CVS commit: pkgsrc/security/mbedtls

["Izumi Tsutsui" <tsutsui%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tsutsui
Date:           Thu Aug 15 17:37:26 UTC 2024

Modified Files:
        pkgsrc/security/mbedtls: Makefile PLIST distinfo

Log Message:
mbedtls: update to 2.28.8.

pkgsrc changes:
- comment out python dependencies that seem required only for tests
  already disabled in pkgsrc
- pkglint

Upstream changes (from ChangeLog):

= Mbed TLS 2.28.8 branch released 2024-03-28

Features
   * AES-NI is now supported in Windows builds with clang and clang-cl.
     Resolves #8372.
   * Add pc files for pkg-config, e.g.:
     pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)

Security
   * Passing buffers that are stored in untrusted memory as arguments
     to PSA functions is now secure by default.
     The PSA core now protects against modification of inputs or exposure
     of intermediate outputs during operations. This is currently implemented
     by copying buffers.
     This feature increases code size and memory usage. If buffers passed to
     PSA functions are owned exclusively by the PSA core for the duration of
     the function call (i.e. no buffer parameters are in shared memory),
     copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
     Note that setting this option will cause input-output buffer overlap to
     be only partially supported (#3266).
     Fixes CVE-2024-28960.

Bugfix
   * Fix the build with CMake when Everest is enabled through
     a user configuration file or the compiler command line. Fixes #8165.
   * Fix an inconsistency between implementations and usages of `__cpuid`,
     which mainly causes failures when building Windows target using
     mingw or clang. Fixes #8334 & #8332.
   * Correct initial capacities for key derivation algorithms: TLS12_PRF,
     TLS12_PSK_TO_MS.
   * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
     multiple of 8. Fixes #868.
   * Avoid segmentation fault caused by releasing not initialized
     entropy resource in gen_key example. Fixes #8809.
   * Fix missing bitflags in SSL session serialization headers. Their absence
     allowed SSL sessions saved in one configuration to be loaded in a
     different, incompatible configuration.
   * Fix the restoration of the ALPN when loading serialized connection with
     the mbedtls_ssl_context_load() API.
   * Fully support arbitrary overlap between inputs and outputs of PSA
     functions. Note that overlap is still only partially supported when
     MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266).

Changes
   * Use heap memory to allocate DER encoded public/private key.
     This reduces stack usage significantly for writing a public/private
     key to a PEM string.
   * cmake: Use GnuInstallDirs to customize install directories
     Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
     variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
     LIB_INSTALL_DIR is set.

= Mbed TLS 2.28.7 branch released 2024-01-26

Security
   * Fix a timing side channel in private key RSA operations. This side channel
     could be sufficient for an attacker to recover the plaintext. A local
     attacker or a remote attacker who is close to the victim on the network
     might have precise enough timing measurements to exploit this. It requires
     the attacker to send a large number of messages for decryption. For
     details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
     by Hubert Kario, Red Hat.
   * Fix a failure to validate input when writing x509 extensions lengths which
     could result in an integer overflow, causing a zero-length buffer to be
     allocated to hold the extension. The extension would then be copied into
     the buffer, causing a heap buffer overflow.

= Mbed TLS 2.28.6 branch released 2023-11-06

Changes
   *  Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
      license. Users may choose which license they take the code under.

= Mbed TLS 2.28.5 branch released 2023-10-05

Features
   * The documentation of mbedtls_ecp_group now describes the optimized
     representation of A for some curves. Fixes #8045.

Security
   * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
     review the size of the output buffer passed to this function, and note
     that the output after decryption may include CBC padding. Consider moving
     to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
     which checks for overflow of the output buffer and reports the actual
     length of the output.
   * Improve padding calculations in CBC decryption, NIST key unwrapping and
     RSA OAEP decryption. With the previous implementation, some compilers
     (notably recent versions of Clang and IAR) could produce non-constant
     time code, which could allow a padding oracle attack if the attacker
     has access to precise timing measurements.
   * Fix a buffer overread when parsing short TLS application data records in
     ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.

Bugfix
   * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
     using ECC key. The certificate was rejected by some crypto frameworks.
     Fixes #2924.
   * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
     signature can silently return an incorrect result in low memory conditions.
   * Fix IAR compiler warnings. Fixes #7873, #4300.
   * Fix an issue when parsing an otherName subject alternative name into a
     mbedtls_x509_san_other_name struct. The type-id of the otherName was not
     copied to the struct. This meant that the struct had incomplete
     information about the otherName SAN and contained uninitialized memory.
   * Fix the detection of HardwareModuleName otherName SANs. These were being
     detected by comparing the wrong field and the check was erroneously
     inverted.
   * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
     MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
   * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
     error code on failure. Before, they returned 1 to indicate failure in
     some cases involving a missing entry or a full cache.

Changes
   * In configurations with ARIA or Camellia but not AES, the value of
     MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
     suggest. This did not affect any library code, because this macro was
     only used in relation with CMAC which does not support these ciphers.
     Its value is now 16 if ARIA or Camellia are present. This may affect
     application code that uses this macro.

= Mbed TLS 2.28.4 branch released 2023-08-04

Features
   * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
     setting the CMake variable of the same name at configuration time.

Bugfix
   * Fix crypt_and_hash decryption fail when used with a stream cipher
     mode of operation, due to the input not being a multiple of the block
     size. Resolves #7417.
   * Fix a bug where mbedtls_x509_string_to_names() would return success
     when given a invalid name string, if it did not contain '=' or ','.
   * Fix missing PSA initialization in sample programs when
     MBEDTLS_USE_PSA_CRYPTO is enabled.
   * Fix clang and armclang compilation error when targeting certain Arm
     M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
     SecurCore SC000). Fixes #1077.
   * Fixed an issue that caused compile errors when using CMake and the IAR
     toolchain.
   * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
   * Fix builds on Windows with clang.
   * Fix compilation warnings in aes.c for certain combinations
     of configuration options.
   * Fix a compilation error on some platforms when including mbedtls/ssl.h
     with all TLS support disabled. Fixes #6628.

Changes
   * Update test data to avoid failures of unit tests after 2023-08-07, and
     update expiring certififcates in the certs module.


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 pkgsrc/security/mbedtls/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/mbedtls/PLIST
cvs rdiff -u -r1.20 -r1.21 pkgsrc/security/mbedtls/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/mbedtls/Makefile
diff -u pkgsrc/security/mbedtls/Makefile:1.28 pkgsrc/security/mbedtls/Makefile:1.29
--- pkgsrc/security/mbedtls/Makefile:1.28       Mon Aug 14 05:25:10 2023
+++ pkgsrc/security/mbedtls/Makefile    Thu Aug 15 17:37:25 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.28 2023/08/14 05:25:10 wiz Exp $
+# $NetBSD: Makefile,v 1.29 2024/08/15 17:37:25 tsutsui Exp $
 
-DISTNAME=      mbedtls-2.28.3
-PKGREVISION=   1
+DISTNAME=      mbedtls-2.28.8
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=ARMmbed/}
 GITHUB_TAG=    ${DISTNAME}
@@ -9,13 +8,15 @@ GITHUB_TAG=   ${DISTNAME}
 MAINTAINER=    nia%NetBSD.org@localhost
 HOMEPAGE=      https://tls.mbed.org/
 COMMENT=       Lightweight, modular cryptographic and SSL/TLS library (2.x branch)
-LICENSE=       apache-2.0
+LICENSE=       apache-2.0 OR gnu-gpl-v2
 
 CONFLICTS+=    mbedtls3-[0-9]*
 CONFLICTS+=    polarssl-[0-9]*
 SUPERSEDES+=   polarssl-[0-9]*
 
-USE_LANGUAGES= c99
+USE_LANGUAGES=         c
+USE_CC_FEATURES=       c99
+
 USE_TOOLS+=    pkg-config
 
 CMAKE_ARGS+=   -Wno-dev
@@ -31,9 +32,14 @@ MAKE_ENV+=   RANLIB=${RANLIB:Q}
 
 LDFLAGS.SunOS+=        -lsocket
 
-PYTHON_FOR_BUILD_ONLY= tool
+# python is required only for tests and they are disabled above
+#PYTHON_FOR_BUILD_ONLY=        tool
+
+#PYTHON_VERSIONS_INCOMPATIBLE= 27
 
-PYTHON_VERSIONS_INCOMPATIBLE=  27
+PKGCONFIG_OVERRIDE+=   pkgconfig/mbedcrypto.pc.in
+PKGCONFIG_OVERRIDE+=   pkgconfig/mbedtls.pc.in
+PKGCONFIG_OVERRIDE+=   pkgconfig/mbedx509.pc.in
 
 # Prefix bundled programs so they don't conflict with other packages
 post-install:
@@ -41,12 +47,12 @@ post-install:
                ${MV} "$$f" "mbedtls_$$f"; \
        done
 
-do-test:
-       LD_LIBRARY_PATH=${WRKSRC}/library \
-           ${WRKSRC}/programs/test/selftest
+#do-test:
+#      LD_LIBRARY_PATH=${WRKSRC}/library \
+#          ${WRKSRC}/programs/test/selftest
 
 .include "options.mk"
 .include "../../devel/cmake/build.mk"
-.include "../../lang/python/tool.mk"
+#.include "../../lang/python/tool.mk"
 .include "../../mk/pthread.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/security/mbedtls/PLIST
diff -u pkgsrc/security/mbedtls/PLIST:1.10 pkgsrc/security/mbedtls/PLIST:1.11
--- pkgsrc/security/mbedtls/PLIST:1.10  Thu Aug 11 06:40:38 2022
+++ pkgsrc/security/mbedtls/PLIST       Thu Aug 15 17:37:25 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.10 2022/08/11 06:40:38 wiz Exp $
+@comment $NetBSD: PLIST,v 1.11 2024/08/15 17:37:25 tsutsui Exp $
 bin/mbedtls_benchmark
 bin/mbedtls_cert_app
 bin/mbedtls_cert_req
@@ -24,6 +24,7 @@ bin/mbedtls_key_app_writer
 bin/mbedtls_key_ladder_demo
 bin/mbedtls_key_ladder_demo.sh
 bin/mbedtls_load_roots
+bin/mbedtls_metatest
 bin/mbedtls_mini_client
 bin/mbedtls_mpi_demo
 bin/mbedtls_pem2der
@@ -53,6 +54,23 @@ bin/mbedtls_ssl_server2
 bin/mbedtls_strerror
 bin/mbedtls_udp_proxy
 bin/mbedtls_zeroize
+include/everest/Hacl_Curve25519.h
+include/everest/everest.h
+include/everest/kremlib.h
+include/everest/kremlib/FStar_UInt128.h
+include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h
+include/everest/kremlin/c_endianness.h
+include/everest/kremlin/internal/builtin.h
+include/everest/kremlin/internal/callconv.h
+include/everest/kremlin/internal/compat.h
+include/everest/kremlin/internal/debug.h
+include/everest/kremlin/internal/target.h
+include/everest/kremlin/internal/types.h
+include/everest/kremlin/internal/wasmsupport.h
+include/everest/vs2010/Hacl_Curve25519.h
+include/everest/vs2010/inttypes.h
+include/everest/vs2010/stdbool.h
+include/everest/x25519.h
 include/mbedtls/aes.h
 include/mbedtls/aesni.h
 include/mbedtls/arc4.h
@@ -161,3 +179,6 @@ lib/libmbedx509.a
 lib/libmbedx509.so
 lib/libmbedx509.so.1
 lib/libmbedx509.so.${PKGVERSION}
+lib/pkgconfig/mbedcrypto.pc
+lib/pkgconfig/mbedtls.pc
+lib/pkgconfig/mbedx509.pc

Index: pkgsrc/security/mbedtls/distinfo
diff -u pkgsrc/security/mbedtls/distinfo:1.20 pkgsrc/security/mbedtls/distinfo:1.21
--- pkgsrc/security/mbedtls/distinfo:1.20       Tue Apr 25 23:23:01 2023
+++ pkgsrc/security/mbedtls/distinfo    Thu Aug 15 17:37:25 2024
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.20 2023/04/25 23:23:01 wiz Exp $
+$NetBSD: distinfo,v 1.21 2024/08/15 17:37:25 tsutsui Exp $
 
-BLAKE2s (mbedtls-2.28.3.tar.gz) = 1598ef9876f9f85bc4207e555b89fb7ead5c0ce5f4b0f6e76e8f38b9cf1b15ec
-SHA512 (mbedtls-2.28.3.tar.gz) = f91d29f0cc2d602bcc3492e0c2bbe8aab60f50d5e770791e86c60ba72f99d37f1d50ae4f02f762e963cc8cd97168cf3f3f8e4a8561e67f61b0c864b1a16b34e8
-Size (mbedtls-2.28.3.tar.gz) = 3952712 bytes
+BLAKE2s (mbedtls-2.28.8.tar.gz) = 2a78e9f8f10a7f42fc2aa764d5032814cb65bb02346d8d45756bc97e49969e20
+SHA512 (mbedtls-2.28.8.tar.gz) = 7918c82a33762cbe9dee00d563c56686bfbddeb712cf6de049979b154ac69365d49c36962245a7d1238108742d3435bcfc26f801f3891d2fc1eba0bfb9bbd9ff
+Size (mbedtls-2.28.8.tar.gz) = 4038980 bytes