git.openwrt.org Git - openwrt/staging/adrian.git/commit

author	Eneas U de Queiroz <cotequeiroz@gmail.com>
	Mon, 5 Aug 2019 14:52:08 +0000 (11:52 -0300)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Sat, 17 Aug 2019 15:00:10 +0000 (17:00 +0200)
commit	b35e1360cd4f1c9cab9aa219decedec99f948982
tree	cd525754423e96995b2613c3ebb425f201d71d20	tree \| snapshot
parent	3809b6662d7a5959c6a8958d7069978db79440d5	commit \| diff

wolfssl: bump to 4.1.0-stable

Always build AES-GCM support.
Unnecessary patches were removed.

This includes two vulnerability fixes:

CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.

This brings the package up-to-date with master, so it incorporates
changes from 4.0.0 in master:
* Removed options that can't be turned off because we're building with
  --enable-stunnel, some of which affect hostapd's Config.in.
* Adjusted the title of OCSP option, as OCSP itself can't be turned off,
  only the stapling part is selectable.
* Mark options turned on when wpad support is selected.
* Add building options for TLS 1.0, and TLS 1.3.
* Add hardware crypto support, which due to a bug, only works when CCM
  support is turned off.
* Reorganized option conditionals in Makefile.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

package/libs/wolfssl/Config.in		diff \| blob \| history
package/libs/wolfssl/Makefile		diff \| blob \| history
package/libs/wolfssl/patches/100-disable-hardening-check.patch		diff \| blob \| history
package/libs/wolfssl/patches/101-AR-flags-configure-update.patch	[deleted file]	blob \| history
package/libs/wolfssl/patches/400-additional_compatibility.patch	[deleted file]	blob \| history
package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch	[deleted file]	blob \| history