git.ipfire.org Git - thirdparty/openwrt.git/commit

author	Magnus Kroken <mkroken@gmail.com>
	Thu, 16 Oct 2025 14:11:11 +0000 (16:11 +0200)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Fri, 17 Oct 2025 23:27:52 +0000 (01:27 +0200)
commit	eb370a7d0230cc2824685d19f28548d81726f2cd
tree	94f0e7e55b72f76df62f4f3d384d38fbc94a3360	tree \| snapshot
parent	2a76abc5442e3f74d95b4caa9bb57e5488fc132e	commit \| diff

mbedtls: update to 3.6.5

This release includes fixes for security issues.

Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported
with bug-fixes and security fixes until at least March 2027.

The two issues fixed were timing side channels:
* Padding oracle through timing of cipher error reporting
(CVE-2025-59438) [1]
* Side channel in RSA key generation and operations (SSBleed, M-Step)
(CVE-2025-54764) [2]

Bug fixes:
* Fix potential CMake parallel build failure when building both the static and shared libraries.
* Fix a build error or incorrect TLS session lifetime on platforms where mbedtls_time_t is not time_t.

[1]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/
[2]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/

Full release announcement:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5

Tested-by: Edoardo Pinci <epinci@outlook.com>
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20425
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>