NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1573761e60
kumquat-buildroot/package/wolfssl/wolfssl.mk
Fabrice Fontaine cd82a913d4 package/wolfssl: security bump to version 5.4.0 
Fix the following vulnerabilities:
 - [High] Potential for DTLS DoS attack. In wolfSSL versions before
   5.4.0 the return-routability check is wrongly skipped in a specific
   edge case. The check on the return-routability is there for stopping
   attacks that either consume excessive resources on the server, or try
   to use the server as an amplifier sending an excessive amount of
   messages to a victim IP. If using DTLS 1.0/1.2 on the server side
   users should update to avoid the potential DoS attack. CVE-2022-34293
 - [Medium] Ciphertext side channel attack on ECC and DH operations.
   Users on systems where rogue agents can monitor memory use should
   update the version of wolfSSL and change private ECC keys.

https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
https://www.wolfssl.com/docs/security-vulnerabilities/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-08-08 22:48:17 +02:00

49 lines
1.3 KiB
Makefile
Raw Blame History

################################################################################
#
# wolfssl
#
################################################################################
WOLFSSL_VERSION = 5.4.0
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
WOLFSSL_INSTALL_STAGING = YES
WOLFSSL_LICENSE = GPL-2.0+
WOLFSSL_LICENSE_FILES = COPYING LICENSING
WOLFSSL_CPE_ID_VENDOR = wolfssl
WOLFSSL_CONFIG_SCRIPTS = wolfssl-config
WOLFSSL_DEPENDENCIES = host-pkgconf
# wolfssl's source code is released without a configure
# script, so we need autoreconf
WOLFSSL_AUTORECONF = YES
WOLFSSL_CONF_OPTS = --disable-examples --disable-crypttests
ifeq ($(BR2_PACKAGE_WOLFSSL_ALL),y)
WOLFSSL_CONF_OPTS += --enable-all
else
WOLFSSL_CONF_OPTS += --disable-all
endif
ifeq ($(BR2_PACKAGE_WOLFSSL_SSLV3),y)
WOLFSSL_CONF_OPTS += --enable-sslv3
else
WOLFSSL_CONF_OPTS += --disable-sslv3
endif
# enable ARMv8 hardware acceleration
ifeq ($(BR2_ARM_CPU_ARMV8A),y)
WOLFSSL_CONF_OPTS += --enable-armasm
# the flag -mstrict-align is needed to prevent build errors caused by
# some inline assembly in parts of the AES structure using the "m"
# constraint
ifeq ($(BR2_aarch64),y)
WOLFSSL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -mstrict-align"
endif
else
WOLFSSL_CONF_OPTS += --disable-armasm
endif
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink