Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
PUBLIC_REPOS
/
buildroot
spogulis no git://git.buildroot.net/buildroot
2
1
Atdalīts 0
Faili
Pārlūkot izejas kodu

gnupg: security bump to version 1.4.22

Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster".  For details see
<https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

Switch to https site for better firewall compatibility and security.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach 8 gadi atpakaļ
vecāks
10b1273264
revīzija
453ca1d6ad
2 mainītis faili ar 5 papildinājumiem un 6 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 3 4
      package/gnupg/gnupg.hash
  2. 2 2
      package/gnupg/gnupg.mk

+ 3 - 4
package/gnupg/gnupg.hash
Parādīt failu 

@@ -1,4 +1,3 @@
 
-# From https://lists.gnu.org/archive/html/info-gnu/2016-08/msg00008.html
 
-sha1	e3bdb585026f752ae91360f45c28e76e4a15d338	gnupg-1.4.21.tar.bz2
 
-# Locally computed
 
-sha256	6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276	gnupg-1.4.21.tar.bz2
 
+# Locally computed based on signature
 
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.22.tar.bz2.sig
 
+sha256	9594a24bec63a21568424242e3f198b9d9828dea5ff0c335e47b06f835f930b4	gnupg-1.4.22.tar.bz2

+ 2 - 2
package/gnupg/gnupg.mk
Parādīt failu 

@@ -4,9 +4,9 @@
 
 #
 
 ################################################################################
 
 
-GNUPG_VERSION = 1.4.21
 
+GNUPG_VERSION = 1.4.22
 
 GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
 
-GNUPG_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
 
+GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
 
 GNUPG_LICENSE = GPL-3.0+
 
 GNUPG_LICENSE_FILES = COPYING
 
 GNUPG_DEPENDENCIES = zlib ncurses $(if $(BR2_PACKAGE_LIBICONV),libiconv)