[openwrt/openwrt] mbedtls: Update to 2.28.8

Mon Jul 8 13:28:08 PDT 2024

hauke pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/6ea1e214e73986abe9de3f61277426350e6c37e3

commit 6ea1e214e73986abe9de3f61277426350e6c37e3
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Sun Apr 21 17:40:09 2024 +0200

    mbedtls: Update to 2.28.8
    
    This contains a fix for:
    CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
    before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
    API mishandles shared memory.
    
    (cherry picked from commit 360ac07eb933feaf29bb031f788f0bf81c473be7)
    Link: https://github.com/openwrt/openwrt/pull/15899
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/libs/mbedtls/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index 828a7c1a0b..1a9f346680 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.28.7
+PKG_VERSION:=2.28.8
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=1df6073f0cf6a4e1953890bf5e0de2a8c7e6be50d6d6c69fa9fefcb1d14e981a
+PKG_HASH:=4fef7de0d8d542510d726d643350acb3cdb9dc76ad45611b59c9aa08372b4213
 
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=gpl-2.0.txt


