A new version of polarssl is available (2.12.0), which addresses 2 vulnerabilities in the TLS ciphersuites (CVE-2018-0497 and CVE-2018-0498).
This version also adds several new features as indicated on https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released and https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released Major number of all SHARED_LIBS have been bumped as symbols have been removed from each library. OK? Index: Makefile =================================================================== RCS file: /cvs/ports/security/polarssl/Makefile,v retrieving revision 1.21 diff -u -p -r1.21 Makefile --- Makefile 15 May 2018 17:39:19 -0000 1.21 +++ Makefile 7 Aug 2018 10:07:00 -0000 @@ -2,13 +2,13 @@ COMMENT= SSL library with an intuitive API and readable source code -DISTNAME= mbedtls-2.9.0 +DISTNAME= mbedtls-2.12.0 EXTRACT_SUFX= -gpl.tgz # check SOVERSION -SHARED_LIBS += mbedtls 3.2 # 10 -SHARED_LIBS += mbedcrypto 2.1 # 2 -SHARED_LIBS += mbedx509 1.0 # 0 +SHARED_LIBS += mbedtls 4.0 # 11 +SHARED_LIBS += mbedcrypto 3.0 # 3 +SHARED_LIBS += mbedx509 2.0 # 0 CATEGORIES= security Index: distinfo =================================================================== RCS file: /cvs/ports/security/polarssl/distinfo,v retrieving revision 1.14 diff -u -p -r1.14 distinfo --- distinfo 15 May 2018 17:39:19 -0000 1.14 +++ distinfo 7 Aug 2018 10:07:00 -0000 @@ -1,2 +1,2 @@ -SHA256 (mbedtls-2.9.0-gpl.tgz) = Nhg30NjU4XisUeoaTqz7wMV+o8r7Rg/WtGofQiOk4VE= -SIZE (mbedtls-2.9.0-gpl.tgz) = 2239531 +SHA256 (mbedtls-2.12.0-gpl.tgz) = hmHRmolqWnojLtAax/Bc8Ow1FHmPGAdsLJ75ZfvrWig= +SIZE (mbedtls-2.12.0-gpl.tgz) = 2376449 Index: patches/patch-CMakeLists_txt =================================================================== RCS file: /cvs/ports/security/polarssl/patches/patch-CMakeLists_txt,v retrieving revision 1.5 diff -u -p -r1.5 patch-CMakeLists_txt --- patches/patch-CMakeLists_txt 21 Oct 2017 00:47:52 -0000 1.5 +++ patches/patch-CMakeLists_txt 7 Aug 2018 10:07:00 -0000 @@ -2,7 +2,7 @@ $OpenBSD: patch-CMakeLists_txt,v 1.5 201 Index: CMakeLists.txt --- CMakeLists.txt.orig +++ CMakeLists.txt -@@ -70,8 +70,6 @@ if(CMAKE_COMPILER_IS_GNUCC) +@@ -107,8 +107,6 @@ if(CMAKE_COMPILER_IS_GNU) if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") endif() @@ -11,12 +11,12 @@ Index: CMakeLists.txt set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3") set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ") -@@ -81,8 +79,6 @@ endif(CMAKE_COMPILER_IS_GNUCC) +@@ -118,8 +116,6 @@ endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow") - set(CMAKE_C_FLAGS_RELEASE "-O2") - set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") - set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3") - set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ") + set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") + set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ") Index: patches/patch-include_mbedtls_config_h =================================================================== RCS file: /cvs/ports/security/polarssl/patches/patch-include_mbedtls_config_h,v retrieving revision 1.5 diff -u -p -r1.5 patch-include_mbedtls_config_h --- patches/patch-include_mbedtls_config_h 15 May 2018 17:39:19 -0000 1.5 +++ patches/patch-include_mbedtls_config_h 7 Aug 2018 10:07:00 -0000 @@ -6,7 +6,7 @@ www/hiawatha. Index: include/mbedtls/config.h --- include/mbedtls/config.h.orig +++ include/mbedtls/config.h -@@ -1492,7 +1492,7 @@ +@@ -1549,7 +1549,7 @@ * * Uncomment this to enable pthread mutexes. */ @@ -15,7 +15,7 @@ Index: include/mbedtls/config.h /** * \def MBEDTLS_VERSION_FEATURES -@@ -2572,7 +2572,7 @@ +@@ -2739,7 +2739,7 @@ * * Enable this layer to allow use of mutexes within mbed TLS */ Index: patches/patch-tests_suites_main_test_function =================================================================== RCS file: /cvs/ports/security/polarssl/patches/patch-tests_suites_main_test_function,v retrieving revision 1.3 diff -u -p -r1.3 patch-tests_suites_main_test_function --- patches/patch-tests_suites_main_test_function 15 May 2018 17:39:19 -0000 1.3 +++ patches/patch-tests_suites_main_test_function 7 Aug 2018 10:07:00 -0000 @@ -5,7 +5,7 @@ XXX can't take the address of stdout Index: tests/suites/main_test.function --- tests/suites/main_test.function.orig +++ tests/suites/main_test.function -@@ -436,32 +436,7 @@ int main(int argc, const char *argv[]) +@@ -447,32 +447,7 @@ int main(int argc, const char *argv[]) { test_info.failed = 0; Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/polarssl/pkg/PLIST,v retrieving revision 1.11 diff -u -p -r1.11 PLIST --- pkg/PLIST 6 Feb 2018 10:26:31 -0000 1.11 +++ pkg/PLIST 7 Aug 2018 10:07:00 -0000 @@ -4,6 +4,7 @@ include/mbedtls/ include/mbedtls/aes.h include/mbedtls/aesni.h include/mbedtls/arc4.h +include/mbedtls/aria.h include/mbedtls/asn1.h include/mbedtls/asn1write.h include/mbedtls/base64.h @@ -13,6 +14,8 @@ include/mbedtls/bn_mul.h include/mbedtls/camellia.h include/mbedtls/ccm.h include/mbedtls/certs.h +include/mbedtls/chacha20.h +include/mbedtls/chachapoly.h include/mbedtls/check_config.h include/mbedtls/cipher.h include/mbedtls/cipher_internal.h @@ -33,6 +36,7 @@ include/mbedtls/entropy_poll.h include/mbedtls/error.h include/mbedtls/gcm.h include/mbedtls/havege.h +include/mbedtls/hkdf.h include/mbedtls/hmac_drbg.h include/mbedtls/md.h include/mbedtls/md2.h @@ -42,6 +46,7 @@ include/mbedtls/md_internal.h include/mbedtls/memory_buffer_alloc.h include/mbedtls/net.h include/mbedtls/net_sockets.h +include/mbedtls/nist_kw.h include/mbedtls/oid.h include/mbedtls/padlock.h include/mbedtls/pem.h @@ -52,6 +57,8 @@ include/mbedtls/pkcs12.h include/mbedtls/pkcs5.h include/mbedtls/platform.h include/mbedtls/platform_time.h +include/mbedtls/platform_util.h +include/mbedtls/poly1305.h include/mbedtls/ripemd160.h include/mbedtls/rsa.h include/mbedtls/rsa_internal.h
