Update to mbedtls-2.12.0.

Fixes vulnerabilities in the TLS ciphersuites (CVE-2018-0497 and
CVE-2018-0498). Major number of all SHARED_LIBS have been bumped as
symbols have been removed.

OK sthen@

security/polarssl/Makefile

@@ -1,14 +1,14 @@
-# $OpenBSD: Makefile,v 1.21 2018/05/15 17:39:19 bket Exp $
+# $OpenBSD: Makefile,v 1.22 2018/08/08 12:51:09 bket Exp $
 
 COMMENT=	SSL library with an intuitive API and readable source code
 
-DISTNAME=	mbedtls-2.9.0
+DISTNAME=	mbedtls-2.12.0
 EXTRACT_SUFX=	-gpl.tgz
 
 # check SOVERSION
-SHARED_LIBS +=  mbedtls                   3.2 # 10
-SHARED_LIBS +=  mbedcrypto                2.1 # 2
-SHARED_LIBS +=  mbedx509                  1.0 # 0
+SHARED_LIBS +=  mbedtls                   4.0 # 11
+SHARED_LIBS +=  mbedcrypto                3.0 # 3
+SHARED_LIBS +=  mbedx509                  2.0 # 0
 
 CATEGORIES=	security
 

security/polarssl/distinfo

@@ -1,2 +1,2 @@
-SHA256 (mbedtls-2.9.0-gpl.tgz) = Nhg30NjU4XisUeoaTqz7wMV+o8r7Rg/WtGofQiOk4VE=
-SIZE (mbedtls-2.9.0-gpl.tgz) = 2239531
+SHA256 (mbedtls-2.12.0-gpl.tgz) = hmHRmolqWnojLtAax/Bc8Ow1FHmPGAdsLJ75ZfvrWig=
+SIZE (mbedtls-2.12.0-gpl.tgz) = 2376449

security/polarssl/patches/patch-CMakeLists_txt

@@ -1,8 +1,8 @@
-$OpenBSD: patch-CMakeLists_txt,v 1.5 2017/10/21 00:47:52 jca Exp $
+$OpenBSD: patch-CMakeLists_txt,v 1.6 2018/08/08 12:51:09 bket Exp $
 Index: CMakeLists.txt
 --- CMakeLists.txt.orig
 +++ CMakeLists.txt
-@@ -70,8 +70,6 @@ if(CMAKE_COMPILER_IS_GNUCC)
+@@ -107,8 +107,6 @@ if(CMAKE_COMPILER_IS_GNU)
      if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
          set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
      endif()
@@ -11,12 +11,12 @@ Index: CMakeLists.txt
      set(CMAKE_C_FLAGS_COVERAGE    "-O0 -g3 --coverage")
      set(CMAKE_C_FLAGS_ASAN        "-Werror -fsanitize=address -fno-common -O3")
      set(CMAKE_C_FLAGS_ASANDBG     "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
-@@ -81,8 +79,6 @@ endif(CMAKE_COMPILER_IS_GNUCC)
+@@ -118,8 +116,6 @@ endif(CMAKE_COMPILER_IS_GNU)
  
  if(CMAKE_COMPILER_IS_CLANG)
      set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
 -    set(CMAKE_C_FLAGS_RELEASE     "-O2")
 -    set(CMAKE_C_FLAGS_DEBUG       "-O0 -g3")
      set(CMAKE_C_FLAGS_COVERAGE    "-O0 -g3 --coverage")
-     set(CMAKE_C_FLAGS_ASAN        "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3")
-     set(CMAKE_C_FLAGS_ASANDBG     "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
+     set(CMAKE_C_FLAGS_ASAN        "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+     set(CMAKE_C_FLAGS_ASANDBG     "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")

security/polarssl/patches/patch-include_mbedtls_config_h

@@ -1,4 +1,4 @@
-$OpenBSD: patch-include_mbedtls_config_h,v 1.5 2018/05/15 17:39:19 bket Exp $
+$OpenBSD: patch-include_mbedtls_config_h,v 1.6 2018/08/08 12:51:09 bket Exp $
 
 MBEDTLS_THREADING_PTHREAD and MBEDTLS_THREADING_C are required by
 www/hiawatha.
@@ -6,7 +6,7 @@ www/hiawatha.
 Index: include/mbedtls/config.h
 --- include/mbedtls/config.h.orig
 +++ include/mbedtls/config.h
-@@ -1492,7 +1492,7 @@
+@@ -1549,7 +1549,7 @@
   *
   * Uncomment this to enable pthread mutexes.
   */
@@ -15,7 +15,7 @@ Index: include/mbedtls/config.h
  
  /**
   * \def MBEDTLS_VERSION_FEATURES
-@@ -2572,7 +2572,7 @@
+@@ -2739,7 +2739,7 @@
   *
   * Enable this layer to allow use of mutexes within mbed TLS
   */

security/polarssl/patches/patch-tests_suites_main_test_function

@@ -1,11 +1,11 @@
-$OpenBSD: patch-tests_suites_main_test_function,v 1.3 2018/05/15 17:39:19 bket Exp $
+$OpenBSD: patch-tests_suites_main_test_function,v 1.4 2018/08/08 12:51:09 bket Exp $
 
 XXX can't take the address of stdout
 
 Index: tests/suites/main_test.function
 --- tests/suites/main_test.function.orig
 +++ tests/suites/main_test.function
-@@ -436,32 +436,7 @@ int main(int argc, const char *argv[])
+@@ -447,32 +447,7 @@ int main(int argc, const char *argv[])
              {
                  test_info.failed = 0;
  

security/polarssl/pkg/PLIST

@@ -1,9 +1,10 @@
-@comment $OpenBSD: PLIST,v 1.11 2018/02/06 10:26:31 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.12 2018/08/08 12:51:09 bket Exp $
 @conflict polarssl-*
 include/mbedtls/
 include/mbedtls/aes.h
 include/mbedtls/aesni.h
 include/mbedtls/arc4.h
+include/mbedtls/aria.h
 include/mbedtls/asn1.h
 include/mbedtls/asn1write.h
 include/mbedtls/base64.h
@@ -13,6 +14,8 @@ include/mbedtls/bn_mul.h
 include/mbedtls/camellia.h
 include/mbedtls/ccm.h
 include/mbedtls/certs.h
+include/mbedtls/chacha20.h
+include/mbedtls/chachapoly.h
 include/mbedtls/check_config.h
 include/mbedtls/cipher.h
 include/mbedtls/cipher_internal.h
@@ -33,6 +36,7 @@ include/mbedtls/entropy_poll.h
 include/mbedtls/error.h
 include/mbedtls/gcm.h
 include/mbedtls/havege.h
+include/mbedtls/hkdf.h
 include/mbedtls/hmac_drbg.h
 include/mbedtls/md.h
 include/mbedtls/md2.h
@@ -42,6 +46,7 @@ include/mbedtls/md_internal.h
 include/mbedtls/memory_buffer_alloc.h
 include/mbedtls/net.h
 include/mbedtls/net_sockets.h
+include/mbedtls/nist_kw.h
 include/mbedtls/oid.h
 include/mbedtls/padlock.h
 include/mbedtls/pem.h
@@ -52,6 +57,8 @@ include/mbedtls/pkcs12.h
 include/mbedtls/pkcs5.h
 include/mbedtls/platform.h
 include/mbedtls/platform_time.h
+include/mbedtls/platform_util.h
+include/mbedtls/poly1305.h
 include/mbedtls/ripemd160.h
 include/mbedtls/rsa.h
 include/mbedtls/rsa_internal.h