diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2015-12-05 15:45:31 +0000 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2015-12-05 15:45:31 +0000 |
commit | 52df3181c1277a78f8208e1bd942716514f852f5 (patch) | |
tree | ea1c800a554f5c7e12f45d018cac6314715941fc /package | |
parent | e27c8bb15651f8b5dfd5732306e26e6fa8cb0c0a (diff) | |
download | mtk-20170518-52df3181c1277a78f8208e1bd942716514f852f5.zip mtk-20170518-52df3181c1277a78f8208e1bd942716514f852f5.tar.gz mtk-20170518-52df3181c1277a78f8208e1bd942716514f852f5.tar.bz2 |
cyassl: update to wolfSSL version 3.7.0
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925
The activation of SSLv3 support is needed for curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47791
Diffstat (limited to 'package')
4 files changed, 21 insertions, 26 deletions
diff --git a/package/libs/cyassl/Makefile b/package/libs/cyassl/Makefile index 038ef49..2c0bf5f 100644 --- a/package/libs/cyassl/Makefile +++ b/package/libs/cyassl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=3.6.0 +PKG_VERSION:=3.7.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip -PKG_SOURCE_URL:=http://www.wolfssl.com/ -PKG_MD5SUM:=fea119ce10c715d3f22514b5b387781e +PKG_SOURCE_URL:=https://www.wolfssl.com/ +PKG_MD5SUM:=e5a4f69b06b2796806a8cf51f5bd3758 PKG_FIXUP:=libtool PKG_INSTALL:=1 @@ -43,6 +43,7 @@ CONFIGURE_ARGS += \ --enable-opensslextra \ --enable-sni \ --enable-ecc \ + --enable-sslv3 \ --disable-examples ifneq ($(CONFIG_TARGET_x86),) diff --git a/package/libs/cyassl/patches/100-respect_cflags.patch b/package/libs/cyassl/patches/100-respect_cflags.patch deleted file mode 100644 index 94117ae..0000000 --- a/package/libs/cyassl/patches/100-respect_cflags.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -47,7 +47,7 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION]) - - # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even - # if user doesn't override, no way to tell --USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS" -+USER_C_EXTRA_FLAGS="$CFLAGS" - - LT_PREREQ([2.2]) - LT_INIT([disable-static],[win32-dll]) diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch index 00a23fe..4bd078d 100644 --- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch +++ b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch @@ -1,10 +1,19 @@ --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h -@@ -397,6 +397,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR +@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR /* yassl had set the default to be 500 */ #define SSL_get_default_timeout(ctx) 500 +#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) ++ + /* Lighthttp compatability */ - #ifdef __cplusplus - } /* extern "C" */ + #ifdef HAVE_LIGHTY +@@ -483,7 +485,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_ + #define SSL_TLSEXT_ERR_NOACK alert_warning + #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME + +-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name + #define SSL_get_servername wolfSSL_get_servername + #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX + #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch index 07956f1..4d75d98 100644 --- a/package/libs/cyassl/patches/400-additional_compatibility.patch +++ b/package/libs/cyassl/patches/400-additional_compatibility.patch @@ -1,16 +1,12 @@ --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h -@@ -24,4 +24,13 @@ - * - */ +@@ -27,6 +27,9 @@ + #define CYASSL_OPENSSL_H_ -+#ifndef CYASSL_OPENSSL_H_ -+#define CYASSL_OPENSSL_H_ -+ -+#include <cyassl/ssl.h> + #include <cyassl/ssl.h> +#ifndef HAVE_SNI +#undef CYASSL_SNI_HOST_NAME +#endif #include <wolfssl/openssl/ssl.h> -+ -+#endif + + #endif |