Skip to content

Commit

Permalink
[release-1.6] Backport MbedTLS security patches (#45848)
Browse files Browse the repository at this point in the history
* [release-1.6] Backport MbedTLS security patches

A few MbedTLS security patches should be backported to our LTS release.
In the future, we should lock ourselves to MbedTLS LTS releases so that
we can take advantage of their backporting as well.

* Bump mbedtls version and checksums
  • Loading branch information
staticfloat authored and KristofferC committed Jul 4, 2022
1 parent 5c5c85a commit 443c321
Show file tree
Hide file tree
Showing 6 changed files with 1,758 additions and 34 deletions.
64 changes: 32 additions & 32 deletions deps/checksums/mbedtls
Original file line number Diff line number Diff line change
@@ -1,34 +1,34 @@
MbedTLS.v2.24.0+1.aarch64-apple-darwin.tar.gz/md5/63178c9516d47e07905b538993e2de0a
MbedTLS.v2.24.0+1.aarch64-apple-darwin.tar.gz/sha512/d2c6456c55054b26223083c8286fb92b5161d9b75b5e6e0fedeccaf95490a17576602cf5df728bdf367fb45dbe71cde15260c690d8fce7cc22651bbd416fc6b6
MbedTLS.v2.24.0+1.aarch64-linux-gnu.tar.gz/md5/2fee5b47f2b4c99c3124919613acc111
MbedTLS.v2.24.0+1.aarch64-linux-gnu.tar.gz/sha512/7147823424d773024b4bc0cf4fbcd3a188af01a15cd93421c1946c9972ffc3417f4b8e1b671f80a13878f579473d8500aec1d5f74a9d6fdf6ed707de41deeb87
MbedTLS.v2.24.0+1.aarch64-linux-musl.tar.gz/md5/d92a7e134cb4d4ce65a7d307c6252d83
MbedTLS.v2.24.0+1.aarch64-linux-musl.tar.gz/sha512/6c8ade10420b1f6ff9e7734a653b932e041d1ff6a1360209aaf2498beb4c1a7b7c5019c9f205ba87077c8181c45097012ed758af828ad4ea510ff5288a879975
MbedTLS.v2.24.0+1.armv6l-linux-gnueabihf.tar.gz/md5/bd30d16b25e503e4604ba65d7a15d9d6
MbedTLS.v2.24.0+1.armv6l-linux-gnueabihf.tar.gz/sha512/58f821563241750f96e9ee0d03fceec50471d5e16bc70754759c01f18e9148d1a6750f947ca08f7eb6234e154bff022177cffd73f43fd52231ec5f8d1de2bf10
MbedTLS.v2.24.0+1.armv6l-linux-musleabihf.tar.gz/md5/62b54065945595921eb16d894ddad13a
MbedTLS.v2.24.0+1.armv6l-linux-musleabihf.tar.gz/sha512/41790b50dc8ed9a82106c7885948c13f0e3fa2eb0275a3c939cd9ee59fa027c790ebfe4df26df2c97a971a1a889cb81b82fee94533c855d0d8a7e07540825431
MbedTLS.v2.24.0+1.armv7l-linux-gnueabihf.tar.gz/md5/3584feb530503683cd32d28d99ac1fb2
MbedTLS.v2.24.0+1.armv7l-linux-gnueabihf.tar.gz/sha512/1373fa258ee69d11771868fead86a6cf550362a47e34c4a6a2ecc3e76400104a7228220ad5333c52dc1a658e6e9316659cc076c8262f02a6e06cc92296586495
MbedTLS.v2.24.0+1.armv7l-linux-musleabihf.tar.gz/md5/6a3a986a4dc8c258886b1af6fa7ed6cd
MbedTLS.v2.24.0+1.armv7l-linux-musleabihf.tar.gz/sha512/cc7cfb0eef06a68f662428025da70c19297ed2c052579da1f6380e836d729a222d736923f3a605a81a6c88e9d07ecaee653b5003a9f0ef1042f7ceae7a05c0ca
MbedTLS.v2.24.0+1.i686-linux-gnu.tar.gz/md5/a21258724fd9830ad845df925230fc98
MbedTLS.v2.24.0+1.i686-linux-gnu.tar.gz/sha512/14df3ce37e792823f6132842ac47da3c740a011e52c3abf66123509c3da872a6b91003442e0a99ea2a3b8fa2d375fa1ac26ae62bfa2a73297aefbc221552a2b6
MbedTLS.v2.24.0+1.i686-linux-musl.tar.gz/md5/9a8fc61aefa6f2a59b73fa1eb7605a47
MbedTLS.v2.24.0+1.i686-linux-musl.tar.gz/sha512/513bc8f83cd13c85d6641d372b2e75dc983f3626d83e2ae24bf2afd9b08ce758edbcaebc8766da048e615b66aee493220df8520798030cf02107b5daf7d028b4
MbedTLS.v2.24.0+1.i686-w64-mingw32.tar.gz/md5/c11c0834f23cc24fa3a0d8578c98f384
MbedTLS.v2.24.0+1.i686-w64-mingw32.tar.gz/sha512/d750ca2005d8f0d5e9c06eec381dcd4271a2776b833b543b375e338e8d9077573d880467aacee5789d414a9ef7a06e63c5a45fb5d604459057ed25e23df3a8ba
MbedTLS.v2.24.0+1.powerpc64le-linux-gnu.tar.gz/md5/cd985543dc1b80e471849fead1121440
MbedTLS.v2.24.0+1.powerpc64le-linux-gnu.tar.gz/sha512/92fcd67604291d76e52a0e37c9edb76789fad53b521d38a45035a78c2435150489854ca1e6d443bfeec99ee6fe33dcaa901c47076a936dd62b6a2c20ca961293
MbedTLS.v2.24.0+1.x86_64-apple-darwin.tar.gz/md5/e5797b1b47fc23e9ddbdb6feff46e928
MbedTLS.v2.24.0+1.x86_64-apple-darwin.tar.gz/sha512/de2c7a759abdd6e4fcb19603be7c3ece32451e4c5a36b28f11a0dd34f4705e79d799f620a8783de28d4ddb312adace65057b0c8a78007e8ea61dbe5738a16f44
MbedTLS.v2.24.0+1.x86_64-linux-gnu.tar.gz/md5/93e8be223370fb3dc44c8f8f51e0aef3
MbedTLS.v2.24.0+1.x86_64-linux-gnu.tar.gz/sha512/f3fba7d6f38e9ae9896d2f7a6194aaf547cc303631d914fd718fb06ba771ea0d3cf89edad3cc1b6fdc7978a8ba6b90f347dab94da526bc7f5c76c76d9275ed3b
MbedTLS.v2.24.0+1.x86_64-linux-musl.tar.gz/md5/6350f1dc3987f2d2f563b7b02a3bb508
MbedTLS.v2.24.0+1.x86_64-linux-musl.tar.gz/sha512/2071bf8420e8142f86d3459e43e3fc0badf5bf6a2db3436750504f890734b5c6f92a751abc1cbba8fee596804bf53fa3c14353ab6dc8850e27216b67f28fe905
MbedTLS.v2.24.0+1.x86_64-unknown-freebsd.tar.gz/md5/4fe5764a2c4d471392cf633dfd114f51
MbedTLS.v2.24.0+1.x86_64-unknown-freebsd.tar.gz/sha512/9908e90d9a16c987f8ef945b07a40c5a73d0f78716bba170e0db84daf2888efe877e229ecc395c3c37bc8bdf87dba2eeceb52d49b650743661214601c5f22484
MbedTLS.v2.24.0+1.x86_64-w64-mingw32.tar.gz/md5/392247046d060a2cff4ceeaad2f534fb
MbedTLS.v2.24.0+1.x86_64-w64-mingw32.tar.gz/sha512/9d2feb78170826a470a41d63b5dcc18093261e7f9751d11297e2d8462ecd0abb1fdb16df20e9223b8ab6ed06a19bfd539433f37ee9f44bdd20b0a578f87166f3
mbedtls-2.24.0.tar.gz/md5/9d1adcec4aa6729ae1dc56c3a24cb7d2
mbedtls-2.24.0.tar.gz/sha512/a51e80cedfa5c1772c79cba2dacd33f551516debf083803f7a5c1f4817c928e3bfb343fbe0c2e70ed591d0eba8fdc1bc46d11de7c3d12f50826de8f2f2ece279
MbedTLS.v2.24.0+4.aarch64-apple-darwin.tar.gz/md5/4569a485b86ea4531cd8ef7a0f044ce6
MbedTLS.v2.24.0+4.aarch64-apple-darwin.tar.gz/sha512/31078eff977b45ff40ae101924af65694dc0e70e6a3fb1aac0ab62045e0c7ebe50c0b85df27a48b02430cd8f9b6b56b07c8ff68a4966307b1869f0b8f57ea080
MbedTLS.v2.24.0+4.aarch64-linux-gnu.tar.gz/md5/11400a06c3373fdbf984d26b33ac47fd
MbedTLS.v2.24.0+4.aarch64-linux-gnu.tar.gz/sha512/2b646dce93029a20629d2c958b1bfa6413329b995156ce45884372a97f1ed2ff5a27a96fcef32757f21e875283614b3483b845c107bb3c56166260af47613b22
MbedTLS.v2.24.0+4.aarch64-linux-musl.tar.gz/md5/f32638984793dd4bb8789333eafa66e6
MbedTLS.v2.24.0+4.aarch64-linux-musl.tar.gz/sha512/3269acc4e0d3e9e65ecc0fd752d9fdfe7cb5e370611f4a715aed74b5a1aabefc6ecc4a4d71c55e0f1d0364bb00a570194e52e7af91d844228e6b5b9500ba253f
MbedTLS.v2.24.0+4.armv6l-linux-gnueabihf.tar.gz/md5/8ad16b5c1a6102ddf4dbbef125b368fa
MbedTLS.v2.24.0+4.armv6l-linux-gnueabihf.tar.gz/sha512/d153e6e5d3090638d3212cc0adbc73df7d4749ddaf6de8ceb3156b26aef4835da2737e1f1d5b91bb29a1ebe5ff232dc93d51847029323c93310d5bb3d69bfbcb
MbedTLS.v2.24.0+4.armv6l-linux-musleabihf.tar.gz/md5/bd6d8ad4f42d8c1398ac3d7a5cee5389
MbedTLS.v2.24.0+4.armv6l-linux-musleabihf.tar.gz/sha512/1840ff6cb59e097f6cdf0a70bcc3f7155342f798eb5d6e78562e6b45fc93cd183490a3e17231af6a4c2743f516b2bc897e22c6d792882ad7930984b59f9a7215
MbedTLS.v2.24.0+4.armv7l-linux-gnueabihf.tar.gz/md5/2f91e3945dec75e58c593c0d0e04dca9
MbedTLS.v2.24.0+4.armv7l-linux-gnueabihf.tar.gz/sha512/ff1a1df04ff89e2f9d278bd99b764f71da8c9eec8cd06feb4d48f58321c29bcb27e3bb5bdfd9fad313b22b8c7b55ebd9d2ed8a668bf807e4eb8a1be8c7a834d2
MbedTLS.v2.24.0+4.armv7l-linux-musleabihf.tar.gz/md5/7fc7e8b68767c1b43c4f4d3a42050943
MbedTLS.v2.24.0+4.armv7l-linux-musleabihf.tar.gz/sha512/d1ac843a6916b1f8e1c048a7347e3a14c46d1e81becb0ee62d25de6de32cda43c22546d93b1c922f3ceee5c5a5c7f07453e078f5d741bab0f6b6a0eb420c0ce1
MbedTLS.v2.24.0+4.i686-linux-gnu.tar.gz/md5/969b6f461fc1b7bc7dd6265dfa63131a
MbedTLS.v2.24.0+4.i686-linux-gnu.tar.gz/sha512/ae0c2d3a0fa1b0eecf33356176c1a2bdf5ada09dae7afda6ef1d512c4ad42d17eac0f709539c22b3594bff2128f24e308a5b390e53af93ec50e2780ef079902e
MbedTLS.v2.24.0+4.i686-linux-musl.tar.gz/md5/0541dcd8779aedafdf4e3f6390ac4a6b
MbedTLS.v2.24.0+4.i686-linux-musl.tar.gz/sha512/299544cf4d7f94095bae946e2029307077b60cbdb77919650f8965d7c955ce8e8dfcdde287cbaa27d40e5e02cc8a669f0c5903e18e576478a6a956a95ae527fe
MbedTLS.v2.24.0+4.i686-w64-mingw32.tar.gz/md5/ec2140c28f5f7c156b8395034a1dcef0
MbedTLS.v2.24.0+4.i686-w64-mingw32.tar.gz/sha512/7dbf759281bc9945a83314c7a941875c5f3dd29ab0657f44a04dc6f8dab00b5496e4cffa1400317b6381542351266c9563eb0bba7a44eb9fdb51e65e0b3b07d2
MbedTLS.v2.24.0+4.powerpc64le-linux-gnu.tar.gz/md5/425be7f5cddab06e2f55162804357fe9
MbedTLS.v2.24.0+4.powerpc64le-linux-gnu.tar.gz/sha512/4350f86366c39e5f464fa73672d570a245189427aa7afefa72f82d6c3a825a710eb55a961007747f2a8f62d60ef3f35b0fc50c6023f444eed42f261a3556f825
MbedTLS.v2.24.0+4.x86_64-apple-darwin.tar.gz/md5/184a1894ffdb536be46bdb74abd281d4
MbedTLS.v2.24.0+4.x86_64-apple-darwin.tar.gz/sha512/8d7011b5f71756cec44deea8dd32497d485a0ae4beb57583a45143e9d6e0f3db7bf2d8178f7c0b59e86f3dddce901e1fcc4fd3ba0d31f232d968bbbbe5f5fdd8
MbedTLS.v2.24.0+4.x86_64-linux-gnu.tar.gz/md5/b4f4793e8d717f69ab437b649aa84218
MbedTLS.v2.24.0+4.x86_64-linux-gnu.tar.gz/sha512/7ac6c551c1a7563a59e5d4d8fe9286bc3ab29c58aab510e27a84d7b304c6f3ea1e875999a158dd0dd639cc63e77b11e915c4ac5b5596ca6fda4b17274725998b
MbedTLS.v2.24.0+4.x86_64-linux-musl.tar.gz/md5/1d5f06af710f8e0009550763e5698123
MbedTLS.v2.24.0+4.x86_64-linux-musl.tar.gz/sha512/cff4c596b9498d7e7e0cedcd17c6021fa161614d183c767209faef2926a31b2859ce237502ef774ac3e3bc37006c6651b9fd912360e19099d1c70cfafa2ed4fe
MbedTLS.v2.24.0+4.x86_64-unknown-freebsd.tar.gz/md5/f65a6c7d7fbe4db90622300add4522c0
MbedTLS.v2.24.0+4.x86_64-unknown-freebsd.tar.gz/sha512/0f5e67293d5d7818ed68028cbd4207ebcb058829199b3a0b442e9672e079ab74c689b9399a3a09ea87a9818a85adc9623235557818f89a28ae9b48be33fb16bb
MbedTLS.v2.24.0+4.x86_64-w64-mingw32.tar.gz/md5/91161dd9cf7eb60f46c8c538c22f29db
MbedTLS.v2.24.0+4.x86_64-w64-mingw32.tar.gz/sha512/732e72fed17fb40537edee9600c5b8459f31c667819eacfb3e6c87960b913044282b017f1ad472c5ef8bc91e2bbccee7b5ca56f6d082c39c4090d04f37954839
23 changes: 22 additions & 1 deletion deps/mbedtls.mk
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,29 @@ $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied: $(SRCCACHE)/$(MBE
patch -p1 -f < $(SRCDIR)/patches/mbedtls-cmake-findpy.patch
echo 1 > $@

$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-1.patch-applied: $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied
# Apply backported set of patches for MbedTLS security issue first fixed in 2.27.0
cd $(SRCCACHE)/$(MBEDTLS_SRC) && \
patch -p1 -f < $(SRCDIR)/patches/mbedtls-security-advisory-2021-07-1.patch
echo 1 > $@

$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-2.patch-applied: $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-1.patch-applied
# Apply backported set of patches for MbedTLS security issue first fixed in 2.27.0
cd $(SRCCACHE)/$(MBEDTLS_SRC) && \
patch -p1 -f < $(SRCDIR)/patches/mbedtls-security-advisory-2021-07-2.patch
echo 1 > $@

$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-12.patch-applied: $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-2.patch-applied
# Apply backported set of patches for MbedTLS security issue first fixed in 2.28.0
cd $(SRCCACHE)/$(MBEDTLS_SRC) && \
patch -p1 -f < $(SRCDIR)/patches/mbedtls-security-advisory-2021-12.patch
echo 1 > $@

$(BUILDDIR)/$(MBEDTLS_SRC)/build-configured: \
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied \
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-1.patch-applied \
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-07-2.patch-applied \
$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-security-advisory-2021-12.patch-applied

$(BUILDDIR)/$(MBEDTLS_SRC)/build-configured: $(SRCCACHE)/$(MBEDTLS_SRC)/source-extracted
mkdir -p $(dir $@)
Expand Down
Loading

0 comments on commit 443c321

Please sign in to comment.