From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 260CBC433FE for ; Tue, 8 Nov 2022 20:03:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id D26CA40A6E; Tue, 8 Nov 2022 20:03:24 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org D26CA40A6E X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1enOdpSe7dAP; Tue, 8 Nov 2022 20:03:24 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp2.osuosl.org (Postfix) with ESMTP id 052034048D; Tue, 8 Nov 2022 20:03:23 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 052034048D Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 4AA291BF422 for ; Tue, 8 Nov 2022 20:03:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 268694048D for ; Tue, 8 Nov 2022 20:03:22 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 268694048D X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DRBh3ZLOw56h for ; Tue, 8 Nov 2022 20:03:21 +0000 (UTC) Received: from busybox.osuosl.org (busybox.osuosl.org [140.211.167.122]) by smtp2.osuosl.org (Postfix) with ESMTP id 5AF044047C for ; Tue, 8 Nov 2022 20:03:21 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 5AF044047C Received: by busybox.osuosl.org (Postfix, from userid 4053) id 489EC80DA1; Tue, 8 Nov 2022 20:03:21 +0000 (UTC) From: Peter Korsgaard To: buildroot@buildroot.org Date: Tue, 8 Nov 2022 21:00:10 +0100 X-Git-Refname: refs/heads/2022.08.x X-Git-Oldrev: 09322d970b1f5486aa2f146dcfd9123debbb9de0 X-Git-Newrev: 70abf9b69b55d90a67158865b87fee81ffb5e731 X-Patchwork-Hint: ignore Message-Id: <20221108200321.489EC80DA1@busybox.osuosl.org> Subject: [Buildroot] [git commit branch/2022.08.x] package/wolfssl: security bump to version 5.5.2 X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" commit: https://git.buildroot.net/buildroot/commit/?id=70abf9b69b55d90a67158865b87fee81ffb5e731 branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.08.x In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections. This heap over read is limited to wolfSSL builds explicitly setting the macro WOLFSSL_CALLBACKS, the feature does not get turned on by any other build options. The macro WOLFSSL_CALLBACKS is intended for debug use only, but if having it enabled in production, users are recommended to disable WOLFSSL_CALLBACKS. Users enabling WOLFSSL_CALLBACKS are recommended to update their version of wolfSSL. CVE 2022-42905 https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard (cherry picked from commit 18b5d6205db7547d633d6ac4ea8ba4fdd81ecc35) Signed-off-by: Peter Korsgaard --- package/wolfssl/wolfssl.hash | 2 +- package/wolfssl/wolfssl.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash index 3849ffb9fc..65d77ca659 100644 --- a/package/wolfssl/wolfssl.hash +++ b/package/wolfssl/wolfssl.hash @@ -1,5 +1,5 @@ # Locally computed: -sha256 97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3 wolfssl-5.5.1.tar.gz +sha256 49c6195462cae034efe6c86268824ba515682508a5f5199358d56a4168a82cf0 wolfssl-5.5.2.tar.gz # Hash for license files: sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk index 95d4f47952..d9fa72ccf4 100644 --- a/package/wolfssl/wolfssl.mk +++ b/package/wolfssl/wolfssl.mk @@ -4,7 +4,7 @@ # ################################################################################ -WOLFSSL_VERSION = 5.5.1 +WOLFSSL_VERSION = 5.5.2 WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable) WOLFSSL_INSTALL_STAGING = YES _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot