package/botan: security bump to version 2.19.3

Fix CVE-2022-43705: In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w https://github.com/randombit/botan/blob/2.19.3/news.rst Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-12-06 23:12:20 +01:00 · 2022-12-06 23:12:20 +01:00 · f276188ef7
commit f276188ef7
parent 090d126da8
2 changed files with 2 additions and 2 deletions
--- a/package/botan/botan.hash
+++ b/package/botan/botan.hash
@ -1,4 +1,4 @@
 # From https://botan.randombit.net/releases/sha256sums.txt
-sha256  3af5f17615c6b5cd8b832d269fb6cb4d54ec64f9eb09ddbf1add5093941b4d75  Botan-2.19.2.tar.xz
+sha256  dae047f399c5a47f087db5d3d9d9e8f11ae4985d14c928d71da1aff801802d55  Botan-2.19.3.tar.xz
 # Locally computed
 sha256  472faf6d2231130382779f96de506be19296473750356449fc426ddc9cb03b50  license.txt
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-BOTAN_VERSION = 2.19.2
+BOTAN_VERSION = 2.19.3
 BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
 BOTAN_SITE = http://botan.randombit.net/releases
 BOTAN_LICENSE = BSD-2-Clause