Update security/mbedtls1 to 1.3.17

Security
- Fixed missing padding length check required by PKCS1 v2.2 in
  mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact)
- Fixed potential integer overflow to buffer overflow in
  mbedtls_rsa_rsaes_pkcs1_v15_encrypt() and
  mbedtls_rsa_rsaes_oaep_encrypt(). (not triggerable remotely in
  (D)TLS).
- Fixed potential integer underflow to buffer overread in
  mbedtls_rsa_rsaes_oaep_decrypt(). It is not triggerable remotely
in SSL/TLS.

Bugfix
- Fixed bug in mbedtls_mpi_add_mpi() that caused wrong results
  when the three arguments were the same (in-place doubling). #309
- Fixed issue in Makefile that prevented building using armar.
  #386
- Fixed issue that caused a hang when generating RSA keys of odd
  bitlength.
- Fixed bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt() that made
  null pointer dereference possible.
- Fixed issue that caused a crash if invalid curves were passed to
  mbedtls_ssl_conf_curves(). #373

Changes
- On ARM platforms, when compiling with -O0 with GCC, Clang or
  armcc5, don't use the optimized assembly for bignum
  multiplication. This removes the need to pass -fomit-frame-pointer
  to avoid a build error with -O0.
- Disabled SSLv3 in the default configuration.

3 files changed, 12 insertions, 13 deletions

diff --git a/security/mbedtls1/Makefile b/security/mbedtls1/Makefile
index 4462366cb9c..24edbc5282c 100644
--- a/security/mbedtls1/Makefile
+++ b/security/mbedtls1/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2016/07/09 06:38:55 wiz Exp $
+# $NetBSD: Makefile,v 1.3 2016/09/15 10:48:01 fhajny Exp $
 #
 
-DISTNAME=		mbedtls-1.3.16-gpl
+DISTNAME=		mbedtls-1.3.17-gpl
 PKGNAME=		${DISTNAME:-gpl=}
-PKGREVISION=		1
 CATEGORIES=		security devel
 MASTER_SITES=		https://tls.mbed.org/download/
 EXTRACT_SUFX=		.tgz
diff --git a/security/mbedtls1/distinfo b/security/mbedtls1/distinfo
index 7463bb13cf8..c37d249a8dc 100644
--- a/security/mbedtls1/distinfo
+++ b/security/mbedtls1/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.1 2016/06/16 09:21:11 fhajny Exp $
+$NetBSD: distinfo,v 1.2 2016/09/15 10:48:01 fhajny Exp $
 
-SHA1 (mbedtls-1.3.16-gpl.tgz) = 775486e7af1112bbc623f122353e48cb3a8f76a9
-RMD160 (mbedtls-1.3.16-gpl.tgz) = a82c58eaed15940c77fa1d84911ba433e351c7d1
-SHA512 (mbedtls-1.3.16-gpl.tgz) = bf21e7ece8f609e80fd5f5b1af7f4da1d76e4d38e03cb5a57c9398e43b3186c68f258cceb64ec2f5d0959401956666f77de01cab921a61a9805ca688c61467a1
-Size (mbedtls-1.3.16-gpl.tgz) = 1760112 bytes
+SHA1 (mbedtls-1.3.17-gpl.tgz) = f6e6d0e08e4425e0cbd141dd007541fedfff2a3e
+RMD160 (mbedtls-1.3.17-gpl.tgz) = e923a83cc73a3f9a0e529921394417e60dbf5df8
+SHA512 (mbedtls-1.3.17-gpl.tgz) = d8ca5c0f5550c9384b5ec9602aca314f6b95b8d320017217f6a66fee5e25989dc8ef8aeb046e887a478b12e0df879a3399a4ab99fc21b091888f30ab1ad2b2ea
+Size (mbedtls-1.3.17-gpl.tgz) = 1766596 bytes
 SHA1 (patch-Makefile) = 80698e16a397133de134ab582016b9e91ad652f0
-SHA1 (patch-library_Makefile) = 551854fbdd91ae180f1d5408869a556ff0c39d1a
+SHA1 (patch-library_Makefile) = a3dcd83fb1cc74f59745f2168f14926c077a5289
 SHA1 (patch-programs_test_CMakeLists.txt) = 94ce731d81f1584c406e3b295c84fd6a5c327a50
diff --git a/security/mbedtls1/patches/patch-library_Makefile b/security/mbedtls1/patches/patch-library_Makefile
index eb6c70c035a..1188de62528 100644
--- a/security/mbedtls1/patches/patch-library_Makefile
+++ b/security/mbedtls1/patches/patch-library_Makefile
@@ -1,14 +1,14 @@
-$NetBSD: patch-library_Makefile,v 1.1 2016/06/16 09:21:11 fhajny Exp $
+$NetBSD: patch-library_Makefile,v 1.2 2016/09/15 10:48:01 fhajny Exp $
 
 Call ranlib instead of non-portable 'ar s'.
 
---- library/Makefile.orig	2015-06-04 12:49:19.000000000 +0000
+--- library/Makefile.orig	2016-06-27 19:00:26.000000000 +0000
 +++ library/Makefile
 @@ -95,7 +95,7 @@ libmbedtls.a: $(OBJS)
  	echo "  AR    $@"
- 	$(AR) rc $@ $(OBJS)
+ 	$(AR) -rc $@ $(OBJS)
  	echo "  RL    $@"
--	$(AR) s $@
+-	$(AR) -s $@
 +	$(RANLIB) $@
  
  libpolarssl.$(DLEXT): libmbedtls.$(DLEXT)