]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a2e443) | patch
gnutls: Upgrade 3.8.2 -> 3.8.3
authorSimone Weiß <simone.p.weiss@posteo.com>
Sun, 28 Jan 2024 18:47:41 +0000 (18:47 +0000)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 30 Jan 2024 15:15:30 +0000 (15:15 +0000)
commit705d2972b38efc9f331e3635c07ca92f8812b365
treec55df0ee5c9a5b2d571019c0349c40985d930484tree
parent6a2e44340c8ae2a60e33696ad944e327a24479d5commit | diff
gnutls: Upgrade 3.8.2 -> 3.8.3

Upgrade version to adress recent CVE findings.

Changelog
=========
** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange
   [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553]

** libgnutls: Fix assertion failure when verifying a certificate chain with a
   cycle of cross signatures
   [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567]

** libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token
   certtool was unable to handle Ed25519 keys generated on PKCS#11
   with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2.

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/gnutls/gnutls_3.8.3.bb [moved from meta/recipes-support/gnutls/gnutls_3.8.2.bb with 97% similarity] diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib