* [Buildroot] [git commit] package/gnutls: security bump to 3.8.3
@ 2024-01-25 21:13 Peter Korsgaard
2024-02-04 22:33 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2024-01-25 21:13 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=b136bed2fd703548610e2ac3e0d54b33128db716
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
see CVE-2024-0553: Fix more timing side-channel inside RSA-PSK key exchange
see CVE-2024-0567: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/gnutls/gnutls.hash | 4 ++--
package/gnutls/gnutls.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/gnutls/gnutls.hash b/package/gnutls/gnutls.hash
index 6ad363f01d..47fb34ea7c 100644
--- a/package/gnutls/gnutls.hash
+++ b/package/gnutls/gnutls.hash
@@ -1,6 +1,6 @@
# Locally calculated after checking pgp signature
-# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.2.tar.xz.sig
-sha256 e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77 gnutls-3.8.2.tar.xz
+# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.3.tar.xz.sig
+sha256 f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e gnutls-3.8.3.tar.xz
# Locally calculated
sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 doc/COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 doc/COPYING.LESSER
diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk
index 3e9987cdce..8a4f3345aa 100644
--- a/package/gnutls/gnutls.mk
+++ b/package/gnutls/gnutls.mk
@@ -6,7 +6,7 @@
# When bumping, make sure *all* --without-libfoo-prefix options are in GNUTLS_CONF_OPTS
GNUTLS_VERSION_MAJOR = 3.8
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).2
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).3
GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
GNUTLS_LICENSE = LGPL-2.1+ (core library)
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [git commit] package/gnutls: security bump to 3.8.3
2024-01-25 21:13 [Buildroot] [git commit] package/gnutls: security bump to 3.8.3 Peter Korsgaard
@ 2024-02-04 22:33 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2024-02-04 22:33 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> commit:
> https://git.buildroot.net/buildroot/commit/?id=b136bed2fd703548610e2ac3e0d54b33128db716
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> see CVE-2024-0553: Fix more timing side-channel inside RSA-PSK key exchange
> see CVE-2024-0567: Fix assertion failure when verifying a certificate
> chain with a cycle of cross signatures
> Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2023.02.x and 2023.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-04 22:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-25 21:13 [Buildroot] [git commit] package/gnutls: security bump to 3.8.3 Peter Korsgaard
2024-02-04 22:33 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox