mbedtls: update to 3.6.5
This release includes fixes for security issues.
Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported
with bug-fixes and security fixes until at least March 2027.
The two issues fixed were timing side channels:
* Padding oracle through timing of cipher error reporting
(CVE-2025-59438) [1]
* Side channel in RSA key generation and operations (SSBleed, M-Step)
(CVE-2025-54764) [2]
Bug fixes:
* Fix potential CMake parallel build failure when building both the static and shared libraries.
* Fix a build error or incorrect TLS session lifetime on platforms where mbedtls_time_t is not time_t.
[1]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/
[2]: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/
Full release announcement:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5
Tested-by: Edoardo Pinci <[email protected]>
Signed-off-by: Magnus Kroken <[email protected]>
Link: https://github.com/openwrt/openwrt/pull/20425
Signed-off-by: Hauke Mehrtens <[email protected]>
(cherry picked from commit
eb370a7d0230cc2824685d19f28548d81726f2cd)
projects / openwrt / openwrt.git / commit