Commit Graph

9 Commits

Author SHA1 Message Date
Fabrice Fontaine
40bc86afe9 package/hiredis: security bump to version 0.14.1
- Fix CVE-2020-7105: async.c and dict.c in libhiredis.a in hiredis
  through 0.14.0 allow a NULL pointer dereference because malloc return
  values are unchecked.
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-03-28 14:25:29 +01:00
Victor Huesca
69808c7536 package: remove 'v' prefix from github-fetched packages
On Github, a large number of projects name their tag vXYZ (i.e v3.0,
v0.1, etc.). In some packages we do:

 <pkg>_VERSION = v0.3
 <pkg>_SITE = $(call github foo,bar,$(<pkg>_VERSION))

And in some other packages we do:

 <pkg>_VERSION = 0.3
 <pkg>_SITE = $(call github foo,bar,v$(<pkg>_VERSION))

I.e in one case we consider the version to be v0.3, in the other case
we consider 0.3 to be the version.

The problem with v0.3 is that when used in conjunction with
release-monitoring.org, it doesn't work very well, because
release-monitoring.org has the concept of "version prefix" and using
that they drop the "v" prefix for the version.

Therefore, a number of packages in Buildroot have a version that
doesn't match with release-monitoring.org because Buildroot has 'v0.3'
and release-monitoring.org has '0.3'.

Since really the version number of 0.3, is makes sense to update our
packages to drop this 'v'.

This commit only addresses the (common) case of github packages where
the prefix is simply 'v'. Other cases will be handled by separate
commits. Also, there are a few cases that couldn't be handled
mechanically that aren't covered by this commit.

Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
[Arnout: don't change flatbuffers, json-for-modern-cpp, libpagekite,
 python-scapy3k, softether]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-06-19 22:27:55 +02:00
Fabrice Fontaine
cb9d741245 package/hiredis: bump to version 0.14.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-01-14 21:11:13 +01:00
Fabrice Fontaine
d0f05acdf5 hiredis: add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-03 00:00:48 +01:00
Romain Naour
10ffe1f65c package/hiredis: fix install step for static build only
The previous patch [1] didn't take into acount the static build only
scenario. It tries to unconditionally install a shared library.

Handle the install step like for bzip2 package: install the shared
library only if BR2_SHARED_LIBS or BR2_SHARED_STATIC_LIBS is set and
install the static library only if BR2_STATIC_LIBS or
BR2_SHARED_STATIC_LIBS is set.

[1] 96daacb720

Fixes:
http://autobuild.buildroot.net/results/6be/6be8024dd664af83fcf49ede29c8ad59a37f73d1

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-14 22:29:31 +02:00
Romain Naour
96daacb720 package/hiredis: fix installation logic of library
While testing minetest with libhiredis library, the game crached due to
missing libhiredis.so.0.13 library.

The hiredis.mk doesn't use "make install" because "make install" depends
on building both the shared and static libraries, which fails in
static-only scenarios.

However, the installation logic in hiredis.mk is bogus: it installs the
library as libhiredis.so, while its SONAME is libhiredis.so.0.13. We fix
this by using the same logic as the one done by the package "make
install" process: install the library as libhiredis.so.0.13, and create
libhiredis.so as a symbolic link to it.

While at it:

 - Install the library 0755, this is more common.

 - Do not create $(TARGET_DIR)/usr/lib, since $(INSTALL) -D will create
   the necessary directories for the destination path.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: rework to use the same installation logic as the one from
hiredis "make install".]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-12 21:34:12 +02:00
Rahul Bedarkar
9f59b378a3 boot, package: use SPDX short identifier for BSD-3c
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-3c is BSD-3-Clause.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:26:57 +02:00
Yann E. MORIN
adb6ffda78 package/hiredis: fix makefile code
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-14 21:23:11 +01:00
Fabrice Fontaine
c487d0671d hiredis: new package
Minimalistic C client for Redis >= 1.2

It is minimalistic because it just adds minimal support for
the protocol, but at the same time it uses a high level
printf-alike API in order to make it much higher level than
otherwise suggested by its minimal code base and the lack of
explicit bindings for every Redis command.

https://github.com/redis/hiredis

[Peter: use install -t / -D, fix arguments]
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-30 21:09:57 +01:00