NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/botan: security bump to version 3.3.0

Browse Source 
- Fix a potential denial of service caused by accepting arbitrary
  length primes as potential elliptic curve parameters in ASN.1
  encodings. With very large inputs the primality verification
  can become computationally expensive. Now any prime field larger
  than 1024 bits is rejected immediately.

https://botan.randombit.net/news.html#version-3-3-0-2024-02-20

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 2fcc74594c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2024-04-07 19:09:36 +02:00 committed by Peter Korsgaard
parent bb94d3d0fb
commit 8c2144727c
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/botan/botan.hash
View File

@ -1,4 +1,4 @@
# From https://botan.randombit.net/releases/sha256sums.txt
sha256 049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3 Botan-3.2.0.tar.xz
sha256 368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9 Botan-3.3.0.tar.xz
# Locally computed
sha256 1833cde7c7cc03296b1ef2ddc178b1cd7fd1c476840f32cf6aedb09ab0bc9004 license.txt

2
package/botan/botan.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
BOTAN_VERSION = 3.2.0
BOTAN_VERSION = 3.3.0
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2-Clause