From 18b5d6205db7547d633d6ac4ea8ba4fdd81ecc35 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 29 Oct 2022 10:00:33 +0200 Subject: [PATCH] package/wolfssl: security bump to version 5.5.2 In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections. This heap over read is limited to wolfSSL builds explicitly setting the macro WOLFSSL_CALLBACKS, the feature does not get turned on by any other build options. The macro WOLFSSL_CALLBACKS is intended for debug use only, but if having it enabled in production, users are recommended to disable WOLFSSL_CALLBACKS. Users enabling WOLFSSL_CALLBACKS are recommended to update their version of wolfSSL. CVE 2022-42905 https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/wolfssl/wolfssl.hash | 2 +- package/wolfssl/wolfssl.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash index 3849ffb9fc..65d77ca659 100644 --- a/package/wolfssl/wolfssl.hash +++ b/package/wolfssl/wolfssl.hash @@ -1,5 +1,5 @@ # Locally computed: -sha256 97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3 wolfssl-5.5.1.tar.gz +sha256 49c6195462cae034efe6c86268824ba515682508a5f5199358d56a4168a82cf0 wolfssl-5.5.2.tar.gz # Hash for license files: sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk index 95d4f47952..d9fa72ccf4 100644 --- a/package/wolfssl/wolfssl.mk +++ b/package/wolfssl/wolfssl.mk @@ -4,7 +4,7 @@ # ################################################################################ -WOLFSSL_VERSION = 5.5.1 +WOLFSSL_VERSION = 5.5.2 WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable) WOLFSSL_INSTALL_STAGING = YES