[Buildroot] [PATCH 1/1] package/python-asyncssh: security bump to version 2.14.2

[Buildroot] [PATCH 1/1] package/python-asyncssh: security bump to version 2.14.2

[Fabrice Fontaine]

Implemented "strict kex" support and other countermeasures to protect
against the Terrapin Attack described in CVE-2023-48795

https://github.com/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/blob/v2.14.2/docs/changes.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/python-asyncssh/python-asyncssh.hash | 4 ++--
 package/python-asyncssh/python-asyncssh.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/python-asyncssh/python-asyncssh.hash b/package/python-asyncssh/python-asyncssh.hash
index d72b5329c5..f74cbe9c83 100644
--- a/package/python-asyncssh/python-asyncssh.hash
+++ b/package/python-asyncssh/python-asyncssh.hash
@@ -1,6 +1,6 @@
 # md5, sha256 from https://pypi.org/pypi/asyncssh/json
-md5  4194feb9e0d17a0750f107f3445ff9f7  asyncssh-2.14.1.tar.gz
-sha256  1ac31c333a0d83c88831523245500caa814503423741b0e465339ef6da5b5e29  asyncssh-2.14.1.tar.gz
+md5  3b22a39fa9d638b277c9441187b73c5c  asyncssh-2.14.2.tar.gz
+sha256  e956bf8988d07a06ba3305f6604e261f4ca014c4a232f0873f1c7692fbe3cfc2  asyncssh-2.14.2.tar.gz
 # Locally computed sha256 checksums
 sha256  0becf16567beb77fa252b7664631dd177c8f9a1889e48995b45379c7130e5303  LICENSE
 sha256  68c286b0cf4507bec8922103efe861adb0bd3218003b1ec1b25e2e64bdd76bd3  COPYRIGHT
diff --git a/package/python-asyncssh/python-asyncssh.mk b/package/python-asyncssh/python-asyncssh.mk
index 51e2e1973c..1f6b9d79a2 100644
--- a/package/python-asyncssh/python-asyncssh.mk
+++ b/package/python-asyncssh/python-asyncssh.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-PYTHON_ASYNCSSH_VERSION = 2.14.1
+PYTHON_ASYNCSSH_VERSION = 2.14.2
 PYTHON_ASYNCSSH_SOURCE = asyncssh-$(PYTHON_ASYNCSSH_VERSION).tar.gz
-PYTHON_ASYNCSSH_SITE = https://files.pythonhosted.org/packages/5f/86/59278fefc49ddcc10567e52a8e0e1553fc936584e241d516b5682d55ea17
+PYTHON_ASYNCSSH_SITE = https://files.pythonhosted.org/packages/6c/f9/849f158fe50cdb0b1bf75009861865c9a30c3b5a0d62ad43bb5e00b10feb
 PYTHON_ASYNCSSH_SETUP_TYPE = setuptools
 PYTHON_ASYNCSSH_LICENSE = EPL-2.0 or GPL-2.0+
 PYTHON_ASYNCSSH_LICENSE_FILES = LICENSE COPYRIGHT
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/python-asyncssh: security bump to version 2.14.2

[Thomas Petazzoni via buildroot]

On Mon,  1 Jan 2024 23:15:21 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Implemented "strict kex" support and other countermeasures to protect
> against the Terrapin Attack described in CVE-2023-48795
> 
> https://github.com/advisories/GHSA-hfmc-7525-mj55
> https://github.com/ronf/asyncssh/blob/v2.14.2/docs/changes.rst
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/python-asyncssh/python-asyncssh.hash | 4 ++--
>  package/python-asyncssh/python-asyncssh.mk   | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot