[meta-networking] mbedtls: upgrade 3.6.3.1 -> 3.6.4

Message ID	20250715161434.8940-1-gudni.m.g@gmail.com
State	Under Review
Headers	show Return-Path: <gudni.m.g@gmail.com> ip: 209.85.221.44, mailfrom: gudni.m.g@gmail.com) From: =?utf-8?q?Gu=C3=B0ni_M=C3=A1r_Gilbert?= <gudni.m.g@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: =?utf-8?q?Gu=C3=B0ni_M=C3=A1r_Gilbert?= <gudni.m.g@gmail.com> Subject: [meta-networking][PATCH] mbedtls: upgrade 3.6.3.1 -> 3.6.4 Date: Tue, 15 Jul 2025 16:14:34 +0000 Message-ID: <20250715161434.8940-1-gudni.m.g@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	[meta-networking] mbedtls: upgrade 3.6.3.1 -> 3.6.4 \| expand [meta-networking] mbedtls: upgrade 3.6.3.1 -> 3.6.4

Message ID

20250715161434.8940-1-gudni.m.g@gmail.com

State

Under Review

Headers

From: =?utf-8?q?Gu=C3=B0ni_M=C3=A1r_Gilbert?= <gudni.m.g@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: =?utf-8?q?Gu=C3=B0ni_M=C3=A1r_Gilbert?= <gudni.m.g@gmail.com>
Subject: [meta-networking][PATCH] mbedtls: upgrade 3.6.3.1 -> 3.6.4
Date: Tue, 15 Jul 2025 16:14:34 +0000
Message-ID: <20250715161434.8940-1-gudni.m.g@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Series

[meta-networking] mbedtls: upgrade 3.6.3.1 -> 3.6.4 | expand

Commit Message

Guðni Már Gilbert July 15, 2025, 4:14 p.m. UTC

Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087

Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
---
 .../mbedtls/{mbedtls_3.6.3.1.bb => mbedtls_3.6.4.bb}          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.6.3.1.bb => mbedtls_3.6.4.bb} (97%)

Comments

Khem Raj July 16, 2025, 6:53 a.m. UTC | #1

This fails to build

from mbedtls_framework import config_common
ModuleNotFoundError: No module named 'mbedtls_framework'

for detailed logs see
https://errors.yoctoproject.org/Errors/Details/872324/

I guess we need to add recipe for native python-mbedtls module

On Tue, Jul 15, 2025 at 9:14 AM Guðni Már Gilbert via
lists.openembedded.org <gudni.m.g=gmail.com@lists.openembedded.org>
wrote:
>
> Fixes several security vulnerabilities:
> CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
> CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
> and CVE-2025-49087
>
> Changelog:
> https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
>
> Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
> ---
>  .../mbedtls/{mbedtls_3.6.3.1.bb => mbedtls_3.6.4.bb}          | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.6.3.1.bb => mbedtls_3.6.4.bb} (97%)
>
> diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.3.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.4.bb
> similarity index 97%
> rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.3.1.bb
> rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.4.bb
> index 0b64d661c4..3f8938bb82 100644
> --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.3.1.bb
> +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.4.bb
> @@ -22,11 +22,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
>
>  SECTION = "libs"
>
> -SRC_URI = "git://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=main;tag=v${PV} \
> +SRC_URI = "git://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=mbedtls-3.6;tag=v${PV} \
>             file://run-ptest \
>             "
>
> -SRCREV = "6fb5120fde4ab889bea402f5ab230c720b0a3b9a"
> +SRCREV = "c765c831e5c2a0971410692f92f7a81d6ec65ec2"
>
>  UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
>
> --
> 2.43.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#118564): https://lists.openembedded.org/g/openembedded-devel/message/118564
> Mute This Topic: https://lists.openembedded.org/mt/114169589/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Guðni Már Gilbert July 16, 2025, 9:48 a.m. UTC | #2

Thanks Khem for the report. I upgraded via devtool and assumed a failure like this would be caught by devtool. I’ll take a closer look.

diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.3.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.4.bb
similarity index 97%
rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.3.1.bb
rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.4.bb
index 0b64d661c4..3f8938bb82 100644
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.3.1.bb
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.4.bb
@@ -22,11 +22,11 @@  LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
 
 SECTION = "libs"
 
-SRC_URI = "git://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=main;tag=v${PV} \
+SRC_URI = "git://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=mbedtls-3.6;tag=v${PV} \
            file://run-ptest \
            "
 
-SRCREV = "6fb5120fde4ab889bea402f5ab230c720b0a3b9a"
+SRCREV = "c765c831e5c2a0971410692f92f7a81d6ec65ec2"
 
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"

[meta-networking] mbedtls: upgrade 3.6.3.1 -> 3.6.4

Commit Message

Comments

Patch