On Github, a large number of projects name their tag
<some-prefix>-0.3-<some-suffix> (i.e release-3.0, poco-0.1-release,
etc.). In fact majority of the cased adressed in this commit concerns
prefixes.
In most packages, we encode those prefix/suffix in the <pkg>_VERSION
variable.
The problem with this approach is that when used in conjunction with
release-monitoring.org, it doesn't work very well, because
release-monitoring.org has the concept of "version prefix/suffix" and
using that they drop the prefix/suffix to really get the version. For
example on https://release-monitoring.org/project/5418/ the latest
release of "poco" is "1.8.1", not "poco-1.8.1-release".
Therefore, a number of packages in Buildroot have a version that
doesn't match with release-monitoring.org.
Since really the version number of 1.8.1, is makes sense to update our
packages to drop these prefixes/suffixes.
This commit addreses the case of github-fetched packages with
non-conventional prefixes/suffixes.
Note that these changes modify the name of the files stored in DL_DIR,
which means that this will force a re-download of those package source
code for all users, and requires a change to their .hash file.
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch bumps web2py to the latest version R-2.15.4 and bumps
also the python-pydal dependency to the required latest version 17.8.
Starting with version R-2.15.x web2py supports also python 3, so
updating the package to support both versions.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
Inclusion vulnerability, which allows a malicious intended user to
read/access web server sensitive files.
CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
XSS vulnerability, which allows an attacker to perform an XSS attack on
logged in user (admin).
CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site Request Forgery) vulnerability, which allows an attacker to trick a
logged in user to perform some unwanted actions i.e An attacker can trick an
victim to disable the installed application just by sending a URL to victim.
CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
denied before verifying passwords, allowing a remote attacker to perform
brute-force attacks.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
