Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash)
via a large number of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link:
(https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
The next release of libfcgi is 2.4.1 which may have this fix is yet to be released
officially.
Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libfcgi uses frexp() and thus should link with libm, but fails to do
so. Thus link errors with programs that use libfcgi (the bug does
appear only with uClibc, because the GNU libc provides frexp()
directly in libc.so). Modify 0003-link-against-math.patch so libfcgi
links against math, instead of programs that need it.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Examples do not compile for a static build, because libtool forcibly
wants to link against the shared version of libstdc++.so, instead of the
static version.
Since we do not really need the examples on the target, just disable
them, it is easier than fixing libtool.
Also, while we're at it, rename the patches to include a sequence
number.
Fixes:
http://autobuild.buildroot.org/results/66e/66e19cfd5a6048d2aaa46365518ea875e0abcb4d/http://autobuild.buildroot.org/results/71d/71d9ba50b41efa05a3aff06c24412d5e8b81d8f1/
[Thomas: edit commit log to indicate that the patches are renamed to
include a sequence number.]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix the way libfcgi++ is linked against libfcgi to solve the
http://autobuild.buildroot.org/results/f8e88e93f32e4e94ac9aef5a3f3f2826f1970453/build-end.log
build problem.
Since we're fixing Makefile.am, take that opportunity to add -lm where
needed, to avoid the need of using custom LDFLAGS in libfcgi.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>