Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package mbedtls for openSUSE:Factory checked
in at 2024-04-04 22:27:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mbedtls (Old)
and /work/SRC/openSUSE:Factory/.mbedtls.new.1905 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls"
Thu Apr 4 22:27:05 2024 rev:45 rq:1164972 version:3.6.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2024-01-31
23:55:08.460000544 +0100
+++ /work/SRC/openSUSE:Factory/.mbedtls.new.1905/mbedtls.changes
2024-04-04 22:28:39.796622778 +0200
@@ -1,0 +2,2677 @@
+Thu Apr 4 14:35:21 UTC 2024 - Martin Pluskal <mplus...@suse.com>
+
+- Update baselibs.conf
+
+-------------------------------------------------------------------
+Wed Apr 03 06:51:07 UTC 2024 - guillaume.gar...@opensuse.org
+
+- Update to version 3.6.0 (new LTS):
+ * Fix typo in psa_key_production_parameters_t doc: 65535 should be 65537
+ * Record size limit support is released, so remove warning about only for
testing
+ * Autogenerated files for 3.6.0
+ * Fix some Changelog typos
+ * Version Bump for 3.6.0
+ * Assemble Changelog
+ * Fix #ifdef guard in driver wrapper template
+ * test_suite_pk: fix guards in pk_psa_sign()
+ * add changelog
+ * pkwrite: add new internal symbol for the max supported public key DER
length
+ * test_suite_pk: uniformly generate RSA and EC keys in pk_psa_sign()
+ * test_suite_pk: fix guards in pk_psa_sign()
+ * test_suite_pk: test also RSA OAEP in pk_wrap_rsa_decrypt_test_vec()
+ * pk_wrap: fix algorithm selection in rsa_opaque_decrypt()
+ * test_suite_pk: fix guards in pk_psa_sign()
+ * test_suite_pk: properly size buffers for public keys in pk_psa_sign()
+ * test_suite_pk: test also RSA keys with PKCS1 v2.1 padding mode in
pk_psa_sign()
+ * pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap()
+ * test_suite_pk: fix RSA issue in pk_psa_sign() when !PK_[PARSE|WRITE]_C are
defined
+ * test_suite_pk: rename some variables in pk_psa_sign()
+ * test_suite_pk: reshape pk_psa_sign()
+ * tls13: srv: Fix potential stack buffer overread
+ * test_suite_pk: always test verify_ext with opaque keys in
pk_psa_wrap_sign_ext()
+ * add changelog
+ * Mention MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+ * Remove 'Question' line around testing
+ * Replace reference to master
+ * pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS
+ * test_suite_pk: extend pk_psa_wrap_sign_ext()
+ * Mention metatest.c
+ * Mention MBEDTLS_TEST_MEMORY_CAN_POISON
+ * Discuss test wrappers and updating them
+ * Update BRANCHES
+ * Add discussion of copying conveience macros
+ * Add issues fixed to changelog entry
+ * Abstractify example in design exploration
+ * Rename mbedtls_psa_core_poison_memory()
+ * Clarify design decision in light of actions
+ * Minor relaxation to auto-gen regex
+ * all.sh: Add TLS 1.2 only component
+ * all.sh: Adapt/Fix some components
+ * all.sh: Disable TLS 1.3 when pre-requisites are not meet
+ * Enable TLS 1.3 by default
+ * line length fix
+ * Check file content to see if it looks auto-generated
+ * Update docs/architecture/psa-thread-safety/psa-thread-safety.md
+ * Add changelog entry for threading MVP
+ * Respond to feedback on psa-thread-safety.md
+ * Update slot transition diagram
+ * Add explanatory comment for init flags
+ * Add comments about RNG mutex requirements
+ * Start subsystem IDs at 1 instead of 0
+ * Improve tls13-support.md
+ * Fix documentation about anti-replay defenses
+ * Improve the change log
+ * Remove experimental warnings related to early data
+ * Fix minor style issues
+ * pk_import_into_psa: test persistent keys
+ * Add ALPN checking when accepting early data
+ * Fix bug in ALPN negotiating
+ * Drop reference to Visual Studio 2013 from config
+ * Update changelog
+ * Document that we do not implement the anti-replay defenses
+ * tls13-early-data.md: Fix reading early data documentation
+ * tls13-early-data.md: Adapt code examples to new coding style
+ * docs: Move TLS 1.3 early data doc to a dedicated file
+ * tls13-support.md: Stop referring to the prototype
+ * tls13-support.md: Early data supported now
+ * tls13-support.md: Some fixes
+ * Add change log for early data feature
+ * ssl-opt.sh: Add m->m resumption and early data tests
+ * ssl-opt.sh: Rework m->m resumption tests
+ * ssl-opt.sh: Move m->m resumption tests
+ * ssl-opt.sh: Rework O->m placeholder test
+ * ssp-opt.sh: Expand G->m resumption and early data tests
+ * ssl-opt.sh: Group TLS 1.3 resumption and early data G->m tests
+ * ssl-opt.sh: Rework m->O resumption and early data tests
+ * ssl-opt.sh: Remove m->O early data test based on external PSK
+ * ssl-opt.sh: Expand m->G resumption and early data tests
+ * ssl-opt.sh: Remove redundant early data test
+ * ssl-opt.sh: Group TLS 1.3 resumption and early data m->G tests
+ * ssl-opt.sh: Group TLS 1.3 resumption and early data compat tests
+ * ssl_server2: Split early data enablement from max_early_data_size setting
+ * Rewrite section on PSA copy functions
+ * Document unsupported concurrency scenario in psa_exercise_key
+ * Add missing PSA_ASSERT in mbedtls_test_psa_raw_key_agreement_with_self
+ * Use TEST_FAIL in threaded tests
+ * Fix typo in thread_import_key
+ * Document security weakness in concurrent execution of psa_destroy_key
+ * Rework and update psa-thread-safety.md
+ * Preserve alphabetical sorting of config options
+ * Remove MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS from full
+ * Update wrapper generation script and regenerate
+ * Invert and rename config option
+ * tls13: Use a flag not a counter for CCS and HRR handling
+ * Fix state transition diagram
+ * Add change log
+ * Add CVE IDs to Changelog
+ * Fix code style in ssl_tls.c
+ * Increase ALPN length in saved session to 2 bytes
+ * Add code improvments and refactoring in dealing with ALPN
+ * Fix possible overflow in ALPN length when saving session
+ * Fix code style in ssl_tls.c
+ * Update serialized session description with ALPN information
+ * Add ALPN bit flag to session header
+ * Add mbedtls_ssl_session_set_alpn() function
+ * Add ALPN information in session tickets
+ * Work around a bug in ancient lcov
+ * Add test cases for concurrently_use_same_persistent_key
+ * Add test function for concurrently using the same persistent key
+ * Add key_destroyable parameter to key export smoke tests
+ * Add key_destroyable parameter to non-raw key agreement smoke tests
+ * Reference issue #3266
+ * Use the exact phrase 'shared memory'
+ * Mention the CVE number that is fixed
+ * Reword ChangeLog entry. Specifically:
+ * Add PSA threaded init tests
+ * Protect the key slot management initialised flag
+ * Add mbedtls_psa_crypto_init_subsystem()
+ * fix code style
+ * missing word
+ * Remove further instance of LOCAL_OUTPUT_WITH_COPY
+ * Update compilers list in docs and changelog
+ * Update the MSBuild toolset versions to VS2017
+ * Rename solution files to referece VS2017
+ * Check gcc version
+ * pk: uniformly guard set/get enrollment algorithm calls with CRYPTO_C
+ * psa_crypto_stubs: extend stub functions for the CRYPTO_CLIENT tests
+ * all.sh: modify/add test components for CRYPTO_CLIENT
+ * pk: use CRYPTO_CLIENT as guard for PK-PSA bridge functions instead of
CRYPTO_C
+ * Fix copypasta
+ * Regenerate PSA wrappers for new PSA functions
+ * Remove LOCAL_OUTPUT_ALLOC_WITH_COPY
+ * Add key_destroyable parameter to raw key agreement smoke tests
+ * Add key_destroyable parameter to key derivation smoke tests
+ * Add key_destroyable parameter to exercise_asymmetric_encryption_key
+ * Add key_destroyable parameter to exercise_signature_key
+ * Add key_destroyable parameter to exercise_aead_key
+ * Add key_destroyable parameter to psa_exercise_cipher_key
+ * Add key_destroyable parameter to exercise_mac_key
+ * Add key_destroyable parameter to check_key_attributes_sanity
+ * Add key_destroyable parameter to mbedtls_test_psa_exercise_key
+ * Add bugfix section about buffer sharing
+ * tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED
+ * tls13: cli: Fix comment
+ * tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
+ * tls13: cli: Re-order early data states
+ * tls13: cli: Rename STATE_SENT to STATE_IND_SENT
+ * tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT
+ * tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT
+ * tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE
+ * tls13: cli: Split early data user status and internal state
+ * Reword ChangeLog entry for shared memory work
+ * Fix gcc -O3 warnings
+ * Fix missing semicolon
+ * ssl-opt.sh: Add O->m server version selection tests
+ * Fix removed space in merge resolution
+ * Change goto exit into direct return
+ * ssl-opt.sh: Expand MbedTLS only version negotiation tests
+ * ssl-opt.sh: Change MbedTLS only version negotiation tests
+ * ssl-opt.sh: Group MbedTLS only version negotiation tests
+ * ssl-opt.sh: Group cli ver nego tests against GnuTLS and OpenSSL
+ * ssl-opt.sh: Expand G->m server version selection tests
+ * ssl-opt.sh: Change G->m server version selection tests
+ * ssl-opt.sh: Group G->m server version selection checks
+ * Protect PSA drivers_initialized with mutex
+ * Protect PSA global rng data with mutex.
+ * Protect PSA global initialized flag with mutex.
+ * Add new mutex for PSA global rng data
+ * Add new global mutex for PSA global_data
+ * Fix copypasta
+ * Fix and test pk_copy_from_psa with an unsupported algorithm
+ * Test mbedtls_pk_copy_public_from_psa on non-exportable keys
+ * New function mbedtls_pk_copy_public_from_psa
+ * Simplify locating original tool
+ * Remove unnecessary use of export
+ * MBEDTLS_USE_PSA_CRYPTO: most pk bridge functions don't require it
+ * Remind the reader that PK doesn't support DH
+ * Discuss mbedtls_pk_copy_public_from_psa
+ * test_suite_pk: revert erroneous missing initialization of PSA key IDs
+ * test_suite_pk: add comment for pk_copy_from_psa_builtin_fail
+ * changelog: fix text
+ * mbedtls_pk_decrypt/encrypt actually check the padding mode
+ * Add ChangeLog for PSA buffer sharing fix
+ * Do not attempt to wipe output buffer if it is NULL
+ * Flip logic of generate_psa_wrappers.py
+ * Generate memory poisoning in wrappers
+ * Add buffer copying to psa_verify_hash_start()
+ * Add buffer copying to psa_sign_hash_start/complete
+ * Fix IAR warning
+ * Fix and improve the change log
+ * Fix code style
+ * pk: improve mbedtls_pk_copy_from_psa()
+ * test_suite_pk: fix some comments
+ * pk: fix documentation for mbedtls_pk_copy_from_psa()
+ * changelog: fix text and typos
+ * changelog: enhance description
+ * test_suite_pk: when ANY_HASH is used then pick any available MD alg in the
build
+ * test_suite_pk: improve PSA alg selection in pk_copy_from_psa_success()
+ * test_suite_pk: destroy original xkey after pk_copy_from_psa() in
pk_copy_from_psa_success()
+ * test_suite_pk: add description for psa_pub_key_from_priv()
+ * test_suite_pk: minor fixes for test failures
+ * rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA
context
+ * test_suite_pk: add new test case for an algorithm only avaible in driver
+ * pk: pk_copy_from_psa() performs the conversion even if the algorithm
doesn't match
+ * test_suite_pk: add more test cases for pk_copy_from_psa_success()
+ * test_suite_pk: various minor fixes
+ * pk: fixed documentation of mbedtls_pk_copy_from_psa()
+ * add changelog
+ * test_suite_pk: extend testing in pk_copy_from_psa()
+ * pk_wrap: use correct PSA alg in rsa_encrypt_wrap() when USE_PSA
+ * test_suite_pk: rename PK context variables
+ * test_suite_pk: add key pair check in pk_copy_from_psa_success()
+ * pk: let psa_export_key() check if the key is exportable or not
+ * all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite()
+ * Changelog: Added entry for ssl_session accessors.
+ * Remove volatile from declaration
+ * Fix use of volatile
+ * Fix typo
+ * test_suite_pk: fix typos
+ * pk_ecc: fix documentation
+ * pk: replace CRYPTO_CLIENT guards with CRYPTO_C
+ * all.sh: add test component based on full config without PK_[PARSE|WRITE]_C
+ * pk: move ECC setters to a separate file
+ * test_suite_pk: add some initial testing for mbedtls_pk_copy_from_psa()
+ * pk: add mbedtls_pk_copy_from_psa()
+ * pkparse: make EC/RSA setup functions internally available
+ * tls13: cli: Discard ticket with zero lifetime
+ * tls13: srv: Fail connection if ticket lifetime exceed 7 days
+ * Fix potential bug in psa_destroy_key where multiple threads can return
PSA_SUCCESS
+ * Improve style
+ * Avoid implementation defined behaviour
+ * Hinder unwanted optimisations
+ * tests: ssl: early data: Fix comments
+ * ssl_ticket.c: Fix ticket lifetime when parsing
+ * ssl_ticket.h: Fix note in API documentation
+ * ssl_client2: Fix early data log
+ * tests: suite: early data: Add comments
+ * tests: ssl: Improve early data test code
+ * tests: ssl: Improve test code for very small max_early_data_size
+ * ssl_msg.c: Fix log position
+ * ssl-opt.sh: Fix early data test option
+ * tls13: srv: Fix/Improve debug logs
+ * tls13: srv: Fix/Improve comments
+ * tls13: srv: Fix initialization value
+ * tls13: srv: Code improvements
+ * tls13: srv: Add/Improve comments
+ * tls13: srv: Move PSK ciphersuite selection up
+ * tls13: srv: Simplify resumption detection
+ * tls13: srv: Simplify kex availability checks
+ * tls13: srv: Improve key exchange mode determination
+ * tls13: srv: Fix resume flag in case of cancelled PSK
+ * tls13: srv: Determine best key exchange mode for a PSK
+ * tls13: srv: Factorize ciphersuite selection code
+ * tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position
+ * tls13: srv: Always parse the pre-shared key extension
+ * tls13: srv: Stop earlier identity check
+ * tls13: srv: Improve ticket identity check return values
+ * tls13: srv: Fix return value
+ * tls13: srv: Define specific return macros for binder check
+ * Avoid recursion for relative paths
+ * Follow-up for less verbose logging
+ * Do not forget about TLS 1.2 disabled at runtime aspect
+ * tls13: Improve comment about cast to uint32_t
+ * Improve change log
+ * Add change log
+ * Remove MBEDTLS_THREADING_C check in check_test_dependencies
+ * Allow the use of threading dependancies in PSA tests.
+ * Disable MBEDTLS_SELF_TEST in the TSan config
+ * Add test cases for concurrently_generate_keys
+ * Add a concurrent key generation test function
+ * Fix issue with large allocation in tests
+ * test_suite_ssl: Added ssl_session_id_accessors_check.
+ * Ensure blocksize is compile-time const when DES not present
+ * Improve PBKDF2 with CMAC perf by ~16%
+ * library: psa_crypto: Explicitly initialize shared_secret
+ * Add a warning to the definition of MBEDTLS_PSA_CRYPTO_SE_C
+ * test_suite_x509parse: Added test-case for legacy certificate
+ * Ensure drivers have threading enabled if required
+ * Explicitely remove the deprecated driver interface from the TSan config
+ * Document deprecated transaction system as non thread safe
+ * tls13: Remove unnecessary cast from size_t to uint32_t
+ * x509: Reworded documentation bits.
+ * List ECDSA signature conversion functions
+ * Document mbedtls_pk_setup_opaque and mbedtls_pk_copy_from_psa
+ * Document mbedtls_pk_import_into_psa
+ * Mention psa_generate_key_ext()
+ * Adjust defaults
+ * Fix intended code blocks that were not suitably indented
++++ 2380 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes
++++ and /work/SRC/openSUSE:Factory/.mbedtls.new.1905/mbedtls.changes
Old:
----
mbedtls-3.5.2.obscpio
New:
----
mbedtls-3.6.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mbedtls.spec ++++++
--- /var/tmp/diff_new_pack.U2nK83/_old 2024-04-04 22:28:40.500648698 +0200
+++ /var/tmp/diff_new_pack.U2nK83/_new 2024-04-04 22:28:40.500648698 +0200
@@ -16,13 +16,13 @@
#
-%define lib_tls libmbedtls20
-%define lib_crypto libmbedcrypto15
-%define lib_x509 libmbedx509-6
+%define lib_tls libmbedtls21
+%define lib_crypto libmbedcrypto16
+%define lib_x509 libmbedx509-7
%define lib_everest libeverest
%define lib_p256m libp256m
Name: mbedtls
-Version: 3.5.2
+Version: 3.6.0
Release: 0
Summary: Libraries for crypto and SSL/TLS protocols
License: Apache-2.0 OR GPL-2.0-or-later
@@ -150,6 +150,7 @@
%{_libdir}/libmbedtls.so
%{_libdir}/libmbedcrypto.so
%{_libdir}/libmbedx509.so
+%{_libdir}/pkgconfig/*.pc
%files -n %{lib_tls}
%license LICENSE
++++++ _service ++++++
--- /var/tmp/diff_new_pack.U2nK83/_old 2024-04-04 22:28:40.532649877 +0200
+++ /var/tmp/diff_new_pack.U2nK83/_new 2024-04-04 22:28:40.536650023 +0200
@@ -1,11 +1,11 @@
<services>
<service name="obs_scm" mode="manual">
- <param name="versionformat">3.5.2</param>
+ <param name="versionformat">3.6.0</param>
<param name="url">https://github.com/Mbed-TLS/mbedtls.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
<param name="exclude">.*</param>
- <param name="revision">refs/tags/v3.5.2</param>
+ <param name="revision">refs/tags/v3.6.0</param>
</service>
<service name="tar" mode="buildtime"/>
<service name="recompress" mode="buildtime">
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.U2nK83/_old 2024-04-04 22:28:40.556650760 +0200
+++ /var/tmp/diff_new_pack.U2nK83/_new 2024-04-04 22:28:40.556650760 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/Mbed-TLS/mbedtls.git</param>
- <param
name="changesrevision">daca7a3979c22da155ec9dce49ab1abf3b65d3a9</param></service></servicedata>
+ <param
name="changesrevision">2ca6c285a0dd3f33982dd57299012dacab1ff206</param></service></servicedata>
(No newline at EOF)
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.U2nK83/_old 2024-04-04 22:28:40.576651496 +0200
+++ /var/tmp/diff_new_pack.U2nK83/_new 2024-04-04 22:28:40.580651644 +0200
@@ -1,6 +1,6 @@
-libmbedtls20
-libmbedx509-6
-libmbedcrypto15
+libmbedtls21
+libmbedx509-7
+libmbedcrypto16
libeverest
libp256m
++++++ mbedtls-3.5.2.obscpio -> mbedtls-3.6.0.obscpio ++++++
/work/SRC/openSUSE:Factory/mbedtls/mbedtls-3.5.2.obscpio
/work/SRC/openSUSE:Factory/.mbedtls.new.1905/mbedtls-3.6.0.obscpio differ: char
48, line 1
++++++ mbedtls.obsinfo ++++++
--- /var/tmp/diff_new_pack.U2nK83/_old 2024-04-04 22:28:40.620653116 +0200
+++ /var/tmp/diff_new_pack.U2nK83/_new 2024-04-04 22:28:40.620653116 +0200
@@ -1,5 +1,5 @@
name: mbedtls
-version: 3.5.2
-mtime: 1706089751
-commit: daca7a3979c22da155ec9dce49ab1abf3b65d3a9
+version: 3.6.0
+mtime: 1711465082
+commit: 2ca6c285a0dd3f33982dd57299012dacab1ff206
