rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Baruch Siach <baruch@tkos.co.il>
	Tue, 24 Apr 2018 11:48:22 +0000 (14:48 +0300)
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
	Wed, 25 Apr 2018 13:29:57 +0000 (15:29 +0200)
commit	babc94e9dd4a1a04c4a0befdb6d32236a30b8ea8
tree	d52495b4c66172b79f6b0b43f4daaf8e309363e7	tree \| snapshot
parent	1667fe58106aa5bdb63e0c8db2e34c605947464a	commit \| diff

mbedtls: security bump to version 2.7.2

The release announcement mentions these security fixes:

  Defend against Bellcore glitch attacks by verifying the results of RSA
  private key operations.

  Fix implementation of the truncated HMAC extension. The previous
  implementation allowed an offline 2^80 brute force attack on the HMAC
  key of a single, uninterrupted connection (with no resumption of the
  session).

  Reject CRLs containing unsupported critical extensions.

  Fix a buffer overread in ssl_parse_server_key_exchange() that could
  cause a crash on invalid input. (CVE-2018-9988)

  Fix a buffer overread in ssl_parse_server_psk_hint() that could cause
  a crash on invalid input. (CVE-2018-9989)

Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mbedtls/0001-dhm-Fix-typo-in-RFC-5114-constants.patch	[deleted file]	blob \| history
package/mbedtls/mbedtls.hash		diff \| blob \| history
package/mbedtls/mbedtls.mk		diff \| blob \| history