ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-19 13:48:06 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

cyassl: update to wolfSSL version 3.7.0

Browse Source 
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925

The activation of SSLv3 support is needed for curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47791
This commit is contained in:
Hauke Mehrtens 2015-12-05 15:45:31 +00:00
parent e27c8bb156
commit 52df3181c1
4 changed files with 21 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
package/libs/cyassl/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl PKG_NAME:=wolfssl
PKG_VERSION:=3.6.0 PKG_VERSION:=3.7.0
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
PKG_SOURCE_URL:=http://www.wolfssl.com/ PKG_SOURCE_URL:=https://www.wolfssl.com/
PKG_MD5SUM:=fea119ce10c715d3f22514b5b387781e PKG_MD5SUM:=e5a4f69b06b2796806a8cf51f5bd3758
PKG_FIXUP:=libtool PKG_FIXUP:=libtool
PKG_INSTALL:=1 PKG_INSTALL:=1
@ -43,6 +43,7 @@ CONFIGURE_ARGS += \
--enable-opensslextra \ --enable-opensslextra \
--enable-sni \ --enable-sni \
--enable-ecc \ --enable-ecc \
--enable-sslv3 \
--disable-examples --disable-examples
ifneq ($(CONFIG_TARGET_x86),) ifneq ($(CONFIG_TARGET_x86),)

11
package/libs/cyassl/patches/100-respect_cflags.patch
View File

@ -1,11 +0,0 @@
--- a/configure.ac
+++ b/configure.ac
@@ -47,7 +47,7 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION])
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
# if user doesn't override, no way to tell
-USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
+USER_C_EXTRA_FLAGS="$CFLAGS"
LT_PREREQ([2.2])
LT_INIT([disable-static],[win32-dll])

15
package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
View File

@ -1,10 +1,19 @@
--- a/wolfssl/openssl/ssl.h --- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h
@@ -397,6 +397,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR @@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
/* yassl had set the default to be 500 */ /* yassl had set the default to be 500 */
#define SSL_get_default_timeout(ctx) 500 #define SSL_get_default_timeout(ctx) 500
+#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) +#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
+
/* Lighthttp compatability */
#ifdef __cplusplus #ifdef HAVE_LIGHTY
} /* extern "C" */ @@ -483,7 +485,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_
#define SSL_TLSEXT_ERR_NOACK alert_warning
#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME
-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
#define SSL_get_servername wolfSSL_get_servername
#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX
#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback

14
package/libs/cyassl/patches/400-additional_compatibility.patch
View File

@ -1,16 +1,12 @@
--- a/cyassl/openssl/ssl.h --- a/cyassl/openssl/ssl.h
+++ b/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h
@@ -24,4 +24,13 @@ @@ -27,6 +27,9 @@
* #define CYASSL_OPENSSL_H_
*/
+#ifndef CYASSL_OPENSSL_H_ #include <cyassl/ssl.h>
+#define CYASSL_OPENSSL_H_
+
+#include <cyassl/ssl.h>
+#ifndef HAVE_SNI +#ifndef HAVE_SNI
+#undef CYASSL_SNI_HOST_NAME +#undef CYASSL_SNI_HOST_NAME
+#endif +#endif
#include <wolfssl/openssl/ssl.h> #include <wolfssl/openssl/ssl.h>
+
+#endif #endif