Merge pull request #3002 from gilles-peskine-arm/coverity-20200115-2.7 into mbedtls-2.7
diff --git a/ChangeLog b/ChangeLog
index 240edf9..2a993b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,10 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS 2.7.x branch released xxxx-xx-xx
+= mbed TLS 2.7.X branch released XXXX-XX-XX
Bugfix
+ * Allow loading symlinked certificates. Fixes #3005. Reported and fixed
+ by Jonathan Bennett <JBennett@incomsystems.biz> via #3008.
* Fix an unchecked call to mbedtls_md() in the x509write module.
= mbed TLS 2.7.13 branch released 2020-01-15
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 860bff2..fa3d9b2 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.7.12 source code documentation
+ * @mainpage mbed TLS v2.7.13 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index cc0b2e1..648f677 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.7.12"
+PROJECT_NAME = "mbed TLS v2.7.13"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 0c8c8ae..a63b749 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -40,16 +40,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 7
-#define MBEDTLS_VERSION_PATCH 12
+#define MBEDTLS_VERSION_PATCH 13
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02070C00
-#define MBEDTLS_VERSION_STRING "2.7.12"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.12"
+#define MBEDTLS_VERSION_NUMBER 0x02070D00
+#define MBEDTLS_VERSION_STRING "2.7.13"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.13"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index ef50524..92f12fc 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -147,15 +147,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.12 SOVERSION 2)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.13 SOVERSION 2)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.7.12 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.7.13 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.7.12 SOVERSION 10)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.7.13 SOVERSION 10)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 3ad53a7..55c7ea1 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1207,7 +1207,7 @@
goto cleanup;
}
- if( !S_ISREG( sb.st_mode ) )
+ if( !( S_ISREG( sb.st_mode ) || S_ISLNK( sb.st_mode ) ) )
continue;
// Ignore parse errors
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 9a7f68f..d3eca6a 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.7.12"
+check_compiletime_version:"2.7.13"
Check runtime library version
-check_runtime_version:"2.7.12"
+check_runtime_version:"2.7.13"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0