This version adds a new RegSet API, and fixes the following:
- CVE-2019-19012
- CVE-2019-19203
- CVE-2019-19204
- CVE-2019-19246
- some problems (found by libFuzzer test)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
apr-util was updated. It doesn't provide the depend on libsqlite3
anymore, so this needs to be added to the subversion package now.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
004-avoid_ldap_by_defaut.patch:
By default use --avoid-ldap since apache2 is the only user, and we don't
want to add extra dependencies to other apr-utils rdepends. Patch from
Ryan Niebur <ryanryan52@gmail.com>, copied from Debian.
005-apu_config_dont_list_indep_libs.patch:
Prevent recursive linking of dependent libraries by apr-util users.
Patch from Peter Samuelson <peter@p12n.org>, also copied from Debian.
Makes libexpat and libiconv private.
006-avoid_db_by-default.patch:
Make apu-config not output dbm libs by default. See Debian #622081.
Patch from Stefan Fritsch <sf@debian.org>, also copied from Debian
While bumping the revision also correct license information.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
The ASLR PIE option was changed to a tristate option
(openwrt/openwrt@19cbac7d264dfca1f75849de64beb98830fbb1e4). This updates
the Go compiler package and golang-package.mk to account for this
change.
This also adds warning messages for when the user has selected PIE but
Go does not have PIE support for the chosen target.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates the library to address several CVEs, add modern
crypto, and eliminate legacy patches.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This adds support to compile position-independent executables for
packages that use golang-package.mk.
Go packages will have PIE enabled if:
* Go supports PIE on the target platform;
* CONFIG_PKG_ASLR_PIE is selected; and
* PKG_ASLR_PIE (for the package) is not set to 0
Go 1.13 supports PIE for x86 and arm targets; mips support is in
progress[1].
[1]: https://github.com/golang/go/issues/21222#issuecomment-542064462
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This fixes how GOARM is selected for arm platforms, based on support for
VFP/VFPv3 rather than CPU version.
Fixes#10967.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
DEPENDS attribute makes canutils fail on installation procedure
Removing it makes a successful build
Signed-off-by: Paulo Machado <pffmachado@yahoo.com>
- helps build system to locate zlib
- adds depend on libgdbm if libaprutil-dbm-gdbm is selected
This fixes the two different build failures that can currently be
observed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
I was too aggressive in recommending that we remove the module symbolic
links of form libX.so as part of commit c9ce769b. It turns out that at
least Postfix relies on these, and I suspect any application that makes
use of libsasl2 will require them too.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This change adds support for the pymysql package, which is a pure Python
MySQL client. This package will replace the current python-mysqlclient.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The regular Makefile is totally broken and does not pass CFLAGS. This
breaks compilation with PKG_ASLR_PIE and also does not pass -Os.
Signed-off-by: Rosen Penev <rosenp@gmail.com>