From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Petazzoni Date: Wed, 17 Jun 2020 22:08:43 +0200 Subject: [Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1 In-Reply-To: <20200615203150.1052024-1-fontaine.fabrice@gmail.com> References: <20200615203150.1052024-1-fontaine.fabrice@gmail.com> Message-ID: <20200617220843.416f77be@windsurf.home> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: buildroot@busybox.net Hello, On Mon, 15 Jun 2020 22:31:50 +0200 Fabrice Fontaine wrote: > - Switch site to github > - License is now EPL-1.0 or EDLv1.0 as specified in the new LICENSE file > - Update indentation of hash file (two spaces) > - Drop first patch (already in version) and second patch (not needed since > https://github.com/eclipse/tinydtls/commit/f1ff324a4d1cc14dc6e1c3a88ea16f0242e106de) > - Fix CVE-2017-7243 as specified in > https://github.com/eclipse/tinydtls/issues/12 as well as other > security issues: > https://github.com/eclipse/tinydtls/commit/68a1cdaff9e329e13ea59529f1eb61b05632c297 > https://github.com/eclipse/tinydtls/commit/494a40dfbb174930ca616e560532d52549736b42 > https://github.com/eclipse/tinydtls/commit/2d9f0a82377277af1be8d559d18e30477d63e8ec > > Signed-off-by: Fabrice Fontaine I've applied to master. See below some comments. > -TINYDTLS_REL = r5 > -TINYDTLS_VERSION = 0.8.2 > -TINYDTLS_SITE = http://downloads.sourceforge.net/project/tinydtls/$(TINYDTLS_REL) > -TINYDTLS_LICENSE = MIT > -TINYDTLS_LICENSE_FILES = tinydtls.h > +TINYDTLS_VERSION = 0.9-rc1 A bit annoying that we have to point to a release candidate version. > +TINYDTLS_SITE = $(call github,eclipse,tinydtls,v$(TINYDTLS_VERSION)) > +TINYDTLS_LICENSE = EPL-1.0 or EDLv1.0 I've changed EDLv1.0 to EDL-1.0. Even though there is no official SPDX tag for this license, SPDX always uses -, so we're trying to stick to that as well; Applied, thanks! Thomas -- Thomas Petazzoni, CTO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com