kumquat-buildroot/package/wolfssl/wolfssl.hash

# Locally computed:
sha256  7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c  wolfssl-4.5.0-stable.tar.gz

# Hash for license files:
sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
sha256  b23c1da1f85d699d3288d73c952b4cd02760d23dc1ddc1b221cbb8be82387189  LICENSING
wolfssl: new package The wolfSSL embedded SSL library is a lightweight and portable SSL/TLS library. Tested on Beaglebone Black using a tool called testsuite that comes with wolfssl source code inside the testsuite/ directory. To build it, we have to pass --enable-examples in the configure, and then manually copy the binary to the rootfs. Also, to use this tool, you will we need to copy the certs/* directory to the rootfs. Build-tested with test-pkg script. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-23 17:32:15 +01:00			`# Locally computed:`
package/wolfssl: security bump to version 4.5.0 wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3, 2 side channel attack mitigations, 1 fix for a potential private key leak in a specific use case, 1 fix for DTLS including those 3 CVEs: - Fix CVE-2020-12457: An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. - Fix CVE-2020-15309: An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). - Fix CVE-2020-24585: An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. Also update hash of LICENSING as well as WOLF_LICENSE due to later verbage update with https://github.com/wolfSSL/wolfssl/commit/970391319beb023680eccd0e447e76834dbb4808 https://www.wolfssl.com/docs/security-vulnerabilities/ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> 2020-08-29 09:56:21 +02:00			`sha256 7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c wolfssl-4.5.0-stable.tar.gz`
wolfssl: new package The wolfSSL embedded SSL library is a lightweight and portable SSL/TLS library. Tested on Beaglebone Black using a tool called testsuite that comes with wolfssl source code inside the testsuite/ directory. To build it, we have to pass --enable-examples in the configure, and then manually copy the binary to the rootfs. Also, to use this tool, you will we need to copy the certs/* directory to the rootfs. Build-tested with test-pkg script. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-23 17:32:15 +01:00
			`# Hash for license files:`
package/wolfssl: bump version to 4.4.0 Also change the hash file to separate the fields by two spaces. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> 2020-05-01 12:13:05 +02:00			`sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING`
package/wolfssl: security bump to version 4.5.0 wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3, 2 side channel attack mitigations, 1 fix for a potential private key leak in a specific use case, 1 fix for DTLS including those 3 CVEs: - Fix CVE-2020-12457: An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. - Fix CVE-2020-15309: An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). - Fix CVE-2020-24585: An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. Also update hash of LICENSING as well as WOLF_LICENSE due to later verbage update with https://github.com/wolfSSL/wolfssl/commit/970391319beb023680eccd0e447e76834dbb4808 https://www.wolfssl.com/docs/security-vulnerabilities/ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> 2020-08-29 09:56:21 +02:00			`sha256 b23c1da1f85d699d3288d73c952b4cd02760d23dc1ddc1b221cbb8be82387189 LICENSING`