forked from mirror/openwrt
403039c562
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| argp-standalone | ||
| elfutils | ||
| gettext | ||
| gettext-full | ||
| gmp | ||
| libbsd | ||
| libconfig | ||
| libevent2 | ||
| libiconv | ||
| libiconv-full | ||
| libjson-c | ||
| libmnl | ||
| libnetfilter-conntrack | ||
| libnetfilter-cthelper | ||
| libnetfilter-cttimeout | ||
| libnetfilter-log | ||
| libnetfilter-queue | ||
| libnfnetlink | ||
| libnftnl | ||
| libnl | ||
| libnl-tiny | ||
| libpcap | ||
| libroxml | ||
| libtool | ||
| libubox | ||
| libunwind | ||
| libusb | ||
| libusb-compat | ||
| lzo | ||
| mbedtls | ||
| ncurses | ||
| nettle | ||
| nghttp2 | ||
| openssl | ||
| popt | ||
| readline | ||
| sysfsutils | ||
| toolchain | ||
| uclibc++ | ||
| uclient | ||
| ustream-ssl | ||
| wolfssl | ||
| zlib | ||