UPDATE security/polarssl-2.16.7

Mbed TLS (security/polarssl) 2.16.7 is a maintenance release of the Mbed
TLS 2.16 branch, and provides bug fixes and minor enhancements. This
release includes a fix for a side-channel attack on ECC key import and
validation. Overview on changes can be found at
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.7.

Upstream has moved distribution of newer tarballs to GitHub
(https://tls.mbed.org/download).

All tests run successfully on amd64.

As with previous updates, I think it makes sense to backport this one to
stable as well.

Comments/OK?


diff --git Makefile Makefile
index d883afa70fb..82ea8c0d1ca 100644
--- Makefile
+++ Makefile
@@ -4,8 +4,10 @@ PORTROACH= limit:^2\.16

COMMENT= SSL library with an intuitive API and readable source code

-DISTNAME= mbedtls-2.16.6
-EXTRACT_SUFX= -gpl.tgz
+GH_ACCOUNT= ARMmbed
+GH_PROJECT= mbedtls
+GH_TAGNAME= mbedtls-2.16.7
+DISTNAME= ${GH_TAGNAME}

# check SOVERSION
SHARED_LIBS += mbedtls 6.1 # 12
@@ -23,8 +25,6 @@ PERMIT_PACKAGE= Yes

WANTLIB += c pthread

-MASTER_SITES= https://tls.mbed.org/download/
-
MODULES= devel/cmake \
lang/python

diff --git distinfo distinfo
index 44df8d00d6f..eabb0429882 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.16.6-gpl.tgz) = gKSE30LzLb6VZlzUsYzg3RS2xn39Vh020UdYAuQes+0=
-SIZE (mbedtls-2.16.6-gpl.tgz) = 2706375
+SHA256 (mbedtls-2.16.7.tar.gz) = R4a30WdvXk0kjzp/LShEaHbWSWJjTwYP8huSxpDPvoY=
+SIZE (mbedtls-2.16.7.tar.gz) = 2658294
diff --git patches/patch-include_mbedtls_config_h patches/patch-include_mbedtls_config_h
index 026af0d78fb..7fcec89364b 100644
--- patches/patch-include_mbedtls_config_h
+++ patches/patch-include_mbedtls_config_h
@@ -6,7 +6,7 @@ www/hiawatha.
Index: include/mbedtls/config.h
--- include/mbedtls/config.h.orig
+++ include/mbedtls/config.h
-@@ -1685,7 +1685,7 @@
+@@ -1732,7 +1732,7 @@
*
* Uncomment this to enable pthread mutexes.
*/
@@ -15,7 +15,7 @@ Index: include/mbedtls/config.h

/**
* \def MBEDTLS_VERSION_FEATURES
-@@ -2881,7 +2881,7 @@
+@@ -2928,7 +2928,7 @@
*
* Enable this layer to allow use of mutexes within mbed TLS
*/
diff --git patches/patch-tests_suites_host_test_function patches/patch-tests_suites_host_test_function
index 3bae389dd74..b6d33d5bc9c 100644
--- patches/patch-tests_suites_host_test_function
+++ patches/patch-tests_suites_host_test_function
@@ -5,7 +5,7 @@ Can't take the address of stdout.
Index: tests/suites/host_test.function
--- tests/suites/host_test.function.orig
+++ tests/suites/host_test.function
-@@ -400,9 +400,6 @@ int execute_tests( int argc , const char ** argv )
+@@ -401,9 +401,6 @@ int execute_tests( int argc , const char ** argv )
/* Store for proccessed integer params. */
int int_params[50];
void *pointer;
@@ -15,7 +15,7 @@ Index: tests/suites/host_test.function

#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
-@@ -537,20 +534,6 @@ int execute_tests( int argc , const char ** argv )
+@@ -548,20 +545,6 @@ int execute_tests( int argc , const char ** argv )
test_info.result = TEST_RESULT_SUCCESS;
test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE;

@@ -34,9 +34,9 @@ Index: tests/suites/host_test.function
- }
-