diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2022-04-08 10:27:25 -0300 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-04-11 21:41:03 +0200 |
| commit | e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0 (patch) | |
| tree | 27df09977248c3782a86a605119d0f20a2da4127 /package/libs/wolfssl/patches/100-disable-hardening-check.patch | |
| parent | c9c2b01b8441195807e8b492c7d3e385e6c6afdc (diff) | |
| download | upstream-e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0.tar.gz upstream-e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0.tar.bz2 upstream-e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0.zip | |
wolfssl: bump to 5.2.0
Fixes two high-severity vulnerabilities:
- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
can be bypassed. If a malicious client does not send the
certificate_verify message a client can connect without presenting a
certificate even if the server requires one.
- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
v1.3 server can have its certificate heck bypassed. If the sig_algo in
the certificate_verify message is different than the certificate
message checking may be bypassed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/wolfssl/patches/100-disable-hardening-check.patch')
| -rw-r--r-- | package/libs/wolfssl/patches/100-disable-hardening-check.patch | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 79d0d6f759..7e473b390b 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -2346,7 +2346,7 @@ extern void uITRON4_free(void *p) ; +@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ |