[Buildroot] [PATCH 1/1] package/gnutls: security bump version to 3.8.6

[Buildroot] [PATCH 1/1] package/gnutls: security bump version to 3.8.6

[Bernd Kuhls]

Version 3.8.4 fixes CVE-2024-28834 & CVE-2024-28835.

Release notes:
3.8.4: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
3.8.5: https://lists.gnupg.org/pipermail/gnutls-help/2024-April/004846.html
3.8.6: https://lists.gnupg.org/pipermail/gnutls-help/2024-July/004848.html

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/gnutls/gnutls.hash | 4 ++--
 package/gnutls/gnutls.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/gnutls/gnutls.hash b/package/gnutls/gnutls.hash
index 47fb34ea7c..d9f830ec92 100644
--- a/package/gnutls/gnutls.hash
+++ b/package/gnutls/gnutls.hash
@@ -1,6 +1,6 @@
 # Locally calculated after checking pgp signature
-# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.3.tar.xz.sig
-sha256  f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e  gnutls-3.8.3.tar.xz
+# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.6.tar.xz.sig
+sha256  2e1588aae53cb32d43937f1f4eca28febd9c0c7aa1734fc5dd61a7e81e0ebcdd  gnutls-3.8.6.tar.xz
 # Locally calculated
 sha256  3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986  doc/COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  doc/COPYING.LESSER
diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk
index eae017aac2..479922ee5d 100644
--- a/package/gnutls/gnutls.mk
+++ b/package/gnutls/gnutls.mk
@@ -6,7 +6,7 @@
 
 # When bumping, make sure *all* --without-libfoo-prefix options are in GNUTLS_CONF_OPTS
 GNUTLS_VERSION_MAJOR = 3.8
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).3
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).6
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
 GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPL-2.1+ (core library)
-- 
2.39.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/gnutls: security bump version to 3.8.6

[Thomas Petazzoni via buildroot]

On Sat, 10 Aug 2024 19:46:45 +0200
Bernd Kuhls <bernd@kuhls.net> wrote:

> Version 3.8.4 fixes CVE-2024-28834 & CVE-2024-28835.
> 
> Release notes:
> 3.8.4: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
> 3.8.5: https://lists.gnupg.org/pipermail/gnutls-help/2024-April/004846.html
> 3.8.6: https://lists.gnupg.org/pipermail/gnutls-help/2024-July/004848.html
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
> ---
>  package/gnutls/gnutls.hash | 4 ++--
>  package/gnutls/gnutls.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/gnutls: security bump version to 3.8.6

[Peter Korsgaard]

>>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes:

 > Version 3.8.4 fixes CVE-2024-28834 & CVE-2024-28835.
 > Release notes:
 > 3.8.4: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
 > 3.8.5: https://lists.gnupg.org/pipermail/gnutls-help/2024-April/004846.html
 > 3.8.6: https://lists.gnupg.org/pipermail/gnutls-help/2024-July/004848.html

 > Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Committed to 2024.02.x and 2024.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot