UPDATE security/polarssl-2.16.6

Tue, 14 Apr 2020 22:42:27 -0700 

Diff below brings mbedtls (security/polarssl) to 2.16.6, which fixes a
security issue that allowed an adversary with access to precise enough
timing and memory access information (typically an untrusted operating
system attacking a secure enclave) to fully recover an ECDSA private key
(CVE-2020-10932).

Regress tests pass on amd64.

I think it makes sense to bring this update to STABLE as well.

Comments/OK?


diff --git Makefile Makefile
index c76a52dcb57..6366638bbbb 100644
--- Makefile
+++ Makefile
@@ -4,7 +4,7 @@ PORTROACH=      limit:^2\.16
 
 COMMENT=       SSL library with an intuitive API and readable source code
 
-DISTNAME=      mbedtls-2.16.5
+DISTNAME=      mbedtls-2.16.6
 EXTRACT_SUFX=  -gpl.tgz
 
 # check SOVERSION
diff --git distinfo distinfo
index 24daf848989..44df8d00d6f 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.16.5-gpl.tgz) = br3qZWXHFPExW5r2qAKvtLTomXb31dKxWqgCjrUufQk=
-SIZE (mbedtls-2.16.5-gpl.tgz) = 2702325
+SHA256 (mbedtls-2.16.6-gpl.tgz) = gKSE30LzLb6VZlzUsYzg3RS2xn39Vh020UdYAuQes+0=
+SIZE (mbedtls-2.16.6-gpl.tgz) = 2706375
diff --git patches/patch-tests_suites_host_test_function 
patches/patch-tests_suites_host_test_function
index d73eafe1687..52f279532b2 100644
--- patches/patch-tests_suites_host_test_function
+++ patches/patch-tests_suites_host_test_function
@@ -15,7 +15,7 @@ Index: tests/suites/host_test.function
  
  #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
      !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
-@@ -549,20 +546,6 @@ int execute_tests( int argc , const char ** argv )
+@@ -537,20 +534,6 @@ int execute_tests( int argc , const char ** argv )
                  test_info.result = TEST_RESULT_SUCCESS;
                  test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE;
  
@@ -36,7 +36,7 @@ Index: tests/suites/host_test.function
  
                  function_id = strtol( params[0], NULL, 10 );
                  if ( (ret = check_test( function_id )) == 
DISPATCH_TEST_SUCCESS )
-@@ -574,13 +557,6 @@ int execute_tests( int argc , const char ** argv )
+@@ -562,13 +545,6 @@ int execute_tests( int argc , const char ** argv )
                      }
                  }
  
@@ -50,7 +50,7 @@ Index: tests/suites/host_test.function
  
              }
  
-@@ -669,10 +645,6 @@ int execute_tests( int argc , const char ** argv )
+@@ -652,10 +628,6 @@ int execute_tests( int argc , const char ** argv )
      mbedtls_memory_buffer_alloc_free();
  #endif

Reply via email to