Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438

2025-10-22 14:33:37 +02:00
parent 0fe9d7b526
commit a2de50f788
3 changed files with 13 additions and 1 deletions
--- a/micropython.spec
+++ b/micropython.spec
@@ -27,6 +27,7 @@ License:        MIT
 URL:            https://micropython.org/
 Source0:        %{name}-%{version}.tar.xz
 Source1:        prepare.sh
+Source2:        https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-3.6.5/mbedtls-3.6.5.tar.bz2#/mbedtls-3.6.5.tar.bz2
 BuildRequires:  openssl
 BuildRequires:  pkgconfig
 BuildRequires:  python3
@@ -65,12 +66,15 @@ MicroPython tools like the mpy-cross compiler for compiling.py files to .mpy fil
 Also mpy-tool for inspecting .mpy files.

 %prep
-%autosetup -p1
+%autosetup -p1 -a2

 sed -i -e "s:/usr/lib/micropython:%{_prefix}/lib/micropython:g" "ports/unix/main.c"

 %define make_flags V=1 MICROPY_PY_BTREE=0 MICROPY_PY_USSL=0

+rm -rf lib/mbedtls
+mv mbedtls-3.6.5 lib/mbedtls
+
 %build
 # micropython
 export CFLAGS="%optflags -Wno-dangling-pointer"