[1/1] package/putty: security bump version to 0.74

Message ID	20200630054929.439626-1-bernd.kuhls@t-online.de
State	Accepted
Headers	show Return-Path: <buildroot-bounces@busybox.net> From: Bernd Kuhls <bernd.kuhls@t-online.de> To: buildroot@buildroot.org Date: Tue, 30 Jun 2020 07:49:29 +0200 Message-Id: <20200630054929.439626-1-bernd.kuhls@t-online.de> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/putty: security bump version to 0.74 Precedence: list Cc: Alexander Dahl <post@lespocky.de> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>
Series	[1/1] package/putty: security bump version to 0.74 \| expand [1/1] package/putty: security bump version to 0.74

Message ID

20200630054929.439626-1-bernd.kuhls@t-online.de

State

Accepted

Headers

From: Bernd Kuhls <bernd.kuhls@t-online.de>
To: buildroot@buildroot.org
Date: Tue, 30 Jun 2020 07:49:29 +0200
Message-Id: <20200630054929.439626-1-bernd.kuhls@t-online.de>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/1] package/putty: security bump version to 0.74
Precedence: list
Cc: Alexander Dahl <post@lespocky.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Series

[1/1] package/putty: security bump version to 0.74 | expand

Commit Message

Bernd Kuhls June 30, 2020, 5:49 a.m. UTC

Reformatted hashes, added md5 hash provided by upstream.

Release notes:
https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html

Fixes CVE-2020-14002:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14002

Updated license hash due to upstream commits adding copyright holders
and bumping the copyright year:
https://git.tartarus.org/?p=simon/putty.git;a=history;f=LICENCE;h=3e1d146289644749b3578f610c74715fa1c6bf0d;hb=HEAD

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 package/putty/putty.hash | 11 ++++++-----
 package/putty/putty.mk   |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

Comments

Alexander Dahl June 30, 2020, 7:04 a.m. UTC | #1

Hello Bernd,

On Tue, Jun 30, 2020 at 07:49:29AM +0200, Bernd Kuhls wrote:
> Reformatted hashes, added md5 hash provided by upstream.
> 
> Release notes:
> https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html
> 
> Fixes CVE-2020-14002:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14002
> 
> Updated license hash due to upstream commits adding copyright holders
> and bumping the copyright year:
> https://git.tartarus.org/?p=simon/putty.git;a=history;f=LICENCE;h=3e1d146289644749b3578f610c74715fa1c6bf0d;hb=HEAD
> 
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Reviewed-by: Alexander Dahl <post@lespocky.de>

Thanks 
Alex

> ---
>  package/putty/putty.hash | 11 ++++++-----
>  package/putty/putty.mk   |  2 +-
>  2 files changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/package/putty/putty.hash b/package/putty/putty.hash
> index 8600281efc..3885cef9b8 100644
> --- a/package/putty/putty.hash
> +++ b/package/putty/putty.hash
> @@ -1,7 +1,8 @@
> -# Hashes from: http://the.earth.li/~sgtatham/putty/0.73/{sha1,sha256,sha512}sums
> -sha1 17daebb82e476adfd578f6934c28f4d2c209b7d8  putty-0.73.tar.gz
> -sha256 3db0b5403fb41aecd3aa506611366650d927650b6eb3d839ad4dcc782519df1c  putty-0.73.tar.gz
> -sha512 4ada4b8c6d68be44afede2676bc661fedfd1ea0b574b8232ad9aaa6f3a48baa9f4f0ded2955b3f2677a14db85a508f53c965cb00fcd7538a1ed9844031f0c5e5  putty-0.73.tar.gz
> +# Hashes from: http://the.earth.li/~sgtatham/putty/0.74/{md5,sha1,sha256,sha512}sums
> +md5  dbfa58f22a91b22b7489173e9dd09e30  putty-0.74.tar.gz
> +sha1  17b160e9720f67f9af9399d7d185b913b81f18fe  putty-0.74.tar.gz
> +sha256  ddd5d388e51dd9e6e294005b30037f6ae802239a44c9dc9808c779e6d11b847d  putty-0.74.tar.gz
> +sha512  0da86849ea764cd88643bd2c1984ac7211ae72dd7c41232307b1960a29ca9518044b022d87c60272d6db71a3357026862a112bedb90ee732b41494fca3acde9b  putty-0.74.tar.gz
>  
>  # Locally calculated
> -sha256 b517b4a9504ba0f651d5e590245197b88d9a81d073905cc798cc9464c5ca7ba8  LICENCE
> +sha256  92028b6d56212bd3e4ce6a36bd2e2454851dca7e8ffe4c6ab51385ca214ca322  LICENCE
> diff --git a/package/putty/putty.mk b/package/putty/putty.mk
> index 5313a4f8be..8f9564bc38 100644
> --- a/package/putty/putty.mk
> +++ b/package/putty/putty.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -PUTTY_VERSION = 0.73
> +PUTTY_VERSION = 0.74
>  PUTTY_SITE = http://the.earth.li/~sgtatham/putty/$(PUTTY_VERSION)
>  PUTTY_LICENSE = MIT
>  PUTTY_LICENSE_FILES = LICENCE
> -- 
> 2.26.2

Thomas Petazzoni July 14, 2020, 1:09 p.m. UTC | #2

On Tue, 30 Jun 2020 07:49:29 +0200
Bernd Kuhls <bernd.kuhls@t-online.de> wrote:

> Reformatted hashes, added md5 hash provided by upstream.
> 
> Release notes:
> https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html
> 
> Fixes CVE-2020-14002:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14002
> 
> Updated license hash due to upstream commits adding copyright holders
> and bumping the copyright year:
> https://git.tartarus.org/?p=simon/putty.git;a=history;f=LICENCE;h=3e1d146289644749b3578f610c74715fa1c6bf0d;hb=HEAD
> 
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
>  package/putty/putty.hash | 11 ++++++-----
>  package/putty/putty.mk   |  2 +-
>  2 files changed, 7 insertions(+), 6 deletions(-)

Applied to master, thanks.

Thomas

Peter Korsgaard July 21, 2020, 9:13 p.m. UTC | #3

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Reformatted hashes, added md5 hash provided by upstream.
 > Release notes:
 > https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html

 > Fixes CVE-2020-14002:
 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14002

 > Updated license hash due to upstream commits adding copyright holders
 > and bumping the copyright year:
 > https://git.tartarus.org/?p=simon/putty.git;a=history;f=LICENCE;h=3e1d146289644749b3578f610c74715fa1c6bf0d;hb=HEAD

 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Committed to 2020.02.x and 2020.05.x, thanks.

diff --git a/package/putty/putty.hash b/package/putty/putty.hash
index 8600281efc..3885cef9b8 100644
--- a/package/putty/putty.hash
+++ b/package/putty/putty.hash
@@ -1,7 +1,8 @@ 
-# Hashes from: http://the.earth.li/~sgtatham/putty/0.73/{sha1,sha256,sha512}sums
-sha1 17daebb82e476adfd578f6934c28f4d2c209b7d8  putty-0.73.tar.gz
-sha256 3db0b5403fb41aecd3aa506611366650d927650b6eb3d839ad4dcc782519df1c  putty-0.73.tar.gz
-sha512 4ada4b8c6d68be44afede2676bc661fedfd1ea0b574b8232ad9aaa6f3a48baa9f4f0ded2955b3f2677a14db85a508f53c965cb00fcd7538a1ed9844031f0c5e5  putty-0.73.tar.gz
+# Hashes from: http://the.earth.li/~sgtatham/putty/0.74/{md5,sha1,sha256,sha512}sums
+md5  dbfa58f22a91b22b7489173e9dd09e30  putty-0.74.tar.gz
+sha1  17b160e9720f67f9af9399d7d185b913b81f18fe  putty-0.74.tar.gz
+sha256  ddd5d388e51dd9e6e294005b30037f6ae802239a44c9dc9808c779e6d11b847d  putty-0.74.tar.gz
+sha512  0da86849ea764cd88643bd2c1984ac7211ae72dd7c41232307b1960a29ca9518044b022d87c60272d6db71a3357026862a112bedb90ee732b41494fca3acde9b  putty-0.74.tar.gz
 
 # Locally calculated
-sha256 b517b4a9504ba0f651d5e590245197b88d9a81d073905cc798cc9464c5ca7ba8  LICENCE
+sha256  92028b6d56212bd3e4ce6a36bd2e2454851dca7e8ffe4c6ab51385ca214ca322  LICENCE
diff --git a/package/putty/putty.mk b/package/putty/putty.mk
index 5313a4f8be..8f9564bc38 100644
--- a/package/putty/putty.mk
+++ b/package/putty/putty.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-PUTTY_VERSION = 0.73
+PUTTY_VERSION = 0.74
 PUTTY_SITE = http://the.earth.li/~sgtatham/putty/$(PUTTY_VERSION)
 PUTTY_LICENSE = MIT
 PUTTY_LICENSE_FILES = LICENCE

[1/1] package/putty: security bump version to 0.74

Commit Message

Comments

Patch