Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/botan: security update to 3.5.0
@ 2024-08-19 18:39 Waldemar Brodkorb
  2024-08-19 18:57 ` Waldemar Brodkorb
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Waldemar Brodkorb @ 2024-08-19 18:39 UTC (permalink / raw)
  To: buildroot

See here for complete changelogs:
https://botan.randombit.net/news.html#version-3-5-0-2024-07-08
https://botan.randombit.net/news.html#version-3-4-0-2024-04-08

CVE-2024-34702: Fix a DoS caused by excessive name constraints. (GH

CVE-2024-39312: Fix a name constraint processing error, where if
permitted and excluded rules both applied to a certificate, only the
permitted rules would be checked.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
 package/botan/botan.hash | 4 ++--
 package/botan/botan.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/botan/botan.hash b/package/botan/botan.hash
index 37e00ea9cc..d948271900 100644
--- a/package/botan/botan.hash
+++ b/package/botan/botan.hash
@@ -1,4 +1,4 @@
 # From https://botan.randombit.net/releases/sha256sums.txt
-sha256  368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9  Botan-3.3.0.tar.xz
+sha256  67e8dae1ca2468d90de4e601c87d5f31ff492b38e8ab8bcbd02ddf7104ed8a9f  Botan-3.5.0.tar.xz
 # Locally computed
-sha256  1833cde7c7cc03296b1ef2ddc178b1cd7fd1c476840f32cf6aedb09ab0bc9004  license.txt
+sha256  db9168bdccaaea26557094436652577cc9bf43164e8be078d88aef1342fe4fb6  license.txt
diff --git a/package/botan/botan.mk b/package/botan/botan.mk
index e0bd258f57..561e7bf702 100644
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BOTAN_VERSION = 3.3.0
+BOTAN_VERSION = 3.5.0
 BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
 BOTAN_SITE = http://botan.randombit.net/releases
 BOTAN_LICENSE = BSD-2-Clause
-- 
2.30.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/botan: security update to 3.5.0
  2024-08-19 18:39 [Buildroot] [PATCH] package/botan: security update to 3.5.0 Waldemar Brodkorb
@ 2024-08-19 18:57 ` Waldemar Brodkorb
  2024-08-19 20:12 ` Yann E. MORIN
  2024-09-17 21:08 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Waldemar Brodkorb @ 2024-08-19 18:57 UTC (permalink / raw)
  To: Waldemar Brodkorb; +Cc: buildroot

Hi,

I forgot to mention, the License hash changed because the year was
updated from 2023 to 2024.

Waldemar Brodkorb wrote,

> See here for complete changelogs:
> https://botan.randombit.net/news.html#version-3-5-0-2024-07-08
> https://botan.randombit.net/news.html#version-3-4-0-2024-04-08
> 
> CVE-2024-34702: Fix a DoS caused by excessive name constraints. (GH
> 
> CVE-2024-39312: Fix a name constraint processing error, where if
> permitted and excluded rules both applied to a certificate, only the
> permitted rules would be checked.
> 
> Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
> ---
>  package/botan/botan.hash | 4 ++--
>  package/botan/botan.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/botan/botan.hash b/package/botan/botan.hash
> index 37e00ea9cc..d948271900 100644
> --- a/package/botan/botan.hash
> +++ b/package/botan/botan.hash
> @@ -1,4 +1,4 @@
>  # From https://botan.randombit.net/releases/sha256sums.txt
> -sha256  368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9  Botan-3.3.0.tar.xz
> +sha256  67e8dae1ca2468d90de4e601c87d5f31ff492b38e8ab8bcbd02ddf7104ed8a9f  Botan-3.5.0.tar.xz
>  # Locally computed
> -sha256  1833cde7c7cc03296b1ef2ddc178b1cd7fd1c476840f32cf6aedb09ab0bc9004  license.txt
> +sha256  db9168bdccaaea26557094436652577cc9bf43164e8be078d88aef1342fe4fb6  license.txt
> diff --git a/package/botan/botan.mk b/package/botan/botan.mk
> index e0bd258f57..561e7bf702 100644
> --- a/package/botan/botan.mk
> +++ b/package/botan/botan.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -BOTAN_VERSION = 3.3.0
> +BOTAN_VERSION = 3.5.0
>  BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
>  BOTAN_SITE = http://botan.randombit.net/releases
>  BOTAN_LICENSE = BSD-2-Clause
> -- 
> 2.30.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
> 
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/botan: security update to 3.5.0
  2024-08-19 18:39 [Buildroot] [PATCH] package/botan: security update to 3.5.0 Waldemar Brodkorb
  2024-08-19 18:57 ` Waldemar Brodkorb
@ 2024-08-19 20:12 ` Yann E. MORIN
  2024-09-17 21:08 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Yann E. MORIN @ 2024-08-19 20:12 UTC (permalink / raw)
  To: Waldemar Brodkorb; +Cc: buildroot

Waldemar, All,

On 2024-08-19 20:39 +0200, Waldemar Brodkorb spake thusly:
> See here for complete changelogs:
> https://botan.randombit.net/news.html#version-3-5-0-2024-07-08
> https://botan.randombit.net/news.html#version-3-4-0-2024-04-08
> 
> CVE-2024-34702: Fix a DoS caused by excessive name constraints. (GH
> 
> CVE-2024-39312: Fix a name constraint processing error, where if
> permitted and excluded rules both applied to a certificate, only the
> permitted rules would be checked.
> 
> Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>

Applied to master, after adding the license hash explanation you later
provided, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/botan/botan.hash | 4 ++--
>  package/botan/botan.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/botan/botan.hash b/package/botan/botan.hash
> index 37e00ea9cc..d948271900 100644
> --- a/package/botan/botan.hash
> +++ b/package/botan/botan.hash
> @@ -1,4 +1,4 @@
>  # From https://botan.randombit.net/releases/sha256sums.txt
> -sha256  368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9  Botan-3.3.0.tar.xz
> +sha256  67e8dae1ca2468d90de4e601c87d5f31ff492b38e8ab8bcbd02ddf7104ed8a9f  Botan-3.5.0.tar.xz
>  # Locally computed
> -sha256  1833cde7c7cc03296b1ef2ddc178b1cd7fd1c476840f32cf6aedb09ab0bc9004  license.txt
> +sha256  db9168bdccaaea26557094436652577cc9bf43164e8be078d88aef1342fe4fb6  license.txt
> diff --git a/package/botan/botan.mk b/package/botan/botan.mk
> index e0bd258f57..561e7bf702 100644
> --- a/package/botan/botan.mk
> +++ b/package/botan/botan.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -BOTAN_VERSION = 3.3.0
> +BOTAN_VERSION = 3.5.0
>  BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
>  BOTAN_SITE = http://botan.randombit.net/releases
>  BOTAN_LICENSE = BSD-2-Clause
> -- 
> 2.30.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/botan: security update to 3.5.0
  2024-08-19 18:39 [Buildroot] [PATCH] package/botan: security update to 3.5.0 Waldemar Brodkorb
  2024-08-19 18:57 ` Waldemar Brodkorb
  2024-08-19 20:12 ` Yann E. MORIN
@ 2024-09-17 21:08 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2024-09-17 21:08 UTC (permalink / raw)
  To: Waldemar Brodkorb; +Cc: buildroot

>>>>> "Waldemar" == Waldemar Brodkorb <wbx@openadk.org> writes:

 > See here for complete changelogs:
 > https://botan.randombit.net/news.html#version-3-5-0-2024-07-08
 > https://botan.randombit.net/news.html#version-3-4-0-2024-04-08

 > CVE-2024-34702: Fix a DoS caused by excessive name constraints. (GH

 > CVE-2024-39312: Fix a name constraint processing error, where if
 > permitted and excluded rules both applied to a certificate, only the
 > permitted rules would be checked.

 > Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>

Committed to 2024.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-09-17 21:08 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-19 18:39 [Buildroot] [PATCH] package/botan: security update to 3.5.0 Waldemar Brodkorb
2024-08-19 18:57 ` Waldemar Brodkorb
2024-08-19 20:12 ` Yann E. MORIN
2024-09-17 21:08 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox