Site Navigation

Date:      Sat, 07 Mar 2026 23:41:30 +0000
From:      Vladimir Druzenko <vvd@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 857657c905d3 - main - security/mbedtls4: Fix upstream libmbedcrypto.so installation bug
Message-ID:  <69acb7aa.46433.565a8974@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=857657c905d3970fba189eec8b60e7472681aaa9

commit 857657c905d3970fba189eec8b60e7472681aaa9
Author:     Vladimir Druzenko <vvd@FreeBSD.org>
AuthorDate: 2026-03-07 23:33:52 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2026-03-07 23:41:25 +0000

    security/mbedtls4: Fix upstream libmbedcrypto.so installation bug
    
    Not respect DESTDIR during create symlinks libmbedcrypto.so*.
    Upstream issue: https://github.com/Mbed-TLS/mbedtls/issues/10627
    
    - Add fix for installing libmbedcrypto.so from upstream pool request:
      https://github.com/Mbed-TLS/mbedtls/pull/10631
    - Add strip for libmbedcrypto.so.
    - Sort pkg-plist.
    
    PR:             293653
    Approved by:    Paavo-Einari Kaipila <pkaipila@gmail.com> (maintainer)
---
 security/mbedtls4/Makefile                         |  2 +
 .../mbedtls4/files/patch-library_CMakeLists.txt    | 11 ++++
 security/mbedtls4/pkg-plist                        | 68 +++++++++++-----------
 3 files changed, 48 insertions(+), 33 deletions(-)

diff --git a/security/mbedtls4/Makefile b/security/mbedtls4/Makefile
index 615048be44ed..c7ba7e1cfc11 100644
--- a/security/mbedtls4/Makefile
+++ b/security/mbedtls4/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	mbedtls
 DISTVERSION=	4.0.0
+PORTREVISION=	1
 CATEGORIES=	security devel
 MASTER_SITES=	https://github.com/Mbed-TLS/${PORTNAME}/releases/download/${DISTNAME}/
 PKGNAMESUFFIX=	4
@@ -40,5 +41,6 @@ post-install:
 	@cd ${STAGEDIR}${PREFIX}/bin && for f in *; do \
 		${MV} "$$f" "mbedtls_$$f"; \
 	done
+	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libmbedcrypto.so
 
 .include <bsd.port.mk>
diff --git a/security/mbedtls4/files/patch-library_CMakeLists.txt b/security/mbedtls4/files/patch-library_CMakeLists.txt
new file mode 100644
index 000000000000..152b6b8424ec
--- /dev/null
+++ b/security/mbedtls4/files/patch-library_CMakeLists.txt
@@ -0,0 +1,11 @@
+--- library/CMakeLists.txt.orig	2025-10-14 16:14:11 UTC
++++ library/CMakeLists.txt
+@@ -362,7 +362,7 @@ foreach(target IN LISTS tf_psa_crypto_library_targets)
+                     RENAME "libmbedcrypto.so.${MBEDTLS_VERSION}"
+             )
+             install(CODE "
+-                set(_libdir \"\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}\")
++                set(_libdir \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}\")
+ 
+                 execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink
+                                 \"libmbedcrypto.so.${MBEDTLS_VERSION}\"
diff --git a/security/mbedtls4/pkg-plist b/security/mbedtls4/pkg-plist
index b59df397ee02..4a47cbdfb20f 100644
--- a/security/mbedtls4/pkg-plist
+++ b/security/mbedtls4/pkg-plist
@@ -30,7 +30,28 @@ bin/mbedtls_ssl_server2
 bin/mbedtls_strerror
 bin/mbedtls_udp_proxy
 bin/mbedtls_zeroize
+include/mbedtls/asn1.h
+include/mbedtls/asn1write.h
+include/mbedtls/base64.h
+include/mbedtls/build_info.h
 include/mbedtls/compat-3-crypto.h
+include/mbedtls/config_adjust_legacy_crypto.h
+include/mbedtls/constant_time.h
+include/mbedtls/debug.h
+include/mbedtls/error.h
+include/mbedtls/lms.h
+include/mbedtls/mbedtls_config.h
+include/mbedtls/md.h
+include/mbedtls/memory_buffer_alloc.h
+include/mbedtls/net_sockets.h
+include/mbedtls/nist_kw.h
+include/mbedtls/oid.h
+include/mbedtls/pem.h
+include/mbedtls/pk.h
+include/mbedtls/pkcs7.h
+include/mbedtls/platform.h
+include/mbedtls/platform_time.h
+include/mbedtls/platform_util.h
 include/mbedtls/private/aes.h
 include/mbedtls/private/aria.h
 include/mbedtls/private/bignum.h
@@ -64,27 +85,6 @@ include/mbedtls/private/sha1.h
 include/mbedtls/private/sha256.h
 include/mbedtls/private/sha3.h
 include/mbedtls/private/sha512.h
-include/mbedtls/asn1.h
-include/mbedtls/asn1write.h
-include/mbedtls/base64.h
-include/mbedtls/build_info.h
-include/mbedtls/config_adjust_legacy_crypto.h
-include/mbedtls/constant_time.h
-include/mbedtls/debug.h
-include/mbedtls/error.h
-include/mbedtls/lms.h
-include/mbedtls/mbedtls_config.h
-include/mbedtls/md.h
-include/mbedtls/memory_buffer_alloc.h
-include/mbedtls/net_sockets.h
-include/mbedtls/nist_kw.h
-include/mbedtls/oid.h
-include/mbedtls/pem.h
-include/mbedtls/pk.h
-include/mbedtls/pkcs7.h
-include/mbedtls/platform.h
-include/mbedtls/platform_time.h
-include/mbedtls/platform_util.h
 include/mbedtls/private_access.h
 include/mbedtls/psa_util.h
 include/mbedtls/ssl.h
@@ -102,6 +102,7 @@ include/mbedtls/x509_csr.h
 include/psa/crypto.h
 include/psa/crypto_adjust_auto_enabled.h
 include/psa/crypto_adjust_config_dependencies.h
+include/psa/crypto_adjust_config_derived.h
 include/psa/crypto_adjust_config_key_pair_types.h
 include/psa/crypto_adjust_config_synonyms.h
 include/psa/crypto_builtin_composites.h
@@ -113,14 +114,13 @@ include/psa/crypto_driver_common.h
 include/psa/crypto_driver_contexts_composites.h
 include/psa/crypto_driver_contexts_key_derivation.h
 include/psa/crypto_driver_contexts_primitives.h
+include/psa/crypto_driver_random.h
 include/psa/crypto_extra.h
 include/psa/crypto_platform.h
 include/psa/crypto_sizes.h
 include/psa/crypto_struct.h
 include/psa/crypto_types.h
 include/psa/crypto_values.h
-include/psa/crypto_adjust_config_derived.h
-include/psa/crypto_driver_random.h
 include/tf-psa-crypto/build_info.h
 include/tf-psa-crypto/private/everest/everest/Hacl_Curve25519.h
 include/tf-psa-crypto/private/everest/everest/everest.h
@@ -138,28 +138,30 @@ include/tf-psa-crypto/private/everest/everest/kremlin/internal/wasmsupport.h
 include/tf-psa-crypto/private/everest/everest/vs2013/Hacl_Curve25519.h
 include/tf-psa-crypto/private/everest/everest/x25519.h
 include/tf-psa-crypto/version.h
-lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoConfig.cmake
-lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoConfigVersion.cmake
-lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoTargets-%%CMAKE_BUILD_TYPE%%.cmake
-lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoTargets.cmake
-lib/libmbedtls.so.22
-lib/libmbedx509.so.8
-lib/libtfpsacrypto.a
-lib/libtfpsacrypto.so
-lib/libtfpsacrypto.so.1
-lib/libtfpsacrypto.so.1.0.0
 lib/cmake/MbedTLS/MbedTLSConfig.cmake
 lib/cmake/MbedTLS/MbedTLSConfigVersion.cmake
 lib/cmake/MbedTLS/MbedTLSTargets-%%CMAKE_BUILD_TYPE%%.cmake
 lib/cmake/MbedTLS/MbedTLSTargets.cmake
+lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoConfig.cmake
+lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoConfigVersion.cmake
+lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoTargets-%%CMAKE_BUILD_TYPE%%.cmake
+lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoTargets.cmake
 lib/libmbedcrypto.a
+lib/libmbedcrypto.so
+lib/libmbedcrypto.so.17
 lib/libmbedcrypto.so.%%DISTVERSION%%
 lib/libmbedtls.a
 lib/libmbedtls.so
+lib/libmbedtls.so.22
 lib/libmbedtls.so.%%DISTVERSION%%
 lib/libmbedx509.a
 lib/libmbedx509.so
 lib/libmbedx509.so.%%DISTVERSION%%
+lib/libmbedx509.so.8
+lib/libtfpsacrypto.a
+lib/libtfpsacrypto.so
+lib/libtfpsacrypto.so.1
+lib/libtfpsacrypto.so.1.0.0
 libdata/pkgconfig/mbedcrypto.pc
 libdata/pkgconfig/mbedtls.pc
 libdata/pkgconfig/mbedx509.pc

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69acb7aa.46433.565a8974>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact