* [Buildroot] [PATCH] package/libnss: bump to version 3.78
@ 2022-05-01 0:07 Giulio Benetti
2022-05-02 21:52 ` Arnout Vandecappelle
0 siblings, 1 reply; 3+ messages in thread
From: Giulio Benetti @ 2022-05-01 0:07 UTC (permalink / raw)
To: buildroot; +Cc: Joseph Kogut, Giulio Benetti
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
---
package/libnss/libnss.hash | 4 ++--
package/libnss/libnss.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
index 04e81e6b84..0c06495f5e 100644
--- a/package/libnss/libnss.hash
+++ b/package/libnss/libnss.hash
@@ -1,4 +1,4 @@
-# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_77_RTM/src/SHA256SUMS
-sha256 825edf5a2fd35b788a23ff80face591f82919ae3ad2b8f77d424a450d618dedd nss-3.77.tar.gz
+# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_78_RTM/src/SHA256SUMS
+sha256 f455f341e787c1167328e80a84f77b9a557d595066dda6486a1874d72da68800 nss-3.78.tar.gz
# Locally calculated
sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
index 7568ec67ed..540092dfcf 100644
--- a/package/libnss/libnss.mk
+++ b/package/libnss/libnss.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBNSS_VERSION = 3.77
+LIBNSS_VERSION = 3.78
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_DISTDIR = dist
--
2.25.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/libnss: bump to version 3.78
2022-05-01 0:07 [Buildroot] [PATCH] package/libnss: bump to version 3.78 Giulio Benetti
@ 2022-05-02 21:52 ` Arnout Vandecappelle
2022-05-02 22:32 ` Giulio Benetti
0 siblings, 1 reply; 3+ messages in thread
From: Arnout Vandecappelle @ 2022-05-02 21:52 UTC (permalink / raw)
To: Giulio Benetti, buildroot; +Cc: Joseph Kogut
On 01/05/2022 02:07, Giulio Benetti wrote:
> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Applied to master, thanks.
This isn't a security bump?
Regards,
Arnout
> ---
> package/libnss/libnss.hash | 4 ++--
> package/libnss/libnss.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
> index 04e81e6b84..0c06495f5e 100644
> --- a/package/libnss/libnss.hash
> +++ b/package/libnss/libnss.hash
> @@ -1,4 +1,4 @@
> -# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_77_RTM/src/SHA256SUMS
> -sha256 825edf5a2fd35b788a23ff80face591f82919ae3ad2b8f77d424a450d618dedd nss-3.77.tar.gz
> +# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_78_RTM/src/SHA256SUMS
> +sha256 f455f341e787c1167328e80a84f77b9a557d595066dda6486a1874d72da68800 nss-3.78.tar.gz
> # Locally calculated
> sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
> index 7568ec67ed..540092dfcf 100644
> --- a/package/libnss/libnss.mk
> +++ b/package/libnss/libnss.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBNSS_VERSION = 3.77
> +LIBNSS_VERSION = 3.78
> LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
> LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
> LIBNSS_DISTDIR = dist
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/libnss: bump to version 3.78
2022-05-02 21:52 ` Arnout Vandecappelle
@ 2022-05-02 22:32 ` Giulio Benetti
0 siblings, 0 replies; 3+ messages in thread
From: Giulio Benetti @ 2022-05-02 22:32 UTC (permalink / raw)
To: Arnout Vandecappelle; +Cc: Joseph Kogut, buildroot
[-- Attachment #1.1: Type: text/plain, Size: 2298 bytes --]
Hi Arnout,
> Il giorno 2 mag 2022, alle ore 23:53, Arnout Vandecappelle <arnout@mind.be> ha scritto:
>
>
>
>> On 01/05/2022 02:07, Giulio Benetti wrote:
>> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
>
> Applied to master, thanks.
>
> This isn't a security bump?
It seems not, Mozilla is not giving release notes since 6/8 months. So I’ve just checked and found this:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527
Where they state the CVE is present if NSS < 3.73 or < 3.68.1 and every website states the same.
So no this is not a security bump.
I will take care on next bumps to signal if it is a security bump or not.
Best regards
Giulio
>
> Regards,
> Arnout
>
>> ---
>> package/libnss/libnss.hash | 4 ++--
>> package/libnss/libnss.mk | 2 +-
>> 2 files changed, 3 insertions(+), 3 deletions(-)
>> diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
>> index 04e81e6b84..0c06495f5e 100644
>> --- a/package/libnss/libnss.hash
>> +++ b/package/libnss/libnss.hash
>> @@ -1,4 +1,4 @@
>> -# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_77_RTM/src/SHA256SUMS
>> -sha256 825edf5a2fd35b788a23ff80face591f82919ae3ad2b8f77d424a450d618dedd nss-3.77.tar.gz
>> +# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_78_RTM/src/SHA256SUMS
>> +sha256 f455f341e787c1167328e80a84f77b9a557d595066dda6486a1874d72da68800 nss-3.78.tar.gz
>> # Locally calculated
>> sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
>> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
>> index 7568ec67ed..540092dfcf 100644
>> --- a/package/libnss/libnss.mk
>> +++ b/package/libnss/libnss.mk
>> @@ -4,7 +4,7 @@
>> #
>> ################################################################################
>> -LIBNSS_VERSION = 3.77
>> +LIBNSS_VERSION = 3.78
>> LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
>> LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
>> LIBNSS_DISTDIR = dist
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
[-- Attachment #1.2: Type: text/html, Size: 4480 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-05-02 22:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-01 0:07 [Buildroot] [PATCH] package/libnss: bump to version 3.78 Giulio Benetti
2022-05-02 21:52 ` Arnout Vandecappelle
2022-05-02 22:32 ` Giulio Benetti
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.