openwrt

mirror of https://github.com/openwrt/openwrt.git synced 2024-12-26 08:51:13 +00:00

History

Hauke Mehrtens 403039c562 wolfssl: Update to version 4.5.0 This fixes the following security problems: * In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. * Denial of service attack on TLS 1.3 servers from repetitively sending ChangeCipherSpecs messages. (CVE-2020-12457) * Potential cache timing attacks on public key operations in builds that are not using SP (single precision). (CVE-2020-15309) * When using SGX with EC scalar multiplication the possibility of side- channel attacks are present. * Leak of private key in the case that PEM format private keys are bundled in with PEM certificates into a single file. * During the handshake, clear application_data messages in epoch 0 are processed and returned to the application. Full changelog: https://www.wolfssl.com/docs/wolfssl-changelog/ Fix a build error on big endian systems by backporting a pull request: https://github.com/wolfSSL/wolfssl/pull/3255 The size of the ipk increases on mips BE by 1.4% old: libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246 new: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit `00722a720c`)	2020-09-02 15:46:42 +02:00
..
100-disable-hardening-check.patch	wolfssl: Update to version 4.5.0	2020-09-02 15:46:42 +02:00
110-fix-build-on-big-endian.patch	wolfssl: Update to version 4.5.0	2020-09-02 15:46:42 +02:00

Hauke Mehrtens 403039c562 wolfssl: Update to version 4.5.0

This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk:	386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk:	391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 00722a720c)

2020-09-02 15:46:42 +02:00

100-disable-hardening-check.patch wolfssl: Update to version 4.5.0 2020-09-02 15:46:42 +02:00

110-fix-build-on-big-endian.patch wolfssl: Update to version 4.5.0 2020-09-02 15:46:42 +02:00