From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Wed, 15 Oct 2025 16:23:10 +0200
Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1v92PG-0087ot-0c
	for lore@lore.pengutronix.de;
	Wed, 15 Oct 2025 16:23:10 +0200
Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de)
	by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1v92PF-0006FO-PC; Wed, 15 Oct 2025 16:23:09 +0200
Received: from dude04.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::ac])
 by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
 (envelope-from <s.pueschel@pengutronix.de>)
 id 1v92PD-0006FA-K9; Wed, 15 Oct 2025 16:23:07 +0200
From: =?UTF-8?q?Sven=20P=C3=BCschel?= <s.pueschel@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Wed, 15 Oct 2025 16:22:48 +0200
Message-ID: <20251015142306.3817297-1-s.pueschel@pengutronix.de>
X-Mailer: git-send-email 2.47.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: [ptxdist] [PATCH] libtasn1: version bump 4.19.0 -> 4.20.0
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <https://metis.pengutronix.de/mailman/options/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <https://metis.pengutronix.de/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <https://metis.pengutronix.de/mailman/listinfo/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: =?UTF-8?q?Sven=20P=C3=BCschel?= <s.pueschel@pengutronix.de>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false

This release fixes CVE-2024-12133: Potential DoS in handling of
numerous SEQUENCE OF or SET OF elements.

Also the licenses were split into separate license files. Based on the
source code the or-later licenses have been selected.

https://gitlab.com/gnutls/libtasn1/-/blob/a3d48c2d9845e54e099769242366d47c09c8464e/NEWS#L8

Signed-off-by: Sven Püschel <s.pueschel@pengutronix.de>
---
 rules/libtasn1.make | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/rules/libtasn1.make b/rules/libtasn1.make
index ce06ddfe4..440986d00 100644
--- a/rules/libtasn1.make
+++ b/rules/libtasn1.make
@@ -14,16 +14,19 @@ PACKAGES-$(PTXCONF_LIBTASN1) += libtasn1
 #
 # Paths and names
 #
-LIBTASN1_VERSION	:= 4.19.0
-LIBTASN1_MD5		:= f701ab57eb8e7d9c105b2cd5d809b29a
+LIBTASN1_VERSION	:= 4.20.0
+LIBTASN1_MD5		:= 930f71d788cf37505a0327c1b84741be
 LIBTASN1		:= libtasn1-$(LIBTASN1_VERSION)
 LIBTASN1_SUFFIX		:= tar.gz
 LIBTASN1_URL		:= $(call ptx/mirror, GNU, libtasn1/$(LIBTASN1).$(LIBTASN1_SUFFIX))
 LIBTASN1_SOURCE		:= $(SRCDIR)/$(LIBTASN1).$(LIBTASN1_SUFFIX)
 LIBTASN1_DIR		:= $(BUILDDIR)/$(LIBTASN1)
-LIBTASN1_LICENSE	:= LGPL-2.1-only AND GPL-3.0-only
+LIBTASN1_LICENSE	:= GPL-3.0-or-later or LGPL-2.1-or-later
 LIBTASN1_LICENSE_FILES	:= \
-	file://COPYING;md5=75ac100ec923f959898182307970c360
+	file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
+	file://COPYING.LESSERv2;md5=4bf661c1e3793e55c8d1051bc5e0ae21 \
+	file://src/asn1Decoding.c;startline=2;endline=19;md5=0f8220e37b07ef6094c916bf78630262 \
+	file://lib/decoding.c;startline=1;endline=19;md5=c157bbdf0f0275a2f313aee933e95aa7
 
 # ----------------------------------------------------------------------------
 # Prepare
@@ -35,13 +38,15 @@ LIBTASN1_LICENSE_FILES	:= \
 LIBTASN1_CONF_TOOL := autoconf
 LIBTASN1_CONF_OPT := \
 	$(CROSS_AUTOCONF_USR) \
+	$(GLOBAL_LARGE_FILE_OPTION) \
 	--disable-doc \
 	--disable-gtk-doc \
 	--disable-gtk-doc-html \
 	--disable-gtk-doc-pdf \
 	--disable-valgrind-tests \
 	--disable-code-coverage \
-	--disable-gcc-warnings
+	--disable-gcc-warnings \
+	--$(call ptx/endis, PTXDIST_Y2038)-year2038
 
 # ----------------------------------------------------------------------------
 # Target-Install
-- 
2.47.3