From d0c4bd703a424f69451d7774727680fae2b4daa3 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Tue, 26 Dec 2023 23:43:46 +0100 Subject: [PATCH] package/wolfssl: security bump to version 5.6.6 - Use official tarball and so drop autoreconf - Fix CVE-2023-6935, CVE-2023-6936 and CVE-2023-6937 https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/wolfssl/wolfssl.hash | 2 +- package/wolfssl/wolfssl.mk | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash index fb5a570de8..59e42e98b9 100644 --- a/package/wolfssl/wolfssl.hash +++ b/package/wolfssl/wolfssl.hash @@ -1,5 +1,5 @@ # Locally computed: -sha256 031691906794ff45e1e792561cf31759f5d29ac74936bc8dffb8b14f16d820b4 wolfssl-5.6.4.tar.gz +sha256 75aaafe3b8c776d1ac417288116c8d444115f9fac5acb382a39a7d163dfd618d wolfssl-5.6.6.tar.gz # Hash for license files: sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk index 17452fdcaf..68c69afd59 100644 --- a/package/wolfssl/wolfssl.mk +++ b/package/wolfssl/wolfssl.mk @@ -4,8 +4,8 @@ # ################################################################################ -WOLFSSL_VERSION = 5.6.4 -WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable) +WOLFSSL_VERSION = 5.6.6 +WOLFSSL_SITE = https://github.com/wolfSSL/wolfssl/releases/download/v$(WOLFSSL_VERSION)-stable WOLFSSL_INSTALL_STAGING = YES WOLFSSL_LICENSE = GPL-2.0+ @@ -14,10 +14,6 @@ WOLFSSL_CPE_ID_VENDOR = wolfssl WOLFSSL_CONFIG_SCRIPTS = wolfssl-config WOLFSSL_DEPENDENCIES = host-pkgconf -# wolfssl's source code is released without a configure -# script, so we need autoreconf -WOLFSSL_AUTORECONF = YES - WOLFSSL_CONF_OPTS = --disable-examples --disable-crypttests ifeq ($(BR2_PACKAGE_WOLFSSL_ALL),y)