298977887/lede
1
0
Fork 0
mirror of https://github.com/coolsnowwolf/lede.git synced 2025-07-18 05:36:57 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,517 Commits 1 Branch 9 Tags
Commit Graph

4 Commits

Author SHA1 Message Date
breakings
500ccda8fc
wolfssl: bump to 5.2.0 (#9240) 
Fixes two high-severity vulnerabilities:

- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
  can be bypassed.  If a malicious client does not send the
  certificate_verify message a client can connect without presenting a
  certificate even if the server requires one.

- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
  v1.3 server can have its certificate heck bypassed. If the sig_algo in
  the certificate_verify message is different than the certificate
  message checking may be bypassed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
 2022-04-12 12:02:05 +08:00
Beginner
b69728f07d
wolfssl: update to 5.1.1-stable (#8817) 
* libs/wolfssl: add SAN (Subject Alternative Name) support

x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)

It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>

* wolfssl: update to 5.1.1-stable

Bump from 4.8.1-stable to 5.1.1-stable

Detailed release notes: https://github.com/wolfSSL/wolfssl/releases

Upstreamed patches:
001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch -
 fa8f23284d
002-Update-macro-guard-on-SHA256-transform-call.patch -
 f447e4c1fa

Refreshed patches:
100-disable-hardening-check.patch
200-ecc-rng.patch

CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains
configure option

The size of the ipk changed on aarch64 like this:
491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk
520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk

Tested-by: Alozxy <alozxy@users.noreply.github.com>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>

Co-authored-by: Sergey V. Lobanov <sergey@lobanov.in>
 2022-02-04 10:52:39 +08:00
Ivan Pavlov
09b49156bf wolfssl: update to 4.8.1-stable 
Changes from 4.7.0:
  Fix one high (OCSP verification issue) and two low vulnerabilities
  Improve compatibility layer
  Other improvements and fixes

For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
 2021-11-30 00:35:31 +08:00
lean
7a50383ab6 add kernel 5.10 support and sync with upstream 2021-06-14 18:30:08 +08:00