kumquat-buildroot/package/putty/putty.hash
Peter Korsgaard 922132c39e package/putty: security bump to version 0.80
As described in the announcement, this fixes a security issue:

There is one security fix in this release:

 - Fix for a newly discovered security issue known as the 'Terrapin'
   attack, also numbered CVE-2023-48795. The issue affects widely-used
   OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305
   cipher system, and 'encrypt-then-MAC' mode.

   In order to benefit from the fix, you must be using a fixed version
   of PuTTY _and_ a server with the fix, so that they can agree to
   adopt a modified version of the protocol. Alternatively, you may be
   able to reconfigure PuTTY to avoid selecting any of the affected
   modes.

   If PuTTY 0.80 connects to an SSH server without the fix, it will
   warn you if the initial protocol negotiation chooses an insecure
   mode to run the connection in, so that you can abandon the
   connection. If it's possible to alter PuTTY's configuration to
   avoid the problem, then the warning message will tell you how to do
   it.

https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-23 15:14:08 +01:00

8 lines
499 B
Plaintext

# Hashes from: http://the.earth.li/~sgtatham/putty/0.80/{sha1,sha256,sha512}sums
sha1 9c4a96f63ee3e927472191c935cc89228693c03a putty-0.80.tar.gz
sha256 2013c83a721b1753529e9090f7c3830e8fe4c80a070ccce764539badb3f67081 putty-0.80.tar.gz
sha512 c8a6b6fa54ecd8bcf4ec274fef51343dd9996e6458b250b5555c4dc88ded25e87f97277da482c29858510e65635112d541f559ab683635bd950572d850129f90 putty-0.80.tar.gz
# Locally calculated
sha256 7ede37f344ee03436c155a375ecb6cdb42a77105baa6e7804bf43260dc4a0c54 LICENCE