From 77e0e99d3104debc7ce31d6c15ff1e10e19ceb7c Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Mon, 5 Aug 2019 11:47:58 -0300 Subject: wolfssl: bump to 4.1.0-stable Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Signed-off-by: Eneas U de Queiroz --- package/libs/wolfssl/Makefile | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'package/libs/wolfssl/Makefile') diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 678eb4936b..2ad03a5aca 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=4.0.0-stable +PKG_VERSION:=4.1.0-stable PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=6cf678c72b485d1904047c40c20f85104c96b5f39778822783a2c407ccb23657 +PKG_HASH:=f0d630c3ddfeb692b8ae38cc739f47d5e9f0fb708662aa241ede0c42a5eb3dd8 PKG_FIXUP:=libtool PKG_INSTALL:=1 @@ -25,14 +25,13 @@ PKG_MAINTAINER:=Eneas U de Queiroz PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl PKG_CONFIG_DEPENDS:=\ - CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \ - CONFIG_WOLFSSL_HAS_AFALG CONFIG_WOLFSSL_HAS_ARC4 \ - CONFIG_WOLFSSL_HAS_CHACHA_POLY CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \ - CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL, CONFIG_WOLFSSL_HAS_DH \ - CONFIG_WOLFSSL_HAS_DTLS CONFIG_WOLFSSL_HAS_ECC25519 \ - CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_SESSION_TICKET \ - CONFIG_WOLFSSL_HAS_TLSV10 CONFIG_WOLFSSL_HAS_TLSV13 \ - CONFIG_WOLFSSL_HAS_WPAS + CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \ + CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \ + CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \ + CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \ + CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \ + CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \ + CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS include $(INCLUDE_DIR)/package.mk @@ -65,11 +64,9 @@ CONFIGURE_ARGS += \ --enable-sni \ --enable-stunnel \ --disable-examples \ - --disable-leanpsk \ - --disable-leantls \ + --disable-jobserver \ --$(if $(CONFIG_IPV6),enable,disable)-ipv6 \ --$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \ - --$(if $(CONFIG_WOLFSSL_HAS_AES_GCM),enable,disable)-aesgcm \ --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \ --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \ --$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \ -- cgit v1.2.3