Bug 25082 - Update candidate: mbedtls 2.16.2 (bugfix update + fixes upgrade conflict)
Summary: Update candidate: mbedtls 2.16.2 (bugfix update + fixes upgrade conflict)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-07-09 22:27 CEST by Rémi Verschelde
Modified: 2019-07-10 12:45 CEST (History)
1 user (show)

See Also:
Source RPM: mbedtls-2.16.1-2.mga7
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Rémi Verschelde 2019-07-09 22:27:25 CEST 
As reported on https://forums.mageia.org/en/viewtopic.php?p=75522, there is a conflict between Mageia 6's mbedtls10-2.7.8-1.mga6 and Mageia 7's mbedtls-2.16.1-2.mga7.

There were already Conflicts tags to handle that, but the Mageia 6 package was updated to new versions in http://advisories.mageia.org/MGASA-2018-0253.html and later advisories, bypassing the too strict version check.

As mbedtls 2.16.2 was released in the same LTS branch, I'm providing it as an update for Mageia 7 too.

Advisory:
=========

Updated mbedtls packages fix upgrade issue from Mageia 6

  Some mbedtls packages provided in Mageia 7 conflict with differently named
  mbedtls packages of Mageia 6, causing an error on upgrades.

  This update fixes it, also providing the maintenance release 2.16.2 with
  various bug fixes and minor enhancements.

References:

 - https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.2


SRPM in core/updates_testing:
=============================

mbedtls-2.16.2-1.mga7


RPMs in core/updates_testing:
=============================

mbedtls-2.16.2-1.mga7
lib64mbedtls12-2.16.2-1.mga7
lib64mbedx509_0-2.16.2-1.mga7
lib64mbedcrypto3-2.16.2-1.mga7
lib64mbedtls-devel-2.16.2-1.mga7
Comment 1 Rémi Verschelde 2019-07-10 10:50:04 CEST 
Tested successfully on Mageia 6 x86_64.

Reverse deps:

$ urpmq --whatrequires lib64mbedtls12
dolphin-emu
godot
godot-headless
godot-runner
godot-server
hiawatha
lib64bctoolbox1
lib64mbedtls-devel
lib64mbedtls12
mbedtls
obs-studio


The 'godot' package works fine against the updated mbedtls (tested "Asset Library" feature which fetches data from GitHub over HTTPS), and I also rebuild Godot from its git repository linking against the updated mbedtls.

I also tested 'dolphin-emu', though I'm not sure which of its features uses mbedtls. I tried the "Online update" feature, which seemed to download some stuff successfully,
Rémi Verschelde 2019-07-10 10:50:27 CEST

Whiteboard: (none) => MGA7-64-OK

Comment 2 Rémi Verschelde 2019-07-10 11:01:15 CEST 
Advisory uploaded.

Keywords: (none) => advisory

Comment 3 Rémi Verschelde 2019-07-10 11:33:03 CEST 
Validating myself as it fixes an upgrade issue.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2019-07-10 12:45:44 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2019-0059.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.