[Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
@ 2026-01-03 20:02 Julien Olivain via buildroot
  2026-01-04 10:54 ` Thomas Petazzoni via buildroot
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Julien Olivain via buildroot @ 2026-01-03 20:02 UTC (permalink / raw)
  To: buildroot; +Cc: Julien Olivain

For release note, see:
https://dev.gnupg.org/T8001

Signed-off-by: Julien Olivain <ju.o@free.fr>
---
Patch tested in:
https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
---
 package/gnupg2/gnupg2.hash | 4 ++--
 package/gnupg2/gnupg2.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
index 01060f897b..ee37e6a3af 100644
--- a/package/gnupg2/gnupg2.hash
+++ b/package/gnupg2/gnupg2.hash
@@ -1,5 +1,5 @@
 # From https://www.gnupg.org/download/integrity_check.html
-sha1  c704085aa7cc131a67edd0b7c0c90e5c35ee4adb  gnupg-2.4.8.tar.bz2
-sha256  b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616  gnupg-2.4.8.tar.bz2
+sha1  d4b76a8de78631b64b8c6f3725ed28dede40bdb4  gnupg-2.4.9.tar.bz2
+sha256  dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964  gnupg-2.4.9.tar.bz2
 # Locally calculated
 sha256  bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357  COPYING
diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
index debf15ef63..d083ea850a 100644
--- a/package/gnupg2/gnupg2.mk
+++ b/package/gnupg2/gnupg2.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GNUPG2_VERSION = 2.4.8
+GNUPG2_VERSION = 2.4.9
 GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
 GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
 GNUPG2_LICENSE = GPL-3.0+
-- 
2.52.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
  2026-01-03 20:02 [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9 Julien Olivain via buildroot
@ 2026-01-04 10:54 ` Thomas Petazzoni via buildroot
  2026-01-08 20:31 ` Julien Olivain via buildroot
  2026-01-19  9:51 ` Arnout Vandecappelle via buildroot
  2 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni via buildroot @ 2026-01-04 10:54 UTC (permalink / raw)
  To: Julien Olivain via buildroot; +Cc: Julien Olivain

On Sat,  3 Jan 2026 21:02:29 +0100
Julien Olivain via buildroot <buildroot@buildroot.org> wrote:

> For release note, see:
> https://dev.gnupg.org/T8001
> 
> Signed-off-by: Julien Olivain <ju.o@free.fr>
> ---
> Patch tested in:
> https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
> ---
>  package/gnupg2/gnupg2.hash | 4 ++--
>  package/gnupg2/gnupg2.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
  2026-01-03 20:02 [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9 Julien Olivain via buildroot
  2026-01-04 10:54 ` Thomas Petazzoni via buildroot
@ 2026-01-08 20:31 ` Julien Olivain via buildroot
  2026-01-08 20:49   ` Thomas Perale via buildroot
  2026-01-19  9:51 ` Arnout Vandecappelle via buildroot
  2 siblings, 1 reply; 5+ messages in thread
From: Julien Olivain via buildroot @ 2026-01-08 20:31 UTC (permalink / raw)
  To: Titouan Christophe, Thomas Perale; +Cc: buildroot

Hi Titouan, Thomas,

On 03/01/2026 21:02, Julien Olivain via buildroot wrote:
> For release note, see:
> https://dev.gnupg.org/T8001
> 
> Signed-off-by: Julien Olivain <ju.o@free.fr>
> ---
> Patch tested in:
> https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
> ---
>  package/gnupg2/gnupg2.hash | 4 ++--
>  package/gnupg2/gnupg2.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
> index 01060f897b..ee37e6a3af 100644
> --- a/package/gnupg2/gnupg2.hash
> +++ b/package/gnupg2/gnupg2.hash
> @@ -1,5 +1,5 @@
>  # From https://www.gnupg.org/download/integrity_check.html
> -sha1  c704085aa7cc131a67edd0b7c0c90e5c35ee4adb  gnupg-2.4.8.tar.bz2
> -sha256  
> b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616  
> gnupg-2.4.8.tar.bz2
> +sha1  d4b76a8de78631b64b8c6f3725ed28dede40bdb4  gnupg-2.4.9.tar.bz2
> +sha256  
> dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964  
> gnupg-2.4.9.tar.bz2
>  # Locally calculated
>  sha256  
> bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357  
> COPYING
> diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
> index debf15ef63..d083ea850a 100644
> --- a/package/gnupg2/gnupg2.mk
> +++ b/package/gnupg2/gnupg2.mk
> @@ -4,7 +4,7 @@
>  #
>  
> ################################################################################
> 
> -GNUPG2_VERSION = 2.4.8
> +GNUPG2_VERSION = 2.4.9

For your info, this patch is in fact a security bump.

It fixes:
https://www.cve.org/CVERecord?id=CVE-2025-68972
https://www.cve.org/CVERecord?id=CVE-2025-68973

You should consider it for your LTS maintenance.

It was not marked at the time the patch was authored:
https://dev.gnupg.org/T7906

>  GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
>  GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
>  GNUPG2_LICENSE = GPL-3.0+
> --
> 2.52.0

Best regards,

Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
  2026-01-08 20:31 ` Julien Olivain via buildroot
@ 2026-01-08 20:49   ` Thomas Perale via buildroot
  0 siblings, 0 replies; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-01-08 20:49 UTC (permalink / raw)
  To: Julien Olivain, Titouan Christophe; +Cc: buildroot

Hi Julien,

Thanks for your message, it's noted.

PERALE Thomas

On 1/8/26 9:31 PM, Julien Olivain wrote:
> Hi Titouan, Thomas,
>
> On 03/01/2026 21:02, Julien Olivain via buildroot wrote:
>> For release note, see:
>> https://dev.gnupg.org/T8001
>>
>> Signed-off-by: Julien Olivain <ju.o@free.fr>
>> ---
>> Patch tested in:
>> https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
>> ---
>>  package/gnupg2/gnupg2.hash | 4 ++--
>>  package/gnupg2/gnupg2.mk   | 2 +-
>>  2 files changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
>> index 01060f897b..ee37e6a3af 100644
>> --- a/package/gnupg2/gnupg2.hash
>> +++ b/package/gnupg2/gnupg2.hash
>> @@ -1,5 +1,5 @@
>>  # From https://www.gnupg.org/download/integrity_check.html
>> -sha1  c704085aa7cc131a67edd0b7c0c90e5c35ee4adb gnupg-2.4.8.tar.bz2
>> -sha256 
>> b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616 
>> gnupg-2.4.8.tar.bz2
>> +sha1  d4b76a8de78631b64b8c6f3725ed28dede40bdb4 gnupg-2.4.9.tar.bz2
>> +sha256 
>> dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964 
>> gnupg-2.4.9.tar.bz2
>>  # Locally calculated
>>  sha256 
>> bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
>> diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
>> index debf15ef63..d083ea850a 100644
>> --- a/package/gnupg2/gnupg2.mk
>> +++ b/package/gnupg2/gnupg2.mk
>> @@ -4,7 +4,7 @@
>>  #
>>
>> ################################################################################ 
>>
>>
>> -GNUPG2_VERSION = 2.4.8
>> +GNUPG2_VERSION = 2.4.9
>
> For your info, this patch is in fact a security bump.
>
> It fixes:
> https://www.cve.org/CVERecord?id=CVE-2025-68972
> https://www.cve.org/CVERecord?id=CVE-2025-68973
>
> You should consider it for your LTS maintenance.
>
> It was not marked at the time the patch was authored:
> https://dev.gnupg.org/T7906
>
>>  GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
>>  GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
>>  GNUPG2_LICENSE = GPL-3.0+
>> -- 
>> 2.52.0
>
> Best regards,
>
> Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
  2026-01-03 20:02 [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9 Julien Olivain via buildroot
  2026-01-04 10:54 ` Thomas Petazzoni via buildroot
  2026-01-08 20:31 ` Julien Olivain via buildroot
@ 2026-01-19  9:51 ` Arnout Vandecappelle via buildroot
  2 siblings, 0 replies; 5+ messages in thread
From: Arnout Vandecappelle via buildroot @ 2026-01-19  9:51 UTC (permalink / raw)
  To: Julien Olivain, buildroot



On 03/01/2026 21:02, Julien Olivain via buildroot wrote:
> For release note, see:
> https://dev.gnupg.org/T8001
> 
> Signed-off-by: Julien Olivain <ju.o@free.fr>

  As noted by Thomas Petazzoni, it's this one that got applied to 2025.02.x and 
2025.11.x, not the 2.5.16 bump. Sorry for the noise.

  Regards,
  Arnout

> ---
> Patch tested in:
> https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
> ---
>   package/gnupg2/gnupg2.hash | 4 ++--
>   package/gnupg2/gnupg2.mk   | 2 +-
>   2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
> index 01060f897b..ee37e6a3af 100644
> --- a/package/gnupg2/gnupg2.hash
> +++ b/package/gnupg2/gnupg2.hash
> @@ -1,5 +1,5 @@
>   # From https://www.gnupg.org/download/integrity_check.html
> -sha1  c704085aa7cc131a67edd0b7c0c90e5c35ee4adb  gnupg-2.4.8.tar.bz2
> -sha256  b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616  gnupg-2.4.8.tar.bz2
> +sha1  d4b76a8de78631b64b8c6f3725ed28dede40bdb4  gnupg-2.4.9.tar.bz2
> +sha256  dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964  gnupg-2.4.9.tar.bz2
>   # Locally calculated
>   sha256  bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357  COPYING
> diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
> index debf15ef63..d083ea850a 100644
> --- a/package/gnupg2/gnupg2.mk
> +++ b/package/gnupg2/gnupg2.mk
> @@ -4,7 +4,7 @@
>   #
>   ################################################################################
>   
> -GNUPG2_VERSION = 2.4.8
> +GNUPG2_VERSION = 2.4.9
>   GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
>   GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
>   GNUPG2_LICENSE = GPL-3.0+

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-01-19  9:51 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-03 20:02 [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9 Julien Olivain via buildroot
2026-01-04 10:54 ` Thomas Petazzoni via buildroot
2026-01-08 20:31 ` Julien Olivain via buildroot
2026-01-08 20:49   ` Thomas Perale via buildroot
2026-01-19  9:51 ` Arnout Vandecappelle via buildroot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.