CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
1fa7c7080e
meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb
Gyorgy Sarvari 1fa7c7080e
wolfssl: ignore CVE-2025-11931 and CVE-2025-12889 
NVD claims that WolfSSL 5.8.4 is affected by both of these vulnerabilities,
however actually both have been fixed in that version.

CVE-2025-11931: NVD[1] references [2] PR as a patch, which was merged in [3].
CVE-2025-12889: NVD[4] referenced [5] PR as a patch, which was merged in [6].

[1]: https://nvd.nist.gov/vuln/detail/CVE-2025-11931
[2]: https://github.com/wolfSSL/wolfssl/pull/9223
[3]: e497d28ae1
[4]: https://nvd.nist.gov/vuln/detail/CVE-2025-12889
[5]: https://github.com/wolfSSL/wolfssl/pull/9395
[6]: 2db1c7a522

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-12-24 13:18:25 -08:00

52 lines
1.9 KiB
BlitzBasic
Raw Blame History

SUMMARY = "wolfSSL Lightweight Embedded SSL/TLS Library"
DESCRIPTION = "wolfSSL, formerly CyaSSL, is a lightweight SSL library written \
in C and optimized for embedded and RTOS environments. It can \
be up to 20 times smaller than OpenSSL while still supporting \
a full TLS client and server, up to TLS 1.3"
HOMEPAGE = "https://www.wolfssl.com/products/wolfssl"
BUGTRACKER = "https://github.com/wolfssl/wolfssl/issues"
SECTION = "libs"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
PROVIDES += "cyassl"
RPROVIDES:${PN} = "cyassl"
SRC_URI = " \
git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master;tag=v${PV}-stable \
file://run-ptest \
"
SRCREV = "59f4fa568615396fbf381b073b220d1e8d61e4c2"
inherit autotools ptest
EXTRA_OECONF += "--enable-certreq --enable-dtls --enable-opensslextra --enable-certext --enable-certgen"
PACKAGECONFIG ?= "reproducible-build"
PACKAGECONFIG[reproducible-build] = "--enable-reproducible-build,--disable-reproducible-build,"
BBCLASSEXTEND += "native nativesdk"
CFLAGS += '-fPIC -DCERT_REL_PREFIX=\\"./\\"'
RDEPENDS:${PN}-ptest += " bash"
do_install_ptest() {
# Prevent QA Error "package contains reference to TMPDIR [buildpaths]" for unit.test script
# Replace the occurences of ${B}/src with '${PTEST_PATH}'
sed -i 's|${B}/src|${PTEST_PATH}|g' ${B}/tests/unit.test
install -d ${D}${PTEST_PATH}/test
# create an empty folder examples, needed in wolfssl's tests/api.c to "Test loading path with no files"
install -d ${D}${PTEST_PATH}/examples
cp -rf ${B}/tests/. ${D}${PTEST_PATH}/test
cp -rf ${S}/certs ${D}${PTEST_PATH}
cp -rf ${S}/tests ${D}${PTEST_PATH}
}
CVE_STATUS[CVE-2025-11931] = "fixed-version: The currently used version (5.8.4) contains the fix already."
CVE_STATUS[CVE-2025-12889] = "fixed-version: The currently used version (5.8.4) contains the fix already."
Reference in New Issue View Git Blame Copy Permalink