git.openwrt.org Git - openwrt/openwrt.git/commit

author	Hauke Mehrtens <hauke@hauke-m.de>
	Mon, 21 May 2018 11:58:52 +0000 (13:58 +0200)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Wed, 8 Aug 2018 20:49:59 +0000 (22:49 +0200)
commit	ea22e3df3eb017840d90d4150a149400b1965724
tree	8e4bf6af6d8b9ac39db65fefcd479efebc5517a9	tree \| snapshot
parent	0d5a041095a142456176bf0a9a2c4fb02b99016c	commit \| diff

mbedtls: Update to 2.12.0

Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

package/libs/mbedtls/Makefile		diff \| blob \| history
package/libs/mbedtls/patches/200-config.patch		diff \| blob \| history
package/libs/mbedtls/patches/300-soversion-compatibility.patch	[new file with mode: 0644]	blob
package/libs/ustream-ssl/Makefile		diff \| blob \| history
package/network/services/openvpn/Makefile		diff \| blob \| history
package/network/utils/curl/Makefile		diff \| blob \| history
package/utils/px5g/Makefile		diff \| blob \| history