treewide: fix security issues by bumping all packages using libwolfssl
authorPetr Štetiar <ynezz@true.cz>
Thu, 29 Sep 2022 16:45:40 +0000 (18:45 +0200)
committerPetr Štetiar <ynezz@true.cz>
Mon, 3 Oct 2022 15:52:06 +0000 (17:52 +0200)
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
package/libs/ustream-ssl/Makefile
package/network/services/hostapd/Makefile
package/utils/px5g-wolfssl/Makefile
package/utils/uencrypt/Makefile

index a5e34a73b444a0b4ea0e0b232956e73778c84693..3181f66c7e6a356d97d5451227a214a39288d9d2 100644 (file)
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ustream-ssl
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
index e4794968790a90b94b238c0b416424c611bad8b1..0eb8279453e207841f2a6c76cb7da17fc45f485e 100644 (file)
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=$(AUTORELEASE).1
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
index 95517c5c00b26bae84c35f63c298eda4c8047a14..ea805acd8ba7e7cf111deb8296023ea181c74431 100644 (file)
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g-wolfssl
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=$(COMMITCOUNT).1
 PKG_LICENSE:=GPL-2.0-or-later
 
 PKG_USE_MIPS16:=0
index 9307f97b6e45b28d3beed141b4aaa0cce6a46527..023c84b600b0c247726a2b0e0bb8844e05847efd 100644 (file)
@@ -4,7 +4,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uencrypt
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_FLAGS:=nonshared
 PKG_LICENSE:=GPL-2.0-or-later