projects / openwrt / staging / pepe2k.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 049e8f6)
wolfssl: bump to 5.4.0
authorEneas U de Queiroz <cotequeiroz@gmail.com>
Fri, 15 Jul 2022 19:09:58 +0000 (16:09 -0300)
committerPetr Štetiar <ynezz@true.cz>
Wed, 5 Oct 2022 19:09:46 +0000 (21:09 +0200)
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.

The patch fixing x86 aesni build has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9710fe70a68e0a004b1906db192d7a6c8f810ac5)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ade7c6db1e6c2c0c8d2338948c37cfa7429ebccc)

package/libs/wolfssl/Makefile patch | blob | history
package/libs/wolfssl/patches/100-disable-hardening-check.patch patch | blob | history
package/libs/wolfssl/patches/200-ecc-rng.patch patch | blob | history

diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 1324a439299bdc1ce694e68d297c43bf03329924..d0a67e118be20649e12d0198c52686a152a09079 100644 (file)
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.3.0-stable
+PKG_VERSION:=5.4.0-stable
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=1a3bb310dc01d3e73d9ad91b6ea8249d081016f8eef4ae8f21d3421f91ef1de9
+PKG_HASH:=dc36cc19dad197253e5c2ecaa490c7eef579ad448706e55d73d79396e814098b
 
 PKG_FIXUP:=libtool libtool-abiver
 PKG_INSTALL:=1
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index 7e473b390bb2c7dadb3f46b84e1fc0bfdcc18d66..d3ad2e27bc3e359cd45f9e3d1df419db98f807c4 100644 (file)
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2442,7 +2442,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */
diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch
index f1f156a8aeace5a93ba54ae6fec800d0678c7bef..2e09e6d273e39ea8c313442953f9dd1ef5b85bd3 100644 (file)
--- a/package/libs/wolfssl/patches/200-ecc-rng.patch
+++ b/package/libs/wolfssl/patches/200-ecc-rng.patch
@@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl.
 
 --- a/wolfcrypt/src/ecc.c
 +++ b/wolfcrypt/src/ecc.c
-@@ -11655,21 +11655,21 @@ void wc_ecc_fp_free(void)
+@@ -12288,21 +12288,21 @@ void wc_ecc_fp_free(void)
  
  #endif /* FP_ECC */
  
Staging tree of Piotr Dymacz