Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. This brings the package up-to-date with master, so it incorporates changes from 4.0.0 in master: * Removed options that can't be turned off because we're building with --enable-stunnel, some of which affect hostapd's Config.in. * Adjusted the title of OCSP option, as OCSP itself can't be turned off, only the stapling part is selectable. * Mark options turned on when wpad support is selected. * Add building options for TLS 1.0, and TLS 1.3. * Add hardware crypto support, which due to a bug, only works when CCM support is turned off. * Reorganized option conditionals in Makefile. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>master
parent
3809b6662d
commit
b35e1360cd
@ -1,23 +0,0 @@ |
||||
From 42eacece82b6375a9f4bab3903a1a39f7d1dd579 Mon Sep 17 00:00:00 2001
|
||||
From: John Safranek <john@wolfssl.com>
|
||||
Date: Tue, 5 Mar 2019 09:26:30 -0800
|
||||
Subject: [PATCH] AR flags configure update In at least one environment the
|
||||
check for particular AR options was failing due to a bash script bug. Deleted
|
||||
an extra pair of parenthesis triggering an arithmetic statement when
|
||||
redundant grouping was desired.
|
||||
|
||||
---
|
||||
configure.ac | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -15,7 +15,7 @@ AC_CONFIG_AUX_DIR([build-aux])
|
||||
: ${CFLAGS=""}
|
||||
|
||||
# Test ar for the "U" option. Should be checked before the libtool macros.
|
||||
-xxx_ar_flags=$((ar --help) 2>&1)
|
||||
+xxx_ar_flags=$(ar --help 2>&1)
|
||||
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
|
||||
|
||||
AC_PROG_CC
|
@ -1,12 +0,0 @@ |
||||
--- a/cyassl/openssl/ssl.h
|
||||
+++ b/cyassl/openssl/ssl.h
|
||||
@@ -28,6 +28,9 @@
|
||||
#define CYASSL_OPENSSL_H_
|
||||
|
||||
#include <cyassl/ssl.h>
|
||||
+#ifndef HAVE_SNI
|
||||
+#undef CYASSL_SNI_HOST_NAME
|
||||
+#endif
|
||||
#include <wolfssl/openssl/ssl.h>
|
||||
|
||||
#endif
|
@ -1,21 +0,0 @@ |
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -4614,7 +4614,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
|
||||
AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
|
||||
|
||||
AX_CREATE_GENERIC_CONFIG
|
||||
-AX_AM_JOBSERVER([yes])
|
||||
|
||||
AC_OUTPUT
|
||||
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -20,8 +20,6 @@ dist_noinst_SCRIPTS =
|
||||
noinst_SCRIPTS =
|
||||
check_SCRIPTS =
|
||||
|
||||
-#includes additional rules from aminclude.am
|
||||
-@INC_AMINCLUDE@
|
||||
DISTCLEANFILES+= aminclude.am
|
||||
|
||||
CLEANFILES+= cert.der \
|
Loading…
Reference in new issue