diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2019-08-05 11:52:08 -0300 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-08-17 17:00:10 +0200 |
| commit | b35e1360cd4f1c9cab9aa219decedec99f948982 (patch) | |
| tree | cd525754423e96995b2613c3ebb425f201d71d20 /package/libs/wolfssl/patches | |
| parent | 3809b6662d7a5959c6a8958d7069978db79440d5 (diff) | |
| download | upstream-b35e1360cd4f1c9cab9aa219decedec99f948982.tar.gz upstream-b35e1360cd4f1c9cab9aa219decedec99f948982.tar.bz2 upstream-b35e1360cd4f1c9cab9aa219decedec99f948982.zip | |
wolfssl: bump to 4.1.0-stable
Always build AES-GCM support.
Unnecessary patches were removed.
This includes two vulnerability fixes:
CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.
This brings the package up-to-date with master, so it incorporates
changes from 4.0.0 in master:
* Removed options that can't be turned off because we're building with
--enable-stunnel, some of which affect hostapd's Config.in.
* Adjusted the title of OCSP option, as OCSP itself can't be turned off,
only the stapling part is selectable.
* Mark options turned on when wpad support is selected.
* Add building options for TLS 1.0, and TLS 1.3.
* Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
* Reorganized option conditionals in Makefile.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/wolfssl/patches')
4 files changed, 1 insertions, 57 deletions
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 8a51434633..5d83eca770 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -1759,7 +1759,7 @@ extern void uITRON4_free(void *p) ; +@@ -1930,7 +1930,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ diff --git a/package/libs/wolfssl/patches/101-AR-flags-configure-update.patch b/package/libs/wolfssl/patches/101-AR-flags-configure-update.patch deleted file mode 100644 index 9401a54a5b..0000000000 --- a/package/libs/wolfssl/patches/101-AR-flags-configure-update.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 42eacece82b6375a9f4bab3903a1a39f7d1dd579 Mon Sep 17 00:00:00 2001 -From: John Safranek <john@wolfssl.com> -Date: Tue, 5 Mar 2019 09:26:30 -0800 -Subject: [PATCH] AR flags configure update In at least one environment the - check for particular AR options was failing due to a bash script bug. Deleted - an extra pair of parenthesis triggering an arithmetic statement when - redundant grouping was desired. - ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -15,7 +15,7 @@ AC_CONFIG_AUX_DIR([build-aux]) - : ${CFLAGS=""} - - # Test ar for the "U" option. Should be checked before the libtool macros. --xxx_ar_flags=$((ar --help) 2>&1) -+xxx_ar_flags=$(ar --help 2>&1) - AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}]) - - AC_PROG_CC diff --git a/package/libs/wolfssl/patches/400-additional_compatibility.patch b/package/libs/wolfssl/patches/400-additional_compatibility.patch deleted file mode 100644 index 1464e9d2a8..0000000000 --- a/package/libs/wolfssl/patches/400-additional_compatibility.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/cyassl/openssl/ssl.h -+++ b/cyassl/openssl/ssl.h -@@ -28,6 +28,9 @@ - #define CYASSL_OPENSSL_H_ - - #include <cyassl/ssl.h> -+#ifndef HAVE_SNI -+#undef CYASSL_SNI_HOST_NAME -+#endif - #include <wolfssl/openssl/ssl.h> - - #endif diff --git a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch deleted file mode 100644 index 6b0861288f..0000000000 --- a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -4614,7 +4614,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta - AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) - - AX_CREATE_GENERIC_CONFIG --AX_AM_JOBSERVER([yes]) - - AC_OUTPUT - ---- a/Makefile.am -+++ b/Makefile.am -@@ -20,8 +20,6 @@ dist_noinst_SCRIPTS = - noinst_SCRIPTS = - check_SCRIPTS = - --#includes additional rules from aminclude.am --@INC_AMINCLUDE@ - DISTCLEANFILES+= aminclude.am - - CLEANFILES+= cert.der \ |