FreeBSD/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2026-06-02 11:08:52 +00:00
Code Issues Projects Releases Wiki Activity

security/mbedtls4: Apply upstream fix for a TLS 1.2 client regression

Browse Source 
TLS 1.2 client regression that caused valid ServerKeyExchange signatures
using rsa_pss_rsae_* to be rejected:
https://github.com/Mbed-TLS/mbedtls/issues/10668
https://github.com/Mbed-TLS/mbedtls/commit/5fc28f401666f3ab3338168f6dcee71e6b468a4e

While at it, add a DEBUG option that was useful to figure out the
problem.

PR:		294776
Sponsored by:	UNIS Labs
Co-authored-by:	Vladimir Druzenko <vvd@FreeBSD.org>
MFH:		2026Q2
This commit is contained in:
Fabian Keil
2026-04-30 18:13:39 +03:00
committed by Vladimir Druzenko
parent 1fed4092f8
commit 12d2ebc10b
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/mbedtls4/Makefile
+14
View File
@@ -1,9 +1,16 @@
PORTNAME= mbedtls
DISTVERSION= 4.1.0
PORTREVISION= 1
CATEGORIES= security devel
MASTER_SITES= https://github.com/Mbed-TLS/${PORTNAME}/releases/download/${DISTNAME}/
PKGNAMESUFFIX= 4
PATCH_SITES= https://github.com/Mbed-TLS/${PORTNAME}/commit/
PATCHFILES= 5fc28f401666f3ab3338168f6dcee71e6b468a4e.patch:-p1
# Fix a TLS 1.2 client regression that caused valid ServerKeyExchange
# signatures using rsa_pss_rsae_* to be rejected.
# https://github.com/Mbed-TLS/mbedtls/issues/10668
MAINTAINER= pkaipila@gmail.com
COMMENT= Embedded SSL/TLS and cryptography library
WWW= https://www.trustedfirmware.org/projects/mbed-tls/
@@ -31,15 +38,22 @@ PORTSCOUT= limit:^${DISTVERSION:R:S/./\./g}\.
PLIST_SUB= DISTVERSION=${DISTVERSION}
OPTIONS_DEFINE= DEBUG
pre-configure:
@${WRKSRC}/scripts/config.py set MBEDTLS_SSL_DTLS_SRTP
@${WRKSRC}/scripts/config.py set MBEDTLS_THREADING_C
@${WRKSRC}/scripts/config.py set MBEDTLS_THREADING_PTHREAD
pre-configure-DEBUG-on:
@${WRKSRC}/scripts/config.py set MBEDTLS_DEBUG_C
post-install:
@cd ${STAGEDIR}${PREFIX}/bin && for f in *; do \
${MV} "$$f" "mbedtls_$$f"; \
done
post-install-DEBUG-off:
@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libmbedcrypto.so
.include <bsd.port.mk>
security/mbedtls4/distinfo
+3 -1
View File
@@ -1,3 +1,5 @@
TIMESTAMP = 1775565640
TIMESTAMP = 1777117771
SHA256 (mbedtls-4.1.0.tar.bz2) = 377a09cf8eb81b5fb2707045e5522d5489d3309fed5006c9874e60558fc81d10
SIZE (mbedtls-4.1.0.tar.bz2) = 7009629
SHA256 (5fc28f401666f3ab3338168f6dcee71e6b468a4e.patch) = 1d2522273d11d420a55e8a86b8df0b4482be61e6ec42f8c8e029acba727bc4c0
SIZE (5fc28f401666f3ab3338168f6dcee71e6b468a4e.patch) = 8585