{"id":810894,"url":"http://patchwork.ozlabs.org/api/1.2/patches/810894/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20170907081201.8397-1-peter@korsgaard.com/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.2/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170907081201.8397-1-peter@korsgaard.com>","list_archive_url":null,"date":"2017-09-07T08:12:01","name":"mbedtls: security bump to version 2.6.0","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"e70267647efb4dbdea41cba18ec3e832446e8556","submitter":{"id":42365,"url":"http://patchwork.ozlabs.org/api/1.2/people/42365/?format=json","name":"Peter Korsgaard","email":"peter@korsgaard.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20170907081201.8397-1-peter@korsgaard.com/mbox/","series":[{"id":1941,"url":"http://patchwork.ozlabs.org/api/1.2/series/1941/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=1941","date":"2017-09-07T08:12:01","name":"mbedtls: security bump to version 2.6.0","version":1,"mbox":"http://patchwork.ozlabs.org/series/1941/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/810894/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/810894/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.138; helo=whitealder.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"ng0tYhyd\"; dkim-atps=neutral"],"Received":["from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xntTs2kxfz9sRV\n\tfor ;\n\tThu, 7 Sep 2017 18:12:17 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 778868889B;\n\tThu, 7 Sep 2017 08:12:12 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id rjo0krTINYKu; Thu, 7 Sep 2017 08:12:09 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 051D0886FB;\n\tThu, 7 Sep 2017 08:12:09 +0000 (UTC)","from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 4C8251C2578\n\tfor ;\n\tThu, 7 Sep 2017 08:12:08 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 4691E89BAE\n\tfor ;\n\tThu, 7 Sep 2017 08:12:08 +0000 (UTC)","from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id rHsmrY5WrjWI for ;\n\tThu, 7 Sep 2017 08:12:07 +0000 (UTC)","from mail-wm0-f67.google.com (mail-wm0-f67.google.com\n\t[74.125.82.67])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id F2E8F89B9E\n\tfor ; Thu, 7 Sep 2017 08:12:06 +0000 (UTC)","by mail-wm0-f67.google.com with SMTP id e64so844781wmi.2\n\tfor ; Thu, 07 Sep 2017 01:12:06 -0700 (PDT)","from dell.be.48ers.dk (d51A5BC31.access.telenet.be.\n\t[81.165.188.49]) by smtp.gmail.com with ESMTPSA id\n\tt40sm2115413edd.71.2017.09.07.01.12.04\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tThu, 07 Sep 2017 01:12:04 -0700 (PDT)","from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from )\n\tid 1dprut-0002C9-3w; Thu, 07 Sep 2017 10:12:03 +0200"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:date:message-id;\n\tbh=kHP0Qdl0fllwLeHyH1UfH3jPlTlKeHauXGsAY5BxqXI=;\n\tb=ng0tYhydITTXCfiEa6ZfA9E9pdW1nlhvoiXnJEN+3GS+8aHNf8yGwMqR4ovtpwl3A/\n\tbLmfnoICCLauC3MpOA64RCB3riugENc5ilF5WRAgm16yEhDRUYVS7J13T+vIWHYKQM67\n\taKPvfpzVSPexE2Cny9NNlKDTLG790TqUmPqyANOamLNc735q4v3e/N1CQxG8dE4KRwIw\n\t7QV3CTaHhtZMlqrrWr+HdXziDryFFsdR4laWKykN5S6rmJ1x8Iw5U9WKTbNXBLtr0Ilc\n\tg/ybnRRB+uY011Jxm9kteZP2tkMQhu7Smi2K99P/FododbuhE4C1HD2ptPwoiylA/F6o\n\tJswg==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:date:message-id;\n\tbh=kHP0Qdl0fllwLeHyH1UfH3jPlTlKeHauXGsAY5BxqXI=;\n\tb=RI4vE8XPJ+iw8AIUxn7RmOZbpGFsmog1iederoXWXy/IYOE3/qYoYaocRLl3n0hcXY\n\tHGDmSBbEaG7xFDEY/DH2GwIvRWcN4xfmzkDDiTCUu8INSGRwfpt/Oxfc0ONU+VgzTZFs\n\t7qyiGW2b4BYGp6xPI7rhMcllqLA7sYKkeB+NtHj9NkYVx0fXzBQPgrRqvk7GRIXvQVrb\n\tchOKIYXKVRXFQvVkWqlw+ON3HE+ZbQFqOrwFtHS5vjJhI+zaJxQHHngo2iLrpzvWjE/F\n\tRwzf/KVT/Zz+plejBqKaADG+6NbYcP15ARtFqG6dLkK1WVIhNuBtH3yP6RH+cOUT7mT7\n\t8PSw==","X-Gm-Message-State":"AHPjjUgUpeEUevoIIT0Mf01JIKqK3b64IQUEKfswbPOydDhEBuy1m8EL\n\t3Trc3bLiVqP9daxL5C0=","X-Google-Smtp-Source":"ADKCNb5DQbfWqYx6OlTw0HZuvWqpv08MjE9PVJcfH7NTrW6eTP5pjINN9HIgTp0/SjH89DYtJDRO7w==","X-Received":"by 10.80.150.69 with SMTP id y63mr1901820eda.165.1504771925152; \n\tThu, 07 Sep 2017 01:12:05 -0700 (PDT)","From":"Peter Korsgaard ","To":"buildroot@buildroot.org","Date":"Thu, 7 Sep 2017 10:12:01 +0200","Message-Id":"<20170907081201.8397-1-peter@korsgaard.com>","X-Mailer":"git-send-email 2.11.0","Subject":"[Buildroot] [PATCH] mbedtls: security bump to version 2.6.0","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" "},"content":"Fixes CVE-2017-14032: Bypass of authentication of peer possible when the\nauthentication mode is configured as 'optional'\n\nFor more details, see\nhttps://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02\n\nSigned-off-by: Peter Korsgaard \n---\n package/mbedtls/mbedtls.hash | 4 ++--\n package/mbedtls/mbedtls.mk | 2 +-\n 2 files changed, 3 insertions(+), 3 deletions(-)","diff":"diff --git a/package/mbedtls/mbedtls.hash b/package/mbedtls/mbedtls.hash\nindex 70a0dc506d..0dea548431 100644\n--- a/package/mbedtls/mbedtls.hash\n+++ b/package/mbedtls/mbedtls.hash\n@@ -1,2 +1,2 @@\n-# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.2-2.1.7-and-1.3.19-released\n-sha256\t17dd98af7478aadacc480c7e4159e447353b5b2037c1b6d48ed4fd157fb1b018\tmbedtls-2.4.2-apache.tgz\n+# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.6.0-2.1.9-and-1.3.21-released\n+sha256\t99bc9d4212d3d885eeb96273bcde8ecc649a481404b8d7ea7bb26397c9909687\tmbedtls-2.6.0-apache.tgz\ndiff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk\nindex a571ed0e52..64ce18cf6f 100644\n--- a/package/mbedtls/mbedtls.mk\n+++ b/package/mbedtls/mbedtls.mk\n@@ -5,7 +5,7 @@\n ################################################################################\n \n MBEDTLS_SITE = https://tls.mbed.org/code/releases\n-MBEDTLS_VERSION = 2.4.2\n+MBEDTLS_VERSION = 2.6.0\n MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz\n MBEDTLS_CONF_OPTS = \\\n \t-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \\\n","prefixes":[]}