forked from wolfSSL/wolfssl
Merge pull request #3761 from JacobBarthelmeh/Release
update changelog and bump version to 4.7.1 for development bundles
This commit is contained in:
toddouska
GitHub
@@ -28,7 +28,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
|
||||
You must delete them, or cmake will refuse to work.")
|
||||
endif()
|
||||
|
||||
project(wolfssl VERSION 4.7.0 LANGUAGES C)
|
||||
project(wolfssl VERSION 4.7.1 LANGUAGES C)
|
||||
|
||||
# shared library versioning
|
||||
# increment if interfaces have been added, removed or changed
|
||||
|
||||
@@ -7,6 +7,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
||||
* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
|
||||
* Implement RFC 5705: Keying Material Exporters for TLS
|
||||
* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
|
||||
* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
|
||||
|
||||
### Fixes
|
||||
* Fix to free mutex when cert manager is free’d
|
||||
@@ -44,7 +45,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
||||
* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
|
||||
|
||||
### Vulnerabilities
|
||||
* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
|
||||
* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
|
||||
* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
|
||||
* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
|
||||
|
||||
|
||||
3
README
3
README
@@ -82,6 +82,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
||||
* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
|
||||
* Implement RFC 5705: Keying Material Exporters for TLS
|
||||
* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
|
||||
* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
|
||||
|
||||
### Fixes
|
||||
* Fix to free mutex when cert manager is free’d
|
||||
@@ -119,7 +120,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
||||
* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
|
||||
|
||||
### Vulnerabilities
|
||||
* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
|
||||
* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
|
||||
* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
|
||||
* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
|
||||
|
||||
|
||||
@@ -85,6 +85,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
||||
* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
|
||||
* Implement RFC 5705: Keying Material Exporters for TLS
|
||||
* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
|
||||
* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
|
||||
|
||||
### Fixes
|
||||
* Fix to free mutex when cert manager is free’d
|
||||
@@ -122,7 +123,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
||||
* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
|
||||
|
||||
### Vulnerabilities
|
||||
* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
|
||||
* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
|
||||
* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
|
||||
* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
#
|
||||
AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.])
|
||||
AC_PREREQ([2.63])
|
||||
AC_INIT([wolfssl],[4.7.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
|
||||
AC_INIT([wolfssl],[4.7.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
|
||||
AC_CONFIG_AUX_DIR([build-aux])
|
||||
|
||||
# The following sets CFLAGS to empty if unset on command line. We do not
|
||||
@@ -55,7 +55,7 @@ LT_PREREQ([2.2])
|
||||
LT_INIT([disable-static win32-dll])
|
||||
|
||||
#shared library versioning
|
||||
WOLFSSL_LIBRARY_VERSION=28:0:4
|
||||
WOLFSSL_LIBRARY_VERSION=28:1:4
|
||||
# | | |
|
||||
# +------+ | +---+
|
||||
# | | |
|
||||
|
||||
BIN
wolfssl.rc
BIN
wolfssl.rc
Binary file not shown.
@@ -28,8 +28,8 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define LIBWOLFSSL_VERSION_STRING "4.7.0"
|
||||
#define LIBWOLFSSL_VERSION_HEX 0x04007000
|
||||
#define LIBWOLFSSL_VERSION_STRING "4.7.1"
|
||||
#define LIBWOLFSSL_VERSION_HEX 0x04007001
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user