[openwrt/openwrt] treewide: fix security issues by bumping all packages using libwolfssl

LEDE Commits lede-commits at lists.infradead.org
Tue Oct 4 01:11:32 PDT 2022 

ynezz pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/562894b39da381264a34ce31e9334c8a036fa139

commit 562894b39da381264a34ce31e9334c8a036fa139
Author: Petr Štetiar <ynezz at true.cz>
AuthorDate: Thu Sep 29 18:45:40 2022 +0200

    treewide: fix security issues by bumping all packages using libwolfssl
    
    As wolfSSL is having hard time maintaining ABI compatibility between
    releases, we need to manually force rebuild of packages depending on
    libwolfssl and thus force their upgrade. Otherwise due to the ABI
    handling we would endup with possibly two libwolfssl libraries in the
    system, including the patched libwolfssl-5.5.1, but still have
    vulnerable services running using the vulnerable libwolfssl-5.4.0.
    
    So in order to propagate update of libwolfssl to latest stable release
    done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
    using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
    exploitable vulnerabilities, we need to bump PKG_RELEASE of all
    packages using wolfSSL library.
    
    Signed-off-by: Petr Štetiar <ynezz at true.cz>
    (cherry picked from commit f1b7e1434f66a3cb09cb9e70b40add354a22e458)
---
 package/libs/ustream-ssl/Makefile         | 2 +-
 package/network/services/hostapd/Makefile | 2 +-
 package/utils/px5g-wolfssl/Makefile       | 2 +-
 package/utils/uencrypt/Makefile           | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile
index 7d9e830381..4f474978db 100644
--- a/package/libs/ustream-ssl/Makefile
+++ b/package/libs/ustream-ssl/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ustream-ssl
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 584695786f..d78d7ff621 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=$(AUTORELEASE).1
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
diff --git a/package/utils/px5g-wolfssl/Makefile b/package/utils/px5g-wolfssl/Makefile
index 95517c5c00..ea805acd8b 100644
--- a/package/utils/px5g-wolfssl/Makefile
+++ b/package/utils/px5g-wolfssl/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g-wolfssl
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=$(COMMITCOUNT).1
 PKG_LICENSE:=GPL-2.0-or-later
 
 PKG_USE_MIPS16:=0
diff --git a/package/utils/uencrypt/Makefile b/package/utils/uencrypt/Makefile
index 77fdf64e0e..dc08f6672a 100644
--- a/package/utils/uencrypt/Makefile
+++ b/package/utils/uencrypt/Makefile
@@ -4,7 +4,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uencrypt
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_FLAGS:=nonshared
 PKG_LICENSE:=GPL-2.0-or-later

More information about the lede-commits mailing list