treewide: fix security issues by bumping all packages using libwolfssl
authorPetr Štetiar <ynezz@true.cz>
Thu, 29 Sep 2022 16:45:40 +0000 (18:45 +0200)
committerPetr Štetiar <ynezz@true.cz>
Tue, 4 Oct 2022 08:11:08 +0000 (10:11 +0200)
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f1b7e1434f66a3cb09cb9e70b40add354a22e458)

package/libs/ustream-ssl/Makefile
package/network/services/hostapd/Makefile
package/utils/px5g-wolfssl/Makefile
package/utils/uencrypt/Makefile

index 7d9e830381dcbca095aded88350357a289e556c0..4f474978db7713f00f1f2a07616be11aa61cc872 100644 (file)
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ustream-ssl
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
index 584695786f15b9b7004da9b2a0230a9ad7cf1485..d78d7ff621b66ebbcdcc4810a835c8f5efa5f389 100644 (file)
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=$(AUTORELEASE).1
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
index 95517c5c00b26bae84c35f63c298eda4c8047a14..ea805acd8ba7e7cf111deb8296023ea181c74431 100644 (file)
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g-wolfssl
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=$(COMMITCOUNT).1
 PKG_LICENSE:=GPL-2.0-or-later
 
 PKG_USE_MIPS16:=0
index 77fdf64e0ea95f584b996586c207571e4a47faaf..dc08f6672a6f7a7ddf0c6b1d56355f88493fccd3 100644 (file)
@@ -4,7 +4,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uencrypt
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_FLAGS:=nonshared
 PKG_LICENSE:=GPL-2.0-or-later