[Buildroot] [PATCH 1/1] package/wolfssl: security bump to version 4.6.0

Thomas Petazzoni thomas.petazzoni at bootlin.com
Thu Jan 14 21:33:03 UTC 2021


On Thu, 14 Jan 2021 20:48:32 +0100
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:

> - Fix CVE-2020-36177: RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL
>   before 4.6.0 has an out-of-bounds write for certain relationships
>   between key size and digest size.
> - Drop patch (already in version)
> 
> https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
>  ...-available-for-big-and-little-endian.patch | 32 -------------------
>  package/wolfssl/wolfssl.hash                  |  2 +-
>  package/wolfssl/wolfssl.mk                    |  2 +-
>  3 files changed, 2 insertions(+), 34 deletions(-)
>  delete mode 100644 package/wolfssl/0001-Make-ByteReverseWords-available-for-big-and-little-endian.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list