| Message ID | 20210412080402.75059-1-joerg.krause@embedded.rocks |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/libnpupnp: bump to version 4.1.3 | expand |
On Mon, 12 Apr 2021 10:04:02 +0200 Jörg Krause <joerg.krause@embedded.rocks> wrote: > Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> > --- > package/libnpupnp/libnpupnp.hash | 2 +- > package/libnpupnp/libnpupnp.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Applied to master, thanks. Thomas
>>>>> "Jörg" == Jörg Krause <joerg.krause@embedded.rocks> writes: > Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Committed to 2021.02.x, thanks.
Hi Peter, On Mon, Apr 26 2021, Peter Korsgaard wrote: >>>>>> "Jörg" == Jörg Krause <joerg.krause@embedded.rocks> writes: > > > Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> > > Committed to 2021.02.x, thanks. Not in 2021.02.x as of commit 2960953b0ab6de. What is the reason to commit to 2021.02.x? Master branch commit adea5b316e27a is the 4.1.4 bump which includes a security fix. baruch
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes: > Hi Peter, > On Mon, Apr 26 2021, Peter Korsgaard wrote: >>>>>>> "Jörg" == Jörg Krause <joerg.krause@embedded.rocks> writes: >> >> > Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> >> >> Committed to 2021.02.x, thanks. > Not in 2021.02.x as of commit 2960953b0ab6de. No indeed, I sent the mail too soon. I misremembered what version we have in 2021.02.x. > What is the reason to commit to 2021.02.x? > Master branch commit adea5b316e27a is the 4.1.4 bump which includes a > security fix. Exactly because of the 4.1.4 security fix. The changelog is very light on detail about what got fixed and what versions are affected, but it is presumably this commit: https://framagit.org/medoc92/npupnp/-/commit/90a4ab27dcec97d85168204ac8aed98f9f50e184 I'll take a closer look tonight and then update 2021.02.x to 4.1.4.
diff --git a/package/libnpupnp/libnpupnp.hash b/package/libnpupnp/libnpupnp.hash index 62c6959384..d5053915f1 100644 --- a/package/libnpupnp/libnpupnp.hash +++ b/package/libnpupnp/libnpupnp.hash @@ -1,5 +1,5 @@ # Hash from: http://www.lesbonscomptes.com/upmpdcli/downloads/libnpupnp-4.1.1.tar.gz.sha256 -sha256 7e41d3933b956073b33c6ac6e61c81e83b428015ee871fd16d18b198bf3be960 libnpupnp-4.1.1.tar.gz +sha256 74703d49be52d29b52f59342ec7359178b127568399551d9d3f56bb7950fcc02 libnpupnp-4.1.3.tar.gz # Hash for license file: sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 COPYING diff --git a/package/libnpupnp/libnpupnp.mk b/package/libnpupnp/libnpupnp.mk index fa7181ff98..0efddbf67f 100644 --- a/package/libnpupnp/libnpupnp.mk +++ b/package/libnpupnp/libnpupnp.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBNPUPNP_VERSION = 4.1.1 +LIBNPUPNP_VERSION = 4.1.3 LIBNPUPNP_SITE = http://www.lesbonscomptes.com/upmpdcli/downloads LIBNPUPNP_LICENSE = BSD-3-Clause LIBNPUPNP_LICENSE_FILES = COPYING
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> --- package/libnpupnp/libnpupnp.hash | 2 +- package/libnpupnp/libnpupnp.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)