* [ptxdist] [PATCH] libtasn1: version bump 4.19.0 -> 4.20.0
@ 2025-10-15 14:22 Sven Püschel
2025-10-19 12:05 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Sven Püschel @ 2025-10-15 14:22 UTC (permalink / raw)
To: ptxdist; +Cc: Sven Püschel
This release fixes CVE-2024-12133: Potential DoS in handling of
numerous SEQUENCE OF or SET OF elements.
Also the licenses were split into separate license files. Based on the
source code the or-later licenses have been selected.
https://gitlab.com/gnutls/libtasn1/-/blob/a3d48c2d9845e54e099769242366d47c09c8464e/NEWS#L8
Signed-off-by: Sven Püschel <s.pueschel@pengutronix.de>
---
rules/libtasn1.make | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/rules/libtasn1.make b/rules/libtasn1.make
index ce06ddfe4..440986d00 100644
--- a/rules/libtasn1.make
+++ b/rules/libtasn1.make
@@ -14,16 +14,19 @@ PACKAGES-$(PTXCONF_LIBTASN1) += libtasn1
#
# Paths and names
#
-LIBTASN1_VERSION := 4.19.0
-LIBTASN1_MD5 := f701ab57eb8e7d9c105b2cd5d809b29a
+LIBTASN1_VERSION := 4.20.0
+LIBTASN1_MD5 := 930f71d788cf37505a0327c1b84741be
LIBTASN1 := libtasn1-$(LIBTASN1_VERSION)
LIBTASN1_SUFFIX := tar.gz
LIBTASN1_URL := $(call ptx/mirror, GNU, libtasn1/$(LIBTASN1).$(LIBTASN1_SUFFIX))
LIBTASN1_SOURCE := $(SRCDIR)/$(LIBTASN1).$(LIBTASN1_SUFFIX)
LIBTASN1_DIR := $(BUILDDIR)/$(LIBTASN1)
-LIBTASN1_LICENSE := LGPL-2.1-only AND GPL-3.0-only
+LIBTASN1_LICENSE := GPL-3.0-or-later or LGPL-2.1-or-later
LIBTASN1_LICENSE_FILES := \
- file://COPYING;md5=75ac100ec923f959898182307970c360
+ file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
+ file://COPYING.LESSERv2;md5=4bf661c1e3793e55c8d1051bc5e0ae21 \
+ file://src/asn1Decoding.c;startline=2;endline=19;md5=0f8220e37b07ef6094c916bf78630262 \
+ file://lib/decoding.c;startline=1;endline=19;md5=c157bbdf0f0275a2f313aee933e95aa7
# ----------------------------------------------------------------------------
# Prepare
@@ -35,13 +38,15 @@ LIBTASN1_LICENSE_FILES := \
LIBTASN1_CONF_TOOL := autoconf
LIBTASN1_CONF_OPT := \
$(CROSS_AUTOCONF_USR) \
+ $(GLOBAL_LARGE_FILE_OPTION) \
--disable-doc \
--disable-gtk-doc \
--disable-gtk-doc-html \
--disable-gtk-doc-pdf \
--disable-valgrind-tests \
--disable-code-coverage \
- --disable-gcc-warnings
+ --disable-gcc-warnings \
+ --$(call ptx/endis, PTXDIST_Y2038)-year2038
# ----------------------------------------------------------------------------
# Target-Install
--
2.47.3
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [APPLIED] libtasn1: version bump 4.19.0 -> 4.20.0
2025-10-15 14:22 [ptxdist] [PATCH] libtasn1: version bump 4.19.0 -> 4.20.0 Sven Püschel
@ 2025-10-19 12:05 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2025-10-19 12:05 UTC (permalink / raw)
To: ptxdist; +Cc: Sven Püschel
Thanks, applied as 9d221d03308ddc1d5af2b7abda0386c82db3b48b.
Michael
[sent from post-receive hook]
On Sun, 19 Oct 2025 14:05:34 +0200, Sven Püschel <s.pueschel@pengutronix.de> wrote:
> This release fixes CVE-2024-12133: Potential DoS in handling of
> numerous SEQUENCE OF or SET OF elements.
>
> Also the licenses were split into separate license files. Based on the
> source code the or-later licenses have been selected.
>
> https://gitlab.com/gnutls/libtasn1/-/blob/a3d48c2d9845e54e099769242366d47c09c8464e/NEWS#L8
>
> Signed-off-by: Sven Püschel <s.pueschel@pengutronix.de>
> Message-Id: <20251015142306.3817297-1-s.pueschel@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/libtasn1.make b/rules/libtasn1.make
> index ce06ddfe4687..440986d00247 100644
> --- a/rules/libtasn1.make
> +++ b/rules/libtasn1.make
> @@ -14,16 +14,19 @@ PACKAGES-$(PTXCONF_LIBTASN1) += libtasn1
> #
> # Paths and names
> #
> -LIBTASN1_VERSION := 4.19.0
> -LIBTASN1_MD5 := f701ab57eb8e7d9c105b2cd5d809b29a
> +LIBTASN1_VERSION := 4.20.0
> +LIBTASN1_MD5 := 930f71d788cf37505a0327c1b84741be
> LIBTASN1 := libtasn1-$(LIBTASN1_VERSION)
> LIBTASN1_SUFFIX := tar.gz
> LIBTASN1_URL := $(call ptx/mirror, GNU, libtasn1/$(LIBTASN1).$(LIBTASN1_SUFFIX))
> LIBTASN1_SOURCE := $(SRCDIR)/$(LIBTASN1).$(LIBTASN1_SUFFIX)
> LIBTASN1_DIR := $(BUILDDIR)/$(LIBTASN1)
> -LIBTASN1_LICENSE := LGPL-2.1-only AND GPL-3.0-only
> +LIBTASN1_LICENSE := GPL-3.0-or-later or LGPL-2.1-or-later
> LIBTASN1_LICENSE_FILES := \
> - file://COPYING;md5=75ac100ec923f959898182307970c360
> + file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
> + file://COPYING.LESSERv2;md5=4bf661c1e3793e55c8d1051bc5e0ae21 \
> + file://src/asn1Decoding.c;startline=2;endline=19;md5=0f8220e37b07ef6094c916bf78630262 \
> + file://lib/decoding.c;startline=1;endline=19;md5=c157bbdf0f0275a2f313aee933e95aa7
>
> # ----------------------------------------------------------------------------
> # Prepare
> @@ -35,13 +38,15 @@ LIBTASN1_LICENSE_FILES := \
> LIBTASN1_CONF_TOOL := autoconf
> LIBTASN1_CONF_OPT := \
> $(CROSS_AUTOCONF_USR) \
> + $(GLOBAL_LARGE_FILE_OPTION) \
> --disable-doc \
> --disable-gtk-doc \
> --disable-gtk-doc-html \
> --disable-gtk-doc-pdf \
> --disable-valgrind-tests \
> --disable-code-coverage \
> - --disable-gcc-warnings
> + --disable-gcc-warnings \
> + --$(call ptx/endis, PTXDIST_Y2038)-year2038
>
> # ----------------------------------------------------------------------------
> # Target-Install
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-10-19 12:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-15 14:22 [ptxdist] [PATCH] libtasn1: version bump 4.19.0 -> 4.20.0 Sven Püschel
2025-10-19 12:05 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox