ijson < 2.5 (as available in Debian 10) use the slow python backend by
default instead of the most efficient one available like modern ijson
versions, significantly slowing down cve checking. E.G.:
time ./support/scripts/pkg-stats --nvd-path ~/.nvd -p avahi --html foobar.html
Goes from
174,44s user 2,11s system 99% cpu 2:58,04 total
To
93,53s user 2,00s system 98% cpu 1:36,65 total
E.G. almost 2x as fast.
As a workaround, detect when the python backend is used and try to use a
more efficient one instead. Use the yajl2_cffi backend as recommended by
upstream, as it is most likely to work, and print a warning (and continue)
if we fail to load it.
The detection is slightly complicated by the fact that ijson.backends used
to be a reference to a backend module, but is nowadays a string (without the
ijson.backends prefix).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
showing "enable home daemon"
and "homed support needs a toolchain w/ threads, dynamic library, kernel headers >= 4.12"
when BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12
introduced by fa62b5165c
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 841c695468 (libdrm: change to meson build system) converted the
autotools --disable-manpages to the neson -Dmanpages=false. However, the
actual option is 'man-pages':
WARNING: Unknown options: "manpages"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: tweak commit log as per Peter's review]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable introspection when GObject Introspection is enabled.
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Acked-by: Aleksander Morgado <aleksander@aleksander.es>
[yann.morin.1998@free.fr: drop config option, rely on GOI package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add hash file
Convert to meson build
Use https instead of http and git
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
[yann.morin.1998@free.fr: also switch repo to https]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The condition around postgis was added to make a sort of submenu of the
postgresql extensions under postgresql itself. However, such a condition
should be on BR2_PACKAGE_POSTGRESQL, not on its suboption
BR2_PACKAGE_POSTGRESQL_FULL.
Change the condition in package/Config.in to BR2_PACKAGE_POSTGRESQL, and
move the BR2_PACKAGE_POSTGRESQL_FULL condition to
package/postgis/Config.in.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Minimalistic protocol buffer decoder and encoder in C++.
Designed for high performance. Suitable for writing zero copy
parsers and encoders with minimal need for run-time allocation
of memory.
Low-level: this is designed to be a building block for writing
a very customized decoder for a stable protobuf schema. If your
protobuf schema is changing frequently or lazy decoding is not
critical for your application then this approach offers
no value: just use the C++ API that can be generated with
the Google Protobufs protoc program.
https://github.com/mapbox/protozero
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- needs protobuf-c (not protobuf)
- protobuf-c configure tests are not cross-compile capable, even with
ifeq ($(BR2_PACKAGE_PROTOBUF_C),y)
POSTGIS_DEPENDENCIES += protobuf-c
POSTGIS_CONF_OPTS += --with-protobuf
POSTGIS_CONF_ENV += \
ac_cv_lib_protobuf_c_protobuf_c_message_init=yes \
ac_cv_lib_protobuf_c_protobuf_c_version=yes
else
POSTGIS_CONF_OPTS += --without-protobuf
endif
configure aborts with:
checking for PROTOBUFC... yes
checking protobuf-c/protobuf-c.h usability... yes
checking protobuf-c/protobuf-c.h presence... yes
checking for protobuf-c/protobuf-c.h... yes
checking for protobuf_c_message_init in -lprotobuf-c... (cached) yes
checking for protobuf_c_version in -lprotobuf-c... (cached) yes
checking protobuf-c version... configure: error: in `.../build/postgis-3.1.1':
configure: error: cannot run test program while cross compiling
Fixes:
- http://autobuild.buildroot.net/results/8b95086b5e0876d0a4e41330446e767e4abd3729
checking for PROTOBUFC... no
libprotobuf-c not found in pkg-config
checking protobuf-c/protobuf-c.h usability... no
checking protobuf-c/protobuf-c.h presence... no
checking for protobuf-c/protobuf-c.h... no
configure: error: unable to find protobuf-c/protobuf-c.h using CPPFLAGS. You can disable MVT and Geobuf support using --without-protobuf
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
OpenZFS is an advanced file system and volume manager which was originally
developed for Solaris and is now maintained by the OpenZFS community. This
repository contains the code for running OpenZFS on Linux and FreeBSD.
http://zfsonlinux.org/
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
[me:
- fix test case on how to use a pre-built toolchain
- reorder the test case config
- add test case with glibc
- drop superflous test timeout override
- only select libtirpc when C library lacks native RPC
- drop unused ZFS_MODULES variable
- drop ZFS_CPE_ID_PREFIX and ZFS_AUTORECONF_OPTS which are defaults
- drop NLS options, already set in a generic manner
- drop incomplete/improper sysvinit support
- some cosmetics
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
PostGIS is a spatial database extender for PostgreSQL object-relational
database. It adds support for geographic objects allowing location
queries to be run in SQL.
On microblazeel with the bootlin toolchain, the build fails with an ICE:
during RTL pass: reload
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp: In static member function ‘static std::unique_ptr<std::vector<geos::geom::Coordinate> > geos::geom::util::Densifier::densifyPoints(geos::geom::Coordinate::Vect, double, const geos::geom::PrecisionModel*)’:
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp:128:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
128 | }
| ^
Since it's unlikely that postgis will ever be used on a microblaze,
simply disable it.
https://postgis.net/
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- Move postgresql dependency to package/Config.in, to satisfy
alphabetical ordering in the menu while keeping it below postgresql.
- Add dependency on !microblaze.
- Add comment for dependencies.
- Add positive version of --with-raster and --with-protobuf to
_CONF_OPTS.
- Expand BSD to BSD-2-Clause.
]
Since version 1.2.0, mpc requires mpfr 4.1.0.
See bc3541daa6
Update indentation in hash file (two spaces).
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove patches applied upstream.
Add patch to not build unit tests by default (patch sent upstream):
https://github.com/mono/libgdiplus/pull/701
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add Signed-off-by and while at it, renumber it
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13731
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects
0.103.1 and prior on Windows only.
- CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0
and 0.103.1 only.
- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
Affects 0.103.0 and 0.103.1 only.
- CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects
0.103.1 and prior.
- CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
parsing of malformed png files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
for Python. In httplib2 before version 0.19.0, a malicious server
which responds with long series of "\xa0" characters in the
"www-authenticate" header may cause Denial of Service (CPU burn while
parsing header) of the httplib2 client accessing said server. This is
fixed in version 0.19.0 which contains a new implementation of auth
headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
controlling unescaped part of uri for `httplib2.Http.request()` could
change request headers and body, send additional hidden requests to
same server. This vulnerability impacts software that uses httplib2
with uri constructed by string concatenation, as opposed to proper
urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
bd9ee252c8https://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
