manifest: mbedtls: bump to 3.6.5 #98786
Conversation
|
The following west manifest projects have changed revision in this Pull Request:
✅ All manifest checks OK Note: This message is automatically posted and updated by the Manifest GitHub Action. |
github-actions
bot
added
manifest
manifest-mbedtls
DNM (manifest)
zephyrbot
added
area: mbedTLS / PSA Crypto
size: XS
valeriosetti
force-pushed
the
mbedtls-bump-3.6.5
branch
from
2439a5b to
1c03604
Compare
tomi-font
left a comment
tomi-font
left a comment
There was a problem hiding this comment.
don't forget the release notes entry as well
tomi-font
left a comment
tomi-font
left a comment
There was a problem hiding this comment.
Maybe we should also explicitly mention the CVEs fixed by this Mbed TLS release at the top of the file?
See for example:
zephyr/doc/releases/release-notes-4.2.rst
Lines 69 to 75 in bde3e69
|
@ceolin @d3zd3z @jhedberg @cfriedt This is probably worth getting in for 4.3? needs one more review on zephyrproject-rtos/mbedtls#79 |
This is a strange time to see proposals for module updates. Is this some release that happened after our rc1, and has some critical fixes we need for the release? Why wasn't this done before rc1 as part of #97555? |
valeriosetti
force-pushed
the
mbedtls-bump-3.6.5
branch
from
b93884a to
6c91bfb
Compare
Hmm yeah admittedly a bit late to the party, this bugfix release happened some weeks ago, it just has two medium security fixes. The Mbed TLS module PR was raised exactly 3 weeks ago by @valeriosetti but has received little attention so far.
As for this question, well... I wasn't even aware of this issue. @d3zd3z is meant to be the maintainer but hasn't been active in maintaining Mbed TLS/TF-M. Not that big of a deal if this is too much too late for 4.3. |
valeriosetti
force-pushed
the
mbedtls-bump-3.6.5
branch
from
6c91bfb to
5159675
Compare
|
I think this could (perhaps should) be considered still for 4.3. However, what's with the failing CI tests? |
jhedberg
left a comment
jhedberg
left a comment
There was a problem hiding this comment.
Looks fine, but please don't forget to thet the module PR merged and then update west.yml here.
Update Mbed TLS revision from 3.6.4 to 3.6.5. Signed-off-by: Valerio Setti <[email protected]>
valeriosetti
force-pushed
the
mbedtls-bump-3.6.5
branch
from
84f00b4 to
bfc02c1
Compare
github-actions
bot
removed
the
DNM (manifest)
Add a note about Mbed TLS version upgrade from 3.6.4 to 3.6.5. Update also the CVE list accordingly. Signed-off-by: Valerio Setti <[email protected]>
Enable retransmissions of Generic Provisioning PDUs. This should fix pb_cancel test where provisionee fails to receive Link Open PDU due to parallel PB-GATT advertisement, but since Link Open PDU is not retransmitted, test fails. Signed-off-by: Pavel Vasilyev <[email protected]>
Add delay to avoid missed packet by tester. This fixes brg_subnet_duplicate_filtering test. Signed-off-by: Pavel Vasilyev <[email protected]>
valeriosetti
force-pushed
the
mbedtls-bump-3.6.5
branch
from
bfc02c1 to
a695949
Compare
|
@valeriosetti since this was opened after rc2 it needs a bug report reference as well |
|
8 participants
Update Mbed TLS revision to 3.6.5 release.
This PR depends on zephyrproject-rtos/mbedtls#79
Fixes #98994