- Fix CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the
data-container property of tooltip.
- Fix an XSS vulnerability (CVE-2019-8331) in our tooltip and popover
plugins by implementing a new HTML sanitizer
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also install bootstrap.min.css.map as it is referenced from
bootstrap.min.css.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Instead of DL_DIR, the package should now use $(PKG)_DL_DIR to ease the
transition into a new directory structure for DL_DIR.
This commit has been generated with the following scripts:
for i in $(find . -iname "*.mk"); do
if ! grep -q "\$(DL_DIR)" ${i}; then
continue
fi
pkg_name="$(basename $(dirname ${i}))"
[ "${pkg_name}" = "package" ] && continue
raw_pkg_name=$(echo ${pkg_name} | tr [a-z] [A-Z] | tr '-' '_')
pkg_dl_dir="${raw_pkg_name}_DL_DIR"
sed -i "s/\$(DL_DIR)/\$($pkg_dl_dir)/" ${i}
done
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
other changes:
- Add a license file to bootstrap.mk
- Add a hash for the license file to bootstrap.hash
- Remove copying bootstrap-theme.min.css as it's no longer included.
- Remove copying fonts folder as it's no longer included.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Extended _EXTRACT_CMDS and _INSTALL_TARGET_CMDS to handle updated
internal zip structure:
$ unzip -l ../dl/bootstrap-3.3.1-dist.zip
Archive: ../dl/bootstrap-3.3.1-dist.zip
Length Date Time Name
--------- ---------- ----- ----
0 2014-11-12 18:03 dist/
0 2014-11-12 18:03 dist/css/
[...]
$ unzip -l ../dl/bootstrap-3.3.7-dist.zip
Archive: ../dl/bootstrap-3.3.7-dist.zip
Length Date Time Name
--------- ---------- ----- ----
0 2016-07-25 15:53 bootstrap-3.3.7-dist/css/
[...]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: better fix for the EXTRACT_CMDS, which consists in removing the
dist/ sub-directory.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add 'cp -dpfr' instead of a convuluted use of 'tar c' + 'tar
x' do not a copy.]
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
