polarssl: security bump to version 1.2.11

Fixes CVE-2014-4911 and a few other issues that don't have a CVE assigned (backports from 1.3.x branch). The no programs & shared/static patches are now upstream albeit in a slightly different form. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-11 18:06:28 -03:00 · 2014-07-11 18:06:28 -03:00 · d296361aa8
commit d296361aa8
parent d0c4261bd1
4 changed files with 11 additions and 91 deletions
--- a/package/polarssl/polarssl-01-no-test-suite.patch
+++ b/package/polarssl/polarssl-01-no-test-suite.patch
@ -4,13 +4,14 @@ By default, PolarSSL builds a fairly extensive test suite to validate
 the library. In the context of Buildroot, building this test suite is
 not really useful, so we add a BUILD_TESTS to disable its build.
 [Gustavo: update for 1.2.11]
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Index: polarssl-1.1.1/CMakeLists.txt
+diff -Nura polarssl-1.2.11.orig/CMakeLists.txt polarssl-1.2.11/CMakeLists.txt
-===================================================================
+--- polarssl-1.2.11.orig/CMakeLists.txt	2014-07-11 17:14:43.414651327 -0300
--- polarssl-1.1.1.orig/CMakeLists.txt
+++ polarssl-1.2.11/CMakeLists.txt	2014-07-11 17:23:00.573498626 -0300
-+++ polarssl-1.1.1/CMakeLists.txt
+@@ -49,9 +49,11 @@
@@ -27,9 +27,11 @@
 add_subdirectory(library)
 add_subdirectory(include)
@ -21,6 +22,6 @@ Index: polarssl-1.1.1/CMakeLists.txt
   add_subdirectory(tests)
 -endif(CMAKE_COMPILER_IS_GNUCC)
 +endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
- 
+ if(CMAKE_COMPILER_IS_CLANG)
- add_subdirectory(programs)
+   add_subdirectory(tests)
- 
+ endif(CMAKE_COMPILER_IS_CLANG)
--- a/package/polarssl/polarssl-no-programs.patch
+++ b/package/polarssl/polarssl-no-programs.patch
@ -1,26 +0,0 @@
 Add the BUILD_PROGRAMS option to disable programs build
 By default, PolarSSL builds and installs a large set of companions
 programs, which in some cases are not useful. This patch adds the
 BUILD_PROGRAMS option which allows to disable the build and
 installation of such programs when not needed.
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 Index: polarssl-1.1.1/CMakeLists.txt
 ===================================================================
 --- polarssl-1.1.1.orig/CMakeLists.txt
 +++ polarssl-1.1.1/CMakeLists.txt
@@ -33,7 +33,11 @@
   add_subdirectory(tests)
 endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
 -add_subdirectory(programs)
 +option(BUILD_PROGRAMS "Build programs." ON)
 +
 +if(BUILD_PROGRAMS)
 +  add_subdirectory(programs)
 +endif(BUILD_PROGRAMS)
 ADD_CUSTOM_TARGET(apidoc
                   COMMAND doxygen doxygen/polarssl.doxyfile
--- a/package/polarssl/polarssl-shared-and-static-library.patch
+++ b/package/polarssl/polarssl-shared-and-static-library.patch
@ -1,55 +0,0 @@
 Allow both shared and static PolarSSL library
 By default, PolarSSL is built as a static library. If the option
 USE_SHARED_POLARSSL_LIBRARY is set, then it is build as a shared
 library. But there is no way of building both the shared and static
 versions.
 This patch adds the USE_STATIC_POLARSSL_LIBRARY (which defaults to ON)
 in addition to the existing USE_SHARED_POLARSSL_LIBRARY (which
 defaults to OFF). Both options can be manipulated independently.
 [Gustavo: update for polarssl 1.2.10]
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
 diff -Nura polarssl-1.2.3.orig/library/CMakeLists.txt polarssl-1.2.3/library/CMakeLists.txt
 --- polarssl-1.2.3.orig/library/CMakeLists.txt	2012-11-27 17:16:20.735678722 -0300
 +++ polarssl-1.2.3/library/CMakeLists.txt	2012-11-27 17:18:09.760457733 -0300
@@ -1,4 +1,5 @@
 option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL as a shared library." OFF)
 +option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL as a static library." ON)
 set(src
      aes.c
@@ -50,19 +51,23 @@
 set(libs ws2_32)
 endif(WIN32)
 -if(NOT USE_SHARED_POLARSSL_LIBRARY)
 -
 -add_library(polarssl STATIC ${src})
 -
 -else(NOT USE_SHARED_POLARSSL_LIBRARY)
 +if(USE_SHARED_POLARSSL_LIBRARY)
 add_library(polarssl SHARED ${src})
 set_target_properties(polarssl PROPERTIES VERSION 1.2.10 SOVERSION 3)
 +set_target_properties(polarssl PROPERTIES OUTPUT_NAME polarssl)
 +
 +endif(USE_SHARED_POLARSSL_LIBRARY)
 +
 +if(USE_STATIC_POLARSSL_LIBRARY)
 +
 +add_library(polarssl-static STATIC ${src})
 +set_target_properties(polarssl-static PROPERTIES OUTPUT_NAME polarssl)
 -endif(NOT USE_SHARED_POLARSSL_LIBRARY)
 +endif(USE_STATIC_POLARSSL_LIBRARY)
 target_link_libraries(polarssl ${libs})
 -install(TARGETS polarssl
 +install(TARGETS polarssl polarssl-static
         DESTINATION ${LIB_INSTALL_DIR}
         PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
--- a/package/polarssl/polarssl.mk
+++ b/package/polarssl/polarssl.mk
@ -5,13 +5,13 @@
 ################################################################################
 POLARSSL_SITE = https://polarssl.org/code/releases
-POLARSSL_VERSION = 1.2.10
+POLARSSL_VERSION = 1.2.11
 POLARSSL_SOURCE = polarssl-$(POLARSSL_VERSION)-gpl.tgz
 POLARSSL_CONF_OPT = \
 	-DUSE_SHARED_POLARSSL_LIBRARY=ON \
 	-DUSE_STATIC_POLARSSL_LIBRARY=ON \
 	-DBUILD_TESTS=OFF \
-	-DBUILD_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
+	-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
 POLARSSL_INSTALL_STAGING = YES
 POLARSSL_LICENSE = GPLv2