security/mbedtls: Update to 2.28.7

- Switch to CMake, this is more inline with other distros and simplifies port - Modernize port to follow Porters Handbook more closely - Drop configuration patch and use upstream's supplied tool instead Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.7 PR: 276661 Reviewed by: tijl (maintainer)
2024-02-03 05:09:25 +01:00 · 2024-02-03 05:09:25 +01:00 · 8f6099e035
commit 8f6099e035
parent 204618516a
4 changed files with 27 additions and 62 deletions
--- a/security/mbedtls/Makefile
+++ b/security/mbedtls/Makefile
@ -1,6 +1,6 @@
 PORTNAME=	mbedtls
-PORTVERSION=	2.28.6
 DISTVERSIONPREFIX=${PORTNAME}-
+DISTVERSION=	2.28.7
 CATEGORIES=	security devel

 MAINTAINER=	tijl@FreeBSD.org
@ -11,30 +11,33 @@ LICENSE=	APACHE20 GPLv2+
 LICENSE_COMB=	dual
 LICENSE_FILE=	${WRKSRC}/LICENSE

-USES=		gmake python:test shebangfix
+USES=		cmake:testing python:build,test shebangfix
 SHEBANG_FILES=	scripts/*.py tests/scripts/*.py
+USE_LDCONFIG=	yes

 USE_GITHUB=	yes
 GH_ACCOUNT=	Mbed-TLS

-ALL_TARGET=	no_test
-TEST_TARGET=	test
-MAKE_ENV=	PYTHON=${PYTHON_CMD} SHARED=1
-USE_LDCONFIG=	yes
+PORTSCOUT=	limit:^${DISTVERSION:R:S/./\./g}\.
+PLIST_SUB=	DISTVERSION=${DISTVERSION}

-PORTSCOUT=	limit:^${PORTVERSION:R:S/./\./g}\.
+CMAKE_TESTING_ON=	ENABLE_TESTING

-post-patch:
-	@${RM} ${WRKSRC}/include/mbedtls/*.orig
-	@${REINPLACE_CMD} \
-		-e 's/PREFIX/NAMEPREFIX/' \
-		-e 's/$$(DESTDIR)/&$$(PREFIX)/' \
-		${WRKSRC}/Makefile
-	@${REINPLACE_CMD} 's/-fpic//' ${WRKSRC}/library/Makefile
+CMAKE_OFF=	ENABLE_TESTING
+CMAKE_ON=	CMAKE_BUILD_RPATH_USE_ORIGIN \
+		ENABLE_PROGRAMS \
+		ENABLE_ZLIB_SUPPORT \
+		LINK_WITH_PTHREAD \
+		USE_SHARED_MBEDTLS_LIBRARY
+
+pre-configure:
+	@${WRKSRC}/scripts/config.py -f ${WRKSRC}/include/mbedtls/config.h set MBEDTLS_SSL_DTLS_SRTP
+	@${WRKSRC}/scripts/config.py -f ${WRKSRC}/include/mbedtls/config.h set MBEDTLS_THREADING_C
+	@${WRKSRC}/scripts/config.py -f ${WRKSRC}/include/mbedtls/config.h set MBEDTLS_THREADING_PTHREAD

 post-install:
-	${FIND} ${STAGEDIR}${PREFIX}/bin -type f -not -name \*.sh \
-		-exec ${STRIP_CMD} {} +
-	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/*.so
+	@cd ${STAGEDIR}${PREFIX}/bin && for f in *; do \
+		${MV} "$$f" "mbedtls_$$f"; \
+	done

 .include <bsd.port.mk>
--- a/security/mbedtls/distinfo
+++ b/security/mbedtls/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1699528221
-SHA256 (Mbed-TLS-mbedtls-mbedtls-2.28.6_GH0.tar.gz) = 18cac49f4efef7269d233972bb09c57ace40d992229fa49804e7b10cf0debe43
-SIZE (Mbed-TLS-mbedtls-mbedtls-2.28.6_GH0.tar.gz) = 3988909
+TIMESTAMP = 1706348469
+SHA256 (Mbed-TLS-mbedtls-mbedtls-2.28.7_GH0.tar.gz) = 4390bc4ab1ea9a1ddf3725f540d0f80838c656d1d7987a1cee8b4da43e4571de
+SIZE (Mbed-TLS-mbedtls-mbedtls-2.28.7_GH0.tar.gz) = 3990571
--- a/security/mbedtls/files/patch-include_mbedtls_config.h
+++ b/security/mbedtls/files/patch-include_mbedtls_config.h
@ -1,29 +0,0 @@
--- include/mbedtls/config.h.orig	2021-12-15 13:47:54 UTC
-+++ include/mbedtls/config.h
-@@ -1946,7 +1946,7 @@
-  *
-  * Uncomment this to enable support for use_srtp extension.
-  */
-//#define MBEDTLS_SSL_DTLS_SRTP
-+#define MBEDTLS_SSL_DTLS_SRTP
- 
- /**
-  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
-@@ -2129,7 +2129,7 @@
-  *
-  * Uncomment this to enable pthread mutexes.
-  */
-//#define MBEDTLS_THREADING_PTHREAD
-+#define MBEDTLS_THREADING_PTHREAD
- 
- /**
-  * \def MBEDTLS_USE_PSA_CRYPTO
-@@ -3452,7 +3452,7 @@
-  *
-  * Enable this layer to allow use of mutexes within mbed TLS
-  */
-//#define MBEDTLS_THREADING_C
-+#define MBEDTLS_THREADING_C
- 
- /**
-  * \def MBEDTLS_TIMING_C
--- a/security/mbedtls/pkg-plist
+++ b/security/mbedtls/pkg-plist
@ -8,26 +8,14 @@ bin/mbedtls_crypto_examples
 bin/mbedtls_dh_client
 bin/mbedtls_dh_genprime
 bin/mbedtls_dh_server
-bin/mbedtls_dlopen
-bin/mbedtls_dlopen_demo.sh
 bin/mbedtls_dtls_client
 bin/mbedtls_dtls_server
 bin/mbedtls_ecdh_curve25519
 bin/mbedtls_ecdsa
-bin/mbedtls_fuzz_client
-bin/mbedtls_fuzz_dtlsclient
-bin/mbedtls_fuzz_dtlsserver
-bin/mbedtls_fuzz_privkey
-bin/mbedtls_fuzz_pubkey
-bin/mbedtls_fuzz_server
-bin/mbedtls_fuzz_x509crl
-bin/mbedtls_fuzz_x509crt
-bin/mbedtls_fuzz_x509csr
 bin/mbedtls_gen_entropy
 bin/mbedtls_gen_key
 bin/mbedtls_gen_random_ctr_drbg
 bin/mbedtls_gen_random_havege
-bin/mbedtls_generate_cpp_dummy_build.sh
 bin/mbedtls_generic_sum
 bin/mbedtls_hello
 bin/mbedtls_key_app
@ -43,6 +31,7 @@ bin/mbedtls_pk_encrypt
 bin/mbedtls_pk_sign
 bin/mbedtls_pk_verify
 bin/mbedtls_psa_constant_names
+bin/mbedtls_ssl_pthread_server
 bin/mbedtls_query_compile_time_config
 bin/mbedtls_req_app
 bin/mbedtls_rsa_decrypt
@ -62,7 +51,6 @@ bin/mbedtls_ssl_server
 bin/mbedtls_ssl_server2
 bin/mbedtls_strerror
 bin/mbedtls_udp_proxy
-bin/mbedtls_udp_proxy_wrapper.sh
 bin/mbedtls_zeroize
 include/mbedtls/aes.h
 include/mbedtls/aesni.h
@ -162,10 +150,13 @@ include/psa/crypto_types.h
 include/psa/crypto_values.h
 lib/libmbedcrypto.a
 lib/libmbedcrypto.so
+lib/libmbedcrypto.so.%%DISTVERSION%%
 lib/libmbedcrypto.so.7
 lib/libmbedtls.a
 lib/libmbedtls.so
 lib/libmbedtls.so.14
+lib/libmbedtls.so.%%DISTVERSION%%
 lib/libmbedx509.a
 lib/libmbedx509.so
 lib/libmbedx509.so.1
+lib/libmbedx509.so.%%DISTVERSION%%