summaryrefslogtreecommitdiffstats
path: root/package/polarssl
Commit message (Collapse)AuthorAgeFilesLines
* polarssl: remove unmaintained packageGustavo Zacarias2017-03-185-132/+0
| | | | | | | | | | | | | | | | | | | | | | The 1.2.x branch is no longer maintained, so remove it since it's likely security-vulnerable. mbedtls is the modern replacement which was renamed from polarssl when ARM bought them up. However major releases broke API so polarssl 1.2.x isn't always interchangeable with polarssl/mbedtls 1.3.x (interim mixed naming because of new ownership) or newer 2.x series. Fortunately we don't have any package in the tree that uses polarssl exclusively. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> [Thomas: - Remove entry in DEVELOPERS file for this package. Noticed by Arnout. - Remove comment in bctoolbox.mk that no longer makes sense after polarssl removal. Noticed by Arnout.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* MIPS: replace every BR2_mips_* with the new MIPS CPU optionsVicente Olivert Riera2016-10-151-1/+1
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* polarssl: security bump to version 1.2.19Gustavo Zacarias2016-02-082-3/+3
| | | | | | | | | | | Fix bug in certificate validation that caused valid chains to be rejected when the first intermediate certificate has pathLenConstraint=0. Removed potential leak in rsa_rsassa_pkcs1_v15_sign(). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: disable assembly for MIPS R6Vicente Olivert Riera2015-11-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/c34/c343c68d3e0dae4a7ecd59693298a9622bc56662/ Is not yet supported and the compilation will fail like this: [ 4%] Building C object library/CMakeFiles/polarssl.dir/bignum.c.o /tmp/ccLDxl9G.s: Assembler messages: /tmp/ccLDxl9G.s:92: Error: opcode not supported on this processor: mips32r6 (mips32r6) `multu $13,$14' /tmp/ccLDxl9G.s:93: Error: opcode not supported on this processor: mips32r6 (mips32r6) `addi $10,$10,4' /tmp/ccLDxl9G.s:94: Error: opcode not supported on this processor: mips32r6 (mips32r6) `mflo $14' /tmp/ccLDxl9G.s:95: Error: opcode not supported on this processor: mips32r6 (mips32r6) `mfhi $9' [...] Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* polarssl: security bump to version 1.2.18Gustavo Zacarias2015-11-122-3/+3
| | | | | | | | | | | | | | | | | | Fixes a potential heap corruption on Windows when mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. This cannot be triggered remotely. Found by Guido Vranken, Intelworks. Fixes a potential buffer overflow in some asn1_write_xxx() functions. This cannot be triggered remotely unless you create X.509 certificates based on untrusted input or write keys of untrusted origin. Found by Guido Vranken, Intelworks. The X509 max_pathlen constraint was not enforced on intermediate certificates. Found by Nicholas Wilson, and fix and tests provided by Janos Follath. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* polarssl: security bump to version 1.2.17Gustavo Zacarias2015-10-162-3/+3
| | | | | | | | | | | | | Fixes: CVE-2015-5291 - Remote attack on clients using session tickets or SNI Also includes countermeasures against Lenstra's RSA-CRT attach for PKCS#1 v1.5 signatures (1.2.16) and the Logjam attack (1.2.15). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* polarssl: security bump to version 1.2.14Gustavo Zacarias2015-07-042-3/+3
| | | | | | | | | Fixes one remotely-triggerable issue that was found by the Codenomicon Defensics tool, one potential remote crash and countermeasures against the "Lucky 13 strikes back" cache-based attack. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: switch download URLGustavo Zacarias2015-03-312-2/+2
| | | | | | | | | | Old wget versions aren't very happy with https moves/alt names hence complain when trying to download from said sites. Since polarssl is now mbed tls and everything got renamed switch to the new URL to avoid this. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: security bump to version 1.2.13Gustavo Zacarias2015-02-193-22/+3
| | | | | | | | | Includes the previous CVE-2015-1182 fix (patch dropped) and other fixes (security and non) from the 1.3 branch (no CVEs yet), see release notes: https://polarssl.org/tech-updates/releases/polarssl-1.2.13-released Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: add fix for CVE-2015-1182Gustavo Zacarias2015-01-263-0/+19
| | | | | | | | Fixes CVE-2015-1182 - Remote attack using crafted certificates. Also rename patches to new naming convention. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* polarssl: disable assembly for more scenariosGustavo Zacarias2014-10-274-18/+12
| | | | | | | | | | | | | | Disable assembly optimizations for: Microblaze in general (previously a patch). ARM with debugging in Thumb1/2 mode. This one fixes: http://autobuild.buildroot.net/results/31e/31e8c4e29d51039cd5d213c2fe176a9cc39879da/ Do so in a nicer way with a one-liner sed and drop the patch. And rename patches around, numbering was off. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: security bump to version 1.2.12Gustavo Zacarias2014-10-272-4/+3
| | | | | | | | Fixes several memory leaks. No assigned CVE or Polar-SA yet. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/polarssl: cleanup configure optionsSamuel Martin2014-10-261-1/+0
| | | | | | | Test build is already disabled by the cmake-package infrastructure. Signed-off-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSThomas De Schampheleire2014-10-041-1/+1
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: add hashGustavo Zacarias2014-09-181-0/+3
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/polarssl: fix static linkSamuel Martin2014-08-312-2/+39
| | | | | | | | | | | | - disable shared object build when BR2_PREFER_STATIC_LIB is set - patch the CMake code for handling static/shared object build using standard CMake flags, instead of the ucstom ones. Fixes: http://autobuild.buildroot.net/results/754/754947d2a77a4dbe91057d8ce64fc4996e716ece/ Signed-off-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* polarssl: disable microblaze inline assemblyGustavo Zacarias2014-07-301-0/+18
| | | | | | | | Fixes: http://autobuild.buildroot.net/results/4d5/4d54958ded61a0d929d992e4ca0bb31c996953cb/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: programs need MMUGustavo Zacarias2014-07-151-0/+1
| | | | | | | | Fixes: http://autobuild.buildroot.net/results/b53/b535dfda85c8a25c5192c4be7540c4e852fce717/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: security bump to version 1.2.11Gustavo Zacarias2014-07-124-91/+11
| | | | | | | | | | Fixes CVE-2014-4911 and a few other issues that don't have a CVE assigned (backports from 1.3.x branch). The no programs & shared/static patches are now upstream albeit in a slightly different form. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Config.in files: use if/endif instead of 'depends on' for main symbolThomas De Schampheleire2013-12-251-1/+4
| | | | | | | | | | | | | | | | | | | | | | | In the Config.in file of package foo, it often happens that there are other symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense when foo itself is enabled. There are two ways to express this: with depends on BR2_PACKAGE_FOO in each extra symbol, or with if BR2_PACKAGE_FOO ... endif around the entire set of extra symbols. The if/endif approach avoids the repetition of 'depends on' statements on multiple symbols, so this is clearly preferred. But even when there is only one extra symbol, if/endif is a more logical choice: - it is future-proof for when extra symbols are added - it allows to have just one strategy instead of two (less confusion) This patch modifies the Config.in files accordingly. Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: bump to version 1.2.10Gustavo Zacarias2013-11-062-3/+3
| | | | | | | Fixes a memory leak in RSA blinding. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* polarssl: security bump to version 1.2.9Gustavo Zacarias2013-10-072-3/+3
| | | | | | | Fixes PolarSSL SA 2013-05. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: remove the empty trailing linesJerzy Grzegorek2013-09-131-1/+0
| | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: fix download URLGustavo Zacarias2013-06-271-1/+1
| | | | | | | | | Switch to a non-redirect download URL to fix: http://autobuild.buildroot.net/results/ec3/ec340fffa6eebb18a0746097419359b44c557a90/ Thanks go to Paul Bakker for the quick response! Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: bump to version 1.2.8Gustavo Zacarias2013-06-272-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Add header to packages where missingAlexandre Belloni2013-06-211-0/+6
| | | | | | Reported-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: bump to version 1.2.7Gustavo Zacarias2013-04-172-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: security bump to version 1.2.6Gustavo Zacarias2013-04-012-3/+3
| | | | | | | Fixes CVE-2013-0169. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: security bump to version 1.2.5Gustavo Zacarias2013-02-042-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: bump to version 1.2.3Gustavo Zacarias2012-12-052-6/+6
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: bump to version 1.2.0Gustavo Zacarias2012-11-172-10/+15
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* all packages: rename XXXTARGETS to xxx-packageArnout Vandecappelle (Essensium/Mind)2012-07-171-1/+1
| | | | | | | | | | | | | Also remove the redundant $(call ...). This is a purely mechanical change, performed with find package linux toolchain boot -name \*.mk | \ xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \ -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \ -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* polarssl: bump to version 1.1.4Gustavo Zacarias2012-06-121-1/+1
| | | | | | | | | * Correctly handle empty SSL/TLS packets (Found by James Yonan) * Fixed potential heap corruption in x509_name allocation * Fixed single RSA test that failed on Big Endian systems Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: security bump to version 1.1.3Gustavo Zacarias2012-05-032-2/+2
| | | | | | | Fix for CVE-2012-2130 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* polarssl: new packageThomas Petazzoni2012-04-155-0/+145
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
OpenPOWER on IntegriCloud