On Fri, Dec 07 2018, Björn Ketelaars <bjorn.ketela...@hydroxide.nl> wrote: > Diff below brings mbedtls to 2.14.1, which fixes CVE-2018-19608. > Overview on changes can be found at > https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released > > Minor of mbedcrypto has been bumped as symbols have been added. > > make test runs successfully on amd64. Build tested its consumers, and > lightly tested with net/openvpn,mbedtls. > > OK?
ok jca@ > > diff --git Makefile Makefile > index 2003be6c7a8..f5b20abbb8b 100644 > --- Makefile > +++ Makefile > @@ -2,12 +2,12 @@ > > COMMENT= SSL library with an intuitive API and readable source code > > -DISTNAME= mbedtls-2.14.0 > +DISTNAME= mbedtls-2.14.1 > EXTRACT_SUFX= -gpl.tgz > > # check SOVERSION > SHARED_LIBS += mbedtls 6.0 # 12 > -SHARED_LIBS += mbedcrypto 4.0 # 3 > +SHARED_LIBS += mbedcrypto 4.1 # 3 > SHARED_LIBS += mbedx509 3.0 # 0 > > CATEGORIES= security > diff --git distinfo distinfo > index 2712310e561..9b91233d01d 100644 > --- distinfo > +++ distinfo > @@ -1,2 +1,2 @@ > -SHA256 (mbedtls-2.14.0-gpl.tgz) = > fGLsAqV348ygHujNFh4eNpU3cUoUjvqv55iHudlVppE= > -SIZE (mbedtls-2.14.0-gpl.tgz) = 2471418 > +SHA256 (mbedtls-2.14.1-gpl.tgz) = > uqESGVJ4b1ssZsUiJqjKDgUSbekg0XViZlUd9neRW34= > +SIZE (mbedtls-2.14.1-gpl.tgz) = 2477521 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
