[openwrt/openwrt] mbedtls: update to 3.6.3
LEDE Commits
lede-commits at lists.infradead.org
Thu Mar 27 00:10:11 PDT 2025
nick pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/1732d81d8082163c66e5b2b3b050318922d5bb88
commit 1732d81d8082163c66e5b2b3b050318922d5bb88
Author: Magnus Kroken <mkroken at gmail.com>
AuthorDate: Wed Mar 26 21:42:51 2025 +0100
mbedtls: update to 3.6.3
This release of Mbed TLS provides the fix for a tls compatibility issue of handling fragmented handshake messages.
This release includes fixes for security issues.
* Potential authentication bypass in TLS handshake (CVE-2025-27810) [1]
* TLS clients may unwittingly skip server authentication (CVE-2025-27809) [2]
[1]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
[2]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
Full release announcement:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3
Signed-off-by: Magnus Kroken <mkroken at gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18353
Signed-off-by: Nick Hainke <vincent at systemli.org>
---
package/libs/mbedtls/Makefile | 4 ++--
package/libs/mbedtls/patches/101-remove-test.patch | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index f5bff13324..6d16819d3a 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls
-PKG_VERSION:=3.6.2
+PKG_VERSION:=3.6.3
PKG_RELEASE:=1
PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL=https://github.com/Mbed-TLS/$(PKG_NAME)/releases/download/$(PKG_NAME)-$(PKG_VERSION)
-PKG_HASH:=8b54fb9bcf4d5a7078028e0520acddefb7900b3e66fec7f7175bb5b7d85ccdca
+PKG_HASH:=64cd73842cdc05e101172f7b437c65e7312e476206e1dbfd644433d11bc56327
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/mbedtls/patches/101-remove-test.patch b/package/libs/mbedtls/patches/101-remove-test.patch
index 5ac5e7c1e8..e584a8036c 100644
--- a/package/libs/mbedtls/patches/101-remove-test.patch
+++ b/package/libs/mbedtls/patches/101-remove-test.patch
@@ -1,6 +1,7 @@
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
-@@ -1,13 +1,9 @@
+@@ -3,14 +3,10 @@ add_custom_target(${programs_target})
+
add_subdirectory(aes)
add_subdirectory(cipher)
-if (NOT WIN32)
More information about the lede-commits
mailing list