diff mbox series

[21.02,1/5] wolfssl: bump to v5.3.0-stable

Message ID 20221005094630.5311-2-ynezz@true.cz
State Accepted
Delegated to: Petr Štetiar
Headers show
Series backport fix for TLSv1.3 RCE in uhttpd by using 5.5.1-stable | expand

Commit Message

Petr Štetiar Oct. 5, 2022, 9:46 a.m. UTC
From: Eneas U de Queiroz <cotequeiroz@gmail.com>

This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890baa5c0bfa46f53c5387f5e47de1acb)
(cherry picked from commit 6f8db8fee3b7bd5cb8b1b2be59ee710a8f96860b)
---
 package/libs/wolfssl/Makefile                 |  4 ++--
 ...fix-SSL_get_verify_result-regression.patch | 24 -------------------
 ...rt-devcrypto-devcrypto_aes.c-remove-.patch | 19 ---------------
 3 files changed, 2 insertions(+), 45 deletions(-)
 delete mode 100644 package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
 delete mode 100644 package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
diff mbox series

Patch

diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index e8bf252de68c..1324a439299b 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@ 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.2.0-stable
+PKG_VERSION:=5.3.0-stable
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=409b4646c5f54f642de0e9f3544c3b83de7238134f5b1ff93fb44527bf119d05
+PKG_HASH:=1a3bb310dc01d3e73d9ad91b6ea8249d081016f8eef4ae8f21d3421f91ef1de9
 
 PKG_FIXUP:=libtool libtool-abiver
 PKG_INSTALL:=1
diff --git a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch b/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
deleted file mode 100644
index d6e799874469..000000000000
--- a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
+++ /dev/null
@@ -1,24 +0,0 @@ 
-From 87e43dd63ba429297e439f2dfd1ee8b45981e18b Mon Sep 17 00:00:00 2001
-From: Juliusz Sosinowicz <juliusz@wolfssl.com>
-Date: Sat, 12 Feb 2022 00:34:24 +0100
-Subject: [PATCH] Reported in ZD13631
-
-`ssl->peerVerifyRet` wasn't being cleared when retrying with an alternative cert chain
-
-References: https://github.com/wolfSSL/wolfssl/issues/4879
----
- src/internal.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/src/internal.c
-+++ b/src/internal.c
-@@ -12342,6 +12342,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte*
-                             }
- 
-                             ret = 0; /* clear errors and continue */
-+                    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-+                            ssl->peerVerifyRet = 0;
-+                    #endif
-                             args->verifyErr = 0;
-                         }
- 
diff --git a/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch b/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
deleted file mode 100644
index 3c0c0a07afba..000000000000
--- a/package/libs/wolfssl/patches/400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
+++ /dev/null
@@ -1,19 +0,0 @@ 
-From 096889927d9528d4fbeb3aab56d1fe8225d2e7ec Mon Sep 17 00:00:00 2001
-From: Daniel Pouzzner <douzzer@wolfssl.com>
-Date: Thu, 14 Apr 2022 20:23:31 -0500
-Subject: [PATCH] wolfcrypt/src/port/devcrypto/devcrypto_aes.c: remove
- redundant "int ret" in wc_AesCtrEncrypt() (supersedes #5052).
-
-
-diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-index 3bc1d5bb1..28e145e27 100644
---- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
-@@ -208,7 +208,6 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-     int ret;
-     struct crypt_op crt;
-     byte* tmp;
--    int ret;
- 
-     if (aes == NULL || out == NULL || in == NULL) {
-         return BAD_FUNC_ARG;