On Mon, May 14 2018, Björn Ketelaars <bjorn.ketela...@hydroxide.nl> wrote: > Please find enclosed a diff for bringing mbedtls to 2.9.0, which fixes > various security issues, and bugs. See > https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released > > Minor of mbedtls has been bumped as symbols have been added. > > make test runs successfully on amd64, as do its consumers: > - net/openvpn,mbedtls builds, and tests ok > - www/hiawatha builds ok > > Concerning -stable: the minor bump should be harmless (no need to > rebuild its only consumer: openvpn,mbedtls). I think it is possible to > commit this update. > > Comments/OK?
Good idea to kill that comment, I'm not sure there's a point in changing the WANTLIB line though... -# libssl/libcrypto are used for polarssl_o_p_test only -WANTLIB += c pthread +WANTLIB= c pthread mpi-suite fails sometimes on amd64 but this already happens with the in-tree version. ok jca@, both for -current and -stable. > Index: Makefile > =================================================================== > RCS file: /cvs/ports/security/polarssl/Makefile,v > retrieving revision 1.20 > diff -u -p -r1.20 Makefile > --- Makefile 2 Apr 2018 17:16:19 -0000 1.20 > +++ Makefile 14 May 2018 18:48:15 -0000 > @@ -2,13 +2,13 @@ > > COMMENT= SSL library with an intuitive API and readable source code > > -DISTNAME= mbedtls-2.8.0 > +DISTNAME= mbedtls-2.9.0 > EXTRACT_SUFX= -gpl.tgz > > # check SOVERSION > -SHARED_LIBS += mbedtls 3.1 # 2.8 > -SHARED_LIBS += mbedcrypto 2.1 # 2.8 > -SHARED_LIBS += mbedx509 1.0 # 2.8 > +SHARED_LIBS += mbedtls 3.2 # 10 > +SHARED_LIBS += mbedcrypto 2.1 # 2 > +SHARED_LIBS += mbedx509 1.0 # 0 > > CATEGORIES= security > > @@ -17,8 +17,7 @@ HOMEPAGE= https://tls.mbed.org/ > # Dual licensed: GPLv2+/Commercial, Apache v2 is also available > PERMIT_PACKAGE_CDROM= Yes > > -# libssl/libcrypto are used for polarssl_o_p_test only > -WANTLIB += c pthread > +WANTLIB= c pthread > > MASTER_SITES= https://tls.mbed.org/download/ > > Index: distinfo > =================================================================== > RCS file: /cvs/ports/security/polarssl/distinfo,v > retrieving revision 1.13 > diff -u -p -r1.13 distinfo > --- distinfo 2 Apr 2018 17:16:19 -0000 1.13 > +++ distinfo 14 May 2018 18:48:15 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (mbedtls-2.8.0-gpl.tgz) = ZJ6ycYcVRZDt2lKUOn9GjnQOwIgH5b9o/0X06P/WiSM= > -SIZE (mbedtls-2.8.0-gpl.tgz) = 2121103 > +SHA256 (mbedtls-2.9.0-gpl.tgz) = Nhg30NjU4XisUeoaTqz7wMV+o8r7Rg/WtGofQiOk4VE= > +SIZE (mbedtls-2.9.0-gpl.tgz) = 2239531 > Index: patches/patch-include_mbedtls_config_h > =================================================================== > RCS file: > /cvs/ports/security/polarssl/patches/patch-include_mbedtls_config_h,v > retrieving revision 1.4 > diff -u -p -r1.4 patch-include_mbedtls_config_h > --- patches/patch-include_mbedtls_config_h 2 Apr 2018 17:16:20 -0000 > 1.4 > +++ patches/patch-include_mbedtls_config_h 14 May 2018 18:48:15 -0000 > @@ -6,7 +6,7 @@ www/hiawatha. > Index: include/mbedtls/config.h > --- include/mbedtls/config.h.orig > +++ include/mbedtls/config.h > -@@ -1458,7 +1458,7 @@ > +@@ -1492,7 +1492,7 @@ > * > * Uncomment this to enable pthread mutexes. > */ > @@ -15,7 +15,7 @@ Index: include/mbedtls/config.h > > /** > * \def MBEDTLS_VERSION_FEATURES > -@@ -2538,7 +2538,7 @@ > +@@ -2572,7 +2572,7 @@ > * > * Enable this layer to allow use of mutexes within mbed TLS > */ > Index: patches/patch-tests_suites_main_test_function > =================================================================== > RCS file: > /cvs/ports/security/polarssl/patches/patch-tests_suites_main_test_function,v > retrieving revision 1.2 > diff -u -p -r1.2 patch-tests_suites_main_test_function > --- patches/patch-tests_suites_main_test_function 6 Feb 2018 10:26:31 > -0000 1.2 > +++ patches/patch-tests_suites_main_test_function 14 May 2018 18:48:15 > -0000 > @@ -5,7 +5,7 @@ XXX can't take the address of stdout > Index: tests/suites/main_test.function > --- tests/suites/main_test.function.orig > +++ tests/suites/main_test.function > -@@ -418,30 +418,7 @@ int main(int argc, const char *argv[]) > +@@ -436,32 +436,7 @@ int main(int argc, const char *argv[]) > { > test_info.failed = 0; > > @@ -18,6 +18,7 @@ Index: tests/suites/main_test.function > - stdout_fd = redirect_output( &stdout, "/dev/null" ); > - if( stdout_fd == -1 ) > - { > +- platform_teardown(); > - /* Redirection has failed with no stdout so exit */ > - exit( 1 ); > - } > @@ -30,6 +31,7 @@ Index: tests/suites/main_test.function > - if( !option_verbose && restore_output( &stdout, stdout_fd ) > ) > - { > - /* Redirection has failed with no stdout so exit */ > +- platform_teardown(); > - exit( 1 ); > - } > -#endif /* __unix__ || __APPLE__ __MACH__ */ > <#secure method=pgpmime mode=sign> -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
