Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2024-01-31 23:54:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Wed Jan 31 23:54:49 2024 rev:44 rq:1142919 version:3.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2024-01-23 22:57:34.927569557 +0100 +++ /work/SRC/openSUSE:Factory/.mbedtls.new.1815/mbedtls.changes 2024-01-31 23:55:08.460000544 +0100 @@ -1,0 +2,28 @@ +Wed Jan 31 08:11:12 UTC 2024 - Martin Pluskal <mplus...@suse.com> + +- Update to version 3.5.2: + * Update BRANCHES.md + * Bump version + * Assemble Changelog + * Update Marvin fix Changelog entry + * Add warning for PKCS 1.5 decryption + * Fix typo + * RSA: improve readability + * RSA: remove unneeded temporaries + * RSA: document Montgomery trick in unblind + * Fix style + * Make local function static + * Add Changelog for the Marvin attack fix + * Extend blinding to RSA result check + * Make RSA unblinding constant flow + * Add Changelog for #8687 + * Add required dependency to the testcase + * Remove unneeded testcase + * Update test-data to use SIZE_MAX + * Add missing newline at the end of test_suite_x509write.data + * Update fix to be more platform-independent + * Fix Issue #8687 + * Add tests for Issue #8687 +- Resolves CVE-2024-23170 boo#1219336 + +------------------------------------------------------------------- Old: ---- mbedtls-3.5.1.obscpio New: ---- mbedtls-3.5.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.DaHcUq/_old 2024-01-31 23:55:09.492037786 +0100 +++ /var/tmp/diff_new_pack.DaHcUq/_new 2024-01-31 23:55:09.492037786 +0100 @@ -1,7 +1,7 @@ # # spec file for package mbedtls # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define lib_everest libeverest %define lib_p256m libp256m Name: mbedtls -Version: 3.5.1 +Version: 3.5.2 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 OR GPL-2.0-or-later @@ -87,10 +87,10 @@ %package devel Summary: Development files for mbedtls, a SSL/TLS library Requires: %{lib_crypto} = %{version} -Requires: %{lib_tls} = %{version} -Requires: %{lib_x509} = %{version} Requires: %{lib_everest} = %{version} Requires: %{lib_p256m} = %{version} +Requires: %{lib_tls} = %{version} +Requires: %{lib_x509} = %{version} %description devel This subpackage contains the development files for mbedtls, ++++++ _service ++++++ --- /var/tmp/diff_new_pack.DaHcUq/_old 2024-01-31 23:55:09.520038797 +0100 +++ /var/tmp/diff_new_pack.DaHcUq/_new 2024-01-31 23:55:09.520038797 +0100 @@ -1,11 +1,11 @@ <services> <service name="obs_scm" mode="manual"> - <param name="versionformat">3.5.1</param> + <param name="versionformat">3.5.2</param> <param name="url">https://github.com/Mbed-TLS/mbedtls.git</param> <param name="scm">git</param> <param name="changesgenerate">enable</param> <param name="exclude">.*</param> - <param name="revision">refs/tags/v3.5.1</param> + <param name="revision">refs/tags/v3.5.2</param> </service> <service name="tar" mode="buildtime"/> <service name="recompress" mode="buildtime"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.DaHcUq/_old 2024-01-31 23:55:09.540039519 +0100 +++ /var/tmp/diff_new_pack.DaHcUq/_new 2024-01-31 23:55:09.544039663 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/Mbed-TLS/mbedtls.git</param> - <param name="changesrevision">edb8fec9882084344a314368ac7fd957a187519c</param></service></servicedata> + <param name="changesrevision">daca7a3979c22da155ec9dce49ab1abf3b65d3a9</param></service></servicedata> (No newline at EOF) ++++++ mbedtls-3.5.1.obscpio -> mbedtls-3.5.2.obscpio ++++++ /work/SRC/openSUSE:Factory/mbedtls/mbedtls-3.5.1.obscpio /work/SRC/openSUSE:Factory/.mbedtls.new.1815/mbedtls-3.5.2.obscpio differ: char 49, line 1 ++++++ mbedtls.obsinfo ++++++ --- /var/tmp/diff_new_pack.DaHcUq/_old 2024-01-31 23:55:09.592041395 +0100 +++ /var/tmp/diff_new_pack.DaHcUq/_new 2024-01-31 23:55:09.592041395 +0100 @@ -1,5 +1,5 @@ name: mbedtls -version: 3.5.1 -mtime: 1699443360 -commit: edb8fec9882084344a314368ac7fd957a187519c +version: 3.5.2 +mtime: 1706089751 +commit: daca7a3979c22da155ec9dce49ab1abf3b65d3a9