'[OE-core] [PATCH] gnutls: Upgrade 3.8.2 -> 3.8.3'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core] [PATCH] gnutls: Upgrade 3.8.2 -> 3.8.3
From:       Simone Weiß <simone.p.weiss () posteo ! com>
Date:       2024-01-28 18:47:41
Message-ID: 20240128184741.1446715-1-simone.p.weiss () posteo ! com
[Download RAW message or body]

From: Simone Weiß <simone.p.weiss@posteo.com>

Upgrade version to adress recent CVE findings.

Changelog
=========
** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange
   [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553]

** libgnutls: Fix assertion failure when verifying a certificate chain with a
   cycle of cross signatures
   [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567]

** libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token
   certtool was unable to handle Ed25519 keys generated on PKCS#11
   with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2.

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
---
 .../recipes-support/gnutls/{gnutls_3.8.2.bb => gnutls_3.8.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/gnutls/{gnutls_3.8.2.bb => gnutls_3.8.3.bb} (97%)

diff --git a/meta/recipes-support/gnutls/gnutls_3.8.2.bb b/meta/recipes-support/gnutls/gnutls_3.8.3.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.2.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.3.bb
index 43fb5c4c4e..27d6753be0 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.2.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.3.bb
@@ -25,7 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://Add-ptest-support.patch \
            "
 
-SRC_URI[sha256sum] = "e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77"
+SRC_URI[sha256sum] = "f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
 
-- 
2.39.2



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194450): https://lists.openembedded.org/g/openembedded-core/message/194450
Mute This Topic: https://lists.openembedded.org/mt/104016885/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic