projects / openwrt / staging / hauke.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 914d912)
treewide: fix security issues by bumping all packages using libwolfssl
authorPetr Štetiar <ynezz@true.cz>
Thu, 29 Sep 2022 16:45:40 +0000 (18:45 +0200)
committerPetr Štetiar <ynezz@true.cz>
Wed, 5 Oct 2022 19:09:50 +0000 (21:09 +0200)
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f1b7e1434f66a3cb09cb9e70b40add354a22e458)
(cherry picked from commit 562894b39da381264a34ce31e9334c8a036fa139)

package/libs/ustream-ssl/Makefile patch | blob | history
package/network/services/hostapd/Makefile patch | blob | history
package/utils/px5g-wolfssl/Makefile patch | blob | history

diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile
index 7d9e830381dcbca095aded88350357a289e556c0..4f474978db7713f00f1f2a07616be11aa61cc872 100644 (file)
--- a/package/libs/ustream-ssl/Makefile
+++ b/package/libs/ustream-ssl/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ustream-ssl
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index e529a2efd34e68fd1c4be57a30ef3de164fd9fdc..001bdb439e2e2e7aa8d1fb3ae505831102e0a4b3 100644 (file)
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=40
+PKG_RELEASE:=41
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
diff --git a/package/utils/px5g-wolfssl/Makefile b/package/utils/px5g-wolfssl/Makefile
index 90296008d687b463b3777dabc7e177083b11ac82..264a12aa4dd69b3b639c8f4bf120c16d8eea1f08 100644 (file)
--- a/package/utils/px5g-wolfssl/Makefile
+++ b/package/utils/px5g-wolfssl/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g-wolfssl
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=$(COMMITCOUNT).1
 PKG_LICENSE:=GPL-2.0-or-later
 
 PKG_USE_MIPS16:=0
Hauke Mehrtens staging tree