From 9ce6aa9d8d8a1147dcf03cb509cafb5fa7339a91 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Fri, 8 Apr 2022 10:27:25 -0300 Subject: wolfssl: bump to 5.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes two high-severity vulnerabilities: - CVE-2022-25640: A TLS v1.3 server who requires mutual authentication can be bypassed. If a malicious client does not send the certificate_verify message a client can connect without presenting a certificate even if the server requires one. - CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS v1.3 server can have its certificate heck bypassed. If the sig_algo in the certificate_verify message is different than the certificate message checking may be bypassed. Signed-off-by: Eneas U de Queiroz Signed-off-by: Petr Štetiar [ABI version change] (cherry picked from commit e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0) (cherry picked from commit 2393b09b5906014047a14a79c03292429afcf408) --- package/libs/wolfssl/patches/100-disable-hardening-check.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'package/libs/wolfssl/patches/100-disable-hardening-check.patch') diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 79d0d6f759..7e473b390b 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -2346,7 +2346,7 @@ extern void uITRON4_free(void *p) ; +@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ -- cgit v1.2.3