Package: mbedtls
Version: 2.16.9-0.1
Severity: wishlist
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi James, I'm looking into packaging yuzu ( https://bugs.debian.org/947399 ),
and MbedTLS is one its dependencies. They require an LTS version of the library
with CMAC support enabled, so I'm asking if you could enabled it in d/rules.
The feature is also enabled by default in MbedTLS 3.0.0, and is considered safe
to use.
Speaking of 3.0.0 features, I noticed that you enabled MD2, MD4 and the HAVEGE
module; they have been all removed in the new version, and, considering the
fact that they are considered insecure and their use is discouraged by upstream
you could consider disabling them if possible.
Lastly, upstream provides a handy script (scripts/config.py) that can be used
to easily update include/mbedtls/config.h, so that you don't have to maintain
your own version of it in d/rules :)
If you would like some help to maintain the package I'd be happy to lend a
hand.
Thanks.
-----BEGIN PGP SIGNATURE-----
iIoEARYIADIWIQRm3vFSgpkMIZnvqAGooSioqxzuSQUCYUcaoRQcYW5kcmVhQHBh
cHBhY29kYS5pdAAKCRCooSioqxzuSfiiAQDE+EyQY93kucJT+FHGrRWbuX62GsbF
c9WzpYymqSXvrgEAjBEEgcb7C8dT3Hg5A5aHYSF1cYw30l0wE5JveRRtgAU=
=Xm0C
-----END PGP SIGNATURE-----
>From 68aec014e876273af8ecac359a4c0f084dc21eab Mon Sep 17 00:00:00 2001
From: Andrea Pappacoda <and...@pappacoda.it>
Date: Sun, 19 Sep 2021 13:06:29 +0200
Subject: [PATCH] d/rules: enable MBEDTLS_CMAC_C
---
debian/rules | 1 +
1 file changed, 1 insertion(+)
diff --git a/debian/rules b/debian/rules
index afb96904..39f1492a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -31,6 +31,7 @@ override_dh_auto_configure:
$(call CONFIG_ENABLE,MBEDTLS_MD4_C)
$(call CONFIG_ENABLE,MBEDTLS_THREADING_C)
$(call CONFIG_ENABLE,MBEDTLS_THREADING_PTHREAD)
+ $(call CONFIG_ENABLE,MBEDTLS_CMAC_C)
dh_auto_configure -- \
-DLIB_INSTALL_DIR=lib/$(DEB_HOST_MULTIARCH) \
-DUSE_STATIC_MBEDTLS_LIBRARY=ON \
--
2.33.0
