These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py (for
Python 2.7)
CVE-2019-16935 was fixed for python3 in #10109
Links to Python issues:
https://bugs.python.org/issue34155https://bugs.python.org/issue38243
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This release incorporates fixes for CVE-2019-13224 and CVE-2019-13225,
and "fixed many problems (found by libfuzzer programs)."
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit b7d0a82a7f)
Add code blocks for easier reading and change "dns" to "DNS".
Signed-off-by: Claudius Ellsel <claudius.ellsel@live.de>
(cherry picked from commit 088a14e5ce)
This can be helpful for example in hotels where you need to
enter a new user/password combination every week.
Signed-off-by: Johannes Rothe <mail@johannes-rothe.de>
(cherry picked from commit a7f87f939d)
Go 1.13 added a new -trimpath option to the "go build" command[1] that
removes system paths from compiled executables. This replaces the
previous -trimpath flags.
There are still system paths in the compiled executable (for crti.o and
crtn.o, when cross-compiling); these appear to be stripped during the
packaging process.
[1]: https://golang.org/doc/go1.13#trimpath
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry-picked from commit 22ee6e86a0)
Patch 002 - Force Python3 is no longer applying, let's try to throw it
away to see if it is still necessary
Patch 003 - Was backported from the master branch and it was included in
Netdata version 1.17.0
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 5e89816)
Repository was moved.
Also cleaned up Makefile slightly.
Ran init script through shellcheck.
Added PKG_BUILD_PARALLEL for faster compilation.
Added several CFLAGS and LDFLAGS for smaller size.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from f3245e6c7d)
When passing -Wimplicit-function-declaration
Also got rid of std=gnu89. It's easy to patch out.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 1b5e4883a4)
Cleaned up Makefile for consistency between packages.
Switched to CMAKE_INSTALL to get rid of the InstallDev section.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 2e2929366b)
The libyajl cleanup commit revealed that it was not being installed
correctly. Now that it is, mpd picks it up properly.
Enabled SoundCloud support for the full variant. Disabled for the mini.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 835bc1df03)
Replaced git:// link with https:// which gets through firewalls easier.
Replaced archive with .xz. The one currently in the mirrors has the wrong
hash. .xz is also smaller than .gz.
Eliminated already default CMake option.
Eliminated Build/InstallDev with CMAKE_INSTALL.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 2abbc83c9d)
Update Makefile to modern standards.
Switched to local tarballs..xz archives are smaller. The .gz archive that
codeload comes with is 85MB.
Replaced PKG_INSTALL with CMAKE_INSTALL to get rid of Build/InstallDev.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed inactive maintainer.
Added uClibc-ng patches to fix compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from f8cd4f094a)
It seems newer versions of fbthrift require more libraries.
Also added AR7, RB532, and Lantiq ASE to fiber exclusion.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 1f77459ace)
This commit updates Boost to version 1.71.0 and disables Boost.Context
for arc and mips64 architectures, since either jump_fcontext or
getcontext are undefined for those architectures.
It also fixes a bug were Boost.Fiber was not properly disabled for
mips32 and mips64 architectures.
Boost.Coroutine2 option was removed since it was redundant. By selecting
the Coroutine package, Coroutine2 is also installed.
Boost.Fiber has been disabled for target brcm47xx_generic and brcm47xx_legacy
due to misssing opcode support from instruction set.
Boost 1.71.0 brings a new header-only library
- Boost.Variant2 [1]
-> A never-valueless, strong guarantee implementation of
std::variant, from Peter Dimov.
More info about Boost 1.71.0 can be found at the usual place [2].
[1]: https://www.boost.org/doc/libs/1_71_0/libs/variant2/doc/html/variant2.html
[2]: https://www.boost.org/users/history/version_1_71_0.html
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
(cherry-picked from 0cd9824623)
