[Buildroot] [PATCH 1/1] package/tinydtls: security bump to version 0.9-rc1

Thomas Petazzoni thomas.petazzoni at bootlin.com
Wed Jun 17 20:08:43 UTC 2020


Hello,

On Mon, 15 Jun 2020 22:31:50 +0200
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:

> - Switch site to github
> - License is now EPL-1.0 or EDLv1.0 as specified in the new LICENSE file
> - Update indentation of hash file (two spaces)
> - Drop first patch (already in version) and second patch (not needed since
>   https://github.com/eclipse/tinydtls/commit/f1ff324a4d1cc14dc6e1c3a88ea16f0242e106de)
> - Fix CVE-2017-7243 as specified in
>   https://github.com/eclipse/tinydtls/issues/12 as well as other
>   security issues:
>   https://github.com/eclipse/tinydtls/commit/68a1cdaff9e329e13ea59529f1eb61b05632c297
>   https://github.com/eclipse/tinydtls/commit/494a40dfbb174930ca616e560532d52549736b42
>   https://github.com/eclipse/tinydtls/commit/2d9f0a82377277af1be8d559d18e30477d63e8ec
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

I've applied to master. See below some comments.

> -TINYDTLS_REL = r5
> -TINYDTLS_VERSION = 0.8.2
> -TINYDTLS_SITE = http://downloads.sourceforge.net/project/tinydtls/$(TINYDTLS_REL)
> -TINYDTLS_LICENSE = MIT
> -TINYDTLS_LICENSE_FILES = tinydtls.h
> +TINYDTLS_VERSION = 0.9-rc1

A bit annoying that we have to point to a release candidate version.

> +TINYDTLS_SITE = $(call github,eclipse,tinydtls,v$(TINYDTLS_VERSION))
> +TINYDTLS_LICENSE = EPL-1.0 or EDLv1.0

I've changed EDLv1.0 to EDL-1.0. Even though there is no official SPDX
tag for this license, SPDX always uses <initials>-<version>, so we're
trying to stick to that as well;

Applied, thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list