From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@buildroot.org
Subject: [Buildroot] [git commit branch/next] package/wolfssl: security bump to version 4.8.1
Date: Sun, 1 Aug 2021 16:13:16 +0200 [thread overview]
Message-ID: <20210803211026.5810A878C2@busybox.osuosl.org> (raw)
commit: https://git.buildroot.net/buildroot/commit/?id=6427f12bba5f8df06b6ac375d74b3e62f3e086c3
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/next
- [High] OCSP verification issue when response is for a certificate with
no relation to the chain in question BUT that response contains the
NoCheck extension which effectively disables ALL verification of that
one cert.
- [Low] OCSP request/response verification issue. In the case that the
serial number in the OCSP request differs from the serial number in
the OCSP response the error from the comparison was not resulting in a
failed verification.
- [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in
base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier.
Versions 4.6.0 and up contain a fix and do not need to be updated for
this report.
https://github.com/wolfSSL/wolfssl/blob/v4.8.1-stable/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
package/wolfssl/wolfssl.hash | 2 +-
package/wolfssl/wolfssl.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/wolfssl/wolfssl.hash b/package/wolfssl/wolfssl.hash
index 05fee25b6b..9896713ca7 100644
--- a/package/wolfssl/wolfssl.hash
+++ b/package/wolfssl/wolfssl.hash
@@ -1,5 +1,5 @@
# Locally computed:
-sha256 b0e740b31d4d877d540ad50cc539a8873fc41af02bd3091c4357b403f7106e31 wolfssl-4.7.0-stable.tar.gz
+sha256 50db45f348f47e00c93dd244c24108220120cb3cc9d01434789229c32937c444 wolfssl-4.8.1-stable.tar.gz
# Hash for license files:
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/wolfssl/wolfssl.mk b/package/wolfssl/wolfssl.mk
index fe21ddcd4f..d3dce0a401 100644
--- a/package/wolfssl/wolfssl.mk
+++ b/package/wolfssl/wolfssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WOLFSSL_VERSION = 4.7.0-stable
+WOLFSSL_VERSION = 4.8.1-stable
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION))
WOLFSSL_INSTALL_STAGING = YES
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
reply other threads:[~2021-08-04 1:05 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210803211026.5810A878C2@busybox.osuosl.org \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.