/mbedtls1, Lightweight, modular cryptographic and SSL/TLS library
1.3.17, Package name:
mbedtls-1.3.17, Maintainer: pkgsrc-users
mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers
to include cryptographic and SSL/TLS capabilities in their (embedded)
products, facilitating this functionality with a minimal coding footprint.
This package holds the maintenance 1.3.x branch of mbedtls.
Master sites: SHA1:
Version history: (Expand)
- (2016-09-15) Updated to version: mbedtls-1.3.17
- (2016-07-09) Updated to version: mbedtls-1.3.16nb1
- (2016-06-16) Package added to pkgsrc.se, version mbedtls-1.3.16 (created)
CVS history: (Expand)
| 2016-09-15 12:48:01 by Filip Hajny | Files touched by this commit (3) | |
Update security/mbedtls1 to 1.3.17
- Fixed missing padding length check required by PKCS1 v2.2 in
mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact)
- Fixed potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_oaep_encrypt(). (not triggerable remotely in
- Fixed potential integer underflow to buffer overread in
mbedtls_rsa_rsaes_oaep_decrypt(). It is not triggerable remotely
- Fixed bug in mbedtls_mpi_add_mpi() that caused wrong results
when the three arguments were the same (in-place doubling). #309
- Fixed issue in Makefile that prevented building using armar.
- Fixed issue that caused a hang when generating RSA keys of odd
- Fixed bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt() that made
null pointer dereference possible.
- Fixed issue that caused a crash if invalid curves were passed to
- On ARM platforms, when compiling with -O0 with GCC, Clang or
armcc5, don't use the optimized assembly for bignum
multiplication. This removes the need to pass -fomit-frame-pointer
to avoid a build error with -O0.
- Disabled SSLv3 in the default configuration.
| 2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | |
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
| 2016-06-16 11:21:11 by Filip Hajny | Files touched by this commit (9) |
Import mbedtls-1.3.16 as security/mbedtls1.
This is based on security/mbedtls and only meant for compatibility
with software that doesn't support mbedtls>=2 yet (mainly requires
the PolarSSL compatibility layer).