Please find enclosed a diff for bringing mbedtls to 2.9.0, which fixes various security issues, and bugs. See https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released
Minor of mbedtls has been bumped as symbols have been added. make test runs successfully on amd64, as do its consumers: - net/openvpn,mbedtls builds, and tests ok - www/hiawatha builds ok Concerning -stable: the minor bump should be harmless (no need to rebuild its only consumer: openvpn,mbedtls). I think it is possible to commit this update. Comments/OK? Index: Makefile =================================================================== RCS file: /cvs/ports/security/polarssl/Makefile,v retrieving revision 1.20 diff -u -p -r1.20 Makefile --- Makefile 2 Apr 2018 17:16:19 -0000 1.20 +++ Makefile 14 May 2018 18:48:15 -0000 @@ -2,13 +2,13 @@ COMMENT= SSL library with an intuitive API and readable source code -DISTNAME= mbedtls-2.8.0 +DISTNAME= mbedtls-2.9.0 EXTRACT_SUFX= -gpl.tgz # check SOVERSION -SHARED_LIBS += mbedtls 3.1 # 2.8 -SHARED_LIBS += mbedcrypto 2.1 # 2.8 -SHARED_LIBS += mbedx509 1.0 # 2.8 +SHARED_LIBS += mbedtls 3.2 # 10 +SHARED_LIBS += mbedcrypto 2.1 # 2 +SHARED_LIBS += mbedx509 1.0 # 0 CATEGORIES= security @@ -17,8 +17,7 @@ HOMEPAGE= https://tls.mbed.org/ # Dual licensed: GPLv2+/Commercial, Apache v2 is also available PERMIT_PACKAGE_CDROM= Yes -# libssl/libcrypto are used for polarssl_o_p_test only -WANTLIB += c pthread +WANTLIB= c pthread MASTER_SITES= https://tls.mbed.org/download/ Index: distinfo =================================================================== RCS file: /cvs/ports/security/polarssl/distinfo,v retrieving revision 1.13 diff -u -p -r1.13 distinfo --- distinfo 2 Apr 2018 17:16:19 -0000 1.13 +++ distinfo 14 May 2018 18:48:15 -0000 @@ -1,2 +1,2 @@ -SHA256 (mbedtls-2.8.0-gpl.tgz) = ZJ6ycYcVRZDt2lKUOn9GjnQOwIgH5b9o/0X06P/WiSM= -SIZE (mbedtls-2.8.0-gpl.tgz) = 2121103 +SHA256 (mbedtls-2.9.0-gpl.tgz) = Nhg30NjU4XisUeoaTqz7wMV+o8r7Rg/WtGofQiOk4VE= +SIZE (mbedtls-2.9.0-gpl.tgz) = 2239531 Index: patches/patch-include_mbedtls_config_h =================================================================== RCS file: /cvs/ports/security/polarssl/patches/patch-include_mbedtls_config_h,v retrieving revision 1.4 diff -u -p -r1.4 patch-include_mbedtls_config_h --- patches/patch-include_mbedtls_config_h 2 Apr 2018 17:16:20 -0000 1.4 +++ patches/patch-include_mbedtls_config_h 14 May 2018 18:48:15 -0000 @@ -6,7 +6,7 @@ www/hiawatha. Index: include/mbedtls/config.h --- include/mbedtls/config.h.orig +++ include/mbedtls/config.h -@@ -1458,7 +1458,7 @@ +@@ -1492,7 +1492,7 @@ * * Uncomment this to enable pthread mutexes. */ @@ -15,7 +15,7 @@ Index: include/mbedtls/config.h /** * \def MBEDTLS_VERSION_FEATURES -@@ -2538,7 +2538,7 @@ +@@ -2572,7 +2572,7 @@ * * Enable this layer to allow use of mutexes within mbed TLS */ Index: patches/patch-tests_suites_main_test_function =================================================================== RCS file: /cvs/ports/security/polarssl/patches/patch-tests_suites_main_test_function,v retrieving revision 1.2 diff -u -p -r1.2 patch-tests_suites_main_test_function --- patches/patch-tests_suites_main_test_function 6 Feb 2018 10:26:31 -0000 1.2 +++ patches/patch-tests_suites_main_test_function 14 May 2018 18:48:15 -0000 @@ -5,7 +5,7 @@ XXX can't take the address of stdout Index: tests/suites/main_test.function --- tests/suites/main_test.function.orig +++ tests/suites/main_test.function -@@ -418,30 +418,7 @@ int main(int argc, const char *argv[]) +@@ -436,32 +436,7 @@ int main(int argc, const char *argv[]) { test_info.failed = 0; @@ -18,6 +18,7 @@ Index: tests/suites/main_test.function - stdout_fd = redirect_output( &stdout, "/dev/null" ); - if( stdout_fd == -1 ) - { +- platform_teardown(); - /* Redirection has failed with no stdout so exit */ - exit( 1 ); - } @@ -30,6 +31,7 @@ Index: tests/suites/main_test.function - if( !option_verbose && restore_output( &stdout, stdout_fd ) ) - { - /* Redirection has failed with no stdout so exit */ +- platform_teardown(); - exit( 1 ); - } -#endif /* __unix__ || __APPLE__ __MACH__ */
