[Buildroot] [git commit branch/2024.02.x] package/libtasn1: security bump to version 4.20.0
Peter Korsgaard
peter at korsgaard.com
Tue Feb 18 08:19:50 UTC 2025
commit: https://git.buildroot.net/buildroot/commit/?id=7cd02fa986c6c986f8fc299105f1a0c9339b5294
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2024.02.x
Fixes the following security vulnerability:
CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET
https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html
Adjust the license files after upstream moved the license clarification to
README.md and moved the COPYING* files top the top level directory /
slightly updated the COPYING* files (http->https) with:
https://gitlab.com/gnutls/libtasn1/-/commit/73cc886c3ff29c326a5f1a10b3127d521574a1ad
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Julien Olivain <ju.o at free.fr>
(cherry picked from commit 2867f4be4248ed9ec6432168b7b75bd42f972be6)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/libtasn1/libtasn1.hash | 10 +++++-----
package/libtasn1/libtasn1.mk | 4 ++--
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/package/libtasn1/libtasn1.hash b/package/libtasn1/libtasn1.hash
index 4bcb6a3feb..b9c9dad131 100644
--- a/package/libtasn1/libtasn1.hash
+++ b/package/libtasn1/libtasn1.hash
@@ -1,7 +1,7 @@
# Locally calculated after checking pgp signature
-# https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz.sig
-sha256 1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a libtasn1-4.19.0.tar.gz
+# https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.20.0.tar.gz.sig
+sha256 92e0e3bd4c02d4aeee76036b2ddd83f0c732ba4cda5cb71d583272b23587a76c libtasn1-4.20.0.tar.gz
# Locally calculated
-sha256 7446831f659f7ebfd8d497acc7f05dfa8e31c6cb6ba1b45df33d4895ab80f5a6 COPYING
-sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 doc/COPYING
-sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 doc/COPYING.LESSER
+sha256 990ef6a87f29a9d3db33698b94ea026a5d0f81bbf9806333d73699a250b7e5d6 README.md
+sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 COPYING
+sha256 20e50fe7aae3e56378ebf0417d9de904f55a0e61e4df315333e632a4d3555d95 COPYING.LESSERv2
diff --git a/package/libtasn1/libtasn1.mk b/package/libtasn1/libtasn1.mk
index 3af1bcdcbb..3154e500f1 100644
--- a/package/libtasn1/libtasn1.mk
+++ b/package/libtasn1/libtasn1.mk
@@ -4,11 +4,11 @@
#
################################################################################
-LIBTASN1_VERSION = 4.19.0
+LIBTASN1_VERSION = 4.20.0
LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1
LIBTASN1_DEPENDENCIES = host-bison host-pkgconf
LIBTASN1_LICENSE = GPL-3.0+ (tests, tools), LGPL-2.1+ (library)
-LIBTASN1_LICENSE_FILES = COPYING doc/COPYING doc/COPYING.LESSER
+LIBTASN1_LICENSE_FILES = README.md COPYING COPYING.LESSERv2
LIBTASN1_CPE_ID_VENDOR = gnu
LIBTASN1_INSTALL_STAGING = YES
More information about the buildroot
mailing list