Skip to content

Commit 7f7af21

Browse files
staticfloatKristofferC
staticfloat
authored and
KristofferC
committed
[release-1.6] Backport MbedTLS security patches (#45848)
* [release-1.6] Backport MbedTLS security patches A few MbedTLS security patches should be backported to our LTS release. In the future, we should lock ourselves to MbedTLS LTS releases so that we can take advantage of their backporting as well. * Bump mbedtls version and checksums
1 parent 281c578 commit 7f7af21

File tree

6 files changed

+1758
-34
lines changed

6 files changed

+1758
-34
lines changed

deps/checksums/mbedtls

Lines changed: 32 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,34 @@
1-
MbedTLS.v2.24.0+1.aarch64-apple-darwin.tar.gz/md5/63178c9516d47e07905b538993e2de0a
2-
MbedTLS.v2.24.0+1.aarch64-apple-darwin.tar.gz/sha512/d2c6456c55054b26223083c8286fb92b5161d9b75b5e6e0fedeccaf95490a17576602cf5df728bdf367fb45dbe71cde15260c690d8fce7cc22651bbd416fc6b6
3-
MbedTLS.v2.24.0+1.aarch64-linux-gnu.tar.gz/md5/2fee5b47f2b4c99c3124919613acc111
4-
MbedTLS.v2.24.0+1.aarch64-linux-gnu.tar.gz/sha512/7147823424d773024b4bc0cf4fbcd3a188af01a15cd93421c1946c9972ffc3417f4b8e1b671f80a13878f579473d8500aec1d5f74a9d6fdf6ed707de41deeb87
5-
MbedTLS.v2.24.0+1.aarch64-linux-musl.tar.gz/md5/d92a7e134cb4d4ce65a7d307c6252d83
6-
MbedTLS.v2.24.0+1.aarch64-linux-musl.tar.gz/sha512/6c8ade10420b1f6ff9e7734a653b932e041d1ff6a1360209aaf2498beb4c1a7b7c5019c9f205ba87077c8181c45097012ed758af828ad4ea510ff5288a879975
7-
MbedTLS.v2.24.0+1.armv6l-linux-gnueabihf.tar.gz/md5/bd30d16b25e503e4604ba65d7a15d9d6
8-
MbedTLS.v2.24.0+1.armv6l-linux-gnueabihf.tar.gz/sha512/58f821563241750f96e9ee0d03fceec50471d5e16bc70754759c01f18e9148d1a6750f947ca08f7eb6234e154bff022177cffd73f43fd52231ec5f8d1de2bf10
9-
MbedTLS.v2.24.0+1.armv6l-linux-musleabihf.tar.gz/md5/62b54065945595921eb16d894ddad13a
10-
MbedTLS.v2.24.0+1.armv6l-linux-musleabihf.tar.gz/sha512/41790b50dc8ed9a82106c7885948c13f0e3fa2eb0275a3c939cd9ee59fa027c790ebfe4df26df2c97a971a1a889cb81b82fee94533c855d0d8a7e07540825431
11-
MbedTLS.v2.24.0+1.armv7l-linux-gnueabihf.tar.gz/md5/3584feb530503683cd32d28d99ac1fb2
12-
MbedTLS.v2.24.0+1.armv7l-linux-gnueabihf.tar.gz/sha512/1373fa258ee69d11771868fead86a6cf550362a47e34c4a6a2ecc3e76400104a7228220ad5333c52dc1a658e6e9316659cc076c8262f02a6e06cc92296586495
13-
MbedTLS.v2.24.0+1.armv7l-linux-musleabihf.tar.gz/md5/6a3a986a4dc8c258886b1af6fa7ed6cd
14-
MbedTLS.v2.24.0+1.armv7l-linux-musleabihf.tar.gz/sha512/cc7cfb0eef06a68f662428025da70c19297ed2c052579da1f6380e836d729a222d736923f3a605a81a6c88e9d07ecaee653b5003a9f0ef1042f7ceae7a05c0ca
15-
MbedTLS.v2.24.0+1.i686-linux-gnu.tar.gz/md5/a21258724fd9830ad845df925230fc98
16-
MbedTLS.v2.24.0+1.i686-linux-gnu.tar.gz/sha512/14df3ce37e792823f6132842ac47da3c740a011e52c3abf66123509c3da872a6b91003442e0a99ea2a3b8fa2d375fa1ac26ae62bfa2a73297aefbc221552a2b6
17-
MbedTLS.v2.24.0+1.i686-linux-musl.tar.gz/md5/9a8fc61aefa6f2a59b73fa1eb7605a47
18-
MbedTLS.v2.24.0+1.i686-linux-musl.tar.gz/sha512/513bc8f83cd13c85d6641d372b2e75dc983f3626d83e2ae24bf2afd9b08ce758edbcaebc8766da048e615b66aee493220df8520798030cf02107b5daf7d028b4
19-
MbedTLS.v2.24.0+1.i686-w64-mingw32.tar.gz/md5/c11c0834f23cc24fa3a0d8578c98f384
20-
MbedTLS.v2.24.0+1.i686-w64-mingw32.tar.gz/sha512/d750ca2005d8f0d5e9c06eec381dcd4271a2776b833b543b375e338e8d9077573d880467aacee5789d414a9ef7a06e63c5a45fb5d604459057ed25e23df3a8ba
21-
MbedTLS.v2.24.0+1.powerpc64le-linux-gnu.tar.gz/md5/cd985543dc1b80e471849fead1121440
22-
MbedTLS.v2.24.0+1.powerpc64le-linux-gnu.tar.gz/sha512/92fcd67604291d76e52a0e37c9edb76789fad53b521d38a45035a78c2435150489854ca1e6d443bfeec99ee6fe33dcaa901c47076a936dd62b6a2c20ca961293
23-
MbedTLS.v2.24.0+1.x86_64-apple-darwin.tar.gz/md5/e5797b1b47fc23e9ddbdb6feff46e928
24-
MbedTLS.v2.24.0+1.x86_64-apple-darwin.tar.gz/sha512/de2c7a759abdd6e4fcb19603be7c3ece32451e4c5a36b28f11a0dd34f4705e79d799f620a8783de28d4ddb312adace65057b0c8a78007e8ea61dbe5738a16f44
25-
MbedTLS.v2.24.0+1.x86_64-linux-gnu.tar.gz/md5/93e8be223370fb3dc44c8f8f51e0aef3
26-
MbedTLS.v2.24.0+1.x86_64-linux-gnu.tar.gz/sha512/f3fba7d6f38e9ae9896d2f7a6194aaf547cc303631d914fd718fb06ba771ea0d3cf89edad3cc1b6fdc7978a8ba6b90f347dab94da526bc7f5c76c76d9275ed3b
27-
MbedTLS.v2.24.0+1.x86_64-linux-musl.tar.gz/md5/6350f1dc3987f2d2f563b7b02a3bb508
28-
MbedTLS.v2.24.0+1.x86_64-linux-musl.tar.gz/sha512/2071bf8420e8142f86d3459e43e3fc0badf5bf6a2db3436750504f890734b5c6f92a751abc1cbba8fee596804bf53fa3c14353ab6dc8850e27216b67f28fe905
29-
MbedTLS.v2.24.0+1.x86_64-unknown-freebsd.tar.gz/md5/4fe5764a2c4d471392cf633dfd114f51
30-
MbedTLS.v2.24.0+1.x86_64-unknown-freebsd.tar.gz/sha512/9908e90d9a16c987f8ef945b07a40c5a73d0f78716bba170e0db84daf2888efe877e229ecc395c3c37bc8bdf87dba2eeceb52d49b650743661214601c5f22484
31-
MbedTLS.v2.24.0+1.x86_64-w64-mingw32.tar.gz/md5/392247046d060a2cff4ceeaad2f534fb
32-
MbedTLS.v2.24.0+1.x86_64-w64-mingw32.tar.gz/sha512/9d2feb78170826a470a41d63b5dcc18093261e7f9751d11297e2d8462ecd0abb1fdb16df20e9223b8ab6ed06a19bfd539433f37ee9f44bdd20b0a578f87166f3
331
mbedtls-2.24.0.tar.gz/md5/9d1adcec4aa6729ae1dc56c3a24cb7d2
342
mbedtls-2.24.0.tar.gz/sha512/a51e80cedfa5c1772c79cba2dacd33f551516debf083803f7a5c1f4817c928e3bfb343fbe0c2e70ed591d0eba8fdc1bc46d11de7c3d12f50826de8f2f2ece279
3+
MbedTLS.v2.24.0+4.aarch64-apple-darwin.tar.gz/md5/4569a485b86ea4531cd8ef7a0f044ce6
4+
MbedTLS.v2.24.0+4.aarch64-apple-darwin.tar.gz/sha512/31078eff977b45ff40ae101924af65694dc0e70e6a3fb1aac0ab62045e0c7ebe50c0b85df27a48b02430cd8f9b6b56b07c8ff68a4966307b1869f0b8f57ea080
5+
MbedTLS.v2.24.0+4.aarch64-linux-gnu.tar.gz/md5/11400a06c3373fdbf984d26b33ac47fd
6+
MbedTLS.v2.24.0+4.aarch64-linux-gnu.tar.gz/sha512/2b646dce93029a20629d2c958b1bfa6413329b995156ce45884372a97f1ed2ff5a27a96fcef32757f21e875283614b3483b845c107bb3c56166260af47613b22
7+
MbedTLS.v2.24.0+4.aarch64-linux-musl.tar.gz/md5/f32638984793dd4bb8789333eafa66e6
8+
MbedTLS.v2.24.0+4.aarch64-linux-musl.tar.gz/sha512/3269acc4e0d3e9e65ecc0fd752d9fdfe7cb5e370611f4a715aed74b5a1aabefc6ecc4a4d71c55e0f1d0364bb00a570194e52e7af91d844228e6b5b9500ba253f
9+
MbedTLS.v2.24.0+4.armv6l-linux-gnueabihf.tar.gz/md5/8ad16b5c1a6102ddf4dbbef125b368fa
10+
MbedTLS.v2.24.0+4.armv6l-linux-gnueabihf.tar.gz/sha512/d153e6e5d3090638d3212cc0adbc73df7d4749ddaf6de8ceb3156b26aef4835da2737e1f1d5b91bb29a1ebe5ff232dc93d51847029323c93310d5bb3d69bfbcb
11+
MbedTLS.v2.24.0+4.armv6l-linux-musleabihf.tar.gz/md5/bd6d8ad4f42d8c1398ac3d7a5cee5389
12+
MbedTLS.v2.24.0+4.armv6l-linux-musleabihf.tar.gz/sha512/1840ff6cb59e097f6cdf0a70bcc3f7155342f798eb5d6e78562e6b45fc93cd183490a3e17231af6a4c2743f516b2bc897e22c6d792882ad7930984b59f9a7215
13+
MbedTLS.v2.24.0+4.armv7l-linux-gnueabihf.tar.gz/md5/2f91e3945dec75e58c593c0d0e04dca9
14+
MbedTLS.v2.24.0+4.armv7l-linux-gnueabihf.tar.gz/sha512/ff1a1df04ff89e2f9d278bd99b764f71da8c9eec8cd06feb4d48f58321c29bcb27e3bb5bdfd9fad313b22b8c7b55ebd9d2ed8a668bf807e4eb8a1be8c7a834d2
15+
MbedTLS.v2.24.0+4.armv7l-linux-musleabihf.tar.gz/md5/7fc7e8b68767c1b43c4f4d3a42050943
16+
MbedTLS.v2.24.0+4.armv7l-linux-musleabihf.tar.gz/sha512/d1ac843a6916b1f8e1c048a7347e3a14c46d1e81becb0ee62d25de6de32cda43c22546d93b1c922f3ceee5c5a5c7f07453e078f5d741bab0f6b6a0eb420c0ce1
17+
MbedTLS.v2.24.0+4.i686-linux-gnu.tar.gz/md5/969b6f461fc1b7bc7dd6265dfa63131a
18+
MbedTLS.v2.24.0+4.i686-linux-gnu.tar.gz/sha512/ae0c2d3a0fa1b0eecf33356176c1a2bdf5ada09dae7afda6ef1d512c4ad42d17eac0f709539c22b3594bff2128f24e308a5b390e53af93ec50e2780ef079902e
19+
MbedTLS.v2.24.0+4.i686-linux-musl.tar.gz/md5/0541dcd8779aedafdf4e3f6390ac4a6b
20+
MbedTLS.v2.24.0+4.i686-linux-musl.tar.gz/sha512/299544cf4d7f94095bae946e2029307077b60cbdb77919650f8965d7c955ce8e8dfcdde287cbaa27d40e5e02cc8a669f0c5903e18e576478a6a956a95ae527fe
21+
MbedTLS.v2.24.0+4.i686-w64-mingw32.tar.gz/md5/ec2140c28f5f7c156b8395034a1dcef0
22+
MbedTLS.v2.24.0+4.i686-w64-mingw32.tar.gz/sha512/7dbf759281bc9945a83314c7a941875c5f3dd29ab0657f44a04dc6f8dab00b5496e4cffa1400317b6381542351266c9563eb0bba7a44eb9fdb51e65e0b3b07d2
23+
MbedTLS.v2.24.0+4.powerpc64le-linux-gnu.tar.gz/md5/425be7f5cddab06e2f55162804357fe9
24+
MbedTLS.v2.24.0+4.powerpc64le-linux-gnu.tar.gz/sha512/4350f86366c39e5f464fa73672d570a245189427aa7afefa72f82d6c3a825a710eb55a961007747f2a8f62d60ef3f35b0fc50c6023f444eed42f261a3556f825
25+
MbedTLS.v2.24.0+4.x86_64-apple-darwin.tar.gz/md5/184a1894ffdb536be46bdb74abd281d4
26+
MbedTLS.v2.24.0+4.x86_64-apple-darwin.tar.gz/sha512/8d7011b5f71756cec44deea8dd32497d485a0ae4beb57583a45143e9d6e0f3db7bf2d8178f7c0b59e86f3dddce901e1fcc4fd3ba0d31f232d968bbbbe5f5fdd8
27+
MbedTLS.v2.24.0+4.x86_64-linux-gnu.tar.gz/md5/b4f4793e8d717f69ab437b649aa84218
28+
MbedTLS.v2.24.0+4.x86_64-linux-gnu.tar.gz/sha512/7ac6c551c1a7563a59e5d4d8fe9286bc3ab29c58aab510e27a84d7b304c6f3ea1e875999a158dd0dd639cc63e77b11e915c4ac5b5596ca6fda4b17274725998b
29+
MbedTLS.v2.24.0+4.x86_64-linux-musl.tar.gz/md5/1d5f06af710f8e0009550763e5698123
30+
MbedTLS.v2.24.0+4.x86_64-linux-musl.tar.gz/sha512/cff4c596b9498d7e7e0cedcd17c6021fa161614d183c767209faef2926a31b2859ce237502ef774ac3e3bc37006c6651b9fd912360e19099d1c70cfafa2ed4fe
31+
MbedTLS.v2.24.0+4.x86_64-unknown-freebsd.tar.gz/md5/f65a6c7d7fbe4db90622300add4522c0
32+
MbedTLS.v2.24.0+4.x86_64-unknown-freebsd.tar.gz/sha512/0f5e67293d5d7818ed68028cbd4207ebcb058829199b3a0b442e9672e079ab74c689b9399a3a09ea87a9818a85adc9623235557818f89a28ae9b48be33fb16bb
33+
MbedTLS.v2.24.0+4.x86_64-w64-mingw32.tar.gz/md5/91161dd9cf7eb60f46c8c538c22f29db
34+
MbedTLS.v2.24.0+4.x86_64-w64-mingw32.tar.gz/sha512/732e72fed17fb40537edee9600c5b8459f31c667819eacfb3e6c87960b913044282b017f1ad472c5ef8bc91e2bbccee7b5ca56f6d082c39c4090d04f37954839

deps/mbedtls.mk

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,29 @@ $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied: $(SRCCACHE)/$(MBE
3939
patch -p1 -f < $(SRCDIR)/patches/mbedtls-cmake-findpy.patch
4040
echo 1 > $@
4141

42+
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-1.patch-applied: $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied
43+
# Apply backported set of patches for MbedTLS security issue first fixed in 2.27.0
44+
cd $(SRCCACHE)/$(MBEDTLS_SRC) && \
45+
patch -p1 -f < $(SRCDIR)/patches/mbedtls-security-advisory-2021-07-1.patch
46+
echo 1 > $@
47+
48+
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-2.patch-applied: $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-1.patch-applied
49+
# Apply backported set of patches for MbedTLS security issue first fixed in 2.27.0
50+
cd $(SRCCACHE)/$(MBEDTLS_SRC) && \
51+
patch -p1 -f < $(SRCDIR)/patches/mbedtls-security-advisory-2021-07-2.patch
52+
echo 1 > $@
53+
54+
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-12.patch-applied: $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-2.patch-applied
55+
# Apply backported set of patches for MbedTLS security issue first fixed in 2.28.0
56+
cd $(SRCCACHE)/$(MBEDTLS_SRC) && \
57+
patch -p1 -f < $(SRCDIR)/patches/mbedtls-security-advisory-2021-12.patch
58+
echo 1 > $@
59+
4260
$(BUILDDIR)/$(MBEDTLS_SRC)/build-configured: \
43-
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied
61+
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied \
62+
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-1.patch-applied \
63+
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-2.patch-applied \
64+
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-12.patch-applied
4465

4566
$(BUILDDIR)/$(MBEDTLS_SRC)/build-configured: $(SRCCACHE)/$(MBEDTLS_SRC)/source-extracted
4667
mkdir -p $(dir $@)

0 commit comments

Comments
 (0)