Message ID | 20210713135344.1196117-1-francois.perrad@gadz.org |
---|---|
State | Accepted |
Headers | show |
Series | package/nettle: bump to version 3.7.3 | expand |
On Tue, 13 Jul 2021 15:53:44 +0200 Francois Perrad <fperrad@gmail.com> wrote: > Signed-off-by: Francois Perrad <francois.perrad@gadz.org> > --- > package/nettle/nettle.hash | 4 ++-- > package/nettle/nettle.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) Applied to master, thanks. Thomas
>>>>> "Francois" == Francois Perrad <fperrad@gmail.com> writes: > Signed-off-by: Francois Perrad <francois.perrad@gadz.org> It would have been good to mention that this is an important bugfix and should be backported, E.G. from the announcement: This is bugfix release, fixing bugs that could make the RSA decryption functions crash on invalid inputs. Upgrading to the new version is strongly recommended. For applications that want to support older versions of Nettle, the bug can be worked around by adding a check that the RSA ciphertext is in the range 0 < ciphertext < n, before attempting to decrypt it. Thanks to Paul Schaub and Justus Winter for reporting these problems. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.4 and libhogweed.so.6.4, with sonames libnettle.so.8 and libhogweed.so.6. https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html Committed to 2021.02.x and 2021.05.x with the commit message extended, thanks.
diff --git a/package/nettle/nettle.hash b/package/nettle/nettle.hash index 09652dcc8..cd32ad442 100644 --- a/package/nettle/nettle.hash +++ b/package/nettle/nettle.hash @@ -1,6 +1,6 @@ # Locally calculated after checking pgp signature -# https://ftp.gnu.org/gnu/nettle/nettle-3.7.2.tar.gz.sig -sha256 8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162 nettle-3.7.2.tar.gz +# https://ftp.gnu.org/gnu/nettle/nettle-3.7.3.tar.gz.sig +sha256 661f5eb03f048a3b924c3a8ad2515d4068e40f67e774e8a26827658007e3bcf0 nettle-3.7.3.tar.gz # Locally calculated sha256 a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c COPYING.LESSERv3 sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYINGv2 diff --git a/package/nettle/nettle.mk b/package/nettle/nettle.mk index bf833eb27..3dbd0cb94 100644 --- a/package/nettle/nettle.mk +++ b/package/nettle/nettle.mk @@ -4,7 +4,7 @@ # ################################################################################ -NETTLE_VERSION = 3.7.2 +NETTLE_VERSION = 3.7.3 NETTLE_SITE = http://www.lysator.liu.se/~nisse/archive NETTLE_DEPENDENCIES = gmp NETTLE_INSTALL_STAGING = YES
Signed-off-by: Francois Perrad <francois.perrad@gadz.org> --- package/nettle/nettle.hash | 4 ++-- package/nettle/nettle.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)