[Buildroot] [PATCH] mbedtls: security bump to version 2.2.1

Gustavo Zacarias gustavo at zacarias.com.ar
Wed Jan 6 17:14:39 UTC 2016


Fixes:
CVE-2015-7575 - Security Losses from Obsolete and Truncated Transcript
Hashes (SLOTH) vulnerability.

Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
 package/mbedtls/mbedtls.hash | 4 ++--
 package/mbedtls/mbedtls.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/mbedtls/mbedtls.hash b/package/mbedtls/mbedtls.hash
index 161dc2b..eebbfe8 100644
--- a/package/mbedtls/mbedtls.hash
+++ b/package/mbedtls/mbedtls.hash
@@ -1,2 +1,2 @@
-# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released
-sha256	3c6d3487ab056da94450cf907afc84f026aff7880182baffe137c98e3d00fb55	mbedtls-2.2.0-apache.tgz
+# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released
+sha256	6ddd5ca2e7dfb43d2fd750400856246fc1c98344dabf01b1594eb2f9880ef7ce	mbedtls-2.2.1-apache.tgz
diff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk
index b98b7f5..fe166e2 100644
--- a/package/mbedtls/mbedtls.mk
+++ b/package/mbedtls/mbedtls.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 MBEDTLS_SITE = https://tls.mbed.org/code/releases
-MBEDTLS_VERSION = 2.2.0
+MBEDTLS_VERSION = 2.2.1
 MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz
 MBEDTLS_CONF_OPTS = \
 	-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \
-- 
2.4.10



More information about the buildroot mailing list