Message ID | 20230808172625.20598-1-ps.report@gmx.net |
---|---|
State | Accepted |
Headers | show |
Series | [v1] package/ntpsec: bump version to 1.2.2a (fixes CVE-2023-4012) | expand |
Hello Peter, On Tue, 8 Aug 2023 19:26:25 +0200 Peter Seiderer <ps.report@gmx.net> wrote: > Fixes CVE-2023-4012 (see [1] for details). > > [1] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a > > Signed-off-by: Peter Seiderer <ps.report@gmx.net> For security bumps, we like the commit title to be: package/ntpsec: security bump to version 1.2.2a and have the details of which CVE is addressed in the rest of the commit message. I fixed that up when applying to master. Thanks! Thomas
Hello Thomas, On Tue, 8 Aug 2023 20:08:44 +0200, Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > Hello Peter, > > On Tue, 8 Aug 2023 19:26:25 +0200 > Peter Seiderer <ps.report@gmx.net> wrote: > > > Fixes CVE-2023-4012 (see [1] for details). > > > > [1] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a > > > > Signed-off-by: Peter Seiderer <ps.report@gmx.net> > > For security bumps, we like the commit title to be: > > package/ntpsec: security bump to version 1.2.2a O.k. > > and have the details of which CVE is addressed in the rest of the > commit message. > > I fixed that up when applying to master. Thanks! Thanks for fixing (and applying)! Regards, Peter > > Thomas
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes: > Hello Peter, > On Tue, 8 Aug 2023 19:26:25 +0200 > Peter Seiderer <ps.report@gmx.net> wrote: >> Fixes CVE-2023-4012 (see [1] for details). >> >> [1] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a >> >> Signed-off-by: Peter Seiderer <ps.report@gmx.net> > For security bumps, we like the commit title to be: > package/ntpsec: security bump to version 1.2.2a > and have the details of which CVE is addressed in the rest of the > commit message. > I fixed that up when applying to master. Thanks! Committed to 2023.02.x and 2023.05.x, thanks.
diff --git a/package/ntpsec/ntpsec.hash b/package/ntpsec/ntpsec.hash index 44e04b2403..8d98b5c411 100644 --- a/package/ntpsec/ntpsec.hash +++ b/package/ntpsec/ntpsec.hash @@ -1,5 +1,5 @@ # Locally calculated -sha256 ad45f5b88d08a159bc9f44ecb79e08358d26d3d22bb6c96ab7aaa3734de130e6 ntpsec-NTPsec_1_2_2.tar.bz2 +sha256 ef901df5a05d486563db22f4d0dad3840a3bf5d0a9aceb8c3ecaeb396c67a805 ntpsec-NTPsec_1_2_2a.tar.bz2 sha256 899261d6eb6c922cf8f051225411f27b738ba0014be18c2eaf6afbf30d421bb1 LICENSES/BSD-2 sha256 5fe38d8724c53ff4e69f0a3492a368b4a6719700ac16f706efeb01a45c62f2b5 LICENSES/BSD-3 sha256 9ba9550ad48438d0836ddab3da480b3b69ffa0aac7b7878b5a0039e7ab429411 LICENSES/CC-BY-4.0 diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk index e612e982ec..f6262cdaca 100644 --- a/package/ntpsec/ntpsec.mk +++ b/package/ntpsec/ntpsec.mk @@ -4,7 +4,7 @@ # ################################################################################ -NTPSEC_VERSION = 1.2.2 +NTPSEC_VERSION = 1.2.2a NTPSEC_SOURCE = ntpsec-NTPsec_$(subst .,_,$(NTPSEC_VERSION)).tar.bz2 NTPSEC_SITE = https://gitlab.com/NTPsec/ntpsec/-/archive/NTPsec_$(subst .,_,$(NTPSEC_VERSION)) NTPSEC_LICENSE = BSD-2-Clause, NTP, BSD-3-Clause, MIT, CC-BY-4.0 (docs)
Fixes CVE-2023-4012 (see [1] for details). [1] https://gitlab.com/NTPsec/ntpsec/-/releases/NTPsec_1_2_2a Signed-off-by: Peter Seiderer <ps.report@gmx.net> --- package/ntpsec/ntpsec.hash | 2 +- package/ntpsec/ntpsec.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)