From c4ed92ae7d9568b42490eeba540e68684c6ed981 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Mon, 13 Mar 2017 20:04:32 +0100 Subject: [PATCH] mbedtls: update to version 2.4.2 This fixes the following security problems: * CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve * SLOTH vulnerability * Denial of Service through Certificate Revocation List Signed-off-by: Hauke Mehrtens --- package/libs/mbedtls/Makefile | 6 +++--- package/libs/mbedtls/patches/200-config.patch | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index a7d698c4fc..65a6750c4b 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.4.0 -PKG_RELEASE:=2 +PKG_VERSION:=2.4.2 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz PKG_SOURCE_URL:=https://tls.mbed.org/download/ -PKG_HASH:=80eff0e0028f969355d6e34ffdd3dbf4eb2a9367b07ff2f3f70e6d75beee9e3f +PKG_HASH:=d01f2d5586a52055329d194d909103f445bd2d0b6b2b5f1c830fbf828ac6299f PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0+ diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch index 96d7c156a7..510872380f 100644 --- a/package/libs/mbedtls/patches/200-config.patch +++ b/package/libs/mbedtls/patches/200-config.patch @@ -222,7 +222,7 @@ /** * \def MBEDTLS_MD_C @@ -2158,7 +2158,7 @@ - * Caller: library/mbedtls_md.c + * Caller: library/md.c * */ -#define MBEDTLS_RIPEMD160_C -- 2.25.1