[Buildroot] [PATCH] gnutls: security bump to 3.6.7.1

Thomas Petazzoni thomas.petazzoni at bootlin.com
Wed Apr 3 19:56:16 UTC 2019


Hello Stefan,

On Wed, 3 Apr 2019 08:11:35 +0000
"Sørensen, Stefan" <Stefan.Sorensen at spectralink.com> wrote:

> On Wed, 2019-04-03 at 10:01 +0200, Peter Korsgaard wrote:
> 
> > These issues were fixed in 3.6.7, weren't they? I don't see 3.6.7.1
> > announced yet, what is the delta?  
> 
> Guess I might have jumped the gun a bit...
> 
> Only change is that a file was missing from the release tarball:
> https://gitlab.com/gnutls/gnutls/issues/745

There is a 3.6.7.1 tarball: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/

However, your patch breaks legal-info for gnutls:

ERROR: doc/COPYING has wrong sha256 hash:
ERROR: expected: 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903
ERROR: got     : e79e9c8a0c85d735ff98185918ec94ed7d175efc377012787aebcf3b80f0d90b
ERROR: Incomplete download, or man-in-the-middle (MITM) attack

Note: don't do just a hash update: compare the COPYING file
before/after the bump, and document the change in the commit log to
explain why the hash has changed.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list