UPDATE mbedtls-2.16.4

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

UPDATE mbedtls-2.16.4

Bjorn Ketelaars
mbedtls-2.16.4 has been released, which fixes a side channel attack on
ECDSA (CVE-2019-18222). More information can be found at
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released

Changes to port:
- Minor of mbedcrypto has been bumped as a symbol has been added.

Testing:
- 'make test' runs successfully
- build tested all consumers
- run tested in combination with openvpn,mbedtls

I also tested this update on current.

OK to push this update to both snapshot and current?


diff --git Makefile Makefile
index 497dcde0b01..ba301feb7f1 100644
--- Makefile
+++ Makefile
@@ -4,12 +4,12 @@ PORTROACH= limit:^2\.16
 
 COMMENT= SSL library with an intuitive API and readable source code
 
-DISTNAME= mbedtls-2.16.3
+DISTNAME= mbedtls-2.16.4
 EXTRACT_SUFX= -gpl.tgz
 
 # check SOVERSION
 SHARED_LIBS +=  mbedtls                   6.1 # 12
-SHARED_LIBS +=  mbedcrypto                4.3 # 3
+SHARED_LIBS +=  mbedcrypto                4.4 # 3
 SHARED_LIBS +=  mbedx509                  3.1 # 0
 
 CATEGORIES= security
diff --git distinfo distinfo
index d8a902b3eb9..258fc934363 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.16.3-gpl.tgz) = /QH+SyiRFt93gdBeHvcStsmII8UzT0onQE8TqNBm72o=
-SIZE (mbedtls-2.16.3-gpl.tgz) = 2560598
+SHA256 (mbedtls-2.16.4-gpl.tgz) = X9ucQ6tD/ZvMNjFQgXCwie3nuG3WVSU6k8sP/rQjCfM=
+SIZE (mbedtls-2.16.4-gpl.tgz) = 2699806
diff --git patches/patch-include_mbedtls_config_h patches/patch-include_mbedtls_config_h
index 3dc01becdf9..68e6102944f 100644
--- patches/patch-include_mbedtls_config_h
+++ patches/patch-include_mbedtls_config_h
@@ -6,7 +6,7 @@ www/hiawatha.
 Index: include/mbedtls/config.h
 --- include/mbedtls/config.h.orig
 +++ include/mbedtls/config.h
-@@ -1678,7 +1678,7 @@
+@@ -1685,7 +1685,7 @@
   *
   * Uncomment this to enable pthread mutexes.
   */
@@ -15,7 +15,7 @@ Index: include/mbedtls/config.h
 
  /**
   * \def MBEDTLS_VERSION_FEATURES
-@@ -2870,7 +2870,7 @@
+@@ -2881,7 +2881,7 @@
   *
   * Enable this layer to allow use of mutexes within mbed TLS
   */

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE mbedtls-2.16.4

Bjorn Ketelaars
On Thu 16/01/2020 07:22, Bjorn Ketelaars wrote:

> mbedtls-2.16.4 has been released, which fixes a side channel attack on
> ECDSA (CVE-2019-18222). More information can be found at
> https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
>
> Changes to port:
> - Minor of mbedcrypto has been bumped as a symbol has been added.
>
> Testing:
> - 'make test' runs successfully
> - build tested all consumers
> - run tested in combination with openvpn,mbedtls
>
> I also tested this update on current.
>
> OK to push this update to both snapshot and current?

Ping...

For your convenience:


diff --git Makefile Makefile
index 497dcde0b01..ba301feb7f1 100644
--- Makefile
+++ Makefile
@@ -4,12 +4,12 @@ PORTROACH= limit:^2\.16
 
 COMMENT= SSL library with an intuitive API and readable source code
 
-DISTNAME= mbedtls-2.16.3
+DISTNAME= mbedtls-2.16.4
 EXTRACT_SUFX= -gpl.tgz
 
 # check SOVERSION
 SHARED_LIBS +=  mbedtls                   6.1 # 12
-SHARED_LIBS +=  mbedcrypto                4.3 # 3
+SHARED_LIBS +=  mbedcrypto                4.4 # 3
 SHARED_LIBS +=  mbedx509                  3.1 # 0
 
 CATEGORIES= security
diff --git distinfo distinfo
index d8a902b3eb9..258fc934363 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.16.3-gpl.tgz) = /QH+SyiRFt93gdBeHvcStsmII8UzT0onQE8TqNBm72o=
-SIZE (mbedtls-2.16.3-gpl.tgz) = 2560598
+SHA256 (mbedtls-2.16.4-gpl.tgz) = X9ucQ6tD/ZvMNjFQgXCwie3nuG3WVSU6k8sP/rQjCfM=
+SIZE (mbedtls-2.16.4-gpl.tgz) = 2699806
diff --git patches/patch-include_mbedtls_config_h patches/patch-include_mbedtls_config_h
index 3dc01becdf9..68e6102944f 100644
--- patches/patch-include_mbedtls_config_h
+++ patches/patch-include_mbedtls_config_h
@@ -6,7 +6,7 @@ www/hiawatha.
 Index: include/mbedtls/config.h
 --- include/mbedtls/config.h.orig
 +++ include/mbedtls/config.h
-@@ -1678,7 +1678,7 @@
+@@ -1685,7 +1685,7 @@
   *
   * Uncomment this to enable pthread mutexes.
   */
@@ -15,7 +15,7 @@ Index: include/mbedtls/config.h
 
  /**
   * \def MBEDTLS_VERSION_FEATURES
-@@ -2870,7 +2870,7 @@
+@@ -2881,7 +2881,7 @@
   *
   * Enable this layer to allow use of mutexes within mbed TLS
   */

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE mbedtls-2.16.4

Bjorn Ketelaars
On Thu 23/01/2020 05:38, Bjorn Ketelaars wrote:

> On Thu 16/01/2020 07:22, Bjorn Ketelaars wrote:
> > mbedtls-2.16.4 has been released, which fixes a side channel attack on
> > ECDSA (CVE-2019-18222). More information can be found at
> > https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
> >
> > Changes to port:
> > - Minor of mbedcrypto has been bumped as a symbol has been added.
> >
> > Testing:
> > - 'make test' runs successfully
> > - build tested all consumers
> > - run tested in combination with openvpn,mbedtls
> >
> > I also tested this update on current.
> >
> > OK to push this update to both snapshot and current?
>
> Ping...
>


Another ping...

For your convenience:


diff --git Makefile Makefile
index 497dcde0b01..ba301feb7f1 100644
--- Makefile
+++ Makefile
@@ -4,12 +4,12 @@ PORTROACH= limit:^2\.16
 
 COMMENT= SSL library with an intuitive API and readable source code
 
-DISTNAME= mbedtls-2.16.3
+DISTNAME= mbedtls-2.16.4
 EXTRACT_SUFX= -gpl.tgz
 
 # check SOVERSION
 SHARED_LIBS +=  mbedtls                   6.1 # 12
-SHARED_LIBS +=  mbedcrypto                4.3 # 3
+SHARED_LIBS +=  mbedcrypto                4.4 # 3
 SHARED_LIBS +=  mbedx509                  3.1 # 0
 
 CATEGORIES= security
diff --git distinfo distinfo
index d8a902b3eb9..258fc934363 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.16.3-gpl.tgz) = /QH+SyiRFt93gdBeHvcStsmII8UzT0onQE8TqNBm72o=
-SIZE (mbedtls-2.16.3-gpl.tgz) = 2560598
+SHA256 (mbedtls-2.16.4-gpl.tgz) = X9ucQ6tD/ZvMNjFQgXCwie3nuG3WVSU6k8sP/rQjCfM=
+SIZE (mbedtls-2.16.4-gpl.tgz) = 2699806
diff --git patches/patch-include_mbedtls_config_h patches/patch-include_mbedtls_config_h
index 3dc01becdf9..68e6102944f 100644
--- patches/patch-include_mbedtls_config_h
+++ patches/patch-include_mbedtls_config_h
@@ -6,7 +6,7 @@ www/hiawatha.
 Index: include/mbedtls/config.h
 --- include/mbedtls/config.h.orig
 +++ include/mbedtls/config.h
-@@ -1678,7 +1678,7 @@
+@@ -1685,7 +1685,7 @@
   *
   * Uncomment this to enable pthread mutexes.
   */
@@ -15,7 +15,7 @@ Index: include/mbedtls/config.h
 
  /**
   * \def MBEDTLS_VERSION_FEATURES
-@@ -2870,7 +2870,7 @@
+@@ -2881,7 +2881,7 @@
   *
   * Enable this layer to allow use of mutexes within mbed TLS
   */

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE mbedtls-2.16.4

Rafael Sadowski
On Thu Jan 30, 2020 at 06:07:36PM +0100, Bjorn Ketelaars wrote:

> On Thu 23/01/2020 05:38, Bjorn Ketelaars wrote:
> > On Thu 16/01/2020 07:22, Bjorn Ketelaars wrote:
> > > mbedtls-2.16.4 has been released, which fixes a side channel attack on
> > > ECDSA (CVE-2019-18222). More information can be found at
> > > https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
> > >
> > > Changes to port:
> > > - Minor of mbedcrypto has been bumped as a symbol has been added.
> > >
> > > Testing:
> > > - 'make test' runs successfully
> > > - build tested all consumers
> > > - run tested in combination with openvpn,mbedtls
> > >
> > > I also tested this update on current.
> > >
> > > OK to push this update to both snapshot and current?
> >
> > Ping...
> >
>
>
> Another ping...

Hi Bjorn,

I don't like diffs like that. I have to search for mbedtls to find the
directory aka category. It would be helpful if the path was placed
somewhere. Maybe in the mail subject?!

Surprise surprise, it's polarssl. However, ok rsadowski@

100% tests passed, 0 tests failed out of 72

>
> For your convenience:
>
>
> diff --git Makefile Makefile
> index 497dcde0b01..ba301feb7f1 100644
> --- Makefile
> +++ Makefile
> @@ -4,12 +4,12 @@ PORTROACH= limit:^2\.16
>  
>  COMMENT= SSL library with an intuitive API and readable source code
>  
> -DISTNAME= mbedtls-2.16.3
> +DISTNAME= mbedtls-2.16.4
>  EXTRACT_SUFX= -gpl.tgz
>  
>  # check SOVERSION
>  SHARED_LIBS +=  mbedtls                   6.1 # 12
> -SHARED_LIBS +=  mbedcrypto                4.3 # 3
> +SHARED_LIBS +=  mbedcrypto                4.4 # 3
>  SHARED_LIBS +=  mbedx509                  3.1 # 0
>  
>  CATEGORIES= security
> diff --git distinfo distinfo
> index d8a902b3eb9..258fc934363 100644
> --- distinfo
> +++ distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (mbedtls-2.16.3-gpl.tgz) = /QH+SyiRFt93gdBeHvcStsmII8UzT0onQE8TqNBm72o=
> -SIZE (mbedtls-2.16.3-gpl.tgz) = 2560598
> +SHA256 (mbedtls-2.16.4-gpl.tgz) = X9ucQ6tD/ZvMNjFQgXCwie3nuG3WVSU6k8sP/rQjCfM=
> +SIZE (mbedtls-2.16.4-gpl.tgz) = 2699806
> diff --git patches/patch-include_mbedtls_config_h patches/patch-include_mbedtls_config_h
> index 3dc01becdf9..68e6102944f 100644
> --- patches/patch-include_mbedtls_config_h
> +++ patches/patch-include_mbedtls_config_h
> @@ -6,7 +6,7 @@ www/hiawatha.
>  Index: include/mbedtls/config.h
>  --- include/mbedtls/config.h.orig
>  +++ include/mbedtls/config.h
> -@@ -1678,7 +1678,7 @@
> +@@ -1685,7 +1685,7 @@
>    *
>    * Uncomment this to enable pthread mutexes.
>    */
> @@ -15,7 +15,7 @@ Index: include/mbedtls/config.h
>  
>   /**
>    * \def MBEDTLS_VERSION_FEATURES
> -@@ -2870,7 +2870,7 @@
> +@@ -2881,7 +2881,7 @@
>    *
>    * Enable this layer to allow use of mutexes within mbed TLS
>    */
>

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE mbedtls-2.16.4

Klemens Nanni-2
On Thu, Jan 30, 2020 at 09:22:59PM +0100, Rafael Sadowski wrote:
> I don't like diffs like that. I have to search for mbedtls to find the
> directory aka category. It would be helpful if the path was placed
> somewhere. Maybe in the mail subject?!
>
> Surprise surprise, it's polarssl. However, ok rsadowski@
I agree that providing this info is always helpful, but you can also do
this:

        $ pkg_info -P mbedtls
        Information for https://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/mbedtls-2.16.3.tgz

        Pkgpath:
        security/polarssl