musl: Fix CVE-2019-14697

[openwrt/openwrt.git] / toolchain / musl / Config.in

diff --git a/toolchain/musl/Config.in b/toolchain/musl/Config.in
index 254a8d4201116b85779de3a849cae9b3e5c69a9e..7e83b6fa535dae1f3b3be85017417875b6587dad 100644 (file)
--- a/toolchain/musl/Config.in
+++ b/toolchain/musl/Config.in
@@ -1,21 +1,12 @@
-# Choose musl version.
+# Password crypt stubbing
 
-choice
-       prompt "musl Version"
-       depends on TOOLCHAINOPTS && USE_MUSL
-       default MUSL_VERSION_0_9_7
-       help
-         Select the version of musl you wish to use.
-
-       config MUSL_VERSION_0_9_7
-               bool "musl 0.9.7"
-
-endchoice
-
-
-# Debug version.
-
-config MUSL_ENABLE_DEBUG
-       bool "Build with debug information"
-       depends on TOOLCHAINOPTS && USE_MUSL
+config MUSL_DISABLE_CRYPT_SIZE_HACK
+       bool "Include crypt() support for SHA256, SHA512 and Blowfish ciphers"
+       depends on TOOLCHAINOPTS && USE_MUSL && !EXTERNAL_TOOLCHAIN
        default n
+       help
+         Enable this option to re-include crypt() support for the SHA256, SHA512 and
+         Blowfish ciphers. Without this option, attempting to hash a string with a salt
+         requesting one of these ciphers will cause the crypt() function to call stub
+         implementations which will always fail with errno ENOSYS. Including the ciphers
+         will increase the library size by about 14KB after LZMA compression.