From patchwork Fri Mar 30 14:57:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 893375 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="krmfQA33"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40CPrz0GPKz9s0p for ; Sat, 31 Mar 2018 01:58:59 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id: Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=ygFKOj31SV1LPHJd5oPRv/TtX8d/nvmvPMOj3+OSmJw=; b=krmfQA339lIHAk pYU282zwKugxS35NggxPwMF83uzdfgDPc+PhmWu/LXQamJvCOFR/6jPjh27m3+GKAJ5qXlyC0Qu8K ANHv4/0QrhOq2tmv+DW7a91ZThsbUQkQDNSZjjlcPNlfsQakazh6ikO86b4JdVc/ZwaTWMt/J7UdV i1uIf9W7uq727DmYpXhTjQlfRlXI07g9yy3h9F4Zuduy9EPggLPsbDaKmnj81M7npnirR2VEG3UYD RJYzHJrxGoqgayL/flp1L3ZFE1nC71pdpSulTx7DnGVuUBoNFGqf4cbWaAdMVI5JIs2QpY+3NECEa BuXaCFiwV3j4Bl/KW65w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1f1vUO-0000gb-5B; Fri, 30 Mar 2018 14:58:48 +0000 Received: from mx2.mailbox.org ([80.241.60.215]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1f1vTV-0000BT-S5 for lede-dev@lists.infradead.org; Fri, 30 Mar 2018 14:57:56 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 70EF640EB7; Fri, 30 Mar 2018 16:57:42 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id MSvRZVwANyih; Fri, 30 Mar 2018 16:57:30 +0200 (CEST) From: Hauke Mehrtens To: lede-dev@lists.infradead.org Date: Fri, 30 Mar 2018 16:57:22 +0200 Message-Id: <20180330145722.15911-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180330_075754_266387_69813490 X-CRM114-Status: GOOD ( 14.77 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.215 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [LEDE-DEV] [PATCH] mbedtls: update to version 2.8.0 X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This fixes some minor security problems. Signed-off-by: Hauke Mehrtens --- package/libs/mbedtls/Makefile | 4 +-- package/libs/mbedtls/patches/200-config.patch | 36 +++++++++++++-------------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 8f6a5be295..898880d453 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.7.0 +PKG_VERSION:=2.8.0 PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz PKG_SOURCE_URL:=https://tls.mbed.org/download/ -PKG_HASH:=2c6fe289b4b50bf67b4839e81b07fcf52a19f5129d0241d2aa4d49cb1ef11e4f +PKG_HASH:=649eb27187154590edda52943a7f468e740ec08807e5bf68ff45f4e8ffd68923 PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0+ diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch index 3860414cde..70ef95477c 100644 --- a/package/libs/mbedtls/patches/200-config.patch +++ b/package/libs/mbedtls/patches/200-config.patch @@ -91,7 +91,7 @@ /** * \def MBEDTLS_ENTROPY_NV_SEED -@@ -1056,14 +1056,14 @@ +@@ -1057,14 +1057,14 @@ * Uncomment this macro to disable the use of CRT in RSA. * */ @@ -108,7 +108,7 @@ /** * \def MBEDTLS_SHA256_SMALLER -@@ -1079,7 +1079,7 @@ +@@ -1080,7 +1080,7 @@ * * Uncomment to enable the smaller implementation of SHA256. */ @@ -117,7 +117,7 @@ /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES -@@ -1206,7 +1206,7 @@ +@@ -1207,7 +1207,7 @@ * configuration of this extension). * */ @@ -126,7 +126,7 @@ /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO -@@ -1380,8 +1380,8 @@ +@@ -1381,8 +1381,8 @@ * callbacks are provided by MBEDTLS_SSL_TICKET_C. * * Comment this macro to disable support for SSL session tickets @@ -136,7 +136,7 @@ /** * \def MBEDTLS_SSL_EXPORT_KEYS -@@ -1411,7 +1411,7 @@ +@@ -1412,7 +1412,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ @@ -144,8 +144,8 @@ +//#define MBEDTLS_SSL_TRUNCATED_HMAC /** - * \def MBEDTLS_THREADING_ALT -@@ -1445,8 +1445,8 @@ + * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT +@@ -1470,8 +1470,8 @@ * Requires: MBEDTLS_VERSION_C * * Comment this to disable run-time checking and save ROM space @@ -155,7 +155,7 @@ /** * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 -@@ -1773,7 +1773,7 @@ +@@ -1801,7 +1801,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ @@ -164,7 +164,7 @@ /** * \def MBEDTLS_CCM_C -@@ -1787,7 +1787,7 @@ +@@ -1815,7 +1815,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ @@ -173,7 +173,7 @@ /** * \def MBEDTLS_CERTS_C -@@ -1799,7 +1799,7 @@ +@@ -1827,7 +1827,7 @@ * * This module is used for testing (ssl_client/server). */ @@ -182,7 +182,7 @@ /** * \def MBEDTLS_CIPHER_C -@@ -1852,7 +1852,7 @@ +@@ -1880,7 +1880,7 @@ * * This module provides debugging functions. */ @@ -191,7 +191,7 @@ /** * \def MBEDTLS_DES_C -@@ -1881,7 +1881,7 @@ +@@ -1909,7 +1909,7 @@ * \warning DES is considered a weak cipher and its use constitutes a * security risk. We recommend considering stronger ciphers instead. */ @@ -200,7 +200,7 @@ /** * \def MBEDTLS_DHM_C -@@ -2042,8 +2042,8 @@ +@@ -2070,8 +2070,8 @@ * Requires: MBEDTLS_MD_C * * Uncomment to enable the HMAC_DRBG random number geerator. @@ -210,7 +210,7 @@ /** * \def MBEDTLS_MD_C -@@ -2337,7 +2337,7 @@ +@@ -2365,7 +2365,7 @@ * Caller: library/md.c * */ @@ -219,7 +219,7 @@ /** * \def MBEDTLS_RSA_C -@@ -2421,8 +2421,8 @@ +@@ -2449,8 +2449,8 @@ * Caller: * * Requires: MBEDTLS_SSL_CACHE_C @@ -229,7 +229,7 @@ /** * \def MBEDTLS_SSL_COOKIE_C -@@ -2443,8 +2443,8 @@ +@@ -2471,8 +2471,8 @@ * Caller: * * Requires: MBEDTLS_CIPHER_C @@ -239,7 +239,7 @@ /** * \def MBEDTLS_SSL_CLI_C -@@ -2543,8 +2543,8 @@ +@@ -2571,8 +2571,8 @@ * Module: library/version.c * * This module provides run-time version information. @@ -249,7 +249,7 @@ /** * \def MBEDTLS_X509_USE_C -@@ -2654,7 +2654,7 @@ +@@ -2682,7 +2682,7 @@ * Module: library/xtea.c * Caller: */