On Fri, Dec 07 2018, Björn Ketelaars <bjorn.ketelaars@hydroxide.nl> wrote:
> Diff below brings mbedtls to 2.14.1, which fixes CVE-2018-19608.
> Overview on changes can be found at
> https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
>
> Minor of mbedcrypto has been bumped as symbols have been added.
>
> make test runs successfully on amd64. Build tested its consumers, and
> lightly tested with net/openvpn,mbedtls.
>
> OK?
ok jca@
>
> diff --git Makefile Makefile
> index 2003be6c7a8..f5b20abbb8b 100644
> --- Makefile
> +++ Makefile
> @@ -2,12 +2,12 @@
>
> COMMENT= SSL library with an intuitive API and readable source code
>
> -DISTNAME= mbedtls-2.14.0
> +DISTNAME= mbedtls-2.14.1
> EXTRACT_SUFX= -gpl.tgz
>
> # check SOVERSION
> SHARED_LIBS += mbedtls 6.0 # 12
> -SHARED_LIBS += mbedcrypto 4.0 # 3
> +SHARED_LIBS += mbedcrypto 4.1 # 3
> SHARED_LIBS += mbedx509 3.0 # 0
>
> CATEGORIES= security
> diff --git distinfo distinfo
> index 2712310e561..9b91233d01d 100644
> --- distinfo
> +++ distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (mbedtls-2.14.0-gpl.tgz) = fGLsAqV348ygHujNFh4eNpU3cUoUjvqv55iHudlVppE=
> -SIZE (mbedtls-2.14.0-gpl.tgz) = 2471418
> +SHA256 (mbedtls-2.14.1-gpl.tgz) = uqESGVJ4b1ssZsUiJqjKDgUSbekg0XViZlUd9neRW34=
> +SIZE (mbedtls-2.14.1-gpl.tgz) = 2477521
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
No comments:
Post a Comment