NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d226d30286
kumquat-buildroot/package/wolfssl/wolfssl.mk
Fabrice Fontaine 0ed8bf6d2b package/wolfssl: security bump to version 4.5.0 
wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
2 side channel attack mitigations, 1 fix for a potential private key leak
in a specific use case, 1 fix for DTLS including those 3 CVEs:

- Fix CVE-2020-12457: An issue was discovered in wolfSSL before 4.5.0.
  It mishandles the change_cipher_spec (CCS) message processing logic
  for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a
  crafted way involving more than one in a row, the server becomes stuck
  in the ProcessReply() loop, i.e., a denial of service.
- Fix CVE-2020-15309: An issue was discovered in wolfSSL before 4.5.0,
  when single precision is not employed. Local attackers can conduct a
  cache-timing attack against public key operations. These attackers may
  already have obtained sensitive information if the affected system has
  been used for private key operations (e.g., signing with a private
  key).
- Fix CVE-2020-24585: An issue was discovered in the DTLS handshake
  implementation in wolfSSL before 4.5.0. Clear DTLS application_data
  messages in epoch 0 do not produce an out-of-order error. Instead,
  these messages are returned to the application.

Also update hash of LICENSING as well as WOLF_LICENSE due to later
verbage update with
970391319b

https://www.wolfssl.com/docs/security-vulnerabilities/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-29 10:36:52 +02:00

46 lines
1.2 KiB
Makefile
Raw Blame History

################################################################################
#
# wolfssl
#
################################################################################
WOLFSSL_VERSION = 4.5.0-stable
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION))
WOLFSSL_INSTALL_STAGING = YES
WOLFSSL_LICENSE = GPL-2.0+
WOLFSSL_LICENSE_FILES = COPYING LICENSING
WOLFSSL_DEPENDENCIES = host-pkgconf
# wolfssl's source code is released without a configure
# script, so we need autoreconf
WOLFSSL_AUTORECONF = YES
ifeq ($(BR2_PACKAGE_WOLFSSL_ALL),y)
WOLFSSL_CONF_OPTS += --enable-all
else
WOLFSSL_CONF_OPTS += --disable-all
endif
ifeq ($(BR2_PACKAGE_WOLFSSL_SSLV3),y)
WOLFSSL_CONF_OPTS += --enable-sslv3
else
WOLFSSL_CONF_OPTS += --disable-sslv3
endif
# enable ARMv8 hardware acceleration
ifeq ($(BR2_ARM_CPU_ARMV8A),y)
WOLFSSL_CONF_OPTS += --enable-armasm
# the flag -mstrict-align is needed to prevent build errors caused by
# some inline assembly in parts of the AES structure using the "m"
# constraint
ifeq ($(BR2_aarch64),y)
WOLFSSL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -mstrict-align"
endif
else
WOLFSSL_CONF_OPTS += --disable-armasm
endif
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink