Fixes the following security issues:
- CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to
2.7.3 may lead to denial of service when performing syntax highlighting of
a Standard ML (SML) source file, as demonstrated by input that only
contains the "exception" keyword
- CVE-2021-27291: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse
programming languages rely heavily on regular expressions. Some of the
regular expressions have exponential or cubic worst-case complexity and
are vulnerable to ReDoS. By crafting malicious input, an attacker can
cause a denial of service
Python 2.x support was dropped in pygments 2.6, so adjust (reverse)
dependencies:
Version 2.6
-----------
(released March 8, 2020)
- Running Pygments on Python 2.x is no longer supported.
(The Python 2 lexer still exists.)
Adjust the license hash for a change of copyright years:
a590ac5ea7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-2c is BSD-2-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
