Here's an update to the latest version, tested on amd64. make test passes. Some symbols aren't exported any more in all three libraries, hence the major bump. Also a patch is needed to build the test suite, I took the simple approach. In the end libc may be a better place to fix this.
I'd like to push this in before enabling the mbedtls flavor in net/openvpn. It looks like some of the changes in this update could warrant a backport of some security fixes, I did not investigate this. Volunteers welcome. juanfra, any opinion? ok? Index: Makefile =================================================================== RCS file: /d/cvs/ports/security/polarssl/Makefile,v retrieving revision 1.17 diff -u -p -r1.17 Makefile --- Makefile 18 Oct 2017 19:11:40 -0000 1.17 +++ Makefile 19 Oct 2017 07:49:49 -0000 @@ -2,22 +2,19 @@ COMMENT= SSL library with an intuitive API and readable source code -DISTNAME= mbedtls-2.2.1 -REVISION= 1 +DISTNAME= mbedtls-2.6.0 EXTRACT_SUFX= -gpl.tgz # check SOVERSION -SHARED_LIBS += mbedtls 2.1 -SHARED_LIBS += mbedcrypto 0.0 # 2.1 -SHARED_LIBS += mbedx509 0.0 # 2.1 +SHARED_LIBS += mbedtls 3.0 # 2.6 +SHARED_LIBS += mbedcrypto 1.0 # 2.6 +SHARED_LIBS += mbedx509 1.0 # 2.6 CATEGORIES= security HOMEPAGE= https://tls.mbed.org/ -# Dual licensed: GPLv2+/Commercial -# name changed from PolarSSL to mbed TLS after the ARM acquisition and a -# future update will change the license to Apache. +# Dual licensed: GPLv2+/Commercial, Apache v2 is available too PERMIT_PACKAGE_CDROM= Yes # libssl/libcrypto are used for polarssl_o_p_test only Index: distinfo =================================================================== RCS file: /d/cvs/ports/security/polarssl/distinfo,v retrieving revision 1.10 diff -u -p -r1.10 distinfo --- distinfo 6 Jan 2016 10:59:59 -0000 1.10 +++ distinfo 19 Oct 2017 07:32:44 -0000 @@ -1,2 +1,2 @@ -SHA256 (mbedtls-2.2.1-gpl.tgz) = uxv/o6xasUO+Kq49RaepKzYRKIjvRlAk2Dckhl/mKXQ= -SIZE (mbedtls-2.2.1-gpl.tgz) = 1848038 +SHA256 (mbedtls-2.6.0-gpl.tgz) = qZlZ1zYN7yL5EI0tSHyd44T+dsNJaXF2sfIjcAgNWBA= +SIZE (mbedtls-2.6.0-gpl.tgz) = 1958070 Index: patches/patch-CMakeLists_txt =================================================================== RCS file: /d/cvs/ports/security/polarssl/patches/patch-CMakeLists_txt,v retrieving revision 1.4 diff -u -p -r1.4 patch-CMakeLists_txt --- patches/patch-CMakeLists_txt 12 Sep 2015 20:30:00 -0000 1.4 +++ patches/patch-CMakeLists_txt 19 Oct 2017 07:32:44 -0000 @@ -1,7 +1,8 @@ $OpenBSD: patch-CMakeLists_txt,v 1.4 2015/09/12 20:30:00 sthen Exp $ ---- CMakeLists.txt.orig Fri Sep 4 13:38:26 2015 -+++ CMakeLists.txt Tue Sep 8 20:19:54 2015 -@@ -32,7 +32,6 @@ if(CMAKE_COMPILER_IS_GNUCC) +Index: CMakeLists.txt +--- CMakeLists.txt.orig ++++ CMakeLists.txt +@@ -70,7 +70,6 @@ if(CMAKE_COMPILER_IS_GNUCC) if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") endif() @@ -9,7 +10,7 @@ $OpenBSD: patch-CMakeLists_txt,v 1.4 201 set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3") -@@ -43,7 +42,6 @@ endif(CMAKE_COMPILER_IS_GNUCC) +@@ -81,7 +80,6 @@ endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow") Index: patches/patch-include_mbedtls_config_h =================================================================== RCS file: /d/cvs/ports/security/polarssl/patches/patch-include_mbedtls_config_h,v retrieving revision 1.1 diff -u -p -r1.1 patch-include_mbedtls_config_h --- patches/patch-include_mbedtls_config_h 27 Aug 2016 07:46:50 -0000 1.1 +++ patches/patch-include_mbedtls_config_h 19 Oct 2017 07:32:44 -0000 @@ -3,9 +3,10 @@ $OpenBSD: patch-include_mbedtls_config_h MBEDTLS_THREADING_PTHREAD and MBEDTLS_THREADING_C are required by www/hiawatha. ---- include/mbedtls/config.h.orig Sat Aug 27 03:17:22 2016 -+++ include/mbedtls/config.h Sat Aug 27 03:18:03 2016 -@@ -1246,7 +1246,7 @@ +Index: include/mbedtls/config.h +--- include/mbedtls/config.h.orig ++++ include/mbedtls/config.h +@@ -1385,7 +1385,7 @@ * * Uncomment this to enable pthread mutexes. */ @@ -14,7 +15,7 @@ www/hiawatha. /** * \def MBEDTLS_VERSION_FEATURES -@@ -2261,7 +2261,7 @@ +@@ -2423,7 +2423,7 @@ * * Enable this layer to allow use of mutexes within mbed TLS */ Index: patches/patch-tests_suites_main_test_function =================================================================== RCS file: patches/patch-tests_suites_main_test_function diff -N patches/patch-tests_suites_main_test_function --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-tests_suites_main_test_function 19 Oct 2017 07:37:09 -0000 @@ -0,0 +1,40 @@ +$OpenBSD$ + +XXX can't take the address of stdout + +Index: tests/suites/main_test.function +--- tests/suites/main_test.function.orig ++++ tests/suites/main_test.function +@@ -401,32 +401,7 @@ int main(int argc, const char *argv[]) + if( unmet_dep_count == 0 ) + { + test_errors = 0; +- +-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +- /* Suppress all output from the library unless we're verbose +- * mode +- */ +- if( !option_verbose ) +- { +- stdout_fd = redirect_output( &stdout, "/dev/null" ); +- if( stdout_fd == -1 ) +- { +- /* Redirection has failed with no stdout so exit */ +- exit( 1 ); +- } +- } +-#endif /* __unix__ || __APPLE__ __MACH__ */ +- + ret = dispatch_test( cnt, params ); +- +-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) +- if( !option_verbose && restore_output( &stdout, stdout_fd ) ) +- { +- /* Redirection has failed with no stdout so exit */ +- exit( 1 ); +- } +-#endif /* __unix__ || __APPLE__ __MACH__ */ +- + } + + if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) Index: pkg/PLIST =================================================================== RCS file: /d/cvs/ports/security/polarssl/pkg/PLIST,v retrieving revision 1.9 diff -u -p -r1.9 PLIST --- pkg/PLIST 11 Nov 2015 21:01:44 -0000 1.9 +++ pkg/PLIST 19 Oct 2017 07:32:44 -0000 @@ -16,6 +16,7 @@ include/mbedtls/certs.h include/mbedtls/check_config.h include/mbedtls/cipher.h include/mbedtls/cipher_internal.h +include/mbedtls/cmac.h include/mbedtls/compat-1.3.h include/mbedtls/config.h include/mbedtls/ctr_drbg.h @@ -26,6 +27,7 @@ include/mbedtls/ecdh.h include/mbedtls/ecdsa.h include/mbedtls/ecjpake.h include/mbedtls/ecp.h +include/mbedtls/ecp_internal.h include/mbedtls/entropy.h include/mbedtls/entropy_poll.h include/mbedtls/error.h @@ -39,6 +41,7 @@ include/mbedtls/md5.h include/mbedtls/md_internal.h include/mbedtls/memory_buffer_alloc.h include/mbedtls/net.h +include/mbedtls/net_sockets.h include/mbedtls/oid.h include/mbedtls/padlock.h include/mbedtls/pem.h @@ -48,6 +51,7 @@ include/mbedtls/pkcs11.h include/mbedtls/pkcs12.h include/mbedtls/pkcs5.h include/mbedtls/platform.h +include/mbedtls/platform_time.h include/mbedtls/ripemd160.h include/mbedtls/rsa.h include/mbedtls/sha1.h -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
