Fixes the following security issues:
- CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to
2.7.3 may lead to denial of service when performing syntax highlighting of
a Standard ML (SML) source file, as demonstrated by input that only
contains the "exception" keyword
- CVE-2021-27291: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse
programming languages rely heavily on regular expressions. Some of the
regular expressions have exponential or cubic worst-case complexity and
are vulnerable to ReDoS. By crafting malicious input, an attacker can
cause a denial of service
Python 2.x support was dropped in pygments 2.6, so adjust (reverse)
dependencies:
Version 2.6
-----------
(released March 8, 2020)
- Running Pygments on Python 2.x is no longer supported.
(The Python 2 lexer still exists.)
Adjust the license hash for a change of copyright years:
a590ac5ea7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python-pyasn1 is truly optional since version 2.5.0 and
a31818c285
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--disable-vt has been dropped since version 2.0.0 and
94190bf04b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Static libs are supported since version 8.0.2 and
613debeaea
- Update hash of COPYING, update year and authors with
4733a95be0
- Update indentation in hash file (two spaces)
https://github.com/qhull/qhull/releases/tag/v8.0.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
librsvg is an optional dependency which is enabled by default since
version 8.3.0 and
153886d2eb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
zlib is an optional dependency which is enabled by default since version
8.4.2 and
5ab0001ec6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some IPTV streams will need ffmpef, the command line tool), while some
won't, so we just suggest that to the user in the help text.
There were two alternatives, but neither were very convincing:
- always enforce that ffmpeg is enabled
- only enforce ffmpeg to be enabled when the package is already
enabled
In either case, that may cary the ffmpeg tool when it really is not
needed. So leave it to the user to decide whether they want it or not.
tvheadend now has a bunch of options, so make it a sub-menu.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
- do not forcibly enable ffmpeg-the-commandline-tool
- one option per-commit
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- bump version to 3.17.0
- adjust tool remove hooks according to the change to libexec
- fix massive remove hook, ms_script vs. ms_print
- add additional sha256 source package hash
For details see [1].
[1] https://www.valgrind.org/docs/manual/dist.news.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
- http://autobuild.buildroot.net/results/c9b0e41d66211bcab231b5db78c6eebe4b1d78ba
genesys/scanner_interface_usb.cpp: In member function ‘virtual void genesys::ScannerInterfaceUsb::sleep_us(unsigned int)’:
genesys/scanner_interface_usb.cpp:484:10: error: ‘std::this_thread’ has not been declared
484 | std::this_thread::sleep_for(std::chrono::microseconds{microseconds});
| ^~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
giflib is an optional dependency which is enabled by default since
version 8.3.0 and
d79407f285
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Fix potential null pointer dereference in the JP2/JPC decoder. (#269)
* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286)
* Fix integral type sizing problem in JP2 codec. (#284)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw
allows attackers to cause a denial of service (SEGV or buffer overflow
and application crash) or possibly have unspecified other impacts via a
crafted ELF. The highest threat from this vulnerability is to system
availability.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
