pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/mbedtls1 Update security/mbedtls1 to 1.3.17



details:   https://anonhg.NetBSD.org/pkgsrc/rev/3e85ae3f22b9
branches:  trunk
changeset: 352467:3e85ae3f22b9
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Thu Sep 15 10:48:01 2016 +0000

description:
Update security/mbedtls1 to 1.3.17

Security
- Fixed missing padding length check required by PKCS1 v2.2 in
  mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact)
- Fixed potential integer overflow to buffer overflow in
  mbedtls_rsa_rsaes_pkcs1_v15_encrypt() and
  mbedtls_rsa_rsaes_oaep_encrypt(). (not triggerable remotely in
  (D)TLS).
- Fixed potential integer underflow to buffer overread in
  mbedtls_rsa_rsaes_oaep_decrypt(). It is not triggerable remotely
in SSL/TLS.

Bugfix
- Fixed bug in mbedtls_mpi_add_mpi() that caused wrong results
  when the three arguments were the same (in-place doubling). #309
- Fixed issue in Makefile that prevented building using armar.
  #386
- Fixed issue that caused a hang when generating RSA keys of odd
  bitlength.
- Fixed bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt() that made
  null pointer dereference possible.
- Fixed issue that caused a crash if invalid curves were passed to
  mbedtls_ssl_conf_curves(). #373

Changes
- On ARM platforms, when compiling with -O0 with GCC, Clang or
  armcc5, don't use the optimized assembly for bignum
  multiplication. This removes the need to pass -fomit-frame-pointer
  to avoid a build error with -O0.
- Disabled SSLv3 in the default configuration.

diffstat:

 security/mbedtls1/Makefile                       |   5 ++---
 security/mbedtls1/distinfo                       |  12 ++++++------
 security/mbedtls1/patches/patch-library_Makefile |   8 ++++----
 3 files changed, 12 insertions(+), 13 deletions(-)

diffs (56 lines):

diff -r a2a17f8d1a66 -r 3e85ae3f22b9 security/mbedtls1/Makefile
--- a/security/mbedtls1/Makefile        Thu Sep 15 09:28:48 2016 +0000
+++ b/security/mbedtls1/Makefile        Thu Sep 15 10:48:01 2016 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2016/07/09 06:38:55 wiz Exp $
+# $NetBSD: Makefile,v 1.3 2016/09/15 10:48:01 fhajny Exp $
 #
 
-DISTNAME=              mbedtls-1.3.16-gpl
+DISTNAME=              mbedtls-1.3.17-gpl
 PKGNAME=               ${DISTNAME:-gpl=}
-PKGREVISION=           1
 CATEGORIES=            security devel
 MASTER_SITES=          https://tls.mbed.org/download/
 EXTRACT_SUFX=          .tgz
diff -r a2a17f8d1a66 -r 3e85ae3f22b9 security/mbedtls1/distinfo
--- a/security/mbedtls1/distinfo        Thu Sep 15 09:28:48 2016 +0000
+++ b/security/mbedtls1/distinfo        Thu Sep 15 10:48:01 2016 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.1 2016/06/16 09:21:11 fhajny Exp $
+$NetBSD: distinfo,v 1.2 2016/09/15 10:48:01 fhajny Exp $
 
-SHA1 (mbedtls-1.3.16-gpl.tgz) = 775486e7af1112bbc623f122353e48cb3a8f76a9
-RMD160 (mbedtls-1.3.16-gpl.tgz) = a82c58eaed15940c77fa1d84911ba433e351c7d1
-SHA512 (mbedtls-1.3.16-gpl.tgz) = bf21e7ece8f609e80fd5f5b1af7f4da1d76e4d38e03cb5a57c9398e43b3186c68f258cceb64ec2f5d0959401956666f77de01cab921a61a9805ca688c61467a1
-Size (mbedtls-1.3.16-gpl.tgz) = 1760112 bytes
+SHA1 (mbedtls-1.3.17-gpl.tgz) = f6e6d0e08e4425e0cbd141dd007541fedfff2a3e
+RMD160 (mbedtls-1.3.17-gpl.tgz) = e923a83cc73a3f9a0e529921394417e60dbf5df8
+SHA512 (mbedtls-1.3.17-gpl.tgz) = d8ca5c0f5550c9384b5ec9602aca314f6b95b8d320017217f6a66fee5e25989dc8ef8aeb046e887a478b12e0df879a3399a4ab99fc21b091888f30ab1ad2b2ea
+Size (mbedtls-1.3.17-gpl.tgz) = 1766596 bytes
 SHA1 (patch-Makefile) = 80698e16a397133de134ab582016b9e91ad652f0
-SHA1 (patch-library_Makefile) = 551854fbdd91ae180f1d5408869a556ff0c39d1a
+SHA1 (patch-library_Makefile) = a3dcd83fb1cc74f59745f2168f14926c077a5289
 SHA1 (patch-programs_test_CMakeLists.txt) = 94ce731d81f1584c406e3b295c84fd6a5c327a50
diff -r a2a17f8d1a66 -r 3e85ae3f22b9 security/mbedtls1/patches/patch-library_Makefile
--- a/security/mbedtls1/patches/patch-library_Makefile  Thu Sep 15 09:28:48 2016 +0000
+++ b/security/mbedtls1/patches/patch-library_Makefile  Thu Sep 15 10:48:01 2016 +0000
@@ -1,14 +1,14 @@
-$NetBSD: patch-library_Makefile,v 1.1 2016/06/16 09:21:11 fhajny Exp $
+$NetBSD: patch-library_Makefile,v 1.2 2016/09/15 10:48:01 fhajny Exp $
 
 Call ranlib instead of non-portable 'ar s'.
 
---- library/Makefile.orig      2015-06-04 12:49:19.000000000 +0000
+--- library/Makefile.orig      2016-06-27 19:00:26.000000000 +0000
 +++ library/Makefile
 @@ -95,7 +95,7 @@ libmbedtls.a: $(OBJS)
        echo "  AR    $@"
-       $(AR) rc $@ $(OBJS)
+       $(AR) -rc $@ $(OBJS)
        echo "  RL    $@"
--      $(AR) s $@
+-      $(AR) -s $@
 +      $(RANLIB) $@
  
  libpolarssl.$(DLEXT): libmbedtls.$(DLEXT)



Home | Main Index | Thread Index | Old Index