Thursday, January 30, 2020

Re: UPDATE mbedtls-2.16.4

On Thu 23/01/2020 05:38, Bjorn Ketelaars wrote:
> On Thu 16/01/2020 07:22, Bjorn Ketelaars wrote:
> > mbedtls-2.16.4 has been released, which fixes a side channel attack on
> > ECDSA (CVE-2019-18222). More information can be found at
> > https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
> >
> > Changes to port:
> > - Minor of mbedcrypto has been bumped as a symbol has been added.
> >
> > Testing:
> > - 'make test' runs successfully
> > - build tested all consumers
> > - run tested in combination with openvpn,mbedtls
> >
> > I also tested this update on current.
> >
> > OK to push this update to both snapshot and current?
>
> Ping...
>


Another ping...

For your convenience:


diff --git Makefile Makefile
index 497dcde0b01..ba301feb7f1 100644
--- Makefile
+++ Makefile
@@ -4,12 +4,12 @@ PORTROACH= limit:^2\.16

COMMENT= SSL library with an intuitive API and readable source code

-DISTNAME= mbedtls-2.16.3
+DISTNAME= mbedtls-2.16.4
EXTRACT_SUFX= -gpl.tgz

# check SOVERSION
SHARED_LIBS += mbedtls 6.1 # 12
-SHARED_LIBS += mbedcrypto 4.3 # 3
+SHARED_LIBS += mbedcrypto 4.4 # 3
SHARED_LIBS += mbedx509 3.1 # 0

CATEGORIES= security
diff --git distinfo distinfo
index d8a902b3eb9..258fc934363 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.16.3-gpl.tgz) = /QH+SyiRFt93gdBeHvcStsmII8UzT0onQE8TqNBm72o=
-SIZE (mbedtls-2.16.3-gpl.tgz) = 2560598
+SHA256 (mbedtls-2.16.4-gpl.tgz) = X9ucQ6tD/ZvMNjFQgXCwie3nuG3WVSU6k8sP/rQjCfM=
+SIZE (mbedtls-2.16.4-gpl.tgz) = 2699806
diff --git patches/patch-include_mbedtls_config_h patches/patch-include_mbedtls_config_h
index 3dc01becdf9..68e6102944f 100644
--- patches/patch-include_mbedtls_config_h
+++ patches/patch-include_mbedtls_config_h
@@ -6,7 +6,7 @@ www/hiawatha.
Index: include/mbedtls/config.h
--- include/mbedtls/config.h.orig
+++ include/mbedtls/config.h
-@@ -1678,7 +1678,7 @@
+@@ -1685,7 +1685,7 @@
*
* Uncomment this to enable pthread mutexes.
*/
@@ -15,7 +15,7 @@ Index: include/mbedtls/config.h

/**
* \def MBEDTLS_VERSION_FEATURES
-@@ -2870,7 +2870,7 @@
+@@ -2881,7 +2881,7 @@
*
* Enable this layer to allow use of mutexes within mbed TLS
*/

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)