git.libre-soc.org Git - buildroot.git/commit

author	Fabrice Fontaine <fontaine.fabrice@gmail.com>
	Sun, 1 Aug 2021 13:16:59 +0000 (15:16 +0200)
committer	Yann E. MORIN <yann.morin.1998@free.fr>
	Sun, 1 Aug 2021 14:13:16 +0000 (16:13 +0200)
commit	6427f12bba5f8df06b6ac375d74b3e62f3e086c3
tree	12016e395446b87dc4489623f8388508a3aa2f3d	tree
parent	b966e655b1f868a88251b5b95d8e62a8e4781634	commit \| diff

package/wolfssl: security bump to version 4.8.1

- [High] OCSP verification issue when response is for a certificate with
  no relation to the chain in question BUT that response contains the
  NoCheck extension which effectively disables ALL verification of that
  one cert.
- [Low] OCSP request/response verification issue. In the case that the
  serial number in the OCSP request differs from the serial number in
  the OCSP response the error from the comparison was not resulting in a
  failed verification.
- [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in
  base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier.
  Versions 4.6.0 and up contain a fix and do not need to be updated for
  this report.

https://github.com/wolfSSL/wolfssl/blob/v4.8.1-stable/ChangeLog.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/wolfssl/wolfssl.hash		diff \| blob \| history
package/wolfssl/wolfssl.mk		diff \| blob \| history