Diff below brings mbedtls to 2.14.1, which fixes CVE-2018-19608. Overview on changes can be found at https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
Minor of mbedcrypto has been bumped as symbols have been added. make test runs successfully on amd64. Build tested its consumers, and lightly tested with net/openvpn,mbedtls. OK? diff --git Makefile Makefile index 2003be6c7a8..f5b20abbb8b 100644 --- Makefile +++ Makefile @@ -2,12 +2,12 @@ COMMENT= SSL library with an intuitive API and readable source code -DISTNAME= mbedtls-2.14.0 +DISTNAME= mbedtls-2.14.1 EXTRACT_SUFX= -gpl.tgz # check SOVERSION SHARED_LIBS += mbedtls 6.0 # 12 -SHARED_LIBS += mbedcrypto 4.0 # 3 +SHARED_LIBS += mbedcrypto 4.1 # 3 SHARED_LIBS += mbedx509 3.0 # 0 CATEGORIES= security diff --git distinfo distinfo index 2712310e561..9b91233d01d 100644 --- distinfo +++ distinfo @@ -1,2 +1,2 @@ -SHA256 (mbedtls-2.14.0-gpl.tgz) = fGLsAqV348ygHujNFh4eNpU3cUoUjvqv55iHudlVppE= -SIZE (mbedtls-2.14.0-gpl.tgz) = 2471418 +SHA256 (mbedtls-2.14.1-gpl.tgz) = uqESGVJ4b1ssZsUiJqjKDgUSbekg0XViZlUd9neRW34= +SIZE (mbedtls-2.14.1-gpl.tgz) = 2477521
