Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] gnutls: security bump to version 3.5.10
@ 2017-03-06 14:55 Gustavo Zacarias
  2017-03-06 16:46 ` Thomas Petazzoni
  0 siblings, 1 reply; 3+ messages in thread
From: Gustavo Zacarias @ 2017-03-06 14:55 UTC (permalink / raw)
  To: buildroot

Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/gnutls/gnutls.hash | 2 +-
 package/gnutls/gnutls.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/gnutls/gnutls.hash b/package/gnutls/gnutls.hash
index 156d2aa..64b86d7 100644
--- a/package/gnutls/gnutls.hash
+++ b/package/gnutls/gnutls.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	82b10f0c4ef18f4e64ad8cef5dbaf14be732f5095a41cf366b4ecb4050382951	gnutls-3.5.9.tar.xz
+sha256	af443e86ba538d4d3e37c4732c00101a492fe4b56a55f4112ff0ab39dbe6579d	gnutls-3.5.10.tar.xz
diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk
index 932c0fa..be1cf00 100644
--- a/package/gnutls/gnutls.mk
+++ b/package/gnutls/gnutls.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 GNUTLS_VERSION_MAJOR = 3.5
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).9
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).10
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
 GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPLv2.1+ (core library), GPLv3+ (gnutls-openssl library)
-- 
2.10.2

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] gnutls: security bump to version 3.5.10
  2017-03-06 14:55 [Buildroot] [PATCH] gnutls: security bump to version 3.5.10 Gustavo Zacarias
@ 2017-03-06 16:46 ` Thomas Petazzoni
  2017-03-07 15:10   ` Peter Korsgaard
  0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni @ 2017-03-06 16:46 UTC (permalink / raw)
  To: buildroot

Hello,

On Mon,  6 Mar 2017 11:55:06 -0300, Gustavo Zacarias wrote:
> Fixes:
> GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
> memory write in OpenPGP certificate parsing.
> GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
> related to private key parser. No longer allow OpenPGP certificates
> (public keys) to contain private key sub-packets.
> GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
> parsing, that could lead in out-of-memory condition.
> 
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
>  package/gnutls/gnutls.hash | 2 +-
>  package/gnutls/gnutls.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks. Peter: we want this one for LTS I guess.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] gnutls: security bump to version 3.5.10
  2017-03-06 16:46 ` Thomas Petazzoni
@ 2017-03-07 15:10   ` Peter Korsgaard
  0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-03-07 15:10 UTC (permalink / raw)
  To: buildroot

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes:

 > Hello,
 > On Mon,  6 Mar 2017 11:55:06 -0300, Gustavo Zacarias wrote:
 >> Fixes:
 >> GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
 >> memory write in OpenPGP certificate parsing.
 >> GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
 >> related to private key parser. No longer allow OpenPGP certificates
 >> (public keys) to contain private key sub-packets.
 >> GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
 >> parsing, that could lead in out-of-memory condition.
 >> 
 >> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
 >> ---
 >> package/gnutls/gnutls.hash | 2 +-
 >> package/gnutls/gnutls.mk   | 2 +-
 >> 2 files changed, 2 insertions(+), 2 deletions(-)

 > Applied to master, thanks. Peter: we want this one for LTS I guess.

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-03-07 15:10 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-06 14:55 [Buildroot] [PATCH] gnutls: security bump to version 3.5.10 Gustavo Zacarias
2017-03-06 16:46 ` Thomas Petazzoni
2017-03-07 15:10   ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox