Debian Patches

Status for wolfssl/5.5.4-2+deb12u3

Patch Description Author Forwarded Bugs Origin Last update
multi-arch.patch Make header files multi-arch compatible Exclude architecture dependent option HAVE___UINT128 from config.h Felix Lechner no debian
improve-clean-target.patch Fix clean target for repeated builds Felix Lechner <felix.lechner@lease-up.com> no 2017-12-18
dfsg.patch Strike references to removed non-DFSG sources from build files=================================================================== Felix Lechner <felix.lechner@lease-up.com> not-needed
fix-hurd-i386-flags.patch Fix type definition for socklen_t on hurd-i386 Based on http://bugs.mysql.com/bug.php?id=22326 Felix Lechner <felix.lechner@lease-up.com> not-needed 2017-04-22
disable-crl-monitor.patch Disable CRL monitor on all architectures CRL monitor is unavailable on Debian architecture kFreeBSD, causes FTBFS Felix Lechner <felix.lechner@lease-up.com> not-needed debian 2017-04-22
disable-jobserver.patch Disable job server for autopkgtest. The Debian CI system kept showing regressions for using multiple make jobs:
.
FAIL stderr: make[2]: warning: -j3 forced in submake: resetting jobserver mode.
.
Perhaps this will disable the jobserver.
Felix Lechner <felix.lechner@lease-up.com> not-needed
cve-2023-3724.patch add tls extension sanity check Jacob Barthelmeh <jacob@wolfssl.com> no backport, 00f1eddee429ff51390b20caadd2eb6afe51e1aa 2023-05-15
CVE-2025-7394.patch Reseed DRBG in RAND_poll() Josh Holtrop <josh@wolfssl.com> no 2025-06-05
CVE-2026-6331.patch CVE-2026-6331 - require exact HMAC tag length in EVP_DigestVerifyFinal A zero-length or truncated tag passed to wolfSSL_EVP_DigestVerifyFinal() was
accepted, because the length check only rejected oversized tags and an
XMEMCMP() of length zero returns a match. Require the supplied tag length to
equal the MAC length exactly.

===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/0749f20c33516897d8c5e2ab083b855e2d17d665 2026-06-29
CVE-2026-6325.patch CVE-2026-6325 - bound index in SetSuitesHashSigAlgo to prevent OOB write SetSuitesHashSigAlgo() parsed an application-supplied signature-algorithms
list and wrote into the fixed-size suites->hashSigAlgo[WOLFSSL_MAX_SIGALGO]
array without checking the running index, allowing an out-of-bounds write on
an oversized list. Stop once the array would overflow.

===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/f540bb3ddfef89db637809392522247ce3e8200c 2026-06-29
CVE-2026-6678.patch CVE-2026-6678 - fix integer underflow in wc_PKCS7_DecryptOri
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/84fb0f694cfaac4187c0beba4298a4a8a7995235 2026-06-29
CVE-2026-6329.patch CVE-2026-6329 - reject PKCS#12 MAC length mismatch
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/9c304bdc099140ad2fdc41ef2f2602af9768c8a1 2026-06-29
CVE-2026-6731.patch CVE-2026-6731 - apply DNS name constraints to Subject CN when no SAN
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/e7b7fddacb4cc794e5dfc7693586d87a539f5aad 2026-06-29
CVE-2026-6094.patch CVE-2026-6094 - bound encrypted content size in PKCS7 EnvelopedData
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/1397268aa12e2cf3f80c3acfa9b6036b809c08ef 2026-06-29
CVE-2026-6681.patch CVE-2026-6681 - respect caller output buffer size in PKCS7 decode
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/1de4020fe4f3f911641ac0477227249d4dda2157 2026-06-29
CVE-2026-6092.patch CVE-2026-6092 - enforce Encrypt-then-MAC on TLS resumption path
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/af5369636a938faf4a79d1f550d3b206c51fafec 2026-06-29
CVE-2026-55962.patch CVE-2026-55962 - require client cert on outstanding TLS1.3 post-handshake auth
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/f23544f09476d420becdfabd781eec0dd1a9c597 2026-06-29
CVE-2026-55967.patch CVE-2026-55967 - reject AES-GCM cumulative size overflow in streaming update
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/5def276e07e23b7b3b5842afbe526b4d3703ce13 2026-06-29
CVE-2026-6450.patch CVE-2026-6450 - reject CRLs with unrecognized critical extensions
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/857141da35b67a14a580fb26ec57af1efa68a1d9 2026-06-29
CVE-2026-55961.patch CVE-2026-55961 - reject degenerate certs-only PKCS#7 in wolfSSL_PKCS7_verify
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/d382439c7c63c07294cf4fcece0aa56a35399d15 2026-06-29
CVE-2026-7511.patch CVE-2026-7511 - report the verifying cert as the PKCS#7 signer
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/b7f6e77a95bfeda306b22dd34394e49c0a6c8a8c 2026-06-29
CVE-2026-5194.patch CVE-2026-5194 - match cert signature OID to issuer key OID and enforce digest size limits
===================================================================
wolfSSL not-needed debian upstream, https://github.com/wolfSSL/wolfssl/commit/abce5be989ccd0665e2b9445abb856886975dfd1 2026-06-30

All known versions for source package 'wolfssl'

Links