deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/mongodb/mongodb.mk
Peter Korsgaard 165e9c163c package/mongodb: security bump to version 4.0.12 
Fixes the following (low severity) security vulnerabilities:

4.0.9:

- CVE-2019-2386: After user deletion in MongoDB Server the improper
  invalidation of authorization sessions allows an authenticated user's
  session to persist and become conflated with new accounts, if those
  accounts reuse the names of deleted ones
  https://jira.mongodb.org/browse/SERVER-38984

4.0.11:

- CVE-2019-2389: Incorrect scoping of kill operations in MongoDB Server's
  packaged SysV init scripts allow users with write access to the PID file
  to insert arbitrary PIDs to be killed when the root user stops the MongoDB
  process via SysV init
  https://jira.mongodb.org/browse/SERVER-40563

- CVE-2019-2390: An unprivileged user or program on Microsoft Windows which
  can create OpenSSL configuration files in a fixed location may cause
  utility programs shipped with MongoDB server versions less than 4.0.11
  https://jira.mongodb.org/browse/SERVER-42233

Plus a number of other bugfixes. For details, see the release notes:
https://docs.mongodb.com/manual/release-notes/4.0/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-02 08:08:45 +02:00

93 lines
2.2 KiB
Makefile
Raw Blame History

################################################################################
#
# mongodb
#
################################################################################
MONGODB_VERSION_BASE = 4.0.12
MONGODB_VERSION = r$(MONGODB_VERSION_BASE)
MONGODB_SITE = $(call github,mongodb,mongo,$(MONGODB_VERSION))
MONGODB_LICENSE = Apache-2.0 (drivers), SSPL (database)
MONGODB_LICENSE_FILES = APACHE-2.0.txt LICENSE-Community.txt
MONGODB_DEPENDENCIES = \
boost \
host-python-cheetah \
host-python-pyyaml \
host-python-typing \
host-scons \
pcre \
snappy \
sqlite \
yaml-cpp \
zlib
MONGODB_SCONS_TARGETS = mongod mongos
MONGODB_SCONS_ENV = CC="$(TARGET_CC)" CXX="$(TARGET_CXX)" \
-j"$(PARALLEL_JOBS)"
MONGODB_SCONS_OPTS = \
--disable-warnings-as-errors \
--use-system-boost \
--use-system-pcre \
--use-system-snappy \
--use-system-sqlite \
--use-system-yaml \
--use-system-zlib
# need to pass mongo version when not building from git repo
MONGODB_SCONS_OPTS += MONGO_VERSION=$(MONGODB_VERSION_BASE)-
# WiredTiger database storage engine only supported on 64 bits
ifeq ($(BR2_ARCH_IS_64),y)
MONGODB_SCONS_OPTS += --wiredtiger=on
else
MONGODB_SCONS_OPTS += --wiredtiger=off
endif
# JavaScript scripting engine and tcmalloc supported only on
# x86/x86-64 systems. Mongo target is a shell interface that
# depends on the javascript engine, so it will also only be
# built on x86/x86-64 systems.
ifeq ($(BR2_i386)$(BR2_x86_64),y)
MONGODB_SCONS_OPTS += --js-engine=mozjs --allocator=tcmalloc
MONGODB_SCONS_TARGETS += mongo
else
MONGODB_SCONS_OPTS += --js-engine=none --allocator=system
endif
ifeq ($(BR2_PACKAGE_LIBCURL),y)
MONGODB_DEPENDENCIES += libcurl
MONGODB_SCONS_OPTS += --enable-free-mon=on
else
MONGODB_SCONS_OPTS += --enable-free-mon=off
endif
ifeq ($(BR2_PACKAGE_OPENSSL),y)
MONGODB_DEPENDENCIES += openssl
MONGODB_SCONS_OPTS += \
--ssl \
--ssl-provider=openssl
endif
define MONGODB_BUILD_CMDS
(cd $(@D); \
$(HOST_DIR)/bin/python $(SCONS) \
$(MONGODB_SCONS_ENV) \
$(MONGODB_SCONS_OPTS) \
$(MONGODB_SCONS_TARGETS))
endef
define MONGODB_INSTALL_TARGET_CMDS
(cd $(@D); \
$(HOST_DIR)/bin/python $(SCONS) \
$(MONGODB_SCONS_ENV) \
$(MONGODB_SCONS_OPTS) \
--prefix=$(TARGET_DIR)/usr \
install)
endef
$(eval $(generic-package))
Reference in a new issue View git blame Copy permalink