From: Ignat Loskutov <ignat.loskutov@gmail.com>
Date: Tue, 24 Mar 2026 21:50:04 +0000 (+0100)
Subject: wolfssl: update to 5.9.0
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e9531860e698da4094b95860a669c37fa44aa83f;p=thirdparty%2Fopenwrt.git

wolfssl: update to 5.9.0

Release Notes:
https://www.wolfssl.com/wolfssl-5-9-0-released/

Fixes CVEs:
- CVE-2026-3548
- CVE-2026-3549
- CVE-2026-3547
- CVE-2026-2646
- CVE-2026-3849
- CVE-2026-0819
- CVE-2026-1005
- CVE-2026-2645
- CVE-2026-3230
- CVE-2026-3229
- CVE-2026-3579
- CVE-2026-3580
- CVE-2026-3503
- CVE-2026-4159
- CVE-2026-4395

Signed-off-by: Ignat Loskutov <ignat.loskutov@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22595
Signed-off-by: Nick Hainke <vincent@systemli.org>
---

diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 0ca812157cd..d8899f5a0ac 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.8.4
+PKG_VERSION:=5.9.0
 PKG_REAL_VERSION:=$(PKG_VERSION)-stable
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_REAL_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_REAL_VERSION)
-PKG_HASH:=2b702b7a66b0067bfd284408827b1e59288b357b0dd758d0089c062395f2a522
+PKG_HASH:=6efc62b86f145a5c52bfd62294ca66c20ce85b54e9033f5d7e0ee73eb30306c1
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_REAL_VERSION)
 
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index 7f87b43d3db..7a2674327d4 100644
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -4048,7 +4048,7 @@ extern void uITRON4_free(void *p) ;
+@@ -4122,7 +4122,7 @@ extern void uITRON4_free(void *p) ;
  
  /* warning for not using harden build options (default with ./configure) */
  /* do not warn if big integer support is disabled */