package/mbedtls: security bump to v3.6.5

For more details on the version bump, see: - https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5 Fixes the following vulnerabilities: - CVE-2025-54764 Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd. For more information, see: - https://nvd.nist.gov/vuln/detail/CVE-2025-54764 - https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/ - CVE-2025-59438 Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. For more information, see: - https://nvd.nist.gov/vuln/detail/CVE-2025-59438 - https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/ Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
2025-10-27 22:07:10 +01:00
parent 8448784798
commit 1a25f0c372
2 changed files with 3 additions and 3 deletions
--- a/package/mbedtls/mbedtls.hash
+++ b/package/mbedtls/mbedtls.hash
@@ -1,4 +1,4 @@
-# From https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4:
-sha256  ec35b18a6c593cf98c3e30db8b98ff93e8940a8c4e690e66b41dfc011d678110  mbedtls-3.6.4.tar.bz2
+# From https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5:
+sha256  4a11f1777bb95bf4ad96721cac945a26e04bf19f57d905f241fe77ebeddf46d8  mbedtls-3.6.5.tar.bz2
 # Locally calculated
 sha256  9b405ef4c89342f5eae1dd828882f931747f71001cfba7d114801039b52ad09b  LICENSE
--- a/package/mbedtls/mbedtls.mk
+++ b/package/mbedtls/mbedtls.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-MBEDTLS_VERSION = 3.6.4
+MBEDTLS_VERSION = 3.6.5
 MBEDTLS_SITE = https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-$(MBEDTLS_VERSION)
 MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION).tar.bz2
 MBEDTLS_CONF_OPTS = \