aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke@hauke-m.de>2016-07-13 17:45:15 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2016-07-13 23:03:03 +0200
commit05cc72944c29300f7af29ea364063b0f24c42e18 (patch)
treea222a2eb3a6cf1501cd21cb2af81fa39f524480e
parentbd20cb272e5a9d6812c4ec905049753943ad513b (diff)
downloadupstream-05cc72944c29300f7af29ea364063b0f24c42e18.tar.gz
upstream-05cc72944c29300f7af29ea364063b0f24c42e18.tar.bz2
upstream-05cc72944c29300f7af29ea364063b0f24c42e18.zip
mbedtls: update to version 2.3.0
This fixes 3 minor security problems. SSLv3 is deactivated by default now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-rw-r--r--package/libs/mbedtls/Makefile4
-rw-r--r--package/libs/mbedtls/patches/200-config.patch53
2 files changed, 24 insertions, 33 deletions
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index 13299cf273..20374adad4 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls
-PKG_VERSION:=2.2.1
+PKG_VERSION:=2.3.0
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
PKG_SOURCE_URL:=https://tls.mbed.org/download/
-PKG_MD5SUM:=bb1bffa3ac5ab143be2aae3d45a7a92b36112888ef465024d83724865fe62974
+PKG_MD5SUM:=21237014f779bde70b2d71399cc1ea53365eb7f10cdd74a13ee6329a1910cb49
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+
diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch
index a3e393e402..e4118ff3ef 100644
--- a/package/libs/mbedtls/patches/200-config.patch
+++ b/package/libs/mbedtls/patches/200-config.patch
@@ -1,6 +1,6 @@
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
-@@ -183,7 +183,7 @@
+@@ -185,7 +185,7 @@
*
* Uncomment to get errors on using deprecated functions.
*/
@@ -9,7 +9,7 @@
/* \} name SECTION: System support */
-@@ -322,7 +322,7 @@
+@@ -341,7 +341,7 @@
*
* Enable Cipher Feedback mode (CFB) for symmetric ciphers.
*/
@@ -18,7 +18,7 @@
/**
* \def MBEDTLS_CIPHER_MODE_CTR
-@@ -416,13 +416,13 @@
+@@ -435,13 +435,13 @@
*
* Comment macros to disable the curve and functions for it
*/
@@ -36,7 +36,7 @@
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-@@ -438,7 +438,7 @@
+@@ -457,7 +457,7 @@
*
* Comment this macro to disable NIST curves optimisation.
*/
@@ -45,7 +45,7 @@
/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
-@@ -498,7 +498,7 @@
+@@ -517,7 +517,7 @@
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
*/
@@ -54,7 +54,7 @@
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-@@ -543,7 +543,7 @@
+@@ -562,7 +562,7 @@
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
*/
@@ -63,7 +63,7 @@
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-@@ -597,7 +597,7 @@
+@@ -616,7 +616,7 @@
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
@@ -72,7 +72,7 @@
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-@@ -670,7 +670,7 @@
+@@ -689,7 +689,7 @@
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
*/
@@ -81,7 +81,7 @@
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-@@ -694,7 +694,7 @@
+@@ -713,7 +713,7 @@
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
*/
@@ -90,7 +90,7 @@
/**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-@@ -832,7 +832,7 @@
+@@ -879,7 +879,7 @@
*
* Comment this macro to disable support for external private RSA keys.
*/
@@ -99,7 +99,7 @@
/**
* \def MBEDTLS_PKCS1_V15
-@@ -864,14 +864,14 @@
+@@ -911,14 +911,14 @@
* Uncomment this macro to disable the use of CRT in RSA.
*
*/
@@ -116,7 +116,7 @@
/**
* \def MBEDTLS_SHA256_SMALLER
-@@ -887,7 +887,7 @@
+@@ -934,7 +934,7 @@
*
* Uncomment to enable the smaller implementation of SHA256.
*/
@@ -125,16 +125,7 @@
/**
* \def MBEDTLS_SSL_AEAD_RANDOM_IV
-@@ -1060,7 +1060,7 @@
- *
- * Comment this macro to disable support for SSL 3.0
- */
--#define MBEDTLS_SSL_PROTO_SSL3
-+//#define MBEDTLS_SSL_PROTO_SSL3
-
- /**
- * \def MBEDTLS_SSL_PROTO_TLS1
-@@ -1224,7 +1224,7 @@
+@@ -1271,7 +1271,7 @@
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
@@ -143,7 +134,7 @@
/**
* \def MBEDTLS_THREADING_ALT
-@@ -1460,7 +1460,7 @@
+@@ -1507,7 +1507,7 @@
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
@@ -152,7 +143,7 @@
/**
* \def MBEDTLS_ASN1_PARSE_C
-@@ -1525,7 +1525,7 @@
+@@ -1572,7 +1572,7 @@
*
* Module: library/blowfish.c
*/
@@ -161,7 +152,7 @@
/**
* \def MBEDTLS_CAMELLIA_C
-@@ -1580,7 +1580,7 @@
+@@ -1627,7 +1627,7 @@
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/
@@ -170,7 +161,7 @@
/**
* \def MBEDTLS_CCM_C
-@@ -1594,7 +1594,7 @@
+@@ -1641,7 +1641,7 @@
* This module enables the AES-CCM ciphersuites, if other requisites are
* enabled as well.
*/
@@ -179,7 +170,7 @@
/**
* \def MBEDTLS_CERTS_C
-@@ -1606,7 +1606,7 @@
+@@ -1653,7 +1653,7 @@
*
* This module is used for testing (ssl_client/server).
*/
@@ -188,7 +179,7 @@
/**
* \def MBEDTLS_CIPHER_C
-@@ -1646,7 +1646,7 @@
+@@ -1693,7 +1693,7 @@
*
* This module provides debugging functions.
*/
@@ -197,7 +188,7 @@
/**
* \def MBEDTLS_DES_C
-@@ -1686,7 +1686,7 @@
+@@ -1733,7 +1733,7 @@
* This module is used by the following key exchanges:
* DHE-RSA, DHE-PSK
*/
@@ -206,7 +197,7 @@
/**
* \def MBEDTLS_ECDH_C
-@@ -2096,7 +2096,7 @@
+@@ -2151,7 +2151,7 @@
* Caller: library/mbedtls_md.c
*
*/
@@ -215,7 +206,7 @@
/**
* \def MBEDTLS_RSA_C
-@@ -2394,7 +2394,7 @@
+@@ -2461,7 +2461,7 @@
* Module: library/xtea.c
* Caller:
*/