Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438

2025-10-22 14:33:37 +02:00
parent 0fe9d7b526
commit a2de50f788
3 changed files with 13 additions and 1 deletions
--- a/mbedtls-3.6.5.tar.bz2
+++ b/mbedtls-3.6.5.tar.bz2
--- a/micropython.changes
+++ b/micropython.changes
@@ -1,3 +1,8 @@
 -------------------------------------------------------------------
 Wed Oct 22 12:19:48 UTC 2025 - Dominik Heidler <dheidler@suse.de>
 - Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438
 -------------------------------------------------------------------
 Fri Aug 15 08:13:39 UTC 2025 - Dominik Heidler <dheidler@suse.de>
--- a/micropython.spec
+++ b/micropython.spec
@@ -27,6 +27,7 @@ License:        MIT
 URL:            https://micropython.org/
 Source0:        %{name}-%{version}.tar.xz
 Source1:        prepare.sh
 Source2:        https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-3.6.5/mbedtls-3.6.5.tar.bz2#/mbedtls-3.6.5.tar.bz2
 BuildRequires:  openssl
 BuildRequires:  pkgconfig
 BuildRequires:  python3
@@ -65,12 +66,15 @@ MicroPython tools like the mpy-cross compiler for compiling.py files to .mpy fil
 Also mpy-tool for inspecting .mpy files.
 %prep
-%autosetup -p1
+%autosetup -p1 -a2
 sed -i -e "s:/usr/lib/micropython:%{_prefix}/lib/micropython:g" "ports/unix/main.c"
 %define make_flags V=1 MICROPY_PY_BTREE=0 MICROPY_PY_USSL=0
 rm -rf lib/mbedtls
 mv mbedtls-3.6.5 lib/mbedtls
 %build
 # micropython
 export CFLAGS="%optflags -Wno-dangling-pointer"