When PACKAGECONFIG does not contains 'programs', the hello binary will
not be generated, but the ALTERNATIVE 'hello' is still set, causing the
update-alternatives bbclass to generate warnings for the missing
'hello' binary.
This commit fixes that by only populating ALTERNATIVES when 'programs'
is enabled.
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is an LTS release.
Includes security fixes:
* CVE-2024-28960 - Insecure handling of shared memory in PSA Crypto APIs
Full release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX.
Changes:
Dave Rodgman (12):
Header updates
Fix some non-standard headers
Update documentation
Add Changelog for license
Update license for p256-m
README improvements to 3rdparty section
assemble Changelog
Fix typos in changelog
Bump version
Update BRANCHES
Update Changelog with bugfix entry
Add docs re Everest license
David Horstmann (1):
Fix 3rdparty target names for custom config
License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites
* Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH
* Includes aesce compilation fixes
Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
The extra patch fixes x86 32-bit builds.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Conversion from CVE_CHECK_IGNORE to CVE_STATUS had some copy+paste
issues.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 3.4.0 adds a lot of improvements and fixes (a notable one
being initial support for PKCS7 CMS), but since this is a pretty
big jump, let's keep both versions for a while, so the v2.x users
can upgrade to 3.x in a timely manner if needed.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
As mbedtls installs this rather generically-named /usr/bin/hello binary,
it conflicts with the one provided by lmbench, hence set it up as an
alternative to avoid conflicts when both are installed to rootfs or SDK.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) can recover an RSA private key after observing the victim
performing a single private-key operation, if the window size
(MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392https://nvd.nist.gov/vuln/detail/CVE-2022-46393
Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add an option to use Platform Security Architecture for the X.509 and TLS
operations.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Mbed TLS 2.28 is a long-time support branch. It will be supported with
bug-fixes and security fixes until end of 2024.
https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Disable the options by default, as we use different compilers there are
more warnings to handle then upstream
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Deleted build fix patch. This is already applied in this release.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Download archives are no longer updated so fetch from Github. Add build
fix from upstream. The file LICENSE now contains the full Apache 2.0
license text.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Mbed TLS 2.16.3 is a maintenance release of the Mbed TLS 2.16 branch, and
provides bug fixes and minor enhancements.
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.3
Most importantly, this fixes breakage on ARMv5TE platforms:
* Fix the build on ARMv5TE in ARM mode to not use assembly instructions that
are only available in Thumb mode.
https://github.com/ARMmbed/mbedtls/pull/2169
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Mbed TLS 2.9.0 maintains source code and binary compatibility with the last
minor version, Mbed TLS 2.8.0, but extends the interface with additional
capabilities.
* Detail release note:
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This also includes a switch to Apache license, because it's the primary license
for the project according to their homepage.
* Detail release note:
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
1. PolarSSL is now rebranded as mbed TLS.
2. upgrade to include CVE-2015-1182 fix:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1182
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
