[Buildroot] [PATCH 1/2] package/mcrypt: drop package
Fabrice Fontaine
fontaine.fabrice at gmail.com
Thu Aug 19 21:21:16 UTC 2021
Hello Thomas,
Le jeu. 19 août 2021 à 23:05, Thomas Petazzoni
<thomas.petazzoni at bootlin.com> a écrit :
>
> Hello Fabrice,
>
> On Thu, 5 Aug 2021 19:42:51 +0200
> Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:
>
> > Drop mcrypt which is not maintained anymore (no release since 2008).
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> > ---
> > Config.in.legacy | 7 ++
> > package/Config.in | 1 -
> > package/mcrypt/0001-CVE-2012-4409.patch | 25 -------
> > package/mcrypt/0002-CVE-2012-4426.patch | 35 ---------
> > package/mcrypt/0003-CVE-2012-4527.patch | 99 -------------------------
> > package/mcrypt/0004-no-rpath.patch | 17 -----
> > package/mcrypt/Config.in | 12 ---
> > package/mcrypt/mcrypt.hash | 3 -
> > package/mcrypt/mcrypt.mk | 24 ------
> > 9 files changed, 7 insertions(+), 216 deletions(-)
> > delete mode 100644 package/mcrypt/0001-CVE-2012-4409.patch
> > delete mode 100644 package/mcrypt/0002-CVE-2012-4426.patch
> > delete mode 100644 package/mcrypt/0003-CVE-2012-4527.patch
> > delete mode 100644 package/mcrypt/0004-no-rpath.patch
> > delete mode 100644 package/mcrypt/Config.in
> > delete mode 100644 package/mcrypt/mcrypt.hash
> > delete mode 100644 package/mcrypt/mcrypt.mk
>
> Do we have a good reason to drop these packages? We have lots of
> packages with no upstream activity, and we drop them only when there is
> some particular issue. What prompted you to propose these packages for
> removal ?
Because it is a cryptographic package, here is an extract of
https://en.wikipedia.org/wiki/Mcrypt:
"The last update to libmcrypt was in 2007, despite years of unmerged
patches. These facts have led security experts to declare mcrypt
abandonware and discourage its use in new development."
>
> Thanks,
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Best Regards,
Fabrice
More information about the buildroot
mailing list