Hi, On Fri, Oct 13, 2023 at 03:07:19PM +0100, Beniamin Sandu wrote: > * Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream > cipher suites > * Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake > parsing with ECDH > * Includes aesce compilation fixes
Thanks, looks very good now! Cheers, -Mikko > Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0 > > Signed-off-by: Beniamin Sandu <beniaminsa...@gmail.com> > --- > ...cify-an-arch-version-when-enabling-c.patch | 33 ------------------ > ...t-target-attribute-when-building-wit.patch | 34 ------------------- > .../{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} | 4 +-- > 3 files changed, 1 insertion(+), 70 deletions(-) > delete mode 100644 > meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > delete mode 100644 > meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.4.1.bb => > mbedtls_3.5.0.bb} (93%) > > diff --git > a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > > b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > deleted file mode 100644 > index 44d74754c..000000000 > --- > a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > +++ /dev/null > @@ -1,33 +0,0 @@ > -From 2246925e3cb16183e25d4e2cfd13fb800df86270 Mon Sep 17 00:00:00 2001 > -From: Beniamin Sandu <beniaminsa...@gmail.com> > -Date: Sun, 25 Jun 2023 19:58:08 +0300 > -Subject: [PATCH] aesce: do not specify an arch version when enabling crypto > - instructions > - > -Building mbedtls with different aarch64 tuning variations revealed > -that we should use the crypto extensions without forcing a particular > -architecture version or core, as that can create issues. > - > -Upstream-Status: Backport > [https://github.com/Mbed-TLS/mbedtls/commit/471a975942dec76bf0ccb92b6c6da055385683fb] > - > -Signed-off-by: Beniamin Sandu <beniaminsa...@gmail.com> > ---- > - library/aesce.c | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/library/aesce.c b/library/aesce.c > -index fe056dc4c..843de3973 100644 > ---- a/library/aesce.c > -+++ b/library/aesce.c > -@@ -60,7 +60,7 @@ > - # error "A more recent GCC is required for MBEDTLS_AESCE_C" > - # endif > - # pragma GCC push_options > --# pragma GCC target ("arch=armv8-a+crypto") > -+# pragma GCC target ("+crypto") > - # define MBEDTLS_POP_TARGET_PRAGMA > - # else > - # error "Only GCC and Clang supported for MBEDTLS_AESCE_C" > --- > -2.25.1 > - > diff --git > a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > > b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > deleted file mode 100644 > index c8f6cb750..000000000 > --- > a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > +++ /dev/null > @@ -1,34 +0,0 @@ > -From 03d3523f974536f2358047382aadb0d4cc762f8a Mon Sep 17 00:00:00 2001 > -From: Beniamin Sandu <beniaminsa...@gmail.com> > -Date: Mon, 26 Jun 2023 12:07:21 +0300 > -Subject: [PATCH] aesce: use correct target attribute when building with clang > - > -Seems clang has its own issues when it comes to crypto extensions, > -and right now the best way to avoid them is to accurately enable > -the needed instructions instead of the broad crypto feature. > - > -E.g.: https://github.com/llvm/llvm-project/issues/61645 > - > -Upstream-Status: Backport > [https://github.com/Mbed-TLS/mbedtls/commit/aa4f6219014d863bed51453e5261178adc66be34] > - > -Signed-off-by: Beniamin Sandu <beniaminsa...@gmail.com> > ---- > - library/aesce.c | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/library/aesce.c b/library/aesce.c > -index 843de3973..7bea088ba 100644 > ---- a/library/aesce.c > -+++ b/library/aesce.c > -@@ -53,7 +53,7 @@ > - # if __clang_major__ < 4 > - # error "A more recent Clang is required for MBEDTLS_AESCE_C" > - # endif > --# pragma clang attribute push (__attribute__((target("crypto"))), > apply_to=function) > -+# pragma clang attribute push (__attribute__((target("aes"))), > apply_to=function) > - # define MBEDTLS_POP_TARGET_PRAGMA > - # elif defined(__GNUC__) > - # if __GNUC__ < 6 > --- > -2.25.1 > - > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > similarity index 93% > rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > index a6f8583b2..1fd187ab2 100644 > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > @@ -23,10 +23,8 @@ LIC_FILES_CHKSUM = > "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" > SECTION = "libs" > > S = "${WORKDIR}/git" > -SRCREV = "72718dd87e087215ce9155a826ee5a66cfbe9631" > +SRCREV = "1ec69067fa1351427f904362c1221b31538c8b57" > SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master > \ > - file://0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch \ > - file://0002-aesce-use-correct-target-attribute-when-building-wit.patch \ > file://run-ptest" > > inherit cmake update-alternatives ptest > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105477): https://lists.openembedded.org/g/openembedded-devel/message/105477 Mute This Topic: https://lists.openembedded.org/mt/101940558/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-