From 34b681cfefe2aee03df290715f3047f624595288 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine <fontaine.fabrice@gmail.com> Date: Thu, 3 Nov 2022 23:52:24 +0100 Subject: [PATCH] package/wolfssl: bump to version 5.5.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix for possible buffer zeroization overrun introduced at the end of v5.5.2 release cycle in GitHub pull request 5743 (#5743) and fixed in pull request 5757 (#5757). In the case where a specific memory allocation failed or a hardware fault happened there was the potential for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and lower operations. (D)TLS 1.3 only and crypto only users are not affected by the issue. This is not related in any way to recent issues reported in OpenSSL. https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> --- package/wolfssl/wolfssl.hash | 2 +- package/wolfssl/wolfssl.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash index 65d77ca659..08262113a0 100644 --- a/package/wolfssl/wolfssl.hash +++ b/package/wolfssl/wolfssl.hash @@ -1,5 +1,5 @@ # Locally computed: -sha256 49c6195462cae034efe6c86268824ba515682508a5f5199358d56a4168a82cf0 wolfssl-5.5.2.tar.gz +sha256 fd3135b8657d09fb96a8aad16585da850b96ea420ae8ce5ac4d5fdfc614c2683 wolfssl-5.5.3.tar.gz # Hash for license files: sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk index d9fa72ccf4..cd3acd9411 100644 --- a/package/wolfssl/wolfssl.mk +++ b/package/wolfssl/wolfssl.mk @@ -4,7 +4,7 @@ # ################################################################################ -WOLFSSL_VERSION = 5.5.2 +WOLFSSL_VERSION = 5.5.3 WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable) WOLFSSL_INSTALL_STAGING = YES