projects / librecmc / librecmc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2525e5f) | patch
mbedtls: Update to version 2.16.12
authorHauke Mehrtens <hauke@hauke-m.de>
Sat, 29 Jan 2022 10:56:27 +0000 (11:56 +0100)
committerRISCi_ATOM <bob@bobcall.me>
Mon, 28 Mar 2022 17:01:05 +0000 (13:01 -0400)
commit57fcc22cae65c28002a2c4ff26c09e9619a1965a
tree18415c9f765b060fb4a2bd93c3ac5724fe4dd6betree | snapshot
parent2525e5f1b006ad59f614c2c1c79bb66e6f85db08commit | diff
mbedtls: Update to version 2.16.12

This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
  value when verifying a MAC or AEAD tag. This hardens the library in
  case the value leaks through a memory disclosure vulnerability. For
  example, a memory disclosure vulnerability could have allowed a
  man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
  mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
  (out of memory). After that, calling mbedtls_ssl_session_free()
  and mbedtls_ssl_free() would cause an internal session buffer to
  be free()'d twice. CVE-2021-44732

The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 57f38e2c827e3be71d8b1709073e366afe011985)
package/libs/mbedtls/Makefile diff | blob | history