From d296361aa8900ca06f2c426365fc1fed5a869b0e Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Fri, 11 Jul 2014 18:06:28 -0300
Subject: [PATCH] polarssl: security bump to version 1.2.11

Fixes CVE-2014-4911 and a few other issues that don't have a CVE assigned
(backports from 1.3.x branch).
The no programs & shared/static patches are now upstream albeit in a
slightly different form.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 ....patch => polarssl-01-no-test-suite.patch} | 17 +++---
 package/polarssl/polarssl-no-programs.patch   | 26 ---------
 .../polarssl-shared-and-static-library.patch  | 55 -------------------
 package/polarssl/polarssl.mk                  |  4 +-
 4 files changed, 11 insertions(+), 91 deletions(-)
 rename package/polarssl/{polarssl-no-test-suite.patch => polarssl-01-no-test-suite.patch} (58%)
 delete mode 100644 package/polarssl/polarssl-no-programs.patch
 delete mode 100644 package/polarssl/polarssl-shared-and-static-library.patch

diff --git a/package/polarssl/polarssl-no-test-suite.patch b/package/polarssl/polarssl-01-no-test-suite.patch
similarity index 58%
rename from package/polarssl/polarssl-no-test-suite.patch
rename to package/polarssl/polarssl-01-no-test-suite.patch
index 7e0744132d..4c8552a948 100644
--- a/package/polarssl/polarssl-no-test-suite.patch
+++ b/package/polarssl/polarssl-01-no-test-suite.patch
@@ -4,13 +4,14 @@ By default, PolarSSL builds a fairly extensive test suite to validate
 the library. In the context of Buildroot, building this test suite is
 not really useful, so we add a BUILD_TESTS to disable its build.
 
+[Gustavo: update for 1.2.11]
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
 
-Index: polarssl-1.1.1/CMakeLists.txt
-===================================================================
---- polarssl-1.1.1.orig/CMakeLists.txt
-+++ polarssl-1.1.1/CMakeLists.txt
-@@ -27,9 +27,11 @@
+diff -Nura polarssl-1.2.11.orig/CMakeLists.txt polarssl-1.2.11/CMakeLists.txt
+--- polarssl-1.2.11.orig/CMakeLists.txt	2014-07-11 17:14:43.414651327 -0300
++++ polarssl-1.2.11/CMakeLists.txt	2014-07-11 17:23:00.573498626 -0300
+@@ -49,9 +49,11 @@
  add_subdirectory(library)
  add_subdirectory(include)
  
@@ -21,6 +22,6 @@ Index: polarssl-1.1.1/CMakeLists.txt
    add_subdirectory(tests)
 -endif(CMAKE_COMPILER_IS_GNUCC)
 +endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
- 
- add_subdirectory(programs)
- 
+ if(CMAKE_COMPILER_IS_CLANG)
+   add_subdirectory(tests)
+ endif(CMAKE_COMPILER_IS_CLANG)
diff --git a/package/polarssl/polarssl-no-programs.patch b/package/polarssl/polarssl-no-programs.patch
deleted file mode 100644
index f1188716bc..0000000000
--- a/package/polarssl/polarssl-no-programs.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Add the BUILD_PROGRAMS option to disable programs build
-
-By default, PolarSSL builds and installs a large set of companions
-programs, which in some cases are not useful. This patch adds the
-BUILD_PROGRAMS option which allows to disable the build and
-installation of such programs when not needed.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
-Index: polarssl-1.1.1/CMakeLists.txt
-===================================================================
---- polarssl-1.1.1.orig/CMakeLists.txt
-+++ polarssl-1.1.1/CMakeLists.txt
-@@ -33,7 +33,11 @@
-   add_subdirectory(tests)
- endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
- 
--add_subdirectory(programs)
-+option(BUILD_PROGRAMS "Build programs." ON)
-+
-+if(BUILD_PROGRAMS)
-+  add_subdirectory(programs)
-+endif(BUILD_PROGRAMS)
- 
- ADD_CUSTOM_TARGET(apidoc
-                   COMMAND doxygen doxygen/polarssl.doxyfile
diff --git a/package/polarssl/polarssl-shared-and-static-library.patch b/package/polarssl/polarssl-shared-and-static-library.patch
deleted file mode 100644
index 7e41745d36..0000000000
--- a/package/polarssl/polarssl-shared-and-static-library.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Allow both shared and static PolarSSL library
-
-By default, PolarSSL is built as a static library. If the option
-USE_SHARED_POLARSSL_LIBRARY is set, then it is build as a shared
-library. But there is no way of building both the shared and static
-versions.
-
-This patch adds the USE_STATIC_POLARSSL_LIBRARY (which defaults to ON)
-in addition to the existing USE_SHARED_POLARSSL_LIBRARY (which
-defaults to OFF). Both options can be manipulated independently.
-
-[Gustavo: update for polarssl 1.2.10]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -Nura polarssl-1.2.3.orig/library/CMakeLists.txt polarssl-1.2.3/library/CMakeLists.txt
---- polarssl-1.2.3.orig/library/CMakeLists.txt	2012-11-27 17:16:20.735678722 -0300
-+++ polarssl-1.2.3/library/CMakeLists.txt	2012-11-27 17:18:09.760457733 -0300
-@@ -1,4 +1,5 @@
- option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL as a shared library." OFF)
-+option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL as a static library." ON)
- 
- set(src
-      aes.c
-@@ -50,19 +51,23 @@
- set(libs ws2_32)
- endif(WIN32)
- 
--if(NOT USE_SHARED_POLARSSL_LIBRARY)
--
--add_library(polarssl STATIC ${src})
--
--else(NOT USE_SHARED_POLARSSL_LIBRARY)
-+if(USE_SHARED_POLARSSL_LIBRARY)
- 
- add_library(polarssl SHARED ${src})
- set_target_properties(polarssl PROPERTIES VERSION 1.2.10 SOVERSION 3)
-+set_target_properties(polarssl PROPERTIES OUTPUT_NAME polarssl)
-+
-+endif(USE_SHARED_POLARSSL_LIBRARY)
-+
-+if(USE_STATIC_POLARSSL_LIBRARY)
-+
-+add_library(polarssl-static STATIC ${src})
-+set_target_properties(polarssl-static PROPERTIES OUTPUT_NAME polarssl)
- 
--endif(NOT USE_SHARED_POLARSSL_LIBRARY)
-+endif(USE_STATIC_POLARSSL_LIBRARY)
- 
- target_link_libraries(polarssl ${libs})
- 
--install(TARGETS polarssl
-+install(TARGETS polarssl polarssl-static
-         DESTINATION ${LIB_INSTALL_DIR}
-         PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/package/polarssl/polarssl.mk b/package/polarssl/polarssl.mk
index 20486e3ae1..24f09edc6a 100644
--- a/package/polarssl/polarssl.mk
+++ b/package/polarssl/polarssl.mk
@@ -5,13 +5,13 @@
 ################################################################################
 
 POLARSSL_SITE = https://polarssl.org/code/releases
-POLARSSL_VERSION = 1.2.10
+POLARSSL_VERSION = 1.2.11
 POLARSSL_SOURCE = polarssl-$(POLARSSL_VERSION)-gpl.tgz
 POLARSSL_CONF_OPT = \
 	-DUSE_SHARED_POLARSSL_LIBRARY=ON \
 	-DUSE_STATIC_POLARSSL_LIBRARY=ON \
 	-DBUILD_TESTS=OFF \
-	-DBUILD_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
+	-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
 
 POLARSSL_INSTALL_STAGING = YES
 POLARSSL_LICENSE = GPLv2
-- 
2.30.2