Hauke Mehrtens
360ac07eb9
mbedtls: Update to 2.28.8
...
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-24 22:24:11 +02:00
Hauke Mehrtens
9e1c5ad4b0
mbedtls: Update to version 2.28.5
...
This fixes some minor security problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-10-14 15:48:31 +02:00
Hauke Mehrtens
d773fe5411
mbedtls: Update to version 2.28.4
...
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-08-11 11:03:08 +02:00
Hauke Mehrtens
d679b15d31
mbedtls: Update to version 2.28.3
...
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013
The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-10 13:36:26 +02:00
Glenn Strauss
2a691fc7f2
mbedtls: x509 crt verify SAN iPAddress
...
backport from
X509 crt verify SAN iPAddress
https://github.com/Mbed-TLS/mbedtls/pull/6475
addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
https://github.com/Mbed-TLS/mbedtls/issues/6473
filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
https://github.com/openwrt/packages/issues/19677
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-02-03 11:27:58 +01:00