kumquat-buildroot/package/libjwt/libjwt.hash
Fabrice Fontaine c65639ebd5 package/libjwt: security bump to version 1.17.0
- Use official tarball and so drop autoreconf
- Update hash of LICENSE file, verbatim copy of the current MPL 2.0 with
  ebebb5027f
- Fix CVE-2024-25189: libjwt 1.15.3 uses strcmp (which is not constant
  time) to verify authentication, which makes it easier to bypass
  authentication via a timing side channel.

https://github.com/benmcollins/libjwt/compare/v1.15.3...v1.17.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2024-05-09 16:15:44 +02:00

4 lines
197 B
Plaintext

# Locally computed
sha256 b8b257da9b64ba9075fce3a3f670ae02dee7fc95ab7009a2e1ad60905e3f8d48 libjwt-1.17.0.tar.bz2
sha256 3f3d9e0024b1921b067d6f7f88deb4a60cbe7a78e76c64e3f1d7fc3b779b9d04 LICENSE