[Buildroot] [PATCH 1/2] package/mcrypt: drop package

Fabrice Fontaine fontaine.fabrice at gmail.com
Thu Aug 19 21:21:16 UTC 2021


Hello Thomas,

Le jeu. 19 août 2021 à 23:05, Thomas Petazzoni
<thomas.petazzoni at bootlin.com> a écrit :
>
> Hello Fabrice,
>
> On Thu,  5 Aug 2021 19:42:51 +0200
> Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:
>
> > Drop mcrypt which is not maintained anymore (no release since 2008).
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> > ---
> >  Config.in.legacy                        |  7 ++
> >  package/Config.in                       |  1 -
> >  package/mcrypt/0001-CVE-2012-4409.patch | 25 -------
> >  package/mcrypt/0002-CVE-2012-4426.patch | 35 ---------
> >  package/mcrypt/0003-CVE-2012-4527.patch | 99 -------------------------
> >  package/mcrypt/0004-no-rpath.patch      | 17 -----
> >  package/mcrypt/Config.in                | 12 ---
> >  package/mcrypt/mcrypt.hash              |  3 -
> >  package/mcrypt/mcrypt.mk                | 24 ------
> >  9 files changed, 7 insertions(+), 216 deletions(-)
> >  delete mode 100644 package/mcrypt/0001-CVE-2012-4409.patch
> >  delete mode 100644 package/mcrypt/0002-CVE-2012-4426.patch
> >  delete mode 100644 package/mcrypt/0003-CVE-2012-4527.patch
> >  delete mode 100644 package/mcrypt/0004-no-rpath.patch
> >  delete mode 100644 package/mcrypt/Config.in
> >  delete mode 100644 package/mcrypt/mcrypt.hash
> >  delete mode 100644 package/mcrypt/mcrypt.mk
>
> Do we have a good reason to drop these packages? We have lots of
> packages with no upstream activity, and we drop them only when there is
> some particular issue. What prompted you to propose these packages for
> removal ?
Because it is a cryptographic package, here is an extract of
https://en.wikipedia.org/wiki/Mcrypt:
"The last update to libmcrypt was in 2007, despite years of unmerged
patches. These facts have led security experts to declare mcrypt
abandonware and discourage its use in new development."
>
> Thanks,
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Best Regards,

Fabrice


More information about the buildroot mailing list