[Buildroot] [PATCHv2] package/ncurses: add upstream (security) patches up to 20200118

Yann E. MORIN yann.morin.1998 at free.fr
Wed Feb 5 16:19:48 UTC 2020


Peter, Thomas, All,

On 2020-02-05 14:31 +0100, Thomas De Schampheleire spake thusly:
> From: Peter Korsgaard <peter at korsgaard.com>
> Fixes the following security issues:
[--SNIP--]
> While we are at it, adjust the white space in the .hash file to match
> sha256sum output for consistency.
[--SNIP--]
>  # Locally computed
> -sha256	86106f0da1cf5ccfa0f0651665dd1b4515e8edad1c7972780155770548b317d9	COPYING
> +sha256  86106f0da1cf5ccfa0f0651665dd1b4515e8edad1c7972780155770548b317d9  COPYING

The hash for the license file is now wrong:

    >>> ncurses 6.1 Collecting legal info
    ERROR: COPYING has wrong sha256 hash:
    ERROR: expected:
    86106f0da1cf5ccfa0f0651665dd1b4515e8edad1c7972780155770548b317d9
    ERROR: got     :
    4d1fde61868c73776a539366dccf5d5a4857e7fd7299efb1f02e07c2afe9ea87
    ERROR: Incomplete download, or man-in-the-middle (MITM) attack
    make[1]: *** [package/ncurses/ncurses.mk:200: ncurses-legal-info] Error 1
    make: *** [Makefile:23: _all] Error 2

That's because it has been changed by ncurses-6.1-20200104, to change
the Copyright year.

Fixed that and pushed, thanks.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'


More information about the buildroot mailing list