Release notes:
https://www.reddit.com/r/redis/comments/5r8wxn/redis_327_is_out_important_security_fixes_inside/
From the notes:
Upgrade urgency HIGH.
This release fixes important security and correctness issues. It is
especially important to upgrade for Redis Cluster users and for users
running Redis in their laptop since a cross-scripting attack is fixed in
this release.
[Peter: extend description]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes an use of uninitialized data issue in MAT image format that may have
security impact:
https://github.com/ImageMagick/ImageMagick/issues/362
[Peter: extend commit message, mention (potential) security impact]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found,
leading to heap memory leak triggered by crafted ICC profile.
https://bugzilla.redhat.com/show_bug.cgi?id=1367357
Add upstream patch to fix it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Switch download URL to match the website and avoid issues.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Minimalistic C client for Redis >= 1.2
It is minimalistic because it just adds minimal support for
the protocol, but at the same time it uses a high level
printf-alike API in order to make it much higher level than
otherwise suggested by its minimal code base and the lack of
explicit bindings for every Redis command.
https://github.com/redis/hiredis
[Peter: use install -t / -D, fix arguments]
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Install also lxc in staging directory, this will be needed for the
incoming integration of lxd package. Moreover, other packages could
find useful to integrate with liblxc instead of using lxc-xxx binaries.
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
lxc can use gnutls for various checksumming so add a dependency on it if
package is selected
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: git is a runtime dependency, use pkg-config for openssl
dependencies, use make install]
Signed-off-by: Francesco Negri <francesconegri@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
* Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Needed when wayland support is enabled in xserver_xorg-server.
This patch fixes the final build error:
Making all in xwayland
make[3]: Entering directory '/home/buildroot/br5/output/build/xserver_xorg-server-1.19.0/hw/xwayland'
make[3]: *** No rule to make target '/usr/share/wayland-protocols/unstable/relative-pointer/relative-pointer-unstable-v1.xml', needed by 'relative-pointer-unstable-v1-client-protocol.h'. Stop.
when trying to build
http://autobuild.buildroot.net/results/cf0/cf026e9b18e86b9890341612050f4d166a7b822d/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
perl-gd now supplies a Build.PL, but this one is not cross-compilation
friendly. So, we still use Makefile.PL like in previous version by using
the new <pkg>_PREFER_INSTALLER variable.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also removed the 3 patches as they have been added into the latest
version.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[Thomas: drop autoreconf, no longer needed.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
