From 8f88ac7442c545789e50d89c3a913172547e221d Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 16 Feb 2021 08:35:21 +0700
Subject: [PATCH 1/3] add note about s/mime addition to changelog

---
 ChangeLog.md | 1 +
 README       | 1 +
 README.md    | 1 +
 3 files changed, 3 insertions(+)

diff --git a/ChangeLog.md b/ChangeLog.md
index 3ad61812e..8f811ce20 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -7,6 +7,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
 * Implement RFC 5705: Keying Material Exporters for TLS
 * Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
+* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
 
 ### Fixes
 * Fix to free mutex when cert manager is free’d
diff --git a/README b/README
index bcb072d64..6826ace8e 100644
--- a/README
+++ b/README
@@ -82,6 +82,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
 * Implement RFC 5705: Keying Material Exporters for TLS
 * Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
+* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
 
 ### Fixes
 * Fix to free mutex when cert manager is free’d
diff --git a/README.md b/README.md
index 94bbdf5e5..5d2cc5b93 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
 * Implement RFC 5705: Keying Material Exporters for TLS
 * Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
+* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
 
 ### Fixes
 * Fix to free mutex when cert manager is free’d

From 5f3ee2985c05977100712ed3a342516510d4d02f Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 16 Feb 2021 23:57:47 +0700
Subject: [PATCH 2/3] bump version for development bundles

---
 CMakeLists.txt    |   2 +-
 configure.ac      |   4 ++--
 wolfssl.rc        | Bin 4918 -> 4918 bytes
 wolfssl/version.h |   4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5de39a866..898d4b9e6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -28,7 +28,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 4.7.0 LANGUAGES C)
+project(wolfssl VERSION 4.7.1 LANGUAGES C)
 
 # shared library versioning
 # increment if interfaces have been added, removed or changed
diff --git a/configure.ac b/configure.ac
index dd8a6ac74..542c006a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,7 +7,7 @@
 #
 AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.])
 AC_PREREQ([2.63])
-AC_INIT([wolfssl],[4.7.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[4.7.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
 # The following sets CFLAGS to empty if unset on command line.  We do not
@@ -55,7 +55,7 @@ LT_PREREQ([2.2])
 LT_INIT([disable-static win32-dll])
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=28:0:4
+WOLFSSL_LIBRARY_VERSION=28:1:4
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |
diff --git a/wolfssl.rc b/wolfssl.rc
index cd9a6fa84307591fec1cf667bc753840e9329f8a..6ddc1103cd774cc07e3de64939b993f03df18ee8 100644
GIT binary patch
delta 41
xcmdm{woPrrBo0Qy$&)z@84Wid<p^bAG~6uB`<9W>aI!S7^kg%Bp~YtWEC3Nb3wQtk

delta 41
xcmdm{woPrrBo0P{$&)z@84Wfc<p^bAG}tW7`<9W>V6rr?^kg%Bp~YtWEC3MT3v>Vg

diff --git a/wolfssl/version.h b/wolfssl/version.h
index 3f7d97692..0bc820cbf 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "4.7.0"
-#define LIBWOLFSSL_VERSION_HEX 0x04007000
+#define LIBWOLFSSL_VERSION_STRING "4.7.1"
+#define LIBWOLFSSL_VERSION_HEX 0x04007001
 
 #ifdef __cplusplus
 }

From 3a9d533d2cfbaff3c43b932c27f36a9ed7e7609d Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 17 Feb 2021 00:04:16 +0700
Subject: [PATCH 3/3] update changelog with researchers names, thanks Aina and
 Olivier

---
 ChangeLog.md | 2 +-
 README       | 2 +-
 README.md    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog.md b/ChangeLog.md
index 8f811ce20..3399d02be 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -45,7 +45,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
 
 ### Vulnerabilities
-* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
+* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
 * [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
 * [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
 
diff --git a/README b/README
index 6826ace8e..f3bfd5a40 100644
--- a/README
+++ b/README
@@ -120,7 +120,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
 
 ### Vulnerabilities
-* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
+* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
 * [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
 * [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
 
diff --git a/README.md b/README.md
index 5d2cc5b93..6827ad5f0 100644
--- a/README.md
+++ b/README.md
@@ -123,7 +123,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
 
 ### Vulnerabilities
-* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
+* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
 * [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
 * [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.