Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2018-02-15 13:21:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Thu Feb 15 13:21:52 2018 rev:14 rq:576327 version:2.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2017-09-13 21:34:48.140481985 +0200 +++ /work/SRC/openSUSE:Factory/.mbedtls.new/mbedtls.changes 2018-02-15 13:21:53.815842932 +0100 @@ -1,0 +2,102 @@ +Tue Feb 13 15:55:27 UTC 2018 - [email protected] + +- Update to version 2.7.0: + - Security + * Fix a heap corruption issue in the implementation of the truncated HMAC + extension. When the truncated HMAC extension is enabled and CBC is used, + sending a malicious application packet could be used to selectively corrupt + 6 bytes on the peer's heap, which could potentially lead to crash or remote + code execution. The issue could be triggered remotely from either side in + both TLS and DTLS. (CVE-2018-0488 boo#1080828) + * Fix a buffer overflow in RSA-PSS verification when the hash was too large + for the key size, which could potentially lead to crash or remote code + execution. Found by Seth Terashima, Qualcomm Product Security Initiative, + Qualcomm Technologies Inc. (CVE-2018-0487 boo#1080826) + * Fix buffer overflow in RSA-PSS verification when the unmasked data is all + zeros. + * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding + 64 KiB to the address of the SSL buffer and causing a wrap around. + * Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by + default enabled) maximum fragment length extension is disabled in the + config and the application data buffer passed to mbedtls_ssl_write + is larger than the internal message buffer (16384 bytes by default), the + latter overflows. + * Add a provision to prevent compiler optimizations breaking the time + constancy of mbedtls_ssl_safer_memcmp(). + * Ensure that buffers are cleared after use if they contain sensitive data. + Changes were introduced in multiple places in the library. + * Set PEM buffer to zero before freeing it, to avoid decoded private keys + being leaked to memory after release. + * Fix dhm_check_range() failing to detect trivial subgroups and potentially + leaking 1 bit of the private key. Reported by prashantkspatil. + * Make mbedtls_mpi_read_binary() constant-time with respect to the input + data. Previously, trailing zero bytes were detected and omitted for the + sake of saving memory, but potentially leading to slight timing + differences. Reported by Marco Macchetti, Kudelski Group. + * Wipe stack buffer temporarily holding EC private exponent + after keypair generation. + * Fix a potential heap buffer over-read in ALPN extension parsing + (server-side). Could result in application crash, but only if an ALPN + name larger than 16 bytes had been configured on the server. + * Change default choice of DHE parameters from untrustworthy RFC 5114 + to RFC 3526 containing parameters generated in a nothing-up-my-sleeve + manner. + - Features + * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT, + MBEDTLS_CMAC_ALT). Submitted by Steven Cooreman, Silicon Labs. + * Add support for alternative implementations of GCM, selected by the + configuration flag MBEDTLS_GCM_ALT. + * Add support for alternative implementations for ECDSA, controlled by new + configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and + MBEDTLS_ECDSDA_GENKEY_AT in config.h. + The following functions from the ECDSA module can be replaced + with alternative implementation: + mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey(). + * Add support for alternative implementation of ECDH, controlled by the + new configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and + MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h. + The following functions from the ECDH module can be replaced + with an alternative implementation: + mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). + * Add support for alternative implementation of ECJPAKE, controlled by + the new configuration flag MBEDTLS_ECJPAKE_ALT. + * Add mechanism to provide alternative implementation of the DHM module. + - API changes + * Extend RSA interface by multiple functions allowing structure- + independent setup and export of RSA contexts. Most notably, + mbedtls_rsa_import() and mbedtls_rsa_complete() are introduced for setting + up RSA contexts from partial key material and having them completed to the + needs of the implementation automatically. This allows to setup private RSA + contexts from keys consisting of N,D,E only, even if P,Q are needed for the + purpose or CRT and/or blinding. + * The configuration option MBEDTLS_RSA_ALT can be used to define alternative + implementations of the RSA interface declared in rsa.h. + * The following functions in the message digest modules (MD2, MD4, MD5, + SHA1, SHA256, SHA512) have been deprecated and replaced as shown below. + The new functions change the return type from void to int to allow + returning error codes when using MBEDTLS_<MODULE>_ALT. + mbedtls_<MODULE>_starts() -> mbedtls_<MODULE>_starts_ret() + mbedtls_<MODULE>_update() -> mbedtls_<MODULE>_update_ret() + mbedtls_<MODULE>_finish() -> mbedtls_<MODULE>_finish_ret() + mbedtls_<MODULE>_process() -> mbedtls_internal_<MODULE>_process() + - Deprecations + * Deprecate usage of RSA primitives with non-matching key-type + (e.g. signing with a public key). + * Direct manipulation of structure fields of RSA contexts is deprecated. + Users are advised to use the extended RSA API instead. + * Deprecate usage of message digest functions that return void + (mbedtls_<MODULE>_starts, mbedtls_<MODULE>_update, + mbedtls_<MODULE>_finish and mbedtls_<MODULE>_process where <MODULE> is + any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions + that can return an error code. + * Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by + parameters from RFC 3526 or the newly added parameters from RFC 7919. + * Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc. + Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN + etc. + * Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters + from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() + accepting DHM parameters in binary form, matching the new constants. + - Several bug fixes + +------------------------------------------------------------------- Old: ---- mbedtls-2.6.0-apache.tgz New: ---- mbedtls-2.7.0-apache.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.8cEDbP/_old 2018-02-15 13:21:54.539816630 +0100 +++ /var/tmp/diff_new_pack.8cEDbP/_new 2018-02-15 13:21:54.543816485 +0100 @@ -1,7 +1,7 @@ # # spec file for package mbedtls # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,10 +17,10 @@ %define lib_tls libmbedtls10 -%define lib_crypto libmbedcrypto0 +%define lib_crypto libmbedcrypto1 %define lib_x509 libmbedx509-0 Name: mbedtls -Version: 2.6.0 +Version: 2.7.0 Release: 0 Summary: Libraries for crypto and SSL/TLS protocols License: Apache-2.0 ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.8cEDbP/_old 2018-02-15 13:21:54.571815468 +0100 +++ /var/tmp/diff_new_pack.8cEDbP/_new 2018-02-15 13:21:54.575815322 +0100 @@ -1,3 +1,3 @@ libmbedtls10 libmbedx509-0 -libmbedcrypto0 +libmbedcrypto1 ++++++ mbedtls-2.6.0-apache.tgz -> mbedtls-2.7.0-apache.tgz ++++++ ++++ 31034 lines of diff (skipped)
