From 158a33591d5d4baeb5b09f7c2eec9b5a0b8db609 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Thu, 29 Dec 2022 21:26:28 +0100 Subject: [PATCH] mbedtls: update to version 2.28.2 Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Fixes the following CVEs: * CVE-2022-46393: Fix potential heap buffer overread and overwrite in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. * CVE-2022-46392: An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) could recover an RSA private key after observing the victim performing a single private-key operation if the window size used for the exponentiation was 3 or smaller. Signed-off-by: Hauke Mehrtens (cherry picked from commit af3c9b74e177019b18055c263099a42c1c6c3453) --- package/libs/mbedtls/Makefile | 6 +++--- package/libs/mbedtls/patches/100-fix-compile.patch | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 3ee4855cfa..ee1a58c7b2 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.28.1 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=2.28.2 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4 +PKG_HASH:=bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=gpl-2.0.txt diff --git a/package/libs/mbedtls/patches/100-fix-compile.patch b/package/libs/mbedtls/patches/100-fix-compile.patch index c3b26ac9c9..411d371699 100644 --- a/package/libs/mbedtls/patches/100-fix-compile.patch +++ b/package/libs/mbedtls/patches/100-fix-compile.patch @@ -4,7 +4,7 @@ Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c -@@ -2511,7 +2511,6 @@ int main( int argc, char *argv[] ) +@@ -2529,7 +2529,6 @@ int main( int argc, char *argv[] ) } key_cert_init2 = 2; #endif /* MBEDTLS_ECDSA_C */ @@ -12,11 +12,11 @@ Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243 #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.key_opaque != 0 ) -@@ -2540,6 +2539,7 @@ int main( int argc, char *argv[] ) +@@ -2558,6 +2557,7 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_CERTS_C */ + } mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) ); - #endif /* MBEDTLS_X509_CRT_PARSE_C */ + #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -- 2.30.2