openwrt/package/libs/mbedtls/Makefile
Kevin Darbyshire-Bryant e232c6754d mbedtls: update to 2.6.0 CVE-2017-14032
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
2017-09-30 15:24:52 +02:00

73 lines
1.8 KiB
Makefile

#
# Copyright (C) 2011-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls
PKG_VERSION:=2.6.0
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
PKG_SOURCE_URL:=https://tls.mbed.org/download/
PKG_HASH:=a99959d7360def22f9108d2d487c9de384fe76c349697176b1f22370080d5810
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/mbedtls/Default
SUBMENU:=SSL
TITLE:=Embedded SSL
URL:=https://tls.mbed.org
endef
define Package/mbedtls/Default/description
The aim of the mbedtls project is to provide a quality, open-source
cryptographic library written in C and targeted at embedded systems.
endef
define Package/libmbedtls
$(call Package/mbedtls/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE+= (library)
ABI_VERSION:=$(PKG_VERSION)-$(PKG_RELEASE)
endef
define Package/libmbedtls/description
$(call Package/mbedtls/Default/description)
This package contains the mbedtls library.
endef
PKG_INSTALL:=1
TARGET_CFLAGS += -ffunction-sections -fdata-sections
CMAKE_OPTIONS += \
-DCMAKE_BUILD_TYPE:String="Release" \
-DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \
-DENABLE_TESTING:Bool=OFF \
-DENABLE_PROGRAMS:Bool=OFF \
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/
endef
define Package/libmbedtls/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libmbedtls))