mirrors/buildroot
0
0
Fork 0
mirror of https://git.busybox.net/buildroot.git synced 2024-11-27 15:33:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

package/thrift: security bump to version 0.14.1

Browse Source 
Fix CVE-2020-13949: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC
clients could send short messages which would result in a large memory
allocation, potentially leading to denial of service.

- Disable javascript and nodejs which have been added with
  61d502075b
- Update hash of LICENSE, license for windows-specific files added:
  98854c4874

https://github.com/apache/thrift/blob/v0.14.1/CHANGES.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7ecbb956e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2021-06-13 11:13:56 +02:00 committed by Peter Korsgaard
parent 62b2e7b506
commit ac2b5a4feb
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/thrift/thrift.hash
View File

@ -1,4 +1,4 @@
# From https://www.apache.org/dist/thrift/0.13.0/thrift-0.13.0.tar.gz.sha256
sha256 7ad348b88033af46ce49148097afe354d513c1fca7c607b59c33ebb6064b5179 thrift-0.13.0.tar.gz
# From https://www.apache.org/dist/thrift/0.14.1/thrift-0.14.1.tar.gz.sha256
sha256 13da5e1cd9c8a3bb89778c0337cc57eb0c29b08f3090b41cf6ab78594b410ca5 thrift-0.14.1.tar.gz
# License files, locally calculated
sha256 23df881cec3192d1f4474633c14eb2ec30a45b84f8daeb82b9de5d2bd3ac8218 LICENSE
sha256 d315e6cdedc07c478de6992027bfb66f220886c6216fd7e9885ced30c3703646 LICENSE

4
package/thrift/thrift.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
THRIFT_VERSION = 0.13.0
THRIFT_VERSION = 0.14.1
THRIFT_SITE = http://www.us.apache.org/dist/thrift/$(THRIFT_VERSION)
THRIFT_LICENSE = Apache-2.0
THRIFT_LICENSE_FILES = LICENSE
@ -18,8 +18,10 @@ HOST_THRIFT_DEPENDENCIES = host-bison host-boost \
THRIFT_COMMON_CONF_OPTS = -DBUILD_TUTORIALS=OFF \
-DBUILD_TESTING=OFF \
-DWITH_NODEJS=OFF \
-DWITH_PYTHON=OFF \
-DWITH_JAVA=OFF \
-DWITH_JAVASCRIPT=OFF \
-DWITH_QT5=OFF
THRIFT_CONF_OPTS = $(THRIFT_COMMON_CONF_OPTS) -DBUILD_COMPILER=OFF