From f5b8b0ac5dfab0fa5e9baa3b2a32fc500d9a93a6 Mon Sep 17 00:00:00 2001
From: Wouter Deconinck <wdconinc@gmail.com>
Date: Sun, 10 Nov 2024 17:09:06 -0600
Subject: mbedtls: add v2.28.9, v3.6.2 (fix CVEs) (#46637)

* mbedtls: add v2.28.9, v3.6.1 (fix CVEs)
* mbedtls: add v3.6.2
---
 var/spack/repos/builtin/packages/mbedtls/package.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'var')

diff --git a/var/spack/repos/builtin/packages/mbedtls/package.py b/var/spack/repos/builtin/packages/mbedtls/package.py
index 73f463239d..2478192bc4 100644
--- a/var/spack/repos/builtin/packages/mbedtls/package.py
+++ b/var/spack/repos/builtin/packages/mbedtls/package.py
@@ -18,13 +18,18 @@ class Mbedtls(MakefilePackage):
 
     maintainers("haampie")
 
-    license("Apache-2.0 OR GPL-2.0-or-later")
+    license("Apache-2.0 OR GPL-2.0-or-later", checked_by="wdconinc")
 
     # version 3.x
-    version("3.6.0", sha256="3ecf94fcfdaacafb757786a01b7538a61750ebd85c4b024f56ff8ba1490fcd38")
-    version("3.3.0", sha256="a22ff38512697b9cd8472faa2ea2d35e320657f6d268def3a64765548b81c3ec")
+    version("3.6.2", sha256="8b54fb9bcf4d5a7078028e0520acddefb7900b3e66fec7f7175bb5b7d85ccdca")
+    with default_args(deprecated=True):
+        # https://nvd.nist.gov/vuln/detail/CVE-2024-45159
+        version("3.6.1", sha256="fc8bef0991b43629b7e5319de6f34f13359011105e08e3e16eed3a9fe6ffd3a3")
+        version("3.6.0", sha256="3ecf94fcfdaacafb757786a01b7538a61750ebd85c4b024f56ff8ba1490fcd38")
+        version("3.3.0", sha256="a22ff38512697b9cd8472faa2ea2d35e320657f6d268def3a64765548b81c3ec")
 
     # version 2.x
+    version("2.28.9", sha256="e85ea97aaf78dd6c0a5ba2e54dd5932ffa15f39abfc189c26beef7684630c02b")
     version("2.28.8", sha256="241c68402cef653e586be3ce28d57da24598eb0df13fcdea9d99bfce58717132")
     version("2.28.2", sha256="1db6d4196178fa9f8264bef5940611cd9febcd5d54ec05f52f1e8400f792b5a4")
     version("2.7.19", sha256="3da12b1cebe1a25da8365d5349f67db514aefcaa75e26082d7cb2fa3ce9608aa")
@@ -79,7 +84,10 @@ class Mbedtls(MakefilePackage):
     def url_for_version(self, version):
         if self.spec.satisfies("@:2.28.7,3:3.5"):
             return f"https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v{version}.tar.gz"
-        return f"https://github.com/Mbed-TLS/mbedtls/releases/download/v{version}/mbedtls-{version}.tar.bz2"
+        if self.spec.satisfies("@2.28.8,3.6.0"):
+            return f"https://github.com/Mbed-TLS/mbedtls/releases/download/v{version}/mbedtls-{version}.tar.bz2"
+        # release tags for @2.28.9:2,3.6.1:
+        return f"https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-{version}/mbedtls-{version}.tar.bz2"
 
     def flag_handler(self, name, flags):
         # Compile with PIC, if requested.
-- 
cgit v1.2.3-70-g09d2