mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-23 21:08:23 +00:00
5886a5060a
This fixes the following security problems: * CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
27 lines
864 B
Diff
27 lines
864 B
Diff
mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
|
|
libmbedcrypto.so library, use the old version again to be able to use
|
|
the new library with binaries compiled against the old library.
|
|
|
|
--- a/library/CMakeLists.txt
|
|
+++ b/library/CMakeLists.txt
|
|
@@ -141,7 +141,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
|
|
|
if(USE_SHARED_MBEDTLS_LIBRARY)
|
|
add_library(mbedcrypto SHARED ${src_crypto})
|
|
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.5 SOVERSION 2)
|
|
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.5 SOVERSION 0)
|
|
target_link_libraries(mbedcrypto ${libs})
|
|
|
|
add_library(mbedx509 SHARED ${src_x509})
|
|
--- a/library/Makefile
|
|
+++ b/library/Makefile
|
|
@@ -33,7 +33,7 @@ endif
|
|
|
|
SOEXT_TLS=so.10
|
|
SOEXT_X509=so.0
|
|
-SOEXT_CRYPTO=so.2
|
|
+SOEXT_CRYPTO=so.0
|
|
|
|
# Set DLEXT=dylib to compile as a shared library for Mac OS X
|
|
DLEXT ?= so
|