1691c1168d
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice. CVE-2021-44732
The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
|
||
---|---|---|
.github | ||
config | ||
include | ||
package | ||
scripts | ||
target | ||
toolchain | ||
tools | ||
.gitattributes | ||
.gitignore | ||
BSDmakefile | ||
Config.in | ||
LICENSE | ||
Makefile | ||
README | ||
feeds.conf.default | ||
rules.mk |
README
_______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- This is the buildsystem for the OpenWrt Linux distribution. To build your own firmware you need a Linux, BSD or MacOSX system (case sensitive filesystem required). Cygwin is unsupported because of the lack of a case sensitive file system. You need gcc, binutils, bzip2, flex, python, perl, make, find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers installed. 1. Run "./scripts/feeds update -a" to obtain all the latest package definitions defined in feeds.conf / feeds.conf.default 2. Run "./scripts/feeds install -a" to install symlinks for all obtained packages into package/feeds/ 3. Run "make menuconfig" to select your preferred configuration for the toolchain, target system & firmware packages. 4. Run "make" to build your firmware. This will download all sources, build the cross-compile toolchain and then cross-compile the Linux kernel & all chosen applications for your target system. Sunshine! Your OpenWrt Community http://www.openwrt.org