On Thu, Feb 17, 2022 at 11:51 AM Petr Štetiar <[email protected]> wrote: > > This is amalgamation of backported changes since 4.7.0-stable release: > > Sergey V. Lobanov (2): > > 5b13b0b02c70 wolfssl: update to 5.1.1-stable > 7d376e6e528f libs/wolfssl: add SAN (Subject Alternative Name) support > > Andre Heider (3): > > 3f8adcb215ed wolfssl: remove --enable-sha512 configure switch > 249478ec4850 wolfssl: always build with --enable-reproducible-build > 4b212b1306a9 wolfssl: build with WOLFSSL_ALT_CERT_CHAINS > > Ivan Pavlov (1): > > 16414718f9ae wolfssl: update to 4.8.1-stable > > David Bauer (1): > > f6d8c0cf2b47 wolfssl: always export wc_ecc_set_rng > > Christian Lamparter (1): > > 86801bd3d806 wolfssl: fix Ed25519 typo in config prompt > > The diff of security related changes we would need to backport would be > so huge, that there would be a high probability of introducing new > vulnerabilities, so it was decided, that bumping to latest stable > release is the prefered way for fixing following security issues: > > * OCSP request/response verification issue. (fixed in 4.8.0) > * Incorrectly skips OCSP verification in certain situations CVE-2021-38597 > (fixed in 4.8.1) > * Issue with incorrectly validating a certificate (fixed in 5.0.0) > * Hang with DSA signature creation when a specific q value is used (fixed in > 5.0.0) > * Client side session resumption issue (fixed in 5.1.0) > * Potential for DoS attack on a wolfSSL client CVE-2021-44718 (fixed in > 5.1.0) > * Non-random IV values in certain situations CVE-2022-23408 (fixed in 5.1.1) > > Cc: Hauke Mehrtens <[email protected]> > Cc: Eneas U de Queiroz <[email protected]> > Signed-off-by: Petr Štetiar <[email protected]> > ---
Acked-by: Eneas U de Queiroz <[email protected]> _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
