Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2024-09-09 14:44:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new.10096 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Mon Sep 9 14:44:14 2024 rev:46 rq:1199391 version:3.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2024-04-04 22:28:39.796622778 +0200 +++ /work/SRC/openSUSE:Factory/.mbedtls.new.10096/mbedtls.changes 2024-09-09 14:44:56.707950104 +0200 @@ -1,0 +2,498 @@ +Sat Sep 07 12:00:00 UTC 2024 - [email protected] + +- Update to version 3.6.1: + * Move some ChangeLog entries to a different section + * Add CVE IDs to security ChangeLog + * Update BRANCHES.md + * Add generated files + * Finalise ChangeLog + * Bump version to 3.6.1 + * Assemble ChangeLog + * Don't clean test_keys.h and test_certs.h + * Fix typos in make clean target for Windows + * Fix/Improve documentation + * Rename some "new_session_tickets" symbols + * Fix change log + * Improve documentation + * Move session tickets getter functions to ssl_misc.h + * Add change logs + * Improve debug logs + * Move MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET doc + * Do not add a new field in the SSL config + * ssl_client2: Fix new_session_tickets option parsing + * Document NewSessionTicket handling being disabled by default + * Improve MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET documentation + * Document MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET. + * Enable TLS 1.3 ticket handling in resumption tests + * TLS 1.3: Ignore tickets if disabled at runtime + * Add mbedtls_ssl_conf_enable_new_session_tickets() API + * TLS 1.3 server: move crypto_init after protocol negotiation + * Changelog entry for psa_crypto_init potentially being called from TLS + * Clarify "negotiating" + * Error translation and init are needed in PSK-only builds as well + * Call psa_crypto_init in the library when required for TLS 1.3 + * Don't call psa_crypto_init in test programs when not required for TLS 1.3 + * Don't call psa_crypto_init in unit tests when not required for TLS 1.3 + * Call psa_crypto_init in the library when required for TLS 1.3: doc + * Fix the capitalisation in the changelog entry + * Reduce the wording in changelog entry + * Improve the changelog entry for fixing legacy compression issue + * Add chanelog entry for fixing legacy comprssion methods issue + * Remove redundant legacy compression test + * Improve legacy compression regression testing + * Add regression testing to handling Legacy_compression_methods + * Improve comments explaining legacy_methods_compression handling + * Correct a small typo in ssl_tls13_parse_client_hello() + * Improve handling of legacy_compression_methods in ssl_tls13_parse_client_hello() + * Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello() + * Fix Changelog formatting + * Add header for mbedtls_mpi_exp_mod_unsafe() + * Improve ChangeLog + * Make mbedtls_mpi_exp_mod_unsafe internal + * Add changelog + * Tiny fix in ChangeLog pt 2 + * Tiny fix in ChangeLog + * Changelog entry for the RSA memory leak + * Simplify and explain the overflow check for maximum slice length + * Add overflow check for maximum key slot length + * Tweak macro check to allow 3 extra key slices + * Fix incorrect comments on slice numbering + * Add a ChangeLog entry + * Fix guards around function now used by 1.3 as well + * Fix typos in comments + * Fix two dependency declarations in ssl-opt + * Improve some comments + * Merge 1.2 and 1.3 certificate verification + * Minor refactoring of generic SSL certificate verif + * Add support for context f_vrfy callback in 1.3 + * Improve a variable's name + * Restrict the scope of a few variables + * ssl-opt.sh: Test trusted certificate callback in TLS 1.3 + * tls13: Add support for trusted certificate callback + * ssl-opt.sh: Fix test case titles + * Allow no authentication of the server in 1.3 + * Reorder some tests in ssl-opt.sh + * Allow optional authentication of the server in 1.3 + * Add comments about 1.3 server sending no cert + * Rm translation code for unused flag + * Simplify certificate curve check for 1.2 + * Make mbedtls_ssl_check_cert_usage() work for 1.3 + * Clean up mbedtls_ssl_check_cert_usage() + * Test cert alert REVOKED -> CERT_REVOKED + * Test cert alert NOT_TRUSTED -> UNKNOWN_CA + * Fix ordering of a test case in ssl-opt.sh + * Add test forcing TLS 1.2 for clearer coverage + * Fix memory corruption in exp_mod tests + * Edit ChangeLog entry + * Clean up initialization in _core_exp_mod() + * Disable optionally safe test hook in threading builds + * Fix optionally safe hooks declarations + * Update ChangeLog + * Free allocated memory where methods were returning without freeing + * Add test cases for extKeyUsage + * Optimise public RSA operations + * Fix mpi_core_exp_mod documentation + * Rationalize extKeyUsage tests + * Fix Mbed-TLS build when WIN32_LEAN_AND_MEAN macro is defined globally + * The fully static key store will miss the 3.6.1 release + * Mention the option name for the dynamic key store + * Add tests for optionally unsafe code paths + * Update framework to the head of the main branch + * Add tests for optionally safe codepaths + * Use actual exponent size for window calculation + * Move _public parameters next to their target + * Make MBEDTLS_MPI_IS_PUBLIC thumb friendly + * Move MBEDTLS_MPI_IS_* macros to bignum_core.h + * Move mixed security code to small local functions + * Make _optionally_safe functions internal + * Improve documentation of MBEDTLS_MPI_IS_PUBLIC + * PSA PAKE wasn't in 2.28 + * entropy.h is also going away + * Use P_CLI when O_CLI's status is not reliable + * Mention interfaces replaced by PSA drivers + * Update the submodule to the head of PR in the framework repository + * Changelog entry + * Remove MBEDTLS_PSA_UTIL_HAVE_ECDSA so that functions are only enabled when PSA enabled + * Clarify some internal documentation + * Make integer downsizing explicit + * Changelog entry for MBEDTLS_PSA_KEY_STORE_DYNAMIC + * Add test components with the PSA static key store + * Dynamic key store: make full-key-store tests work effectively + * Microoptimizations when MBEDTLS_PSA_KEY_STORE_DYNAMIC is disabled + * Dynamic key store: implementation + * psa_key_slot_t: different fields in free vs occupied slots + * Dynamic key store: disable full-key-store tests + * Dynamic key store: preparatory refactoring + * Dynamic key store: new compilation option + * Improve documentation in some tests + * Revised presentation of cipher suites + * More relevant characterisation of PSA being from before 3.0 + * Improve mechanism grouping + * Fix missing bits in crypto mechanisms + * Rationalize keyUsage testing, round 2 + * Always print detailed cert errors in test programs + * Fix 1.3 failure to update flags for (ext)KeyUsage + * Rationalize ssl-opt tests for keyUsage + * Test cert alert KEY_USAGE -> UNSUPPORTED_CERT + * Mention the PSA transition guide + * Announce the main removals planned for 4.0 + * PSA_DONE: account for MBEDTLS_TEST_PSA_INTERNAL_KEYS + * Fix inverted assertion message + * Call in_mbedtls_repo + * Move some proj detection code inside pre_check_environment + * Match spacing in pointer types in documentation with the code style + * Rename one more deprecated identifier + * Documentation improvements + * Rename internal function psa_key_production_parameters_are_default + * key_custom: update analyze_outcomes.py + * Test cpp_dummy_build in pedantic mode + * Changelog entry for the move from key_ext to key_custom functions + * Remove some tests of psa_generate_key_ext + * Document the key_ext functions as deprecated + * Documentation: point to key_custom instead of key_ext + * Update PSA wrappers + * Implement psa_generate_key_custom + * Fix missing-prototype error for the print_buf functions in sample programs + * Revert commit 33af72df in order to not depend on test code + * Fix format-pedantic error in programs/test/metatest.c + * Use correct conditionals in programs/ssl (fix unused-function errors) + * Add missing include in tests/src/psa_memory_poisoning_wrappers.c to fix missing-prototype error + * Fix Uncrustify errors in modified tests/suites to satisfy check_code_style test + * Use correct test case conditionals for helper functions in tests/suites + * Fix tests build with MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS enabled + * Move the -Wmissing-prototypes option from library/CMakeLists.txt to the top-level CMakeLists.txt for GCC & Clang + * Adjust spacing in tests/suites function sources + * Fix missing-prototype errors in tests/suites + * Fix unused-function error for ecjpake_operation_setup in test_suite_psa_crypto.function + * Adjust spacing in sample programs + * Fix missing-prototype errors in sample programs + * Fix missing-prototype error in programs/fuzz by moving LLVMFuzzerTestOneInput prototype to common.h + * Move print_buf into mbedtls_test_print_buf helper function in sample programs + * Add missing include in tests/src/asn1_helpers.c + * Add -Wmissing-prototypes to component_build_no_ssl_srv and component_build_no_ssl_cli in all.sh + * Fix build of v3.6 with unset MBEDTLS_DHM_C but MBEDTLS_USE_PSA_CRYPTO set (fixes #9188) + * Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset (fixes #9186) + * all.sh/components: Removed components.sh + * all.sh/components: Moved build_aes_via_padlock to platform component. + * all.sh/components: Moved driver components to configuration crypto. + * all.sh/components: Moved more components to configuration crypto. + * all.sh/components: Fixed a typo in configuration-tls. + * all.sh/components: Moved more components to configuration tls. + * Extract sanitizer components into a separate file. + * Extract platform components into a separate file. + * Extract configuration components into a separate file. + * Extract configuration-x509 components into a separate file. + * Extract configuration-platform components into a separate file. + * Extract configuration-crypto-components into a separate file. + * Extract compliance-components into a separate file. + * Extract compiler-components into a separate file. + * Extract build-components into a separate file. + * Extract basic-components into a separate file. + * Separate all.sh from components. + * Applied consistent style. + * Created placeholder component files. + * Update framework + * Add functions to detect project + * Introduce project_name.txt + * Miscellaneous clarifications + * Expand on performance + * Discuss why we have so many variants + * Link to issue about freeing empty slices + * Improve and fix explanation of next_free + * Update macro name about the static key store + * Typos and minor clarifications + * Improve description of who is affected + * More diversified sizes in tests + * Fix stack buffer overflow in ECDSA signature format conversions + * Force MBEDTLS_PSA_HMAC_DRBG_MD_TYPE based on CTR_DRBG + * Document that MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not force HMAC + * Update auto-generated psa_test_wrappers. + * Update the framework submodule to the merge of PR38 + * Update framework as in PR 9394 + * programs: fuzz: Fix comment + * tests: CMake: Align/fix config test suite generation + * CMake: Include CMakePrintHelpers + * Fix copypasta + * Keep track of PSA keys used interally + * Fix spurious test case failure with accelerated AES + * Improve full-key-store tests + * Improve the documentation of MBEDTLS_PSA_KEY_SLOT_COUNT + * Update invalid key id in a test case + * Fix overlap between volatile keys and built-in keys + * Assert that the key ID range for volatile keys is large enough + * Assert that key ID ranges don't overlap + * Add a test for the built-in key range + * Prevent mbedtls_psa_register_se_key with volatile keys + * Reorder blocks to avoid double negations + * Make it possible to enable CTR_DRBG/PSA without a PSA AES driver + * MBEDTLS_STATIC_ASSERT: make it work outside of a function + * Add TLS: password protected... to ignored_tests list + * Reverted requires_cipher_enabled AES + * Changed some tests to use requires_cipher_enabled + * Added support for MD5 in `requires_hash_alg` + * Upgrade python dependencies in requirements file + * tests/ssl_helpers: Check that message queue is popped + * psa: fix parameters' names of psa_key_derivation_verify_bytes() + * Fix some typo for include folder + * Fix typo in platform_util.c + * Update framework submodule + * Update the framework submodule to the merge of PR18 + * Update framework submodule + * Update generated tls13 testcase script + * Move variable into generated bash + * Simplify path in audit-validity-dates.py + * Simplify data_files path in compat test generation + * Use variable for data_files path in ssl-opt.sh + * Replace data_files path with variable in compat.sh + * Correct redundant framework/../framework paths + * Fix line-too-long in generate_tls13_compat_tests.py + * Update directory-climbing path in context-info.sh + * Update paths pointing to tests/data_files + * Move some files to framework repository + * psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes + * Update framework after merge of #28 + * psa_open_key does not lock the key in memory + * Document the key store design + * changelog: add changelog + * config_psa: do not update legacy symbols in client-only PSA build + * Update generate_config_tests.py + * Add some missing handling for generated test_suite_config.*.data + * Anchor relative paths + * Driver vs referenee: ignore relevant configuration differences + * Generate config test cases for single options + * New test suite to report configuration options + * Clean up generated files enumeration + * Recognize that a double-inclusion guard is not a config setting + * Update framework submodule to the merge of PR22 + * test_when_no_ciphersuites_have_mac: Fix logs + * tests: src: Fix PSA test wrappers for PAKE + * Add optionally unsafe variant of exp_mod for perf + * Update framework + * Changelog Fix + * Add ChangeLog + * Add and update some .gitignore files + * all.sh: Fix clean-up of Makefiles generated by CMake + * Code style fix + * Fix compiler warnings in test_suite_pk.function + * Use CMAKE_C_SIMULATE_ID when available to determine compiler + * Silence gcc 12.2.0 warning + * Fix incorrect array length in function prototype + * Set psk to NULL in ssl_psk_remove -backpor to 3.6 + * Extend python checks to framework scripts + * Remove multi-type variable + * Allow code_style.py to work from a git hook + * Use unsigned long rather than size_t for format string readability + * Fix uint32_t printed as unsigned int + * Update framework to latest + * crypto.h: fix documentation for some functions + * changelog: add changelog for PSA CMAC fix + * adjust_legacy_crypto: enable CIPHER_C when PSA CMAC is builtin + * Update framework submodule + * Update file paths for moved files + * Move some test generation files to framework + * Make abi_check.py look in both locations + * Guard configuration-specific code + * ssl-opt.sh, compat.sh: Error out if not executing any tests + * Do not use --recurse-submodules + * Extend C code style check to framework files ++++ 201 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes ++++ and /work/SRC/openSUSE:Factory/.mbedtls.new.10096/mbedtls.changes Old: ---- mbedtls-3.6.0.obscpio New: ---- mbedtls-3.6.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.qty2T3/_old 2024-09-09 14:44:57.351976750 +0200 +++ /var/tmp/diff_new_pack.qty2T3/_new 2024-09-09 14:44:57.355976915 +0200 @@ -22,7 +22,7 @@ %define lib_everest libeverest %define lib_p256m libp256m Name: mbedtls -Version: 3.6.0 +Version: 3.6.1 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 OR GPL-2.0-or-later ++++++ _service ++++++ --- /var/tmp/diff_new_pack.qty2T3/_old 2024-09-09 14:44:57.383978074 +0200 +++ /var/tmp/diff_new_pack.qty2T3/_new 2024-09-09 14:44:57.387978239 +0200 @@ -1,11 +1,11 @@ <services> <service name="obs_scm" mode="manual"> - <param name="versionformat">3.6.0</param> + <param name="versionformat">3.6.1</param> <param name="url">https://github.com/Mbed-TLS/mbedtls.git</param> <param name="scm">git</param> <param name="changesgenerate">enable</param> <param name="exclude">.*</param> - <param name="revision">refs/tags/v3.6.0</param> + <param name="revision">refs/tags/v3.6.1</param> </service> <service name="tar" mode="buildtime"/> <service name="recompress" mode="buildtime"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.qty2T3/_old 2024-09-09 14:44:57.407979067 +0200 +++ /var/tmp/diff_new_pack.qty2T3/_new 2024-09-09 14:44:57.411979232 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/Mbed-TLS/mbedtls.git</param> - <param name="changesrevision">2ca6c285a0dd3f33982dd57299012dacab1ff206</param></service></servicedata> + <param name="changesrevision">71c569d44bf3a8bd53d874c81ee8ac644dd6e9e3</param></service></servicedata> (No newline at EOF) ++++++ mbedtls-3.6.0.obscpio -> mbedtls-3.6.1.obscpio ++++++ /work/SRC/openSUSE:Factory/mbedtls/mbedtls-3.6.0.obscpio /work/SRC/openSUSE:Factory/.mbedtls.new.10096/mbedtls-3.6.1.obscpio differ: char 49, line 1 ++++++ mbedtls.obsinfo ++++++ --- /var/tmp/diff_new_pack.qty2T3/_old 2024-09-09 14:44:57.463981384 +0200 +++ /var/tmp/diff_new_pack.qty2T3/_new 2024-09-09 14:44:57.467981550 +0200 @@ -1,5 +1,5 @@ name: mbedtls -version: 3.6.0 -mtime: 1711465082 -commit: 2ca6c285a0dd3f33982dd57299012dacab1ff206 +version: 3.6.1 +mtime: 1725009114 +commit: 71c569d44bf3a8bd53d874c81ee8ac644dd6e9e3
