[PATCH 19.07] wolfssl: bump to 5.1.1-stable
Hauke Mehrtens
hauke at hauke-m.de
Sun Feb 20 07:42:21 PST 2022
On 2/17/22 15:51, Petr Štetiar wrote:
> This is amalgamation of backported changes since 4.7.0-stable release:
>
> Sergey V. Lobanov (2):
>
> 5b13b0b02c70 wolfssl: update to 5.1.1-stable
> 7d376e6e528f libs/wolfssl: add SAN (Subject Alternative Name) support
>
> Andre Heider (3):
>
> 3f8adcb215ed wolfssl: remove --enable-sha512 configure switch
> 249478ec4850 wolfssl: always build with --enable-reproducible-build
> 4b212b1306a9 wolfssl: build with WOLFSSL_ALT_CERT_CHAINS
>
> Ivan Pavlov (1):
>
> 16414718f9ae wolfssl: update to 4.8.1-stable
>
> David Bauer (1):
>
> f6d8c0cf2b47 wolfssl: always export wc_ecc_set_rng
>
> Christian Lamparter (1):
>
> 86801bd3d806 wolfssl: fix Ed25519 typo in config prompt
>
> The diff of security related changes we would need to backport would be
> so huge, that there would be a high probability of introducing new
> vulnerabilities, so it was decided, that bumping to latest stable
> release is the prefered way for fixing following security issues:
>
> * OCSP request/response verification issue. (fixed in 4.8.0)
> * Incorrectly skips OCSP verification in certain situations CVE-2021-38597 (fixed in 4.8.1)
> * Issue with incorrectly validating a certificate (fixed in 5.0.0)
> * Hang with DSA signature creation when a specific q value is used (fixed in 5.0.0)
> * Client side session resumption issue (fixed in 5.1.0)
> * Potential for DoS attack on a wolfSSL client CVE-2021-44718 (fixed in 5.1.0)
> * Non-random IV values in certain situations CVE-2022-23408 (fixed in 5.1.1)
>
> Cc: Hauke Mehrtens <hauke at hauke-m.de>
> Cc: Eneas U de Queiroz <cotequeiroz at gmail.com>
> Signed-off-by: Petr Štetiar <ynezz at true.cz>
Acked-by: Hauke Mehrtens <hauke at hauke-m.de>
> ---
> package/libs/wolfssl/Config.in | 6 ++-
> package/libs/wolfssl/Makefile | 23 ++++++---
> .../patches/100-disable-hardening-check.patch | 2 +-
> .../patches/110-build-with-libtool-2.4.patch | 13 +++++
> .../libs/wolfssl/patches/200-ecc-rng.patch | 50 +++++++++++++++++++
> 5 files changed, 86 insertions(+), 8 deletions(-)
> create mode 100644 package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch
> create mode 100644 package/libs/wolfssl/patches/200-ecc-rng.patch
>
More information about the openwrt-devel
mailing list