SW/openwrt
2
0
Fork 0
forked from Ivasoft/openwrt
Code Pull Requests Activity
Files
ce59843662961049a28033077587cabdc5243b15
openwrt/package/libs
History
Petr Štetiar ce59843662 wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173) 
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb542ec)
2022-10-04 10:11:08 +02:00
..
argp-standalone
argp-standalone: fix compilation with Alpine Linux
2022-03-16 17:58:24 +01:00
elfutils
elfutils: Add missing musl-fts dependency
2022-01-07 20:50:50 -08:00
gettext-full
gettext-full: add gmsgfmt symlink in host install
2022-04-05 00:20:24 +02:00
gmp
gmp: update to 6.2.1
2021-02-14 19:38:15 +01:00
jansson
jansson: Activate link time optimization (LTO)
2020-09-06 20:30:18 +02:00
libaudit
libaudit: add host-build required by policycoreutils/host
2020-09-01 14:24:07 +01:00
libbsd
libbsd: update to 0.10.0
2020-02-22 16:34:57 +01:00
libcap
libcap: Update to version 2.63
2022-02-01 21:25:02 +01:00
libevent2
libevent2: update to 2.1.12
2021-02-14 19:38:15 +01:00
libiconv
libiconv-full
libiconv-full: Makefile polishing
2020-11-26 13:09:32 -10:00
libjson-c
libjson-c: don't build shared host libraries
2021-11-20 21:08:24 +01:00
libmnl
libmnl: fix build when bash is not located at /bin/bash
2022-08-05 15:24:57 +02:00
libnetfilter-conntrack
libnetfilter-conntrack: backport patch fixing compilation with 5.15
2022-03-05 21:05:45 +01:00
libnfnetlink
libnfnetlink: update to 1.0.2
2022-04-10 16:26:01 +01:00
libnftnl
libnftnl: bump to 1.2.1
2021-12-01 00:39:26 +02:00
libnl
libnl-tiny
libnl-tiny: update to the latest version
2021-12-14 22:59:10 +01:00
libpcap
libpcap: fix PKG_CONFIG_DEPENDS for rpcapd
2022-07-20 18:12:52 +02:00
libselinux
libselinux: add missing host-build dependency on libsepol/host
2022-04-10 16:26:01 +01:00
libsemanage
libsemanage: update to version 3.3
2021-10-28 22:15:02 +01:00
libsepol
libsepol: update to version 3.3
2021-10-31 13:01:24 +00:00
libtool
libubox
libubox: update to the latest version
2022-06-07 21:36:58 +02:00
libunwind
libunwind: add ppc64 support
2021-12-21 21:37:05 +02:00
libusb
libusb: fix missing link
2022-06-25 00:05:21 +02:00
mbedtls
mbedtls: update to version 2.28.1
2022-08-28 12:46:44 +02:00
musl-fts
musl-fts: add host build
2022-04-11 23:17:55 +02:00
ncurses
ncurses: update to 6.3
2022-03-19 17:42:29 +01:00
nettle
nettle: disable assembler on ppc64
2021-12-21 21:36:55 +02:00
openssl
openssl: bump to 1.1.1q
2022-07-17 14:28:31 +02:00
pcre
pcre: disable shared libraries for host builds
2022-04-05 00:20:24 +02:00
popt
readline
readline: add host PIC
2022-04-17 21:47:11 +02:00
sysfsutils
toolchain
toolchain: reproducible libstdcpp
2022-04-06 13:59:44 +01:00
uclient
uclient: update to Git version 2021-05-14
2021-05-14 23:40:42 +02:00
ustream-ssl
ustream-ssl: update to Git version 2022-01-16
2022-01-16 21:51:21 +01:00
wolfssl
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)
2022-10-04 10:11:08 +02:00
zlib
zlib: backport null dereference fix
2022-08-09 08:12:46 +02:00