[Buildroot] [PATCH v1] package/ntpsec: bump version to 1.2.2a (fixes CVE-2023-4012)

[Buildroot] [PATCH v1] package/ntpsec: bump version to 1.2.2a (fixes CVE-2023-4012)

[Peter Seiderer]

Fixes CVE-2023-4012 (see [1] for details).

[1] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
 package/ntpsec/ntpsec.hash | 2 +-
 package/ntpsec/ntpsec.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/ntpsec/ntpsec.hash b/package/ntpsec/ntpsec.hash
index 44e04b2403..8d98b5c411 100644
--- a/package/ntpsec/ntpsec.hash
+++ b/package/ntpsec/ntpsec.hash
@@ -1,5 +1,5 @@
 # Locally calculated
-sha256  ad45f5b88d08a159bc9f44ecb79e08358d26d3d22bb6c96ab7aaa3734de130e6  ntpsec-NTPsec_1_2_2.tar.bz2
+sha256  ef901df5a05d486563db22f4d0dad3840a3bf5d0a9aceb8c3ecaeb396c67a805  ntpsec-NTPsec_1_2_2a.tar.bz2
 sha256  899261d6eb6c922cf8f051225411f27b738ba0014be18c2eaf6afbf30d421bb1  LICENSES/BSD-2
 sha256  5fe38d8724c53ff4e69f0a3492a368b4a6719700ac16f706efeb01a45c62f2b5  LICENSES/BSD-3
 sha256  9ba9550ad48438d0836ddab3da480b3b69ffa0aac7b7878b5a0039e7ab429411  LICENSES/CC-BY-4.0
diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk
index e612e982ec..f6262cdaca 100644
--- a/package/ntpsec/ntpsec.mk
+++ b/package/ntpsec/ntpsec.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NTPSEC_VERSION = 1.2.2
+NTPSEC_VERSION = 1.2.2a
 NTPSEC_SOURCE = ntpsec-NTPsec_$(subst .,_,$(NTPSEC_VERSION)).tar.bz2
 NTPSEC_SITE = https://gitlab.com/NTPsec/ntpsec/-/archive/NTPsec_$(subst .,_,$(NTPSEC_VERSION))
 NTPSEC_LICENSE = BSD-2-Clause, NTP, BSD-3-Clause, MIT, CC-BY-4.0 (docs)
-- 
2.41.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v1] package/ntpsec: bump version to 1.2.2a (fixes CVE-2023-4012)

[Thomas Petazzoni via buildroot]

Hello Peter,

On Tue,  8 Aug 2023 19:26:25 +0200
Peter Seiderer <ps.report@gmx.net> wrote:

> Fixes CVE-2023-4012 (see [1] for details).
> 
> [1] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a
> 
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>

For security bumps, we like the commit title to be:

	package/ntpsec: security bump to version 1.2.2a

and have the details of which CVE is addressed in the rest of the
commit message.

I fixed that up when applying to master. Thanks!

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v1] package/ntpsec: bump version to 1.2.2a (fixes CVE-2023-4012)

[Peter Seiderer]

Hello Thomas,

On Tue, 8 Aug 2023 20:08:44 +0200, Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:

> Hello Peter,
>
> On Tue,  8 Aug 2023 19:26:25 +0200
> Peter Seiderer <ps.report@gmx.net> wrote:
>
> > Fixes CVE-2023-4012 (see [1] for details).
> >
> > [1] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a
> >
> > Signed-off-by: Peter Seiderer <ps.report@gmx.net>
>
> For security bumps, we like the commit title to be:
>
> 	package/ntpsec: security bump to version 1.2.2a

O.k.

>
> and have the details of which CVE is addressed in the rest of the
> commit message.
>
> I fixed that up when applying to master. Thanks!

Thanks for fixing (and applying)!

Regards,
Peter


>
> Thomas

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v1] package/ntpsec: bump version to 1.2.2a (fixes CVE-2023-4012)

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:

 > Hello Peter,
 > On Tue,  8 Aug 2023 19:26:25 +0200
 > Peter Seiderer <ps.report@gmx.net> wrote:

 >> Fixes CVE-2023-4012 (see [1] for details).
 >> 
 >> [1] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a
 >> 
 >> Signed-off-by: Peter Seiderer <ps.report@gmx.net>

 > For security bumps, we like the commit title to be:

 > 	package/ntpsec: security bump to version 1.2.2a

 > and have the details of which CVE is addressed in the rest of the
 > commit message.

 > I fixed that up when applying to master. Thanks!

Committed to 2023.02.x and 2023.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot