diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-05-21 13:58:52 +0200 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-08-08 22:49:59 +0200 |
commit | ea22e3df3eb017840d90d4150a149400b1965724 (patch) | |
tree | 8e4bf6af6d8b9ac39db65fefcd479efebc5517a9 /package/libs/mbedtls/patches/300-soversion-compatibility.patch | |
parent | 0d5a041095a142456176bf0a9a2c4fb02b99016c (diff) | |
download | upstream-ea22e3df3eb017840d90d4150a149400b1965724.tar.gz upstream-ea22e3df3eb017840d90d4150a149400b1965724.tar.bz2 upstream-ea22e3df3eb017840d90d4150a149400b1965724.zip |
mbedtls: Update to 2.12.0
Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel
Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/libs/mbedtls/patches/300-soversion-compatibility.patch')
-rw-r--r-- | package/libs/mbedtls/patches/300-soversion-compatibility.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/package/libs/mbedtls/patches/300-soversion-compatibility.patch b/package/libs/mbedtls/patches/300-soversion-compatibility.patch new file mode 100644 index 0000000000..a352b449f1 --- /dev/null +++ b/package/libs/mbedtls/patches/300-soversion-compatibility.patch @@ -0,0 +1,34 @@ +--- a/library/CMakeLists.txt ++++ b/library/CMakeLists.txt +@@ -159,7 +159,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) + + if(USE_SHARED_MBEDTLS_LIBRARY) + add_library(mbedcrypto SHARED ${src_crypto}) +- set_target_properties(mbedcrypto PROPERTIES VERSION 2.12.0 SOVERSION 3) ++ set_target_properties(mbedcrypto PROPERTIES VERSION 2.12.0 SOVERSION 1) + target_link_libraries(mbedcrypto ${libs}) + + add_library(mbedx509 SHARED ${src_x509}) +@@ -167,7 +167,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) + target_link_libraries(mbedx509 ${libs} mbedcrypto) + + add_library(mbedtls SHARED ${src_tls}) +- set_target_properties(mbedtls PROPERTIES VERSION 2.12.0 SOVERSION 11) ++ set_target_properties(mbedtls PROPERTIES VERSION 2.12.0 SOVERSION 10) + target_link_libraries(mbedtls ${libs} mbedx509) + + install(TARGETS mbedtls mbedx509 mbedcrypto +--- a/library/Makefile ++++ b/library/Makefile +@@ -35,9 +35,9 @@ LOCAL_CFLAGS += -fPIC -fpic + endif + endif + +-SOEXT_TLS=so.11 ++SOEXT_TLS=so.10 + SOEXT_X509=so.0 +-SOEXT_CRYPTO=so.3 ++SOEXT_CRYPTO=so.1 + + # Set AR_DASH= (empty string) to use an ar implentation that does not accept + # the - prefix for command line options (e.g. llvm-ar) |