mirror/openwrt
1
0
Fork 0
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2024-10-18 21:48:23 +02:00
Code Issues
3a0232ffd3
openwrt/package/libs
History
Hauke Mehrtens 3a0232ffd3 wolfssl: Update to version 5.7.2 
This fixes multiple security problems:
 * [Medium] CVE-2024-1544
   Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.

 * [Medium] CVE-2024-5288
   A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.

 * [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.

 * [Low] CVE-2024-5991
   In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.

 * [Medium] CVE-2024-5814
   A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.

 * [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.

 * [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.

Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.

Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-15 23:57:44 +02:00
..
argp-standalone
elfutils Revert "elfutils: fix a missing typedef in the last update" 2024-04-15 22:05:24 +02:00
gettext-full gettext-full: update to 0.22.5 2024-04-25 21:33:51 +02:00
gmp
jansson
libbpf libbpf: Update to v1.4.3 2024-06-08 14:21:40 +02:00
libbsd libbsd: update to 0.11.8 2024-01-30 10:39:21 +01:00
libcap
libevent2 libevent2: make cmake use relative imported path 2024-03-13 00:24:43 +00:00
libiconv-full
libjson-c package/libs/libjson-c: fix PKG_CPE_ID 2024-04-27 23:44:20 +02:00
libmd
libmnl
libnetfilter-conntrack
libnfnetlink
libnftnl
libnl
libnl-tiny treewide: update PKG_MIRROR_HASH to zst 2024-04-06 11:24:18 +02:00
libpcap
libselinux
libsemanage libaudit: update to 3.1.4, join with daemon and utils, rename 2024-04-29 00:53:43 +02:00
libsepol
libtool
libtraceevent
libtracefs libtracefs: update to 1.8 2024-01-25 17:31:50 +01:00
libubox treewide: update PKG_MIRROR_HASH to zst 2024-04-06 11:24:18 +02:00
libunistring
libunwind libunwind: add support for loongarch64 2024-05-04 14:14:24 +08:00
libusb
libxml2 libxml2: update to 2.12.6 2024-05-05 21:45:52 +02:00
mbedtls mbedtls: fix build on GCC 14 2024-05-31 10:33:06 +02:00
mpfr
musl-fts
ncurses ncurses: add foot terminfo 2024-07-10 12:53:27 +02:00
nettle
openssl openssl: conditionally disable engine section 2024-06-22 16:31:23 +02:00
pcre2 package/libs/pcre2: fix PKG_CPE_ID 2024-04-27 12:05:43 +02:00
popt
readline readline: override termlib for host 2024-07-10 09:39:32 +02:00
sysfsutils
toolchain libquadmath: Add libquadmath to the toolchain 2024-06-17 13:12:29 +02:00
uclient uclient: update to Git HEAD (2024-04-19) 2024-04-19 20:06:47 +02:00
udebug treewide: update PKG_MIRROR_HASH to zst 2024-04-06 11:24:18 +02:00
ustream-ssl ustream-ssl: update to Git HEAD (2024-04-19) 2024-04-19 18:00:23 +02:00
wolfssl wolfssl: Update to version 5.7.2 2024-07-15 23:57:44 +02:00
zlib zlib: update to 1.3.1 2024-02-02 17:26:29 +01:00