package/tinydtls: security bump to version 0.9-rc1

- Switch site to github - License is now EPL-1.0 or EDL-1.0 as specified in the new LICENSE file - Update indentation of hash file (two spaces) - Drop first patch (already in version) and second patch (not needed since f1ff324a4d) - Fix CVE-2017-7243 as specified in https://github.com/eclipse/tinydtls/issues/12 as well as other security issues: 68a1cdaff9 494a40dfbb 2d9f0a8237 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2024-11-27 15:33:28 +08:00 · 2020-06-15 22:31:50 +02:00 · 2020-06-15 22:31:50 +02:00 · 1d14a3349d
commit 1d14a3349d
parent 9815f143ff
5 changed files with 9 additions and 210 deletions
--- a/package/tinydtls/0001-Update-Makefile.in-to-allow-cross-compilation.patch
+++ b/package/tinydtls/0001-Update-Makefile.in-to-allow-cross-compilation.patch
@ -1,170 +0,0 @@
-From a6f312dfb4497d5e72664c4772a8b122e25b81d8 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fabrice.fontaine@orange.com>
-Date: Tue, 26 Jul 2016 09:09:53 +0200
-Subject: [PATCH] Update Makefile.in to allow cross-compilation
-
-Use CC, CPP and DESTDIR environment variables passed to configure in Makefile.in files
-Fix definition of LIBS and LDFLAGS (LDFLAGS was set to @LIBS@)
-
-Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
---
- Makefile.in       | 13 ++++++++-----
- aes/Makefile.in   |  7 +++++--
- doc/Makefile.in   |  4 ++--
- ecc/Makefile.in   |  7 +++++--
- sha2/Makefile.in  |  7 +++++--
- tests/Makefile.in |  4 +++-
- 6 files changed, 28 insertions(+), 14 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 38cc665..7dcd424 100644
--- a/Makefile.in
-+++ b/Makefile.in
-@@ -40,7 +40,9 @@ OBJECTS:= $(patsubst %.c, %.o, $(SOURCES)) $(SUB_OBJECTS)
- HEADERS:=dtls.h hmac.h dtls_debug.h dtls_config.h uthash.h numeric.h crypto.h global.h ccm.h \
-  netq.h alert.h utlist.h prng.h peer.h state.h dtls_time.h session.h \
-  tinydtls.h
-+CC:=@CC@
- CFLAGS:=-Wall -pedantic -std=c99 @CFLAGS@
-+CPP:=@CPP@
- CPPFLAGS:=@CPPFLAGS@ -DDTLS_CHECK_CONTENTTYPE
- SUBDIRS:=tests doc platform-specific sha2 aes ecc
- DISTSUBDIRS:=$(SUBDIRS)
-@@ -48,7 +50,8 @@ DISTDIR=$(top_builddir)/$(package)
- FILES:=Makefile.in configure configure.in dtls_config.h.in tinydtls.h.in \
-   Makefile.tinydtls $(SOURCES) $(HEADERS)
- LIB:=libtinydtls.a
-LDFLAGS:=@LIBS@
-+LDFLAGS:=@LDFLAGS@
-+LIBS:=@LIBS@
- ARFLAGS:=cru
- doc:=doc
- 
-@@ -100,10 +103,10 @@ dist:	$(FILES) $(DISTSUBDIRS)
- 	tar czf $(package).tar.gz $(DISTDIR)
- 
- install:	$(LIB) $(HEADERS) $(SUBDIRS)
-	test -d $(libdir) || mkdir -p $(libdir)
-	test -d $(includedir) || mkdir -p $(includedir)
-	$(install) $(LIB) $(libdir)/
-	$(install) $(HEADERS) $(includedir)/
-+	test -d $(DESTDIR)$(libdir) || mkdir -p $(DESTDIR)$(libdir)
-+	test -d $(DESTDIR)$(includedir) || mkdir -p $(DESTDIR)$(includedir)
-+	$(install) $(LIB) $(DESTDIR)$(libdir)/
-+	$(install) $(HEADERS) $(DESTDIR)$(includedir)/
- 	for dir in $(SUBDIRS); do \
- 		$(MAKE) -C $$dir install="$(install)" includedir=$(includedir) install; \
- 	done
-diff --git a/aes/Makefile.in b/aes/Makefile.in
-index 7c9f6ef..9ff7799 100644
--- a/aes/Makefile.in
-+++ b/aes/Makefile.in
-@@ -28,8 +28,11 @@ top_srcdir:= @top_srcdir@
- SOURCES:= rijndael.c
- HEADERS:= rijndael.h
- OBJECTS:= $(patsubst %.c, %.o, $(SOURCES))
-+CPP=@CPP@
- CPPFLAGS=@CPPFLAGS@
-+CC=@CC@
- CFLAGS=-Wall -std=c99 -pedantic @CFLAGS@
-+LDFLAGS=@LDFLAGS@
- LDLIBS=@LIBS@
- FILES:=Makefile.in $(SOURCES) $(HEADERS) 
- DISTDIR=$(top_builddir)/@PACKAGE_TARNAME@-@PACKAGE_VERSION@
-@@ -60,8 +63,8 @@ dist:	$(FILES)
- 	cp -p $(FILES) $(DISTDIR)/aes
- 
- install:	$(HEADERS)
-	test -d $(includedir)/aes || mkdir -p $(includedir)/aes
-	$(install) $(HEADERS) $(includedir)/aes
-+	test -d $(DESTDIR)$(includedir)/aes || mkdir -p $(DESTDIR)$(includedir)/aes
-+	$(install) $(HEADERS) $(DESTDIR)$(includedir)/aes
- 
- .gitignore:
- 	echo "core\n*~\n*.[oa]\n*.gz\n*.cap\n$(PROGRAM)\n$(DISTDIR)\n.gitignore" >$@
-diff --git a/doc/Makefile.in b/doc/Makefile.in
-index a07101e..5ab0a35 100644
--- a/doc/Makefile.in
-+++ b/doc/Makefile.in
-@@ -32,5 +32,5 @@ dist:	doc
- 	cp -r $(FILES) $(DISTDIR)/doc
- 
- install:	$(doc) html
-	test -d $(htmldir) || mkdir -p $(htmldir)
-	cp -r html/* $(htmldir)
-+	test -d $(DESTDIR)$(htmldir) || mkdir -p $(DESTDIR)$(htmldir)
-+	cp -r html/* $(DESTDIR)$(htmldir)
-diff --git a/ecc/Makefile.in b/ecc/Makefile.in
-index 2ba17a1..2086d4f 100644
--- a/ecc/Makefile.in
-+++ b/ecc/Makefile.in
-@@ -36,8 +36,11 @@ include Makefile.contiki
- else
- ECC_OBJECTS:= $(patsubst %.c, %.o, $(ECC_SOURCES)) ecc_test.o
- PROGRAMS:= testecc testfield
-+CPP=@CPP@
- CPPFLAGS=@CPPFLAGS@
-+CC=@CC@
- CFLAGS=-Wall -std=c99 -pedantic @CFLAGS@ -DTEST_INCLUDE
-+LDFLAGS=@LDFLAGS@
- LDLIBS=@LIBS@
- 
- .PHONY: all dirs clean install distclean .gitignore doc
-@@ -74,8 +77,8 @@ dist:	$(FILES)
- 	cp -p $(FILES) $(DISTDIR)/ecc
- 
- install:	$(HEADERS)
-	test -d $(includedir)/ecc || mkdir -p $(includedir)/ecc
-	$(install) $(HEADERS) $(includedir)/ecc
-+	test -d $(DESTDIR)$(includedir)/ecc || mkdir -p $(DESTDIR)$(includedir)/ecc
-+	$(install) $(ECC_HEADERS) $(DESTDIR)$(includedir)/ecc
- 
- .gitignore:
- 	echo "core\n*~\n*.[oa]\n*.gz\n*.cap\n$(PROGRAM)\n$(DISTDIR)\n.gitignore" >$@
-diff --git a/sha2/Makefile.in b/sha2/Makefile.in
-index 9f19314..69f8793 100644
--- a/sha2/Makefile.in
-+++ b/sha2/Makefile.in
-@@ -28,8 +28,11 @@ top_srcdir:= @top_srcdir@
- SOURCES:= sha2.c
- HEADERS:=sha2.h
- OBJECTS:= $(patsubst %.c, %.o, $(SOURCES))
-+CPP=@CPP@
- CPPFLAGS=@CPPFLAGS@ -I$(top_srcdir)
-+CC=@CC@
- CFLAGS=-Wall -std=c99 -pedantic @CFLAGS@
-+LDFLAGS=@LDFLAGS@
- LDLIBS=@LIBS@
- FILES:=Makefile.in $(SOURCES) $(HEADERS) README sha2prog.c sha2speed.c sha2test.pl 
- DISTDIR=$(top_builddir)/@PACKAGE_TARNAME@-@PACKAGE_VERSION@
-@@ -62,8 +65,8 @@ dist:	$(FILES)
- 	cp -pr testvectors $(DISTDIR)/sha2/testvectors
- 
- install:	$(HEADERS)
-	test -d $(includedir)/sha2 || mkdir -p $(includedir)/sha2
-	$(install) $(HEADERS) $(includedir)/sha2
-+	test -d $(DESTDIR)$(includedir)/sha2 || mkdir -p $(DESTDIR)$(includedir)/sha2
-+	$(install) $(HEADERS) $(DESTDIR)$(includedir)/sha2
- 
- .gitignore:
- 	echo "core\n*~\n*.[oa]\n*.gz\n*.cap\n$(PROGRAM)\n$(DISTDIR)\n.gitignore" >$@
-diff --git a/tests/Makefile.in b/tests/Makefile.in
-index a8a2ed0..b45f440 100644
--- a/tests/Makefile.in
-+++ b/tests/Makefile.in
-@@ -32,9 +32,11 @@ SOURCES:= dtls-server.c ccm-test.c prf-test.c \
- OBJECTS:= $(patsubst %.c, %.o, $(SOURCES))
- PROGRAMS:= $(patsubst %.c, %, $(SOURCES))
- HEADERS:=
-+CC:=@CC@
- CFLAGS:=-Wall @CFLAGS@ 
-+CPP:=@CPP@
- CPPFLAGS:=-I$(top_srcdir) @CPPFLAGS@
-LDFLAGS:=-L$(top_builddir) 
-+LDFLAGS:=-L$(top_builddir) @LDFLAGS@ 
- LDLIBS:=-ltinydtls @LIBS@
- DISTDIR=$(top_builddir)/@PACKAGE_TARNAME@-@PACKAGE_VERSION@
- FILES:=Makefile.in $(SOURCES) ccm-testdata.c #cbc_aes128-testdata.c
-- 
-2.7.4
-
--- a/package/tinydtls/0002-Fix-compilation-of-tests-directory.patch
+++ b/package/tinydtls/0002-Fix-compilation-of-tests-directory.patch
@ -1,31 +0,0 @@
-From c629a108f5d03cd365c0ba71143ad507f6cd97f0 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fabrice.fontaine@orange.com>
-Date: Thu, 28 Jul 2016 08:36:06 +0200
-Subject: [PATCH] Fix compilation of tests directory
-
-binaries in tests subdirectory depends on libtinydtls so add $(LIB) dependency
-for dirs target in Makefile.in
-
-Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
---
- Makefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 7dcd424..c493705 100644
--- a/Makefile.in
-+++ b/Makefile.in
-@@ -68,8 +68,8 @@ check:
- 	echo top_builddir: $(top_builddir)
- 	$(MAKE) -C tests check
- 
-dirs:	$(SUBDIRS)
-	for dir in $^; do \
-+dirs:	$(LIB) $(SUBDIRS)
-+	for dir in $(SUBDIRS); do \
- 		$(MAKE) -C $$dir ; \
- 	done
- 
-- 
-2.7.4
-
--- a/package/tinydtls/Config.in
+++ b/package/tinydtls/Config.in
@ -7,7 +7,7 @@ config BR2_PACKAGE_TINYDTLS
 	  machine.  It is implemented in C and provides support for
 	  the mandatory cipher suites specified in CoAP.

-	  https://sourceforge.net/projects/tinydtls
+	  https://projects.eclipse.org/projects/iot.tinydtls

 comment "tinydtls needs a toolchain w/ threads"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS
--- a/package/tinydtls/tinydtls.hash
+++ b/package/tinydtls/tinydtls.hash
@ -1,3 +1,3 @@
 # Locally computed:
-sha256	ccf6d8fbae03fb2e0ba32878ed8e57d8b4f73538b1064df90a3e764da5fac010	tinydtls-0.8.2.tar.gz
-sha256	65fbf31c3551633e7dcc051fac80f2c1a73b0b077af9ed564d726155dfc40513	tinydtls.h
+sha256  af73742835b5a66dc0b4a9c126ca8243b5db2986b4969d76e2b4531aa7e13f67  tinydtls-0.9-rc1.tar.gz
+sha256  7e906fb56da52bb6bba38e77eec00e7d37fe65b0b7b28c4bf68ff036573d0de5  LICENSE
--- a/package/tinydtls/tinydtls.mk
+++ b/package/tinydtls/tinydtls.mk
@ -4,13 +4,13 @@
 #
 ################################################################################

-TINYDTLS_REL = r5
-TINYDTLS_VERSION = 0.8.2
-TINYDTLS_SITE = http://downloads.sourceforge.net/project/tinydtls/$(TINYDTLS_REL)
-TINYDTLS_LICENSE = MIT
-TINYDTLS_LICENSE_FILES = tinydtls.h
+TINYDTLS_VERSION = 0.9-rc1
+TINYDTLS_SITE = $(call github,eclipse,tinydtls,v$(TINYDTLS_VERSION))
+TINYDTLS_LICENSE = EPL-1.0 or EDL-1.0
+TINYDTLS_LICENSE_FILES = LICENSE
 TINYDTLS_INSTALL_STAGING = YES
-TINYDTLS_STRIP_COMPONENTS = 2
+# From git
+TINYDTLS_AUTORECONF = YES
 # use inttypes.h data types instead of u_intXX_t for musl compatibility
 TINYDTLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -DSHA2_USE_INTTYPES_H"