Commit Graph

30 Commits

Author SHA1 Message Date
Gustavo Zacarias
7bc8f03844 polarssl: security bump to version 1.2.17
Fixes:
CVE-2015-5291 - Remote attack on clients using session tickets or SNI

Also includes countermeasures against Lenstra's RSA-CRT attach for
PKCS#1 v1.5 signatures (1.2.16) and the Logjam attack (1.2.15).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-16 23:26:47 +02:00
Gustavo Zacarias
f162e9661d polarssl: security bump to version 1.2.14
Fixes one remotely-triggerable issue that was found by the Codenomicon
Defensics tool, one potential remote crash and countermeasures against
the "Lucky 13 strikes back" cache-based attack.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-04 14:58:49 +02:00
Gustavo Zacarias
5469cb9724 polarssl: switch download URL
Old wget versions aren't very happy with https moves/alt names hence
complain when trying to download from said sites.
Since polarssl is now mbed tls and everything got renamed switch to the
new URL to avoid this.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-31 13:59:58 +02:00
Gustavo Zacarias
ad951abd86 polarssl: security bump to version 1.2.13
Includes the previous CVE-2015-1182 fix (patch dropped) and other fixes
(security and non) from the 1.3 branch (no CVEs yet), see release notes:
https://polarssl.org/tech-updates/releases/polarssl-1.2.13-released

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-19 21:28:11 +01:00
Gustavo Zacarias
d663af559e polarssl: add fix for CVE-2015-1182
Fixes CVE-2015-1182 - Remote attack using crafted certificates.
Also rename patches to new naming convention.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-26 23:13:44 +01:00
Gustavo Zacarias
130ca81bb2 polarssl: disable assembly for more scenarios
Disable assembly optimizations for:
Microblaze in general (previously a patch).
ARM with debugging in Thumb1/2 mode. This one fixes:
http://autobuild.buildroot.net/results/31e/31e8c4e29d51039cd5d213c2fe176a9cc39879da/

Do so in a nicer way with a one-liner sed and drop the patch.

And rename patches around, numbering was off.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-27 17:49:13 +01:00
Gustavo Zacarias
beb20c5492 polarssl: security bump to version 1.2.12
Fixes several memory leaks.
No assigned CVE or Polar-SA yet.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-27 17:49:13 +01:00
Samuel Martin
0cf0738a2e package/polarssl: cleanup configure options
Test build is already disabled by the cmake-package infrastructure.

Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-26 17:05:40 +01:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Gustavo Zacarias
31df0ffb8b polarssl: add hash
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-18 21:39:09 +02:00
Samuel Martin
ec3417676e package/polarssl: fix static link
- disable shared object build when BR2_PREFER_STATIC_LIB is set
- patch the CMake code for handling static/shared object build using
  standard CMake flags, instead of the ucstom ones.

Fixes:
  http://autobuild.buildroot.net/results/754/754947d2a77a4dbe91057d8ce64fc4996e716ece/

Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-08-31 23:44:58 +02:00
Gustavo Zacarias
e52edcd030 polarssl: disable microblaze inline assembly
Fixes:
http://autobuild.buildroot.net/results/4d5/4d54958ded61a0d929d992e4ca0bb31c996953cb/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-30 23:50:48 +02:00
Gustavo Zacarias
e111e0eb8c polarssl: programs need MMU
Fixes:
http://autobuild.buildroot.net/results/b53/b535dfda85c8a25c5192c4be7540c4e852fce717/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-15 19:06:47 +02:00
Gustavo Zacarias
d296361aa8 polarssl: security bump to version 1.2.11
Fixes CVE-2014-4911 and a few other issues that don't have a CVE assigned
(backports from 1.3.x branch).
The no programs & shared/static patches are now upstream albeit in a
slightly different form.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-12 11:48:55 +02:00
Thomas De Schampheleire
35eaed8d07 Config.in files: use if/endif instead of 'depends on' for main symbol
In the Config.in file of package foo, it often happens that there are other
symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense
when foo itself is enabled. There are two ways to express this: with
    depends on BR2_PACKAGE_FOO
in each extra symbol, or with
    if BR2_PACKAGE_FOO
        ...
    endif
around the entire set of extra symbols.

The if/endif approach avoids the repetition of 'depends on' statements on
multiple symbols, so this is clearly preferred. But even when there is only
one extra symbol, if/endif is a more logical choice:
- it is future-proof for when extra symbols are added
- it allows to have just one strategy instead of two (less confusion)

This patch modifies the Config.in files accordingly.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-12-25 12:21:39 +01:00
Gustavo Zacarias
6f05d5ac8f polarssl: bump to version 1.2.10
Fixes a memory leak in RSA blinding.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-11-06 13:31:41 +01:00
Gustavo Zacarias
fdd37332bc polarssl: security bump to version 1.2.9
Fixes PolarSSL SA 2013-05.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-07 22:08:27 +02:00
Jerzy Grzegorek
cd2ff4f637 package: remove the empty trailing lines
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-09-13 11:10:23 +02:00
Gustavo Zacarias
04ac296a3b polarssl: fix download URL
Switch to a non-redirect download URL to fix:
http://autobuild.buildroot.net/results/ec3/ec340fffa6eebb18a0746097419359b44c557a90/
Thanks go to Paul Bakker for the quick response!

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-27 23:30:06 +02:00
Gustavo Zacarias
296c1b84d5 polarssl: bump to version 1.2.8
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-27 15:39:09 +02:00
Alexandre Belloni
23ac7255c8 Add header to packages where missing
Reported-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-21 11:00:31 +02:00
Gustavo Zacarias
bedb8a463e polarssl: bump to version 1.2.7
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-17 21:49:53 +02:00
Gustavo Zacarias
ce0703bd0f polarssl: security bump to version 1.2.6
Fixes CVE-2013-0169.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-01 21:01:44 +02:00
Gustavo Zacarias
a17820fe3f polarssl: security bump to version 1.2.5
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-02-04 23:22:32 +01:00
Gustavo Zacarias
5e73912a3d polarssl: bump to version 1.2.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-05 00:40:17 -08:00
Gustavo Zacarias
b5a34e750f polarssl: bump to version 1.2.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-11-17 22:08:00 +01:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Gustavo Zacarias
6b7a7a028c polarssl: bump to version 1.1.4
* Correctly handle empty SSL/TLS packets (Found by James Yonan)
* Fixed potential heap corruption in x509_name allocation
* Fixed single RSA test that failed on Big Endian systems

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-06-12 22:22:11 +02:00
Gustavo Zacarias
c2e12ef278 polarssl: security bump to version 1.1.3
Fix for CVE-2012-2130

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-03 15:53:07 +02:00
Thomas Petazzoni
31993b329e polarssl: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-04-15 09:15:17 +02:00