[openwrt/openwrt] mbedtls: Update to version 2.16.12

LEDE Commits lede-commits at lists.infradead.org
Tue Feb 1 12:45:46 PST 2022 

hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/57f38e2c827e3be71d8b1709073e366afe011985

commit 57f38e2c827e3be71d8b1709073e366afe011985
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Sat Jan 29 11:56:27 2022 +0100

    mbedtls: Update to version 2.16.12
    
    This fixes the following security problems:
    * Zeroize several intermediate variables used to calculate the expected
      value when verifying a MAC or AEAD tag. This hardens the library in
      case the value leaks through a memory disclosure vulnerability. For
      example, a memory disclosure vulnerability could have allowed a
      man-in-the-middle to inject fake ciphertext into a DTLS connection.
    * Fix a double-free that happened after mbedtls_ssl_set_session() or
      mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
      (out of memory). After that, calling mbedtls_ssl_session_free()
      and mbedtls_ssl_free() would cause an internal session buffer to
      be free()'d twice. CVE-2021-44732
    
    The sizes of the ipk changed on MIPS 24Kc like this:
    182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
    182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
    
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/libs/mbedtls/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index 6adf091c3c..d3f7d0cad2 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.16.11
+PKG_VERSION:=2.16.12
 PKG_RELEASE:=$(AUTORELEASE)
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=c18e7e9abf95e69e425260493720470021384a1728417042060a35d0b7b18b41
+PKG_HASH:=294871ab1864a65d0b74325e9219d5bcd6e91c34a3c59270c357bb9ae4d5c393
 
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=gpl-2.0.txt

More information about the lede-commits mailing list