From patchwork Mon Apr 6 14:14:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85330 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A374F46C45 for ; Mon, 6 Apr 2026 14:15:07 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.55856.1775484903708108494 for ; Mon, 06 Apr 2026 07:15:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=m8ZBmQ9U; spf=pass (domain: gmail.com, ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-43d43e09de5so253128f8f.1 for ; Mon, 06 Apr 2026 07:15:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775484902; x=1776089702; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=yjfcXVatPrGyfNbdhTOYzuKfO6qL3No+HZfe6cF2yso=; b=m8ZBmQ9UmcqJjEQnwtuzANje0PvAF4kijCSY/wLZ6wKn2jHxF133xFzpsueTNwANfK Yuiwh2GKDYCCsTs84y8nnynPJp/3WkmEilU4XbHoVJkIATqFDz6nqkYwDzwY7sKIc7wR fq4BEyrT3hdSLn2ysqXuRXy70+fmlH1bvyup13I19a8I0rw3Q5HrQJDdwzC4eIlGDo76 UKANfrkWLcBZsrVjUr0nVD3r+VlikM7Cvwfu+AgL0OnkHhRsX6UVfwJRuIW0b0OAaAm+ ABSbYDNV8/X7X88IOwfLcwcQX6Msn/lG52IMJtp0F9KPkjIxOBYu+eyiyxln03ttvzsQ P5Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775484902; x=1776089702; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yjfcXVatPrGyfNbdhTOYzuKfO6qL3No+HZfe6cF2yso=; b=Yb6JOaYoAizNZ7rJ6fDRIRXPtMam4fjNfN+MxdOV/vzgtSd9ZEeaJ5OKBlAhuiP5lD qxXe0niJhDg8ReaOLz2DwR7kiWD5TIHEtvKkQhD6R074VKKWc6n4XcKlbwCv9GDB/Jed RY3bi87ReXY4tsdR84Bo1ZUIbj+3feI6tb6G8x0yRbV5IUv8amdHnZMynkVhE3y4VVQc voBEUCtGHR5IPcN6cgyuzvnzqc9eD6Hi05Qy6281mE1lm1uOOUzChDsAxEMUBsZB2YAh KKUbebZEzmBGYBWSw2jqiV+CkzK6zP9YL+YzDXzPXU8UKm+b9Af86vXa+awhqIoHXkXh yGng== X-Gm-Message-State: AOJu0Yy+BVWbFVkAjE7koybcL7T+vLO9AylsuBvn1Nergs8K1952hb5a boSPtYwBYCbcZYuHAzveIvXSoXfglH2YGFKOtLapKjZF6Ts4bablvC82y5pRNw== X-Gm-Gg: AeBDieu8CoAaiYErdNzH3P3MGI2qqe0+tnbBIeqdZOPbMZD7LUFxZPS3m/zVGScm1fl b2P+t+5up7TwFTJfEvwnjjIaQUKoTsf79HuVGjTuF3Y2bzro5e52Q81PpREilxP1g/CLS67CCjK iLgI1aFkgTPIkIp3Or/Z+cDTZVoy+eNuIAk1242E3uNdi3K+qML2M8gZOy99sbbX5dsf2eC7uHS /PzDLyiDsDrZGcLuRrVbVFSJp8rDgATqjIIvgMtvs7AODbFNRNKUuNIUWIDvIcLU/da5wEEbr/k zT3RJXtxNaK86LDicHolzOz5jd+LvHHTUnwtVjC1cgArNM0M2VSmjb8hrKz8DUSX/fXF7aEXQC1 A/u7c3+3VniCLZklI5oZ5A39d3MhroyC3004+P4wPRYV4j7bPOHUN5dEG6HNWYDAraDUSFJdrfn rNzFZdOwuQNUsZW7I/QmKn X-Received: by 2002:a05:6000:1869:b0:43d:dd:8cad with SMTP id ffacd0b85a97d-43d292cbccdmr17936172f8f.32.1775484901963; Mon, 06 Apr 2026 07:15:01 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f7d4esm35554567f8f.34.2026.04.06.07.15.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 07:15:01 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][PATCH 1/2] mbedtls: drop recipe for v2 Date: Mon, 6 Apr 2026 16:14:59 +0200 Message-ID: <20260406141500.3557451-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 14:15:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126045 It has been unmaintained/EOL for over a year - there is a recipe for a newer, still supported version. Signed-off-by: Gyorgy Sarvari --- .../mbedtls/mbedtls_2.28.10.bb | 79 ------------------- 1 file changed, 79 deletions(-) delete mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.10.bb diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.10.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.10.bb deleted file mode 100644 index b126aee7db..0000000000 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.10.bb +++ /dev/null @@ -1,79 +0,0 @@ -SUMMARY = "Lightweight crypto and SSL/TLS library" -DESCRIPTION = "mbedtls is a lean open source crypto library \ -for providing SSL and TLS support in your programs. It offers \ -an intuitive API and documented header files, so you can actually \ -understand what the code does. It features: \ - \ - - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ - Camellia and XTEA \ - - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ - - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ - - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ - ECDSA and ECDH \ - - SSL v3 and TLS 1.0, 1.1 and 1.2 \ - - Abstraction layers for ciphers, hashes, public key operations, \ - platform abstraction and threading \ -" - -HOMEPAGE = "https://tls.mbed.org/" - -LICENSE = "Apache-2.0 | GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" - -SECTION = "libs" - -SRCREV = "2fc8413bfcb51354c8e679141b17b3f1a5942561" -SRC_URI = "git://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=archive/mbedtls-2.28;tag=${BPN} \ - file://run-ptest \ - " - -inherit cmake update-alternatives ptest - -PACKAGECONFIG ??= "shared-libs programs ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" -PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" -PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" -PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" -# Make X.509 and TLS calls use PSA -# https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md -PACKAGECONFIG[psa] = "" -PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF" - -EXTRA_OECMAKE = "-DLIB_INSTALL_DIR:STRING=${libdir}" - -# For now the only way to enable PSA is to explicitly pass a -D via CFLAGS -CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'psa', ' -DMBEDTLS_USE_PSA_CRYPTO', '', d)}" - -PROVIDES += "polarssl" -RPROVIDES:${PN} = "polarssl" - -PACKAGES =+ "${PN}-programs" -FILES:${PN}-programs = "${bindir}/" - -ALTERNATIVE:${PN}-programs = "${@bb.utils.contains('PACKAGECONFIG', 'programs', 'hello', '', d)}" -ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello" - -BBCLASSEXTEND = "native nativesdk" - -CVE_PRODUCT = "mbed_tls" - -CVE_STATUS[CVE-2021-43666] = "backported-patch: Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310" -CVE_STATUS[CVE-2021-45451] = "backported-patch: Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c" - -# Strip host paths from autogenerated test files -do_compile:append() { - sed -i 's+${S}/++g' ${B}/tests/*.c 2>/dev/null || : - sed -i 's+${B}/++g' ${B}/tests/*.c 2>/dev/null || : -} - -# Export source files/headers needed by Arm Trusted Firmware -sysroot_stage_all:append() { - sysroot_stage_dir "${S}/library" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library" - sysroot_stage_dir "${S}/include" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include" -} - -do_install_ptest () { - install -d ${D}${PTEST_PATH}/tests - cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/ - find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete - cp -fR ${S}/tests/data_files ${D}${PTEST_PATH}/tests/ -} From patchwork Mon Apr 6 14:15:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85329 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49C4BF46C47 for ; Mon, 6 Apr 2026 14:15:07 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.55857.1775484904691112357 for ; Mon, 06 Apr 2026 07:15:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=U6am3+1S; spf=pass (domain: gmail.com, ip: 209.85.128.45, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-488b3f8fa2bso7763035e9.1 for ; Mon, 06 Apr 2026 07:15:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775484903; x=1776089703; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=v0Adon3YveG2XprMgyDfEkJyW/nAIa8SnynHe89W/gA=; b=U6am3+1SN/+a7wYKDEZpqubbj2UNJqjlgt5r6pkS2GJYwk0rcHpCTu6iBNMvt/8JSf EqZE+w9rH0R/5HnDbSjNkSOJ+IdOw3dfqz+pjsRk//6oc3RO3NXNX2a6nHqrgtwfwP/F Pj7CUGbtkbsvQMDi09J/v1l6EzZDwhsqSbm52OhIz4eyWzT2xVD0PJWobA7XCb04sQ2r BXwDxIVoYxOiLzIRDtG+jIWPdwIkyKxa5xXR0HsaHhGrUPpMSZPkl/xuCrGIRyRidjNI AcFgUPnV5gADWpBSAMt5Y76vadwAplXRGad42JxiPzvCka9pmDBjyNVBc9L/DnFkxQCW rLLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775484903; x=1776089703; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=v0Adon3YveG2XprMgyDfEkJyW/nAIa8SnynHe89W/gA=; b=Up0U7GNLhqyNqCnVc3rx8PR/PqCFqzEhVQYUNfdfRiMCCrZ1XOMDVvBnfSlIOsCYPr di2AbmTTPtNDgoYhJ/LCraiiVp5LMWD8OO4PThQDvqG2EKYLeL9xw3EU+9qDTVwTBi9j f69/WwdLdhaqxZHhzkQ1+auaOm89adVyJaBN5l6V+m4lEHVRuQw1DtyQObkYGdTK+9Al QK8cHxBICpFAdOmW34psmfbwZEaf9mKPPStpXTo1m2kvz3Q0l8FsGAurydIBZZ41odEA FxRt3yU70QX4rsyuWxT/h9V1BRFc3PYBfePjI+iC+/+hoSPGID1ovNmtEhf1JgHTa0DQ UzmA== X-Gm-Message-State: AOJu0Ywld/90+CFHatJUI3fOOPCRqj5GUXvCYQLLtWcD3LrmHvTjBtXN PpdF0yNXbU9hG35GbyNXfcwcfRIgXCclohxht23Z1nSqBoofR9g4WijGOVu5LA== X-Gm-Gg: AeBDievArvvW5aj9GigiIOQChqdA3UIS26zOdzerw9hbJcZXKbxp8/qR6hOixaH51og 9jSz4PN/m7cscye9L30s21Uz5pte28cNYCiu6kSseOp9dDaBu1UFTg9zmgz+cTLBQjDcMzwj0r/ KLb0ab/0xKHGg7tkW/hG80DaNGWoqL2UbnT9pJm9TEg4qYYqZIYnj6BXn/04NY0ktbbKwH2TfdZ /VPEgpLLrYZw0dgAO1gyuftHiInKplGwMBS1lfkuE99vLASpBbfoQ7vXTu3/aFX6twnsMoZN+mI zTeT946hXAFu1usRAgMx/xEtdFQqA9M9qAyRsWhtSiF6gQehc5+eWev02OtIB2wBRUhCl6oVPlj tliUA3QvIZwYHKVPKp4a6TEflsX9FqZXW1yOH1JWnAGeJzT8qwRQukqhWOtyuPZNUDgGvx1rMVU +yfOpztm8t3/2sy8QYFE8C X-Received: by 2002:a5d:5d0a:0:b0:43c:fac5:d382 with SMTP id ffacd0b85a97d-43d2118dc50mr25104906f8f.12.1775484902791; Mon, 06 Apr 2026 07:15:02 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f7d4esm35554567f8f.34.2026.04.06.07.15.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 07:15:02 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][PATCH 2/2] mbedtls: upgrade 3.6.5 -> 3.6.6 Date: Mon, 6 Apr 2026 16:15:00 +0200 Message-ID: <20260406141500.3557451-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260406141500.3557451-1-skandigraun@gmail.com> References: <20260406141500.3557451-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 14:15:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126046 Contains fixes for CVE-2026-25833, CVE-2026-25834, CVE-2026-25835, CVE-2026-34872, CVE-2026-34873, CVE-2026-34874 and CVE-2026-34875. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6 Ptests passed successfully: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-04-06T14:04 BEGIN: /usr/lib/mbedtls/ptest PASS: test_suite_aes.cbc PASS: test_suite_aes.cfb PASS: test_suite_aes.ctr ... PASS: test_suite_version PASS: test_suite_x509parse PASS: test_suite_x509write DURATION: 24 END: /usr/lib/mbedtls/ptest 2026-04-06T14:04 STOP: ptest-runner Signed-off-by: Gyorgy Sarvari --- .../mbedtls/{mbedtls_3.6.5.bb => mbedtls_3.6.6.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.6.5.bb => mbedtls_3.6.6.bb} (98%) diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.5.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.6.bb similarity index 98% rename from meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.5.bb rename to meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.6.bb index bc2ff8ffb5..23d5c0878f 100644 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.5.bb +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.6.6.bb @@ -27,7 +27,7 @@ SRC_URI = "gitsm://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=mbedtls file://run-ptest \ " -SRCREV = "e185d7fd85499c8ce5ca2a54f5cf8fe7dbe3f8df" +SRCREV = "0bebf8b8c7f07abe3571ded48a11aa907a1ffb20" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)"