[openwrt/openwrt] mbedtls: update to version 2.28.2

LEDE Commits lede-commits at lists.infradead.org
Fri Dec 30 18:21:18 PST 2022


hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/af3c9b74e177019b18055c263099a42c1c6c3453

commit af3c9b74e177019b18055c263099a42c1c6c3453
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Thu Dec 29 21:26:28 2022 +0100

    mbedtls: update to version 2.28.2
    
    Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
    This release of Mbed TLS provides bug fixes and minor enhancements. This
    release includes fixes for security issues.
    
    Fixes the following CVEs:
    * CVE-2022-46393: Fix potential heap buffer overread and overwrite in
    DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
    MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
    
    * CVE-2022-46392: An adversary with access to precise enough information
    about memory accesses (typically, an untrusted operating system
    attacking a secure enclave) could recover an RSA private key after
    observing the victim performing a single private-key operation if the
    window size used for the exponentiation was 3 or smaller.
    
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/libs/mbedtls/Makefile                      | 6 +++---
 package/libs/mbedtls/patches/100-fix-compile.patch | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index fd0f821d85..b07f0477e4 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.28.1
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=2.28.2
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4
+PKG_HASH:=bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0
 
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=gpl-2.0.txt
diff --git a/package/libs/mbedtls/patches/100-fix-compile.patch b/package/libs/mbedtls/patches/100-fix-compile.patch
index c3b26ac9c9..411d371699 100644
--- a/package/libs/mbedtls/patches/100-fix-compile.patch
+++ b/package/libs/mbedtls/patches/100-fix-compile.patch
@@ -4,7 +4,7 @@ Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243
 
 --- a/programs/ssl/ssl_server2.c
 +++ b/programs/ssl/ssl_server2.c
-@@ -2511,7 +2511,6 @@ int main( int argc, char *argv[] )
+@@ -2529,7 +2529,6 @@ int main( int argc, char *argv[] )
          }
          key_cert_init2 = 2;
  #endif /* MBEDTLS_ECDSA_C */
@@ -12,11 +12,11 @@ Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243
  
  #if defined(MBEDTLS_USE_PSA_CRYPTO)
      if( opt.key_opaque != 0 )
-@@ -2540,6 +2539,7 @@ int main( int argc, char *argv[] )
+@@ -2558,6 +2557,7 @@ int main( int argc, char *argv[] )
      }
  #endif /* MBEDTLS_USE_PSA_CRYPTO */
  #endif /* MBEDTLS_CERTS_C */
 +    }
  
      mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
- #endif /* MBEDTLS_X509_CRT_PARSE_C */
+ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */




More information about the lede-commits mailing list