package/mbedtls: security bump to version 2.28.5

Fixes the following security issue: CVE-2023-43615: Buffer overread in TLS stream cipher suites https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/ Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Arnout Vandecappelle <arnout@mind.be> (cherry picked from commit 26762e3009) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-07 21:22:25 +02:00 · 2023-10-07 21:22:25 +02:00 · 93800e3256
commit 93800e3256
parent a2cbf289d4
2 changed files with 2 additions and 2 deletions
--- a/package/mbedtls/mbedtls.hash
+++ b/package/mbedtls/mbedtls.hash
@ -1,4 +1,4 @@
 # From https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.4:
-sha256  578c4dcd15bbff3f5cd56aa07cd4f850fc733634e3d5947be4f7157d5bfd81ac  mbedtls-2.28.4.tar.gz
+sha256  849e86b626e42ded6bf67197b64aa771daa54e2a7e2868dc67e1e4711959e5e3  mbedtls-2.28.5.tar.gz
 # Locally calculated
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE
--- a/package/mbedtls/mbedtls.mk
+++ b/package/mbedtls/mbedtls.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-MBEDTLS_VERSION = 2.28.4
+MBEDTLS_VERSION = 2.28.5
 MBEDTLS_SITE = $(call github,ARMmbed,mbedtls,v$(MBEDTLS_VERSION))
 MBEDTLS_CONF_OPTS = \
 	-DCMAKE_C_FLAGS="$(TARGET_CFLAGS) -std=c99" \