Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2016-09-30 15:22:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2016-07-21 07:53:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mbedtls.new/mbedtls.changes 2016-09-30 15:23:05.000000000 +0200 @@ -1,0 +2,27 @@ +Sat Aug 27 11:11:20 UTC 2016 - mplus...@suse.com + +- Merge changes from home:X0F:HSF +- Add mbedtls_fix522.patch which fixes building of dpendant + libraries + +------------------------------------------------------------------- +Fri Aug 12 19:30:14 UTC 2016 - jeng...@inai.de + +- Update description + +------------------------------------------------------------------- +Thu Aug 11 08:05:16 UTC 2016 - mplus...@suse.com + +- Split shared libraries to subpackages + +------------------------------------------------------------------- +Tue Aug 9 21:13:29 UTC 2016 - astie...@suse.com + +- update to 2.3.0: + * adding libmbedcrypto, libmbedx509 + * headers moved to /usr/include/mbedtls + * remove compatibility symlink + * source compatibility header /usr/include/mbedtls/compat-1.3.h + * Use primary upstream license (Apache-2.0) + +------------------------------------------------------------------- Old: ---- mbedtls-1.3.17-gpl.tgz New: ---- mbedtls-2.3.0-apache.tgz mbedtls_fix522.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.Zg65Jw/_old 2016-09-30 15:23:06.000000000 +0200 +++ /var/tmp/diff_new_pack.Zg65Jw/_new 2016-09-30 15:23:06.000000000 +0200 @@ -16,78 +16,132 @@ # -%define lib_name lib%{name}9 +%define lib_tls libmbedtls10 +%define lib_crypto libmbedcrypto0 +%define lib_x509 libmbedx509-0 Name: mbedtls -Version: 1.3.17 +Version: 2.3.0 Release: 0 -Summary: Open Source embedded SSL/TLS cryptographic library -License: GPL-2.0+ +Summary: Libraries for crypto and SSL/TLS protocols +License: Apache-2.0 Group: Development/Libraries/C and C++ Url: https://tls.mbed.org -Source: https://tls.mbed.org/download/%{name}-%{version}-gpl.tgz +Source: https://tls.mbed.org/download/%{name}-%{version}-apache.tgz Source99: baselibs.conf +Patch0: mbedtls_fix522.patch BuildRequires: cmake BuildRequires: pkgconfig -BuildRequires: zlib-devel +BuildRequires: pkgconfig(libpkcs11-helper-1) +BuildRequires: pkgconfig(zlib) BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -A portable, easy to use, readable and flexible SSL library. +mbedtls implements the SSL3, TLS 1.0, 1.1 and 1.2 protocols. It +supports a number of extensions such as SSL Session Tickets (RFC +5077), Server Name Indication (SNI) (RFC 6066), Truncated HMAC (RFC +6066), Max Fragment Length (RFC 6066), Secure Renegotiation (RFC +5746) and Application Layer Protocol Negotiation (ALPN). It +understands the RSA, (EC)DH(E)-RSA, (EC)DH(E)-PSK and RSA-PSK key +exchanges. -%package -n %{lib_name} -Summary: Open Source embedded SSL/TLS cryptographic library +%package -n %{lib_tls} +Summary: Transport Layer Security protocol suite Group: System/Libraries -%description -n %{lib_name} -A portable, easy to use, readable and flexible SSL library. +%description -n %{lib_tls} +mbedtls implements the SSL 3.0, TLS 1.0, 1.1 and 1.2 protocols. It +supports a number of extensions such as SSL Session Tickets (RFC +5077), Server Name Indication (SNI) (RFC 6066), Truncated HMAC (RFC +6066), Max Fragment Length (RFC 6066), Secure Renegotiation (RFC +5746) and Application Layer Protocol Negotiation (ALPN). It +understands the RSA, (EC)DH(E)-RSA, (EC)DH(E)-PSK and RSA-PSK key +exchanges. + +%package -n %{lib_crypto} +Summary: Cryptographic base library for mbedtls +Group: System/Libraries + +%description -n %{lib_crypto} +This subpackage of mbedtls contains a library that exposes +cryptographic ciphers, hashes, algorithms and format support such as +AES, MD5, SHA, Elliptic Curves, BigNum, PKCS, ASN.1, BASE64. + +%package -n %{lib_x509} +Summary: Library to work with X.509 certificates +Group: System/Libraries + +%description -n %{lib_x509} +This subpackage of mbedtls contains a library that can read, verify +and write X.509 certificates, read/write Certificate Signing Requests +and read Certificate Revocation Lists. %package devel -Summary: Open Source embedded SSL/TLS cryptographic library +Summary: Development files for mbedtls, a SSL/TLS library Group: Development/Libraries/C and C++ -Requires: %{lib_name} = %{version}-%{release} -Provides: libpolarssl-devel = %{version} -Obsoletes: libpolarssl-devel < %{version} -Provides: polarssl-devel = %{version} -Obsoletes: polarssl-devel < %{version} +Requires: %{lib_crypto} = %{version} +Requires: %{lib_tls} = %{version} +Requires: %{lib_x509} = %{version} %description devel -A portable, easy to use, readable and flexible SSL library. +This subpackage contains the development files for mbedtls, +a suite of libraries for cryptographic functions and the +SSL/TLS protocol suite. %prep %setup -q -sed -i 's|//\(#define POLARSSL_THREADING_C\)|\1|' include/polarssl/config.h -sed -i 's|//\(#define POLARSSL_THREADING_PTHREAD\)|\1|' include/polarssl/config.h +%patch0 -p1 +sed -i 's|//\(#define MBEDTLS_ZLIB_SUPPORT\)|\1|' include/mbedtls/config.h +sed -i 's|//\(#define MBEDTLS_HAVEGE_C\)|\1|' include/mbedtls/config.h +sed -i 's|//\(#define MBEDTLS_THREADING_C\)|\1|' include/mbedtls/config.h +sed -i 's|//\(#define MBEDTLS_THREADING_PTHREAD\)|\1|' include/mbedtls/config.h %build %cmake \ + -DLINK_WITH_PTHREAD=ON \ + -DUSE_PKCS11_HELPER_LIBRARY=ON \ + -DENABLE_ZLIB_SUPPORT=ON \ + -DINSTALL_MBEDTLS_HEADERS=ON \ -DUSE_SHARED_MBEDTLS_LIBRARY=ON \ -DUSE_STATIC_MBEDTLS_LIBRARY=OFF \ - -DENABLE_ZLIB_SUPPORT=ON \ -DENABLE_PROGRAMS=OFF make VERBOSE=1 %{?_smp_mflags} %install %cmake_install -# create compatibility symlink -ln -s %{_libdir}/libmbedtls.so %{buildroot}%{_libdir}/libpolarssl.so %check export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{_builddir}/%{name}-%{version}/build/library make -C build test %{?_smp_mflags} -%post -n %{lib_name} -p /sbin/ldconfig -%postun -n %{lib_name} -p /sbin/ldconfig +%post -n %{lib_tls} -p /sbin/ldconfig +%post -n %{lib_crypto} -p /sbin/ldconfig +%post -n %{lib_x509} -p /sbin/ldconfig +%postun -n %{lib_tls} -p /sbin/ldconfig +%postun -n %{lib_crypto} -p /sbin/ldconfig +%postun -n %{lib_x509} -p /sbin/ldconfig %files devel %defattr(-,root,root) -%dir %{_includedir}/polarssl -%{_includedir}/polarssl/*.h +%doc ChangeLog README.md LICENSE +%dir %{_includedir}/mbedtls +%{_includedir}/mbedtls/*.h %{_libdir}/libmbedtls.so -%{_libdir}/libpolarssl.so +%{_libdir}/libmbedcrypto.so +%{_libdir}/libmbedx509.so -%files -n %{lib_name} +%files -n %{lib_tls} %defattr(-,root,root) -%doc ChangeLog README.rst LICENSE +%doc LICENSE %{_libdir}/libmbedtls.so.* +%files -n %{lib_crypto} +%defattr(-,root,root) +%doc LICENSE +%{_libdir}/libmbedcrypto.so.* + +%files -n %{lib_x509} +%defattr(-,root,root) +%doc LICENSE +%{_libdir}/libmbedx509.so.* + %changelog ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.Zg65Jw/_old 2016-09-30 15:23:06.000000000 +0200 +++ /var/tmp/diff_new_pack.Zg65Jw/_new 2016-09-30 15:23:06.000000000 +0200 @@ -1 +1,3 @@ -libmbedtls9 +libmbedtls10 +libmbedx509-0 +libmbedcrypto0 ++++++ mbedtls_fix522.patch ++++++ >From b5b6af2663fdb7f57c30494607bade90810f6844 Mon Sep 17 00:00:00 2001 From: Simon Butcher <simon.butc...@arm.com> Date: Wed, 13 Jul 2016 14:46:18 +0100 Subject: [PATCH 1/3] Puts platform time abstraction into its own header Separates platform time abstraction into it's own header from the general platform abstraction as both depend on different build options. (MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME) --- include/mbedtls/platform.h | 37 ++----------------- include/mbedtls/platform_time.h | 81 +++++++++++++++++++++++++++++++++++++++++ include/mbedtls/ssl.h | 2 +- library/net.c | 1 - library/ssl_cache.c | 2 - library/ssl_ciphersuites.c | 1 - library/ssl_cli.c | 4 +- library/ssl_cookie.c | 2 - library/ssl_srv.c | 4 +- library/ssl_ticket.c | 2 - library/ssl_tls.c | 1 - library/x509.c | 7 +++- programs/ssl/dtls_client.c | 1 - 13 files changed, 93 insertions(+), 52 deletions(-) create mode 100644 include/mbedtls/platform_time.h diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index caf8f25..b1b019e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -29,6 +29,10 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif + #ifdef __cplusplus extern "C" { #endif @@ -244,39 +248,6 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #endif /* - * The time_t datatype - */ -#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) -typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; -#else -/* For time_t */ -#include <time.h> -typedef time_t mbedtls_time_t; -#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ - -/* - * The function pointers for time - */ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); - -/** - * \brief Set your own time function pointer - * - * \param time_func the time function implementation - * - * \return 0 - */ -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); -#else -#if defined(MBEDTLS_PLATFORM_TIME_MACRO) -#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO -#else -#define mbedtls_time time -#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ -#endif /* MBEDTLS_PLATFORM_TIME_ALT */ - -/* * The function pointers for reading from and writing a seed file to * Non-Volatile storage (NV) in a platform-independent way * diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h new file mode 100644 index 0000000..abb3431 --- /dev/null +++ b/include/mbedtls/platform_time.h @@ -0,0 +1,81 @@ +/** + * \file platform_time.h + * + * \brief mbed TLS Platform time abstraction + * + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_PLATFORM_TIME_H +#define MBEDTLS_PLATFORM_TIME_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h or define them on the compiler command line. + * \{ + */ + +/* + * The time_t datatype + */ +#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) +typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; +#else +/* For time_t */ +#include <time.h> +typedef time_t mbedtls_time_t; +#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ + +/* + * The function pointers for time + */ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) +extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); + +/** + * \brief Set your own time function pointer + * + * \param time_func the time function implementation + * + * \return 0 + */ +int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); +#else +#if defined(MBEDTLS_PLATFORM_TIME_MACRO) +#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO +#else +#define mbedtls_time time +#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ +#endif /* MBEDTLS_PLATFORM_TIME_ALT */ + +#ifdef __cplusplus +} +#endif + +#endif /* platform_time.h */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 82c0760..c0bfd3e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -52,7 +52,7 @@ #endif #if defined(MBEDTLS_HAVE_TIME) -#include <time.h> +#include "mbedtls/platform_time.h" #endif /* diff --git a/library/net.c b/library/net.c index 4142bc0..8b96321 100644 --- a/library/net.c +++ b/library/net.c @@ -36,7 +36,6 @@ #include "mbedtls/platform.h" #else #include <stdlib.h> -#define mbedtls_time_t time_t #endif #include "mbedtls/net.h" diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 01c66ae..9b62de2 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -37,8 +37,6 @@ #include <stdlib.h> #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/ssl_cache.h" diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 3546331..a762bf7 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -33,7 +33,6 @@ #include "mbedtls/platform.h" #else #include <stdlib.h> -#define mbedtls_time_t time_t #endif #include "mbedtls/ssl_ciphersuites.h" diff --git a/library/ssl_cli.c b/library/ssl_cli.c index cd39db0..358dc46 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -33,8 +33,6 @@ #include <stdlib.h> #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/debug.h" @@ -46,7 +44,7 @@ #include <stdint.h> #if defined(MBEDTLS_HAVE_TIME) -#include <time.h> +#include "mbedtls/platform_time.h" #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index f241c86..9fb32de 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -36,8 +36,6 @@ #else #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/ssl_cookie.h" diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 7271045..ec59cc1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -33,8 +33,6 @@ #include <stdlib.h> #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/debug.h" @@ -48,7 +46,7 @@ #endif #if defined(MBEDTLS_HAVE_TIME) -#include <time.h> +#include "mbedtls/platform_time.h" #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 5d77403..4d9116d 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -33,8 +33,6 @@ #include <stdlib.h> #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time time -#define mbedtls_time_t time_t #endif #include "mbedtls/ssl_ticket.h" diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 80a908d..505bb6c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -41,7 +41,6 @@ #include <stdlib.h> #define mbedtls_calloc calloc #define mbedtls_free free -#define mbedtls_time_t time_t #endif #include "mbedtls/debug.h" diff --git a/library/x509.c b/library/x509.c index a0df817..bc3bfe0 100644 --- a/library/x509.c +++ b/library/x509.c @@ -55,12 +55,15 @@ #include <stdlib.h> #define mbedtls_free free #define mbedtls_calloc calloc -#define mbedtls_time time -#define mbedtls_time_t time_t #define mbedtls_printf printf #define mbedtls_snprintf snprintf #endif + +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif + #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include <windows.h> #else diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 14fb612..b37eb83 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,7 +31,6 @@ #include <stdio.h> #define mbedtls_printf printf #define mbedtls_fprintf fprintf -#define mbedtls_time_t time_t #endif #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ >From b92834324f29768a5bf39c58c674c5f3c09b6763 Mon Sep 17 00:00:00 2001 From: Simon Butcher <simon.butc...@arm.com> Date: Wed, 13 Jul 2016 11:02:41 +0100 Subject: [PATCH 2/3] Fixes all.sh for full config MBEDTLS_PLATFORM_TIME_ALT was accidentally left in the full config test leading to linker problems. --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5262397..a2b0995 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -231,6 +231,7 @@ scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C >From 23e9778684ba734dbfba1445e145b04dd6b59e76 Mon Sep 17 00:00:00 2001 From: Simon Butcher <simon.butc...@arm.com> Date: Wed, 13 Jul 2016 13:31:08 +0100 Subject: [PATCH 3/3] Adds missing conditions for platform time In platform.c, made the time functions dependent on the configuration MBEDTLS_HAVE_TIME to fix a build break where the functions could be built but the mbedtls_time_t was not defined. --- library/platform.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/platform.c b/library/platform.c index 68ca45d..2591c45 100644 --- a/library/platform.c +++ b/library/platform.c @@ -190,6 +190,8 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ) } #endif /* MBEDTLS_PLATFORM_EXIT_ALT */ +#if defined(MBEDTLS_HAVE_TIME) + #if defined(MBEDTLS_PLATFORM_TIME_ALT) #if !defined(MBEDTLS_PLATFORM_STD_TIME) /* @@ -213,6 +215,8 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time } #endif /* MBEDTLS_PLATFORM_TIME_ALT */ +#endif /* MBEDTLS_HAVE_TIME */ + #if defined(MBEDTLS_ENTROPY_NV_SEED) #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) /* Default implementations for the platform independent seed functions use