[Buildroot] [PATCH 1/1] package/wolfssl: security bump to version 5.7.0

Sun Apr 7 19:45:44 UTC 2024

On 07/04/2024 19:07, Fabrice Fontaine wrote:
> Vulnerabilities
>   - [High] CVE-2024-0901 Potential denial of service and out of bounds
>     read. Affects TLS 1.3 on the server side when accepting a connection
>     from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
>     it is recommended to update the version of wolfSSL used.
>   - [Med] CVE-2024-1545 Fault Injection vulnerability in
>     RsaPrivateDecryption function that potentially allows an attacker
>     that has access to the same system with a victims process to perform
>     a Rowhammer fault injection.
>   - [Med] Fault injection attack with EdDSA signature operations. This
>     affects ed25519 sign operations where the system could be susceptible
>     to Rowhammer attacks.
> 
> No official tarball provided so switch to github and set autoreconf
> 
> https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

  Applied to master, thanks.

  Regards,
  Arnout

> ---
>   package/wolfssl/wolfssl.hash | 2 +-
>   package/wolfssl/wolfssl.mk   | 6 ++++--
>   2 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash
> index 59e42e98b9..e705bba9fd 100644
> --- a/package/wolfssl/wolfssl.hash
> +++ b/package/wolfssl/wolfssl.hash
> @@ -1,5 +1,5 @@
>   # Locally computed:
> -sha256  75aaafe3b8c776d1ac417288116c8d444115f9fac5acb382a39a7d163dfd618d  wolfssl-5.6.6.tar.gz
> +sha256  2de93e8af588ee856fe67a6d7fce23fc1b226b74d710b0e3946bc8061f6aa18f  wolfssl-5.7.0.tar.gz
>   
>   # Hash for license files:
>   sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk
> index 68c69afd59..893408eca4 100644
> --- a/package/wolfssl/wolfssl.mk
> +++ b/package/wolfssl/wolfssl.mk
> @@ -4,14 +4,16 @@
>   #
>   ################################################################################
>   
> -WOLFSSL_VERSION = 5.6.6
> -WOLFSSL_SITE = https://github.com/wolfSSL/wolfssl/releases/download/v$(WOLFSSL_VERSION)-stable
> +WOLFSSL_VERSION = 5.7.0
> +WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
>   WOLFSSL_INSTALL_STAGING = YES
>   
>   WOLFSSL_LICENSE = GPL-2.0+
>   WOLFSSL_LICENSE_FILES = COPYING LICENSING
>   WOLFSSL_CPE_ID_VENDOR = wolfssl
>   WOLFSSL_CONFIG_SCRIPTS = wolfssl-config
> +# From git
> +WOLFSSL_AUTORECONF = YES
>   WOLFSSL_DEPENDENCIES = host-pkgconf
>   
>   WOLFSSL_CONF_OPTS = --disable-examples --disable-crypttests