[{"id":1764577,"web_url":"http://patchwork.ozlabs.org/comment/1764577/","msgid":"<20170907081851.5x6mxczcydx7ut4t@tarshish>","list_archive_url":null,"date":"2017-09-07T08:18:51","subject":"Re: [Buildroot] [PATCH] mbedtls: security bump to version 2.6.0","submitter":{"id":1458,"url":"http://patchwork.ozlabs.org/api/people/1458/","name":"Baruch Siach","email":"baruch@tkos.co.il"},"content":"Hi Peter,\n\nOn Thu, Sep 07, 2017 at 10:12:01AM +0200, Peter Korsgaard wrote:\n> Fixes CVE-2017-14032: Bypass of authentication of peer possible when the\n> authentication mode is configured as 'optional'\n> \n> For more details, see\n> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02\n\nPosted already: http://patchwork.ozlabs.org/patch/810255/.\n\nbaruch\n\n> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>\n> ---\n>  package/mbedtls/mbedtls.hash | 4 ++--\n>  package/mbedtls/mbedtls.mk   | 2 +-\n>  2 files changed, 3 insertions(+), 3 deletions(-)\n> \n> diff --git a/package/mbedtls/mbedtls.hash b/package/mbedtls/mbedtls.hash\n> index 70a0dc506d..0dea548431 100644\n> --- a/package/mbedtls/mbedtls.hash\n> +++ b/package/mbedtls/mbedtls.hash\n> @@ -1,2 +1,2 @@\n> -# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.2-2.1.7-and-1.3.19-released\n> -sha256\t17dd98af7478aadacc480c7e4159e447353b5b2037c1b6d48ed4fd157fb1b018\tmbedtls-2.4.2-apache.tgz\n> +# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.6.0-2.1.9-and-1.3.21-released\n> +sha256\t99bc9d4212d3d885eeb96273bcde8ecc649a481404b8d7ea7bb26397c9909687\tmbedtls-2.6.0-apache.tgz\n> diff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk\n> index a571ed0e52..64ce18cf6f 100644\n> --- a/package/mbedtls/mbedtls.mk\n> +++ b/package/mbedtls/mbedtls.mk\n> @@ -5,7 +5,7 @@\n>  ################################################################################\n>  \n>  MBEDTLS_SITE = https://tls.mbed.org/code/releases\n> -MBEDTLS_VERSION = 2.4.2\n> +MBEDTLS_VERSION = 2.6.0\n>  MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz\n>  MBEDTLS_CONF_OPTS = \\\n>  \t-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \\","headers":{"Return-Path":"<buildroot-bounces@busybox.net>","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.138; helo=whitealder.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=<UNKNOWN>)","Received":["from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xntdg0Yjrz9sRY\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu,  7 Sep 2017 18:19:02 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id A7D2D8811D;\n\tThu,  7 Sep 2017 08:19:00 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 4Od4Q3XAYJu6; Thu,  7 Sep 2017 08:18:59 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id A9D238803B;\n\tThu,  7 Sep 2017 08:18:59 +0000 (UTC)","from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 1F4941CEB4A\n\tfor <buildroot@lists.busybox.net>;\n\tThu,  7 Sep 2017 08:18:58 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 17E988857A\n\tfor <buildroot@lists.busybox.net>;\n\tThu,  7 Sep 2017 08:18:58 +0000 (UTC)","from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id F1P5BdDAulL8 for <buildroot@lists.busybox.net>;\n\tThu,  7 Sep 2017 08:18:56 +0000 (UTC)","from mx.tkos.co.il (guitar.tcltek.co.il [192.115.133.116])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id EF3EC88192\n\tfor <buildroot@buildroot.org>; Thu,  7 Sep 2017 08:18:55 +0000 (UTC)","from tarshish (unknown [10.0.8.6])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby mx.tkos.co.il (Postfix) with ESMTPS id 82EFB44025F;\n\tThu,  7 Sep 2017 11:18:52 +0300 (IDT)"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","Date":"Thu, 7 Sep 2017 11:18:51 +0300","From":"Baruch Siach <baruch@tkos.co.il>","To":"Peter Korsgaard <peter@korsgaard.com>","Message-ID":"<20170907081851.5x6mxczcydx7ut4t@tarshish>","References":"<20170907081201.8397-1-peter@korsgaard.com>","MIME-Version":"1.0","Content-Disposition":"inline","In-Reply-To":"<20170907081201.8397-1-peter@korsgaard.com>","User-Agent":"NeoMutt/20170609 (1.8.3)","Cc":"buildroot@buildroot.org","Subject":"Re: [Buildroot] [PATCH] mbedtls: security bump to version 2.6.0","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.busybox.net>","List-Unsubscribe":"<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>","List-Archive":"<http://lists.busybox.net/pipermail/buildroot/>","List-Post":"<mailto:buildroot@busybox.net>","List-Help":"<mailto:buildroot-request@busybox.net?subject=help>","List-Subscribe":"<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" <buildroot-bounces@busybox.net>"}},{"id":1764605,"web_url":"http://patchwork.ozlabs.org/comment/1764605/","msgid":"<87ingudfxu.fsf@dell.be.48ers.dk>","list_archive_url":null,"date":"2017-09-07T09:19:09","subject":"Re: [Buildroot] [PATCH] mbedtls: security bump to version 2.6.0","submitter":{"id":42365,"url":"http://patchwork.ozlabs.org/api/people/42365/","name":"Peter Korsgaard","email":"peter@korsgaard.com"},"content":">>>>> \"Baruch\" == Baruch Siach <baruch@tkos.co.il> writes:\n\n > Hi Peter,\n > On Thu, Sep 07, 2017 at 10:12:01AM +0200, Peter Korsgaard wrote:\n >> Fixes CVE-2017-14032: Bypass of authentication of peer possible when the\n >> authentication mode is configured as 'optional'\n >> \n >> For more details, see\n >> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02\n\n > Posted already: http://patchwork.ozlabs.org/patch/810255/.\n\nUps, I missed that - Sorry.","headers":{"Return-Path":"<buildroot-bounces@busybox.net>","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.138; helo=whitealder.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"iaYUPjzm\"; dkim-atps=neutral"],"Received":["from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xnvzJ0k0wz9sNV\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu,  7 Sep 2017 19:19:23 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 432F68891F;\n\tThu,  7 Sep 2017 09:19:18 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id wVamhOooGIIQ; Thu,  7 Sep 2017 09:19:16 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 0A11B88924;\n\tThu,  7 Sep 2017 09:19:16 +0000 (UTC)","from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 0590F1C00E9\n\tfor <buildroot@lists.busybox.net>;\n\tThu,  7 Sep 2017 09:19:14 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id F3C4A89BE7\n\tfor <buildroot@lists.busybox.net>;\n\tThu,  7 Sep 2017 09:19:13 +0000 (UTC)","from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 4eizTTdSPWh2 for <buildroot@lists.busybox.net>;\n\tThu,  7 Sep 2017 09:19:13 +0000 (UTC)","from mail-wm0-f51.google.com (mail-wm0-f51.google.com\n\t[74.125.82.51])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id C277D89BE2\n\tfor <buildroot@buildroot.org>; Thu,  7 Sep 2017 09:19:12 +0000 (UTC)","by mail-wm0-f51.google.com with SMTP id 137so32460252wmj.1\n\tfor <buildroot@buildroot.org>; Thu, 07 Sep 2017 02:19:12 -0700 (PDT)","from dell.be.48ers.dk (d51A5BC31.access.telenet.be.\n\t[81.165.188.49]) by smtp.gmail.com with ESMTPSA id\n\tb50sm2559107edd.62.2017.09.07.02.19.10\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tThu, 07 Sep 2017 02:19:10 -0700 (PDT)","from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from <peter@korsgaard.com>)\n\tid 1dpsxp-0002av-Cq; Thu, 07 Sep 2017 11:19:09 +0200"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:references:date:in-reply-to:message-id\n\t:user-agent:mime-version;\n\tbh=fIWSHEgSfJPVmi3MclU+rhMlO84/PNrd5aIKhqcqUVA=;\n\tb=iaYUPjzmynjM72ujpOvDpbTscXtu9+Y+E228m2VSmTaYusweUR+WNsvkBte3c4Y5Zx\n\tfCZNYYpmunJvMBM7wCHEkTAtnqjKqViWg0e49r+XF+cDHVV854V0NDYJc6RhezwCukGo\n\tgg0O6H79kGoZJeJDsifNagnK++nQtg79Blau+KpfgtthFkUMtynwTEyDefAZtAX1RaW7\n\t5w1670pVqC1YVxo0uHxfcAKfyaMSfF9VED85ApY5dPywI55+mv0Ky8a5iYUQ4UXI9x6y\n\tQxeOZuT8Pfan+behig4Bq96gVhfP5bQMbqJuwu/E1kUAY2fsILJZrFlvkB0GXYY5vdBd\n\tuLdQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:references:date\n\t:in-reply-to:message-id:user-agent:mime-version;\n\tbh=fIWSHEgSfJPVmi3MclU+rhMlO84/PNrd5aIKhqcqUVA=;\n\tb=etM/S/2xkeXwHZi36TugQcTjabho8Jhxdk5vR9Vk0Yo9VJcdLwzmHHtS9qKEWY7aIh\n\tMHQkMl3jrI8yf6doqW35keEkHehIlFAei/cdZd14fqS1lIs2dwRifjC0E8EVNIIvgzfr\n\tietseO1Jzk574LgVola7K8LTkD8abxSi+SFC/CzSvR0rPWepZO0U+7MR7uZkzSdzwTjz\n\toRsU5+u3+Kmx2Zk9FLE5de1J2N0tevDpMkdzgRO6qVU/NmiQouZU/+dw3sPGNEhcdY4s\n\tar6757+DumwErP7VhvW5OijYnDg9b4olKraWjnDuwk25V1uqkpOV/JS5xf7wJDqESJKv\n\te3nQ==","X-Gm-Message-State":"AHPjjUinqrvSMkwHrWIEEIGt59v0m5sPghiZJtfeW+duDJkp/PsYYfeU\n\tQS2a5JmMGOZoSZl61Jc=","X-Google-Smtp-Source":"ADKCNb7HnETJoex0tGIs6hP/K8UD7VLY8JOH0d9B8ptrgKL2Uo/k4exJnba1zc1h8kdXUzpK3FhIZw==","X-Received":"by 10.80.187.46 with SMTP id y43mr2011579ede.137.1504775951214; \n\tThu, 07 Sep 2017 02:19:11 -0700 (PDT)","From":"Peter Korsgaard <peter@korsgaard.com>","To":"Baruch Siach <baruch@tkos.co.il>","References":"<20170907081201.8397-1-peter@korsgaard.com>\n\t<20170907081851.5x6mxczcydx7ut4t@tarshish>","Date":"Thu, 07 Sep 2017 11:19:09 +0200","In-Reply-To":"<20170907081851.5x6mxczcydx7ut4t@tarshish> (Baruch Siach's\n\tmessage of \"Thu, 7 Sep 2017 11:18:51 +0300\")","Message-ID":"<87ingudfxu.fsf@dell.be.48ers.dk>","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)","MIME-Version":"1.0","Cc":"buildroot@buildroot.org","Subject":"Re: [Buildroot] [PATCH] mbedtls: security bump to version 2.6.0","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.busybox.net>","List-Unsubscribe":"<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>","List-Archive":"<http://lists.busybox.net/pipermail/buildroot/>","List-Post":"<mailto:buildroot@busybox.net>","List-Help":"<mailto:buildroot-request@busybox.net?subject=help>","List-Subscribe":"<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" <buildroot-bounces@busybox.net>"}}]