Petr Štetiar 31bb27f35b wolfssl: bump to 5.1.1-stable ...

This is amalgamation of backported changes since 4.7.0-stable release:

 Sergey V. Lobanov (2):

  5b13b0b02c wolfssl: update to 5.1.1-stable
  7d376e6e52 libs/wolfssl: add SAN (Subject Alternative Name) support

 Andre Heider (3):

  3f8adcb215 wolfssl: remove --enable-sha512 configure switch
  249478ec48 wolfssl: always build with --enable-reproducible-build
  4b212b1306 wolfssl: build with WOLFSSL_ALT_CERT_CHAINS

 Ivan Pavlov (1):

  16414718f9 wolfssl: update to 4.8.1-stable

 David Bauer (1):

  f6d8c0cf2b wolfssl: always export wc_ecc_set_rng

 Christian Lamparter (1):

  86801bd3d8 wolfssl: fix Ed25519 typo in config prompt

The diff of security related changes we would need to backport would be
so huge, that there would be a high probability of introducing new
vulnerabilities, so it was decided, that bumping to latest stable
release is the prefered way for fixing following security issues:

 * OCSP request/response verification issue. (fixed in 4.8.0)
 * Incorrectly skips OCSP verification in certain situations CVE-2021-38597 (fixed in 4.8.1)
 * Issue with incorrectly validating a certificate (fixed in 5.0.0)
 * Hang with DSA signature creation when a specific q value is used (fixed in 5.0.0)
 * Client side session resumption issue (fixed in 5.1.0)
 * Potential for DoS attack on a wolfSSL client CVE-2021-44718 (fixed in 5.1.0)
 * Non-random IV values in certain situations CVE-2022-23408 (fixed in 5.1.1)

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

2022-02-21 07:37:57 +01:00

296 B

Raw Permalink Blame History

View Raw