* [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
@ 2026-01-03 20:02 Julien Olivain via buildroot
2026-01-04 10:54 ` Thomas Petazzoni via buildroot
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Julien Olivain via buildroot @ 2026-01-03 20:02 UTC (permalink / raw)
To: buildroot; +Cc: Julien Olivain
For release note, see:
https://dev.gnupg.org/T8001
Signed-off-by: Julien Olivain <ju.o@free.fr>
---
Patch tested in:
https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
---
package/gnupg2/gnupg2.hash | 4 ++--
package/gnupg2/gnupg2.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
index 01060f897b..ee37e6a3af 100644
--- a/package/gnupg2/gnupg2.hash
+++ b/package/gnupg2/gnupg2.hash
@@ -1,5 +1,5 @@
# From https://www.gnupg.org/download/integrity_check.html
-sha1 c704085aa7cc131a67edd0b7c0c90e5c35ee4adb gnupg-2.4.8.tar.bz2
-sha256 b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616 gnupg-2.4.8.tar.bz2
+sha1 d4b76a8de78631b64b8c6f3725ed28dede40bdb4 gnupg-2.4.9.tar.bz2
+sha256 dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964 gnupg-2.4.9.tar.bz2
# Locally calculated
sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
index debf15ef63..d083ea850a 100644
--- a/package/gnupg2/gnupg2.mk
+++ b/package/gnupg2/gnupg2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GNUPG2_VERSION = 2.4.8
+GNUPG2_VERSION = 2.4.9
GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG2_LICENSE = GPL-3.0+
--
2.52.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
2026-01-03 20:02 [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9 Julien Olivain via buildroot
@ 2026-01-04 10:54 ` Thomas Petazzoni via buildroot
2026-01-08 20:31 ` Julien Olivain via buildroot
2026-01-19 9:51 ` Arnout Vandecappelle via buildroot
2 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni via buildroot @ 2026-01-04 10:54 UTC (permalink / raw)
To: Julien Olivain via buildroot; +Cc: Julien Olivain
On Sat, 3 Jan 2026 21:02:29 +0100
Julien Olivain via buildroot <buildroot@buildroot.org> wrote:
> For release note, see:
> https://dev.gnupg.org/T8001
>
> Signed-off-by: Julien Olivain <ju.o@free.fr>
> ---
> Patch tested in:
> https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
> ---
> package/gnupg2/gnupg2.hash | 4 ++--
> package/gnupg2/gnupg2.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
2026-01-03 20:02 [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9 Julien Olivain via buildroot
2026-01-04 10:54 ` Thomas Petazzoni via buildroot
@ 2026-01-08 20:31 ` Julien Olivain via buildroot
2026-01-08 20:49 ` Thomas Perale via buildroot
2026-01-19 9:51 ` Arnout Vandecappelle via buildroot
2 siblings, 1 reply; 5+ messages in thread
From: Julien Olivain via buildroot @ 2026-01-08 20:31 UTC (permalink / raw)
To: Titouan Christophe, Thomas Perale; +Cc: buildroot
Hi Titouan, Thomas,
On 03/01/2026 21:02, Julien Olivain via buildroot wrote:
> For release note, see:
> https://dev.gnupg.org/T8001
>
> Signed-off-by: Julien Olivain <ju.o@free.fr>
> ---
> Patch tested in:
> https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
> ---
> package/gnupg2/gnupg2.hash | 4 ++--
> package/gnupg2/gnupg2.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
> index 01060f897b..ee37e6a3af 100644
> --- a/package/gnupg2/gnupg2.hash
> +++ b/package/gnupg2/gnupg2.hash
> @@ -1,5 +1,5 @@
> # From https://www.gnupg.org/download/integrity_check.html
> -sha1 c704085aa7cc131a67edd0b7c0c90e5c35ee4adb gnupg-2.4.8.tar.bz2
> -sha256
> b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616
> gnupg-2.4.8.tar.bz2
> +sha1 d4b76a8de78631b64b8c6f3725ed28dede40bdb4 gnupg-2.4.9.tar.bz2
> +sha256
> dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964
> gnupg-2.4.9.tar.bz2
> # Locally calculated
> sha256
> bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357
> COPYING
> diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
> index debf15ef63..d083ea850a 100644
> --- a/package/gnupg2/gnupg2.mk
> +++ b/package/gnupg2/gnupg2.mk
> @@ -4,7 +4,7 @@
> #
>
> ################################################################################
>
> -GNUPG2_VERSION = 2.4.8
> +GNUPG2_VERSION = 2.4.9
For your info, this patch is in fact a security bump.
It fixes:
https://www.cve.org/CVERecord?id=CVE-2025-68972
https://www.cve.org/CVERecord?id=CVE-2025-68973
You should consider it for your LTS maintenance.
It was not marked at the time the patch was authored:
https://dev.gnupg.org/T7906
> GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
> GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
> GNUPG2_LICENSE = GPL-3.0+
> --
> 2.52.0
Best regards,
Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
2026-01-08 20:31 ` Julien Olivain via buildroot
@ 2026-01-08 20:49 ` Thomas Perale via buildroot
0 siblings, 0 replies; 5+ messages in thread
From: Thomas Perale via buildroot @ 2026-01-08 20:49 UTC (permalink / raw)
To: Julien Olivain, Titouan Christophe; +Cc: buildroot
Hi Julien,
Thanks for your message, it's noted.
PERALE Thomas
On 1/8/26 9:31 PM, Julien Olivain wrote:
> Hi Titouan, Thomas,
>
> On 03/01/2026 21:02, Julien Olivain via buildroot wrote:
>> For release note, see:
>> https://dev.gnupg.org/T8001
>>
>> Signed-off-by: Julien Olivain <ju.o@free.fr>
>> ---
>> Patch tested in:
>> https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
>> ---
>> package/gnupg2/gnupg2.hash | 4 ++--
>> package/gnupg2/gnupg2.mk | 2 +-
>> 2 files changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
>> index 01060f897b..ee37e6a3af 100644
>> --- a/package/gnupg2/gnupg2.hash
>> +++ b/package/gnupg2/gnupg2.hash
>> @@ -1,5 +1,5 @@
>> # From https://www.gnupg.org/download/integrity_check.html
>> -sha1 c704085aa7cc131a67edd0b7c0c90e5c35ee4adb gnupg-2.4.8.tar.bz2
>> -sha256
>> b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616
>> gnupg-2.4.8.tar.bz2
>> +sha1 d4b76a8de78631b64b8c6f3725ed28dede40bdb4 gnupg-2.4.9.tar.bz2
>> +sha256
>> dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964
>> gnupg-2.4.9.tar.bz2
>> # Locally calculated
>> sha256
>> bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
>> diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
>> index debf15ef63..d083ea850a 100644
>> --- a/package/gnupg2/gnupg2.mk
>> +++ b/package/gnupg2/gnupg2.mk
>> @@ -4,7 +4,7 @@
>> #
>>
>> ################################################################################
>>
>>
>> -GNUPG2_VERSION = 2.4.8
>> +GNUPG2_VERSION = 2.4.9
>
> For your info, this patch is in fact a security bump.
>
> It fixes:
> https://www.cve.org/CVERecord?id=CVE-2025-68972
> https://www.cve.org/CVERecord?id=CVE-2025-68973
>
> You should consider it for your LTS maintenance.
>
> It was not marked at the time the patch was authored:
> https://dev.gnupg.org/T7906
>
>> GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
>> GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
>> GNUPG2_LICENSE = GPL-3.0+
>> --
>> 2.52.0
>
> Best regards,
>
> Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9
2026-01-03 20:02 [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9 Julien Olivain via buildroot
2026-01-04 10:54 ` Thomas Petazzoni via buildroot
2026-01-08 20:31 ` Julien Olivain via buildroot
@ 2026-01-19 9:51 ` Arnout Vandecappelle via buildroot
2 siblings, 0 replies; 5+ messages in thread
From: Arnout Vandecappelle via buildroot @ 2026-01-19 9:51 UTC (permalink / raw)
To: Julien Olivain, buildroot
On 03/01/2026 21:02, Julien Olivain via buildroot wrote:
> For release note, see:
> https://dev.gnupg.org/T8001
>
> Signed-off-by: Julien Olivain <ju.o@free.fr>
As noted by Thomas Petazzoni, it's this one that got applied to 2025.02.x and
2025.11.x, not the 2.5.16 bump. Sorry for the noise.
Regards,
Arnout
> ---
> Patch tested in:
> https://gitlab.com/jolivain/buildroot/-/jobs/12595598071
> ---
> package/gnupg2/gnupg2.hash | 4 ++--
> package/gnupg2/gnupg2.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
> index 01060f897b..ee37e6a3af 100644
> --- a/package/gnupg2/gnupg2.hash
> +++ b/package/gnupg2/gnupg2.hash
> @@ -1,5 +1,5 @@
> # From https://www.gnupg.org/download/integrity_check.html
> -sha1 c704085aa7cc131a67edd0b7c0c90e5c35ee4adb gnupg-2.4.8.tar.bz2
> -sha256 b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616 gnupg-2.4.8.tar.bz2
> +sha1 d4b76a8de78631b64b8c6f3725ed28dede40bdb4 gnupg-2.4.9.tar.bz2
> +sha256 dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964 gnupg-2.4.9.tar.bz2
> # Locally calculated
> sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
> diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
> index debf15ef63..d083ea850a 100644
> --- a/package/gnupg2/gnupg2.mk
> +++ b/package/gnupg2/gnupg2.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -GNUPG2_VERSION = 2.4.8
> +GNUPG2_VERSION = 2.4.9
> GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
> GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
> GNUPG2_LICENSE = GPL-3.0+
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-01-19 9:51 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-03 20:02 [Buildroot] [PATCH 1/1] package/gnupg2: bump to version 2.4.9 Julien Olivain via buildroot
2026-01-04 10:54 ` Thomas Petazzoni via buildroot
2026-01-08 20:31 ` Julien Olivain via buildroot
2026-01-08 20:49 ` Thomas Perale via buildroot
2026-01-19 9:51 ` Arnout Vandecappelle via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox