cyassl: update to wolfSSL version 3.7.0

This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925

The activation of SSLv3 support is needed for curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47791

diff --git a/package/libs/cyassl/Makefile b/package/libs/cyassl/Makefile
index 038ef49ee3156a3b6db240743491c50e204b1e62..2c0bf5f48f41626f5f570252eb0bdc1479cadb2d 100644 (file)
--- a/package/libs/cyassl/Makefile
+++ b/package/libs/cyassl/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=3.6.0
+PKG_VERSION:=3.7.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=http://www.wolfssl.com/
-PKG_MD5SUM:=fea119ce10c715d3f22514b5b387781e
+PKG_SOURCE_URL:=https://www.wolfssl.com/
+PKG_MD5SUM:=e5a4f69b06b2796806a8cf51f5bd3758
 
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
@@ -43,6 +43,7 @@ CONFIGURE_ARGS += \
        --enable-opensslextra \
        --enable-sni \
        --enable-ecc \
+       --enable-sslv3 \
        --disable-examples
 
 ifneq ($(CONFIG_TARGET_x86),)

diff --git a/package/libs/cyassl/patches/100-respect_cflags.patch b/package/libs/cyassl/patches/100-respect_cflags.patch
deleted file mode 100644 (file)
index 94117ae..0000000
--- a/package/libs/cyassl/patches/100-respect_cflags.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -47,7 +47,7 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION])
- 
- # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
- # if user doesn't override, no way to tell
--USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
-+USER_C_EXTRA_FLAGS="$CFLAGS"
- 
- LT_PREREQ([2.2])
- LT_INIT([disable-static],[win32-dll])

diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
index 00a23fe798dbfa7a924f76df86f0ba7020a694db..4bd078da2105a6df5a548df4f4316ecdb3379e00 100644 (file)
--- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
+++ b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
@@ -1,10 +1,19 @@
 --- a/wolfssl/openssl/ssl.h
 +++ b/wolfssl/openssl/ssl.h
-@@ -397,6 +397,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
+@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
  /* yassl had set the default to be 500 */
  #define SSL_get_default_timeout(ctx) 500
  
 +#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
++ 
+ /* Lighthttp compatability */
  
- #ifdef __cplusplus
-     } /* extern "C" */
+ #ifdef HAVE_LIGHTY                       
+@@ -483,7 +485,6 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_
+ #define SSL_TLSEXT_ERR_NOACK                 alert_warning
+ #define TLSEXT_NAMETYPE_host_name            WOLFSSL_SNI_HOST_NAME
+ 
+-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
+ #define SSL_get_servername wolfSSL_get_servername
+ #define SSL_set_SSL_CTX                  wolfSSL_set_SSL_CTX
+ #define SSL_CTX_get_verify_callback      wolfSSL_CTX_get_verify_callback

diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch
index 07956f12096216c6a84dea6d6e0b2caad964e20b..4d75d989066388a5bc7450b37c7a3d606e461bc5 100644 (file)
--- a/package/libs/cyassl/patches/400-additional_compatibility.patch
+++ b/package/libs/cyassl/patches/400-additional_compatibility.patch
@@ -1,16 +1,12 @@
 --- a/cyassl/openssl/ssl.h
 +++ b/cyassl/openssl/ssl.h
-@@ -24,4 +24,13 @@
-  *
-  */
+@@ -27,6 +27,9 @@
+ #define CYASSL_OPENSSL_H_
  
-+#ifndef CYASSL_OPENSSL_H_
-+#define CYASSL_OPENSSL_H_
-+
-+#include <cyassl/ssl.h>
+ #include <cyassl/ssl.h>
 +#ifndef HAVE_SNI
 +#undef CYASSL_SNI_HOST_NAME
 +#endif
  #include <wolfssl/openssl/ssl.h>
-+
-+#endif
+ 
+ #endif