[OpenWrt-Devel] [PATCH] mbedtls: update to 2.16.4

Magnus Kroken mkroken at gmail.com
Sat Jan 25 12:59:24 EST 2020

On 25.01.2020 18:33, Magnus Kroken wrote:
> Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.
> Release announcement:
> https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
> Security advisory:
> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
> Signed-off-by: Magnus Kroken <mkroken at gmail.com>
> ---

Please note: upstream did not update include/mbedtls/version.h in 
2.16.3. .so filenames as well as software relying on e.g. 
MBEDTLS_VERSION_NUMBER will report 2.16.3 as the version. This has been 
reported upstream[1].

I have not modified version.h in this patch, as upstream has not yet 
committed any updates or confirmed a fixed release.

1: https://github.com/ARMmbed/mbedtls/issues/3004

Magnus Kroken

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list