Fix the following security issues:
- SERVER-45514 [FLE] Reject document validators with encryption-related
keywords if the validationAction is “warn”
- SERVER-48039 Unrecognized option: net.ssl.clusterCertificateSelector
in MongoDB v4.2
- SERVER-45803 mongodecrypt needs a ServiceContext
- SERVER-46834 Use monotonic time in UserCacheInvalidator
- SERVER-47113 LDAP connection pool acquisition state should own host
list
https://docs.mongodb.com/manual/release-notes/4.2
Also:
- Update indentation in hash file (two spaces)
- Tweak version to be "compliant" with https://release-monitoring.org
- Use official tarball
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop !BR2_PACKAGE_PYTHON3 dependency as SConstruct requires
host-python3 since version 4.1.10 and:
8dd6d47557
- host-python-psutil is needed since 4.1.8 and
ff03811e31
- Drop unneeded host-python-typing dependency
- C++17 and so gcc 7 is required since 4.1.8 and
01d84b2565
- Set --disable-minimum-compiler-version-enforcement as mongodb enforces
gcc >= 8.2 since verson 4.1.8 and
9ac90b128e
- Explictly disable ssl if needed as ssl is enabled by default
- Add host-python-cheetah dependency if needed
- Manage new http-client option added in version 4.1.2 and
4d7dcca91b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Titouan: Fix patch conflicts with master]
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following (low severity) security vulnerabilities:
4.0.9:
- CVE-2019-2386: After user deletion in MongoDB Server the improper
invalidation of authorization sessions allows an authenticated user's
session to persist and become conflated with new accounts, if those
accounts reuse the names of deleted ones
https://jira.mongodb.org/browse/SERVER-38984
4.0.11:
- CVE-2019-2389: Incorrect scoping of kill operations in MongoDB Server's
packaged SysV init scripts allow users with write access to the PID file
to insert arbitrary PIDs to be killed when the root user stops the MongoDB
process via SysV init
https://jira.mongodb.org/browse/SERVER-40563
- CVE-2019-2390: An unprivileged user or program on Microsoft Windows which
can create OpenSSL configuration files in a fixed location may cause
utility programs shipped with MongoDB server versions less than 4.0.11
https://jira.mongodb.org/browse/SERVER-42233
Plus a number of other bugfixes. For details, see the release notes:
https://docs.mongodb.com/manual/release-notes/4.0/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As stated in SConstruct, the altivec runtime test breaks
cross-compilation: "This checks for an altivec optimization we use in
full text search. Different versions of gcc appear to put output bytes
in different parts of the output vector produced by vec_vbpermq. This
configure check looks to see which format the compiler produces. NOTE:
This breaks cross compiles, as it relies on checking runtime
functionality for the environment we're in."
Fixes:
- http://autobuild.buildroot.org/results/162198617979a83b66f70ed6013251942ed04d67
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mongodb (like gnuradio) needs host-python2 however there is no way to
enforce this so add a dependency on !BR2_PACKAGE_PYTHON3.
Indeed, if BR2_PACKAGE_PYTHON3 is selected, then buildroot will only
build and install host-python-typing for host-python3.
This issue was not raised in the previous version of mongodb as
host-scons was the only dependency however we now have
host-python-typing and host-python-pyyaml dependencies and it
does not seem right to enforce python2 on those packages
Fixes:
- http://autobuild.buildroot.org/results/693bdba2c01a1b69f56d6ee75094a6a0fc3f40b4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: propagate dependency to Config.in comment]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Here is the list of the changes compared to the removed mongodb 3.3.4
version:
- Remove patch (not applicable anymore)
- Add patch (sent upstream) to fix openssl build with gcc 7 and
-fpermissive
- Remove 32 bits x86 platforms, removed since version 3.4:
https://docs.mongodb.com/manual/installation/#supported-platforms
- Change license: since October 2018, license is SSPL:
- https://www.mongodb.com/community/licensing
- https://jira.mongodb.org/browse/SERVER-38767
- gcc must be at least 5.3 so add a dependency on gcc >= 6
- Add a dependency on host-python-xxx modules:
https://github.com/mongodb/mongo/blob/r4.0.6/docs/building.md
- Use system versions of boost, pcre, snappy, sqlite, yaml-cpp and zlib
instead of embedded mongodb ones
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
glibc 2.28 no longer includes <sys/sysmacros.h> from <sys/types.h>,
and therefore <sys/sysmacros.h> must be included explicitly when
major()/minor() are used.
Signed-off-by: Florian La Roche <F.LaRoche@pilz.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.
The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for AGPLv3 is AGPL-3.0.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/AGPLv3/AGPL-3.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Following the removal of eglibc support, this commit replaces all
occurences of "(e)glibc" by just "glibc". Most of the occurences are in
package Config.in comments.
In addition, when the form "an (e)glibc ..." was used, it is replaced by
"a glibc ...".
[Peter: add new efi* packages, s/uclibc/uClibc as suggested by Romain,
systemd / liquid-dsp tweaks as suggested by Yann]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Compiled and tested on arm (beaglebone black), aarch64 (qemu),
i386 (qemu) and x86_64 (qemu).
[Peter: limit to supported archs, disable -Werror]
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>