kumquat-buildroot/package/wolfssl/wolfssl.mk
Fabrice Fontaine bb94d3d0fb package/wolfssl: security bump to version 5.7.0
Vulnerabilities
 - [High] CVE-2024-0901 Potential denial of service and out of bounds
   read. Affects TLS 1.3 on the server side when accepting a connection
   from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
   it is recommended to update the version of wolfSSL used.
 - [Med] CVE-2024-1545 Fault Injection vulnerability in
   RsaPrivateDecryption function that potentially allows an attacker
   that has access to the same system with a victims process to perform
   a Rowhammer fault injection.
 - [Med] Fault injection attack with EdDSA signature operations. This
   affects ed25519 sign operations where the system could be susceptible
   to Rowhammer attacks.

No official tarball provided so switch to github and set autoreconf

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 3a2891621c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-05-03 09:07:47 +02:00

55 lines
1.4 KiB
Makefile

################################################################################
#
# wolfssl
#
################################################################################
WOLFSSL_VERSION = 5.7.0
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
WOLFSSL_INSTALL_STAGING = YES
WOLFSSL_LICENSE = GPL-2.0+
WOLFSSL_LICENSE_FILES = COPYING LICENSING
WOLFSSL_CPE_ID_VENDOR = wolfssl
WOLFSSL_CONFIG_SCRIPTS = wolfssl-config
# From git
WOLFSSL_AUTORECONF = YES
WOLFSSL_DEPENDENCIES = host-pkgconf
WOLFSSL_CONF_OPTS = --disable-examples --disable-crypttests
ifeq ($(BR2_PACKAGE_WOLFSSL_ALL),y)
WOLFSSL_CONF_OPTS += --enable-all
else
WOLFSSL_CONF_OPTS += --disable-all
endif
ifeq ($(BR2_PACKAGE_WOLFSSL_SSLV3),y)
WOLFSSL_CONF_OPTS += --enable-sslv3
else
WOLFSSL_CONF_OPTS += --disable-sslv3
endif
ifeq ($(BR2_PACKAGE_WOLFSSL_ASM_SUPPORTS),y)
WOLFSSL_CONF_OPTS += --enable-asm
else
WOLFSSL_CONF_OPTS += --disable-asm
endif
# enable ARMv8 hardware acceleration
ifeq ($(BR2_aarch64),y)
WOLFSSL_CONF_OPTS += --enable-armasm
# the flag -mstrict-align is needed to prevent build errors caused by
# some inline assembly in parts of the AES structure using the "m"
# constraint
WOLFSSL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -mstrict-align"
else
WOLFSSL_CONF_OPTS += --disable-armasm
endif
ifeq ($(BR2_ARM_INSTRUCTIONS_THUMB),y)
WOLFSSL_CONF_OPTS += --with-arm-target=thumb
endif
$(eval $(autotools-package))