Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/2] package/strongswan: fix build w/ wolfssl 5.9.2
@ 2026-06-30 21:27 Thomas Perale via buildroot
  2026-06-30 21:27 ` [Buildroot] [PATCH 2/2] package/wolfssl: security bump to v5.9.2 Thomas Perale via buildroot
  2026-07-04 14:42 ` [Buildroot] [PATCH 1/2] package/strongswan: fix build w/ wolfssl 5.9.2 Julien Olivain via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-06-30 21:27 UTC (permalink / raw)
  To: buildroot; +Cc: Jérôme Pouiller, Sergio Prado

The 'mlkem.h' header is no longer present in wolfssl v5.9.2 [1] and the
content was merged in the 'wc_mlkem.h' header.

[1] https://github.com/wolfSSL/wolfssl/commit/7a2cf5b655541013ed8c93ecc9f598146abf2916

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 ...lfssl-Adapt-to-removed-ML-KEM-header.patch | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 package/strongswan/0001-wolfssl-Adapt-to-removed-ML-KEM-header.patch

diff --git a/package/strongswan/0001-wolfssl-Adapt-to-removed-ML-KEM-header.patch b/package/strongswan/0001-wolfssl-Adapt-to-removed-ML-KEM-header.patch
new file mode 100644
index 0000000000..a2eba92612
--- /dev/null
+++ b/package/strongswan/0001-wolfssl-Adapt-to-removed-ML-KEM-header.patch
@@ -0,0 +1,29 @@
+From 98b133c54c5e3f66f46a5bb11c9b09d06fdc8469 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Fri, 26 Jun 2026 08:10:16 +0200
+Subject: [PATCH] wolfssl: Adapt to removed ML-KEM header
+
+The mlkem.h header that mainly defined aliases for the old wc_Kyber* API
+has been removed and its contents moved to the wc_mlkem.h header.
+
+Upstream: https://github.com/strongswan/strongswan/commit/98b133c54c5e3f66f46a5bb11c9b09d06fdc8469.patch
+Signed-off-by: Thomas Perale <thomas.perale@mind.be>
+---
+ src/libstrongswan/plugins/wolfssl/wolfssl_kem.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_kem.c b/src/libstrongswan/plugins/wolfssl/wolfssl_kem.c
+index 042a7e70616..786aecab4cd 100644
+--- a/src/libstrongswan/plugins/wolfssl/wolfssl_kem.c
++++ b/src/libstrongswan/plugins/wolfssl/wolfssl_kem.c
+@@ -25,10 +25,7 @@
+ 
+ #ifdef WOLFSSL_HAVE_MLKEM
+ 
+-#include <wolfssl/wolfcrypt/mlkem.h>
+-#ifdef WOLFSSL_WC_MLKEM
+ #include <wolfssl/wolfcrypt/wc_mlkem.h>
+-#endif
+ 
+ typedef struct private_key_exchange_t private_key_exchange_t;
+ 
-- 
2.54.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [Buildroot] [PATCH 2/2] package/wolfssl: security bump to v5.9.2
  2026-06-30 21:27 [Buildroot] [PATCH 1/2] package/strongswan: fix build w/ wolfssl 5.9.2 Thomas Perale via buildroot
@ 2026-06-30 21:27 ` Thomas Perale via buildroot
  2026-07-04 14:42 ` [Buildroot] [PATCH 1/2] package/strongswan: fix build w/ wolfssl 5.9.2 Julien Olivain via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-06-30 21:27 UTC (permalink / raw)
  To: buildroot; +Cc: Jérôme Pouiller, Sergio Prado

For more information about the release, see:

- https://github.com/wolfSSL/wolfssl/releases/tag/v5.9.2-stable

Fixes the following vulnerabilities:

- CVE-2026-6091: https://www.cve.org/CVERecord?id=CVE-2026-6091

- CVE-2026-6092: https://www.cve.org/CVERecord?id=CVE-2026-6092

- CVE-2026-6094: https://www.cve.org/CVERecord?id=CVE-2026-6094

- CVE-2026-6291: https://www.cve.org/CVERecord?id=CVE-2026-6291

- CVE-2026-6325: https://www.cve.org/CVERecord?id=CVE-2026-6325

- CVE-2026-6329: https://www.cve.org/CVERecord?id=CVE-2026-6329

- CVE-2026-6330: https://www.cve.org/CVERecord?id=CVE-2026-6330

- CVE-2026-6331: https://www.cve.org/CVERecord?id=CVE-2026-6331

- CVE-2026-6412: https://www.cve.org/CVERecord?id=CVE-2026-6412

- CVE-2026-6450: https://www.cve.org/CVERecord?id=CVE-2026-6450

- CVE-2026-6678: https://www.cve.org/CVERecord?id=CVE-2026-6678

- CVE-2026-6681: https://www.cve.org/CVERecord?id=CVE-2026-6681

- CVE-2026-6731: https://www.cve.org/CVERecord?id=CVE-2026-6731

- CVE-2026-7511: https://www.cve.org/CVERecord?id=CVE-2026-7511

- CVE-2026-7531: https://www.cve.org/CVERecord?id=CVE-2026-7531

- CVE-2026-7532: https://www.cve.org/CVERecord?id=CVE-2026-7532

- CVE-2026-8720: https://www.cve.org/CVERecord?id=CVE-2026-8720

- CVE-2026-10097: https://www.cve.org/CVERecord?id=CVE-2026-10097

- CVE-2026-10098: https://www.cve.org/CVERecord?id=CVE-2026-10098

- CVE-2026-10512: https://www.cve.org/CVERecord?id=CVE-2026-10512

- CVE-2026-10592: https://www.cve.org/CVERecord?id=CVE-2026-10592

- CVE-2026-11310: https://www.cve.org/CVERecord?id=CVE-2026-11310

- CVE-2026-11703: https://www.cve.org/CVERecord?id=CVE-2026-11703

- CVE-2026-11999: https://www.cve.org/CVERecord?id=CVE-2026-11999

- CVE-2026-12340: https://www.cve.org/CVERecord?id=CVE-2026-12340

- CVE-2026-55958: https://www.cve.org/CVERecord?id=CVE-2026-55958

- CVE-2026-55960: https://www.cve.org/CVERecord?id=CVE-2026-55960

- CVE-2026-55961: https://www.cve.org/CVERecord?id=CVE-2026-55961

- CVE-2026-55962: https://www.cve.org/CVERecord?id=CVE-2026-55962

- CVE-2026-55964: https://www.cve.org/CVERecord?id=CVE-2026-55964

- CVE-2026-55967: https://www.cve.org/CVERecord?id=CVE-2026-55967

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 ...TS_H-in-options.h-rather-than-config.patch | 59 -------------------
 package/wolfssl/wolfssl.hash                  |  2 +-
 package/wolfssl/wolfssl.mk                    |  2 +-
 3 files changed, 2 insertions(+), 61 deletions(-)
 delete mode 100644 package/wolfssl/0001-Define-HAVE_LIMITS_H-in-options.h-rather-than-config.patch

diff --git a/package/wolfssl/0001-Define-HAVE_LIMITS_H-in-options.h-rather-than-config.patch b/package/wolfssl/0001-Define-HAVE_LIMITS_H-in-options.h-rather-than-config.patch
deleted file mode 100644
index 0599f9d615..0000000000
--- a/package/wolfssl/0001-Define-HAVE_LIMITS_H-in-options.h-rather-than-config.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From b54173fc402c30e81d66b84e2f9725cb6d944b40 Mon Sep 17 00:00:00 2001
-From: Kareem <kareem@wolfssl.com>
-Date: Fri, 27 Mar 2026 17:01:02 -0700
-Subject: [PATCH] Define HAVE_LIMITS_H in options.h rather than config.h since
- types.h depends on this definition and config.h isn't consistently available
- at runtime. Fixes #9936.
-
-Upstream: https://github.com/wolfSSL/wolfssl/pull/10097
-
-Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
----
- cmake/config.in    | 3 ---
- cmake/options.h.in | 3 +++
- configure.ac       | 4 +++-
- 3 files changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/cmake/config.in b/cmake/config.in
-index f2524e41e43..6054b6dbe7b 100644
---- a/cmake/config.in
-+++ b/cmake/config.in
-@@ -19,9 +19,6 @@
- /* Define to 1 if you have the `gmtime_r' function. */
- #cmakedefine HAVE_GMTIME_R @HAVE_GMTIME_R@
- 
--/* Define to 1 if you have the <limits.h> header file. */
--#cmakedefine HAVE_LIMITS_H @HAVE_LIMITS_H@
--
- /* Define to 1 if you have the <pcap/pcap.h> header file. */
- #cmakedefine HAVE_PCAP_PCAP_H @HAVE_PCAP_PCAP_H@
- 
-diff --git a/cmake/options.h.in b/cmake/options.h.in
-index 985b54241d6..c46ada8045d 100644
---- a/cmake/options.h.in
-+++ b/cmake/options.h.in
-@@ -33,6 +33,9 @@ extern "C" {
- #endif
- 
- #ifndef WOLFSSL_OPTIONS_IGNORE_SYS
-+/* Since types.h depends on HAVE_LIMITS_H, we must define it in options.h. */
-+#undef HAVE_LIMITS_H
-+#cmakedefine HAVE_LIMITS_H @HAVE_LIMITS_H@
- #undef _GNU_SOURCE
- #cmakedefine _GNU_SOURCE
- #undef _POSIX_THREADS
-diff --git a/configure.ac b/configure.ac
-index bce600f2ecc..c5cf9f320c7 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -185,7 +185,9 @@ AC_ARG_ENABLE([freebsdkm-crypto-register],
-     [ENABLED_BSDKM_REGISTER=no]
-     )
- 
--AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])
-+AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])
-+# Special case: Since types.h depends on HAVE_LIMITS_H, we must define it in options.h.
-+AC_CHECK_HEADER([limits.h], [AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIMITS_H=1"], [])
- AC_CHECK_LIB([network],[socket])
- AC_C_BIGENDIAN
- AC_C___ATOMIC
diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash
index e1ecd5f98a..c259734875 100644
--- a/package/wolfssl/wolfssl.hash
+++ b/package/wolfssl/wolfssl.hash
@@ -1,5 +1,5 @@
 # Locally computed:
-sha256  d5ca7af48cd2d9a91d539e9baedeba55a0605a28d7ac8b01dc3d5254a13ca341  wolfssl-5.9.1.tar.gz
+sha256  2f4ef3d4fd387a9b3191d36a6316d69116c46ff69bb9583b6c82b36d7b8ca114  wolfssl-5.9.2.tar.gz
 
 # Hash for license files:
 sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk
index 44f51e06e6..779fd2cabf 100644
--- a/package/wolfssl/wolfssl.mk
+++ b/package/wolfssl/wolfssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WOLFSSL_VERSION = 5.9.1
+WOLFSSL_VERSION = 5.9.2
 WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)
 WOLFSSL_INSTALL_STAGING = YES
 
-- 
2.54.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Buildroot] [PATCH 1/2] package/strongswan: fix build w/ wolfssl 5.9.2
  2026-06-30 21:27 [Buildroot] [PATCH 1/2] package/strongswan: fix build w/ wolfssl 5.9.2 Thomas Perale via buildroot
  2026-06-30 21:27 ` [Buildroot] [PATCH 2/2] package/wolfssl: security bump to v5.9.2 Thomas Perale via buildroot
@ 2026-07-04 14:42 ` Julien Olivain via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Julien Olivain via buildroot @ 2026-07-04 14:42 UTC (permalink / raw)
  To: Thomas Perale; +Cc: buildroot, Jérôme Pouiller, Sergio Prado

On 30/06/2026 23:27, Thomas Perale via buildroot wrote:
> The 'mlkem.h' header is no longer present in wolfssl v5.9.2 [1] and the
> content was merged in the 'wc_mlkem.h' header.
> 
> [1] 
> https://github.com/wolfSSL/wolfssl/commit/7a2cf5b655541013ed8c93ecc9f598146abf2916
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Series applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-07-04 14:42 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-30 21:27 [Buildroot] [PATCH 1/2] package/strongswan: fix build w/ wolfssl 5.9.2 Thomas Perale via buildroot
2026-06-30 21:27 ` [Buildroot] [PATCH 2/2] package/wolfssl: security bump to v5.9.2 Thomas Perale via buildroot
2026-07-04 14:42 ` [Buildroot] [PATCH 1/2] package/strongswan: fix build w/ wolfssl 5.9.2 Julien Olivain via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox