mbedtls: update to 2.16.6
authorMagnus Kroken <mkroken@gmail.com>
Thu, 16 Apr 2020 15:47:47 +0000 (17:47 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Fri, 17 Apr 2020 22:18:13 +0000 (00:18 +0200)
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 02fcbe2f3d4eaf65e90bb167aa7818eacc08c633)

package/libs/mbedtls/Makefile

index ad1da70268ce530e0f51b1012047d47da42c1b09..978d5ca19a42dee7f859868ce0b9eee7c09d18f7 100644 (file)
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.16.5
+PKG_VERSION:=2.16.6
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
 PKG_SOURCE_URL:=https://tls.mbed.org/download/
-PKG_HASH:=6ebdea6565c714f1315b9af6a802afb4b4e89976f7d5d2b15aa8028eb52e7d09
+PKG_HASH:=80a484df42f32dbe95665cd4b18ce0dd14b6c67dfd561d36d1475802e41eb3ed
 
 PKG_BUILD_PARALLEL:=1
 PKG_LICENSE:=GPL-2.0+