[Buildroot] [PATCH] polarssl: remove unmaintained
Gustavo Zacarias
gustavo at zacarias.com.ar
Thu Mar 16 13:04:34 UTC 2017
The 1.2.x branch is no longer maintained, so remove it since it's
likely security-vulnerable.
mbedtls is the modern replacement which was renamed from polarssl when
ARM bought them up.
However major releases broke API so polarssl 1.2.x isn't always
interchangeable with polarssl/mbedtls 1.3.x (interim mixed naming
because of new ownership) or newer 2.x series.
Fortunately we don't have any package in the tree that uses polarssl
exclusively.
Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
Config.in.legacy | 9 +++++
package/Config.in | 1 -
package/bctoolbox/Config.in | 3 +-
package/bctoolbox/bctoolbox.mk | 8 +----
package/polarssl/0001-no-test-suite.patch | 27 ---------------
...he-standard-CMake-flag-to-drive-the-share.patch | 39 ----------------------
package/polarssl/Config.in | 32 ------------------
package/polarssl/polarssl.hash | 2 --
package/polarssl/polarssl.mk | 32 ------------------
9 files changed, 11 insertions(+), 142 deletions(-)
delete mode 100644 package/polarssl/0001-no-test-suite.patch
delete mode 100644 package/polarssl/0002-cmake-use-the-standard-CMake-flag-to-drive-the-share.patch
delete mode 100644 package/polarssl/Config.in
delete mode 100644 package/polarssl/polarssl.hash
delete mode 100644 package/polarssl/polarssl.mk
diff --git a/Config.in.legacy b/Config.in.legacy
index 090e60a..a45c4b3 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -145,6 +145,15 @@ endif
###############################################################################
comment "Legacy options removed in 2017.05"
+config BR2_PACKAGE_POLARSSL
+ bool "polarssl has been removed"
+ select BR2_LEGACY
+ help
+ The polarssl crypto library has been removed since the 1.2.x
+ release branch is no longer maintained. Newer upstream
+ branches/releases (mbedtls) have API changes so they're not
+ drop-in replacements.
+
config BR2_NBD_CLIENT
bool "nbd client option was renamed"
select BR2_LEGACY
diff --git a/package/Config.in b/package/Config.in
index 8f1b6e8..07626a2 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -948,7 +948,6 @@ menu "Crypto"
source "package/mbedtls/Config.in"
source "package/nettle/Config.in"
source "package/openssl/Config.in"
- source "package/polarssl/Config.in"
source "package/tinydtls/Config.in"
source "package/trousers/Config.in"
source "package/ustream-ssl/Config.in"
diff --git a/package/bctoolbox/Config.in b/package/bctoolbox/Config.in
index e9e6920..048d012 100644
--- a/package/bctoolbox/Config.in
+++ b/package/bctoolbox/Config.in
@@ -6,8 +6,7 @@ config BR2_PACKAGE_BCTOOLBOX
Utilities library used by Belledonne Communications
softwares like belle-sip, mediastreamer2 and linphone.
- Select BR2_PACKAGE_MBEDTLS (preferred) or
- BR2_PACKAGE_POLARSSL for crypto support.
+ Select BR2_PACKAGE_MBEDTLS for crypto support.
https://github.com/BelledonneCommunications/bctoolbox
diff --git a/package/bctoolbox/bctoolbox.mk b/package/bctoolbox/bctoolbox.mk
index 7826975..f19f36e 100644
--- a/package/bctoolbox/bctoolbox.mk
+++ b/package/bctoolbox/bctoolbox.mk
@@ -13,6 +13,7 @@ BCTOOLBOX_INSTALL_STAGING = YES
# Set CMAKE_SKIP_RPATH to prevent bctoolbox from adding the rpath to
# shared library.
BCTOOLBOX_CONF_OPTS = \
+ -DENABLE_POLARSSL=OFF \
-DENABLE_STRICT=OFF \
-DENABLE_TESTS_COMPONENT=OFF \
-DENABLE_TESTS=OFF \
@@ -28,13 +29,6 @@ else
BCTOOLBOX_CONF_OPTS += -DENABLE_MBEDTLS=OFF
endif
-ifeq ($(BR2_PACKAGE_POLARSSL),y)
-BCTOOLBOX_DEPENDENCIES += polarssl
-BCTOOLBOX_CONF_OPTS += -DENABLE_POLARSSL=ON
-else
-BCTOOLBOX_CONF_OPTS += -DENABLE_POLARSSL=OFF
-endif
-
ifeq ($(BR2_STATIC_LIBS),y)
BCTOOLBOX_CONF_OPTS += -DENABLE_SHARED=OFF -DENABLE_STATIC=ON
else ifeq ($(BR2_SHARED_STATIC_LIBS),y)
diff --git a/package/polarssl/0001-no-test-suite.patch b/package/polarssl/0001-no-test-suite.patch
deleted file mode 100644
index 4c8552a..0000000
--- a/package/polarssl/0001-no-test-suite.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Add BUILD_TESTS option to disable test suite
-
-By default, PolarSSL builds a fairly extensive test suite to validate
-the library. In the context of Buildroot, building this test suite is
-not really useful, so we add a BUILD_TESTS to disable its build.
-
-[Gustavo: update for 1.2.11]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff -Nura polarssl-1.2.11.orig/CMakeLists.txt polarssl-1.2.11/CMakeLists.txt
---- polarssl-1.2.11.orig/CMakeLists.txt 2014-07-11 17:14:43.414651327 -0300
-+++ polarssl-1.2.11/CMakeLists.txt 2014-07-11 17:23:00.573498626 -0300
-@@ -49,9 +49,11 @@
- add_subdirectory(library)
- add_subdirectory(include)
-
--if(CMAKE_COMPILER_IS_GNUCC)
-+option(BUILD_TESTS "Build tests." ON)
-+
-+if(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
- add_subdirectory(tests)
--endif(CMAKE_COMPILER_IS_GNUCC)
-+endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
- if(CMAKE_COMPILER_IS_CLANG)
- add_subdirectory(tests)
- endif(CMAKE_COMPILER_IS_CLANG)
diff --git a/package/polarssl/0002-cmake-use-the-standard-CMake-flag-to-drive-the-share.patch b/package/polarssl/0002-cmake-use-the-standard-CMake-flag-to-drive-the-share.patch
deleted file mode 100644
index d241ae2..0000000
--- a/package/polarssl/0002-cmake-use-the-standard-CMake-flag-to-drive-the-share.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From a14028b0878c1ba27f7c7a6d0962874d0f7f3801 Mon Sep 17 00:00:00 2001
-From: Samuel Martin <s.martin49 at gmail.com>
-Date: Sun, 31 Aug 2014 11:54:37 +0200
-Subject: [PATCH 3/3] cmake: use the standard CMake flag to drive the shared
- object build
-
-If BUILD_SHARED_LIBS is set and not USE_SHARED_POLARSSL_LIBRARY, then
-drive USE_SHARED_POLARSSL_LIBRARY with the BUILD_SHARED_LIBS value.
-
-Signed-off-by: Samuel Martin <s.martin49 at gmail.com>
----
- library/CMakeLists.txt | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
-index 27bd2e0..2ae0aba 100644
---- a/library/CMakeLists.txt
-+++ b/library/CMakeLists.txt
-@@ -1,5 +1,15 @@
--option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
--option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
-+# Use the standard CMake flag to drive the shared object build.
-+if(DEFINED BUILD_SHARED_LIBS AND NOT DEFINED USE_STATIC_POLARSSL_LIBRARY AND NOT DEFINED USE_SHARED_POLARSSL_LIBRARY)
-+ set(USE_STATIC_POLARSSL_LIBRARY ON)
-+ if(BUILD_SHARED_LIBS)
-+ set(USE_SHARED_POLARSSL_LIBRARY ON)
-+ else()
-+ set(USE_SHARED_POLARSSL_LIBRARY OFF)
-+ endif()
-+else()
-+ option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
-+ option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
-+endif()
-
- set(src
- aes.c
---
-2.1.0
-
diff --git a/package/polarssl/Config.in b/package/polarssl/Config.in
deleted file mode 100644
index 17125a3..0000000
--- a/package/polarssl/Config.in
+++ /dev/null
@@ -1,32 +0,0 @@
-config BR2_PACKAGE_POLARSSL
- bool "polarssl"
- help
- PolarSSL is an SSL library written in ANSI C. PolarSSL makes
- it easy for developers to include cryptographic and SSL/TLS
- capabilities in their (embedded) products with as little
- hassle as possible. It is designed to be readable,
- documented, tested, loosely coupled and portable.
-
- Warning: PolarSSL is licensed under the GPL. If you want to
- use it in your own proprietary applications, you have to
- purchase a commercial license.
-
- https://tls.mbed.org/
-
-if BR2_PACKAGE_POLARSSL
-
-config BR2_PACKAGE_POLARSSL_PROGRAMS
- bool "polarssl programs"
- depends on BR2_USE_MMU # fork()
- help
- This option enables the installation and the build of
- PolarSSL companion programs: aescrypt2, benchmark, cert_app,
- crl_app, crypt_and_hash, dh_client, dh_genprime, dh_server,
- gen_entropy, generic_sum, gen_random_ctr_drbg,
- gen_random_havege, hello, key_app, md5sum, mpi_demo,
- rsa_decrypt, rsa_encrypt, rsa_genkey, rsa_sign, rsa_verify,
- selftest, sha1sum, sha2sum, ssi-cgi, ssl_cert_test,
- ssl_client1, ssl_client2, ssl_fork_server, ssl_mail_client,
- ssl_server, ssl_test
-
-endif
diff --git a/package/polarssl/polarssl.hash b/package/polarssl/polarssl.hash
deleted file mode 100644
index 3f1871c..0000000
--- a/package/polarssl/polarssl.hash
+++ /dev/null
@@ -1,2 +0,0 @@
-# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released
-sha256 24cb1608a160101ead3c7240f35fc447fe7880cd60f7ed6c9db7a1d773ccd4b8 polarssl-1.2.19-gpl.tgz
diff --git a/package/polarssl/polarssl.mk b/package/polarssl/polarssl.mk
deleted file mode 100644
index 7f4c582..0000000
--- a/package/polarssl/polarssl.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-################################################################################
-#
-# polarssl
-#
-################################################################################
-
-POLARSSL_SITE = https://tls.mbed.org/code/releases
-POLARSSL_VERSION = 1.2.19
-POLARSSL_SOURCE = polarssl-$(POLARSSL_VERSION)-gpl.tgz
-POLARSSL_CONF_OPTS = \
- -DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
-
-POLARSSL_INSTALL_STAGING = YES
-POLARSSL_LICENSE = GPLv2
-POLARSSL_LICENSE_FILES = LICENSE
-
-define POLARSSL_DISABLE_ASM
- $(SED) '/^#define POLARSSL_HAVE_ASM/d' $(@D)/include/polarssl/config.h
-endef
-
-# ARM in thumb mode breaks debugging with asm optimizations
-# Microblaze asm optimizations are broken in general
-# MIPS R6 asm is not yet supported
-ifeq ($(BR2_ENABLE_DEBUG)$(BR2_ARM_INSTRUCTIONS_THUMB)$(BR2_ARM_INSTRUCTIONS_THUMB2),yy)
-POLARSSL_POST_CONFIGURE_HOOKS += POLARSSL_DISABLE_ASM
-else ifeq ($(BR2_microblaze),y)
-POLARSSL_POST_CONFIGURE_HOOKS += POLARSSL_DISABLE_ASM
-else ifeq ($(BR2_MIPS_CPU_MIPS32R6)$(BR2_MIPS_CPU_MIPS64R6),y)
-POLARSSL_POST_CONFIGURE_HOOKS += POLARSSL_DISABLE_ASM
-endif
-
-$(eval $(cmake-package))
--
2.10.2
More information about the buildroot
mailing list