diff options
author | Hauke Mehrtens <hauke@openwrt.org> | 2016-03-01 22:50:29 +0000 |
---|---|---|
committer | Hauke Mehrtens <hauke@openwrt.org> | 2016-03-01 22:50:29 +0000 |
commit | 3728299e80ce602d341d1c79eff767b280a57a15 (patch) | |
tree | 40dd862793dccf0d6059c5056dbd2244706da1e8 /package/libs/cyassl/patches | |
parent | ceaedb643a85a140769928a61fc3e3184d1d2c8e (diff) | |
download | upstream-3728299e80ce602d341d1c79eff767b280a57a15.tar.gz upstream-3728299e80ce602d341d1c79eff767b280a57a15.tar.bz2 upstream-3728299e80ce602d341d1c79eff767b280a57a15.zip |
CC: cyassl: update to wolfssl version 3.8.0 to fix security problems
Backport of:
r46167: cyassl: version bump to 3.4.6
r46168: cyassl: update to wolfssl 3.6.0
r46551: cyassl: the upstream package in version 4.6.0 changed
r47791: cyassl: update to wolfSSL version 3.7.0
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925
r48616: cyassl: update to wolfssl version 3.8.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48873 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/libs/cyassl/patches')
4 files changed, 28 insertions, 31 deletions
diff --git a/package/libs/cyassl/patches/100-respect_cflags.patch b/package/libs/cyassl/patches/100-respect_cflags.patch deleted file mode 100644 index 0e03230dcf..0000000000 --- a/package/libs/cyassl/patches/100-respect_cflags.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -47,7 +47,7 @@ AC_SUBST([CYASSL_LIBRARY_VERSION]) - - # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even - # if user doesn't override, no way to tell --USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS" -+USER_C_EXTRA_FLAGS="$CFLAGS" - - LT_PREREQ([2.2]) - LT_INIT([disable-static],[win32-dll]) diff --git a/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch b/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch deleted file mode 100644 index 5463cb0cf9..0000000000 --- a/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/src/internal.c -+++ b/src/internal.c -@@ -6037,6 +6037,10 @@ int ProcessReply(CYASSL* ssl) - b1 = - ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++]; - ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1); -+ -+ /* does not appear to a be a SSLv2 client hello */ -+ if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 ) -+ return UNKNOWN_HANDSHAKE_TYPE; - } - else { - ssl->options.processReply = getRecordLayerHeader; diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch index d81e416180..a35cdadc8e 100644 --- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch +++ b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch @@ -1,10 +1,19 @@ ---- a/cyassl/openssl/ssl.h -+++ b/cyassl/openssl/ssl.h -@@ -372,6 +373,7 @@ - #define SSL_CTX_get_ex_new_index CyaSSL_CTX_get_ex_new_index +--- a/wolfssl/openssl/ssl.h ++++ b/wolfssl/openssl/ssl.h +@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR + /* yassl had set the default to be 500 */ + #define SSL_get_default_timeout(ctx) 500 ++#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) ++ + /* Lighthttp compatability */ -+#define SSL_set_tlsext_host_name(x, y) CyaSSL_UseSNI(x, CYASSL_SNI_HOST_NAME, y, strlen(y)) + #ifdef HAVE_LIGHTY +@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_ + #define SSL_TLSEXT_ERR_NOACK alert_warning + #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME - #ifdef __cplusplus - } /* extern "C" */ +-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name + #define SSL_get_servername wolfSSL_get_servername + #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX + #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch new file mode 100644 index 0000000000..4d75d98906 --- /dev/null +++ b/package/libs/cyassl/patches/400-additional_compatibility.patch @@ -0,0 +1,12 @@ +--- a/cyassl/openssl/ssl.h ++++ b/cyassl/openssl/ssl.h +@@ -27,6 +27,9 @@ + #define CYASSL_OPENSSL_H_ + + #include <cyassl/ssl.h> ++#ifndef HAVE_SNI ++#undef CYASSL_SNI_HOST_NAME ++#endif + #include <wolfssl/openssl/ssl.h> + + #endif |