* [Buildroot] [PATCH] polarssl: security bump to version 1.2.11
@ 2014-07-11 21:06 Gustavo Zacarias
2014-07-12 9:54 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2014-07-11 21:06 UTC (permalink / raw)
To: buildroot
Fixes CVE-2014-4911 and a few other issues that don't have a CVE assigned
(backports from 1.3.x branch).
The no programs & shared/static patches are now upstream albeit in a
slightly different form.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
| 17 +++----
| 26 ----------
.../polarssl-shared-and-static-library.patch | 55 ----------------------
| 4 +-
4 files changed, 11 insertions(+), 91 deletions(-)
rename package/polarssl/{polarssl-no-test-suite.patch => polarssl-01-no-test-suite.patch} (58%)
delete mode 100644 package/polarssl/polarssl-no-programs.patch
delete mode 100644 package/polarssl/polarssl-shared-and-static-library.patch
diff --git a/package/polarssl/polarssl-no-test-suite.patch b/package/polarssl/polarssl-01-no-test-suite.patch
similarity index 58%
rename from package/polarssl/polarssl-no-test-suite.patch
rename to package/polarssl/polarssl-01-no-test-suite.patch
index 7e07441..4c8552a 100644
--- a/package/polarssl/polarssl-no-test-suite.patch
+++ b/package/polarssl/polarssl-01-no-test-suite.patch
@@ -4,13 +4,14 @@ By default, PolarSSL builds a fairly extensive test suite to validate
the library. In the context of Buildroot, building this test suite is
not really useful, so we add a BUILD_TESTS to disable its build.
+[Gustavo: update for 1.2.11]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Index: polarssl-1.1.1/CMakeLists.txt
-===================================================================
---- polarssl-1.1.1.orig/CMakeLists.txt
-+++ polarssl-1.1.1/CMakeLists.txt
-@@ -27,9 +27,11 @@
+diff -Nura polarssl-1.2.11.orig/CMakeLists.txt polarssl-1.2.11/CMakeLists.txt
+--- polarssl-1.2.11.orig/CMakeLists.txt 2014-07-11 17:14:43.414651327 -0300
++++ polarssl-1.2.11/CMakeLists.txt 2014-07-11 17:23:00.573498626 -0300
+@@ -49,9 +49,11 @@
add_subdirectory(library)
add_subdirectory(include)
@@ -21,6 +22,6 @@ Index: polarssl-1.1.1/CMakeLists.txt
add_subdirectory(tests)
-endif(CMAKE_COMPILER_IS_GNUCC)
+endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
-
- add_subdirectory(programs)
-
+ if(CMAKE_COMPILER_IS_CLANG)
+ add_subdirectory(tests)
+ endif(CMAKE_COMPILER_IS_CLANG)
diff --git a/package/polarssl/polarssl-no-programs.patch b/package/polarssl/polarssl-no-programs.patch
deleted file mode 100644
index f118871..0000000
--- a/package/polarssl/polarssl-no-programs.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Add the BUILD_PROGRAMS option to disable programs build
-
-By default, PolarSSL builds and installs a large set of companions
-programs, which in some cases are not useful. This patch adds the
-BUILD_PROGRAMS option which allows to disable the build and
-installation of such programs when not needed.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
-Index: polarssl-1.1.1/CMakeLists.txt
-===================================================================
---- polarssl-1.1.1.orig/CMakeLists.txt
-+++ polarssl-1.1.1/CMakeLists.txt
-@@ -33,7 +33,11 @@
- add_subdirectory(tests)
- endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
-
--add_subdirectory(programs)
-+option(BUILD_PROGRAMS "Build programs." ON)
-+
-+if(BUILD_PROGRAMS)
-+ add_subdirectory(programs)
-+endif(BUILD_PROGRAMS)
-
- ADD_CUSTOM_TARGET(apidoc
- COMMAND doxygen doxygen/polarssl.doxyfile
diff --git a/package/polarssl/polarssl-shared-and-static-library.patch b/package/polarssl/polarssl-shared-and-static-library.patch
deleted file mode 100644
index 7e41745..0000000
--- a/package/polarssl/polarssl-shared-and-static-library.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Allow both shared and static PolarSSL library
-
-By default, PolarSSL is built as a static library. If the option
-USE_SHARED_POLARSSL_LIBRARY is set, then it is build as a shared
-library. But there is no way of building both the shared and static
-versions.
-
-This patch adds the USE_STATIC_POLARSSL_LIBRARY (which defaults to ON)
-in addition to the existing USE_SHARED_POLARSSL_LIBRARY (which
-defaults to OFF). Both options can be manipulated independently.
-
-[Gustavo: update for polarssl 1.2.10]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -Nura polarssl-1.2.3.orig/library/CMakeLists.txt polarssl-1.2.3/library/CMakeLists.txt
---- polarssl-1.2.3.orig/library/CMakeLists.txt 2012-11-27 17:16:20.735678722 -0300
-+++ polarssl-1.2.3/library/CMakeLists.txt 2012-11-27 17:18:09.760457733 -0300
-@@ -1,4 +1,5 @@
- option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL as a shared library." OFF)
-+option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL as a static library." ON)
-
- set(src
- aes.c
-@@ -50,19 +51,23 @@
- set(libs ws2_32)
- endif(WIN32)
-
--if(NOT USE_SHARED_POLARSSL_LIBRARY)
--
--add_library(polarssl STATIC ${src})
--
--else(NOT USE_SHARED_POLARSSL_LIBRARY)
-+if(USE_SHARED_POLARSSL_LIBRARY)
-
- add_library(polarssl SHARED ${src})
- set_target_properties(polarssl PROPERTIES VERSION 1.2.10 SOVERSION 3)
-+set_target_properties(polarssl PROPERTIES OUTPUT_NAME polarssl)
-+
-+endif(USE_SHARED_POLARSSL_LIBRARY)
-+
-+if(USE_STATIC_POLARSSL_LIBRARY)
-+
-+add_library(polarssl-static STATIC ${src})
-+set_target_properties(polarssl-static PROPERTIES OUTPUT_NAME polarssl)
-
--endif(NOT USE_SHARED_POLARSSL_LIBRARY)
-+endif(USE_STATIC_POLARSSL_LIBRARY)
-
- target_link_libraries(polarssl ${libs})
-
--install(TARGETS polarssl
-+install(TARGETS polarssl polarssl-static
- DESTINATION ${LIB_INSTALL_DIR}
- PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
--git a/package/polarssl/polarssl.mk b/package/polarssl/polarssl.mk
index 20486e3..24f09ed 100644
--- a/package/polarssl/polarssl.mk
+++ b/package/polarssl/polarssl.mk
@@ -5,13 +5,13 @@
################################################################################
POLARSSL_SITE = https://polarssl.org/code/releases
-POLARSSL_VERSION = 1.2.10
+POLARSSL_VERSION = 1.2.11
POLARSSL_SOURCE = polarssl-$(POLARSSL_VERSION)-gpl.tgz
POLARSSL_CONF_OPT = \
-DUSE_SHARED_POLARSSL_LIBRARY=ON \
-DUSE_STATIC_POLARSSL_LIBRARY=ON \
-DBUILD_TESTS=OFF \
- -DBUILD_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
+ -DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
POLARSSL_INSTALL_STAGING = YES
POLARSSL_LICENSE = GPLv2
--
1.8.5.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] polarssl: security bump to version 1.2.11
2014-07-11 21:06 [Buildroot] [PATCH] polarssl: security bump to version 1.2.11 Gustavo Zacarias
@ 2014-07-12 9:54 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2014-07-12 9:54 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Fri, 11 Jul 2014 18:06:28 -0300, Gustavo Zacarias wrote:
> Fixes CVE-2014-4911 and a few other issues that don't have a CVE assigned
> (backports from 1.3.x branch).
> The no programs & shared/static patches are now upstream albeit in a
> slightly different form.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Applied, thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-07-12 9:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-11 21:06 [Buildroot] [PATCH] polarssl: security bump to version 1.2.11 Gustavo Zacarias
2014-07-12 9:54 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox