gnupg: security bump to version 1.4.19

Fixes: CVE-2014-3591 - Use ciphertext blinding for Elgamal decryption CVE-2015-0837 - Fixed data-dependent timing variations in modular exponentiation. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-28 08:09:13 -03:00 · 2015-02-28 08:09:13 -03:00 · b6997c8e4c
parent b3db3aba6e
commit b6997c8e4c
2 changed files with 3 additions and 3 deletions
--- a/package/gnupg/gnupg.hash
+++ b/package/gnupg/gnupg.hash
@ -1,2 +1,2 @@
-# Locally calculated after checking pgp signature
-sha256	b7b5fdda78849955e0cdbc5a085f3a08f8b7fba126c622085debb62def5d6388	gnupg-1.4.18.tar.bz2
+# From http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
+sha1	5503f7faa0a0e84450838706a67621546241ca50	gnupg-1.4.19.tar.bz2
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-GNUPG_VERSION = 1.4.18
+GNUPG_VERSION = 1.4.19
 GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
 GNUPG_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
 GNUPG_LICENSE = GPLv3+