summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Korsgaard <peter@korsgaard.com>2017-09-07 09:44:59 (GMT)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>2017-09-09 20:49:12 (GMT)
commit38a1c4821a163f932793a96e036f8fe451398506 (patch)
tree44b5106fa8e98e94d579d3f7bc41acc3addf4a39
parent0e5448af5091ee208fdd38a4e221f444085dd0c8 (diff)
downloadbuildroot-38a1c4821a163f932793a96e036f8fe451398506.tar.gz
buildroot-38a1c4821a163f932793a96e036f8fe451398506.tar.bz2
supervisor: security bump to version 3.1.4
Fixes CVE-2017-11610 - The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. For more details, see https://github.com/Supervisor/supervisor/issues/964 While we're at it, add hashes for the license files. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-rw-r--r--package/supervisor/supervisor.hash4
-rw-r--r--package/supervisor/supervisor.mk4
2 files changed, 5 insertions, 3 deletions
diff --git a/package/supervisor/supervisor.hash b/package/supervisor/supervisor.hash
index 03f337e..0ebc663 100644
--- a/package/supervisor/supervisor.hash
+++ b/package/supervisor/supervisor.hash
@@ -1,2 +1,4 @@
# Locally calculated
-sha256 e32c546fe8d2a6e079ec4819c49fd24534d4075a58af39118d04367918b3c282 supervisor-3.1.3.tar.gz
+sha256 82f75089f719a7a3ca87f35c89a03c20fd3c0912552c96eb6fa40274ced6604e supervisor-3.1.4.tar.gz
+sha256 a85a622378c6a892ead1ce5d0488e446e106bf014d3b763fdbc1ad1ae38ee491 COPYRIGHT.txt
+sha256 27ba0b2357ed6974d755ed53232c5ab8595622b3111bb91682708ea188cc3696 LICENSES.txt
diff --git a/package/supervisor/supervisor.mk b/package/supervisor/supervisor.mk
index 4c62b66..9b93b44 100644
--- a/package/supervisor/supervisor.mk
+++ b/package/supervisor/supervisor.mk
@@ -4,8 +4,8 @@
#
################################################################################
-SUPERVISOR_VERSION = 3.1.3
-SUPERVISOR_SITE = http://pypi.python.org/packages/source/s/supervisor
+SUPERVISOR_VERSION = 3.1.4
+SUPERVISOR_SITE = https://pypi.python.org/packages/12/50/cd330d1a0daffbbe54803cb0c4c1ada892b5d66db08befac385122858eee
SUPERVISOR_LICENSE = BSD-like, rdflib (http_client.py), PSF (medusa), ZPL-2.1
SUPERVISOR_LICENSE_FILES = COPYRIGHT.txt LICENSES.txt
SUPERVISOR_SETUP_TYPE = setuptools