From c5ef62a218455f5d60b8f76307784a90a77dda43 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Fri, 8 Apr 2022 10:27:25 -0300 Subject: wolfssl: bump to 5.2.0 Fixes two high-severity vulnerabilities: - CVE-2022-25640: A TLS v1.3 server who requires mutual authentication can be bypassed. If a malicious client does not send the certificate_verify message a client can connect without presenting a certificate even if the server requires one. - CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS v1.3 server can have its certificate heck bypassed. If the sig_algo in the certificate_verify message is different than the certificate message checking may be bypassed. Signed-off-by: Eneas U de Queiroz (cherry picked from commit e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0) --- package/libs/wolfssl/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'package/libs/wolfssl/Makefile') diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 00db9a7712..e8bf252de6 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=5.1.1-stable +PKG_VERSION:=5.2.0-stable PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=d3e0544dbe7e9587c0f6538cdc671b6492663bb7a4281819538abe6c99cdbd92 +PKG_HASH:=409b4646c5f54f642de0e9f3544c3b83de7238134f5b1ff93fb44527bf119d05 PKG_FIXUP:=libtool libtool-abiver PKG_INSTALL:=1 -- cgit v1.2.3