[Buildroot] [PATCH 1/1] package/botan: security bump to version 3.3.0
Arnout Vandecappelle
arnout at mind.be
Sun Apr 7 19:45:55 UTC 2024
On 07/04/2024 19:09, Fabrice Fontaine wrote:
> - Fix a potential denial of service caused by accepting arbitrary
> length primes as potential elliptic curve parameters in ASN.1
> encodings. With very large inputs the primality verification
> can become computationally expensive. Now any prime field larger
> than 1024 bits is rejected immediately.
>
> https://botan.randombit.net/news.html#version-3-3-0-2024-02-20
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> package/botan/botan.hash | 2 +-
> package/botan/botan.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/botan/botan.hash b/package/botan/botan.hash
> index 840191aa4b..37e00ea9cc 100644
> --- a/package/botan/botan.hash
> +++ b/package/botan/botan.hash
> @@ -1,4 +1,4 @@
> # From https://botan.randombit.net/releases/sha256sums.txt
> -sha256 049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3 Botan-3.2.0.tar.xz
> +sha256 368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9 Botan-3.3.0.tar.xz
> # Locally computed
> sha256 1833cde7c7cc03296b1ef2ddc178b1cd7fd1c476840f32cf6aedb09ab0bc9004 license.txt
> diff --git a/package/botan/botan.mk b/package/botan/botan.mk
> index 95352ea41b..e0bd258f57 100644
> --- a/package/botan/botan.mk
> +++ b/package/botan/botan.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -BOTAN_VERSION = 3.2.0
> +BOTAN_VERSION = 3.3.0
> BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
> BOTAN_SITE = http://botan.randombit.net/releases
> BOTAN_LICENSE = BSD-2-Clause
More information about the buildroot
mailing list