On 12/22/18 11:16 AM, Stijn Segers wrote:
Updates mbedtls to 2.14.1. This builds on the previous master commit
7849f74117ce83e4cfcd1448a22cc05dbf9b3486.
Fixes in 2.13.0:
* Fixed a security issue in the X.509 module which could lead to a buffer
overread during certificate extensions parsing.
* Several bugfixes.
* Improvements for better support for DTLS on low-bandwidth, high latency
networks with high packet loss.
Fixes in 2.14.1:
* CVE-2018-19608: Local timing attack on RSA decryption
Includes master commit 9e7c4702a1f4e49113d10bc736f50e8a06bdb8ba 'mbedtls: fix
compilation on ARM < 6'.
Signed-off-by: Daniel Engberg <daniel.engberg.li...@pyret.net>
[Update to 2.14.1]
Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de>
[Adapted and squashed for 18.06.1+]
Signed-off-by: Stijn Segers <f...@volatilesystems.org>
Acked-by: Hauke Mehrtens <ha...@hauke-m.de>
---
package/libs/mbedtls/Makefile | 4 +-
package/libs/mbedtls/patches/200-config.patch | 48 +++++++++----------
...optimized-MULADDC-code-only-on-ARM-6.patch | 27 +++++++++++
.../patches/300-soversion-compatibility.patch | 6 +--
4 files changed, 56 insertions(+), 29 deletions(-)
create mode 100644
package/libs/mbedtls/patches/300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
