| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| wolfssl-callbacks-sanity-check.patch | PR 5682: CVE-2022-42905 additional sanity checks on debug callback | Jacob Barthelmeh <jacob@wolfssl.com> | not-needed | backport, commit:927f4c445d948f93026d4f884d412b9d70a268c6 | ||
| tls13-cipher-suites.patch | PR 5588: CVE-2022-39173 TLSv1.3 cipher suites . Handle multiple instances of the same cipher suite being in the server's list. Fix client order negotiation of cipher suite when doing pre-shared keys. . wolfSSL_clear: check return from InitSSL_Suites() call. TLS13: check ClientHello cipher suite length is even. Silently remove duplicate cipher suites from user input. Add tests of duplicate cipher suite removal. |
Jacob Barthelmeh <jacob@wolfssl.com> | not-needed | backport, https://github.com/wolfSSL/wolfssl/pull/5588 | ||
| add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch | PR 5498: CVE-2022-42961 Check ECC signature in TLS . Verifying gnerated ECC signature in TLS handshake code to mitigate when an attacker can gain knowledge of the private key through fault injection in the signing process. Requires WOLFSSL_CHECK_SIG_FAULTS to be defined. |
Jacob Barthelmeh <jacob@wolfssl.com> | not-needed | backport, commit:2571f65e85509a22ca2fea9cdee5828b6202b878 | ||
| no-build-path-in-library.patch | Do not store build path in library Storing the build path as part of the '-ffile-prefix-map' option [1] in the library breaks reproducible builds. This patch drops the two strings so that the two involved functions now return NULL. . The consequence of the build option here is somewhat ironic because it was originally intended to improve reproducible builds. [2] . A better solution might be to replace the path with a fixed string like the literal "BUILD_PATH". That would allow a debugging party to recognize that the option was used without rendering the library non-reproducible. . Since Lintian spotted the issue [3], Debian's downstream tooling could likely replace the path with ease, but that would not address related problems in other distributions, such as in NixOS. [4] . Libtool's '.la' file and the 'wolfssl-config' script may also include the build path, but neither ships in Debian. It is furthermore not clear that those files are needed in any distribution that offers dynamic symbol resolution via 'ldd' and automatic build options via 'pkg-config'. It may therefore not be necessary to remove the build path from those files. . [1] https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70268#c7 [3] https://github.com/NixOS/nixpkgs/pull/111687#issuecomment-772694125 [4] https://github.com/NixOS/nixpkgs/pull/111687#issuecomment-773881191 |
Felix Lechner <felix.lechner@lease-up.com> | invalid | 2021-02-10 | ||
| utf8.patch | Convert a source file to UTF-8 encoding. | Felix Lechner <felix.lechner@lease-up.com> | yes | upstream | ||
| multi-arch.patch | Make header files multi-arch compatible Exclude architecture dependent option HAVE___UINT128 from config.h | Felix Lechner | no | debian | ||
| reproducible-build.patch | Make the build reproducible Acceptance of this patch was declined by John Safranek after the conversation documented in the Zendesk support request. The upshot was that, in balance, it is easier to maintain the Debian patch. |
Chris Lamb <lamby@debian.org> | invalid | upstream | 2020-05-14 | |
| improve-clean-target.patch | Fix clean target for repeated builds | Felix Lechner <felix.lechner@lease-up.com> | no | 2017-12-18 | ||
| dfsg.patch | Strike references to removed non-DFSG sources from build files | Felix Lechner <felix.lechner@lease-up.com> | not-needed | |||
| fix-hurd-i386-flags.patch | Fix type definition for socklen_t on hurd-i386 Based on http://bugs.mysql.com/bug.php?id=22326 | Felix Lechner <felix.lechner@lease-up.com> | no | 2017-04-22 | ||
| turn-off-fastmath-for-amd64.patch | Turn off fastmath for amd64, where it is default Enabling fastmath just for amd64 causes the shared library symbols to become architecture-dependent. |
Felix Lechner <felix.lechner@lease-up.com> | not-needed | |||
| disable-crl-monitor.patch | Disable CRL monitor on all architectures CRL monitor is unavailable on Debian architecture kFreeBSD, causes FTBFS | Felix Lechner <felix.lechner@lease-up.com> | not-needed | debian | 2017-04-22 | |
| disable-jobserver.patch | Disable job server for autopkgtest. The Debian CI system kept showing regressions for using multiple make jobs: . FAIL stderr: make[2]: warning: -j3 forced in submake: resetting jobserver mode. . Perhaps this will disable the jobserver. |
Felix Lechner <felix.lechner@lease-up.com> | not-needed | |||
| cve-2023-3724.patch | =================================================================== | no |