UPDATE security/polarssl

Wed, 19 Sep 2018 09:43:41 -0700 

Enclosed a diff for bringing mbedtls to 2.13.0. This release fixes an
issue in the X.509 module which could lead to a buffer overread during
certificate extensions parsing. Changelog can be found at
https://tls.mbed.org/tech-updates/releases/mbedtls-2.13.0-2.7.6-and-2.1.15-released

libmbedtls requires a bump as a symbol has been removed (and new ones
have been added).

Tested with its consumers, and 'make test' runs successfully (amd64).

Comments/OK?


Index: Makefile
===================================================================
RCS file: /cvs/ports/security/polarssl/Makefile,v
retrieving revision 1.22
diff -u -p -r1.22 Makefile
--- Makefile    8 Aug 2018 12:51:09 -0000       1.22
+++ Makefile    19 Sep 2018 16:37:23 -0000
@@ -2,11 +2,11 @@
 
 COMMENT=       SSL library with an intuitive API and readable source code
 
-DISTNAME=      mbedtls-2.12.0
+DISTNAME=      mbedtls-2.13.0
 EXTRACT_SUFX=  -gpl.tgz
 
 # check SOVERSION
-SHARED_LIBS +=  mbedtls                   4.0 # 11
+SHARED_LIBS +=  mbedtls                   5.0 # 12
 SHARED_LIBS +=  mbedcrypto                3.0 # 3
 SHARED_LIBS +=  mbedx509                  2.0 # 0
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/polarssl/distinfo,v
retrieving revision 1.15
diff -u -p -r1.15 distinfo
--- distinfo    8 Aug 2018 12:51:09 -0000       1.15
+++ distinfo    19 Sep 2018 16:37:23 -0000
@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.12.0-gpl.tgz) = hmHRmolqWnojLtAax/Bc8Ow1FHmPGAdsLJ75ZfvrWig=
-SIZE (mbedtls-2.12.0-gpl.tgz) = 2376449
+SHA256 (mbedtls-2.13.0-gpl.tgz) = oI3fCKrlX8T0j7xigfywi8XFPtU//RU1XuDXXsMrU64=
+SIZE (mbedtls-2.13.0-gpl.tgz) = 2419726
Index: patches/patch-CMakeLists_txt
===================================================================
RCS file: /cvs/ports/security/polarssl/patches/patch-CMakeLists_txt,v
retrieving revision 1.6
diff -u -p -r1.6 patch-CMakeLists_txt
--- patches/patch-CMakeLists_txt        8 Aug 2018 12:51:09 -0000       1.6
+++ patches/patch-CMakeLists_txt        19 Sep 2018 16:37:23 -0000
@@ -2,7 +2,7 @@ $OpenBSD: patch-CMakeLists_txt,v 1.6 201
 Index: CMakeLists.txt
 --- CMakeLists.txt.orig
 +++ CMakeLists.txt
-@@ -107,8 +107,6 @@ if(CMAKE_COMPILER_IS_GNU)
+@@ -108,8 +108,6 @@ if(CMAKE_COMPILER_IS_GNU)
      if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
          set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
      endif()
@@ -11,7 +11,7 @@ Index: CMakeLists.txt
      set(CMAKE_C_FLAGS_COVERAGE    "-O0 -g3 --coverage")
      set(CMAKE_C_FLAGS_ASAN        "-Werror -fsanitize=address -fno-common 
-O3")
      set(CMAKE_C_FLAGS_ASANDBG     "-Werror -fsanitize=address -fno-common -O1 
-g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
-@@ -118,8 +116,6 @@ endif(CMAKE_COMPILER_IS_GNU)
+@@ -119,8 +117,6 @@ endif(CMAKE_COMPILER_IS_GNU)
  
  if(CMAKE_COMPILER_IS_CLANG)
      set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W 
-Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith 
-Wimplicit-fallthrough -Wshadow")
Index: patches/patch-tests_suites_host_test_function
===================================================================
RCS file: patches/patch-tests_suites_host_test_function
diff -N patches/patch-tests_suites_host_test_function
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-tests_suites_host_test_function       19 Sep 2018 16:37:23 
-0000
@@ -0,0 +1,63 @@
+$OpenBSD$
+
+Can't take the address of stdout.
+
+Index: tests/suites/host_test.function
+--- tests/suites/host_test.function.orig
++++ tests/suites/host_test.function
+@@ -400,9 +400,6 @@ int execute_tests( int argc , const char ** argv )
+     /* Store for proccessed integer params. */
+     int int_params[50];
+     void *pointer;
+-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+-    int stdout_fd = -1;
+-#endif /* __unix__ || __APPLE__ __MACH__ */
+ 
+ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+     !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
+@@ -547,20 +544,6 @@ int execute_tests( int argc , const char ** argv )
+             {
+                 test_info.failed = 0;
+ 
+-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+-                /* Suppress all output from the library unless we're verbose
+-                 * mode
+-                 */
+-                if( !option_verbose )
+-                {
+-                    stdout_fd = redirect_output( &stdout, "/dev/null" );
+-                    if( stdout_fd == -1 )
+-                    {
+-                        /* Redirection has failed with no stdout so exit */
+-                        exit( 1 );
+-                    }
+-                }
+-#endif /* __unix__ || __APPLE__ __MACH__ */
+ 
+                 function_id = strtol( params[0], NULL, 10 );
+                 if ( (ret = check_test( function_id )) == 
DISPATCH_TEST_SUCCESS )
+@@ -572,13 +555,6 @@ int execute_tests( int argc , const char ** argv )
+                     }
+                 }
+ 
+-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+-                if( !option_verbose && restore_output( &stdout, stdout_fd ) )
+-                {
+-                        /* Redirection has failed with no stdout so exit */
+-                        exit( 1 );
+-                }
+-#endif /* __unix__ || __APPLE__ __MACH__ */
+ 
+             }
+ 
+@@ -662,10 +638,6 @@ int execute_tests( int argc , const char ** argv )
+     mbedtls_memory_buffer_alloc_free();
+ #endif
+ 
+-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+-    if( stdout_fd != -1 )
+-        close_output( stdout );
+-#endif /* __unix__ || __APPLE__ __MACH__ */
+ 
+     return( total_errors != 0 );
+ }
Index: patches/patch-tests_suites_main_test_function
===================================================================
RCS file: patches/patch-tests_suites_main_test_function
diff -N patches/patch-tests_suites_main_test_function
--- patches/patch-tests_suites_main_test_function       8 Aug 2018 12:51:09 
-0000       1.4
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-$OpenBSD: patch-tests_suites_main_test_function,v 1.4 2018/08/08 12:51:09 bket 
Exp $
-
-XXX can't take the address of stdout
-
-Index: tests/suites/main_test.function
---- tests/suites/main_test.function.orig
-+++ tests/suites/main_test.function
-@@ -447,32 +447,7 @@ int main(int argc, const char *argv[])
-             {
-                 test_info.failed = 0;
- 
--#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
--                /* Suppress all output from the library unless we're verbose
--                 * mode
--                 */
--                if( !option_verbose )
--                {
--                    stdout_fd = redirect_output( &stdout, "/dev/null" );
--                    if( stdout_fd == -1 )
--                    {
--                        platform_teardown();
--                        /* Redirection has failed with no stdout so exit */
--                        exit( 1 );
--                    }
--                }
--#endif /* __unix__ || __APPLE__ __MACH__ */
--
-                 ret = dispatch_test( cnt, params );
--
--#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
--                if( !option_verbose && restore_output( &stdout, stdout_fd ) )
--                {
--                        /* Redirection has failed with no stdout so exit */
--                        platform_teardown();
--                        exit( 1 );
--                }
--#endif /* __unix__ || __APPLE__ __MACH__ */
- 
-             }
-

Reply via email to