* [Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1
@ 2020-06-15 20:31 Fabrice Fontaine
2020-06-17 20:08 ` Thomas Petazzoni
2020-07-15 19:44 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2020-06-15 20:31 UTC (permalink / raw)
To: buildroot
- Switch site to github
- License is now EPL-1.0 or EDLv1.0 as specified in the new LICENSE file
- Update indentation of hash file (two spaces)
- Drop first patch (already in version) and second patch (not needed since
https://github.com/eclipse/tinydtls/commit/f1ff324a4d1cc14dc6e1c3a88ea16f0242e106de)
- Fix CVE-2017-7243 as specified in
https://github.com/eclipse/tinydtls/issues/12 as well as other
security issues:
https://github.com/eclipse/tinydtls/commit/68a1cdaff9e329e13ea59529f1eb61b05632c297
https://github.com/eclipse/tinydtls/commit/494a40dfbb174930ca616e560532d52549736b42
https://github.com/eclipse/tinydtls/commit/2d9f0a82377277af1be8d559d18e30477d63e8ec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...kefile.in-to-allow-cross-compilation.patch | 170 ------------------
...2-Fix-compilation-of-tests-directory.patch | 31 ----
package/tinydtls/Config.in | 2 +-
package/tinydtls/tinydtls.hash | 4 +-
package/tinydtls/tinydtls.mk | 12 +-
5 files changed, 9 insertions(+), 210 deletions(-)
delete mode 100644 package/tinydtls/0001-Update-Makefile.in-to-allow-cross-compilation.patch
delete mode 100644 package/tinydtls/0002-Fix-compilation-of-tests-directory.patch
diff --git a/package/tinydtls/0001-Update-Makefile.in-to-allow-cross-compilation.patch b/package/tinydtls/0001-Update-Makefile.in-to-allow-cross-compilation.patch
deleted file mode 100644
index 5e91f2ee5d..0000000000
--- a/package/tinydtls/0001-Update-Makefile.in-to-allow-cross-compilation.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From a6f312dfb4497d5e72664c4772a8b122e25b81d8 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fabrice.fontaine@orange.com>
-Date: Tue, 26 Jul 2016 09:09:53 +0200
-Subject: [PATCH] Update Makefile.in to allow cross-compilation
-
-Use CC, CPP and DESTDIR environment variables passed to configure in Makefile.in files
-Fix definition of LIBS and LDFLAGS (LDFLAGS was set to @LIBS@)
-
-Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
----
- Makefile.in | 13 ++++++++-----
- aes/Makefile.in | 7 +++++--
- doc/Makefile.in | 4 ++--
- ecc/Makefile.in | 7 +++++--
- sha2/Makefile.in | 7 +++++--
- tests/Makefile.in | 4 +++-
- 6 files changed, 28 insertions(+), 14 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 38cc665..7dcd424 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -40,7 +40,9 @@ OBJECTS:= $(patsubst %.c, %.o, $(SOURCES)) $(SUB_OBJECTS)
- HEADERS:=dtls.h hmac.h dtls_debug.h dtls_config.h uthash.h numeric.h crypto.h global.h ccm.h \
- netq.h alert.h utlist.h prng.h peer.h state.h dtls_time.h session.h \
- tinydtls.h
-+CC:=@CC@
- CFLAGS:=-Wall -pedantic -std=c99 @CFLAGS@
-+CPP:=@CPP@
- CPPFLAGS:=@CPPFLAGS@ -DDTLS_CHECK_CONTENTTYPE
- SUBDIRS:=tests doc platform-specific sha2 aes ecc
- DISTSUBDIRS:=$(SUBDIRS)
-@@ -48,7 +50,8 @@ DISTDIR=$(top_builddir)/$(package)
- FILES:=Makefile.in configure configure.in dtls_config.h.in tinydtls.h.in \
- Makefile.tinydtls $(SOURCES) $(HEADERS)
- LIB:=libtinydtls.a
--LDFLAGS:=@LIBS@
-+LDFLAGS:=@LDFLAGS@
-+LIBS:=@LIBS@
- ARFLAGS:=cru
- doc:=doc
-
-@@ -100,10 +103,10 @@ dist: $(FILES) $(DISTSUBDIRS)
- tar czf $(package).tar.gz $(DISTDIR)
-
- install: $(LIB) $(HEADERS) $(SUBDIRS)
-- test -d $(libdir) || mkdir -p $(libdir)
-- test -d $(includedir) || mkdir -p $(includedir)
-- $(install) $(LIB) $(libdir)/
-- $(install) $(HEADERS) $(includedir)/
-+ test -d $(DESTDIR)$(libdir) || mkdir -p $(DESTDIR)$(libdir)
-+ test -d $(DESTDIR)$(includedir) || mkdir -p $(DESTDIR)$(includedir)
-+ $(install) $(LIB) $(DESTDIR)$(libdir)/
-+ $(install) $(HEADERS) $(DESTDIR)$(includedir)/
- for dir in $(SUBDIRS); do \
- $(MAKE) -C $$dir install="$(install)" includedir=$(includedir) install; \
- done
-diff --git a/aes/Makefile.in b/aes/Makefile.in
-index 7c9f6ef..9ff7799 100644
---- a/aes/Makefile.in
-+++ b/aes/Makefile.in
-@@ -28,8 +28,11 @@ top_srcdir:= @top_srcdir@
- SOURCES:= rijndael.c
- HEADERS:= rijndael.h
- OBJECTS:= $(patsubst %.c, %.o, $(SOURCES))
-+CPP=@CPP@
- CPPFLAGS=@CPPFLAGS@
-+CC=@CC@
- CFLAGS=-Wall -std=c99 -pedantic @CFLAGS@
-+LDFLAGS=@LDFLAGS@
- LDLIBS=@LIBS@
- FILES:=Makefile.in $(SOURCES) $(HEADERS)
- DISTDIR=$(top_builddir)/@PACKAGE_TARNAME at -@PACKAGE_VERSION@
-@@ -60,8 +63,8 @@ dist: $(FILES)
- cp -p $(FILES) $(DISTDIR)/aes
-
- install: $(HEADERS)
-- test -d $(includedir)/aes || mkdir -p $(includedir)/aes
-- $(install) $(HEADERS) $(includedir)/aes
-+ test -d $(DESTDIR)$(includedir)/aes || mkdir -p $(DESTDIR)$(includedir)/aes
-+ $(install) $(HEADERS) $(DESTDIR)$(includedir)/aes
-
- .gitignore:
- echo "core\n*~\n*.[oa]\n*.gz\n*.cap\n$(PROGRAM)\n$(DISTDIR)\n.gitignore" >$@
-diff --git a/doc/Makefile.in b/doc/Makefile.in
-index a07101e..5ab0a35 100644
---- a/doc/Makefile.in
-+++ b/doc/Makefile.in
-@@ -32,5 +32,5 @@ dist: doc
- cp -r $(FILES) $(DISTDIR)/doc
-
- install: $(doc) html
-- test -d $(htmldir) || mkdir -p $(htmldir)
-- cp -r html/* $(htmldir)
-+ test -d $(DESTDIR)$(htmldir) || mkdir -p $(DESTDIR)$(htmldir)
-+ cp -r html/* $(DESTDIR)$(htmldir)
-diff --git a/ecc/Makefile.in b/ecc/Makefile.in
-index 2ba17a1..2086d4f 100644
---- a/ecc/Makefile.in
-+++ b/ecc/Makefile.in
-@@ -36,8 +36,11 @@ include Makefile.contiki
- else
- ECC_OBJECTS:= $(patsubst %.c, %.o, $(ECC_SOURCES)) ecc_test.o
- PROGRAMS:= testecc testfield
-+CPP=@CPP@
- CPPFLAGS=@CPPFLAGS@
-+CC=@CC@
- CFLAGS=-Wall -std=c99 -pedantic @CFLAGS@ -DTEST_INCLUDE
-+LDFLAGS=@LDFLAGS@
- LDLIBS=@LIBS@
-
- .PHONY: all dirs clean install distclean .gitignore doc
-@@ -74,8 +77,8 @@ dist: $(FILES)
- cp -p $(FILES) $(DISTDIR)/ecc
-
- install: $(HEADERS)
-- test -d $(includedir)/ecc || mkdir -p $(includedir)/ecc
-- $(install) $(HEADERS) $(includedir)/ecc
-+ test -d $(DESTDIR)$(includedir)/ecc || mkdir -p $(DESTDIR)$(includedir)/ecc
-+ $(install) $(ECC_HEADERS) $(DESTDIR)$(includedir)/ecc
-
- .gitignore:
- echo "core\n*~\n*.[oa]\n*.gz\n*.cap\n$(PROGRAM)\n$(DISTDIR)\n.gitignore" >$@
-diff --git a/sha2/Makefile.in b/sha2/Makefile.in
-index 9f19314..69f8793 100644
---- a/sha2/Makefile.in
-+++ b/sha2/Makefile.in
-@@ -28,8 +28,11 @@ top_srcdir:= @top_srcdir@
- SOURCES:= sha2.c
- HEADERS:=sha2.h
- OBJECTS:= $(patsubst %.c, %.o, $(SOURCES))
-+CPP=@CPP@
- CPPFLAGS=@CPPFLAGS@ -I$(top_srcdir)
-+CC=@CC@
- CFLAGS=-Wall -std=c99 -pedantic @CFLAGS@
-+LDFLAGS=@LDFLAGS@
- LDLIBS=@LIBS@
- FILES:=Makefile.in $(SOURCES) $(HEADERS) README sha2prog.c sha2speed.c sha2test.pl
- DISTDIR=$(top_builddir)/@PACKAGE_TARNAME at -@PACKAGE_VERSION@
-@@ -62,8 +65,8 @@ dist: $(FILES)
- cp -pr testvectors $(DISTDIR)/sha2/testvectors
-
- install: $(HEADERS)
-- test -d $(includedir)/sha2 || mkdir -p $(includedir)/sha2
-- $(install) $(HEADERS) $(includedir)/sha2
-+ test -d $(DESTDIR)$(includedir)/sha2 || mkdir -p $(DESTDIR)$(includedir)/sha2
-+ $(install) $(HEADERS) $(DESTDIR)$(includedir)/sha2
-
- .gitignore:
- echo "core\n*~\n*.[oa]\n*.gz\n*.cap\n$(PROGRAM)\n$(DISTDIR)\n.gitignore" >$@
-diff --git a/tests/Makefile.in b/tests/Makefile.in
-index a8a2ed0..b45f440 100644
---- a/tests/Makefile.in
-+++ b/tests/Makefile.in
-@@ -32,9 +32,11 @@ SOURCES:= dtls-server.c ccm-test.c prf-test.c \
- OBJECTS:= $(patsubst %.c, %.o, $(SOURCES))
- PROGRAMS:= $(patsubst %.c, %, $(SOURCES))
- HEADERS:=
-+CC:=@CC@
- CFLAGS:=-Wall @CFLAGS@
-+CPP:=@CPP@
- CPPFLAGS:=-I$(top_srcdir) @CPPFLAGS@
--LDFLAGS:=-L$(top_builddir)
-+LDFLAGS:=-L$(top_builddir) @LDFLAGS@
- LDLIBS:=-ltinydtls @LIBS@
- DISTDIR=$(top_builddir)/@PACKAGE_TARNAME at -@PACKAGE_VERSION@
- FILES:=Makefile.in $(SOURCES) ccm-testdata.c #cbc_aes128-testdata.c
---
-2.7.4
-
diff --git a/package/tinydtls/0002-Fix-compilation-of-tests-directory.patch b/package/tinydtls/0002-Fix-compilation-of-tests-directory.patch
deleted file mode 100644
index 0ab579c45e..0000000000
--- a/package/tinydtls/0002-Fix-compilation-of-tests-directory.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From c629a108f5d03cd365c0ba71143ad507f6cd97f0 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fabrice.fontaine@orange.com>
-Date: Thu, 28 Jul 2016 08:36:06 +0200
-Subject: [PATCH] Fix compilation of tests directory
-
-binaries in tests subdirectory depends on libtinydtls so add $(LIB) dependency
-for dirs target in Makefile.in
-
-Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
----
- Makefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 7dcd424..c493705 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -68,8 +68,8 @@ check:
- echo top_builddir: $(top_builddir)
- $(MAKE) -C tests check
-
--dirs: $(SUBDIRS)
-- for dir in $^; do \
-+dirs: $(LIB) $(SUBDIRS)
-+ for dir in $(SUBDIRS); do \
- $(MAKE) -C $$dir ; \
- done
-
---
-2.7.4
-
diff --git a/package/tinydtls/Config.in b/package/tinydtls/Config.in
index 2f90eb2436..98cbbb5875 100644
--- a/package/tinydtls/Config.in
+++ b/package/tinydtls/Config.in
@@ -7,7 +7,7 @@ config BR2_PACKAGE_TINYDTLS
machine. It is implemented in C and provides support for
the mandatory cipher suites specified in CoAP.
- https://sourceforge.net/projects/tinydtls
+ https://projects.eclipse.org/projects/iot.tinydtls
comment "tinydtls needs a toolchain w/ threads"
depends on !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/tinydtls/tinydtls.hash b/package/tinydtls/tinydtls.hash
index 66644df7a1..be6bf182e7 100644
--- a/package/tinydtls/tinydtls.hash
+++ b/package/tinydtls/tinydtls.hash
@@ -1,3 +1,3 @@
# Locally computed:
-sha256 ccf6d8fbae03fb2e0ba32878ed8e57d8b4f73538b1064df90a3e764da5fac010 tinydtls-0.8.2.tar.gz
-sha256 65fbf31c3551633e7dcc051fac80f2c1a73b0b077af9ed564d726155dfc40513 tinydtls.h
+sha256 af73742835b5a66dc0b4a9c126ca8243b5db2986b4969d76e2b4531aa7e13f67 tinydtls-0.9-rc1.tar.gz
+sha256 7e906fb56da52bb6bba38e77eec00e7d37fe65b0b7b28c4bf68ff036573d0de5 LICENSE
diff --git a/package/tinydtls/tinydtls.mk b/package/tinydtls/tinydtls.mk
index fe250014ca..2ae76f11c8 100644
--- a/package/tinydtls/tinydtls.mk
+++ b/package/tinydtls/tinydtls.mk
@@ -4,13 +4,13 @@
#
################################################################################
-TINYDTLS_REL = r5
-TINYDTLS_VERSION = 0.8.2
-TINYDTLS_SITE = http://downloads.sourceforge.net/project/tinydtls/$(TINYDTLS_REL)
-TINYDTLS_LICENSE = MIT
-TINYDTLS_LICENSE_FILES = tinydtls.h
+TINYDTLS_VERSION = 0.9-rc1
+TINYDTLS_SITE = $(call github,eclipse,tinydtls,v$(TINYDTLS_VERSION))
+TINYDTLS_LICENSE = EPL-1.0 or EDLv1.0
+TINYDTLS_LICENSE_FILES = LICENSE
TINYDTLS_INSTALL_STAGING = YES
-TINYDTLS_STRIP_COMPONENTS = 2
+# From git
+TINYDTLS_AUTORECONF = YES
# use inttypes.h data types instead of u_intXX_t for musl compatibility
TINYDTLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -DSHA2_USE_INTTYPES_H"
--
2.26.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1
2020-06-15 20:31 [Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1 Fabrice Fontaine
@ 2020-06-17 20:08 ` Thomas Petazzoni
2020-06-17 20:18 ` Fabrice Fontaine
2020-07-15 19:44 ` Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Thomas Petazzoni @ 2020-06-17 20:08 UTC (permalink / raw)
To: buildroot
Hello,
On Mon, 15 Jun 2020 22:31:50 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> - Switch site to github
> - License is now EPL-1.0 or EDLv1.0 as specified in the new LICENSE file
> - Update indentation of hash file (two spaces)
> - Drop first patch (already in version) and second patch (not needed since
> https://github.com/eclipse/tinydtls/commit/f1ff324a4d1cc14dc6e1c3a88ea16f0242e106de)
> - Fix CVE-2017-7243 as specified in
> https://github.com/eclipse/tinydtls/issues/12 as well as other
> security issues:
> https://github.com/eclipse/tinydtls/commit/68a1cdaff9e329e13ea59529f1eb61b05632c297
> https://github.com/eclipse/tinydtls/commit/494a40dfbb174930ca616e560532d52549736b42
> https://github.com/eclipse/tinydtls/commit/2d9f0a82377277af1be8d559d18e30477d63e8ec
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
I've applied to master. See below some comments.
> -TINYDTLS_REL = r5
> -TINYDTLS_VERSION = 0.8.2
> -TINYDTLS_SITE = http://downloads.sourceforge.net/project/tinydtls/$(TINYDTLS_REL)
> -TINYDTLS_LICENSE = MIT
> -TINYDTLS_LICENSE_FILES = tinydtls.h
> +TINYDTLS_VERSION = 0.9-rc1
A bit annoying that we have to point to a release candidate version.
> +TINYDTLS_SITE = $(call github,eclipse,tinydtls,v$(TINYDTLS_VERSION))
> +TINYDTLS_LICENSE = EPL-1.0 or EDLv1.0
I've changed EDLv1.0 to EDL-1.0. Even though there is no official SPDX
tag for this license, SPDX always uses <initials>-<version>, so we're
trying to stick to that as well;
Applied, thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1
2020-06-17 20:08 ` Thomas Petazzoni
@ 2020-06-17 20:18 ` Fabrice Fontaine
0 siblings, 0 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2020-06-17 20:18 UTC (permalink / raw)
To: buildroot
Hi,
Le mer. 17 juin 2020 ? 22:08, Thomas Petazzoni
<thomas.petazzoni@bootlin.com> a ?crit :
>
> Hello,
>
> On Mon, 15 Jun 2020 22:31:50 +0200
> Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
>
> > - Switch site to github
> > - License is now EPL-1.0 or EDLv1.0 as specified in the new LICENSE file
> > - Update indentation of hash file (two spaces)
> > - Drop first patch (already in version) and second patch (not needed since
> > https://github.com/eclipse/tinydtls/commit/f1ff324a4d1cc14dc6e1c3a88ea16f0242e106de)
> > - Fix CVE-2017-7243 as specified in
> > https://github.com/eclipse/tinydtls/issues/12 as well as other
> > security issues:
> > https://github.com/eclipse/tinydtls/commit/68a1cdaff9e329e13ea59529f1eb61b05632c297
> > https://github.com/eclipse/tinydtls/commit/494a40dfbb174930ca616e560532d52549736b42
> > https://github.com/eclipse/tinydtls/commit/2d9f0a82377277af1be8d559d18e30477d63e8ec
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>
> I've applied to master. See below some comments.
>
> > -TINYDTLS_REL = r5
> > -TINYDTLS_VERSION = 0.8.2
> > -TINYDTLS_SITE = http://downloads.sourceforge.net/project/tinydtls/$(TINYDTLS_REL)
> > -TINYDTLS_LICENSE = MIT
> > -TINYDTLS_LICENSE_FILES = tinydtls.h
> > +TINYDTLS_VERSION = 0.9-rc1
>
> A bit annoying that we have to point to a release candidate version.
I know, I asked for a release and you can find upstream's feedback
here: https://github.com/eclipse/tinydtls/issues/35.
>
> > +TINYDTLS_SITE = $(call github,eclipse,tinydtls,v$(TINYDTLS_VERSION))
> > +TINYDTLS_LICENSE = EPL-1.0 or EDLv1.0
>
> I've changed EDLv1.0 to EDL-1.0. Even though there is no official SPDX
> tag for this license, SPDX always uses <initials>-<version>, so we're
> trying to stick to that as well;
>
> Applied, thanks!
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Best Regards,
Fabrice
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1
2020-06-15 20:31 [Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1 Fabrice Fontaine
2020-06-17 20:08 ` Thomas Petazzoni
@ 2020-07-15 19:44 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2020-07-15 19:44 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Switch site to github
> - License is now EPL-1.0 or EDLv1.0 as specified in the new LICENSE file
> - Update indentation of hash file (two spaces)
> - Drop first patch (already in version) and second patch (not needed since
> https://github.com/eclipse/tinydtls/commit/f1ff324a4d1cc14dc6e1c3a88ea16f0242e106de)
> - Fix CVE-2017-7243 as specified in
> https://github.com/eclipse/tinydtls/issues/12 as well as other
> security issues:
> https://github.com/eclipse/tinydtls/commit/68a1cdaff9e329e13ea59529f1eb61b05632c297
> https://github.com/eclipse/tinydtls/commit/494a40dfbb174930ca616e560532d52549736b42
> https://github.com/eclipse/tinydtls/commit/2d9f0a82377277af1be8d559d18e30477d63e8ec
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-07-15 19:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-15 20:31 [Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1 Fabrice Fontaine
2020-06-17 20:08 ` Thomas Petazzoni
2020-06-17 20:18 ` Fabrice Fontaine
2020-07-15 19:44 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.