package/libjwt: security bump to version 1.17.0
- Use official tarball and so drop autoreconf - Update hash of LICENSE file, verbatim copy of the current MPL 2.0 withebebb5027f
- Fix CVE-2024-25189: libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. https://github.com/benmcollins/libjwt/compare/v1.15.3...v1.17.0 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commitc65639ebd5
) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
f9b33bfacb
commit
a513846df7
@ -1,3 +1,3 @@
|
||||
# Locally computed
|
||||
sha256 cb2fd95123689e7d209a3a8c060e02f68341c9a5ded524c0cd881a8cd20d711f libjwt-1.15.3.tar.gz
|
||||
sha256 fab3dd6bdab226f1c08630b1dd917e11fcb4ec5e1e020e2c16f83a0a13863e85 LICENSE
|
||||
sha256 b8b257da9b64ba9075fce3a3f670ae02dee7fc95ab7009a2e1ad60905e3f8d48 libjwt-1.17.0.tar.bz2
|
||||
sha256 3f3d9e0024b1921b067d6f7f88deb4a60cbe7a78e76c64e3f1d7fc3b779b9d04 LICENSE
|
||||
|
@ -4,10 +4,10 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
LIBJWT_VERSION = 1.15.3
|
||||
LIBJWT_SITE = $(call github,benmcollins,libjwt,v$(LIBJWT_VERSION))
|
||||
LIBJWT_VERSION = 1.17.0
|
||||
LIBJWT_SITE = https://github.com/benmcollins/libjwt/releases/download/v$(LIBJWT_VERSION)
|
||||
LIBJWT_SOURCE = libjwt-$(LIBJWT_VERSION).tar.bz2
|
||||
LIBJWT_DEPENDENCIES = host-pkgconf jansson
|
||||
LIBJWT_AUTORECONF = YES
|
||||
LIBJWT_INSTALL_STAGING = YES
|
||||
LIBJWT_LICENSE = MPL-2.0
|
||||
LIBJWT_LICENSE_FILES = LICENSE
|
||||
|
Loading…
Reference in New Issue
Block a user