From 7d07ad57002a0af09ceb0fbe59b48ccd2ce4a740 Mon Sep 17 00:00:00 2001
From: Soumya Sambu <soumya.sambu@windriver.com>
Date: Mon, 19 Feb 2024 12:46:27 +0000
Subject: mbedtls: upgrade 2.28.5 -> 2.28.7

Includes security fixes for:
CVE-2024-23170 - Timing side channel in private key RSA operations
CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()

License updated to dual Apache-2.0 OR GPL-2.0-or-later.

Changelog:
https://github.com/Mbed-TLS/mbedtls/blob/v2.28.7/ChangeLog

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-connectivity/mbedtls/mbedtls_2.28.5.bb | 47 ----------------------
 .../recipes-connectivity/mbedtls/mbedtls_2.28.7.bb | 47 ++++++++++++++++++++++
 2 files changed, 47 insertions(+), 47 deletions(-)
 delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.5.bb
 create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb

diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.5.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.5.bb
deleted file mode 100644
index 95688e29bb..0000000000
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.5.bb
+++ /dev/null
@@ -1,47 +0,0 @@
-SUMMARY = "Lightweight crypto and SSL/TLS library"
-DESCRIPTION = "mbedtls is a lean open source crypto library          \
-for providing SSL and TLS support in your programs. It offers        \
-an intuitive API and documented header files, so you can actually    \
-understand what the code does. It features:                          \
-                                                                     \
- - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4,  \
-   Camellia and XTEA                                                 \
- - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5            \
- - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG   \
- - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \
-   ECDSA and ECDH                                                    \
- - SSL v3 and TLS 1.0, 1.1 and 1.2                                   \
- - Abstraction layers for ciphers, hashes, public key operations,    \
-   platform abstraction and threading                                \
-"
-
-HOMEPAGE = "https://tls.mbed.org/"
-
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-SECTION = "libs"
-
-S = "${WORKDIR}/git"
-SRCREV = "47e8cc9db2e469d902b0e3093ae9e482c3d87188"
-SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28"
-
-inherit cmake update-alternatives
-
-PACKAGECONFIG ??= "shared-libs programs"
-PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
-PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF"
-PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF"
-
-EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}"
-
-PROVIDES += "polarssl"
-RPROVIDES:${PN} = "polarssl"
-
-PACKAGES =+ "${PN}-programs"
-FILES:${PN}-programs = "${bindir}/"
-
-ALTERNATIVE:${PN}-programs = "hello"
-ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello"
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb
new file mode 100644
index 0000000000..793cdcaff7
--- /dev/null
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb
@@ -0,0 +1,47 @@
+SUMMARY = "Lightweight crypto and SSL/TLS library"
+DESCRIPTION = "mbedtls is a lean open source crypto library          \
+for providing SSL and TLS support in your programs. It offers        \
+an intuitive API and documented header files, so you can actually    \
+understand what the code does. It features:                          \
+                                                                     \
+ - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4,  \
+   Camellia and XTEA                                                 \
+ - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5            \
+ - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG   \
+ - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \
+   ECDSA and ECDH                                                    \
+ - SSL v3 and TLS 1.0, 1.1 and 1.2                                   \
+ - Abstraction layers for ciphers, hashes, public key operations,    \
+   platform abstraction and threading                                \
+"
+
+HOMEPAGE = "https://tls.mbed.org/"
+
+LICENSE = "Apache-2.0 | GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
+
+SECTION = "libs"
+
+S = "${WORKDIR}/git"
+SRCREV = "555f84735aecdbd76a566cf087ec8425dfb0c8ab"
+SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28"
+
+inherit cmake update-alternatives
+
+PACKAGECONFIG ??= "shared-libs programs"
+PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
+PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF"
+PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF"
+
+EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}"
+
+PROVIDES += "polarssl"
+RPROVIDES:${PN} = "polarssl"
+
+PACKAGES =+ "${PN}-programs"
+FILES:${PN}-programs = "${bindir}/"
+
+ALTERNATIVE:${PN}-programs = "hello"
+ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello"
+
+BBCLASSEXTEND = "native nativesdk"
-- 
cgit v1.2.3-54-g00ecf