From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Mon, 6 Mar 2017 14:55:06 +0000 (-0300)
Subject: gnutls: security bump to version 3.5.10
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=6fdb2b109bdec24ea426e0a6786ced7dbb591732;p=buildroot.git

gnutls: security bump to version 3.5.10

Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---

diff --git a/package/gnutls/gnutls.hash b/package/gnutls/gnutls.hash
index 156d2aa94d..64b86d7599 100644
--- a/package/gnutls/gnutls.hash
+++ b/package/gnutls/gnutls.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	82b10f0c4ef18f4e64ad8cef5dbaf14be732f5095a41cf366b4ecb4050382951	gnutls-3.5.9.tar.xz
+sha256	af443e86ba538d4d3e37c4732c00101a492fe4b56a55f4112ff0ab39dbe6579d	gnutls-3.5.10.tar.xz
diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk
index 932c0fab0c..be1cf00e06 100644
--- a/package/gnutls/gnutls.mk
+++ b/package/gnutls/gnutls.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 GNUTLS_VERSION_MAJOR = 3.5
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).9
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).10
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
 GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPLv2.1+ (core library), GPLv3+ (gnutls-openssl library)