stable

dislocker-0.7.1-8.el6 and mbedtls-2.7.3-1.el6

FEDORA-EPEL-2018-f6b914dd07 created by robert 6 years ago for Fedora EPEL 6

Mbed TLS 2.7.3

Security

  • (2.7, 2.1) Fixed an issue in the X.509 module which could lead to a buffer overread during certificate validation. Additionally, the issue could also lead to unnecessary callback checks being made or to some validation checks to be omitted. The overread could be triggered remotely, while the other issues would require a non DER-compliant certificate to be correctly signed by a trusted CA, or a trusted CA with a non DER-compliant certificate. Found by luocm. Fixes #825.
  • (2.7, 2.1) Fixed the buffer length assertion in the ssl_parse_certificate_request() function which could lead to an arbitrary overread of the message buffer. The overreads could be caused by receiving a malformed algorithms section which was too short. In builds with debug output, this overread data was output with the debug data.
  • (2.7, 2.1) Fixed a client-side bug in the validation of the server's ciphersuite choice which could potentially lead to the client accepting a ciphersuite it didn't offer or a ciphersuite that could not be used with the TLS or DTLS version chosen by the server. This could lead to corruption of internal data structures for some configurations.

Bugfix

  • (2.7) Fixed a spurious uninitialized variable warning in cmac.c. Fix independently contributed by Brian J Murray and David Brown.
  • (2.7, 2.1) Added missing dependencies in test suites that led to build failures in configurations that omit certain hashes or public-key algorithms. Fixes #1040.
  • (2.7) Fixed a C89 incompatibility issue in benchmark.c. Contributed by Brendan Shanks. Fixes #1353.
  • (2.7, 2.1) Added missing dependencies for MBEDTLS_HAVE_TIME_DATE and MBEDTLS_VERSION_FEATURES in some test suites. Contributed by Deomid Ryabkov. Fixes #1299, #1475.
  • (2.7, 2.1) Fixed the Makefile build process for building shared libraries on Mac OS X. Fixed by mnacamura.
  • (2.7, 2.1) Fixed parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was unable to parse keys which had only the optional parameters field of the ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379.
  • (2.7, 2.1) Added an optimisation to return the plaintext data more quickly on unpadded CBC decryption, as stated in the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson.
  • (2.7, 2.1) Fixed the overriding and ignoring of return values when parsing and writing to a file in the pk_sign program. Found by kevlut in #1142.
  • (2.7, 2.1) Fixed buffer length assertions in the ssl_parse_certificate_request() function which led to a potential one byte overread of the message buffer.
  • (2.7, 2.1) Fixed invalid buffer sizes being passed to zlib during record compression and decompression.

Changes

  • (2.7) Added support for cmake builds where Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and Arne Schwabe.
  • (2.7, 2.1) Improved the testing of configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk.
  • (2.7, 2.1) Improved negative testing of X.509 parsing.
  • (2.7, 2.1) Does not define global mutexes for readdir() and gmtime() in configurations where the feature is disabled. Found and fixed by Gergely Budai.
  • (2.7, 2.1) Provided an empty implementation of mbedtls_pkcs5_pbes2() when MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 without PBES2. Fixed by Marcos Del Sol Vives.
  • (2.7, 2.1) Improved the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov.
  • (2.7, 2.1) Improved the documentation of mbedtls_ssl_write(). Suggested by Paul Sokolovsky in #1356.
  • (2.7, 2.1) Added an option in the Makefile to support ar utilities where the operation letter must not be prefixed by '-', such as LLVM. Found and fixed by Alex Hixon.
  • (2.7, 2.1) Added the ability to allow configuration of the shared library extension by setting the DLEXT environment variable when using the project makefiles.
  • (2.7, 2.1) Changed the SSL module, such that when f_send, f_recv or f_recv_timeout report transmitting more than the required length, they now return an error. Raised by Sam O'Connor in #1245.
  • (2.7, 2.1) Improved the robustness of mbedtls_ssl_derive_keys() against the use of HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan Chen. Fixes #1437.

This update has been submitted for testing by robert.

6 years ago

This update has been pushed to testing.

6 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by robert.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
Builds
2
dislocker-0.7.1-8.el6
mbedtls-2.7.3-1.el6
dislocker-0.7.1-8.el6
mbedtls-2.7.3-1.el6

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0^202501160952gitcee09e8 on bodhi-web-246-9rjf2.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy