Fabrice Fontaine
dbe037dc99
package/freerdp: security bump to version 2.11.5
...
- Fix CVE-2024-22211
- Update Upstream tag in patches
https://github.com/FreeRDP/FreeRDP/blob/2.11.5/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-01 12:01:23 +01:00
Fabrice Fontaine
0694cef47b
package/cpio: fix tar.bz2 hash
...
Commit b0306d94b2
2024-02-01 12:00:58 +01:00
Fabrice Fontaine
3ffb716da3
package/libpsl: fix legal info
...
Commit 863131cad980c17cc237http://autobuild.buildroot.org/results/2b09ca88a08fdba8ca75153688ed5dd9362c7520
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-01 11:59:22 +01:00
Peter Korsgaard
75e7c7ba8c
package/{glibc, localedef}: security bump to version glibc-2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0
...
Fixes the following security issues:
CVE-2023-6246: syslog: Fix heap buffer overflow in __vsyslog_internal
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD
CVE-2023-6779: syslog: Heap buffer overflow in __vsyslog_internal
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0002;hb=HEAD
CVE-2023-6780: syslog: Integer overflow in __vsyslog_internal
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0003;hb=HEAD
For details, see the Qualys advisory:
https://www.openwall.com/lists/oss-security/2024/01/30/6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-01 11:58:51 +01:00
Peter Korsgaard
62b767fd3e
package/glibc: add CVE ignore for CVE-2023-4806
...
Commit 8519de517e
2024-02-01 11:58:42 +01:00
Peter Korsgaard
d932f84d9f
package/syslog-ng: needs pcre2, not pcre
...
Syslog-ng-uses pcre2 instead of pcre since 4.3.0 with:
cb6de08dc9
2024-01-31 21:24:34 +01:00
Sébastien Szymanski
f24e85238f
docs/manual/contribute.txt: fix typo
...
"who sponsored who sponsored" -> "who sponsored"
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-31 21:23:18 +01:00
Fabrice Fontaine
ef5d3327a1
package/lynx: fix openssl static build
...
Use LDFLAGS instead of LIBS to fix the following openssl static build
failure raised because lynx filters out duplicates (i.e. -lz) in
CF_ADD_LIBS:
configure:12958: checking for inet_ntoa
configure:12995: /home/autobuild/autobuild/instance-7/output-1/host/bin/x86_64-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLINUX -static conftest.c -L/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -lssl -L/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -lz -pthread -lcrypto -lz -pthread >&5
configure:12998: $? = 0
configure:13001: test -s conftest
configure:13004: $? = 0
configure:13014: result: yes
configure:13095: checking for gethostbyname
configure:13151: result: yes
configure:13232: checking for strcasecmp
configure:13288: result: yes
configure:13401: checking for inet_aton function
configure:13443: /home/autobuild/autobuild/instance-7/output-1/host/bin/x86_64-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLINUX -static conftest.c -L/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -lssl -lz -pthread -lcrypto >&5
[...]
/home/autobuild/autobuild/instance-7/output-1/host/bin/x86_64-buildroot-linux-uclibc-gcc -DHAVE_CONFIG_H -DLOCALEDIR=\"/usr/share/locale\" -I. -I.. -Ichrtrans -I./chrtrans -I.. -I../src -I.././WWW/Library/Implementation -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLINUX -I/home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include -I/home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/openssl -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -static -Wl,-rpath,/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -Wl,-rpath,/home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib -L/home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib -static -o lynx LYebcdic.o LYClean.o LYShowInfo.o LYEdit.o L
YStrings.o LYMail.o HTAlert.o GridText.o LYGetFile.o LYMain.o LYMainLoop.o LYCurses.o LYBookmark.o LYmktime.o LYUtils.o LYOptions.o LYReadCFG.o LYSearch.o LYHistory.o LYForms.o LYPrint.o LYrcFile.o LYDownload.o LYNews.o LYKeymap.o HTML.o HTFWriter.o HTInit.o DefaultStyle.o LYUpload.o LYLeaks.o LYexit.o LYJump.o LYList.o LYCgi.o LYTraversal.o LYEditmap.o LYCharSets.o LYCharUtils.o LYMap.o LYCookie.o LYStyle.o LYHash.o LYPrettySrc.o TRSTable.o parsdate.o UCdomap.o UCAux.o UCAuto.o LYSession.o LYLocal.o .././WWW/Library/Implementation/libwww.a -lz -static -lncurses -lssl -lcrypto -L/home/autobuild/autobuild/instance-7/output-1/host/bin/../x86_64-buildroot-linux-uclibc/sysroot/usr/lib64 -pthread
/home/autobuild/autobuild/instance-7/output-1/host/lib/gcc/x86_64-buildroot-linux-uclibc/11.4.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /home/autobuild/autobuild/instance-7/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(libcrypto-lib-c_zlib.o): in function `zlib_oneshot_expand_block':
c_zlib.c:(.text+0xb8b): undefined reference to `uncompress'
Patching aclocal.m4 is not possible as autoreconf fails due to missing
AC_DIVERT_HELP macro.
This build failure is only raised by autobuilders since 2024 for an
unknown reason.
Fixes:
- http://autobuild.buildroot.org/results/6d4119b54fc6b6111a03f81e131e83bae0d844d1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-31 21:21:18 +01:00
Bernd Kuhls
459620aa98
package/intel-gmmlib: bump version to 22.3.17
...
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:16:29 +01:00
Bernd Kuhls
adf323fc45
package/{mesa3d, mesa3d-headers}: bump version to 23.3.4
...
Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2024-January/000745.html
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:16:13 +01:00
Bernd Kuhls
44292dabc0
{linux, linux-headers}: bump 4.19.x / 5.{4, 10, 15}.x / 6.{1, 6}.x series
...
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:15:16 +01:00
Bernd Kuhls
8b83d96145
package/kodi-pvr-mythtv: bump version to 20.5.10-Nexus
...
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:15:09 +01:00
Julien Olivain
c7c6778d2a
package/opencsd: bump to version 1.5.1
...
For change log, see:
https://github.com/Linaro/OpenCSD/blob/v1.5.1/README.md?plain=1#L316
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:13:53 +01:00
Kieran Bingham
6f96d2d315
package/libcamera: bump to version 0.2.0
...
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:12:28 +01:00
Francois Perrad
41839480c4
package/libgtk3: bump to version 3.24.41
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:11:01 +01:00
Adrian Perez de Castro
863131cad9
package/libpsl: bump to version 0.21.5
...
The main changes are improvements to the Meson build system, including
a fix for a build issue related to iconv:
https://github.com/rockdaboot/libpsl/releases/tag/0.21.3
https://github.com/rockdaboot/libpsl/releases/tag/0.21.4
https://github.com/rockdaboot/libpsl/releases/tag/0.21.5
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:06:19 +01:00
Robert Marko
b0fabbd2aa
package/mdio-tools: bump version to 1.3.1
...
[v1.3.1] - 2023-12-02
---------------------
Fixes mvls to work with kernels 6.2 and onwards.
- mdio: Multiple registers can now be dumped at once, via the generic
dump operation.
- mvls: Relax the driver matching to accept the strings used in
kernels 6.2 and newer.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 23:04:58 +01:00
Fabrice Fontaine
2953cd2644
package/joe: add JOE_CPE_ID_VENDOR
...
cpe:2.3🅰️ joseph_allen:joe is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/5F530947-2060-4842-92B9-5BC61D9C5430
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 22:56:49 +01:00
David Barbion
1dfa4c56fe
package/dhcpcd: bump to version 10.0.5
...
This version contains a fix for aarch64 based systems.
On such systems, dhcpcd would crash without setting any IP addresses.
See 6a36f96740https://github.com/NetworkConfiguration/dhcpcd/issues/260 for more
details.
Signed-off-by: David Barbion <davidb@230ruedubac.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 22:56:33 +01:00
Julien Olivain
e784eb8538
package/z3: bump to version 4.12.5
...
For change log since 4.12.4, see:
https://github.com/Z3Prover/z3/blob/z3-4.12.5/RELEASE_NOTES.md#version-4125
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 09:26:27 +01:00
Ismael Luceno
50ba0b0a40
package/axel: bump version to 2.17.12
...
Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-30 09:26:13 +01:00
Abilio Marques
8f403f0137
package/micropython-lib: merge with, and install as part of micropython
...
Until now, micropython-lib was a package that installed v1.9.3, which is
more than 6 years old. This was acceptable since micropython never made
any other official release of the library until v1.20.
Meanwhile, the libraries underwent a reorganization, and they are now
available in a directory structure that cannot be copied directly into
the target. This might explain why v1.9.3 is still present in the
current day buildroot (which comes with micropython v1.22).
As part of the changes made by the micropython project, the libraries
are now released together with the interpreter. They are cloned as a
submodule into the lib/micropython-lib directory, and are present in the
release tarball.
This commit introduces an auxiliary script to collect those libraries
and reorder them into a structure that can then be copied into
/usr/lib/micropython. The script utilizes a module from the tools
directory of the micropython repo.
The helper script is kept as simple as possible, and makes use of
existing micropython tools (used to process manifests) to discover the
list of packages available in micropython-lib. The hope is that by
relying on them, any future changes in directory structure will be
covered by the official "manifestfile.py" tool.
It is to be noted that, even though the manifestfile.py script/module is
part of the micropython package, it is actually written for CPython, and
is not expected to even work when using micropython as an interpreter.
This we do not need to introduce host-micropython to use that tool, and
microython already depends on host-python3 for other parts of the build.
With this commit, micropython-lib is installed (optionally) as part
of micropython, and thus a separate package is no longer needed. The
original config variable name was retained as it fits with the
micropython package "namespace", and thus this is backward compatible
and no legacy handling is needed.
This commit also ensures that the libraries in micropython-lib will
be updated together with newer versions of micropython in the future.
Signed-off-by: Abilio Marques <abiliojr@gmail.com>
[yann.morin.1998@free.fr:
- use if-block in Config.in
- simplify PYTHONPATH
- fix check-package
- reword and reorder parts of the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-29 21:38:53 +01:00
Bernd Kuhls
2fbeacf91f
package/tor: Fix build with libressl >= 3.8.1
...
Fixes:
http://autobuild.buildroot.net/results/85c/85cde3bcd12fb5adafb94c85d5fa636e1b5b9068/
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[yann.morin.1998@free.fr: fix Upstream tag]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-28 18:46:07 +01:00
Fabrice Fontaine
c3cf06e0a8
package/frr: security bump to version 8.5.4
...
Fix CVE-2023-38802, CVE-2023-41360, CVE-2023-46752, CVE-2023-46753,
CVE-2023-47234 and CVE-2023-47235
https://frrouting.org/security/
https://frrouting.org/release/8.5.4/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-28 17:39:30 +01:00
Fabrice Fontaine
b80705800a
package/x11r7/xserver_xorg-server: add CPE variables
...
cpe:2.3🅰️ x.org:xorg-server is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/79A86C02-31A5-4F25-8CA6-7C4A8CD92B7B
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-28 17:37:34 +01:00
Francois Perrad
46d4f5c751
package/perl-posix-strftime-compiler: bump to version 0.46
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:34 +01:00
Francois Perrad
a1f9433885
package/perl-plack: bump to version 1.0051
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:30 +01:00
Francois Perrad
f32f348f65
package/perl-net-dns: bump to version 1.42
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:26 +01:00
Francois Perrad
b8c49ec261
package/perl-mozilla-ca: bump to version 20231213
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:22 +01:00
Francois Perrad
3e3701531f
package/perl-mojolicious: bump to version 9.35
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:18 +01:00
Francois Perrad
402fe6ae46
package/perl-math-int64: bump to version 0.57
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:14 +01:00
Francois Perrad
588897736e
package/perl-lwp-protocol-https: bump to version 6.12
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:10 +01:00
Francois Perrad
2ca657b77f
package/perl-devel-stacktrace: bump to version 2.05
...
diff LICENSE:
-This software is Copyright (c) 2000 - 2019 by David Rolsky.
+This software is Copyright (c) 2000 - 2024 by David Rolsky.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:06 +01:00
Francois Perrad
0faa9037fc
package/perl-date-manip: bump to version 6.94
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:48:02 +01:00
Francois Perrad
43a520ff42
package/perl-cookie-baker: bump to version 0.12
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:47:58 +01:00
Bernd Kuhls
c4c09a8fd2
package/linux-firmware: bump version to 20240115
...
Updated WHENCE hash due to various new entries for new blobs.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:41:49 +01:00
Peter Korsgaard
c55c1263ab
package/gstreamer1-editing-services: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:34:01 +01:00
Peter Korsgaard
9f342e4a67
package/gst-omx: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:57 +01:00
Peter Korsgaard
6f28c463cf
package/gst1-vaapi: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:53 +01:00
Peter Korsgaard
88a6cfefbf
package/gst1-rtsp-server: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:49 +01:00
Peter Korsgaard
d948714037
package/gst1-python: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:45 +01:00
Peter Korsgaard
db9b4f3b0c
package/gst1-libav: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:41 +01:00
Peter Korsgaard
74c32bfa5d
package/gst1-devtools: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:37 +01:00
Peter Korsgaard
ca65df3da2
package/gst1-plugins-ugly: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:33 +01:00
Peter Korsgaard
3ee1148b00
package/gst1-plugins-bad: security bump to version 1.22.9
...
Fixes the following security issue:
CVE-2024-0444: Heap-based buffer overflow in the AV1 codec parser when
handling certain malformed streams before GStreamer 1.22.9
https://gstreamer.freedesktop.org/security/sa-2024-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:29 +01:00
Peter Korsgaard
3407703f2c
package/gst1-plugins-good: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:25 +01:00
Peter Korsgaard
6b7db1bf64
package/gst1-plugins-base: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:21 +01:00
Peter Korsgaard
e81d29d551
package/gstreamer1: bump to version 1.22.9
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:33:17 +01:00
Peter Korsgaard
0c7fd35947
package/darkhttpd: security bump to version 1.15
...
Fixes the following security issues:
CVE-2024-23770: Local Leak of Authentication Parameter in Process List
CVE-2024-23771: Basic Auth Timing Attack
https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html
Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.
Also change the license logic to use the dedicated COPYING file available
since 1.14:
a8ae2b1de0
2024-01-27 21:15:44 +01:00
Fabrice Fontaine
52fd4753fe
package/mbedtls: security bump to version 2.28.7
...
- Fix CVE-2024-23170 and CVE-2024-23775
- Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
license. Users may choose which license they take the code under:
f429557c59https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.6
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:11:58 +01:00
