[Buildroot] [PATCH 1/1] package/wolfssl: security bump to version 5.7.0
Arnout Vandecappelle
arnout at mind.be
Sun Apr 7 19:45:44 UTC 2024
On 07/04/2024 19:07, Fabrice Fontaine wrote:
> Vulnerabilities
> - [High] CVE-2024-0901 Potential denial of service and out of bounds
> read. Affects TLS 1.3 on the server side when accepting a connection
> from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
> it is recommended to update the version of wolfSSL used.
> - [Med] CVE-2024-1545 Fault Injection vulnerability in
> RsaPrivateDecryption function that potentially allows an attacker
> that has access to the same system with a victims process to perform
> a Rowhammer fault injection.
> - [Med] Fault injection attack with EdDSA signature operations. This
> affects ed25519 sign operations where the system could be susceptible
> to Rowhammer attacks.
>
> No official tarball provided so switch to github and set autoreconf
>
> https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> package/wolfssl/wolfssl.hash | 2 +-
> package/wolfssl/wolfssl.mk | 6 ++++--
> 2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash
> index 59e42e98b9..e705bba9fd 100644
> --- a/package/wolfssl/wolfssl.hash
> +++ b/package/wolfssl/wolfssl.hash
> @@ -1,5 +1,5 @@
> # Locally computed:
> -sha256 75aaafe3b8c776d1ac417288116c8d444115f9fac5acb382a39a7d163dfd618d wolfssl-5.6.6.tar.gz
> +sha256 2de93e8af588ee856fe67a6d7fce23fc1b226b74d710b0e3946bc8061f6aa18f wolfssl-5.7.0.tar.gz
>
> # Hash for license files:
> sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
> diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk
> index 68c69afd59..893408eca4 100644
> --- a/package/wolfssl/wolfssl.mk
> +++ b/package/wolfssl/wolfssl.mk
> @@ -4,14 +4,16 @@
> #
> ################################################################################
>
> -WOLFSSL_VERSION = 5.6.6
> -WOLFSSL_SITE = https://github.com/wolfSSL/wolfssl/releases/download/v$(WOLFSSL_VERSION)-stable
> +WOLFSSL_VERSION = 5.7.0
> +WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
> WOLFSSL_INSTALL_STAGING = YES
>
> WOLFSSL_LICENSE = GPL-2.0+
> WOLFSSL_LICENSE_FILES = COPYING LICENSING
> WOLFSSL_CPE_ID_VENDOR = wolfssl
> WOLFSSL_CONFIG_SCRIPTS = wolfssl-config
> +# From git
> +WOLFSSL_AUTORECONF = YES
> WOLFSSL_DEPENDENCIES = host-pkgconf
>
> WOLFSSL_CONF_OPTS = --disable-examples --disable-crypttests
More information about the buildroot
mailing list