From 39d97334ba69dedfcfae7b8f536155fe7428abcb Mon Sep 17 00:00:00 2001 From: Milan Bouchet-Valat Date: Thu, 10 Feb 2022 19:35:34 +0100 Subject: [PATCH] Upgrade mbedTLS --- deps/Versions.make | 4 +- deps/checksums/mbedtls | 68 ++++++++++++------------- deps/libssh2.mk | 11 ++-- deps/libssh2.version | 2 +- deps/mbedtls.mk | 11 ---- deps/patches/mbedtls-cmake-findpy.patch | 23 --------- stdlib/MbedTLS_jll/Project.toml | 4 +- 7 files changed, 47 insertions(+), 76 deletions(-) delete mode 100644 deps/patches/mbedtls-cmake-findpy.patch diff --git a/deps/Versions.make b/deps/Versions.make index 5993ce2da2149..7de304858252a 100644 --- a/deps/Versions.make +++ b/deps/Versions.make @@ -36,7 +36,7 @@ LAPACK_VER := 3.9.0 LIBGIT2_JLL_NAME := LibGit2 # LibSSH2 -LIBSSH2_VER := 1.9.0 +LIBSSH2_VER := 1.10.2 LIBSSH2_JLL_NAME := LibSSH2 # LibUV @@ -58,7 +58,7 @@ LLVMUNWIND_VER := 12.0.1 LLVMUNWIND_JLL_NAME := LLVMLibUnwind # MbedTLS -MBEDTLS_VER := 2.24.0 +MBEDTLS_VER := 2.28.0 MBEDTLS_JLL_NAME := MbedTLS # MPFR diff --git a/deps/checksums/mbedtls b/deps/checksums/mbedtls index e0102fab62304..723b9012bfe00 100644 --- a/deps/checksums/mbedtls +++ b/deps/checksums/mbedtls @@ -1,34 +1,34 @@ -mbedtls-2.24.0.tar.gz/md5/9d1adcec4aa6729ae1dc56c3a24cb7d2 -mbedtls-2.24.0.tar.gz/sha512/a51e80cedfa5c1772c79cba2dacd33f551516debf083803f7a5c1f4817c928e3bfb343fbe0c2e70ed591d0eba8fdc1bc46d11de7c3d12f50826de8f2f2ece279 -MbedTLS.v2.24.0+2.aarch64-apple-darwin.tar.gz/md5/89acea2c0b9ea2b8e242a915f920f2f9 -MbedTLS.v2.24.0+2.aarch64-apple-darwin.tar.gz/sha512/3ac7cb48316466aeffc09c94b8af9f677972022f070975c7b5d782ac09ddd2e6a4eb95c34e90e2902339d3b77523a10ebe5da6357a12b38a2390d8ff5f320d52 -MbedTLS.v2.24.0+2.aarch64-linux-gnu.tar.gz/md5/7f5f0e559f63f028492c882f9b59e4c8 -MbedTLS.v2.24.0+2.aarch64-linux-gnu.tar.gz/sha512/08a5e3234d82551681693ddc357ebd78178315edc9b5a1d306e4a1f6cb750defaac39646bd1b87adae61783763922f6164a7806c0b707cb73a35e330bd51a4c5 -MbedTLS.v2.24.0+2.aarch64-linux-musl.tar.gz/md5/48b5ff73cfe8423636760acf2dd9d5d9 -MbedTLS.v2.24.0+2.aarch64-linux-musl.tar.gz/sha512/be349fc9db28feae347240dc4e89dc9f64c6da9ec07b7503e3f549980e0e7cb79e27cab1db5359a294119cb850623e3c2099f753e3245e2050075bf3925d6a5f -MbedTLS.v2.24.0+2.armv6l-linux-gnueabihf.tar.gz/md5/2c291039ebd31e7ed38abad7652bca6c -MbedTLS.v2.24.0+2.armv6l-linux-gnueabihf.tar.gz/sha512/b32ce3481ad62c0e50398d9e52800b535a4b75ee2204f26b295afbb20f17dde275c3f0454f6b62a6fbe32e3ff2a2d82bd58637eddfa671a3822142b568bc23de -MbedTLS.v2.24.0+2.armv6l-linux-musleabihf.tar.gz/md5/f09c82e674d4d4127791cc1663f3edb4 -MbedTLS.v2.24.0+2.armv6l-linux-musleabihf.tar.gz/sha512/8bf11a1fdffe5d24dce7305e564a85a1365d427c5e9d7a64d19dd4a4d9d6d14af58cdeb01130105d4eb2e5660304b4e1d876c8811000e20cf63da371724d8b53 -MbedTLS.v2.24.0+2.armv7l-linux-gnueabihf.tar.gz/md5/fa072b7d8e462d2ffcd023029bbaa888 -MbedTLS.v2.24.0+2.armv7l-linux-gnueabihf.tar.gz/sha512/6a5f6b911b9235ea24e1d85f48378dd32214b93902a505ab5bad32407175fca39beecd51ad6406b39372dff32ca1279798b22b87e3161b7b3bc886b99e9bab23 -MbedTLS.v2.24.0+2.armv7l-linux-musleabihf.tar.gz/md5/d5ba2094542b57a89dba785b409a8e3d -MbedTLS.v2.24.0+2.armv7l-linux-musleabihf.tar.gz/sha512/806fc661aab78a6498fd07390ae17e0dcf8ff059c35485dbebfeb7d67ecdd63d4338e888f529e824ba1a7e19efcfcf870ba0e77d17796601d3d9eba60c71ec48 -MbedTLS.v2.24.0+2.i686-linux-gnu.tar.gz/md5/472bbc20dea953e84a2f4285d02ae34f -MbedTLS.v2.24.0+2.i686-linux-gnu.tar.gz/sha512/b199e56362414620a2017d439ff5532f402f8818ea6de5b89fc8a0f0a8379634b9828d85592c3bdab6a9cc577b49a204f05c401c176a4d89b8657ea620c72a2c -MbedTLS.v2.24.0+2.i686-linux-musl.tar.gz/md5/013bf8bc2631be22e5eafd29959be7ae -MbedTLS.v2.24.0+2.i686-linux-musl.tar.gz/sha512/fea4c10167cdfa5eea3691ff3bd3456e1cbdc58f46e426773f89bf07458fc62388094c0ea2de9c08b59ddf666d1cc21d562ea138ecee1f77ecb747c9280e51f9 -MbedTLS.v2.24.0+2.i686-w64-mingw32.tar.gz/md5/cc1df8b667a9d59f680d5a441cd1111d -MbedTLS.v2.24.0+2.i686-w64-mingw32.tar.gz/sha512/7daa94492c1613f2b5109ee54eae9c8deb75d2bbec43040238bf54088d7020b4e6406a24561b4bf9ed49f0ea16130e0bdb4f7ca0a9f57494444fd95adec34bd7 -MbedTLS.v2.24.0+2.powerpc64le-linux-gnu.tar.gz/md5/530623572e7513c1deec9ee48c0d7cec -MbedTLS.v2.24.0+2.powerpc64le-linux-gnu.tar.gz/sha512/57bd76d3fc25e84acd7b36fab87b49c4ad6e7f276a030efcc0f1c58288ab9d641ae5291194435ab0cf8ddb4366fbd8c813e77d16d05cc97cc9f3a818191ab3e3 -MbedTLS.v2.24.0+2.x86_64-apple-darwin.tar.gz/md5/cafce731fa866c2dcb3cbe63fd314c67 -MbedTLS.v2.24.0+2.x86_64-apple-darwin.tar.gz/sha512/61b12c959b2db726cef80cfd34880beac3d6a4722492ada88007c2e12d70bf01da57af50e11e760df3db930f5e5ce33c1aeb282c38bb4d1c9521ef2a5440b9d6 -MbedTLS.v2.24.0+2.x86_64-linux-gnu.tar.gz/md5/c54cd5248b854314cb7e85b3d83e25fe -MbedTLS.v2.24.0+2.x86_64-linux-gnu.tar.gz/sha512/5e1659766d7949ba54456fea7eb62d19ef5952f6511be8a5992371ace1a85203dc8cf1274fec8b7934f856beb679facb6c4141deada9f39301b1079473092d5c -MbedTLS.v2.24.0+2.x86_64-linux-musl.tar.gz/md5/3cacfb653a3c8acef2f26765333ef1c8 -MbedTLS.v2.24.0+2.x86_64-linux-musl.tar.gz/sha512/4a8eea91c0d523370f71823a3b07f22f89a87eb9d408b9dc3b68e438e405fa12879de48a5ed8d88bfcaa53457a1892d018d0ecfb3af214617efff936f3e4e396 -MbedTLS.v2.24.0+2.x86_64-unknown-freebsd.tar.gz/md5/d28184bbe5eb687144f2dc0b945eca9b -MbedTLS.v2.24.0+2.x86_64-unknown-freebsd.tar.gz/sha512/eff3a2ca8a95eb412636fd085822c20be89b2b788bdc4e814b147883f40f7353c7f298a4b892dab48184355226c4b10010b7a839d6f9162fbaaeb78ab3922b5f -MbedTLS.v2.24.0+2.x86_64-w64-mingw32.tar.gz/md5/645fcd040da480c11d5eee41291c7354 -MbedTLS.v2.24.0+2.x86_64-w64-mingw32.tar.gz/sha512/30753fdb2e3856472bbc46ad0747955d258b08ae4d8961f363489ba04c869a3cd09653e6061f38636cc973a6cb96ca2da55a819f573931de654a837ffb602516 +MbedTLS.v2.28.0+0.aarch64-apple-darwin.tar.gz/md5/ba33f960c7bcc3fda818c84f5e716df7 +MbedTLS.v2.28.0+0.aarch64-apple-darwin.tar.gz/sha512/3878531424317954417d09090b0a7618c6c0a6907bb04db34aef37d55a033972371455fcffca548ac03be41c0b0d1f8e51a9fe6e8f8fb4d8ef4fcbf91f15b3ea +MbedTLS.v2.28.0+0.aarch64-linux-gnu.tar.gz/md5/9e7c78fc7c39fd19dcb170d57c8c0ec6 +MbedTLS.v2.28.0+0.aarch64-linux-gnu.tar.gz/sha512/59eaeec1a772265e62fa4049e0bc8c96cd7403d954213ac6098921acf6e128b624d6bc1ba5c6062c88ecb92aa8bf9d0a06e365eee241b6516ef0bfe2b4c47188 +MbedTLS.v2.28.0+0.aarch64-linux-musl.tar.gz/md5/44f939956834d5d8130ccb3bd5962b0c +MbedTLS.v2.28.0+0.aarch64-linux-musl.tar.gz/sha512/f9797a44851222c005fd4068df6e0bcee68133c9a48e19e16d188b8a6927be56c620fec83264398d682eb5c89b7f01683e5898d3cbcb7aecf53e5ce678464db6 +MbedTLS.v2.28.0+0.armv6l-linux-gnueabihf.tar.gz/md5/fc07035dddd51e9c57e62edfc3fc5691 +MbedTLS.v2.28.0+0.armv6l-linux-gnueabihf.tar.gz/sha512/ffb707ba7439050862654316b4388f52e8bd09bbeb7076cf6cdc924cb60c61f871c01ccfe14e1ae1e62a5733490487324ba60e8545d60902f3317039264db83b +MbedTLS.v2.28.0+0.armv6l-linux-musleabihf.tar.gz/md5/fc54575519130bd468ee4dbe23da0ea9 +MbedTLS.v2.28.0+0.armv6l-linux-musleabihf.tar.gz/sha512/d4b9e1bd8877f7d93d1b4e0d1c4c3d4e5d2af6920e39222667e689ec84cf9817988c91a826755a734a60ce05fed913e5421b8aa9980f257450da7f51c5e9342a +MbedTLS.v2.28.0+0.armv7l-linux-gnueabihf.tar.gz/md5/0753a99f4645ba7e1ceb27a03c65a107 +MbedTLS.v2.28.0+0.armv7l-linux-gnueabihf.tar.gz/sha512/a7a65338ee6f93117d44975651d77c351f0c919a3ae2eea6e220719dd084f71617946adf04a08a82d55c22af0275d21fce3c692becf87ccf2d932c8aa32af7af +MbedTLS.v2.28.0+0.armv7l-linux-musleabihf.tar.gz/md5/ff335caa1cec22366cfa2c2bf87f61f7 +MbedTLS.v2.28.0+0.armv7l-linux-musleabihf.tar.gz/sha512/a3ff7d53b45134165347dec209bc27f48be984b4fb58ddd54286a146b837d038ab21e22033f1e0713d359c72adc0b97e979532ebaa734495eb88bfceaf3c2155 +MbedTLS.v2.28.0+0.i686-linux-gnu.tar.gz/md5/c4c9728ee9d875685765eb4c9c3bf731 +MbedTLS.v2.28.0+0.i686-linux-gnu.tar.gz/sha512/214142ee7ca3a5b447a97928ffcbe0389fbb8c1fa68de387656e5c0e4406f02411e4183fb051b2107600b222bd5279b9fd3a5aec43a9d97a9556b08c5338cb7b +MbedTLS.v2.28.0+0.i686-linux-musl.tar.gz/md5/2684f2bc8a04234ae67603150e6d0917 +MbedTLS.v2.28.0+0.i686-linux-musl.tar.gz/sha512/a533afd26893464bee62dbfa9babf6e4e1119a4be31ecb242e2ff28f5f6e3a3969057e2ce653c98c1b8d2a19e340df7a17dac8693fce270399df92cfbf3a32ca +MbedTLS.v2.28.0+0.i686-w64-mingw32.tar.gz/md5/f205fd351e94f42cd38d34d3eff6e69a +MbedTLS.v2.28.0+0.i686-w64-mingw32.tar.gz/sha512/cfdb819d3e6fa9ce3985e29ac733c2af6c988230ae49bbdc13f0fc234e82444d17ce5da4d3b6d8cc6ac45ea4a999f0ce03ac42533223c87bea066a371487ef1e +MbedTLS.v2.28.0+0.powerpc64le-linux-gnu.tar.gz/md5/41b1f61ebda30a8e8f02dcd955ae0d40 +MbedTLS.v2.28.0+0.powerpc64le-linux-gnu.tar.gz/sha512/25b62106404cb3b9be3e0f778ed953bdcf9d18cb289be823f97f7a1759012c84cfe7240fc936f2e6e858273ce2022d75ecc2554d5696cea110eda6d059362416 +MbedTLS.v2.28.0+0.x86_64-apple-darwin.tar.gz/md5/e7b286dac94bef06915930180b2d3bac +MbedTLS.v2.28.0+0.x86_64-apple-darwin.tar.gz/sha512/a2acaacb77ca6e2704144d8d99e51df49b1fc69c8751e43973e0c41219d023676d35ae05bd4ff7a3680dc0edf5438e51b67baa76f5b78947560dcc420623a3da +MbedTLS.v2.28.0+0.x86_64-linux-gnu.tar.gz/md5/39662265088efadb142fdc7255a0b7a3 +MbedTLS.v2.28.0+0.x86_64-linux-gnu.tar.gz/sha512/a3648c78bebf4c024ddf491965cb7707df887ce10dec6f9e42eb6493bc7d1220e5b23c53f5e4e73dfe94e8d8dcf35ffc6860d1992deb9b63a0c4691d4167e59f +MbedTLS.v2.28.0+0.x86_64-linux-musl.tar.gz/md5/1fbe9f2593bc11af031075b58a108bc8 +MbedTLS.v2.28.0+0.x86_64-linux-musl.tar.gz/sha512/d185ced64d471fba9ae1aa495b2eba0e60738e8e5ef918670b1c40cc8981389ecd48e4f17506229bafab4a11f7a257d3d544cfe87ad198482778931c2a7a8aa9 +MbedTLS.v2.28.0+0.x86_64-unknown-freebsd.tar.gz/md5/26beed62ee2abe8c6e52c1dbddbe0b1a +MbedTLS.v2.28.0+0.x86_64-unknown-freebsd.tar.gz/sha512/f04a417d99e3b908383d3c14cf8512b2f13e4b226d07235e2334090aadb6aecce40a23ae8f8df9c0ed9618707e839aaac6de64d5fee6d7e3955b290bc564d3a2 +MbedTLS.v2.28.0+0.x86_64-w64-mingw32.tar.gz/md5/cc55fe5537719aa8bf3bbee981c01413 +MbedTLS.v2.28.0+0.x86_64-w64-mingw32.tar.gz/sha512/3436647e81fdb9db138063229f20f47e2c8405e6379ca3e7cf38fb9fde84d2b6618a5f29b8df19cbffe75af7f99e00e9583d67be7b53dcce27bff453b96dcf13 +mbedtls-2.28.0.tar.gz/md5/d64054513df877458493dbb28e2935fa +mbedtls-2.28.0.tar.gz/sha512/907867edf532ba3b099f4fb7ce31f5773ceceb072a8d067b1d830e879d541f92f401d64f13bbe6b4eb0845e58bb765d7d28896be414bb0fc7ac5b3876066be5f diff --git a/deps/libssh2.mk b/deps/libssh2.mk index 5c4cbf580ec1f..e852d59fa996d 100644 --- a/deps/libssh2.mk +++ b/deps/libssh2.mk @@ -28,13 +28,18 @@ ifeq ($(LIBSSH2_ENABLE_TESTS), 0) LIBSSH2_OPTS += -DBUILD_TESTING=OFF endif +LIBSSH2_SRC_PATH := $(SRCCACHE)/$(LIBSSH2_SRC_DIR) -$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/deps/patches/libssh2-userauth-check.patch-applied: $(SRCCACHE)/$(LIBSSH2_SRC_DIR)/source-extracted - cd $(LIBSSH2_SRC_DIR) && \ + # Apply patch to fix v1.10.0 CVE (https://github.com/libssh2/libssh2/issues/649), drop with v1.11 +$(LIBSSH2_SRC_PATH)/libssh2-userauth-check.patch-applied: $(LIBSSH2_SRC_PATH)/source-extracted + cd $(LIBSSH2_SRC_PATH) && \ patch -p1 -f < $(SRCDIR)/patches/libssh2-userauth-check.patch echo 1 > $@ -$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(SRCCACHE)/$(LIBSSH2_SRC_DIR)/source-extracted +$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: \ + $(LIBSSH2_SRC_PATH)/libssh2-userauth-check.patch-applied + +$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(LIBSSH2_SRC_PATH)/source-extracted mkdir -p $(dir $@) cd $(dir $@) && \ $(CMAKE) $(dir $<) $(LIBSSH2_OPTS) diff --git a/deps/libssh2.version b/deps/libssh2.version index 1182a2e24e1d1..1c4d5412c0c09 100644 --- a/deps/libssh2.version +++ b/deps/libssh2.version @@ -1,2 +1,2 @@ LIBSSH2_BRANCH=libssh2-1.10.0 -LIBSSH2_SHA1=2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51 +LIBSSH2_SHA1=635caa90787220ac3773c1d5ba11f1236c22eae8 diff --git a/deps/mbedtls.mk b/deps/mbedtls.mk index 83085ed2d2709..f5890a6342e70 100644 --- a/deps/mbedtls.mk +++ b/deps/mbedtls.mk @@ -31,17 +31,6 @@ $(SRCCACHE)/$(MBEDTLS_SRC)/source-extracted: $(SRCCACHE)/$(MBEDTLS_SRC).tar.gz checksum-mbedtls: $(SRCCACHE)/$(MBEDTLS_SRC).tar.gz $(JLCHECKSUM) $< -$(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied: $(SRCCACHE)/$(MBEDTLS_SRC)/source-extracted - # Apply workaround for CMake 3.18.2 bug (https://github.com/ARMmbed/mbedtls/pull/3691). - # This patch merged upstream shortly after MBedTLS's 2.25.0 minor release, so chances - # are it will be included at least in their next minor release (2.26.0?). - cd $(SRCCACHE)/$(MBEDTLS_SRC) && \ - patch -p1 -f < $(SRCDIR)/patches/mbedtls-cmake-findpy.patch - echo 1 > $@ - -$(BUILDDIR)/$(MBEDTLS_SRC)/build-configured: \ - $(SRCCACHE)/$(MBEDTLS_SRC)/mbedtls-cmake-findpy.patch-applied - $(BUILDDIR)/$(MBEDTLS_SRC)/build-configured: $(SRCCACHE)/$(MBEDTLS_SRC)/source-extracted mkdir -p $(dir $@) cd $(dir $@) && \ diff --git a/deps/patches/mbedtls-cmake-findpy.patch b/deps/patches/mbedtls-cmake-findpy.patch deleted file mode 100644 index ddbb1fc2f4aa7..0000000000000 --- a/deps/patches/mbedtls-cmake-findpy.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 8833246..2ed55ed 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -17,6 +17,18 @@ - # - - cmake_minimum_required(VERSION 2.6) -+ -+# https://cmake.org/cmake/help/latest/policy/CMP0011.html -+# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD -+# policy setting is deprecated, and will be removed in future versions. -+cmake_policy(SET CMP0011 NEW) -+# https://cmake.org/cmake/help/latest/policy/CMP0012.html -+# Setting the CMP0012 policy to NEW is required for FindPython3 to work with CMake 3.18.2 -+# (there is a bug in this particular version), otherwise, setting the CMP0012 policy is required -+# for CMake versions >= 3.18.3 otherwise a deprecated warning is generated. The OLD policy setting -+# is deprecated and will be removed in future versions. -+cmake_policy(SET CMP0012 NEW) -+ - if(TEST_CPP) - project("mbed TLS" C CXX) - else() diff --git a/stdlib/MbedTLS_jll/Project.toml b/stdlib/MbedTLS_jll/Project.toml index 9533336ca9f81..00a6b29426d91 100644 --- a/stdlib/MbedTLS_jll/Project.toml +++ b/stdlib/MbedTLS_jll/Project.toml @@ -1,13 +1,13 @@ name = "MbedTLS_jll" uuid = "c8ffd9c3-330d-5841-b78e-0817d7145fa1" -version = "2.24.0+2" +version = "2.28.0+0" [deps] Libdl = "8f399da3-3557-5675-b5ff-fb832c97cbdb" Artifacts = "56f22d72-fd6d-98f1-02f0-08ddc0907c33" [compat] -julia = "1.6" +julia = "1.8" [extras] Test = "8dfed614-e22c-5e08-85e1-65c5234f0b40"