[PATCH] treewide: fix security issues by bumping all packages using libwolfssl

Petr Štetiar ynezz at true.cz
Fri Sep 30 04:30:50 PDT 2022 

As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 package/libs/ustream-ssl/Makefile         | 2 +-
 package/network/services/hostapd/Makefile | 2 +-
 package/utils/px5g-wolfssl/Makefile       | 2 +-
 package/utils/uencrypt/Makefile           | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile
index a5e34a73b444..3181f66c7e6a 100644
--- a/package/libs/ustream-ssl/Makefile
+++ b/package/libs/ustream-ssl/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ustream-ssl
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index e4794968790a..0eb8279453e2 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=$(AUTORELEASE).1
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
diff --git a/package/utils/px5g-wolfssl/Makefile b/package/utils/px5g-wolfssl/Makefile
index 95517c5c00b2..ea805acd8ba7 100644
--- a/package/utils/px5g-wolfssl/Makefile
+++ b/package/utils/px5g-wolfssl/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g-wolfssl
-PKG_RELEASE:=$(COMMITCOUNT)
+PKG_RELEASE:=$(COMMITCOUNT).1
 PKG_LICENSE:=GPL-2.0-or-later
 
 PKG_USE_MIPS16:=0
diff --git a/package/utils/uencrypt/Makefile b/package/utils/uencrypt/Makefile
index 9307f97b6e45..023c84b600b0 100644
--- a/package/utils/uencrypt/Makefile
+++ b/package/utils/uencrypt/Makefile
@@ -4,7 +4,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uencrypt
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_FLAGS:=nonshared
 PKG_LICENSE:=GPL-2.0-or-later

More information about the openwrt-devel mailing list