* [Buildroot] [PATCH 1/1] package/wolfssl: bump to version 5.5.3
@ 2022-11-03 22:52 Fabrice Fontaine
2022-11-05 21:00 ` Thomas Petazzoni via buildroot
2022-11-14 15:47 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-11-03 22:52 UTC (permalink / raw)
To: buildroot; +Cc: Sergio Prado, Fabrice Fontaine
Fix for possible buffer zeroization overrun introduced at the end of
v5.5.2 release cycle in GitHub pull request 5743 (#5743) and fixed in
pull request 5757 (#5757). In the case where a specific memory
allocation failed or a hardware fault happened there was the potential
for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and
lower operations. (D)TLS 1.3 only and crypto only users are not affected
by the issue. This is not related in any way to recent issues reported
in OpenSSL.
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/wolfssl/wolfssl.hash | 2 +-
package/wolfssl/wolfssl.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash
index 65d77ca659..08262113a0 100644
--- a/package/wolfssl/wolfssl.hash
+++ b/package/wolfssl/wolfssl.hash
@@ -1,5 +1,5 @@
# Locally computed:
-sha256 49c6195462cae034efe6c86268824ba515682508a5f5199358d56a4168a82cf0 wolfssl-5.5.2.tar.gz
+sha256 fd3135b8657d09fb96a8aad16585da850b96ea420ae8ce5ac4d5fdfc614c2683 wolfssl-5.5.3.tar.gz
# Hash for license files:
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk
index d9fa72ccf4..cd3acd9411 100644
--- a/package/wolfssl/wolfssl.mk
+++ b/package/wolfssl/wolfssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WOLFSSL_VERSION = 5.5.2
+WOLFSSL_VERSION = 5.5.3
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
WOLFSSL_INSTALL_STAGING = YES
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/wolfssl: bump to version 5.5.3
2022-11-03 22:52 [Buildroot] [PATCH 1/1] package/wolfssl: bump to version 5.5.3 Fabrice Fontaine
@ 2022-11-05 21:00 ` Thomas Petazzoni via buildroot
2022-11-14 15:47 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-11-05 21:00 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Sergio Prado, buildroot
On Thu, 3 Nov 2022 23:52:24 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Fix for possible buffer zeroization overrun introduced at the end of
> v5.5.2 release cycle in GitHub pull request 5743 (#5743) and fixed in
> pull request 5757 (#5757). In the case where a specific memory
> allocation failed or a hardware fault happened there was the potential
> for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and
> lower operations. (D)TLS 1.3 only and crypto only users are not affected
> by the issue. This is not related in any way to recent issues reported
> in OpenSSL.
>
> https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/wolfssl/wolfssl.hash | 2 +-
> package/wolfssl/wolfssl.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
It's a version bump, but really a pure bug fix release, with very
limited changes, so I decided to take it in master. Applied, thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/wolfssl: bump to version 5.5.3
2022-11-03 22:52 [Buildroot] [PATCH 1/1] package/wolfssl: bump to version 5.5.3 Fabrice Fontaine
2022-11-05 21:00 ` Thomas Petazzoni via buildroot
@ 2022-11-14 15:47 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-11-14 15:47 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Sergio Prado, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix for possible buffer zeroization overrun introduced at the end of
> v5.5.2 release cycle in GitHub pull request 5743 (#5743) and fixed in
> pull request 5757 (#5757). In the case where a specific memory
> allocation failed or a hardware fault happened there was the potential
> for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and
> lower operations. (D)TLS 1.3 only and crypto only users are not affected
> by the issue. This is not related in any way to recent issues reported
> in OpenSSL.
> https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-14 15:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-03 22:52 [Buildroot] [PATCH 1/1] package/wolfssl: bump to version 5.5.3 Fabrice Fontaine
2022-11-05 21:00 ` Thomas Petazzoni via buildroot
2022-11-14 15:47 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox