On Mon, Apr 02 2018, Björn Ketelaars <[email protected]> wrote:
> Please find enclosed a diff for bringing mbedtls to 2.8.0, which fixes
> various security issues. See
> https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog
>
> Bumped minor of mbedcrypto as symbols have been added.
>
> make test runs successfully. net/openvpn,mbedtls builds, and tests ok.
Tests ok on amd64 and sparc64; a single test fails on arm with both
2.7.0 and 2.8.0.
45/60 Test #45: mpi-suite ........................***Failed 0.98 sec
Start 46: pem-suite
> Comments/OK?
ok jca@ for -current.
Not sure yet what would be the best way to handle -stable, the minor
bump should be harmless afaik (no need to rebuild all consumers); else
we could backport the security fix(es) only.
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/polarssl/Makefile,v
> retrieving revision 1.19
> diff -u -p -r1.19 Makefile
> --- Makefile 6 Feb 2018 10:26:31 -0000 1.19
> +++ Makefile 2 Apr 2018 09:06:17 -0000
> @@ -2,13 +2,13 @@
>
> COMMENT= SSL library with an intuitive API and readable source code
>
> -DISTNAME= mbedtls-2.7.0
> +DISTNAME= mbedtls-2.8.0
> EXTRACT_SUFX= -gpl.tgz
>
> # check SOVERSION
> -SHARED_LIBS += mbedtls 3.1 # 2.7
> -SHARED_LIBS += mbedcrypto 2.0 # 2.7
> -SHARED_LIBS += mbedx509 1.0 # 2.7
> +SHARED_LIBS += mbedtls 3.1 # 2.8
> +SHARED_LIBS += mbedcrypto 2.1 # 2.8
> +SHARED_LIBS += mbedx509 1.0 # 2.8
>
> CATEGORIES= security
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/security/polarssl/distinfo,v
> retrieving revision 1.12
> diff -u -p -r1.12 distinfo
> --- distinfo 6 Feb 2018 10:26:31 -0000 1.12
> +++ distinfo 2 Apr 2018 09:06:17 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (mbedtls-2.7.0-gpl.tgz) = LG/iibS1C/Z7SDnoGwf89SoZ9RKdAkHSqk1Jyx7xHk8=
> -SIZE (mbedtls-2.7.0-gpl.tgz) = 2092971
> +SHA256 (mbedtls-2.8.0-gpl.tgz) = ZJ6ycYcVRZDt2lKUOn9GjnQOwIgH5b9o/0X06P/WiSM=
> +SIZE (mbedtls-2.8.0-gpl.tgz) = 2121103
> Index: patches/patch-include_mbedtls_config_h
> ===================================================================
> RCS file:
> /cvs/ports/security/polarssl/patches/patch-include_mbedtls_config_h,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-include_mbedtls_config_h
> --- patches/patch-include_mbedtls_config_h 6 Feb 2018 10:26:31 -0000
> 1.3
> +++ patches/patch-include_mbedtls_config_h 2 Apr 2018 09:06:17 -0000
> @@ -6,7 +6,7 @@ www/hiawatha.
> Index: include/mbedtls/config.h
> --- include/mbedtls/config.h.orig
> +++ include/mbedtls/config.h
> -@@ -1433,7 +1433,7 @@
> +@@ -1458,7 +1458,7 @@
> *
> * Uncomment this to enable pthread mutexes.
> */
> @@ -15,7 +15,7 @@ Index: include/mbedtls/config.h
>
> /**
> * \def MBEDTLS_VERSION_FEATURES
> -@@ -2510,7 +2510,7 @@
> +@@ -2538,7 +2538,7 @@
> *
> * Enable this layer to allow use of mutexes within mbed TLS
> */
>
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
