ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-28 15:14:11 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
58,518 Commits 9 Branches 79 Tags 925 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Hauke Mehrtens
a0ebff651d mbedtls: Update to 2.28.9 
This contains a fix for:
CVE-2024-45157:
Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.

Link: https://github.com/openwrt/openwrt/pull/16367
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2024-09-14 17:02:22 +02:00
Hauke Mehrtens
dee4309bdf mbedtls: Update to 2.28.8 
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.

(cherry picked from commit 360ac07eb933feaf29bb031f788f0bf81c473be7)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2024-07-08 21:13:26 +02:00
Hauke Mehrtens
72f7f18d2b mbedtls: Update to version 2.28.5 
This fixes some minor security problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9e1c5ad4b0c99c45927ccd44504cd8fdbbd03bb0)
 2023-10-15 19:51:39 +02:00
Hauke Mehrtens
58d838d81d mbedtls: Update to version 2.28.4 
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d773fe5411cd4fdd8e107cfe338ed731001a1ade)
 2023-08-11 12:53:34 +02:00
Hauke Mehrtens
d679b15d31 mbedtls: Update to version 2.28.3 
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3

The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013

The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2023-04-10 13:36:26 +02:00
Glenn Strauss
2a691fc7f2 mbedtls: x509 crt verify SAN iPAddress 
backport from
X509 crt verify SAN iPAddress
https://github.com/Mbed-TLS/mbedtls/pull/6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
https://github.com/Mbed-TLS/mbedtls/issues/6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
https://github.com/openwrt/packages/issues/19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-02-03 11:27:58 +01:00