@@ -1,6 +1,6 @@
# Locally calculated after checking pgp signature
-# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.2.tar.xz.sig
-sha256 e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77 gnutls-3.8.2.tar.xz
+# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.3.tar.xz.sig
+sha256 f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e gnutls-3.8.3.tar.xz
# Locally calculated
sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 doc/COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 doc/COPYING.LESSER
@@ -6,7 +6,7 @@
# When bumping, make sure *all* --without-libfoo-prefix options are in GNUTLS_CONF_OPTS
GNUTLS_VERSION_MAJOR = 3.8
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).2
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).3
GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
GNUTLS_LICENSE = LGPL-2.1+ (core library)
see CVE-2024-0553: Fix more timing side-channel inside RSA-PSK key exchange see CVE-2024-0567: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures Signed-off-by: Francois Perrad <francois.perrad@gadz.org> --- package/gnutls/gnutls.hash | 4 ++-- package/gnutls/gnutls.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)