnecessary TEST_CF_PUBLIC macro call
+ * Update to the new name in usages as well
+ * Add missing credit for set_hostname issue
+ * cmake: Generate test_keys.h and test_certs.h in the build tree
+ * Update framework pointer
+ * Revert "Add auto-generated files"
+ * Restored framework as a submodule
+ * Deleted flattened framework dir.
+ * Appease check-names with prefix
+ * Disable check-names for static padding function
+ * Add ChangeLog entry for PKCS#7 side channel fix
+ * Fix timing side-channel in PKCS7 padding
+ * Add constant-flow testing for PKCS7 padding
+
+-------------------------------------------------------------------
+Wed May 07 22:09:39 UTC 2025 - Yoshio Sato <vasua.ukra...@gmail.com>
+
+- Update _service file to easier obtain new sources.
+- Update to version 3.6.3:
+ * Add auto-generated files
+ * Added framework as a flattened directory
+ * Unlinked framework as a submodule.
+ * Updated BRANCHES.md
+ * Finalise ChangeLog
+ * Version Bump for 3.6.3
+ * Assemble Changelog
+ * Changelog: Added CVE.
+ * ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server
initiated reneg
+ * ssl-opt: Fixed a minor typo.
+ * Reword slightly to be more tentative
+ * Re-introduce log asserts on positive cases
+ * Improve a test assertion
+ * Fix a typo
+ * Add test cases for EOF in the middle of fragments
+ * Adjust logic around log pattern
+ * Add test for length larger than 2^16
+ * Adapt "large ClientHello" tests to incremental
+ * Cleanly reject non-HS in-between HS fragments
+ * Reduce the level of logging used in tests
+ * Move new tests to their own data file
+ * Fix dependency issues
+ * New test function for large ClientHello
+ * Fix hash dependencies for TLS 1.2 tests
+ * Fix curve dependencies
+ * Add missing dependency declaration
+ * Fix dependency issues
+ * Add test with non-HS record in-between HS fragments
+ * Add test to TLS 1.3 ClientHello fragmentation
+ * Add reference tests with 1.3 ClientHello
+ * Add supported_curves/groups extension
+ * New test function inject_client_content_on_the_wire()
+ * ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation.
+ * ssl-opt: Updated documentation.
+ * ssl-opt: Added client-initiated server-rejected renegotation test.
+ * ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS
renegotiation with certificates.
+ * ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation
argument.
+ * ssl-opt: Fragmented HS renegotiation, removed
requires_certificate_authentication dependency.
+ * ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x
dependency.
+ * ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency.
+ * ssl-opt: Fragmented HS renegotiation, updated matching regex
+ * ssl-opt: Added coverage for client-initiated fragmented HS renegotiation
tests.
+ * ssl-opt: Refactored fragmented HS renegotiation tests.
+ * ssl-opt: Fragmented HS renegotiation, updated documentation.
+ * ssl-opt: Removed mock-tests from HS renegotiation.
+ * sll-opt: Added refence fix for the Mock HS Defrag test using
renegotitiation delay
+ * programs -> ssl_client2.c: Added option renego_delay to set record buffer
depth.
+ * Added Mock Renegotiation negative test for testing.
+ * ssl-opt: Added fragmented HS tests for server-initiated renegotiation.
+ * ssl-opt: Added fragmented HS tests for client-initiated renegotiation.
+ * ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH.
+ * Add note about MBEDTLS_PRIVATE() in 3.6
+ * Fix typos in the 3.0 migration guide
+ * mbedtls_net_send API description typo fix
+ * Use an array of strings instead of pointer smuggling
+ * Use dummy typedef instead of macro
+ * Clarify changelog
+ * Updated framework pointer.
+ * Update the location of defragmentation limitations
+ * State globally that the limitations don't apply to DTLS
+ * Clarify DTLS
+ * ClientHello may be fragmented in renegotiation
+ * Move the defragmentation documentation to mbedtls_ssl_handshake
+ * Refer to the API documentation for details
+ * Document the limitations of TLS handshake message defragmentation
+ * Add changelog entry for TLS 1.2 Finished fix
+ * More generally, what needs psa_crypto_init also needs threading
+ * PSA core: Allow enabling one volatile/builtin key
+ * Cleanly reject non-HS in-between HS fragments
+ * Replace zero by PSA_ALG_NONE in key derivation input functions
+ * Fix comments
+ * Update changelog to call out MinGW
+ * TLS1.2: Check for failures in Finished calculation
+ * Never use %zu on MinGW
+ * Remove Everest VS2010 compatibility headers
+ * Fix MSVC version guard for C99 format size specifiers
+ * Disable fatal assertions in Windows printf tests
+ * Add testcase for MBEDTLS_PRINTF_MS_TIME
+ * Test handling of format macros defined in debug.h
+ * Run test_suite_debug without MBEDTLS_SSL_TLS_C
+ * Fix a log message
+ * Note unused variables when debugging is disabled
+ * Pacify uncrustify
+ * Fix uninitialized variable
+ * Unify handshake fragment log messages
+ * Fix handshake defragmentation when the record has multiple messages
+ * Fix end check before memmove
+ * Zeroize temporary heap buffers used when deriving an ECC key
+ * Zeroize temporary heap buffers used in PSA operations
+ * Update framework
+ * Make conversion explicit to silence MSVC warning
+ * Fix dodgy printf calls
+ * Handshake defragmentation: reassemble incrementally
+ * mbedtls_ssl_prepare_handshake_record(): log offsets after decryption
+ * mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep
+ * Tweak handshake fragment log message
++++ 542 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes
++++ and /work/SRC/openSUSE:Factory/.mbedtls.new.7067/mbedtls.changes
Old:
----
mbedtls-3.6.2.obscpio
New:
----
mbedtls-3.6.4.obscpio
mbedtls-enable-srtp.patch
----------(New B)----------
New:- Enable SRTP protocol needed by some software.
* Add patch mbedtls-enable-srtp.patch
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mbedtls.spec ++++++
--- /var/tmp/diff_new_pack.vC45Z2/_old 2025-07-02 12:14:56.688319554 +0200
+++ /var/tmp/diff_new_pack.vC45Z2/_new 2025-07-02 12:14:56.692319737 +0200
@@ -22,7 +22,7 @@
%define lib_everest libeverest
%define lib_p256m libp256m
Name: mbedtls
-Version: 3.6.2
+Version: 3.6.4
Release: 0
Summary: Libraries for crypto and SSL/TLS protocols
License: Apache-2.0 OR GPL-2.0-or-later
@@ -31,6 +31,8 @@
Source99: baselibs.conf
# PATCH-FEATURE-OPENSUSE - enable MBEDTLS_THREADING_PTHREAD and
MBEDTLS_THREADING_C
Patch1: mbedtls-enable-pthread.patch
+# PATCH-FEATURE-OPENSUSE - enable MBEDTLS_SSL_DTLS_SRTP
+Patch2: mbedtls-enable-srtp.patch
BuildRequires: cmake
BuildRequires: ninja
%{?suse_build_hwcaps_libs}
++++++ _service ++++++
--- /var/tmp/diff_new_pack.vC45Z2/_old 2025-07-02 12:14:56.728321379 +0200
+++ /var/tmp/diff_new_pack.vC45Z2/_new 2025-07-02 12:14:56.732321561 +0200
@@ -1,11 +1,11 @@
<services>
<service name="obs_scm" mode="manual">
- <param name="versionformat">3.6.2</param>
<param name="url">https://github.com/Mbed-TLS/mbedtls.git</param>
<param name="scm">git</param>
+ <param name="versionformat">@PARENT_TAG@</param>
+ <param name="revision">refs/tags/v3.6.4</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
- <param name="exclude">.*</param>
- <param name="revision">refs/tags/v3.6.2</param>
</service>
<service name="tar" mode="buildtime"/>
<service name="recompress" mode="buildtime">
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.vC45Z2/_old 2025-07-02 12:14:56.752322473 +0200
+++ /var/tmp/diff_new_pack.vC45Z2/_new 2025-07-02 12:14:56.752322473 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/Mbed-TLS/mbedtls.git</param>
- <param
name="changesrevision">107ea89daaefb9867ea9121002fbbdf926780e98</param></service></servicedata>
+ <param
name="changesrevision">c765c831e5c2a0971410692f92f7a81d6ec65ec2</param></service></servicedata>
(No newline at EOF)
++++++ mbedtls-3.6.2.obscpio -> mbedtls-3.6.4.obscpio ++++++
++++ 181213 lines of diff (skipped)
++++++ mbedtls-enable-srtp.patch ++++++
--- mbedtls-3.6.2.orig/include/mbedtls/mbedtls_config.h 2025-05-06
19:21:15.440302375 +0300
+++ mbedtls-3.6.2/include/mbedtls/mbedtls_config.h 2025-05-06
19:22:15.156469574 +0300
@@ -2024,7 +2024,7 @@
*
* Uncomment this to enable support for use_srtp extension.
*/
-//#define MBEDTLS_SSL_DTLS_SRTP
+#define MBEDTLS_SSL_DTLS_SRTP
/**
* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
++++++ mbedtls.obsinfo ++++++
--- /var/tmp/diff_new_pack.vC45Z2/_old 2025-07-02 12:14:58.404397808 +0200
+++ /var/tmp/diff_new_pack.vC45Z2/_new 2025-07-02 12:14:58.404397808 +0200
@@ -1,5 +1,5 @@
name: mbedtls
-version: 3.6.2
-mtime: 1728898458
-commit: 107ea89daaefb9867ea9121002fbbdf926780e98
+version: 3.6.4
+mtime: 1750881360
+commit: c765c831e5c2a0971410692f92f7a81d6ec65ec2
