Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2016-11-15 17:53:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2016-09-30 15:23:05.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mbedtls.new/mbedtls.changes 2016-11-15 17:53:03.000000000 +0100 @@ -1,0 +2,30 @@ +Sun Nov 13 18:18:58 UTC 2016 - mplus...@suse.com + +- Update to version 2.4.0: + * Removes the MBEDTLS_SSL_AEAD_RANDOM_IV configuration option, + because it was not compliant with RFC-5116 and could lead to + session key recovery in very long TLS sessions. + * Fixes potential stack corruption in mbedtls_x509write_crt_der() + and mbedtls_x509write_csr_der() when the signature is copied to + the buffer without checking whether there is enough space in + the destination. The issue cannot be triggered remotely. + * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, + as defined by NIST SP 800-38B, RFC-4493 and RFC-4615. + * Added hardware entropy self-test to verify that the hardware + entropy source is functioning correctly. + * Added a script to print build environment information for + diagnostic use in test scripts, which is also now called by + all.sh verification script. + * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the + user to configure the maximum length of a file path that can be + buffered when calling mbedtls_x509_crt_parse_path(). + * Added a configuration file config-no-entropy.h that configures + the subset of library features that do not require an entropy + source. + * Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This + allows users to configure the minimum number of bytes for + entropy sources using the mbedtls_hardware_poll() function. + * Miscelanous bugfixes +- Drop no longer needed mbedtls_fix522.patch + +------------------------------------------------------------------- Old: ---- mbedtls-2.3.0-apache.tgz mbedtls_fix522.patch New: ---- mbedtls-2.4.0-apache.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.kY0AB7/_old 2016-11-15 17:53:05.000000000 +0100 +++ /var/tmp/diff_new_pack.kY0AB7/_new 2016-11-15 17:53:05.000000000 +0100 @@ -20,7 +20,7 @@ %define lib_crypto libmbedcrypto0 %define lib_x509 libmbedx509-0 Name: mbedtls -Version: 2.3.0 +Version: 2.4.0 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 @@ -28,7 +28,6 @@ Url: https://tls.mbed.org Source: https://tls.mbed.org/download/%{name}-%{version}-apache.tgz Source99: baselibs.conf -Patch0: mbedtls_fix522.patch BuildRequires: cmake BuildRequires: pkgconfig BuildRequires: pkgconfig(libpkcs11-helper-1) @@ -89,7 +88,6 @@ %prep %setup -q -%patch0 -p1 sed -i 's|//\(#define MBEDTLS_ZLIB_SUPPORT\)|\1|' include/mbedtls/config.h sed -i 's|//\(#define MBEDTLS_HAVEGE_C\)|\1|' include/mbedtls/config.h sed -i 's|//\(#define MBEDTLS_THREADING_C\)|\1|' include/mbedtls/config.h ++++++ mbedtls-2.3.0-apache.tgz -> mbedtls-2.4.0-apache.tgz ++++++ ++++ 10672 lines of diff (skipped)