* [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables
@ 2021-05-16 9:34 Fabrice Fontaine
2021-05-16 9:34 ` [Buildroot] [PATCH 2/2] package/jquery-validation: security bump to version 1.19.3 Fabrice Fontaine
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2021-05-16 9:34 UTC (permalink / raw)
To: buildroot
cpe:2.3:a:jqueryvalidation:jquery_validation is a valid CPE identifier
for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajqueryvalidation%3Ajquery_validation
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/jquery-validation/jquery-validation.mk | 2 ++
1 file changed, 2 insertions(+)
diff --git a/package/jquery-validation/jquery-validation.mk b/package/jquery-validation/jquery-validation.mk
index a8c2897983..43e57a9fc9 100644
--- a/package/jquery-validation/jquery-validation.mk
+++ b/package/jquery-validation/jquery-validation.mk
@@ -9,6 +9,8 @@ JQUERY_VALIDATION_SITE = http://jqueryvalidation.org/files
JQUERY_VALIDATION_SOURCE = jquery-validation-$(JQUERY_VALIDATION_VERSION).zip
JQUERY_VALIDATION_LICENSE = MIT
JQUERY_VALIDATION_LICENSE_FILES = README.md
+JQUERY_VALIDATION_CPE_ID_VENDOR = jqueryvalidation
+JQUERY_VALIDATION_CPE_ID_PRODUCT = jquery_validation
define JQUERY_VALIDATION_EXTRACT_CMDS
$(UNZIP) -d $(@D) $(JQUERY_VALIDATION_DL_DIR)/$(JQUERY_VALIDATION_SOURCE)
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 2/2] package/jquery-validation: security bump to version 1.19.3
2021-05-16 9:34 [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables Fabrice Fontaine
@ 2021-05-16 9:34 ` Fabrice Fontaine
2021-05-19 7:34 ` Peter Korsgaard
2021-05-16 11:48 ` [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables Yann E. MORIN
2021-05-19 7:34 ` Peter Korsgaard
2 siblings, 1 reply; 5+ messages in thread
From: Fabrice Fontaine @ 2021-05-16 9:34 UTC (permalink / raw)
To: buildroot
Fix CVE-2021-21252: The jQuery Validation Plugin provides drop-in
validation for your existing forms. It is published as an npm package
"jquery-validation". jquery-validation before version 1.19.3 contains
one or more regular expressions that are vulnerable to ReDoS (Regular
Expression Denial of Service).
Update hash of README.md due to changes not related to license
https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/jquery-validation/jquery-validation.hash | 4 ++--
package/jquery-validation/jquery-validation.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/jquery-validation/jquery-validation.hash b/package/jquery-validation/jquery-validation.hash
index af451a6c1a..4dbe07e218 100644
--- a/package/jquery-validation/jquery-validation.hash
+++ b/package/jquery-validation/jquery-validation.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 14efe6f1784ef6e97116b15c77b04b7e8f47ec07b1479bcd6fa0b081faa19440 jquery-validation-1.14.0.zip
-sha256 c2f9aa180de990ff16ca7e756c9af52ecc1b3536e3fb32649d7b2c510bccf9d0 README.md
+sha256 01ad2ef0a7f9cd413aeb51081651293916da47d20e5c0a59ec62587e58b03564 jquery-validation-1.19.3.zip
+sha256 3e5a99460077c16bf75f6821a30cdac9baa339119ebf63b2a6c49f4f50421ca4 README.md
diff --git a/package/jquery-validation/jquery-validation.mk b/package/jquery-validation/jquery-validation.mk
index 43e57a9fc9..920ed1cece 100644
--- a/package/jquery-validation/jquery-validation.mk
+++ b/package/jquery-validation/jquery-validation.mk
@@ -4,8 +4,8 @@
#
################################################################################
-JQUERY_VALIDATION_VERSION = 1.14.0
-JQUERY_VALIDATION_SITE = http://jqueryvalidation.org/files
+JQUERY_VALIDATION_VERSION = 1.19.3
+JQUERY_VALIDATION_SITE = https://github.com/jquery-validation/jquery-validation/releases/download/$(JQUERY_VALIDATION_VERSION)
JQUERY_VALIDATION_SOURCE = jquery-validation-$(JQUERY_VALIDATION_VERSION).zip
JQUERY_VALIDATION_LICENSE = MIT
JQUERY_VALIDATION_LICENSE_FILES = README.md
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables
2021-05-16 9:34 [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables Fabrice Fontaine
2021-05-16 9:34 ` [Buildroot] [PATCH 2/2] package/jquery-validation: security bump to version 1.19.3 Fabrice Fontaine
@ 2021-05-16 11:48 ` Yann E. MORIN
2021-05-19 7:34 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2021-05-16 11:48 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2021-05-16 11:34 +0200, Fabrice Fontaine spake thusly:
> cpe:2.3:a:jqueryvalidation:jquery_validation is a valid CPE identifier
> for this package:
>
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajqueryvalidation%3Ajquery_validation
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Both patches applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/jquery-validation/jquery-validation.mk | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/package/jquery-validation/jquery-validation.mk b/package/jquery-validation/jquery-validation.mk
> index a8c2897983..43e57a9fc9 100644
> --- a/package/jquery-validation/jquery-validation.mk
> +++ b/package/jquery-validation/jquery-validation.mk
> @@ -9,6 +9,8 @@ JQUERY_VALIDATION_SITE = http://jqueryvalidation.org/files
> JQUERY_VALIDATION_SOURCE = jquery-validation-$(JQUERY_VALIDATION_VERSION).zip
> JQUERY_VALIDATION_LICENSE = MIT
> JQUERY_VALIDATION_LICENSE_FILES = README.md
> +JQUERY_VALIDATION_CPE_ID_VENDOR = jqueryvalidation
> +JQUERY_VALIDATION_CPE_ID_PRODUCT = jquery_validation
>
> define JQUERY_VALIDATION_EXTRACT_CMDS
> $(UNZIP) -d $(@D) $(JQUERY_VALIDATION_DL_DIR)/$(JQUERY_VALIDATION_SOURCE)
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables
2021-05-16 9:34 [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables Fabrice Fontaine
2021-05-16 9:34 ` [Buildroot] [PATCH 2/2] package/jquery-validation: security bump to version 1.19.3 Fabrice Fontaine
2021-05-16 11:48 ` [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables Yann E. MORIN
@ 2021-05-19 7:34 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2021-05-19 7:34 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> cpe:2.3:a:jqueryvalidation:jquery_validation is a valid CPE identifier
> for this package:
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajqueryvalidation%3Ajquery_validation
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 2/2] package/jquery-validation: security bump to version 1.19.3
2021-05-16 9:34 ` [Buildroot] [PATCH 2/2] package/jquery-validation: security bump to version 1.19.3 Fabrice Fontaine
@ 2021-05-19 7:34 ` Peter Korsgaard
0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2021-05-19 7:34 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2021-21252: The jQuery Validation Plugin provides drop-in
> validation for your existing forms. It is published as an npm package
> "jquery-validation". jquery-validation before version 1.19.3 contains
> one or more regular expressions that are vulnerable to ReDoS (Regular
> Expression Denial of Service).
> Update hash of README.md due to changes not related to license
> https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.3
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-05-19 7:34 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-16 9:34 [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables Fabrice Fontaine
2021-05-16 9:34 ` [Buildroot] [PATCH 2/2] package/jquery-validation: security bump to version 1.19.3 Fabrice Fontaine
2021-05-19 7:34 ` Peter Korsgaard
2021-05-16 11:48 ` [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables Yann E. MORIN
2021-05-19 7:34 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.