- Fixes CVE-2019-9740, CVE-2019-11324
- RFC 3986 compliant
- Fix TITLE, which was too long for make menuconfig
- Add PKG_LICENSE_FILES
- Remove current maintainer
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The LIBDIR and INCDIR assignments are duplicate of the original
Makefile, changing LIB_PATH and INC_PATH to LDFLAGS and CPPFLAGS.
Setting LIB_PATH and INC_PATH to empty strings will do the same
without duplicating the flags.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Linking with ld is not portable and was causing problems for some
targets, e.g. i386_pentium4:
i486-openwrt-linux-musl-ld: x509.o: in function `push_asn1_objname':
x509.c:(.text+0x61): undefined reference to `__stack_chk_fail_local'
...
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from e3f1532297)
Currently i386 and the PPC targets have issues linking issues.
https://github.com/openwrt/packages/issues/3319
says that replacing -fPIC with -fpic works.
Patch added to avoid package overriding settings set by toolchain and make
compilation less noisy
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from cf23dd2eb0)
These patches address issue:
CVE-2019-9636: urlsplit does not handle NFKC normalization
Link to Python issue:
https://bugs.python.org/issue36216
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Also refresh patch which does not apply cleanly anymore.
Run tested on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 80cdd53134)
While at, add --with-pic to configure arguments. This prevents the following
build errors spotted by the build bots for i386 targets:
-snip-
...
ext/openssl/.libs/openssl.o: direct GOT relocation R_386_GOT32X against
`X509_REQ_free' without base register can not be used when making a shared object
...
-snap-
This parameter seems to make no difference on other targets, nor
improve or make worse the package size.
Run tested for i386 in VirtualBox VM and on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 963c841463)
This orders loading of openssl extension before extensions
which require openssl functions.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5afeb3f9c8)
2.5.5: Bug fix for a deadlock in multi-thread/multi-process (using Process.fork) applications, like for example Puma
2.5.4: Fixes multiple vulnerabilities:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Link to Python bug:
https://bugs.python.org/issue34656
Upstream commit:
71a9c65e74
OpenWrt 18.06 contains version Python 3.6.5, which doesn't contain this
fix.
Python 2.7 is not affected.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fix only release, including:
* CVE-2018-16396: Tainted flags are not propagated in Array#pack
and String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
correctly
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 74216a55e1)
musl libc (http://musl-libc.org lack the non-standard <fpu_control.h>
header, which is used in src/os/linux/{i386,x86_64}/init.c files to
setup the floating point precision. This patch makes it use the
standard C <fenv.h> header instead.
Original patch at Felix Janda at
https://sourceforge.net/p/jamvm/patches/6/
Signed-off-by: Guo Li <uxgood.org@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Automatic detection of the arm architecture does not work well.
http://downloads.lede-project.org/snapshots/faillogs/arm_arm1176jzf-s_vfp/packages/node/compile.txt
```
../deps/v8/src/arm/assembler-arm.cc:176:2: error: #error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
#error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
^~~~~
```
https://github.com/openwrt/packages/issues/5728
Explicitly set cpu arch optimization flag to the compiler option so that "configure" script correctly identifies "arm version".
(Raspberry Pi Zero W)
Raspbian:
```
raspberrypi:~ $ echo | gcc -dM -E - | grep ARM_ARCH
```
OpenWrt (cross-env):
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -dM -E - | grep ARM_ARCH
```
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -mcpu=arm1176jzf-s -dM -E - | grep ARM_ARCH
```
Also specifying an option lines compactly.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 3482320c2a)
modify patch.
https://github.com/nodejs/node/pull/19196
made not to use libressl headers
fix to include path not to use "host/include"
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 818770d273)
The following error shows that mysqlnd depends on functions
provided by hash:
root@OpenWrt:/etc/php7# php-cli -m
PHP Warning: PHP Startup: Unable to load dynamic library
'mysqlnd.so' (tried: /usr/lib/php/mysqlnd.so (Error
relocating /usr/lib/php/mysqlnd.so: PHP_SHA256Final: symbol
not found), /usr/lib/php/mysqlnd.so.so (Error loading shared
library /usr/lib/php/mysqlnd.so.so: No such file or
directory)) in Unknown on line 0
So let's model this dep in package metadata.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Currently external modules and non-base packages are numbered
from their own internal number space, and even though the Perl
ABI number is embedded into them this isn't externally visible.
For example, perl-html-parser-3.72.1 could be built for ABI
5.26 or for 5.28, we can't easily tell. This changes all of
that by embedding the ABI number into the filename.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 0d9584724f)
Refresh patches 900 and 910.
Add fix (920) for improperly gated variable.
Add workaround (020) for Storable's run-time check for stacksize.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit b94744496f)
Looking at Configure and Porting/config.sh, it seems that Perl
requires both of these options to build correctly.
Should fix FS #1464.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Having "select PACKAGE_zoneinfo-core" wasn't enough for builds without
php7-cli=y or php7-cgi=y. It didn't result in installing zoneinfo-core
when using "opkg install" (during runtime or when building images with
CONFIG_TARGET_PER_DEVICE_ROOTFS).
Missing zoneinfo results in PHP fatal errors, e.g.:
Fatal error: DateTime::createFromFormat(): Timezone database is corrupt - this should *never* happen!
For years users were told to manually install zoneinfo-core package.
This problem was hidden for some time (including 17.01 release) due to
disabled support for CONFIG_PHP7_SYSTEMTZDATA. It's now back as support
for --with-system-tzdata was enabled again.
The proper solution is to simply make php7 package depend on
zoneinfo-core when PHP7_SYSTEMTZDATA is used.
Fixes: 84e5012e88 ("php7: re-enable system timezone data usage")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This is in anticipation of the MariaDB upgrade from mariadb 10.1.x to
10.2.x. With the latter the PHP MySQL plugins fail to compile, e.g.:
In file included from /home/equeiroz/src/openwrt-asus/build_dir/target-mipsel_74kc_musl/php-7.2.6/ext/mysqli/php_mysqli_structs.h:63:0,
from /home/equeiroz/src/openwrt-asus/build_dir/target-mipsel_74kc_musl/php-7.2.6/ext/mysqli/mysqli.c:34:
/home/equeiroz/src/openwrt-asus/staging_dir/target-mipsel_74kc_musl/usr/include/mysql/my_global.h:3:2: warning: #warning This file should not be included by clients, include only <mysql.h> [-Wcpp]
#warning This file should not be included by clients, include only <mysql.h>
^~~~~~~
In file included from /home/equeiroz/src/openwrt-asus/build_dir/target-mipsel_74kc_musl/php-7.2.6/ext/mysqli/php_mysqli_structs.h:79:0,
from /home/equeiroz/src/openwrt-asus/build_dir/target-mipsel_74kc_musl/php-7.2.6/ext/mysqli/mysqli.c:34:
/home/equeiroz/src/openwrt-asus/staging_dir/target-mipsel_74kc_musl/usr/include/mysql/my_sys.h:3:2: warning: #warning This file should not be included by clients, include only <mysql.h> [-Wcpp]
#warning This file should not be included by clients, include only <mysql.h>
^~~~~~~
In file included from /home/equeiroz/src/openwrt-asus/build_dir/target-mipsel_74kc_musl/php-7.2.6/ext/mysqli/mysqli.c:34:0:
/home/equeiroz/src/openwrt-asus/build_dir/target-mipsel_74kc_musl/php-7.2.6/ext/mysqli/php_mysqli_structs.h:82:10: fatal error: my_list.h: No such file or directory
#include <my_list.h>
Upstream seems unlikely to fix this, see
https://bugs.php.net/bug.php?id=75612. In the bug report it is suggested
to not use libmysqlclient/libmariadbclient and instead utilize mysqlnd
(MySQL Native Driver) provided by PHP. This is the default anyway.
So add the mysqlnd module and remove the libmariadbclient depends.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This updates GoPackage/Build/Compile in golang-package.mk to accept
additional arguments that are passed to the go command line.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also changes the bootstrap source URL to the official GitHub
mirror, to make building easier for places where Google sites aren't
accessible. Fixes#6326.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
