Message ID | 20230611133401.8977-1-ju.o@free.fr |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/dmidecode: bump to version 3.5 | expand |
>>>>> "Julien" == Julien Olivain <ju.o@free.fr> writes: > For change log, see: > https://git.savannah.gnu.org/cgit/dmidecode.git/tree/NEWS?h=dmidecode-3-5 > Note: this patch also adds a comment about pgp signature verification in > the hash file. > Signed-off-by: Julien Olivain <ju.o@free.fr> Committed, thanks.
>>>>> "Julien" == Julien Olivain <ju.o@free.fr> writes: > For change log, see: > https://git.savannah.gnu.org/cgit/dmidecode.git/tree/NEWS?h=dmidecode-3-5 > Note: this patch also adds a comment about pgp signature verification in > the hash file. > Signed-off-by: Julien Olivain <ju.o@free.fr> Turns out that this fixes a security issue, so it should have ideally been marked as a security bump: https://security-tracker.debian.org/tracker/CVE-2023-30630
diff --git a/package/dmidecode/dmidecode.hash b/package/dmidecode/dmidecode.hash index ec5484e667..654c4cc537 100644 --- a/package/dmidecode/dmidecode.hash +++ b/package/dmidecode/dmidecode.hash @@ -1,3 +1,4 @@ -# Locally computed -sha256 43cba851d8467c9979ccdbeab192eb6638c7d3a697eba5ddb779da8837542212 dmidecode-3.4.tar.xz +# Locally computed after checking pgp signature from: +# https://download.savannah.gnu.org/releases/dmidecode/dmidecode-3.5.tar.xz.sig +sha256 79d76735ee8e25196e2a722964cf9683f5a09581503537884b256b01389cc073 dmidecode-3.5.tar.xz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE diff --git a/package/dmidecode/dmidecode.mk b/package/dmidecode/dmidecode.mk index 352cdb106c..353978daa9 100644 --- a/package/dmidecode/dmidecode.mk +++ b/package/dmidecode/dmidecode.mk @@ -4,7 +4,7 @@ # ################################################################################ -DMIDECODE_VERSION = 3.4 +DMIDECODE_VERSION = 3.5 DMIDECODE_SOURCE = dmidecode-$(DMIDECODE_VERSION).tar.xz DMIDECODE_SITE = http://download.savannah.gnu.org/releases/dmidecode DMIDECODE_LICENSE = GPL-2.0+
For change log, see: https://git.savannah.gnu.org/cgit/dmidecode.git/tree/NEWS?h=dmidecode-3-5 Note: this patch also adds a comment about pgp signature verification in the hash file. Signed-off-by: Julien Olivain <ju.o@free.fr> --- package/dmidecode/dmidecode.hash | 5 +++-- package/dmidecode/dmidecode.mk | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-)