projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5675f09)
package/thrift: security bump to version 0.14.1
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 13 Jun 2021 09:13:56 +0000 (11:13 +0200)
committerArnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tue, 13 Jul 2021 20:05:43 +0000 (22:05 +0200)
Fix CVE-2020-13949: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC
clients could send short messages which would result in a large memory
allocation, potentially leading to denial of service.

- Disable javascript and nodejs which have been added with
  https://github.com/apache/thrift/commit/61d502075bf5da10331c201f604acdfefc4d5edc
- Update hash of LICENSE, license for windows-specific files added:
  https://github.com/apache/thrift/commit/98854c48744f20b3f551817273ed502835477f09

https://github.com/apache/thrift/blob/v0.14.1/CHANGES.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
package/thrift/thrift.hash patch | blob | history
package/thrift/thrift.mk patch | blob | history

diff --git a/package/thrift/thrift.hash b/package/thrift/thrift.hash
index f342dc348d6f779823b32cf14d4ec4cb1de43595..20d6baeacec5a7c882eb0232edd3dc708ecc4f3f 100644 (file)
--- a/package/thrift/thrift.hash
+++ b/package/thrift/thrift.hash
@@ -1,4 +1,4 @@
-# From https://www.apache.org/dist/thrift/0.13.0/thrift-0.13.0.tar.gz.sha256
-sha256  7ad348b88033af46ce49148097afe354d513c1fca7c607b59c33ebb6064b5179  thrift-0.13.0.tar.gz
+# From https://www.apache.org/dist/thrift/0.14.1/thrift-0.14.1.tar.gz.sha256
+sha256  13da5e1cd9c8a3bb89778c0337cc57eb0c29b08f3090b41cf6ab78594b410ca5  thrift-0.14.1.tar.gz
 # License files, locally calculated
-sha256  23df881cec3192d1f4474633c14eb2ec30a45b84f8daeb82b9de5d2bd3ac8218  LICENSE
+sha256  d315e6cdedc07c478de6992027bfb66f220886c6216fd7e9885ced30c3703646  LICENSE
diff --git a/package/thrift/thrift.mk b/package/thrift/thrift.mk
index 544eb973231869890ad08773709cc673da995e73..c36efce2ed7a68b5ef9de92dd10261f6187e832e 100644 (file)
--- a/package/thrift/thrift.mk
+++ b/package/thrift/thrift.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-THRIFT_VERSION = 0.13.0
+THRIFT_VERSION = 0.14.1
 THRIFT_SITE = http://www.us.apache.org/dist/thrift/$(THRIFT_VERSION)
 THRIFT_LICENSE = Apache-2.0
 THRIFT_LICENSE_FILES = LICENSE
@@ -18,8 +18,10 @@ HOST_THRIFT_DEPENDENCIES = host-bison host-boost \
 
 THRIFT_COMMON_CONF_OPTS = -DBUILD_TUTORIALS=OFF \
        -DBUILD_TESTING=OFF \
+       -DWITH_NODEJS=OFF \
        -DWITH_PYTHON=OFF \
        -DWITH_JAVA=OFF \
+       -DWITH_JAVASCRIPT=OFF \
        -DWITH_QT5=OFF
 
 THRIFT_CONF_OPTS = $(THRIFT_COMMON_CONF_OPTS) -DBUILD_COMPILER=OFF