On 2018/02/06 07:09, Björn Ketelaars wrote: > mbedtls (security/polarssl) has been updated to 2.7.0., which fixes > CVE-2018-0488, CVE-2018-0487, and other security related issues. > Changelog can be found at > https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog > > Bumped minor library number of mbedtls as functions have been added, and > bumped major library number of mbedcrypto because of API changes > (replacement of functions in the message digest modules). I found no > changes related to mbedx509 (checked by diffing nm output). > > Output make test: > > 100% tests passed, 0 tests failed out of 60 > > While here set SEPARATE_BUILD=Yes
SEPARATE_BUILD is already on by default for cmake ports. Rest looks good, will handle it later this morning. > > > > diff --git Makefile Makefile > index 67dce4e4e86..271b007d500 100644 > --- Makefile > +++ Makefile > @@ -2,13 +2,13 @@ > > COMMENT= SSL library with an intuitive API and readable source code > > -DISTNAME= mbedtls-2.6.0 > +DISTNAME= mbedtls-2.7.0 > EXTRACT_SUFX= -gpl.tgz > > # check SOVERSION > -SHARED_LIBS += mbedtls 3.0 # 2.6 > -SHARED_LIBS += mbedcrypto 1.0 # 2.6 > -SHARED_LIBS += mbedx509 1.0 # 2.6 > +SHARED_LIBS += mbedtls 3.1 # 2.7 > +SHARED_LIBS += mbedcrypto 2.0 # 2.7 > +SHARED_LIBS += mbedx509 1.0 # 2.7 > > CATEGORIES= security > > @@ -24,6 +24,7 @@ MASTER_SITES= https://tls.mbed.org/download/ > > MODULES= devel/cmake > > +SEPARATE_BUILD= Yes > CONFIGURE_ARGS= -DUSE_SHARED_MBEDTLS_LIBRARY=ON \ > -DLINK_WITH_PTHREAD=ON > > diff --git distinfo distinfo > index ea7816f7808..27c7d8602c6 100644 > --- distinfo > +++ distinfo > @@ -1,2 +1,2 @@ > -SHA256 (mbedtls-2.6.0-gpl.tgz) = qZlZ1zYN7yL5EI0tSHyd44T+dsNJaXF2sfIjcAgNWBA= > -SIZE (mbedtls-2.6.0-gpl.tgz) = 1958070 > +SHA256 (mbedtls-2.7.0-gpl.tgz) = LG/iibS1C/Z7SDnoGwf89SoZ9RKdAkHSqk1Jyx7xHk8= > +SIZE (mbedtls-2.7.0-gpl.tgz) = 2092971 > diff --git patches/patch-include_mbedtls_config_h > patches/patch-include_mbedtls_config_h > index 69f4bd2dcdd..49c8a211797 100644 > --- patches/patch-include_mbedtls_config_h > +++ patches/patch-include_mbedtls_config_h > @@ -6,7 +6,7 @@ www/hiawatha. > Index: include/mbedtls/config.h > --- include/mbedtls/config.h.orig > +++ include/mbedtls/config.h > -@@ -1385,7 +1385,7 @@ > +@@ -1433,7 +1433,7 @@ > * > * Uncomment this to enable pthread mutexes. > */ > @@ -15,7 +15,7 @@ Index: include/mbedtls/config.h > > /** > * \def MBEDTLS_VERSION_FEATURES > -@@ -2423,7 +2423,7 @@ > +@@ -2510,7 +2510,7 @@ > * > * Enable this layer to allow use of mutexes within mbed TLS > */ > diff --git patches/patch-tests_suites_main_test_function > patches/patch-tests_suites_main_test_function > index d3c25267144..d238412fb44 100644 > --- patches/patch-tests_suites_main_test_function > +++ patches/patch-tests_suites_main_test_function > @@ -5,11 +5,10 @@ XXX can't take the address of stdout > Index: tests/suites/main_test.function > --- tests/suites/main_test.function.orig > +++ tests/suites/main_test.function > -@@ -401,32 +401,7 @@ int main(int argc, const char *argv[]) > - if( unmet_dep_count == 0 ) > +@@ -418,30 +418,7 @@ int main(int argc, const char *argv[]) > { > - test_errors = 0; > -- > + test_info.failed = 0; > + > -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) > - /* Suppress all output from the library unless we're verbose > - * mode > @@ -34,7 +33,6 @@ Index: tests/suites/main_test.function > - exit( 1 ); > - } > -#endif /* __unix__ || __APPLE__ __MACH__ */ > -- > + > } > > - if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) > diff --git pkg/PLIST pkg/PLIST > index 554de97a044..8dd1d192b04 100644 > --- pkg/PLIST > +++ pkg/PLIST > @@ -54,6 +54,7 @@ include/mbedtls/platform.h > include/mbedtls/platform_time.h > include/mbedtls/ripemd160.h > include/mbedtls/rsa.h > +include/mbedtls/rsa_internal.h > include/mbedtls/sha1.h > include/mbedtls/sha256.h > include/mbedtls/sha512.h >
