Message ID | 20240810174645.709425-1-bernd@kuhls.net |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/gnutls: security bump version to 3.8.6 | expand |
On Sat, 10 Aug 2024 19:46:45 +0200 Bernd Kuhls <bernd@kuhls.net> wrote: > Version 3.8.4 fixes CVE-2024-28834 & CVE-2024-28835. > > Release notes: > 3.8.4: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html > 3.8.5: https://lists.gnupg.org/pipermail/gnutls-help/2024-April/004846.html > 3.8.6: https://lists.gnupg.org/pipermail/gnutls-help/2024-July/004848.html > > Signed-off-by: Bernd Kuhls <bernd@kuhls.net> > --- > package/gnutls/gnutls.hash | 4 ++-- > package/gnutls/gnutls.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) Applied to master, thanks. Thomas
>>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes: > Version 3.8.4 fixes CVE-2024-28834 & CVE-2024-28835. > Release notes: > 3.8.4: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html > 3.8.5: https://lists.gnupg.org/pipermail/gnutls-help/2024-April/004846.html > 3.8.6: https://lists.gnupg.org/pipermail/gnutls-help/2024-July/004848.html > Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Committed to 2024.02.x and 2024.05.x, thanks.
diff --git a/package/gnutls/gnutls.hash b/package/gnutls/gnutls.hash index 47fb34ea7c..d9f830ec92 100644 --- a/package/gnutls/gnutls.hash +++ b/package/gnutls/gnutls.hash @@ -1,6 +1,6 @@ # Locally calculated after checking pgp signature -# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.3.tar.xz.sig -sha256 f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e gnutls-3.8.3.tar.xz +# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.6.tar.xz.sig +sha256 2e1588aae53cb32d43937f1f4eca28febd9c0c7aa1734fc5dd61a7e81e0ebcdd gnutls-3.8.6.tar.xz # Locally calculated sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 doc/COPYING sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 doc/COPYING.LESSER diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk index eae017aac2..479922ee5d 100644 --- a/package/gnutls/gnutls.mk +++ b/package/gnutls/gnutls.mk @@ -6,7 +6,7 @@ # When bumping, make sure *all* --without-libfoo-prefix options are in GNUTLS_CONF_OPTS GNUTLS_VERSION_MAJOR = 3.8 -GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).3 +GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).6 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR) GNUTLS_LICENSE = LGPL-2.1+ (core library)
Version 3.8.4 fixes CVE-2024-28834 & CVE-2024-28835. Release notes: 3.8.4: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html 3.8.5: https://lists.gnupg.org/pipermail/gnutls-help/2024-April/004846.html 3.8.6: https://lists.gnupg.org/pipermail/gnutls-help/2024-July/004848.html Signed-off-by: Bernd Kuhls <bernd@kuhls.net> --- package/gnutls/gnutls.hash | 4 ++-- package/gnutls/gnutls.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)