This fixes CVE-2015-5291 and some other smaller security issues.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47202
3c298f89-4303-0410-b956-
a3cf2f4a3e73
include $(TOPDIR)/rules.mk
include $(TOPDIR)/rules.mk
-PKG_NAME:=mbedtls
-PKG_VERSION:=1.3.11
+PKG_NAME:=polarssl
+SRC_PKG_NAME:=mbedtls
+PKG_VERSION:=1.3.14
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
+PKG_SOURCE:=$(SRC_PKG_NAME)-$(PKG_VERSION)-gpl.tgz
PKG_SOURCE_URL:=https://polarssl.org/download/
PKG_SOURCE_URL:=https://polarssl.org/download/
-PKG_MD5SUM:=c02ce2e54862d678604794ee484fb59e
+PKG_MD5SUM:=869c7b5798b8769902880c7cf0212fed
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(SRC_PKG_NAME)-$(PKG_VERSION)
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/polarssl $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/polarssl $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so* $(1)/usr/lib/
- $(LN) libmbedtls.so $(1)/usr/lib/libpolarssl.so
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so.* $(1)/usr/lib/
+ $(LN) libmbedtls.so.$(PKG_VERSION) $(1)/usr/lib/libpolarssl.so
endef
define Package/libpolarssl/install
$(INSTALL_DIR) $(1)/usr/lib
endef
define Package/libpolarssl/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so* $(1)/usr/lib/
- $(LN) libmbedtls.so $(1)/usr/lib/libpolarssl.so
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so.* $(1)/usr/lib/
+ $(LN) libmbedtls.so.$(PKG_VERSION) $(1)/usr/lib/libpolarssl.so
endef
$(eval $(call BuildPackage,libpolarssl))
endef
$(eval $(call BuildPackage,libpolarssl))
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
* POLARSSL_SHA1_C
*
* Comment this macro to disable support for SSL 3.0
* POLARSSL_SHA1_C
*
* Comment this macro to disable support for SSL 3.0
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
* Requires: POLARSSL_HMAC_DRBG_C
*
* Comment this macro to disable deterministic ECDSA.
* Requires: POLARSSL_HMAC_DRBG_C
*
* Comment this macro to disable deterministic ECDSA.
/**
* \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_RC4_128_SHA
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_RC4_128_SHA
/**
* \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_RC4_128_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_RC4_128_SHA
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
/**
* \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
/**
* \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
/**
* \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
/**
* \def POLARSSL_PK_PARSE_EC_EXTENDED
/**
* \def POLARSSL_PK_PARSE_EC_EXTENDED
* \def POLARSSL_SELF_TEST
*
* Enable the checkup functions (*_self_test).
* \def POLARSSL_SELF_TEST
*
* Enable the checkup functions (*_self_test).
/**
* \def POLARSSL_SSL_AEAD_RANDOM_IV
/**
* \def POLARSSL_SSL_AEAD_RANDOM_IV
* Requires: POLARSSL_VERSION_C
*
* Comment this to disable run-time checking and save ROM space
* Requires: POLARSSL_VERSION_C
*
* Comment this to disable run-time checking and save ROM space
/**
* \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
/**
* \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
/**
* \def POLARSSL_CCM_C
/**
* \def POLARSSL_CCM_C
* Requires: POLARSSL_PEM_PARSE_C
*
* This module is used for testing (ssl_client/server).
* Requires: POLARSSL_PEM_PARSE_C
*
* This module is used for testing (ssl_client/server).
/**
* \def POLARSSL_CIPHER_C
/**
* \def POLARSSL_CIPHER_C
* library/ssl_tls.c
*
* This module provides debugging functions.
* library/ssl_tls.c
*
* This module provides debugging functions.
/**
* \def POLARSSL_DES_C
/**
* \def POLARSSL_DES_C
* ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
*
* Requires: POLARSSL_ECP_C
* ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
*
* Requires: POLARSSL_ECP_C
/**
* \def POLARSSL_ECDSA_C
/**
* \def POLARSSL_ECDSA_C
* ECDHE-ECDSA
*
* Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
* ECDHE-ECDSA
*
* Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
/**
* \def POLARSSL_ECP_C
/**
* \def POLARSSL_ECP_C
* library/ecdsa.c
*
* Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
* library/ecdsa.c
*
* Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
/**
* \def POLARSSL_ENTROPY_C
/**
* \def POLARSSL_ENTROPY_C
*
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
*
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
/**
* \def POLARSSL_HAVEGE_C
/**
* \def POLARSSL_HAVEGE_C
* Requires: POLARSSL_MD_C
*
* Uncomment to enable the HMAC_DRBG random number geerator.
* Requires: POLARSSL_MD_C
*
* Uncomment to enable the HMAC_DRBG random number geerator.
* Requires: POLARSSL_HAVE_ASM
*
* This modules adds support for the VIA PadLock on x86.
* Requires: POLARSSL_HAVE_ASM
*
* This modules adds support for the VIA PadLock on x86.
/**
* \def POLARSSL_PBKDF2_C
/**
* \def POLARSSL_PBKDF2_C
* Module: library/ripemd160.c
* Caller: library/md.c
*
* Module: library/ripemd160.c
* Caller: library/md.c
*
/**
* \def POLARSSL_RSA_C
/**
* \def POLARSSL_RSA_C
* Caller:
*
* Requires: POLARSSL_SSL_CACHE_C
* Caller:
*
* Requires: POLARSSL_SSL_CACHE_C
/**
* \def POLARSSL_SSL_CLI_C
/**
* \def POLARSSL_SSL_CLI_C
* Caller: library/havege.c
*
* This module is used by the HAVEGE random number generator.
* Caller: library/havege.c
*
* This module is used by the HAVEGE random number generator.
/**
* \def POLARSSL_VERSION_C
/**
* \def POLARSSL_VERSION_C
* Module: library/version.c
*
* This module provides run-time version information.
* Module: library/version.c
*
* This module provides run-time version information.
/**
* \def POLARSSL_X509_USE_C
/**
* \def POLARSSL_X509_USE_C
*
* Module: library/xtea.c
* Caller:
*
* Module: library/xtea.c
* Caller: