From c5ef62a218455f5d60b8f76307784a90a77dda43 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Fri, 8 Apr 2022 10:27:25 -0300 Subject: wolfssl: bump to 5.2.0 Fixes two high-severity vulnerabilities: - CVE-2022-25640: A TLS v1.3 server who requires mutual authentication can be bypassed. If a malicious client does not send the certificate_verify message a client can connect without presenting a certificate even if the server requires one. - CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS v1.3 server can have its certificate heck bypassed. If the sig_algo in the certificate_verify message is different than the certificate message checking may be bypassed. Signed-off-by: Eneas U de Queiroz (cherry picked from commit e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0) --- package/libs/wolfssl/patches/100-disable-hardening-check.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'package/libs/wolfssl/patches/100-disable-hardening-check.patch') diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 79d0d6f759..7e473b390b 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -2346,7 +2346,7 @@ extern void uITRON4_free(void *p) ; +@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ -- cgit v1.2.3