aports/main/mbedtls/APKBUILD

# Contributor: Leo <thinkabit.ukim@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mbedtls
pkgver=3.6.3 # long-time support branch
pkgrel=0
pkgdesc="Light-weight cryptographic and SSL/TLS library"
url="https://www.trustedfirmware.org/projects/mbed-tls/"
arch="all"
license="Apache-2.0 OR GPL-2.0-or-later"
makedepends="cmake perl python3 samurai"
subpackages="$pkgname-static $pkgname-dev $pkgname-utils"
source="$pkgname-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/v$pkgver.tar.gz
	gcc14.patch
	"

# Track security issues
# https://mbed-tls.readthedocs.io/en/latest/security-advisories/

# secfixes:
#   3.6.3-r0:
#     - CVE-2025-27809
#     - CVE-2025-27810
#   3.6.2-r0:
#     - CVE-2024-49195
#   3.6.1-r0:
#     - CVE-2024-45157
#     - CVE-2024-45158
#     - CVE-2024-45159
#   2.28.8-r0:
#     - CVE-2024-28960
#   2.28.7-r0:
#     - CVE-2024-23170
#     - CVE-2024-23775
#   2.28.5-r0:
#     - CVE-2023-43615
#   2.28.1-r0:
#     - CVE-2022-35409
#   2.16.12-r0:
#     - CVE-2021-44732
#   2.16.8-r0:
#     - CVE-2020-16150
#   2.16.6-r0:
#     - CVE-2020-10932
#   2.16.4-r0:
#     - CVE-2019-18222
#   2.16.3-r0:
#     - CVE-2019-16910
#   2.14.1-r0:
#     - CVE-2018-19608
#   2.12.0-r0:
#     - CVE-2018-0498
#     - CVE-2018-0497
#   2.7.0-r0:
#     - CVE-2018-0488
#     - CVE-2018-0487
#     - CVE-2017-18187
#   2.6.0-r0:
#     - CVE-2017-14032
#   2.4.2-r0:
#     - CVE-2017-2784

prepare() {
	default_prepare

	# Enable flags for non-embedded systems.
	python3 scripts/config.py set MBEDTLS_THREADING_C
	python3 scripts/config.py set MBEDTLS_THREADING_PTHREAD
}

build() {
	cmake -B build -G Ninja \
		-DCMAKE_BUILD_TYPE=MinSizeRel \
		-DCMAKE_INSTALL_PREFIX=/usr \
		-DCMAKE_INSTALL_LIBDIR=lib \
		-DUSE_SHARED_MBEDTLS_LIBRARY=ON \
		-DENABLE_TESTING="$(want_check && echo ON || echo OFF)"
	cmake --build build
}

check() {
	cd build
	# tests break in parallel
	ctest -j1
}

package() {
	DESTDIR="$pkgdir" cmake --install build
}

utils() {
	pkgdesc="Utilities for mbedtls (including gen_key / cert_write)"

	mkdir -p "$subpkgdir"/usr
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}

static() {
	pkgdesc="Static files for mbedtls"

	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
	chmod -x "$subpkgdir"/usr/lib/*.a
}

sha512sums="
f31fd90d78634af8c17910f1a356010c94c13605b7f9a99ae74c37764f7dec7d29a5a7a8c1355b31e3ed32c68a6ed23cbe8e53c2a249f4d457906a86d35c55d4  mbedtls-3.6.3.tar.gz
3c07e8f773295a08b1f215b64f1f62e194ec4fa54b6485107a3db0d731e12df1a88321852dd5caeb5f1f4931695168c9618f316cfecfd92c42c88f610285cef6  gcc14.patch
"
main/mbedtls: upgrade to 2.16.5 2020-04-04 03:32:58 -03:00			`# Contributor: Leo <thinkabit.ukim@gmail.com>`
testing/mbedtls: upgrade to 2.1.2 2015-10-16 13:54:34 +02:00			`# Contributor: Łukasz Jendrysik <scadu@yandex.com>`
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`# Maintainer: Natanael Copa <ncopa@alpinelinux.org>`
			`pkgname=mbedtls`
main/mbedtls: security upgrade to 3.6.3 framework/ is now included in the releases tarball 2025-04-01 21:31:42 +00:00			`pkgver=3.6.3 # long-time support branch`
main/mbedtls: upgrade to 2.28.4 2023-08-03 19:39:03 +00:00			`pkgrel=0`
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`pkgdesc="Light-weight cryptographic and SSL/TLS library"`
main/mbedtls: fix url 2022-11-22 23:41:36 +03:00			`url="https://www.trustedfirmware.org/projects/mbed-tls/"`
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`arch="all"`
main/mbedtls: upgrade to 2.28.6 2023-11-30 14:31:36 +01:00			`license="Apache-2.0 OR GPL-2.0-or-later"`
main/mbedtls: use samurai 2022-04-09 17:03:53 +02:00			`makedepends="cmake perl python3 samurai"`
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`subpackages="$pkgname-static $pkgname-dev $pkgname-utils"`
main/mbedtls: upgrade to 3.6.0 LTS also, include TF-PSA-Crypto and Mbed TLS version-independent build and test framework 2024-03-31 14:24:01 +00:00			`source="$pkgname-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/v$pkgver.tar.gz`
main/mbedtls: security upgrade to 3.6.1 https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1 update security issues tracking url as https://tls.mbed.org/security redirect to https://www.trustedfirmware.org/projects/mbed-tls/ 2024-08-30 15:23:27 +02:00			`gcc14.patch`
main/mbedtls: upgrade to 3.6.0 LTS also, include TF-PSA-Crypto and Mbed TLS version-independent build and test framework 2024-03-31 14:24:01 +00:00			`"`
community/mbedtls: upgrade to 2.4.2 (security fix) * Fixes CVE-2017-2784 * Add check() function 2017-03-13 09:46:50 +01:00
main/mbedtls: upgrade to 2.16.5 2020-04-04 03:32:58 -03:00			`# Track security issues`
main/mbedtls: security upgrade to 3.6.1 https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1 update security issues tracking url as https://tls.mbed.org/security redirect to https://www.trustedfirmware.org/projects/mbed-tls/ 2024-08-30 15:23:27 +02:00			`# https://mbed-tls.readthedocs.io/en/latest/security-advisories/`
main/mbedtls: upgrade to 2.16.5 2020-04-04 03:32:58 -03:00
community/mbedtls: upgrade to 2.4.2 (security fix) * Fixes CVE-2017-2784 * Add check() function 2017-03-13 09:46:50 +01:00			`# secfixes:`
main/mbedtls: security upgrade to 3.6.3 framework/ is now included in the releases tarball 2025-04-01 21:31:42 +00:00			`# 3.6.3-r0:`
			`# - CVE-2025-27809`
			`# - CVE-2025-27810`
main/mbedtls: security upgrade to 3.6.2 https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2 2024-10-15 22:14:31 +02:00			`# 3.6.2-r0:`
			`# - CVE-2024-49195`
main/mbedtls: security upgrade to 3.6.1 https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1 update security issues tracking url as https://tls.mbed.org/security redirect to https://www.trustedfirmware.org/projects/mbed-tls/ 2024-08-30 15:23:27 +02:00			`# 3.6.1-r0:`
			`# - CVE-2024-45157`
			`# - CVE-2024-45158`
			`# - CVE-2024-45159`
main/mbedtls: security upgrade to 2.28.8 2024-03-30 14:37:58 +00:00			`# 2.28.8-r0:`
			`# - CVE-2024-28960`
main/mbedtls: security upgrade to 2.28.7 2024-01-27 00:09:55 +00:00			`# 2.28.7-r0:`
			`# - CVE-2024-23170`
			`# - CVE-2024-23775`
main/mbedtls: security upgrade to 2.28.5 CVE-2023-43615 2023-10-06 14:32:47 +00:00			`# 2.28.5-r0:`
			`# - CVE-2023-43615`
main/mbedtls: security upgrade to 2.28.1 2022-07-12 11:45:22 +08:00			`# 2.28.1-r0:`
			`# - CVE-2022-35409`
main/mbedtls: security upgrade to 2.16.12 2021-12-18 03:17:14 +00:00			`# 2.16.12-r0:`
			`# - CVE-2021-44732`
main/mbedtls: upgrade to 2.16.8 See: #11982 2020-09-28 06:51:28 -03:00			`# 2.16.8-r0:`
			`# - CVE-2020-16150`
main/mbedtls: upgrade to 2.16.6 2020-05-25 01:37:24 -03:00			`# 2.16.6-r0:`
			`# - CVE-2020-10932`
main/mbedtls: upgrade to 2.16.5 2020-04-04 03:32:58 -03:00			`# 2.16.4-r0:`
			`# - CVE-2019-18222`
			`# 2.16.3-r0:`
			`# - CVE-2019-16910`
community/mbedtls: upgrade to 2.14.1 - set the license to Apache 2.0 only, one have to download another tarball for the GPL version (2.12 was using Apache 2.0 tarball); - use the download link from the main web site for easier checksum cross-verification (github tarballs have different SHA sums); - sort secfixes from newer-to-older; - add python3 as now required for build. Rebuild is needed for the dependent aports due to libmbedtls.so.12 version bump (was .11). 2018-12-25 05:53:50 +00:00			`# 2.14.1-r0:`
			`# - CVE-2018-19608`
			`# 2.12.0-r0:`
			`# - CVE-2018-0498`
			`# - CVE-2018-0497`
community/mbedtls: security upgrade to 2.7.0 CVE-2017-18187, CVE-2018-0487, CVE-2018-0488 Fixes #8835 2018-06-11 14:20:36 +00:00			`# 2.7.0-r0:`
			`# - CVE-2018-0488`
community/mbedtls: upgrade to 2.14.1 - set the license to Apache 2.0 only, one have to download another tarball for the GPL version (2.12 was using Apache 2.0 tarball); - use the download link from the main web site for easier checksum cross-verification (github tarballs have different SHA sums); - sort secfixes from newer-to-older; - add python3 as now required for build. Rebuild is needed for the dependent aports due to libmbedtls.so.12 version bump (was .11). 2018-12-25 05:53:50 +00:00			`# - CVE-2018-0487`
			`# - CVE-2017-18187`
			`# 2.6.0-r0:`
			`# - CVE-2017-14032`
			`# 2.4.2-r0:`
			`# - CVE-2017-2784`
community/mbedtls: upgrade to 2.4.2 (security fix) * Fixes CVE-2017-2784 * Add check() function 2017-03-13 09:46:50 +01:00
community/mbedtls: modernize abuild 2017-07-22 13:46:03 +02:00			`prepare() {`
			`default_prepare`

			`# Enable flags for non-embedded systems.`
main/mbedtls: simplify threading flags 2023-05-26 04:16:38 +00:00			`python3 scripts/config.py set MBEDTLS_THREADING_C`
			`python3 scripts/config.py set MBEDTLS_THREADING_PTHREAD`
community/mbedtls: modernize abuild 2017-07-22 13:46:03 +02:00			`}`

testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`build() {`
main/mbedtls: use samurai 2022-04-09 17:03:53 +02:00			`cmake -B build -G Ninja \`
main/mbedtls: upgrade to 2.28.3 2023-03-30 02:39:13 +00:00			`-DCMAKE_BUILD_TYPE=MinSizeRel \`
community/mbedtls: modernize abuild 2017-07-22 13:46:03 +02:00			`-DCMAKE_INSTALL_PREFIX=/usr \`
main/mbedtls: upgrade to 3.6.0 LTS also, include TF-PSA-Crypto and Mbed TLS version-independent build and test framework 2024-03-31 14:24:01 +00:00			`-DCMAKE_INSTALL_LIBDIR=lib \`
			`-DUSE_SHARED_MBEDTLS_LIBRARY=ON \`
			`-DENABLE_TESTING="$(want_check && echo ON \|\| echo OFF)"`
main/mbedtls: use samurai 2022-04-09 17:03:53 +02:00			`cmake --build build`
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`}`

community/mbedtls: upgrade to 2.4.2 (security fix) * Fixes CVE-2017-2784 * Add check() function 2017-03-13 09:46:50 +01:00			`check() {`
main/mbedtls: use samurai 2022-04-09 17:03:53 +02:00			`cd build`
main/mbedtls: fix tests closes #14821 2023-04-19 22:07:54 +00:00			`# tests break in parallel`
main/*: remove --output-on-failure/CTEST_OUTPUT_ON_FAILURE abuild now exports CTEST_OUTPUT_ON_FAILURE=ON by default which means this repetition can be removed from the aports. 2024-10-24 00:18:49 +02:00			`ctest -j1`
community/mbedtls: upgrade to 2.4.2 (security fix) * Fixes CVE-2017-2784 * Add check() function 2017-03-13 09:46:50 +01:00			`}`

testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`package() {`
main/mbedtls: use samurai 2022-04-09 17:03:53 +02:00			`DESTDIR="$pkgdir" cmake --install build`
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`}`

			`utils() {`
community/mbedtls: upgrade to 2.12.0 * includes fixes for CVE-2018-0497 and CVE-2018-0498 https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog 2018-08-13 15:14:51 +00:00			`pkgdesc="Utilities for mbedtls (including gen_key / cert_write)"`
community/mbedtls: modernize abuild 2017-07-22 13:46:03 +02:00
community/mbedtls: upgrade to 2.12.0 * includes fixes for CVE-2018-0497 and CVE-2018-0498 https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog 2018-08-13 15:14:51 +00:00			`mkdir -p "$subpkgdir"/usr`
			`mv "$pkgdir"/usr/bin "$subpkgdir"/usr/`
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`}`

			`static() {`
			`pkgdesc="Static files for mbedtls"`
community/mbedtls: modernize abuild 2017-07-22 13:46:03 +02:00
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`mkdir -p "$subpkgdir"/usr/lib`
			`mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/`
community/mbedtls: fix perms of *.a files 2017-07-22 14:01:15 +02:00			`chmod -x "$subpkgdir"/usr/lib/*.a`
testing/mbedtls: new aport Light-weight cryptographic and SSL/TLS library https://tls.mbed.org/ 2015-07-31 09:06:00 +00:00			`}`

main/mbedtls: use samurai 2022-04-09 17:03:53 +02:00			`sha512sums="`
main/mbedtls: security upgrade to 3.6.3 framework/ is now included in the releases tarball 2025-04-01 21:31:42 +00:00			`f31fd90d78634af8c17910f1a356010c94c13605b7f9a99ae74c37764f7dec7d29a5a7a8c1355b31e3ed32c68a6ed23cbe8e53c2a249f4d457906a86d35c55d4 mbedtls-3.6.3.tar.gz`
main/mbedtls: security upgrade to 3.6.1 https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1 update security issues tracking url as https://tls.mbed.org/security redirect to https://www.trustedfirmware.org/projects/mbed-tls/ 2024-08-30 15:23:27 +02:00			`3c07e8f773295a08b1f215b64f1f62e194ec4fa54b6485107a3db0d731e12df1a88321852dd5caeb5f1f4931695168c9618f316cfecfd92c42c88f610285cef6 gcc14.patch`
main/mbedtls: use samurai 2022-04-09 17:03:53 +02:00			`"`
No results found.