From patchwork Tue Jan 23 11:26:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7480 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4TK4Yb5QyLz3wyG for ; Tue, 23 Jan 2024 11:26:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4TK4YZ66Z4z2T8; Tue, 23 Jan 2024 11:26:58 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4TK4YZ5Z4Sz30Sr; Tue, 23 Jan 2024 11:26:58 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4TK4YT25WHz30Sp for ; Tue, 23 Jan 2024 11:26:53 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4TK4YT01qPz1jX; Tue, 23 Jan 2024 11:26:52 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1706009213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2ZPwjZ1/6XX7YJ3SVNCUJjrRFl1SDP4JtFqfXjNOnws=; b=XjjDeDoMKPXiI9/CbcOJakxNAECDVUUuaMmF7pqkuD4UmJjbHCP4RyNnnoUXcU8vExRUsA 3KEDgUFGkjeJGkAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1706009213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2ZPwjZ1/6XX7YJ3SVNCUJjrRFl1SDP4JtFqfXjNOnws=; b=wOT2Vp4w5L0fmzQn7d5+TJvpiFd062Hj+kZG0A8rfHU5r1kj3jVb2eBmoQZrsth85HoH7G Bcw7/LiQzx23ibKSDijf5lmaLIc6+KxxmR6dqmFPkPUofebPjnQyVYevq+M7UYTXJF6h8Z 7V05Xjsb7NPCMz8NnmeN4D5pUkAQXFop7ipNB6kUKjvfgrOqsfwThjPxJHK2CGpKhOCHiZ fym8ht/2Uq2G4nvjGjndoCy+xG3s3tsZ6W20hisQ03jgXgHI68qaFjrEJH0VSqfr/z5k4c tdlOW2G/xpsJf+DiFfGnpPHJNLyKmsgpmuf7sVzltfPbF5tXCrOEQA/xlE5lxg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] gnutls: Update to version 3.8.3 Date: Tue, 23 Jan 2024 12:26:40 +0100 Message-ID: <20240123112647.8800-2-adolf.belka@ipfire.org> In-Reply-To: <20240123112647.8800-1-adolf.belka@ipfire.org> References: <20240123112647.8800-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: BOWGU62H2JYVCHIZCNYVNKX3WPAJ64AO X-Message-ID-Hash: BOWGU62H2JYVCHIZCNYVNKX3WPAJ64AO X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 3.8.2 to 3.8.3 - Update of rootfile - Changelog 3.8.3 - libgnutls: Fix more timing side-channel inside RSA-PSK key exchange [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553] - libgnutls: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567] - libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token certtool was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2. Signed-off-by: Adolf Belka --- config/rootfiles/common/gnutls | 2 +- lfs/gnutls | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls index cc6c90194..6cdaeb151 100644 --- a/config/rootfiles/common/gnutls +++ b/config/rootfiles/common/gnutls @@ -32,7 +32,7 @@ usr/lib/libgnutls-dane.so.0.4.1 #usr/lib/libgnutls.la #usr/lib/libgnutls.so usr/lib/libgnutls.so.30 -usr/lib/libgnutls.so.30.37.0 +usr/lib/libgnutls.so.30.37.1 #usr/lib/libgnutlsxx.la #usr/lib/libgnutlsxx.so usr/lib/libgnutlsxx.so.30 diff --git a/lfs/gnutls b/lfs/gnutls index 19f79c6db..39e1d0bd1 100644 --- a/lfs/gnutls +++ b/lfs/gnutls @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.8.2 +VER = 3.8.3 THISAPP = gnutls-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d70524f17919bc02fefc610ede948d209e50e3276fc1e2d40aaed5c208265455da220d948f4a3f21db57f9d253c103f3a1b9a6daa2229d02c7c224448acc2777 +$(DL_FILE)_BLAKE2 = 27a4bb4d8a5697e2187113351b2ad1e849bca7bcfb556c1b54fc2d02bef16e2789e7c437ac8db8fe6d2bcfc0e3e3467bbff2dd5d2fc0adb9bf8bda81cb89e452 install : $(TARGET)