From patchwork Sun May 16 09:34:21 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fabrice Fontaine <fontaine.fabrice@gmail.com>
X-Patchwork-Id: 1478979
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=140.211.166.137; helo=smtp4.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=GKWWRcf8;
	dkim-atps=neutral
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4FjcYK21F2z9sRN
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Sun, 16 May 2021 19:34:44 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp4.osuosl.org (Postfix) with ESMTP id 5F0D2402F0;
	Sun, 16 May 2021 09:34:42 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
	by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id aNyqF99ToxHg; Sun, 16 May 2021 09:34:41 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by smtp4.osuosl.org (Postfix) with ESMTP id 8DE384030E;
	Sun, 16 May 2021 09:34:40 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by ash.osuosl.org (Postfix) with ESMTP id 14A931BF3D5
 for <buildroot@lists.busybox.net>; Sun, 16 May 2021 09:34:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id 106F683054
 for <buildroot@lists.busybox.net>; Sun, 16 May 2021 09:34:39 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Authentication-Results: smtp1.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id cMtfS7vhqgTo for <buildroot@lists.busybox.net>;
 Sun, 16 May 2021 09:34:38 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com
 [IPv6:2a00:1450:4864:20::329])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 0DBD282F9B
 for <buildroot@buildroot.org>; Sun, 16 May 2021 09:34:37 +0000 (UTC)
Received: by mail-wm1-x329.google.com with SMTP id z130so1891712wmg.2
 for <buildroot@buildroot.org>; Sun, 16 May 2021 02:34:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=boWB8KHWfhqZrQdglDbaNVwpHQZsJyjZ4fMvRWFQWIc=;
 b=GKWWRcf8pZK3ohyMDkii4QCWsAf734syVPZFFdXlgpF72/sicl55OZWyG5aVzr+lTe
 1SikWpUmdKs/RD3P1zaXqFTHOe0uz08vqLFvpYAzIOGooCfoFHYJhqllVQvo69P4PZ8/
 26i/LlyuVWpnGHqBrZR0Hp4dCEy2KC/N8r1VPjIKfMXdsM2ttvKK5ph8zYoiq5nkgJ/O
 As9N67eZkG1zVyhLlUD50WYzPIAJfN9PMmCZ1CYisk1v/4hVB5yEI9fp+LjvI403yYkB
 EKgr6ECahnvZHfCVZGIGgdGnUnM9wrq17GxNjyCajC+YNuodZj27r3cZ23L4/SERcdet
 nIKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=boWB8KHWfhqZrQdglDbaNVwpHQZsJyjZ4fMvRWFQWIc=;
 b=fET3PXjOCVxdf09sZ0p1hwHxaPtIOUPgr8p6DYu5I1B6UIcoiKi/BYKcsIMY9p3JaA
 2/kZQdcyHtBfQ/lBZt7Zs6qSck+aypBcWua2O9DCPbaJiHc5ss3SUKH1IWplu9WAdjly
 nu5oKSCfPjE3uqgFDouIkWyA/sveJGEq5SjPOBDAvzwUeG63PVW35S1mfq+SZrZ3vFEL
 ac+mXf9Ta/UXJHbseMuY0afTT41r2w26coSP0RUru60a4DWdeRXdfxwgqMo4G1p51HQz
 PIkELU4VupEJX+3T82eUHvtN68VwqXDP2i0wBVLofTpF9Dbhh8Vs2RXg/98DL/DKnqiA
 mB6Q==
X-Gm-Message-State: AOAM533n/0pG5AMpp3WSP/ieKc4tAEW938mBMCPNtaSNtJTNXY1pQPGh
 2SRFmp4AE2BAo/ZJjIYs7dcBRd7KmAs=
X-Google-Smtp-Source: 
 ABdhPJyGFAKY+4wfeoREJXhvrOJzDdn7S7mA52LdG84uHbD4+8CW0TeTeFQAYWLH6BSLLczP2cQaYg==
X-Received: by 2002:a7b:cc19:: with SMTP id
 f25mr57507349wmh.153.1621157676095;
 Sun, 16 May 2021 02:34:36 -0700 (PDT)
Received: from kali.home (lfbn-ren-1-1383-171.w86-229.abo.wanadoo.fr.
 [86.229.230.171])
 by smtp.gmail.com with ESMTPSA id d127sm16336881wmd.14.2021.05.16.02.34.34
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 16 May 2021 02:34:35 -0700 (PDT)
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Sun, 16 May 2021 11:34:21 +0200
Message-Id: <20210516093422.3768746-1-fontaine.fabrice@gmail.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/2] package/jquery-validation: add CPE variables
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

cpe:2.3:a:jqueryvalidation:jquery_validation is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajqueryvalidation%3Ajquery_validation

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/jquery-validation/jquery-validation.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/jquery-validation/jquery-validation.mk b/package/jquery-validation/jquery-validation.mk
index a8c2897983..43e57a9fc9 100644
--- a/package/jquery-validation/jquery-validation.mk
+++ b/package/jquery-validation/jquery-validation.mk
@@ -9,6 +9,8 @@ JQUERY_VALIDATION_SITE = http://jqueryvalidation.org/files
 JQUERY_VALIDATION_SOURCE = jquery-validation-$(JQUERY_VALIDATION_VERSION).zip
 JQUERY_VALIDATION_LICENSE = MIT
 JQUERY_VALIDATION_LICENSE_FILES = README.md
+JQUERY_VALIDATION_CPE_ID_VENDOR = jqueryvalidation
+JQUERY_VALIDATION_CPE_ID_PRODUCT = jquery_validation
 
 define JQUERY_VALIDATION_EXTRACT_CMDS
 	$(UNZIP) -d $(@D) $(JQUERY_VALIDATION_DL_DIR)/$(JQUERY_VALIDATION_SOURCE)

From patchwork Sun May 16 09:34:22 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fabrice Fontaine <fontaine.fabrice@gmail.com>
X-Patchwork-Id: 1478980
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=DTM/3eP5;
	dkim-atps=neutral
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4FjcYY4kn9z9sRN
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Sun, 16 May 2021 19:34:57 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id 7ED26606F5;
	Sun, 16 May 2021 09:34:55 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
	by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id VvW6sbJGoASy; Sun, 16 May 2021 09:34:54 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by smtp3.osuosl.org (Postfix) with ESMTP id B5F2B6064A;
	Sun, 16 May 2021 09:34:53 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by ash.osuosl.org (Postfix) with ESMTP id 5F86F1BF3D5
 for <buildroot@lists.busybox.net>; Sun, 16 May 2021 09:34:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id 5B08F82F9B
 for <buildroot@lists.busybox.net>; Sun, 16 May 2021 09:34:42 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Authentication-Results: smtp1.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id NJwv8kTdV8Ri for <buildroot@lists.busybox.net>;
 Sun, 16 May 2021 09:34:41 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com
 [IPv6:2a00:1450:4864:20::42f])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 6615083032
 for <buildroot@buildroot.org>; Sun, 16 May 2021 09:34:41 +0000 (UTC)
Received: by mail-wr1-x42f.google.com with SMTP id n2so3363886wrm.0
 for <buildroot@buildroot.org>; Sun, 16 May 2021 02:34:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=YXwK7Us3QLkwGwq/k8eKisy3Yzb+1bJqHoeZNbUIADk=;
 b=DTM/3eP5yECWv31U9M9r1+hWq1qQRTbQlh2tEqKqFYiP1iMJiK6FiWJ/QgLP6x+Fbw
 E4pDQ1n9DVH8kI3P2M7miNoEAZ6yL6aVw/7pWhlpqHb5/D15BMpUD6MHsdAKE1LaNEVQ
 YsYc1oHwvpE4h2FgdK+mbNH82g+kT9kObCVIFHxMN04F+YUoeooqldvQwbg6vtd7F/ga
 CQRHyaISJsXeFZ7TWeAfNAcDnJmkzN4uqH1twPuVoF+1MU5IJRiXDm6PLyCn7YddaJ10
 nzDY+BMMwc7CecOn+caj816kMdB/+O0wFY/0OHim6HG1TSL2o0qeqenwhhVw6VCZfSQa
 0yeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=YXwK7Us3QLkwGwq/k8eKisy3Yzb+1bJqHoeZNbUIADk=;
 b=L6tHyMj3bgSRkjrxA17HEEc3F37qRdWvJ3eEputjryMXlFPnO7ODXwk5jRauHFWwQl
 q7OnPIeBKE5LN0bz/rB9Xxl0WuiMSSeaQTED6E1cO57O8td1Ya228e4t0aBcbcWVbJwF
 wEYiUJrTwAaj1k3b6Po54dIhUt3HgmGtFYYQrtpYUZRFcdo9Jc8fjh3UrJctup/zdGI7
 UwgdLWMxIbmwiqlWO1YMp0ysEhKDbff/rfZYQkb1FK29Zsb/lekiuhvw4KEXMvfa3Ft/
 QTsDzQTYu0cFa0fhFaEFZEJU1ocjqQh3jvdMFcQvBVPw6IZFMyzrOU+FVPRy2QIzAGDb
 hGyQ==
X-Gm-Message-State: AOAM531CZqBMeuPpxOUbI1UwO5wLdC2HwzbBDGiMuXNTGtB7VjNWB8Zz
 WuuQ8w6uidFErZdqIWUukCi0qmq/XX4=
X-Google-Smtp-Source: 
 ABdhPJxIYm94h4UHH9qGV3VGUd0RAGG9Hvl52EAKnpFNGHGGpZetWg7tGbj26DkMREeQGcfHqmH9Ug==
X-Received: by 2002:a5d:554e:: with SMTP id g14mr4668691wrw.131.1621157679309;
 Sun, 16 May 2021 02:34:39 -0700 (PDT)
Received: from kali.home (lfbn-ren-1-1383-171.w86-229.abo.wanadoo.fr.
 [86.229.230.171])
 by smtp.gmail.com with ESMTPSA id d127sm16336881wmd.14.2021.05.16.02.34.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 16 May 2021 02:34:38 -0700 (PDT)
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Sun, 16 May 2021 11:34:22 +0200
Message-Id: <20210516093422.3768746-2-fontaine.fabrice@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210516093422.3768746-1-fontaine.fabrice@gmail.com>
References: <20210516093422.3768746-1-fontaine.fabrice@gmail.com>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 2/2] package/jquery-validation: security bump to
 version 1.19.3
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fix CVE-2021-21252: The jQuery Validation Plugin provides drop-in
validation for your existing forms. It is published as an npm package
"jquery-validation". jquery-validation before version 1.19.3 contains
one or more regular expressions that are vulnerable to ReDoS (Regular
Expression Denial of Service).

Update hash of README.md due to changes not related to license

https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/jquery-validation/jquery-validation.hash | 4 ++--
 package/jquery-validation/jquery-validation.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/jquery-validation/jquery-validation.hash b/package/jquery-validation/jquery-validation.hash
index af451a6c1a..4dbe07e218 100644
--- a/package/jquery-validation/jquery-validation.hash
+++ b/package/jquery-validation/jquery-validation.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256  14efe6f1784ef6e97116b15c77b04b7e8f47ec07b1479bcd6fa0b081faa19440  jquery-validation-1.14.0.zip
-sha256  c2f9aa180de990ff16ca7e756c9af52ecc1b3536e3fb32649d7b2c510bccf9d0  README.md
+sha256  01ad2ef0a7f9cd413aeb51081651293916da47d20e5c0a59ec62587e58b03564  jquery-validation-1.19.3.zip
+sha256  3e5a99460077c16bf75f6821a30cdac9baa339119ebf63b2a6c49f4f50421ca4  README.md
diff --git a/package/jquery-validation/jquery-validation.mk b/package/jquery-validation/jquery-validation.mk
index 43e57a9fc9..920ed1cece 100644
--- a/package/jquery-validation/jquery-validation.mk
+++ b/package/jquery-validation/jquery-validation.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-JQUERY_VALIDATION_VERSION = 1.14.0
-JQUERY_VALIDATION_SITE = http://jqueryvalidation.org/files
+JQUERY_VALIDATION_VERSION = 1.19.3
+JQUERY_VALIDATION_SITE = https://github.com/jquery-validation/jquery-validation/releases/download/$(JQUERY_VALIDATION_VERSION)
 JQUERY_VALIDATION_SOURCE = jquery-validation-$(JQUERY_VALIDATION_VERSION).zip
 JQUERY_VALIDATION_LICENSE = MIT
 JQUERY_VALIDATION_LICENSE_FILES = README.md