From 4d47d61a5f59dc7a487248d6b43e2f536a6d794c Mon Sep 17 00:00:00 2001 From: hauke Date: Sun, 18 Oct 2015 22:27:38 +0000 Subject: [PATCH] CC: polarssl: update to version 1.3.14 This fixes CVE-2015-5291 and some other smaller security issues. Signed-off-by: Hauke Mehrtens git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47202 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/libs/polarssl/Makefile | 19 ++++---- .../libs/polarssl/patches/100-disable_sslv3.patch | 2 +- .../libs/polarssl/patches/200-reduce_config.patch | 50 +++++++++++----------- 3 files changed, 37 insertions(+), 34 deletions(-) diff --git a/package/libs/polarssl/Makefile b/package/libs/polarssl/Makefile index a232ef6fab..dc13679e41 100644 --- a/package/libs/polarssl/Makefile +++ b/package/libs/polarssl/Makefile @@ -7,14 +7,17 @@ include $(TOPDIR)/rules.mk -PKG_NAME:=mbedtls -PKG_VERSION:=1.3.11 +PKG_NAME:=polarssl +SRC_PKG_NAME:=mbedtls +PKG_VERSION:=1.3.14 PKG_RELEASE:=1 PKG_USE_MIPS16:=0 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz +PKG_SOURCE:=$(SRC_PKG_NAME)-$(PKG_VERSION)-gpl.tgz PKG_SOURCE_URL:=https://polarssl.org/download/ -PKG_MD5SUM:=c02ce2e54862d678604794ee484fb59e +PKG_MD5SUM:=869c7b5798b8769902880c7cf0212fed + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(SRC_PKG_NAME)-$(PKG_VERSION) PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0+ @@ -58,14 +61,14 @@ define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(CP) $(PKG_INSTALL_DIR)/usr/include/polarssl $(1)/usr/include/ $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so* $(1)/usr/lib/ - $(LN) libmbedtls.so $(1)/usr/lib/libpolarssl.so + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so.* $(1)/usr/lib/ + $(LN) libmbedtls.so.$(PKG_VERSION) $(1)/usr/lib/libpolarssl.so endef define Package/libpolarssl/install $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so* $(1)/usr/lib/ - $(LN) libmbedtls.so $(1)/usr/lib/libpolarssl.so + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so.* $(1)/usr/lib/ + $(LN) libmbedtls.so.$(PKG_VERSION) $(1)/usr/lib/libpolarssl.so endef $(eval $(call BuildPackage,libpolarssl)) diff --git a/package/libs/polarssl/patches/100-disable_sslv3.patch b/package/libs/polarssl/patches/100-disable_sslv3.patch index 4b779025f7..56c6c4d235 100644 --- a/package/libs/polarssl/patches/100-disable_sslv3.patch +++ b/package/libs/polarssl/patches/100-disable_sslv3.patch @@ -1,6 +1,6 @@ --- a/include/polarssl/config.h +++ b/include/polarssl/config.h -@@ -951,8 +951,8 @@ +@@ -1011,8 +1011,8 @@ * POLARSSL_SHA1_C * * Comment this macro to disable support for SSL 3.0 diff --git a/package/libs/polarssl/patches/200-reduce_config.patch b/package/libs/polarssl/patches/200-reduce_config.patch index aa1108eeb4..80b07ef93f 100644 --- a/package/libs/polarssl/patches/200-reduce_config.patch +++ b/package/libs/polarssl/patches/200-reduce_config.patch @@ -1,6 +1,6 @@ --- a/include/polarssl/config.h +++ b/include/polarssl/config.h -@@ -370,8 +370,8 @@ +@@ -432,8 +432,8 @@ * Requires: POLARSSL_HMAC_DRBG_C * * Comment this macro to disable deterministic ECDSA. @@ -10,7 +10,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED -@@ -392,8 +392,8 @@ +@@ -454,8 +454,8 @@ * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_PSK_WITH_3DES_EDE_CBC_SHA * TLS_PSK_WITH_RC4_128_SHA @@ -20,7 +20,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED -@@ -416,8 +416,8 @@ +@@ -478,8 +478,8 @@ * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * TLS_DHE_PSK_WITH_RC4_128_SHA @@ -30,7 +30,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED -@@ -436,8 +436,8 @@ +@@ -498,8 +498,8 @@ * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * TLS_ECDHE_PSK_WITH_RC4_128_SHA @@ -40,7 +40,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED -@@ -461,8 +461,8 @@ +@@ -523,8 +523,8 @@ * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA * TLS_RSA_PSK_WITH_RC4_128_SHA @@ -50,7 +50,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED -@@ -540,8 +540,8 @@ +@@ -602,8 +602,8 @@ * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * TLS_ECDHE_RSA_WITH_RC4_128_SHA @@ -60,7 +60,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -@@ -564,8 +564,8 @@ +@@ -626,8 +626,8 @@ * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA @@ -70,7 +70,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -@@ -588,8 +588,8 @@ +@@ -650,8 +650,8 @@ * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 @@ -80,7 +80,7 @@ /** * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED -@@ -612,8 +612,8 @@ +@@ -674,8 +674,8 @@ * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 @@ -90,7 +90,7 @@ /** * \def POLARSSL_PK_PARSE_EC_EXTENDED -@@ -775,8 +775,8 @@ +@@ -835,8 +835,8 @@ * \def POLARSSL_SELF_TEST * * Enable the checkup functions (*_self_test). @@ -100,7 +100,7 @@ /** * \def POLARSSL_SSL_AEAD_RANDOM_IV -@@ -1078,8 +1078,8 @@ +@@ -1138,8 +1138,8 @@ * Requires: POLARSSL_VERSION_C * * Comment this to disable run-time checking and save ROM space @@ -110,7 +110,7 @@ /** * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 -@@ -1395,8 +1395,8 @@ +@@ -1457,8 +1457,8 @@ * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 @@ -120,7 +120,7 @@ /** * \def POLARSSL_CCM_C -@@ -1423,8 +1423,8 @@ +@@ -1485,8 +1485,8 @@ * Requires: POLARSSL_PEM_PARSE_C * * This module is used for testing (ssl_client/server). @@ -130,7 +130,7 @@ /** * \def POLARSSL_CIPHER_C -@@ -1463,8 +1463,8 @@ +@@ -1525,8 +1525,8 @@ * library/ssl_tls.c * * This module provides debugging functions. @@ -140,7 +140,7 @@ /** * \def POLARSSL_DES_C -@@ -1519,8 +1519,8 @@ +@@ -1581,8 +1581,8 @@ * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK * * Requires: POLARSSL_ECP_C @@ -150,7 +150,7 @@ /** * \def POLARSSL_ECDSA_C -@@ -1534,8 +1534,8 @@ +@@ -1596,8 +1596,8 @@ * ECDHE-ECDSA * * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C @@ -160,7 +160,7 @@ /** * \def POLARSSL_ECP_C -@@ -1547,8 +1547,8 @@ +@@ -1609,8 +1609,8 @@ * library/ecdsa.c * * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED @@ -170,7 +170,7 @@ /** * \def POLARSSL_ENTROPY_C -@@ -1587,8 +1587,8 @@ +@@ -1649,8 +1649,8 @@ * * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. @@ -180,7 +180,7 @@ /** * \def POLARSSL_HAVEGE_C -@@ -1624,8 +1624,8 @@ +@@ -1686,8 +1686,8 @@ * Requires: POLARSSL_MD_C * * Uncomment to enable the HMAC_DRBG random number geerator. @@ -190,7 +190,7 @@ /** * \def POLARSSL_MD_C -@@ -1746,8 +1746,8 @@ +@@ -1813,8 +1813,8 @@ * Requires: POLARSSL_HAVE_ASM * * This modules adds support for the VIA PadLock on x86. @@ -200,7 +200,7 @@ /** * \def POLARSSL_PBKDF2_C -@@ -1907,8 +1907,8 @@ +@@ -1979,8 +1979,8 @@ * Module: library/ripemd160.c * Caller: library/md.c * @@ -210,7 +210,7 @@ /** * \def POLARSSL_RSA_C -@@ -1987,8 +1987,8 @@ +@@ -2059,8 +2059,8 @@ * Caller: * * Requires: POLARSSL_SSL_CACHE_C @@ -220,7 +220,7 @@ /** * \def POLARSSL_SSL_CLI_C -@@ -2064,8 +2064,8 @@ +@@ -2136,8 +2136,8 @@ * Caller: library/havege.c * * This module is used by the HAVEGE random number generator. @@ -230,7 +230,7 @@ /** * \def POLARSSL_VERSION_C -@@ -2075,8 +2075,8 @@ +@@ -2147,8 +2147,8 @@ * Module: library/version.c * * This module provides run-time version information. @@ -240,7 +240,7 @@ /** * \def POLARSSL_X509_USE_C -@@ -2185,8 +2185,8 @@ +@@ -2257,8 +2257,8 @@ * * Module: library/xtea.c * Caller: -- 2.11.0