mbedtls (security/polarssl) has been updated to 2.7.0., which fixes CVE-2018-0488, CVE-2018-0487, and other security related issues. Changelog can be found at https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog
Bumped minor library number of mbedtls as functions have been added, and bumped major library number of mbedcrypto because of API changes (replacement of functions in the message digest modules). I found no changes related to mbedx509 (checked by diffing nm output). Output make test: 100% tests passed, 0 tests failed out of 60 While here set SEPARATE_BUILD=Yes diff --git Makefile Makefile index 67dce4e4e86..271b007d500 100644 --- Makefile +++ Makefile @@ -2,13 +2,13 @@ COMMENT= SSL library with an intuitive API and readable source code -DISTNAME= mbedtls-2.6.0 +DISTNAME= mbedtls-2.7.0 EXTRACT_SUFX= -gpl.tgz # check SOVERSION -SHARED_LIBS += mbedtls 3.0 # 2.6 -SHARED_LIBS += mbedcrypto 1.0 # 2.6 -SHARED_LIBS += mbedx509 1.0 # 2.6 +SHARED_LIBS += mbedtls 3.1 # 2.7 +SHARED_LIBS += mbedcrypto 2.0 # 2.7 +SHARED_LIBS += mbedx509 1.0 # 2.7 CATEGORIES= security @@ -24,6 +24,7 @@ MASTER_SITES= https://tls.mbed.org/download/ MODULES= devel/cmake +SEPARATE_BUILD= Yes CONFIGURE_ARGS= -DUSE_SHARED_MBEDTLS_LIBRARY=ON \ -DLINK_WITH_PTHREAD=ON diff --git distinfo distinfo index ea7816f7808..27c7d8602c6 100644 --- distinfo +++ distinfo @@ -1,2 +1,2 @@ -SHA256 (mbedtls-2.6.0-gpl.tgz) = qZlZ1zYN7yL5EI0tSHyd44T+dsNJaXF2sfIjcAgNWBA= -SIZE (mbedtls-2.6.0-gpl.tgz) = 1958070 +SHA256 (mbedtls-2.7.0-gpl.tgz) = LG/iibS1C/Z7SDnoGwf89SoZ9RKdAkHSqk1Jyx7xHk8= +SIZE (mbedtls-2.7.0-gpl.tgz) = 2092971 diff --git patches/patch-include_mbedtls_config_h patches/patch-include_mbedtls_config_h index 69f4bd2dcdd..49c8a211797 100644 --- patches/patch-include_mbedtls_config_h +++ patches/patch-include_mbedtls_config_h @@ -6,7 +6,7 @@ www/hiawatha. Index: include/mbedtls/config.h --- include/mbedtls/config.h.orig +++ include/mbedtls/config.h -@@ -1385,7 +1385,7 @@ +@@ -1433,7 +1433,7 @@ * * Uncomment this to enable pthread mutexes. */ @@ -15,7 +15,7 @@ Index: include/mbedtls/config.h /** * \def MBEDTLS_VERSION_FEATURES -@@ -2423,7 +2423,7 @@ +@@ -2510,7 +2510,7 @@ * * Enable this layer to allow use of mutexes within mbed TLS */ diff --git patches/patch-tests_suites_main_test_function patches/patch-tests_suites_main_test_function index d3c25267144..d238412fb44 100644 --- patches/patch-tests_suites_main_test_function +++ patches/patch-tests_suites_main_test_function @@ -5,11 +5,10 @@ XXX can't take the address of stdout Index: tests/suites/main_test.function --- tests/suites/main_test.function.orig +++ tests/suites/main_test.function -@@ -401,32 +401,7 @@ int main(int argc, const char *argv[]) - if( unmet_dep_count == 0 ) +@@ -418,30 +418,7 @@ int main(int argc, const char *argv[]) { - test_errors = 0; -- + test_info.failed = 0; + -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) - /* Suppress all output from the library unless we're verbose - * mode @@ -34,7 +33,6 @@ Index: tests/suites/main_test.function - exit( 1 ); - } -#endif /* __unix__ || __APPLE__ __MACH__ */ -- + } - if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) diff --git pkg/PLIST pkg/PLIST index 554de97a044..8dd1d192b04 100644 --- pkg/PLIST +++ pkg/PLIST @@ -54,6 +54,7 @@ include/mbedtls/platform.h include/mbedtls/platform_time.h include/mbedtls/ripemd160.h include/mbedtls/rsa.h +include/mbedtls/rsa_internal.h include/mbedtls/sha1.h include/mbedtls/sha256.h include/mbedtls/sha512.h
