aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Baruch Siach <baruch@tkos.co.il>2016-08-18 10:39:11 +0300
committerGravatar Peter Korsgaard <peter@korsgaard.com>2016-08-18 10:57:45 +0200
commit4debfc914b6b94a41f8b8d53c452010032d048c2 (patch)
tree76d210fb2d1b9f9b2828495b894726010a2fa5de
parent55c74d6b974cc7508e9855e8579ddd2115c80b2b (diff)
downloadbuildroot-4debfc914b6b94a41f8b8d53c452010032d048c2.tar.gz
buildroot-4debfc914b6b94a41f8b8d53c452010032d048c2.tar.bz2
gnupg: security bump to version 1.4.21
Fixes CVE-2016-6313: An attacker who obtains 580 bytes from the standard RNG can trivially predict the next 20 bytes of output. Add cryptographically secure sha256 hash. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/gnupg/gnupg.hash6
-rw-r--r--package/gnupg/gnupg.mk2
2 files changed, 5 insertions, 3 deletions
diff --git a/package/gnupg/gnupg.hash b/package/gnupg/gnupg.hash
index f872d24d5c..8968b00d2b 100644
--- a/package/gnupg/gnupg.hash
+++ b/package/gnupg/gnupg.hash
@@ -1,2 +1,4 @@
-# From https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000382.html
-sha1 cbc9d960e3d8488c32675019a79fbfbf8680387e gnupg-1.4.20.tar.bz2
+# From https://lists.gnu.org/archive/html/info-gnu/2016-08/msg00008.html
+sha1 e3bdb585026f752ae91360f45c28e76e4a15d338 gnupg-1.4.21.tar.bz2
+# Locally computed
+sha256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 gnupg-1.4.21.tar.bz2
diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index 54f4d97365..182abd6709 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GNUPG_VERSION = 1.4.20
+GNUPG_VERSION = 1.4.21
GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
GNUPG_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
GNUPG_LICENSE = GPLv3+