diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2022-01-29 11:56:27 +0100 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-02-01 21:25:02 +0100 |
commit | 57f38e2c827e3be71d8b1709073e366afe011985 (patch) | |
tree | 5f99e8d955dc738d2f43f88668d85aa6fd100741 /package/libs/mbedtls | |
parent | 5b96048de109f7004de9f975c998523c1b252a80 (diff) | |
download | upstream-57f38e2c827e3be71d8b1709073e366afe011985.tar.gz upstream-57f38e2c827e3be71d8b1709073e366afe011985.tar.bz2 upstream-57f38e2c827e3be71d8b1709073e366afe011985.zip |
mbedtls: Update to version 2.16.12
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice. CVE-2021-44732
The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/libs/mbedtls')
-rw-r--r-- | package/libs/mbedtls/Makefile | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 6adf091c3c..d3f7d0cad2 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.16.11 +PKG_VERSION:=2.16.12 PKG_RELEASE:=$(AUTORELEASE) PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=c18e7e9abf95e69e425260493720470021384a1728417042060a35d0b7b18b41 +PKG_HASH:=294871ab1864a65d0b74325e9219d5bcd6e91c34a3c59270c357bb9ae4d5c393 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=gpl-2.0.txt |