[Buildroot] [PATCH 1/1] package/botan: security bump to version 3.3.0
Fabrice Fontaine
fontaine.fabrice at gmail.com
Sun Apr 7 17:09:36 UTC 2024
- Fix a potential denial of service caused by accepting arbitrary
length primes as potential elliptic curve parameters in ASN.1
encodings. With very large inputs the primality verification
can become computationally expensive. Now any prime field larger
than 1024 bits is rejected immediately.
https://botan.randombit.net/news.html#version-3-3-0-2024-02-20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
package/botan/botan.hash | 2 +-
package/botan/botan.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/botan/botan.hash b/package/botan/botan.hash
index 840191aa4b..37e00ea9cc 100644
--- a/package/botan/botan.hash
+++ b/package/botan/botan.hash
@@ -1,4 +1,4 @@
# From https://botan.randombit.net/releases/sha256sums.txt
-sha256 049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3 Botan-3.2.0.tar.xz
+sha256 368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9 Botan-3.3.0.tar.xz
# Locally computed
sha256 1833cde7c7cc03296b1ef2ddc178b1cd7fd1c476840f32cf6aedb09ab0bc9004 license.txt
diff --git a/package/botan/botan.mk b/package/botan/botan.mk
index 95352ea41b..e0bd258f57 100644
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@@ -4,7 +4,7 @@
#
################################################################################
-BOTAN_VERSION = 3.2.0
+BOTAN_VERSION = 3.3.0
BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2-Clause
--
2.43.0
More information about the buildroot
mailing list