Update mbedtls to version 3.6.2 This new update to the LTS branch of MbedTLS provides the fix for a buffer underrun vulnerability. TF-A does not use the previously vulnerable functions `mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`. Full patch notes to this MbedTLS update can be found at https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2. Signed-off-by: Ryan Everett <ryan.everett@arm.com> Change-Id: I3496fbe54c3d85f7a5330b49cd77ccd16f7cb7fa (cherry picked from commit f3eb26844acefd8e78e1b69e99eeecca9b21ac08)

commit: a6bbfb7a79bad363735e1543f1d03bcfbbbc3b03 [log] [tgz]
author: Ryan Everett <ryan.everett@arm.com> Tue Nov 26 11:43:36 2024 +0000
committer: Yann Gautier <yann.gautier@st.com> Fri Jan 10 17:45:36 2025 +0100
tree: 3fa4ae5f1d684ed426f6516884436f30bf264134
parent: d6c50172fc8627865c47611a827c7d1b52bf2f8e [diff] [blame]
diff --git a/utils.sh b/utils.sh
index 464fc1e..0cf0915 100644
--- a/utils.sh
+++ b/utils.sh

@@ -630,7 +630,7 @@
 
 linaro_2001_release="${linaro_2001_release:-$tfa_downloads/linaro/20.01}"
 linaro_release="${linaro_release:-$linaro_2001_release}"
-mbedtls_version="${mbedtls_version:-3.6.1}"
+mbedtls_version="${mbedtls_version:-3.6.2}"
 
 # mbedTLS archive public hosting available at github.com
 mbedtls_archive="${mbedtls_archive:-https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v${mbedtls_version}.tar.gz}"
commit	a6bbfb7a79bad363735e1543f1d03bcfbbbc3b03	[log] [tgz]
author	Ryan Everett <ryan.everett@arm.com>	Tue Nov 26 11:43:36 2024 +0000
committer	Yann Gautier <yann.gautier@st.com>	Fri Jan 10 17:45:36 2025 +0100
tree	3fa4ae5f1d684ed426f6516884436f30bf264134
parent	d6c50172fc8627865c47611a827c7d1b52bf2f8e [diff] [blame]