A new version of polarssl is available (2.12.0), which addresses
2 vulnerabilities in the TLS ciphersuites (CVE-2018-0497 and
CVE-2018-0498).
This version also adds several new features as indicated on
https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released
and
https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released
Major number of all SHARED_LIBS have been bumped as symbols have been
removed from each library.
OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/polarssl/Makefile,v
retrieving revision 1.21
diff -u -p -r1.21 Makefile
--- Makefile 15 May 2018 17:39:19 -0000 1.21
+++ Makefile 7 Aug 2018 10:07:00 -0000
@@ -2,13 +2,13 @@
COMMENT= SSL library with an intuitive API and readable source code
-DISTNAME= mbedtls-2.9.0
+DISTNAME= mbedtls-2.12.0
EXTRACT_SUFX= -gpl.tgz
# check SOVERSION
-SHARED_LIBS += mbedtls 3.2 # 10
-SHARED_LIBS += mbedcrypto 2.1 # 2
-SHARED_LIBS += mbedx509 1.0 # 0
+SHARED_LIBS += mbedtls 4.0 # 11
+SHARED_LIBS += mbedcrypto 3.0 # 3
+SHARED_LIBS += mbedx509 2.0 # 0
CATEGORIES= security
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/polarssl/distinfo,v
retrieving revision 1.14
diff -u -p -r1.14 distinfo
--- distinfo 15 May 2018 17:39:19 -0000 1.14
+++ distinfo 7 Aug 2018 10:07:00 -0000
@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.9.0-gpl.tgz) = Nhg30NjU4XisUeoaTqz7wMV+o8r7Rg/WtGofQiOk4VE=
-SIZE (mbedtls-2.9.0-gpl.tgz) = 2239531
+SHA256 (mbedtls-2.12.0-gpl.tgz) = hmHRmolqWnojLtAax/Bc8Ow1FHmPGAdsLJ75ZfvrWig=
+SIZE (mbedtls-2.12.0-gpl.tgz) = 2376449
Index: patches/patch-CMakeLists_txt
===================================================================
RCS file: /cvs/ports/security/polarssl/patches/patch-CMakeLists_txt,v
retrieving revision 1.5
diff -u -p -r1.5 patch-CMakeLists_txt
--- patches/patch-CMakeLists_txt 21 Oct 2017 00:47:52 -0000 1.5
+++ patches/patch-CMakeLists_txt 7 Aug 2018 10:07:00 -0000
@@ -2,7 +2,7 @@ $OpenBSD: patch-CMakeLists_txt,v 1.5 201
Index: CMakeLists.txt
--- CMakeLists.txt.orig
+++ CMakeLists.txt
-@@ -70,8 +70,6 @@ if(CMAKE_COMPILER_IS_GNUCC)
+@@ -107,8 +107,6 @@ if(CMAKE_COMPILER_IS_GNU)
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
endif()
@@ -11,12 +11,12 @@ Index: CMakeLists.txt
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3")
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
-@@ -81,8 +79,6 @@ endif(CMAKE_COMPILER_IS_GNUCC)
+@@ -118,8 +116,6 @@ endif(CMAKE_COMPILER_IS_GNU)
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
- set(CMAKE_C_FLAGS_RELEASE "-O2")
- set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3")
- set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
+ set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
Index: patches/patch-include_mbedtls_config_h
===================================================================
RCS file: /cvs/ports/security/polarssl/patches/patch-include_mbedtls_config_h,v
retrieving revision 1.5
diff -u -p -r1.5 patch-include_mbedtls_config_h
--- patches/patch-include_mbedtls_config_h 15 May 2018 17:39:19 -0000 1.5
+++ patches/patch-include_mbedtls_config_h 7 Aug 2018 10:07:00 -0000
@@ -6,7 +6,7 @@ www/hiawatha.
Index: include/mbedtls/config.h
--- include/mbedtls/config.h.orig
+++ include/mbedtls/config.h
-@@ -1492,7 +1492,7 @@
+@@ -1549,7 +1549,7 @@
*
* Uncomment this to enable pthread mutexes.
*/
@@ -15,7 +15,7 @@ Index: include/mbedtls/config.h
/**
* \def MBEDTLS_VERSION_FEATURES
-@@ -2572,7 +2572,7 @@
+@@ -2739,7 +2739,7 @@
*
* Enable this layer to allow use of mutexes within mbed TLS
*/
Index: patches/patch-tests_suites_main_test_function
===================================================================
RCS file: /cvs/ports/security/polarssl/patches/patch-tests_suites_main_test_function,v
retrieving revision 1.3
diff -u -p -r1.3 patch-tests_suites_main_test_function
--- patches/patch-tests_suites_main_test_function 15 May 2018 17:39:19 -0000 1.3
+++ patches/patch-tests_suites_main_test_function 7 Aug 2018 10:07:00 -0000
@@ -5,7 +5,7 @@ XXX can't take the address of stdout
Index: tests/suites/main_test.function
--- tests/suites/main_test.function.orig
+++ tests/suites/main_test.function
-@@ -436,32 +436,7 @@ int main(int argc, const char *argv[])
+@@ -447,32 +447,7 @@ int main(int argc, const char *argv[])
{
test_info.failed = 0;
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/polarssl/pkg/PLIST,v
retrieving revision 1.11
diff -u -p -r1.11 PLIST
--- pkg/PLIST 6 Feb 2018 10:26:31 -0000 1.11
+++ pkg/PLIST 7 Aug 2018 10:07:00 -0000
@@ -4,6 +4,7 @@ include/mbedtls/
include/mbedtls/aes.h
include/mbedtls/aesni.h
include/mbedtls/arc4.h
+include/mbedtls/aria.h
include/mbedtls/asn1.h
include/mbedtls/asn1write.h
include/mbedtls/base64.h
@@ -13,6 +14,8 @@ include/mbedtls/bn_mul.h
include/mbedtls/camellia.h
include/mbedtls/ccm.h
include/mbedtls/certs.h
+include/mbedtls/chacha20.h
+include/mbedtls/chachapoly.h
include/mbedtls/check_config.h
include/mbedtls/cipher.h
include/mbedtls/cipher_internal.h
@@ -33,6 +36,7 @@ include/mbedtls/entropy_poll.h
include/mbedtls/error.h
include/mbedtls/gcm.h
include/mbedtls/havege.h
+include/mbedtls/hkdf.h
include/mbedtls/hmac_drbg.h
include/mbedtls/md.h
include/mbedtls/md2.h
@@ -42,6 +46,7 @@ include/mbedtls/md_internal.h
include/mbedtls/memory_buffer_alloc.h
include/mbedtls/net.h
include/mbedtls/net_sockets.h
+include/mbedtls/nist_kw.h
include/mbedtls/oid.h
include/mbedtls/padlock.h
include/mbedtls/pem.h
@@ -52,6 +57,8 @@ include/mbedtls/pkcs12.h
include/mbedtls/pkcs5.h
include/mbedtls/platform.h
include/mbedtls/platform_time.h
+include/mbedtls/platform_util.h
+include/mbedtls/poly1305.h
include/mbedtls/ripemd160.h
include/mbedtls/rsa.h
include/mbedtls/rsa_internal.h
No comments:
Post a Comment