* [Buildroot] [PATCH] package/libxlst: security bump to version 1.1.35
@ 2022-03-06 12:09 Francois Perrad
2022-03-06 12:44 ` Alexander Dahl
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Francois Perrad @ 2022-03-06 12:09 UTC (permalink / raw)
To: buildroot
- fix CVE-2021-30560
- remove merged patch
- moved from xmlsoft.org to gnome.org
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
...ml2-config-check-in-configure-script.patch | 31 -------------------
package/libxslt/libxslt.hash | 6 ++--
package/libxslt/libxslt.mk | 5 +--
3 files changed, 6 insertions(+), 36 deletions(-)
delete mode 100644 package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
diff --git a/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch b/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
deleted file mode 100644
index 3848dcb23..000000000
--- a/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 90c34c8bb90e095a8a8fe8b2ce368bd9ff1837cc Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 15 Nov 2019 11:53:11 +0100
-Subject: [PATCH] Fix xml2-config check in configure script
-
-A 'print' option has never been supported. After a recent change to
-libxml2, invalid options cause xml2-config to fail.
-
-[Retrieved from:
-https://gitlab.gnome.org/GNOME/libxslt/-/commit/90c34c8bb90e095a8a8fe8b2ce368bd9ff1837cc]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 3da57b18..585b9d7c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -548,7 +548,7 @@ dnl make sure xml2-config is executable,
- dnl test version and init our variables
- dnl
-
--if test "x$LIBXML_LIBS" = "x" && ${XML_CONFIG} --libs print > /dev/null 2>&1
-+if test "x$LIBXML_LIBS" = "x" && ${XML_CONFIG} --libs > /dev/null 2>&1
- then
- AC_MSG_CHECKING(for libxml libraries >= $LIBXML_REQUIRED_VERSION)
- XMLVERS=`$XML_CONFIG --version`
---
-GitLab
-
diff --git a/package/libxslt/libxslt.hash b/package/libxslt/libxslt.hash
index 25aa30839..39523a695 100644
--- a/package/libxslt/libxslt.hash
+++ b/package/libxslt/libxslt.hash
@@ -1,5 +1,5 @@
-# Locally calculated after checking pgp signature
-sha256 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f libxslt-1.1.34.tar.gz
+# from https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.sha256sum
+sha256 8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79 libxslt-1.1.35.tar.xz
# Hash for license file:
-sha256 7e48e290b6bfccc2ec1b297023a1d77f2fd87417f71fbb9f50aabef40a851819 COPYING
+sha256 7e48e290b6bfccc2ec1b297023a1d77f2fd87417f71fbb9f50aabef40a851819 COPYING
diff --git a/package/libxslt/libxslt.mk b/package/libxslt/libxslt.mk
index d0f79d252..9c7be6822 100644
--- a/package/libxslt/libxslt.mk
+++ b/package/libxslt/libxslt.mk
@@ -4,8 +4,9 @@
#
################################################################################
-LIBXSLT_VERSION = 1.1.34
-LIBXSLT_SITE = http://xmlsoft.org/sources
+LIBXSLT_VERSION = 1.1.35
+LIBXSLT_SOURCE = libxslt-$(LIBXSLT_VERSION).tar.xz
+LIBXSLT_SITE = https://download.gnome.org/sources/libxslt/1.1
LIBXSLT_INSTALL_STAGING = YES
LIBXSLT_LICENSE = MIT
LIBXSLT_LICENSE_FILES = COPYING
--
2.32.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/libxlst: security bump to version 1.1.35
2022-03-06 12:09 [Buildroot] [PATCH] package/libxlst: security bump to version 1.1.35 Francois Perrad
@ 2022-03-06 12:44 ` Alexander Dahl
2022-03-06 20:32 ` Yann E. MORIN
2022-03-16 7:29 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Alexander Dahl @ 2022-03-06 12:44 UTC (permalink / raw)
To: Francois Perrad; +Cc: buildroot
[-- Attachment #1.1: Type: text/plain, Size: 4018 bytes --]
Hello Francois,
there's a typo in the subject, should read libxslt.
Greets
Alex
On Sun, Mar 06, 2022 at 01:09:02PM +0100, Francois Perrad wrote:
> - fix CVE-2021-30560
> - remove merged patch
> - moved from xmlsoft.org to gnome.org
>
> Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
> ---
> ...ml2-config-check-in-configure-script.patch | 31 -------------------
> package/libxslt/libxslt.hash | 6 ++--
> package/libxslt/libxslt.mk | 5 +--
> 3 files changed, 6 insertions(+), 36 deletions(-)
> delete mode 100644 package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
>
> diff --git a/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch b/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
> deleted file mode 100644
> index 3848dcb23..000000000
> --- a/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
> +++ /dev/null
> @@ -1,31 +0,0 @@
> -From 90c34c8bb90e095a8a8fe8b2ce368bd9ff1837cc Mon Sep 17 00:00:00 2001
> -From: Nick Wellnhofer <wellnhofer@aevum.de>
> -Date: Fri, 15 Nov 2019 11:53:11 +0100
> -Subject: [PATCH] Fix xml2-config check in configure script
> -
> -A 'print' option has never been supported. After a recent change to
> -libxml2, invalid options cause xml2-config to fail.
> -
> -[Retrieved from:
> -https://gitlab.gnome.org/GNOME/libxslt/-/commit/90c34c8bb90e095a8a8fe8b2ce368bd9ff1837cc]
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ----
> - configure.ac | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/configure.ac b/configure.ac
> -index 3da57b18..585b9d7c 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -548,7 +548,7 @@ dnl make sure xml2-config is executable,
> - dnl test version and init our variables
> - dnl
> -
> --if test "x$LIBXML_LIBS" = "x" && ${XML_CONFIG} --libs print > /dev/null 2>&1
> -+if test "x$LIBXML_LIBS" = "x" && ${XML_CONFIG} --libs > /dev/null 2>&1
> - then
> - AC_MSG_CHECKING(for libxml libraries >= $LIBXML_REQUIRED_VERSION)
> - XMLVERS=`$XML_CONFIG --version`
> ---
> -GitLab
> -
> diff --git a/package/libxslt/libxslt.hash b/package/libxslt/libxslt.hash
> index 25aa30839..39523a695 100644
> --- a/package/libxslt/libxslt.hash
> +++ b/package/libxslt/libxslt.hash
> @@ -1,5 +1,5 @@
> -# Locally calculated after checking pgp signature
> -sha256 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f libxslt-1.1.34.tar.gz
> +# from https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.sha256sum
> +sha256 8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79 libxslt-1.1.35.tar.xz
>
> # Hash for license file:
> -sha256 7e48e290b6bfccc2ec1b297023a1d77f2fd87417f71fbb9f50aabef40a851819 COPYING
> +sha256 7e48e290b6bfccc2ec1b297023a1d77f2fd87417f71fbb9f50aabef40a851819 COPYING
> diff --git a/package/libxslt/libxslt.mk b/package/libxslt/libxslt.mk
> index d0f79d252..9c7be6822 100644
> --- a/package/libxslt/libxslt.mk
> +++ b/package/libxslt/libxslt.mk
> @@ -4,8 +4,9 @@
> #
> ################################################################################
>
> -LIBXSLT_VERSION = 1.1.34
> -LIBXSLT_SITE = http://xmlsoft.org/sources
> +LIBXSLT_VERSION = 1.1.35
> +LIBXSLT_SOURCE = libxslt-$(LIBXSLT_VERSION).tar.xz
> +LIBXSLT_SITE = https://download.gnome.org/sources/libxslt/1.1
> LIBXSLT_INSTALL_STAGING = YES
> LIBXSLT_LICENSE = MIT
> LIBXSLT_LICENSE_FILES = COPYING
> --
> 2.32.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
/"\ ASCII RIBBON | »With the first link, the chain is forged. The first
\ / CAMPAIGN | speech censured, the first thought forbidden, the
X AGAINST | first freedom denied, chains us all irrevocably.«
/ \ HTML MAIL | (Jean-Luc Picard, quoting Judge Aaron Satie)
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/libxlst: security bump to version 1.1.35
2022-03-06 12:09 [Buildroot] [PATCH] package/libxlst: security bump to version 1.1.35 Francois Perrad
2022-03-06 12:44 ` Alexander Dahl
@ 2022-03-06 20:32 ` Yann E. MORIN
2022-03-16 7:29 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Yann E. MORIN @ 2022-03-06 20:32 UTC (permalink / raw)
To: Francois Perrad; +Cc: buildroot
François, All,
As noticed by Alexander: typo fixed in title
On 2022-03-06 13:09 +0100, Francois Perrad spake thusly:
> - fix CVE-2021-30560
> - remove merged patch
... so we can also drop the autoreconf, done.
> - moved from xmlsoft.org to gnome.org
... so we can also fix it in Config.in, done.
> Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Applied to master with the above fixed, thanks.
Regards,
Yann E. MORIN.
> ---
> ...ml2-config-check-in-configure-script.patch | 31 -------------------
> package/libxslt/libxslt.hash | 6 ++--
> package/libxslt/libxslt.mk | 5 +--
> 3 files changed, 6 insertions(+), 36 deletions(-)
> delete mode 100644 package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
>
> diff --git a/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch b/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
> deleted file mode 100644
> index 3848dcb23..000000000
> --- a/package/libxslt/0001-Fix-xml2-config-check-in-configure-script.patch
> +++ /dev/null
> @@ -1,31 +0,0 @@
> -From 90c34c8bb90e095a8a8fe8b2ce368bd9ff1837cc Mon Sep 17 00:00:00 2001
> -From: Nick Wellnhofer <wellnhofer@aevum.de>
> -Date: Fri, 15 Nov 2019 11:53:11 +0100
> -Subject: [PATCH] Fix xml2-config check in configure script
> -
> -A 'print' option has never been supported. After a recent change to
> -libxml2, invalid options cause xml2-config to fail.
> -
> -[Retrieved from:
> -https://gitlab.gnome.org/GNOME/libxslt/-/commit/90c34c8bb90e095a8a8fe8b2ce368bd9ff1837cc]
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ----
> - configure.ac | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/configure.ac b/configure.ac
> -index 3da57b18..585b9d7c 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -548,7 +548,7 @@ dnl make sure xml2-config is executable,
> - dnl test version and init our variables
> - dnl
> -
> --if test "x$LIBXML_LIBS" = "x" && ${XML_CONFIG} --libs print > /dev/null 2>&1
> -+if test "x$LIBXML_LIBS" = "x" && ${XML_CONFIG} --libs > /dev/null 2>&1
> - then
> - AC_MSG_CHECKING(for libxml libraries >= $LIBXML_REQUIRED_VERSION)
> - XMLVERS=`$XML_CONFIG --version`
> ---
> -GitLab
> -
> diff --git a/package/libxslt/libxslt.hash b/package/libxslt/libxslt.hash
> index 25aa30839..39523a695 100644
> --- a/package/libxslt/libxslt.hash
> +++ b/package/libxslt/libxslt.hash
> @@ -1,5 +1,5 @@
> -# Locally calculated after checking pgp signature
> -sha256 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f libxslt-1.1.34.tar.gz
> +# from https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.sha256sum
> +sha256 8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79 libxslt-1.1.35.tar.xz
>
> # Hash for license file:
> -sha256 7e48e290b6bfccc2ec1b297023a1d77f2fd87417f71fbb9f50aabef40a851819 COPYING
> +sha256 7e48e290b6bfccc2ec1b297023a1d77f2fd87417f71fbb9f50aabef40a851819 COPYING
> diff --git a/package/libxslt/libxslt.mk b/package/libxslt/libxslt.mk
> index d0f79d252..9c7be6822 100644
> --- a/package/libxslt/libxslt.mk
> +++ b/package/libxslt/libxslt.mk
> @@ -4,8 +4,9 @@
> #
> ################################################################################
>
> -LIBXSLT_VERSION = 1.1.34
> -LIBXSLT_SITE = http://xmlsoft.org/sources
> +LIBXSLT_VERSION = 1.1.35
> +LIBXSLT_SOURCE = libxslt-$(LIBXSLT_VERSION).tar.xz
> +LIBXSLT_SITE = https://download.gnome.org/sources/libxslt/1.1
> LIBXSLT_INSTALL_STAGING = YES
> LIBXSLT_LICENSE = MIT
> LIBXSLT_LICENSE_FILES = COPYING
> --
> 2.32.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/libxlst: security bump to version 1.1.35
2022-03-06 12:09 [Buildroot] [PATCH] package/libxlst: security bump to version 1.1.35 Francois Perrad
2022-03-06 12:44 ` Alexander Dahl
2022-03-06 20:32 ` Yann E. MORIN
@ 2022-03-16 7:29 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2022-03-16 7:29 UTC (permalink / raw)
To: Francois Perrad; +Cc: buildroot
>>>>> "Francois" == Francois Perrad <fperrad@gmail.com> writes:
> - fix CVE-2021-30560
> - remove merged patch
> - moved from xmlsoft.org to gnome.org
> Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Committed to 2021.02.x and 2021.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-16 7:29 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-06 12:09 [Buildroot] [PATCH] package/libxlst: security bump to version 1.1.35 Francois Perrad
2022-03-06 12:44 ` Alexander Dahl
2022-03-06 20:32 ` Yann E. MORIN
2022-03-16 7:29 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.