Message ID | 20231013140719.344880-1-beniaminsandu@gmail.com |
---|---|
State | Under Review |
Headers | show |
Series | [meta-networking,v3] mbedtls: upgrade 3.4.1 -> 3.5.0 | expand |
Hi, On Fri, Oct 13, 2023 at 03:07:19PM +0100, Beniamin Sandu wrote: > * Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites > * Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH > * Includes aesce compilation fixes Thanks, looks very good now! Cheers, -Mikko > Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0 > > Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > --- > ...cify-an-arch-version-when-enabling-c.patch | 33 ------------------ > ...t-target-attribute-when-building-wit.patch | 34 ------------------- > .../{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} | 4 +-- > 3 files changed, 1 insertion(+), 70 deletions(-) > delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} (93%) > > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > deleted file mode 100644 > index 44d74754c..000000000 > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > +++ /dev/null > @@ -1,33 +0,0 @@ > -From 2246925e3cb16183e25d4e2cfd13fb800df86270 Mon Sep 17 00:00:00 2001 > -From: Beniamin Sandu <beniaminsandu@gmail.com> > -Date: Sun, 25 Jun 2023 19:58:08 +0300 > -Subject: [PATCH] aesce: do not specify an arch version when enabling crypto > - instructions > - > -Building mbedtls with different aarch64 tuning variations revealed > -that we should use the crypto extensions without forcing a particular > -architecture version or core, as that can create issues. > - > -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/471a975942dec76bf0ccb92b6c6da055385683fb] > - > -Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > ---- > - library/aesce.c | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/library/aesce.c b/library/aesce.c > -index fe056dc4c..843de3973 100644 > ---- a/library/aesce.c > -+++ b/library/aesce.c > -@@ -60,7 +60,7 @@ > - # error "A more recent GCC is required for MBEDTLS_AESCE_C" > - # endif > - # pragma GCC push_options > --# pragma GCC target ("arch=armv8-a+crypto") > -+# pragma GCC target ("+crypto") > - # define MBEDTLS_POP_TARGET_PRAGMA > - # else > - # error "Only GCC and Clang supported for MBEDTLS_AESCE_C" > --- > -2.25.1 > - > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > deleted file mode 100644 > index c8f6cb750..000000000 > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > +++ /dev/null > @@ -1,34 +0,0 @@ > -From 03d3523f974536f2358047382aadb0d4cc762f8a Mon Sep 17 00:00:00 2001 > -From: Beniamin Sandu <beniaminsandu@gmail.com> > -Date: Mon, 26 Jun 2023 12:07:21 +0300 > -Subject: [PATCH] aesce: use correct target attribute when building with clang > - > -Seems clang has its own issues when it comes to crypto extensions, > -and right now the best way to avoid them is to accurately enable > -the needed instructions instead of the broad crypto feature. > - > -E.g.: https://github.com/llvm/llvm-project/issues/61645 > - > -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/aa4f6219014d863bed51453e5261178adc66be34] > - > -Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > ---- > - library/aesce.c | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/library/aesce.c b/library/aesce.c > -index 843de3973..7bea088ba 100644 > ---- a/library/aesce.c > -+++ b/library/aesce.c > -@@ -53,7 +53,7 @@ > - # if __clang_major__ < 4 > - # error "A more recent Clang is required for MBEDTLS_AESCE_C" > - # endif > --# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) > -+# pragma clang attribute push (__attribute__((target("aes"))), apply_to=function) > - # define MBEDTLS_POP_TARGET_PRAGMA > - # elif defined(__GNUC__) > - # if __GNUC__ < 6 > --- > -2.25.1 > - > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > similarity index 93% > rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > index a6f8583b2..1fd187ab2 100644 > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > @@ -23,10 +23,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" > SECTION = "libs" > > S = "${WORKDIR}/git" > -SRCREV = "72718dd87e087215ce9155a826ee5a66cfbe9631" > +SRCREV = "1ec69067fa1351427f904362c1221b31538c8b57" > SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ > - file://0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch \ > - file://0002-aesce-use-correct-target-attribute-when-building-wit.patch \ > file://run-ptest" > > inherit cmake update-alternatives ptest > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#105470): https://lists.openembedded.org/g/openembedded-devel/message/105470 > Mute This Topic: https://lists.openembedded.org/mt/101940558/7159507 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [mikko.rapeli@linaro.org] > -=-=-=-=-=-=-=-=-=-=-=- >
fails to compile on x86 https://errors.yoctoproject.org/Errors/Details/739887/ On Fri, Oct 13, 2023 at 7:15 AM Beniamin Sandu <beniaminsandu@gmail.com> wrote: > > * Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites > * Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH > * Includes aesce compilation fixes > > Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0 > > Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > --- > ...cify-an-arch-version-when-enabling-c.patch | 33 ------------------ > ...t-target-attribute-when-building-wit.patch | 34 ------------------- > .../{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} | 4 +-- > 3 files changed, 1 insertion(+), 70 deletions(-) > delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} (93%) > > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > deleted file mode 100644 > index 44d74754c..000000000 > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > +++ /dev/null > @@ -1,33 +0,0 @@ > -From 2246925e3cb16183e25d4e2cfd13fb800df86270 Mon Sep 17 00:00:00 2001 > -From: Beniamin Sandu <beniaminsandu@gmail.com> > -Date: Sun, 25 Jun 2023 19:58:08 +0300 > -Subject: [PATCH] aesce: do not specify an arch version when enabling crypto > - instructions > - > -Building mbedtls with different aarch64 tuning variations revealed > -that we should use the crypto extensions without forcing a particular > -architecture version or core, as that can create issues. > - > -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/471a975942dec76bf0ccb92b6c6da055385683fb] > - > -Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > ---- > - library/aesce.c | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/library/aesce.c b/library/aesce.c > -index fe056dc4c..843de3973 100644 > ---- a/library/aesce.c > -+++ b/library/aesce.c > -@@ -60,7 +60,7 @@ > - # error "A more recent GCC is required for MBEDTLS_AESCE_C" > - # endif > - # pragma GCC push_options > --# pragma GCC target ("arch=armv8-a+crypto") > -+# pragma GCC target ("+crypto") > - # define MBEDTLS_POP_TARGET_PRAGMA > - # else > - # error "Only GCC and Clang supported for MBEDTLS_AESCE_C" > --- > -2.25.1 > - > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > deleted file mode 100644 > index c8f6cb750..000000000 > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > +++ /dev/null > @@ -1,34 +0,0 @@ > -From 03d3523f974536f2358047382aadb0d4cc762f8a Mon Sep 17 00:00:00 2001 > -From: Beniamin Sandu <beniaminsandu@gmail.com> > -Date: Mon, 26 Jun 2023 12:07:21 +0300 > -Subject: [PATCH] aesce: use correct target attribute when building with clang > - > -Seems clang has its own issues when it comes to crypto extensions, > -and right now the best way to avoid them is to accurately enable > -the needed instructions instead of the broad crypto feature. > - > -E.g.: https://github.com/llvm/llvm-project/issues/61645 > - > -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/aa4f6219014d863bed51453e5261178adc66be34] > - > -Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > ---- > - library/aesce.c | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/library/aesce.c b/library/aesce.c > -index 843de3973..7bea088ba 100644 > ---- a/library/aesce.c > -+++ b/library/aesce.c > -@@ -53,7 +53,7 @@ > - # if __clang_major__ < 4 > - # error "A more recent Clang is required for MBEDTLS_AESCE_C" > - # endif > --# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) > -+# pragma clang attribute push (__attribute__((target("aes"))), apply_to=function) > - # define MBEDTLS_POP_TARGET_PRAGMA > - # elif defined(__GNUC__) > - # if __GNUC__ < 6 > --- > -2.25.1 > - > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > similarity index 93% > rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > index a6f8583b2..1fd187ab2 100644 > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > @@ -23,10 +23,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" > SECTION = "libs" > > S = "${WORKDIR}/git" > -SRCREV = "72718dd87e087215ce9155a826ee5a66cfbe9631" > +SRCREV = "1ec69067fa1351427f904362c1221b31538c8b57" > SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ > - file://0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch \ > - file://0002-aesce-use-correct-target-attribute-when-building-wit.patch \ > file://run-ptest" > > inherit cmake update-alternatives ptest > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#105470): https://lists.openembedded.org/g/openembedded-devel/message/105470 > Mute This Topic: https://lists.openembedded.org/mt/101940558/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Fri, 13 Oct 2023 at 18:19, Khem Raj <raj.khem@gmail.com> wrote: > > fails to compile on x86 > https://errors.yoctoproject.org/Errors/Details/739887/ > Will have a look and fix it next week. > On Fri, Oct 13, 2023 at 7:15 AM Beniamin Sandu <beniaminsandu@gmail.com> wrote: > > > > * Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites > > * Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH > > * Includes aesce compilation fixes > > > > Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0 > > > > Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > > --- > > ...cify-an-arch-version-when-enabling-c.patch | 33 ------------------ > > ...t-target-attribute-when-building-wit.patch | 34 ------------------- > > .../{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} | 4 +-- > > 3 files changed, 1 insertion(+), 70 deletions(-) > > delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > > delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > > rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} (93%) > > > > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > > deleted file mode 100644 > > index 44d74754c..000000000 > > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch > > +++ /dev/null > > @@ -1,33 +0,0 @@ > > -From 2246925e3cb16183e25d4e2cfd13fb800df86270 Mon Sep 17 00:00:00 2001 > > -From: Beniamin Sandu <beniaminsandu@gmail.com> > > -Date: Sun, 25 Jun 2023 19:58:08 +0300 > > -Subject: [PATCH] aesce: do not specify an arch version when enabling crypto > > - instructions > > - > > -Building mbedtls with different aarch64 tuning variations revealed > > -that we should use the crypto extensions without forcing a particular > > -architecture version or core, as that can create issues. > > - > > -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/471a975942dec76bf0ccb92b6c6da055385683fb] > > - > > -Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > > ---- > > - library/aesce.c | 2 +- > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > - > > -diff --git a/library/aesce.c b/library/aesce.c > > -index fe056dc4c..843de3973 100644 > > ---- a/library/aesce.c > > -+++ b/library/aesce.c > > -@@ -60,7 +60,7 @@ > > - # error "A more recent GCC is required for MBEDTLS_AESCE_C" > > - # endif > > - # pragma GCC push_options > > --# pragma GCC target ("arch=armv8-a+crypto") > > -+# pragma GCC target ("+crypto") > > - # define MBEDTLS_POP_TARGET_PRAGMA > > - # else > > - # error "Only GCC and Clang supported for MBEDTLS_AESCE_C" > > --- > > -2.25.1 > > - > > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > > deleted file mode 100644 > > index c8f6cb750..000000000 > > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch > > +++ /dev/null > > @@ -1,34 +0,0 @@ > > -From 03d3523f974536f2358047382aadb0d4cc762f8a Mon Sep 17 00:00:00 2001 > > -From: Beniamin Sandu <beniaminsandu@gmail.com> > > -Date: Mon, 26 Jun 2023 12:07:21 +0300 > > -Subject: [PATCH] aesce: use correct target attribute when building with clang > > - > > -Seems clang has its own issues when it comes to crypto extensions, > > -and right now the best way to avoid them is to accurately enable > > -the needed instructions instead of the broad crypto feature. > > - > > -E.g.: https://github.com/llvm/llvm-project/issues/61645 > > - > > -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/aa4f6219014d863bed51453e5261178adc66be34] > > - > > -Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > > ---- > > - library/aesce.c | 2 +- > > - 1 file changed, 1 insertion(+), 1 deletion(-) > > - > > -diff --git a/library/aesce.c b/library/aesce.c > > -index 843de3973..7bea088ba 100644 > > ---- a/library/aesce.c > > -+++ b/library/aesce.c > > -@@ -53,7 +53,7 @@ > > - # if __clang_major__ < 4 > > - # error "A more recent Clang is required for MBEDTLS_AESCE_C" > > - # endif > > --# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) > > -+# pragma clang attribute push (__attribute__((target("aes"))), apply_to=function) > > - # define MBEDTLS_POP_TARGET_PRAGMA > > - # elif defined(__GNUC__) > > - # if __GNUC__ < 6 > > --- > > -2.25.1 > > - > > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > > similarity index 93% > > rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > > rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > > index a6f8583b2..1fd187ab2 100644 > > --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb > > +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb > > @@ -23,10 +23,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" > > SECTION = "libs" > > > > S = "${WORKDIR}/git" > > -SRCREV = "72718dd87e087215ce9155a826ee5a66cfbe9631" > > +SRCREV = "1ec69067fa1351427f904362c1221b31538c8b57" > > SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ > > - file://0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch \ > > - file://0002-aesce-use-correct-target-attribute-when-building-wit.patch \ > > file://run-ptest" > > > > inherit cmake update-alternatives ptest > > -- > > 2.34.1 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#105470): https://lists.openembedded.org/g/openembedded-devel/message/105470 > > Mute This Topic: https://lists.openembedded.org/mt/101940558/1997914 > > Group Owner: openembedded-devel+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch deleted file mode 100644 index 44d74754c..000000000 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 2246925e3cb16183e25d4e2cfd13fb800df86270 Mon Sep 17 00:00:00 2001 -From: Beniamin Sandu <beniaminsandu@gmail.com> -Date: Sun, 25 Jun 2023 19:58:08 +0300 -Subject: [PATCH] aesce: do not specify an arch version when enabling crypto - instructions - -Building mbedtls with different aarch64 tuning variations revealed -that we should use the crypto extensions without forcing a particular -architecture version or core, as that can create issues. - -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/471a975942dec76bf0ccb92b6c6da055385683fb] - -Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> ---- - library/aesce.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/library/aesce.c b/library/aesce.c -index fe056dc4c..843de3973 100644 ---- a/library/aesce.c -+++ b/library/aesce.c -@@ -60,7 +60,7 @@ - # error "A more recent GCC is required for MBEDTLS_AESCE_C" - # endif - # pragma GCC push_options --# pragma GCC target ("arch=armv8-a+crypto") -+# pragma GCC target ("+crypto") - # define MBEDTLS_POP_TARGET_PRAGMA - # else - # error "Only GCC and Clang supported for MBEDTLS_AESCE_C" --- -2.25.1 - diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch deleted file mode 100644 index c8f6cb750..000000000 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 03d3523f974536f2358047382aadb0d4cc762f8a Mon Sep 17 00:00:00 2001 -From: Beniamin Sandu <beniaminsandu@gmail.com> -Date: Mon, 26 Jun 2023 12:07:21 +0300 -Subject: [PATCH] aesce: use correct target attribute when building with clang - -Seems clang has its own issues when it comes to crypto extensions, -and right now the best way to avoid them is to accurately enable -the needed instructions instead of the broad crypto feature. - -E.g.: https://github.com/llvm/llvm-project/issues/61645 - -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/aa4f6219014d863bed51453e5261178adc66be34] - -Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> ---- - library/aesce.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/library/aesce.c b/library/aesce.c -index 843de3973..7bea088ba 100644 ---- a/library/aesce.c -+++ b/library/aesce.c -@@ -53,7 +53,7 @@ - # if __clang_major__ < 4 - # error "A more recent Clang is required for MBEDTLS_AESCE_C" - # endif --# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) -+# pragma clang attribute push (__attribute__((target("aes"))), apply_to=function) - # define MBEDTLS_POP_TARGET_PRAGMA - # elif defined(__GNUC__) - # if __GNUC__ < 6 --- -2.25.1 - diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb similarity index 93% rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb index a6f8583b2..1fd187ab2 100644 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.1.bb +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.0.bb @@ -23,10 +23,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SECTION = "libs" S = "${WORKDIR}/git" -SRCREV = "72718dd87e087215ce9155a826ee5a66cfbe9631" +SRCREV = "1ec69067fa1351427f904362c1221b31538c8b57" SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ - file://0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch \ - file://0002-aesce-use-correct-target-attribute-when-building-wit.patch \ file://run-ptest" inherit cmake update-alternatives ptest
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites * Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH * Includes aesce compilation fixes Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0 Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> --- ...cify-an-arch-version-when-enabling-c.patch | 33 ------------------ ...t-target-attribute-when-building-wit.patch | 34 ------------------- .../{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} | 4 +-- 3 files changed, 1 insertion(+), 70 deletions(-) delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-aesce-do-not-specify-an-arch-version-when-enabling-c.patch delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0002-aesce-use-correct-target-attribute-when-building-wit.patch rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.4.1.bb => mbedtls_3.5.0.bb} (93%)