domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628

Browse Source 
CVE-2018-16870: medium-severity, new variant of the Bleichenbacher
attack to perform downgrade attacks against TLS, which may lead to
leakage of sensible data. Backported from 3.15.7.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack. Backported from 4.1.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
Eneas U de Queiroz
2019-08-05 14:45:41 -03:00
committed by Hauke Mehrtens
parent 09bdc14419
commit 2df2b75208
4 changed files with 665 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch
View File

@@ -1,7 +1,7 @@
--- a/configure.ac
+++ b/configure.ac
@@ -4140,7 +4140,6 @@ AC_CONFIG_FILES([support/wolfssl.pc])
AC_CONFIG_FILES([rpm/spec])
@@ -4198,7 +4198,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
AX_CREATE_GENERIC_CONFIG
-AX_AM_JOBSERVER([yes])