mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2025-11-03 12:58:41 +00:00
eb370a7d02
This release includes fixes for security issues. Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported with bug-fixes and security fixes until at least March 2027. The two issues fixed were timing side channels: * Padding oracle through timing of cipher error reporting (CVE-2025-59438) [1] * Side channel in RSA key generation and operations (SSBleed, M-Step) (CVE-2025-54764) [2] Bug fixes: * Fix potential CMake parallel build failure when building both the static and shared libraries. * Fix a build error or incorrect TLS session lifetime on platforms where mbedtls_time_t is not time_t. [1]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/ [2]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/ Full release announcement: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5 Tested-by: Edoardo Pinci <epinci@outlook.com> Signed-off-by: Magnus Kroken <mkroken@gmail.com> Link: https://github.com/openwrt/openwrt/pull/20425 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>