ci: Update dependency wolfSSL/wolfssh to v1.4.17 #13641
Closed
+1
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.4.12
->1.4.17
Release Notes
wolfSSL/wolfssh (wolfSSL/wolfssh)
v1.4.17
Compare Source
Vulnerabilities
authentication in the wolfSSH server code. The added fix filters the
messages that are allowed during different operational states.
Notes
wolfSSH may have a problem with RSA keys. This is due to wolfSSH not
checking on the size of
___uint128_t
. wolfSSH sees the RSA structureas the wrong size. You will have to define
HAVE___UINT128_T
if youknow you have it and are using it in wolfSSL. wolfSSL v5.6.6 exports that
define in options.h when using CMake.
It was never kept up to date, the echoserver did its job as an example and
test server.
New Features
functions to inspect which algorithms are set or are available to use.
re-enabled in the build and is now "soft" disabled, where algorithms using
it can be configured for KEX.
Improvements
SSH connection.
Fixes
v1.4.15
Compare Source
Vulnerabilities
Compromise via Lattices". While the misbehavior described hasn't
been observed in wolfSSH, the fix is now implemented. The RSA signature
is verified before sending to the peer.
Passive SSH Key Compromise via Lattices. Cryptology ePrint Archive,
Report 2023/1711. https://eprint.iacr.org/2023/1711.
Notes
wolfSSH may have a problem with RSA keys. This is due to wolfSSH not
checking on the size of
___uint128_t
. wolfSSH sees the RSA structureas the wrong size. You will have to define
HAVE___UINT128_T
if youknow you have it and are using it in wolfSSL. wolfSSL v5.6.6 exports that
define in options.h when using CMake.
New Features
with the error response
WOLFSSH_USERAUTH_PARTIAL_SUCCESS
.Improvements
won't do it.
updates.
wolfSSH_ReadKey_file()
andwolfSSH_ReadKey_buffer()
handle more encodings.
Fixes
permission constants.
DoReceive()
on some edge failure conditions.allocation functions.
examples.
v1.4.14
Compare Source
New Feature Additions and Improvements
Fixes
v1.4.13
Compare Source
New Feature Additions and Improvements
for more information. (https://www.wolfssl.com/files/ide/I-CUBE-wolfSSH.pack)
Fixes
Vulnerabilities
This is fixed as of this version. The return value of crypt() was not
correctly checked. This issue was introduced in v1.4.11 and only affects
wolfSSHd when using the default authentication callback provided with
wolfSSHd. Anyone using wolfSSHd should upgrade to v1.4.13.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.