package/gnutls: security bump to 3.6.13

Fixes the following security issue:

 * CVE-2020-11501: It was found that GnuTLS 3.6.3 introduced a
   regression in the DTLS protocol implementation. This caused the DTLS
   client to not contribute any randomness to the DTLS negotiation
   breaking the security guarantees of the DTLS protocol.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

diff --git a/package/gnutls/gnutls.hash b/package/gnutls/gnutls.hash
index c8a1e1cbca3f4f6e5dec1897b292b4c8114fd0a7..99279bfb6b757f28f81d7de536908908bc164b3c 100644 (file)
--- a/package/gnutls/gnutls.hash
+++ b/package/gnutls/gnutls.hash
@@ -1,6 +1,6 @@
 # Locally calculated after checking pgp signature
-# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.10.tar.xz.sig
-sha256 b1f3ca67673b05b746a961acf2243eaae0ffe658b6a6494265c648e7c7812293        gnutls-3.6.10.tar.xz
+# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.13.tar.xz.sig
+sha256 32041df447d9f4644570cf573c9f60358e865637d69b7e59d1159b7240b52f38        gnutls-3.6.13.tar.xz
 # Locally calculated
 sha256 e79e9c8a0c85d735ff98185918ec94ed7d175efc377012787aebcf3b80f0d90b        doc/COPYING
 sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3        doc/COPYING.LESSER

diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk
index efdcd21d9d8333e28bfa11f47092a7f81c93edc0..a1dfce62a247e537b29cdaeba7494191ceaa6ce5 100644 (file)
--- a/package/gnutls/gnutls.mk
+++ b/package/gnutls/gnutls.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 GNUTLS_VERSION_MAJOR = 3.6
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).10
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).13
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
 GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPL-2.1+ (core library)