diff options
| author | fhajny <fhajny@pkgsrc.org> | 2015-06-12 09:05:05 +0000 |
|---|---|---|
| committer | fhajny <fhajny@pkgsrc.org> | 2015-06-12 09:05:05 +0000 |
| commit | c2057a4e37548f5a2b82d77b50befe17337a1729 (patch) | |
| tree | 46082382ffc05854f7a58a649441b23725a22dd3 | |
| parent | 8aab6353884cdf7180cd8cd7b49799ea28a7a1dc (diff) | |
| download | pkgsrc-c2057a4e37548f5a2b82d77b50befe17337a1729.tar.gz | |
Import mbed TLS 1.3.11 as security/mbedtls.
This is former security/polarssl rebranded under a new name, keeping the same
API though and providing the previous libs as symlinks, so should be used as
as drop-in replacement for security/polarssl.
Changelog since polarssl-1.3.9 follows.
= mbed TLS 1.3.11 released 2015-06-04
Security
* With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
extendedKeyUsage on the leaf certificate was lost (results not accessible
via ssl_get_verify_results()).
* Add countermeasure against "Lucky 13 strikes back" cache-based attack,
https://dl.acm.org/citation.cfm?id=2714625
Features
* Improve ECC performance by using more efficient doubling formulas
(contributed by Peter Dettman).
* Add x509_crt_verify_info() to display certificate verification results.
* Add support for reading DH parameters with privateValueLength included
(contributed by Daniel Kahn Gillmor).
* Add support for bit strings in X.509 names (request by Fredrik Axelsson).
* Add support for id-at-uniqueIdentifier in X.509 names.
* Add support for overriding snprintf() (except on Windows) and exit() in
the platform layer.
* Add an option to use macros instead of function pointers in the platform
layer (helps get rid of unwanted references).
* Improved Makefiles for Windows targets by fixing library targets and making
cross-compilation easier (thanks to Alon Bar-Lev).
* The benchmark program also prints heap usage for public-key primitives
if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined.
* New script ecc-heap.sh helps measuring the impact of ECC parameters on
speed and RAM (heap only for now) usage.
* New script memory.sh helps measuring the ROM and RAM requirements of two
reduced configurations (PSK-CCM and NSA suite B).
* Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
warnings on use of deprecated functions (with GCC and Clang only).
* Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
errors on use of deprecated functions.
Bugfix
* Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
* Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
* Fix bug in entropy.c when THREADING_C is also enabled that caused
entropy_free() to crash (thanks to Rafał Przywara).
* Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
once on the same context.
* Fix bug in ssl_mail_client when password is longer that username (found
by Bruno Pape).
* Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
(detected by Clang's 3.6 UBSan).
* mpi_size() and mpi_msb() would segfault when called on an mpi that is
initialized but not set (found by pravic).
* Fix detection of support for getrandom() on Linux (reported by syzzer) by
doing it at runtime (using uname) rather that compile time.
* Fix handling of symlinks by "make install" (found by Gaël PORTAY).
* Fix potential NULL pointer dereference (not trigerrable remotely) when
ssl_write() is called before the handshake is finished (introduced in
1.3.10) (first reported by Martin Blumenstingl).
* Fix bug in pk_parse_key() that caused some valid private EC keys to be
rejected.
* Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
* Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
* Fix hardclock() (only used in the benchmarking program) with some
versions of mingw64 (found by kxjhlele).
* Fix warnings from mingw64 in timing.c (found by kxjklele).
* Fix potential unintended sign extension in asn1_get_len() on 64-bit
platforms.
* Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
* Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced
in 1.3.10).
* Add missing extern "C" guard in aesni.h (reported by amir zamani).
* Add missing dependency on SHA-256 in some x509 programs (reported by
Gergely Budai).
* Fix bug related to ssl_set_curves(): the client didn't check that the
curve picked by the server was actually allowed.
Changes
* Remove bias in mpi_gen_prime (contributed by Pascal Junod).
* Remove potential sources of timing variations (some contributed by Pascal
Junod).
* Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated.
* Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated.
* compat-1.2.h and openssl.h are deprecated.
* Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
more flexible (warning: OFLAGS is not used any more) (see the README)
(contributed by Alon Bar-Lev).
* ssl_set_own_cert() no longer calls pk_check_pair() since the
performance impact was bad for some users (this was introduced in 1.3.10).
* Move from SHA-1 to SHA-256 in example programs using signatures
(suggested by Thorsten Mühlfelder).
* Remove some unneeded inclusions of header files from the standard library
"minimize" others (eg use stddef.h if only size_t is needed).
* Change #include lines in test files to use double quotes instead of angle
brackets for uniformity with the rest of the code.
* Remove dependency on sscanf() in X.509 parsing modules.
= mbed TLS 1.3.10 released 2015-02-09
Security
* NULL pointer dereference in the buffer-based allocator when the buffer is
full and polarssl_free() is called (found by Mark Hasemeyer)
(only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
not by default).
* Fix remotely-triggerable uninitialised pointer dereference caused by
crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
client certificate) (found using Codenomicon Defensics).
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Fix potential stack overflow while parsing crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Fix timing difference that could theoretically lead to a
Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges
(reported by Sebastian Schinzel).
Features
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv).
* Add support for Extended Master Secret (draft-ietf-tls-session-hash).
* Add support for Encrypt-then-MAC (RFC 7366).
* Add function pk_check_pair() to test if public and private keys match.
* Add x509_crl_parse_der().
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
length of an X.509 verification chain.
* Support for renegotiation can now be disabled at compile-time
* Support for 1/n-1 record splitting, a countermeasure against BEAST.
* Certificate selection based on signature hash, preferring SHA-1 over SHA-2
for pre-1.2 clients when multiple certificates are available.
* Add support for getrandom() syscall on recent Linux kernels with Glibc or
a compatible enough libc (eg uClibc).
* Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime
while using the default ciphersuite list.
* Added new error codes and debug messages about selection of
ciphersuite/certificate.
Bugfix
* Stack buffer overflow if ctr_drbg_update() is called with too large
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
* Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
if memory_buffer_alloc_init() was called with buf not aligned and len not
a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely).
* User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
by Julian Ospald).
* Fix potential undefined behaviour in Camellia.
* Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
multiple of 8 (found by Gergely Budai).
* Fix unchecked return code in x509_crt_parse_path() on Windows (found by
Peter Vaskovic).
* Fix assembly selection for MIPS64 (thanks to James Cowgill).
* ssl_get_verify_result() now works even if the handshake was aborted due
to a failed verification (found by Fredrik Axelsson).
* Skip writing and parsing signature_algorithm extension if none of the
key exchanges enabled needs certificates. This fixes a possible interop
issue with some servers when a zero-length extension was sent. (Reported
by Peter Dettman.)
* On a 0-length input, base64_encode() did not correctly set output length
(found by Hendrik van den Boogaard).
Changes
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to
switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
* ssl_set_own_cert() now returns an error on key-certificate mismatch.
* Forbid repeated extensions in X.509 certificates.
* debug_print_buf() now prints a text view in addition to hexadecimal.
* A specific error is now returned when there are ciphersuites in common
but none of them is usable due to external factors such as no certificate
with a suitable (extended)KeyUsage or curve or no PSK set.
* It is now possible to disable negotiation of truncated HMAC server-side
| -rw-r--r-- | security/mbedtls/DESCR | 3 | ||||
| -rw-r--r-- | security/mbedtls/Makefile | 39 | ||||
| -rw-r--r-- | security/mbedtls/PLIST | 118 | ||||
| -rw-r--r-- | security/mbedtls/buildlink3.mk | 20 | ||||
| -rw-r--r-- | security/mbedtls/distinfo | 8 | ||||
| -rw-r--r-- | security/mbedtls/options.mk | 40 | ||||
| -rw-r--r-- | security/mbedtls/patches/patch-Makefile | 64 | ||||
| -rw-r--r-- | security/mbedtls/patches/patch-library_Makefile | 15 | ||||
| -rw-r--r-- | security/mbedtls/patches/patch-programs_test_CMakeLists.txt | 14 |
9 files changed, 321 insertions, 0 deletions
diff --git a/security/mbedtls/DESCR b/security/mbedtls/DESCR new file mode 100644 index 00000000000..88b6fb091d2 --- /dev/null +++ b/security/mbedtls/DESCR @@ -0,0 +1,3 @@ +mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers +to include cryptographic and SSL/TLS capabilities in their (embedded) +products, facilitating this functionality with a minimal coding footprint. diff --git a/security/mbedtls/Makefile b/security/mbedtls/Makefile new file mode 100644 index 00000000000..020ba745041 --- /dev/null +++ b/security/mbedtls/Makefile @@ -0,0 +1,39 @@ +# $NetBSD: Makefile,v 1.1 2015/06/12 09:05:05 fhajny Exp $ +# + +DISTNAME= mbedtls-1.3.11-gpl +PKGNAME= ${DISTNAME:-gpl=} +CATEGORIES= security devel +MASTER_SITES= https://tls.mbed.org/download/ +EXTRACT_SUFX= .tgz + +MAINTAINER= pkgsrc-users@NetBSD.org +HOMEPAGE= https://tls.mbed.org/ +COMMENT= Lightweight, modular cryptographic and SSL/TLS library +LICENSE= gnu-gpl-v2 + +CONFLICTS+= polarssl-[0-9]* +SUPERSEDES+= polarssl-[0-9]* + +WRKSRC= ${WRKDIR}/${PKGNAME_NOREV} +USE_CMAKE= yes +USE_LANGUAGES= c +USE_TOOLS+= gmake perl pkg-config + +GCC_REQD+= 4.4 +REPLACE_PERL= tests/scripts/*.pl + +.include "options.mk" + +CMAKE_ARGS+= -DUSE_SHARED_MBEDTLS_LIBRARY=ON +MAKE_ENV+= RANLIB=${RANLIB:Q} +TEST_TARGET= check + +LDFLAGS.SunOS+= -lsocket + +post-install: + ${CHMOD} -x ${DESTDIR}${PREFIX}/lib/libmbedtls.a + ${SETENV} ${SH} ${WRKSRC}/scripts/polarssl_symlinks.sh ${DESTDIR}${PREFIX}/lib + +.include "../../mk/pthread.buildlink3.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/security/mbedtls/PLIST b/security/mbedtls/PLIST new file mode 100644 index 00000000000..672327523c3 --- /dev/null +++ b/security/mbedtls/PLIST @@ -0,0 +1,118 @@ +@comment $NetBSD: PLIST,v 1.1 2015/06/12 09:05:05 fhajny Exp $ +${PLIST.tools}bin/aescrypt2 +${PLIST.tools}bin/benchmark +${PLIST.tools}bin/cert_app +${PLIST.tools}bin/cert_req +${PLIST.tools}bin/cert_write +${PLIST.tools}bin/crl_app +${PLIST.tools}bin/crypt_and_hash +${PLIST.tools}bin/dh_client +${PLIST.tools}bin/dh_genprime +${PLIST.tools}bin/dh_server +${PLIST.tools}bin/gen_entropy +${PLIST.tools}bin/gen_key +${PLIST.tools}bin/gen_random_ctr_drbg +${PLIST.tools}bin/gen_random_havege +${PLIST.tools}bin/generic_sum +${PLIST.tools}bin/hello +${PLIST.tools}bin/key_app +${PLIST.tools}bin/md5sum +${PLIST.tools}bin/mini_client +${PLIST.tools}bin/mpi_demo +${PLIST.tools}${PLIST.tests}bin/o_p_test +${PLIST.tools}bin/pem2der +${PLIST.tools}bin/pk_decrypt +${PLIST.tools}bin/pk_encrypt +${PLIST.tools}bin/pk_sign +${PLIST.tools}bin/pk_verify +${PLIST.tools}bin/req_app +${PLIST.tools}bin/rsa_decrypt +${PLIST.tools}bin/rsa_encrypt +${PLIST.tools}bin/rsa_genkey +${PLIST.tools}bin/rsa_sign +${PLIST.tools}bin/rsa_verify +${PLIST.tools}bin/selftest +${PLIST.tools}bin/sha1sum +${PLIST.tools}bin/sha2sum +${PLIST.tools}bin/ssl_cert_test +${PLIST.tools}bin/ssl_client1 +${PLIST.tools}bin/ssl_client2 +${PLIST.tools}bin/ssl_fork_server +${PLIST.tools}bin/ssl_mail_client +${PLIST.tools}bin/ssl_pthread_server +${PLIST.tools}bin/ssl_server +${PLIST.tools}bin/ssl_test +${PLIST.tools}bin/strerror +include/polarssl/aes.h +include/polarssl/aesni.h +include/polarssl/arc4.h +include/polarssl/asn1.h +include/polarssl/asn1write.h +include/polarssl/base64.h +include/polarssl/bignum.h +include/polarssl/blowfish.h +include/polarssl/bn_mul.h +include/polarssl/camellia.h +include/polarssl/ccm.h +include/polarssl/certs.h +include/polarssl/check_config.h +include/polarssl/cipher.h +include/polarssl/cipher_wrap.h +include/polarssl/compat-1.2.h +include/polarssl/config.h +include/polarssl/ctr_drbg.h +include/polarssl/debug.h +include/polarssl/des.h +include/polarssl/dhm.h +include/polarssl/ecdh.h +include/polarssl/ecdsa.h +include/polarssl/ecp.h +include/polarssl/entropy.h +include/polarssl/entropy_poll.h +include/polarssl/error.h +include/polarssl/gcm.h +include/polarssl/havege.h +include/polarssl/hmac_drbg.h +include/polarssl/md.h +include/polarssl/md2.h +include/polarssl/md4.h +include/polarssl/md5.h +include/polarssl/md_wrap.h +include/polarssl/memory.h +include/polarssl/memory_buffer_alloc.h +include/polarssl/net.h +include/polarssl/oid.h +include/polarssl/openssl.h +include/polarssl/padlock.h +include/polarssl/pbkdf2.h +include/polarssl/pem.h +include/polarssl/pk.h +include/polarssl/pk_wrap.h +include/polarssl/pkcs11.h +include/polarssl/pkcs12.h +include/polarssl/pkcs5.h +include/polarssl/platform.h +include/polarssl/ripemd160.h +include/polarssl/rsa.h +include/polarssl/sha1.h +include/polarssl/sha256.h +include/polarssl/sha512.h +include/polarssl/ssl.h +include/polarssl/ssl_cache.h +include/polarssl/ssl_ciphersuites.h +include/polarssl/threading.h +include/polarssl/timing.h +include/polarssl/version.h +include/polarssl/x509.h +include/polarssl/x509_crl.h +include/polarssl/x509_crt.h +include/polarssl/x509_csr.h +include/polarssl/xtea.h +lib/libmbedtls.a +lib/libmbedtls.so +lib/libmbedtls.so.${PKGVERSION} +lib/libmbedtls.so.9 +lib/libpolarssl.a +lib/libpolarssl.so +lib/libpolarssl.so.${PKGVERSION} +lib/libpolarssl.so.9 diff --git a/security/mbedtls/buildlink3.mk b/security/mbedtls/buildlink3.mk new file mode 100644 index 00000000000..7b3b9b8fcaa --- /dev/null +++ b/security/mbedtls/buildlink3.mk @@ -0,0 +1,20 @@ +# $NetBSD: buildlink3.mk,v 1.1 2015/06/12 09:05:05 fhajny Exp $ + +BUILDLINK_TREE+= mbedtls + +.if !defined(MBEDTLS_BUILDLINK3_MK) +MBEDTLS_BUILDLINK3_MK:= + +BUILDLINK_API_DEPENDS.mbedtls+= mbedtls>=0.10.0 +BUILDLINK_PKGSRCDIR.mbedtls?= ../../security/mbedtls + +pkgbase := mbedtls +.include "../../mk/pkg-build-options.mk" + +.if !empty(PKG_BUILD_OPTIONS.mbedtls:Mzlib) +.include "../../devel/zlib/buildlink3.mk" +.endif + +.endif # MBEDTLS_BUILDLINK3_MK + +BUILDLINK_TREE+= -mbedtls diff --git a/security/mbedtls/distinfo b/security/mbedtls/distinfo new file mode 100644 index 00000000000..807c329ddef --- /dev/null +++ b/security/mbedtls/distinfo @@ -0,0 +1,8 @@ +$NetBSD: distinfo,v 1.1 2015/06/12 09:05:05 fhajny Exp $ + +SHA1 (mbedtls-1.3.11-gpl.tgz) = 3948084c9d3312b381d458b06d9a2066c3cc0184 +RMD160 (mbedtls-1.3.11-gpl.tgz) = 66448e7d5ca41e7c64f55bdb3e4b9ec9d1ec3205 +Size (mbedtls-1.3.11-gpl.tgz) = 1731809 bytes +SHA1 (patch-Makefile) = 80698e16a397133de134ab582016b9e91ad652f0 +SHA1 (patch-library_Makefile) = 551854fbdd91ae180f1d5408869a556ff0c39d1a +SHA1 (patch-programs_test_CMakeLists.txt) = 94ce731d81f1584c406e3b295c84fd6a5c327a50 diff --git a/security/mbedtls/options.mk b/security/mbedtls/options.mk new file mode 100644 index 00000000000..0799f83a0d9 --- /dev/null +++ b/security/mbedtls/options.mk @@ -0,0 +1,40 @@ +# $NetBSD: options.mk,v 1.1 2015/06/12 09:05:05 fhajny Exp $ + +PKG_OPTIONS_VAR= PKG_OPTIONS.mbedtls +PKG_SUPPORTED_OPTIONS= mbedtls-tools tests zlib +PKG_SUGGESTED_OPTIONS+= # XXX: blank, though the package has "tests" by default + +PLIST_VARS+= tests tools + +.if defined(PKG_OPTIONS.polarssl) +PKG_LEGACY_OPTIONS+= ${PKG_OPTIONS.polarssl} +PKG_OPTIONS_DEPRECATED_WARNINGS+= "Deprecated variable PKG_OPTIONS.polarssl used, use "${PKG_OPTIONS_VAR:Q}" instead." +.endif + +.include "../../mk/bsd.options.mk" + +.if !empty(PKG_OPTIONS:Mmbedtls-tools) +CMAKE_ARGS+= -DENABLE_PROGRAMS=ON +PLIST.tools= yes +.else +CMAKE_ARGS+= -DENABLE_PROGRAMS=OFF +.endif + +.if !empty(PKG_OPTIONS:Mtests) +. if !empty(PKG_OPTIONS:Mmbedtls-tools) +. include "../../security/openssl/buildlink3.mk" +CMAKE_ARGS+= -DENABLE_TESTING=ON +PLIST.tests= yes +. else +PKG_FAIL_REASON+= "option tests needs option mbedtls-tools" +. endif +.else +CMAKE_ARGS+= -DENABLE_TESTING=OFF +.endif + +.if !empty(PKG_OPTIONS:Mzlib) +.include "../../devel/zlib/buildlink3.mk" +CMAKE_ARGS+= -DENABLE_ZLIB_SUPPORT=ON +.else +CMAKE_ARGS+= -DENABLE_ZLIB_SUPPORT=OFF +.endif diff --git a/security/mbedtls/patches/patch-Makefile b/security/mbedtls/patches/patch-Makefile new file mode 100644 index 00000000000..4abb99a33ec --- /dev/null +++ b/security/mbedtls/patches/patch-Makefile @@ -0,0 +1,64 @@ +$NetBSD: patch-Makefile,v 1.1 2015/06/12 09:05:05 fhajny Exp $ + +Fix DESTDIR for pkgsrc. + +--- Makefile.orig 2015-06-04 12:49:19.000000000 +0000 ++++ Makefile +@@ -1,6 +1,5 @@ + +-DESTDIR=/usr/local +-PREFIX=mbedtls_ ++APPPREFIX=mbedtls_ + OLDPREFIX=polarssl_ + + .SILENT: +@@ -19,35 +18,35 @@ tests: lib + $(MAKE) -C tests + + install: +- mkdir -p $(DESTDIR)/include/polarssl +- cp -r include/polarssl $(DESTDIR)/include ++ mkdir -p $(DESTDIR)$(PREFIX)/include/polarssl ++ cp -r include/polarssl $(DESTDIR)$(PREFIX)/include + +- mkdir -p $(DESTDIR)/lib +- cp -RP library/libpolarssl.* library/libmbedtls.* $(DESTDIR)/lib ++ mkdir -p $(DESTDIR)$(PREFIX)/lib ++ cp -RP library/libpolarssl.* library/libmbedtls.* $(DESTDIR)$(PREFIX)/lib + +- mkdir -p $(DESTDIR)/bin ++ mkdir -p $(DESTDIR)$(PREFIX)/bin + for p in programs/*/* ; do \ + if [ -x $$p ] && [ ! -d $$p ] ; \ + then \ +- f=$(PREFIX)`basename $$p` ; \ ++ f=$(APPPREFIX)`basename $$p` ; \ + o=$(OLDPREFIX)`basename $$p` ; \ +- cp $$p $(DESTDIR)/bin/$$f ; \ +- ln -sf $$f $(DESTDIR)/bin/$$o ; \ ++ cp $$p $(DESTDIR)$(PREFIX)/bin/$$f ; \ ++ ln -sf $$f $(DESTDIR)$(PREFIX)/bin/$$o ; \ + fi \ + done + + uninstall: +- rm -rf $(DESTDIR)/include/polarssl +- rm -f $(DESTDIR)/lib/libpolarssl.* +- rm -f $(DESTDIR)/lib/libmbedtls.* ++ rm -rf $(DESTDIR)$(PREFIX)/include/polarssl ++ rm -f $(DESTDIR)$(PREFIX)/lib/libpolarssl.* ++ rm -f $(DESTDIR)$(PREFIX)/lib/libmbedtls.* + + for p in programs/*/* ; do \ + if [ -x $$p ] && [ ! -d $$p ] ; \ + then \ +- f=$(PREFIX)`basename $$p` ; \ ++ f=$(APPPREFIX)`basename $$p` ; \ + o=$(OLDPREFIX)`basename $$p` ; \ +- rm -f $(DESTDIR)/bin/$$f ; \ +- rm -f $(DESTDIR)/bin/$$o ; \ ++ rm -f $(DESTDIR)$(PREFIX)/bin/$$f ; \ ++ rm -f $(DESTDIR)$(PREFIX)/bin/$$o ; \ + fi \ + done + diff --git a/security/mbedtls/patches/patch-library_Makefile b/security/mbedtls/patches/patch-library_Makefile new file mode 100644 index 00000000000..27e435d0f37 --- /dev/null +++ b/security/mbedtls/patches/patch-library_Makefile @@ -0,0 +1,15 @@ +$NetBSD: patch-library_Makefile,v 1.1 2015/06/12 09:05:05 fhajny Exp $ + +Call ranlib instead of non-portable 'ar s'. + +--- library/Makefile.orig 2015-06-04 12:49:19.000000000 +0000 ++++ library/Makefile +@@ -95,7 +95,7 @@ libmbedtls.a: $(OBJS) + echo " AR $@" + $(AR) rc $@ $(OBJS) + echo " RL $@" +- $(AR) s $@ ++ $(RANLIB) $@ + + libpolarssl.$(DLEXT): libmbedtls.$(DLEXT) + echo " LN $@ -> $?" diff --git a/security/mbedtls/patches/patch-programs_test_CMakeLists.txt b/security/mbedtls/patches/patch-programs_test_CMakeLists.txt new file mode 100644 index 00000000000..5eb32f9e6a1 --- /dev/null +++ b/security/mbedtls/patches/patch-programs_test_CMakeLists.txt @@ -0,0 +1,14 @@ +$NetBSD: patch-programs_test_CMakeLists.txt,v 1.1 2015/06/12 09:05:05 fhajny Exp $ + +Make OpenSSL optional. + +--- programs/test/CMakeLists.txt.orig 2015-06-04 12:49:19.000000000 +0000 ++++ programs/test/CMakeLists.txt +@@ -1,4 +1,6 @@ +-FIND_PACKAGE(OpenSSL) ++if(ENABLE_TESTING) ++ FIND_PACKAGE(OpenSSL) ++endif(ENABLE_TESTING) + + set(libs + mbedtls |