c65639ebd5
- Use official tarball and so drop autoreconf
- Update hash of LICENSE file, verbatim copy of the current MPL 2.0 with
ebebb5027f
- Fix CVE-2024-25189: libjwt 1.15.3 uses strcmp (which is not constant
time) to verify authentication, which makes it easier to bypass
authentication via a timing side channel.
https://github.com/benmcollins/libjwt/compare/v1.15.3...v1.17.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
27 lines
784 B
Makefile
27 lines
784 B
Makefile
################################################################################
|
|
#
|
|
# libjwt
|
|
#
|
|
################################################################################
|
|
|
|
LIBJWT_VERSION = 1.17.0
|
|
LIBJWT_SITE = https://github.com/benmcollins/libjwt/releases/download/v$(LIBJWT_VERSION)
|
|
LIBJWT_SOURCE = libjwt-$(LIBJWT_VERSION).tar.bz2
|
|
LIBJWT_DEPENDENCIES = host-pkgconf jansson
|
|
LIBJWT_INSTALL_STAGING = YES
|
|
LIBJWT_LICENSE = MPL-2.0
|
|
LIBJWT_LICENSE_FILES = LICENSE
|
|
LIBJWT_CPE_ID_VENDOR = bencollins
|
|
LIBJWT_CPE_ID_PRODUCT = jwt_c_library
|
|
LIBJWT_CONF_OPTS = --without-examples
|
|
|
|
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
|
LIBJWT_CONF_OPTS += --with-openssl
|
|
LIBJWT_DEPENDENCIES += openssl
|
|
else
|
|
LIBJWT_CONF_OPTS += --without-openssl
|
|
LIBJWT_DEPENDENCIES += gnutls
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|