For details see: https://lists.gnu.org/archive/html/info-gnu/2021-03/msg00005.html
"This is a bugfix release, fixing a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results. It also fixes a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger.
Upgrading to the new version is strongly recommended."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- config/rootfiles/common/nettle | 4 ++-- lfs/nettle | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/nettle b/config/rootfiles/common/nettle index bf43e8ad5..591e860c2 100644 --- a/config/rootfiles/common/nettle +++ b/config/rootfiles/common/nettle @@ -72,9 +72,9 @@ #usr/include/nettle/yarrow.h usr/lib/libhogweed.so usr/lib/libhogweed.so.6 -usr/lib/libhogweed.so.6.2 +usr/lib/libhogweed.so.6.3 #usr/lib/libnettle.so usr/lib/libnettle.so.8 -usr/lib/libnettle.so.8.2 +usr/lib/libnettle.so.8.3 #usr/lib/pkgconfig/hogweed.pc #usr/lib/pkgconfig/nettle.pc diff --git a/lfs/nettle b/lfs/nettle index e2d5df88d..dfc3fdda5 100644 --- a/lfs/nettle +++ b/lfs/nettle @@ -24,7 +24,7 @@
include Config
-VER = 3.7.1 +VER = 3.7.2
THISAPP = nettle-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4d23a99df650ee88511653fb9acea3f0 +$(DL_FILE)_MD5 = 22849db27ed563ebbc829273f0c97e35
install : $(TARGET)