git.librecmc.org Git - librecmc/librecmc.git/commit

author	Eneas U de Queiroz <cotequeiroz@gmail.com>
	Fri, 8 Apr 2022 13:27:25 +0000 (10:27 -0300)
committer	RISCi_ATOM <bob@bobcall.me>
	Tue, 10 May 2022 20:11:13 +0000 (16:11 -0400)
commit	11fc0a08b3a618de6b9a2ebefe72ebdbb437d62d
tree	683c2816f434b2dfbe3b48137cc6cb24b0823f1e	tree \| snapshot
parent	aca8092b80cada45ce9df7a3ffa039fcc7cd9bee	commit \| diff

wolfssl: bump to 5.2.0

Fixes two high-severity vulnerabilities:

- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
  can be bypassed.  If a malicious client does not send the
  certificate_verify message a client can connect without presenting a
  certificate even if the server requires one.

- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
  v1.3 server can have its certificate heck bypassed. If the sig_algo in
  the certificate_verify message is different than the certificate
  message checking may be bypassed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [ABI version change]
(cherry picked from commit e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0)
(cherry picked from commit 2393b09b5906014047a14a79c03292429afcf408)

package/libs/wolfssl/Makefile		diff \| blob \| history
package/libs/wolfssl/patches/100-disable-hardening-check.patch		diff \| blob \| history
package/libs/wolfssl/patches/200-ecc-rng.patch		diff \| blob \| history
package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch		diff \| blob \| history