PHP 7.2 dropped support for the libmcrypt binding. The binding is now
provided by PECL, and a number of applications still rely on this package.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Automatic detection of the arm architecture does not work well.
http://downloads.lede-project.org/snapshots/faillogs/arm_arm1176jzf-s_vfp/packages/node/compile.txt
```
../deps/v8/src/arm/assembler-arm.cc:176:2: error: #error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
#error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
^~~~~
```
https://github.com/openwrt/packages/issues/5728
Explicitly set cpu arch optimization flag to the compiler option so that "configure" script correctly identifies "arm version".
(Raspberry Pi Zero W)
Raspbian:
```
raspberrypi:~ $ echo | gcc -dM -E - | grep ARM_ARCH
```
OpenWrt (cross-env):
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -dM -E - | grep ARM_ARCH
```
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -mcpu=arm1176jzf-s -dM -E - | grep ARM_ARCH
```
Also specifying an option lines compactly.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
modify patch.
https://github.com/nodejs/node/pull/19196
made not to use libressl headers
fix to include path not to use "host/include"
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This was copied over from python-packages, when support for installing
packages host-side (via pip) was added.
Based on the discussion on this commit:
612c53fc6c
it was mentioned that removing this may add more benefit in terms of
reducing build time, because packages won't get reinstalled every time.
I'm not entirely sure about any potential side-effects of this, but it's
worth trying it out.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This also updates pip and setuptools.
With this occasion, they also get PKG_RELEASEs of their own.
Dropped patch 011-remove-setupterm-definition.patch
Manually re-applied 005-fix-bluetooth-support.patch
Ran make package/python/refresh to refresh other patches.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
zlib is now a host tool and the zlib/host package was removed. this
dependency is not needed any more as there will always be a zlib host
library.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This release includes some bug fixes and some security fixes.
* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems
There are also some bug fixes.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
From golang.org:
The Go programming language is an open source project to make
programmers more productive.
This commit consists of two "parts":
* golang/host: Main Go compiler for host (installed to
STAGING_DIR_HOST/lib/go-cross), used to cross-compile Go programs to
be packaged.
* golang (and golang-src/golang-doc): Main Go compiler for on-target
development. These packages are quite large, but I would expect only
developers to install these.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Report https://github.com/openwrt/packages/issues/5638
It was mentioned that this causes build failures on Mac OS X.
The default behavior [in the setup.py script] is to check whether
`--with-system-ffi` is present in the CONFIG_ARGS env var.
However that back-fires a bit when `--with-system-ffi=no`, because the
condition `not '--with-system-ffi' in sysconfig.get_config_var("CONFIG_ARGS")`
evaluates to true.
This is a small bug in the `setup.py` script, but it looks like the
easiest/cleanest way to address it on our end is to just remove it entirely
from the HOST_CONFIGURE_ARGS.
At least that's how it looks like when testing on a Linux machine.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This change was introduced in commit 1c54e2b0fb to address build
issues on Ubuntu 12.04.
However it was reported to cause issues on Mac OS X.
Report: https://github.com/openwrt/packages/issues/5310
It was also reported that removing this on MacOS X fixes the issue.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Following a discussion on bugs.python.org:
* https://bugs.python.org/issue29708
* https://bugs.python.org/msg313384
It seems that setting a fixed value to PYTHONHASHSEED guarantees that
the bytecodes are generated consistently/in a reproducible manner.
Hopefully, this is the last bit to make Python3 build reproducible.
Tested this locally on a few files [that were not reproducible without
this change].
The PYTHONHASHSEED is only assigned to the host Python/Python3 during
compilation of byte-codes [from python source].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
PHP comes with a bundled version of libpcre which is then statically
linked. However, we already depend on the packaged library, so we
can reduce the footprint when linking to it dynamically.
This saves around 200-300 kB (this depends on other configuration).
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Required by Authen::SASL to have actual plug-ins to handle the
protocol.
Uses Devel::CheckLib which doesn't work with cross-compilation with
the current perlmod.mk machinery.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
It requires either hardware or software emulated fpu, otherwise program
can fail with SIGILL for fp instructions emitted by the JIT compiler
See #1937, #2633, #2442, FS#1257 for details
From code snippet at deps/v8/src/mips/constants-mips.h
#elif(defined(__mips_soft_float) && __mips_soft_float != 0)
// This flag is raised when -msoft-float is passed to the compiler.
// // Although FPU is a base requirement for v8, soft-float ABI is used
// // on soft-float systems with FPU kernel emulation.
// const bool IsMipsSoftFloatABI = true;
[1] https://bugs.chromium.org/p/v8/issues/detail?id=4704
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
In Perl the 'do' construct has some odd side-effects regarding $@,
$!, and return values (i.e. 'do'ing a file which evaluates to undef
can be a little ambiguous).
Instead, generate a preamble to the Makefile.PL and execute it as
stdin.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Because nonexistent aarch64.config the build of perl will fail for ARM
64-bit targets. Fix it by adding mentioned config. Fixes#2963.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Upstream was a little premature on asking for a change and not
vetting it. Here is the currently proposed fix.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Depending on which version of libiconv you're using, php_iconv_string()
doesn't always null out *out as part of its initialization. This
patch makes that behavior invariant.
Submitted upstream as https://github.com/php/php-src/pull/3037 where
it's approved and waiting a merge.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
musl-libc doesn't define _XOPEN_REALTIME as it doesn't implement the
full set of the realtime operations. However, it _does_ implement
POSIX_TIMERS, which is what luaposix _should_ be checking for in the
posix.time module.
I've filed https://github.com/luaposix/luaposix/issues/295 to track this
upstream, but this is a simpler, verified fix for our older version of
luaposix.
This restores functions like posix.time.clock_gettime(CLOCK_MONOTONIC)
for instance, which was available with pre-musl builds of luaposix.
Signed-off-by: Karl Palsson <karlp@etactica.com>
There have been some new dependencies added in recent versions of
Twisted (mostly internal classes that have been spun out into their own
libraries):
* constantly (#5453), since 16.5.0
* incremental (#5454), since 16.5.0
* Automat (#5456), since 17.1.0
* hyperlink (#5455) since 17.5.0
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
For python `src` packages we should clear out the DEPENDS
to prevent recursive deps from happening.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This is a new requirement for the Twisted package.
From the readme:
Automat is a library for concise, idiomatic Python expression of
finite-state automata (particularly deterministic finite-state
transducers).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This is a new requirement for the Twisted package.
From the readme:
Hyperlink provides a pure-Python implementation of immutable URLs. Based
on RFC 3986 and 3987, the Hyperlink URL makes working with both URIs and
IRIs easy.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This is a new requirement for the Twisted package.
From the readme:
Incremental is a small library that versions your Python projects.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This is a new requirement for the Twisted package.
From the readme:
A library that provides symbolic constant support. It includes
collections and constants with text, numeric, and bit flag values.
Originally twisted.python.constants from the Twisted project.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
python3 variant
Renaming the package is needed to allow for a Python 3 variant
(python3-zope-interface). Packages that depend on this (only twisted)
also have their dependencies adjusted.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This guarantees for the package feeds that
the mk files will always be available for all packages.
Will need to see about external-feed Python packages
a bit later.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The only difference just a parameter for Python3
[ -b to compile bytecodes in legacy mode ].
No need to keep 2 almost identical files now
that they're exported.
I'm a bit scared of that param, since it may get
removed at some point.
But let's see until then.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Since `lang/python` is it's own folder of Python packages
(for both Python 2 & 3), and these build rules are needed
in a lot of packages [especially Python packages],
putting them here makes sense architecturally,
to be shared.
This also helps get rid of the `include_mk` construct
which relies on OpenWrt core to provide, and seems
like a broken design idea that has persisted for a while.
Reason is: it requires that Python 2/3 be built to provide
these mk files for other Python packages,
which seems like a bad idea.
Long-term, there could be an issue where some other feeds
would require these mk files [e.g. telephony] for
some Python packages.
We'll see how we handle this a bit later.
For now we limit this to this feed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The .mk snippets are not really usable at the moment, as they cannot be
considered for metadata collection (package DUMP) when included through
include_mk. Python packages do not use include_mk anymore for this reason,
so the install commands can be removed as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Build depends refer to source package names, not binary package names.
In many cases, PKG_BUILD_DEPENDS simply duplicated runtime dependencies of
a source package's binary packages; as the corresponding source packages
are implicitly added as bulid dependencies, PKG_BUILD_DEPENDS can simply be
dropped in these cases. In the other cases, *_BUILD_DEPENDS is fixed to
refer to the correct source package name.
Dependency of mysql-server is adjusted from libncursesw to libncurses
(as libncursesw is a virtual package provided by libncurses), so the build
dependency on ncurses is emitted unconditionally.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The Modules/getbuildinfo.c allows the use of DATE and TIME
macros to be defined via CFLAGS.
These vars, control the build date & time when the
interpreter is opened, and can be read via the
`platform._sys_version()` function.
So, a conversion from SOURCE_DATE_EPOCH to DATE & TIME
is required at build-time.
This is especially needed for `platform._sys_version()`
to work.
The installation of pip seems to rely on this.
The logic has been adapted from:
https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal#Makefile
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This reverts commits 4333d1dcbf and
074d2863be, making Python packages
discoverable again by pkg_resources.
Fixes#5361.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Also remove the superfluous + sign in PKG_BUILD_DEPENDS (a + sign does not
have meaning in build depends).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Remove a patch which was included upstream.
While at, also add openssl configuration parameters when modules are selected
which depend on openssl (reported by Philip Prindeville).
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This reverts commit 3c6d14021e.
( which is a revert of commit c764f77dc1 )
The initiall commit ( c764f77dc1 )
was reverted, becase zlib did not have a host-build.
Now it does:
cbe71649bc
So, now it should be good to put this in.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Re-worked patch `003-do-not-run-distutils-tests.patch`
to reduce patch-size.
Removed `011-fix-ncursesw-definition-colisions.patch`
it is fixed upstream.
Refreshed with `make package/python3/refresh`
Resetting PKG_RELEASE to 1.
This variable was never used for pip3 & setuptools, since
VERSION is specified in the package definitions.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes:
https://github.com/openwrt/packages/issues/5318
Not sure how this worked before.
The host python-cffi needs a libffi installed on the host side.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The check to enable/disable this new feature of PHP 7.2 works
incorrectly when cross-compiling because it detects the host headers
only and there is no way to pass in a dedicated directory.
The wish to change this was reported upstream at:
https://bugs.php.net/bug.php?id=75722
For the meantime, use a self-cooked patch.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This release includes some bug fixes and a security fix.
CVE-2017-17405: Command injection vulnerability in Net::FTP
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Also drop mcrypt module as it's deprecated.
Dropped patches have been accepted upstream or something homologous.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
See:
https://github.com/openwrt/packages/issues/5278
This should make Python & Python3 packages reproducible
when building.
In my local tests, I got the same sha256 for a sample
.pyc file, so likely this is the solution that should address
this.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This reverts commit c764f77dc1.
The commit caused warnings to be displayed at make defconfig etc.
WARNING: Makefile 'package/feeds/packages/python/python/Makefile'
has a host build dependency on 'zlib/host' but
'package/libs/zlib/Makefile' does not implement a 'host' build type
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This should fix the zlibmodule build on the host side.
Usually, if zlib is not found, Python/Python3 builds fine
without it, but there are some cases where the Python/Python3
interpreter on the host-side requires zlib to run.
At the moment, zlib does not have a host-build.
This should be available when this PR gets merged:
https://github.com/lede-project/source/pull/1329
[ or a similar one that contains host-build support for zlib ].
In the meantime, this change can go into Python/Python3.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
It was reported via
https://github.com/openwrt/packages/pull/5122#issuecomment-347395472
that if bluez-libs is selected as an installable package,
then the error below will show up:
```
* satisfy_dependencies_for: Cannot satisfy the following dependencies for python-light:
* bluez-libs *
* opkg_install_cmd: Cannot install package python-light.
```
This looks like a limitation in the design of package deps,
and maybe a misuse of conditional deps (i.e. PACKAGE_bluez-libs:bluez-libs).
So, to fix this, an idea we're adding an extra symbol
that enfoces installation of bluez-libs if selected.
We also need to add a way to disable bluetooth build
if PYTHON(3)_BLUETOOTH_SUPPORT is de-selected.
Otherwise, bluetooth is installed and the socket
module is broken due to linker errors.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This should improve build time if you only want to
build Python3 (and not Python).
Because python-pip-conf was part of the python package,
the whole python package (host + target) would get built if Python3
would need to get built.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
When libpam is selected, then mod_imap pulls in a dep to libpam,
and there seems no way to disable it via configure arguments.
So add this dep here conditionally.
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Detection of U8T_DECOMPOSE seems to be broken when cross-compiling,
so needs to be preseeded.
-snip-
checking for utf8_mime2text signature... new
checking for U8T_DECOMPOSE...
configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL
is missing. This should not happen. Check config.log for additional information.
-snap-
This requires also a patch for PHP to make the preseeding working.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Add Freetype 2 support to php7-mod-gd. Introduce a configuration
parameter to disable Freetype 2 support if the increased package
size is a concern.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
This part of the Makefile was commented out during update from
PHP 5.x to 7.x and not re-enabled in the meanswhile, so fix this finally.
Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This should hopefully fix the Python3 build on buildbot.
For a while I assumed it may be a build-bot issue, but
then looking through the packages repo [and finding
the bluez package] it looks like, if you try
to build all packages, Python3 detects the bluetooth
headers installed by bluez.
It looks like Python's bluetooth support was somewhat
broken ; it was not detecting the <bluetooth/bluetooth.h>
header, so a backport from Python3 to Python fixed that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Two important configuration files, /etc/php7-fpm.conf and
/etc/php7-fpm.d/www.conf are silently overwritten on each php7-fpm
upgrade or lost on a sysupgrade.
This commit adds the conffiles section for php7-fpm and revises
the conffiles section for php7.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Just about everything needs extutils to be built. But very little
requires it to run.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
It seems that Inline::C evaluates to undef which is problematic, so
we need to handle this better.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This package contains "ldbus": LUA bindings to interact with the DBUS
message bus, and services connected to it.
See https://github.com/daurnimator/ldbus
for more details.
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
There are scripts to download and preprocess the GeoIP database
for iptables-mod-geoip which require this Perl module.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
There are a few packages which mysteriously fail during the configure
stage. Give us better means of understanding why.
Also, some Makefile.PL's have "use" statements which reference
files which are in or under ".".
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
5.26.1 introduced default_inc_excludes_dot which is causing
perl-html-tags and possibly other modules to fail. Add explict
dot back when invoking module's ./Makefile.PL.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Required changes:
* Add qualifying '.' to scripts or to @INC, as appropriate since we're
enabling default_inc_excludes_dot;
* Add new platform/library definitions like double-double format and
locale library functions/headers;
* Delete patch 020 as it's been upstreamed;
Optional changes:
* Instead of using -@rm and having that fail, emit an error message,
and be ignored, just use @rm -f instead which will always succeed.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598]
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous anyway.
[perl #131665]
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The standard way to pass -rdynamic (or -Wl,--dynamic-export) is via
the $ccdlflags variable. Do what is best practice.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Originally as PR #2383 but rewritten.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Alexander Ryzhov <openwrt@ryzhov-al.ru>
That way some python packages can choose
to keep their egg-info dirs, if they want to, or they're needed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The FPM SAPI works fine without the CGI SAPI installed. It seems that
this is a copy & paste error introduced a long time ago, when FPM support
was added - and nobody noticed.
So drop the dependency now to allow smaller footprints on installations
which only use FPM.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This release contains some security fixes.
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Multiple vulnerabilities in RubyGems
Update bundled libyaml to version 0.1.7.
And many other bugfix.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Not sure how it can happen that the files are not
installed via the host build.
Maybe some SDK-like build.
Let's make sure they are installed via InstallDev rule too.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The host pip install should have the host's CFLAGS, LDFLAGS, etc
available.
And not the target's flags.
Otherwise, weird things can happen when installing
packages (host-side) that need to build C code.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
