From 7d07ad57002a0af09ceb0fbe59b48ccd2ce4a740 Mon Sep 17 00:00:00 2001 From: Soumya Sambu Date: Mon, 19 Feb 2024 12:46:27 +0000 Subject: [PATCH] mbedtls: upgrade 2.28.5 -> 2.28.7 Includes security fixes for: CVE-2024-23170 - Timing side channel in private key RSA operations CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension() License updated to dual Apache-2.0 OR GPL-2.0-or-later. Changelog: https://github.com/Mbed-TLS/mbedtls/blob/v2.28.7/ChangeLog Signed-off-by: Soumya Sambu Signed-off-by: Armin Kuster --- .../mbedtls/{mbedtls_2.28.5.bb => mbedtls_2.28.7.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_2.28.5.bb => mbedtls_2.28.7.bb} (91%) diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.5.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb similarity index 91% rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.5.bb rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb index 95688e29bb..793cdcaff7 100644 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.5.bb +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb @@ -17,13 +17,13 @@ understand what the code does. It features: \ HOMEPAGE = "https://tls.mbed.org/" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" +LICENSE = "Apache-2.0 | GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" SECTION = "libs" S = "${WORKDIR}/git" -SRCREV = "47e8cc9db2e469d902b0e3093ae9e482c3d87188" +SRCREV = "555f84735aecdbd76a566cf087ec8425dfb0c8ab" SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28" inherit cmake update-alternatives