Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump MbedTLS to 2.12.0 #28759

Closed
wants to merge 3 commits into from
Closed

Bump MbedTLS to 2.12.0 #28759

wants to merge 3 commits into from

Conversation

nalimilan
Copy link
Member

Version 2.6.0 has a security issue, see https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02.

Another option would be to move to the long-term supported version, 2.7.5. This would have the advantage that we will be able to backport security fixes in the future without risking to break anything.

@nalimilan nalimilan added the external dependencies Involves LLVM, OpenBLAS, or other linked libraries label Aug 19, 2018
@cdluminate
Copy link
Contributor

As a side note, Debian unstable uses mbedtls 2.12.0, with which julia was built.

@KristofferC KristofferC mentioned this pull request Aug 19, 2018
Merged
@KristofferC
Copy link
Member

CI wasn't too hot when this was opened so let's rerun it.

@KristofferC KristofferC reopened this Aug 22, 2018
@KristofferC
Copy link
Member

Seems to fail on the mac builder:

configure: error: one or more libs available at link-time are not available run-time. Libs used at link-time: -lssh2 -lssh2 -lmbedtls -lmbedx509 -lmbedcrypto 
make[2]: *** [scratch/curl-7.56.0/build-configured] Error 1
make[1]: *** [julia-deps] Error 2

@nalimilan
Bump CURL to 7.61.0
b1b1d55 
Latest release includes fixes when building with MbedTLS.
@nalimilan
Use MbedTLS 2.7.5
347f741
@nalimilan
Copy link
Member Author

Not sure what to do about that OS X error. I've tried using the most recent CURL, which includes fixes when building using MbedTLS, and using the older MbedTLS 2.7.5, and it's still there...

@KristofferC KristofferC mentioned this pull request Sep 30, 2018
Merged
@PallHaraldsson
Copy link
Contributor

There by now https://tls.mbed.org/tech-updates/releases/mbedtls-2.13.0-2.7.6-and-2.1.15-released with new features for 2.13.0; ans security update for it and 2.7.6

@KristofferC KristofferC mentioned this pull request Jan 6, 2019
Merged
@KristofferC
Copy link
Member

#30618

@KristofferC KristofferC closed this Jan 7, 2019
@nalimilan nalimilan deleted the nl/mbedtls branch January 7, 2019 08:23
@StefanKarpinski StefanKarpinski added triage This should be discussed on a triage call backport 1.0 and removed triage This should be discussed on a triage call labels Jan 31, 2019
@KristofferC KristofferC removed backport 1.0 triage This should be discussed on a triage call labels Jan 31, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
external dependencies Involves LLVM, OpenBLAS, or other linked libraries
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@nalimilan @cdluminate @KristofferC @PallHaraldsson @vchuravy @StefanKarpinski