Bug 25082

Summary: Update candidate: mbedtls 2.16.2 (bugfix update + fixes upgrade conflict)
Product: Mageia Reporter: Rémi Verschelde <rverschelde>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: mbedtls-2.16.1-2.mga7 CVE:
Status comment:

Description Rémi Verschelde 2019-07-09 22:27:25 CEST 
As reported on https://forums.mageia.org/en/viewtopic.php?p=75522, there is a conflict between Mageia 6's mbedtls10-2.7.8-1.mga6 and Mageia 7's mbedtls-2.16.1-2.mga7.

There were already Conflicts tags to handle that, but the Mageia 6 package was updated to new versions in http://advisories.mageia.org/MGASA-2018-0253.html and later advisories, bypassing the too strict version check.

As mbedtls 2.16.2 was released in the same LTS branch, I'm providing it as an update for Mageia 7 too.

Advisory:
=========

Updated mbedtls packages fix upgrade issue from Mageia 6

  Some mbedtls packages provided in Mageia 7 conflict with differently named
  mbedtls packages of Mageia 6, causing an error on upgrades.

  This update fixes it, also providing the maintenance release 2.16.2 with
  various bug fixes and minor enhancements.

References:

 - https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.2


SRPM in core/updates_testing:
=============================

mbedtls-2.16.2-1.mga7


RPMs in core/updates_testing:
=============================

mbedtls-2.16.2-1.mga7
lib64mbedtls12-2.16.2-1.mga7
lib64mbedx509_0-2.16.2-1.mga7
lib64mbedcrypto3-2.16.2-1.mga7
lib64mbedtls-devel-2.16.2-1.mga7
Comment 1 Rémi Verschelde 2019-07-10 10:50:04 CEST 
Tested successfully on Mageia 6 x86_64.

Reverse deps:

$ urpmq --whatrequires lib64mbedtls12
dolphin-emu
godot
godot-headless
godot-runner
godot-server
hiawatha
lib64bctoolbox1
lib64mbedtls-devel
lib64mbedtls12
mbedtls
obs-studio


The 'godot' package works fine against the updated mbedtls (tested "Asset Library" feature which fetches data from GitHub over HTTPS), and I also rebuild Godot from its git repository linking against the updated mbedtls.

I also tested 'dolphin-emu', though I'm not sure which of its features uses mbedtls. I tried the "Online update" feature, which seemed to download some stuff successfully,
Rémi Verschelde 2019-07-10 10:50:27 CEST

Whiteboard: (none) => MGA7-64-OK

Comment 2 Rémi Verschelde 2019-07-10 11:01:15 CEST 
Advisory uploaded.

Keywords: (none) => advisory

Comment 3 Rémi Verschelde 2019-07-10 11:33:03 CEST 
Validating myself as it fixes an upgrade issue.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2019-07-10 12:45:44 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2019-0059.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED