From fda737ec0cc1d2a5217548a560074a8e4d5ec580 Mon Sep 17 00:00:00 2001 From: Soumya Sambu Date: Mon, 19 Feb 2024 12:46:57 +0000 Subject: [PATCH] mbedtls: Upgrade 3.5.0 -> 3.5.2 * Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations * Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension() Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX. License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later Changelog: https://github.com/Mbed-TLS/mbedtls/blob/v3.5.2/ChangeLog Signed-off-by: Soumya Sambu Signed-off-by: Armin Kuster --- .../mbedtls/{mbedtls_3.5.0.bb => mbedtls_3.5.2.bb} | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.5.0.bb => mbedtls_3.5.2.bb} (93%) diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb similarity index 93% rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb index d57e717bd8..2fedac48cf 100644 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb @@ -17,16 +17,17 @@ understand what the code does. It features: \ HOMEPAGE = "https://tls.mbed.org/" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" +LICENSE = "Apache-2.0 | GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" SECTION = "libs" S = "${WORKDIR}/git" -SRCREV = "1ec69067fa1351427f904362c1221b31538c8b57" +SRCREV = "daca7a3979c22da155ec9dce49ab1abf3b65d3a9" SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ file://0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch \ file://run-ptest" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" inherit cmake update-alternatives ptest