{"id":2223174,"url":"http://patchwork.ozlabs.org/api/patches/2223174/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260414160708.2041081-5-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260414160708.2041081-5-bernd@kuhls.net>","list_archive_url":null,"date":"2026-04-14T16:07:08","name":"[5/5] package/wolfssl: security bump version to 5.9.1","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"716cbdc5082c7260453fd3dac78c75d07618c823","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":{"id":89618,"url":"http://patchwork.ozlabs.org/api/users/89618/?format=json","username":"juju","first_name":"Julien","last_name":"Olivain","email":"juju@cotds.org"},"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260414160708.2041081-5-bernd@kuhls.net/mbox/","series":[{"id":499864,"url":"http://patchwork.ozlabs.org/api/series/499864/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=499864","date":"2026-04-14T16:07:05","name":"[1/5] package/strongswan: remove unneeded wolfSSL fix","version":1,"mbox":"http://patchwork.ozlabs.org/series/499864/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2223174/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2223174/checks/","tags":{},"related":[],"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=aISCZmNp;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.136; helo=smtp3.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fw8M14wCnz1y2d\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Wed, 15 Apr 2026 02:07:57 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 6C4CD61B47;\n\tTue, 14 Apr 2026 16:07:55 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id UfvB3Gq7lC1f; Tue, 14 Apr 2026 16:07:54 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id D5AA161B7E;\n\tTue, 14 Apr 2026 16:07:53 +0000 (UTC)","from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n by lists1.osuosl.org (Postfix) with ESMTP id 03FD3283\n for <buildroot@buildroot.org>; Tue, 14 Apr 2026 16:07:52 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id DDCEF40088\n for <buildroot@buildroot.org>; Tue, 14 Apr 2026 16:07:51 +0000 (UTC)","from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 9K7BB2nXb53m for <buildroot@buildroot.org>;\n Tue, 14 Apr 2026 16:07:51 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp2.osuosl.org (Postfix) with ESMTPS id CAF1D40055\n for <buildroot@buildroot.org>; Tue, 14 Apr 2026 16:07:50 +0000 (UTC)","from fli4l.lan.fli4l (p54a1be9a.dip0.t-ipconnect.de\n [84.161.190.154])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 743D1A4C059A;\n Tue, 14 Apr 2026 18:07:15 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:48116)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.1)\n (envelope-from <bernd@kuhls.net>) id 1wCgI8-000000003ZX-2HuN;\n Tue, 14 Apr 2026 16:07:08 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp3.osuosl.org D5AA161B7E","OpenDKIM Filter v2.11.0 smtp2.osuosl.org CAF1D40055"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776182873;\n\tbh=1tf8sRsFybMVy5jWFM0ewoQYNe6Okj+4uIyqIBd7VoU=;\n\th=From:To:Cc:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t From;\n\tb=aISCZmNpjp9jhjPFTa2lD/Tlmr9695Y7BPkGUe3ziRAExiVm6lxJLwQSxvnjjGXkG\n\t SaHVMyW5zR89JnSvyhHa694mLLLM6wY9KBeEZc8V3gqN/K1kr7JYgU0GVZ+qglLk2m\n\t AAMts/bU+HN3zeiWjBlpRNMPA/nMEyQWYpDi83r34n/oCPW46Q3xdXhF5LNeo6Y7Kr\n\t lTEs/3wAVTVSFFVNc3qfKFX5nL0z/4RJbw56wPfVMfHJAo+w0yVAednOE478Cfh5z/\n\t zLxBU0HBA4Ru+XzilxXht1zlqXjbFE6Sgg73D/JT5LXYIE47CQL3x/tsZtbjf71s0/\n\t K9Xq66daJVxbg==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp2.osuosl.org CAF1D40055","From":"Bernd Kuhls <bernd@kuhls.net>","To":"buildroot@buildroot.org","Cc":"Dimitar Tomov <dimi@tpm.dev>,\n =?utf-8?b?SsOpcsO0bWUgUG91aWxsZXI=?= <jezz@sysmic.org>,\n Sergio Prado <sergio.prado@e-labworks.com>","Date":"Tue, 14 Apr 2026 18:07:08 +0200","Message-ID":"<20260414160708.2041081-5-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","In-Reply-To":"<20260414160708.2041081-1-bernd@kuhls.net>","References":"<20260414160708.2041081-1-bernd@kuhls.net>","MIME-Version":"1.0","X-Spamd-Bar":"/","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1776182835;\n bh=5NAYi1ZTEPIBo/6grVYO8NATZKQG0mLW0Bt03MHQmjw=;\n h=From:To:Cc:Subject:Date:In-Reply-To:From;\n b=q8im5fJF3+RsTMmtOtOSx3TC+wonUdfGG7zmn9ditlmXIhgHJ3Lkk40enrtFvXqYE\n A6moWv2Y82KKCHhg6u/hdxixP2nsnLyCFc96IiZkMIJwMZu3+rTCoHv4GPlY57OM77\n fg7rCcWWcHi+7LQ+r71dm4kChL05zFQ7fObxDnvMzPoqTx7LfnxbAZEEUpsPSYTv6l\n ml0lLM9hKvhvW1VFT2hSNS7a533wZ66cgWwbV7/axHNhULhRb1kaPdw/sT/zH7BNzm\n 6Qhr7rxncZgrMeOe7sNpWHCX2+OdHE0SMHRA1Gkgp4zzfhKBXVzv0RjHznEfvG1bWb\n cl2ydFEB1KcKg==","X-Mailman-Original-Authentication-Results":["smtp2.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp2.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=q8im5fJF"],"Subject":"[Buildroot] [PATCH 5/5] package/wolfssl: security bump version to\n 5.9.1","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"https://github.com/wolfSSL/wolfssl/blob/v5.9.1-stable/ChangeLog.md\n\nRestored patch 0001 to its original state.\n\nUpdated license hashes due to upstream commits:\n\n\"updating license from GPLv2 to GPLv3\"\nhttps://github.com/wolfSSL/wolfssl/commit/629c5b4cf61ac717d40678b5cd65974b42077af6\n\n\"Add GPLv2 exception list to LICENSING\"\nhttps://github.com/wolfSSL/wolfssl/commit/e02de78507778128d989febb54086f343307a47d\n\nwith various follow-up commits:\nhttps://github.com/wolfSSL/wolfssl/commit/0d49df7735316cdcf9ddb5a145ea6269b11364b6\nhttps://github.com/wolfSSL/wolfssl/commit/32d33f2a53d9a15b49694f12205dee8c0199db9d\nhttps://github.com/wolfSSL/wolfssl/commit/1e9d71af429218f1cd03ec9e21ca89470119462a\nhttps://github.com/wolfSSL/wolfssl/commit/18332faa054b58e4fe4673c041b2fbfd379247a7\n\nFixes the following CVEs:\n\n* [High] CVE-2026-5264\n* [High] CVE-2026-5263\n* [High] CVE-2026-5295\n* [High] CVE-2026-5466\n* [High] CVE-2026-5477\n* [High] CVE-2026-5447\n* [High] CVE-2026-5500\n* [High] CVE-2026-5501\n* [High] CVE-2026-5503\n* [Low] CVE-2026-5187\n* [Low] CVE-2026-5188\n* [Low] CVE-2026-5448\n* [Low] CVE-2026-5772\n* [Low] CVE-2026-5778\n* [High] CVE-2026-3548\n* [High] CVE-2026-3549\n* [High] CVE-2026-3547\n* [Low] CVE-2026-0819\n* [Low] CVE-2026-1005\n* [Low] CVE-2026-2645\n* [Low] CVE-2026-3230\n* [Low] CVE-2025-12888\n* [Med.] CVE-2025-11936\n* [Low] CVE-2025-11935\n* [Low] CVE-2025-11934\n* [Low] CVE-2025-11933\n* [Low] CVE-2025-11931\n* [Low] CVE-2025-11932\n* [Low] CVE-2025-12889\n* [Low] CVE-2025-13912\n* [High] CVE-2025-7395\n* [Med.] CVE-2025-7394\n* [Low] CVE-2025-7396\n\nSigned-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n ...E_LIMITS_H-in-options.h-rather-than-config.patch | 13 ++++++-------\n package/wolfssl/wolfssl.hash                        |  6 +++---\n package/wolfssl/wolfssl.mk                          |  4 ++--\n 3 files changed, 11 insertions(+), 12 deletions(-)","diff":"diff --git a/package/wolfssl/0001-Define-HAVE_LIMITS_H-in-options.h-rather-than-config.patch b/package/wolfssl/0001-Define-HAVE_LIMITS_H-in-options.h-rather-than-config.patch\nindex 67f9672c2a..0599f9d615 100644\n--- a/package/wolfssl/0001-Define-HAVE_LIMITS_H-in-options.h-rather-than-config.patch\n+++ b/package/wolfssl/0001-Define-HAVE_LIMITS_H-in-options.h-rather-than-config.patch\n@@ -7,7 +7,6 @@ Subject: [PATCH] Define HAVE_LIMITS_H in options.h rather than config.h since\n \n Upstream: https://github.com/wolfSSL/wolfssl/pull/10097\n \n-[Bernd: rebased for 5.7.2]\n Signed-off-by: Bernd Kuhls <bernd@kuhls.net>\n ---\n  cmake/config.in    | 3 ---\n@@ -33,7 +32,7 @@ diff --git a/cmake/options.h.in b/cmake/options.h.in\n index 985b54241d6..c46ada8045d 100644\n --- a/cmake/options.h.in\n +++ b/cmake/options.h.in\n-@@ -31,6 +31,9 @@ extern \"C\" {\n+@@ -33,6 +33,9 @@ extern \"C\" {\n  #endif\n  \n  #ifndef WOLFSSL_OPTIONS_IGNORE_SYS\n@@ -47,12 +46,12 @@ diff --git a/configure.ac b/configure.ac\n index bce600f2ecc..c5cf9f320c7 100644\n --- a/configure.ac\n +++ b/configure.ac\n-@@ -116,7 +116,9 @@\n-     AM_CCASFLAGS=\"$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS\"\n- fi\n+@@ -185,7 +185,9 @@ AC_ARG_ENABLE([freebsdkm-crypto-register],\n+     [ENABLED_BSDKM_REGISTER=no]\n+     )\n  \n--AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h])\n-+AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h])\n+-AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])\n++AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])\n +# Special case: Since types.h depends on HAVE_LIMITS_H, we must define it in options.h.\n +AC_CHECK_HEADER([limits.h], [AM_CPPFLAGS=\"$AM_CPPFLAGS -DHAVE_LIMITS_H=1\"], [])\n  AC_CHECK_LIB([network],[socket])\ndiff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash\nindex 9a1e8bfd4a..e1ecd5f98a 100644\n--- a/package/wolfssl/wolfssl.hash\n+++ b/package/wolfssl/wolfssl.hash\n@@ -1,6 +1,6 @@\n # Locally computed:\n-sha256  0f2ed82e345b833242705bbc4b08a2a2037a33f7bf9c610efae6464f6b10e305  wolfssl-5.7.2.tar.gz\n+sha256  d5ca7af48cd2d9a91d539e9baedeba55a0605a28d7ac8b01dc3d5254a13ca341  wolfssl-5.9.1.tar.gz\n \n # Hash for license files:\n-sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING\n-sha256  b23c1da1f85d699d3288d73c952b4cd02760d23dc1ddc1b221cbb8be82387189  LICENSING\n+sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING\n+sha256  84f8096dc7f70cdb6075ccf3722a44654361063eaf3e1ce7885c9875b8465a63  LICENSING\ndiff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk\nindex 91ab7ca08a..44f51e06e6 100644\n--- a/package/wolfssl/wolfssl.mk\n+++ b/package/wolfssl/wolfssl.mk\n@@ -4,11 +4,11 @@\n #\n ################################################################################\n \n-WOLFSSL_VERSION = 5.7.2\n+WOLFSSL_VERSION = 5.9.1\n WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION)-stable)\n WOLFSSL_INSTALL_STAGING = YES\n \n-WOLFSSL_LICENSE = GPL-2.0+\n+WOLFSSL_LICENSE = GPL-3.0+\n WOLFSSL_LICENSE_FILES = COPYING LICENSING\n WOLFSSL_CPE_ID_VENDOR = wolfssl\n WOLFSSL_CONFIG_SCRIPTS = wolfssl-config\n","prefixes":["5/5"]}