git.librecmc.org Git - librecmc/librecmc.git/commit

author	Hauke Mehrtens <hauke@hauke-m.de>
	Mon, 24 Aug 2020 10:11:29 +0000 (12:11 +0200)
committer	RISCi_ATOM <bob@bobcall.me>
	Thu, 27 Aug 2020 14:42:09 +0000 (10:42 -0400)
commit	e95c913c4ccb34160d3b863c3b257f45cd0e2c7c
tree	7c51d2ca67d8a4abd08ded7d413f56eeaa458944	tree \| snapshot
parent	c80765acd6ee20481742527a41c85e445c542093	commit \| diff

wolfssl: Update to version 4.5.0

This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
  middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
  ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
  are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
  channel attacks are present.
* Leak of private key in the case that PEM format private keys are
  bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
  processed and returned to the application.

Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/

Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255

The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

package/libs/wolfssl/Makefile		diff \| blob \| history
package/libs/wolfssl/patches/100-disable-hardening-check.patch		diff \| blob \| history
package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch	[new file with mode: 0644]	blob