From: Steven Barth Date: Mon, 9 Feb 2015 12:44:32 +0000 (+0000) Subject: polarssl: bump to 1.3.10, work around rename to mbedtls X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=1a014d170ad9dcb4eff935b8fb123bf40ede30d1;p=openwrt%2Fstaging%2Fjow.git polarssl: bump to 1.3.10, work around rename to mbedtls Signed-off-by: Steven Barth SVN-Revision: 44361 --- diff --git a/package/libs/polarssl/Makefile b/package/libs/polarssl/Makefile index 384853e29c..b4d2490882 100644 --- a/package/libs/polarssl/Makefile +++ b/package/libs/polarssl/Makefile @@ -7,14 +7,14 @@ include $(TOPDIR)/rules.mk -PKG_NAME:=polarssl -PKG_VERSION:=1.3.9 -PKG_RELEASE:=2 +PKG_NAME:=mbedtls +PKG_VERSION:=1.3.10 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz -PKG_SOURCE_URL:=https://polarssl.org/code/releases -PKG_MD5SUM:=48af7d1f0d5de512cbd6dacf5407884c +PKG_SOURCE_URL:=https://polarssl.org/download/ +PKG_MD5SUM:=4b55fc9ad3da65a43addefa8b74fef13 PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0+ @@ -50,7 +50,7 @@ PKG_INSTALL:=1 CMAKE_OPTIONS += \ -DCMAKE_BUILD_TYPE:String="Release" \ - -DUSE_SHARED_POLARSSL_LIBRARY:Bool=ON \ + -DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \ -DENABLE_TESTING:Bool=OFF \ -DENABLE_PROGRAMS:Bool=OFF \ @@ -58,12 +58,14 @@ define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(CP) $(PKG_INSTALL_DIR)/usr/include/polarssl $(1)/usr/include/ $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpolarssl.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so* $(1)/usr/lib/ + $(LN) libmbedtls.so $(1)/usr/lib/libpolarssl.so endef define Package/libpolarssl/install $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libpolarssl.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so* $(1)/usr/lib/ + $(LN) libmbedtls.so $(1)/usr/lib/libpolarssl.so endef $(eval $(call BuildPackage,libpolarssl)) diff --git a/package/libs/polarssl/patches/100-disable_sslv3.patch b/package/libs/polarssl/patches/100-disable_sslv3.patch index 06312f3471..4b779025f7 100644 --- a/package/libs/polarssl/patches/100-disable_sslv3.patch +++ b/package/libs/polarssl/patches/100-disable_sslv3.patch @@ -1,6 +1,6 @@ --- a/include/polarssl/config.h +++ b/include/polarssl/config.h -@@ -859,8 +859,8 @@ +@@ -951,8 +951,8 @@ * POLARSSL_SHA1_C * * Comment this macro to disable support for SSL 3.0 diff --git a/package/libs/polarssl/patches/200-reduce_config.patch b/package/libs/polarssl/patches/200-reduce_config.patch index dc95faada5..b2ae4de957 100644 --- a/package/libs/polarssl/patches/200-reduce_config.patch +++ b/package/libs/polarssl/patches/200-reduce_config.patch @@ -1,6 +1,6 @@ --- a/include/polarssl/config.h +++ b/include/polarssl/config.h -@@ -395,8 +395,8 @@ +@@ -392,8 +392,8 @@ * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_PSK_WITH_3DES_EDE_CBC_SHA * TLS_PSK_WITH_RC4_128_SHA @@ -10,7 +10,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED -@@ -419,8 +419,8 @@ +@@ -416,8 +416,8 @@ * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * TLS_DHE_PSK_WITH_RC4_128_SHA @@ -20,7 +20,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED -@@ -439,8 +439,8 @@ +@@ -436,8 +436,8 @@ * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * TLS_ECDHE_PSK_WITH_RC4_128_SHA @@ -30,7 +30,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED -@@ -464,8 +464,8 @@ +@@ -461,8 +461,8 @@ * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA * TLS_RSA_PSK_WITH_RC4_128_SHA @@ -40,7 +40,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED -@@ -543,8 +543,8 @@ +@@ -540,8 +540,8 @@ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * TLS_ECDHE_RSA_WITH_RC4_128_SHA @@ -50,7 +50,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -@@ -567,8 +567,8 @@ +@@ -564,8 +564,8 @@ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA @@ -60,7 +60,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -@@ -591,8 +591,8 @@ +@@ -588,8 +588,8 @@ * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 @@ -70,7 +70,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED -@@ -615,8 +615,8 @@ +@@ -612,8 +612,8 @@ * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 @@ -80,7 +80,7 @@ /** * \def POLARSSL_PK_PARSE_EC_EXTENDED -@@ -778,8 +778,8 @@ +@@ -775,8 +775,8 @@ * \def POLARSSL_SELF_TEST * * Enable the checkup functions (*_self_test). @@ -89,8 +89,8 @@ + */ /** - * \def POLARSSL_SSL_ALL_ALERT_MESSAGES -@@ -1302,8 +1302,8 @@ + * \def POLARSSL_SSL_AEAD_RANDOM_IV +@@ -1395,8 +1395,8 @@ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 @@ -100,7 +100,7 @@ /** * \def POLARSSL_CCM_C -@@ -1330,8 +1330,8 @@ +@@ -1423,8 +1423,8 @@ * Requires: POLARSSL_PEM_PARSE_C * * This module is used for testing (ssl_client/server). @@ -110,7 +110,7 @@ /** * \def POLARSSL_CIPHER_C -@@ -1370,8 +1370,8 @@ +@@ -1463,8 +1463,8 @@ * library/ssl_tls.c * * This module provides debugging functions. @@ -120,7 +120,7 @@ /** * \def POLARSSL_DES_C -@@ -1426,8 +1426,8 @@ +@@ -1519,8 +1519,8 @@ * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK * * Requires: POLARSSL_ECP_C @@ -130,7 +130,7 @@ /** * \def POLARSSL_ECDSA_C -@@ -1441,8 +1441,8 @@ +@@ -1534,8 +1534,8 @@ * ECDHE-ECDSA * * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C @@ -140,7 +140,7 @@ /** * \def POLARSSL_ECP_C -@@ -1454,8 +1454,8 @@ +@@ -1547,8 +1547,8 @@ * library/ecdsa.c * * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED @@ -150,7 +150,7 @@ /** * \def POLARSSL_ENTROPY_C -@@ -1494,8 +1494,8 @@ +@@ -1587,8 +1587,8 @@ * * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. @@ -160,7 +160,7 @@ /** * \def POLARSSL_HAVEGE_C -@@ -1652,8 +1652,8 @@ +@@ -1746,8 +1746,8 @@ * Requires: POLARSSL_HAVE_ASM * * This modules adds support for the VIA PadLock on x86. @@ -170,7 +170,7 @@ /** * \def POLARSSL_PBKDF2_C -@@ -1813,8 +1813,8 @@ +@@ -1907,8 +1907,8 @@ * Module: library/ripemd160.c * Caller: library/md.c * @@ -180,7 +180,7 @@ /** * \def POLARSSL_RSA_C -@@ -1893,8 +1893,8 @@ +@@ -1987,8 +1987,8 @@ * Caller: * * Requires: POLARSSL_SSL_CACHE_C @@ -190,7 +190,7 @@ /** * \def POLARSSL_SSL_CLI_C -@@ -1970,8 +1970,8 @@ +@@ -2064,8 +2064,8 @@ * Caller: library/havege.c * * This module is used by the HAVEGE random number generator. @@ -200,7 +200,7 @@ /** * \def POLARSSL_VERSION_C -@@ -2091,8 +2091,8 @@ +@@ -2185,8 +2185,8 @@ * * Module: library/xtea.c * Caller: @@ -208,5 +208,5 @@ #define POLARSSL_XTEA_C + */ - /* \} name SECTION: PolarSSL modules */ + /* \} name SECTION: mbed TLS modules */ diff --git a/package/libs/polarssl/patches/300-CVE-2015-1182.patch b/package/libs/polarssl/patches/300-CVE-2015-1182.patch deleted file mode 100644 index 5961d37aa5..0000000000 --- a/package/libs/polarssl/patches/300-CVE-2015-1182.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/library/asn1parse.c -+++ b/library/asn1parse.c -@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char - if( cur->next == NULL ) - return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); - -+ memset( cur->next, 0, sizeof( asn1_sequence ) ); -+ - cur = cur->next; - } - }