This change updates Python to version 2.7.16, which is a bugfix release
in the Python 2.7 series.
This also removes patches back-ported from upstream.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
3.6.9 is the latest security fix release of Python 3.6.
- Fixes: CVE-2018-20852, CVE-2019-9948, CVE-2019-9740, CVE-2019-5010
- Refreshed patches
- Removed a few backports patches
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This reverts commit a176ffa0a1.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This reverts commit 8e9429f3e9.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This reverts commit 8abaf8a308.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- Fixes CVE-2019-9740, CVE-2019-11324
- RFC 3986 compliant
- Fix TITLE, which was too long for make menuconfig
- Add PKG_LICENSE_FILES
- Remove current maintainer
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The LIBDIR and INCDIR assignments are duplicate of the original
Makefile, changing LIB_PATH and INC_PATH to LDFLAGS and CPPFLAGS.
Setting LIB_PATH and INC_PATH to empty strings will do the same
without duplicating the flags.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Linking with ld is not portable and was causing problems for some
targets, e.g. i386_pentium4:
i486-openwrt-linux-musl-ld: x509.o: in function `push_asn1_objname':
x509.c:(.text+0x61): undefined reference to `__stack_chk_fail_local'
...
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from e3f1532297)
Currently i386 and the PPC targets have issues linking issues.
https://github.com/openwrt/packages/issues/3319
says that replacing -fPIC with -fpic works.
Patch added to avoid package overriding settings set by toolchain and make
compilation less noisy
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from cf23dd2eb0)
Also refresh patch which does not apply cleanly anymore.
Run tested on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 80cdd53134)
While at, add --with-pic to configure arguments. This prevents the following
build errors spotted by the build bots for i386 targets:
-snip-
...
ext/openssl/.libs/openssl.o: direct GOT relocation R_386_GOT32X against
`X509_REQ_free' without base register can not be used when making a shared object
...
-snap-
This parameter seems to make no difference on other targets, nor
improve or make worse the package size.
Run tested for i386 in VirtualBox VM and on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 963c841463)
This orders loading of openssl extension before extensions
which require openssl functions.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5afeb3f9c8)
2.5.5: Bug fix for a deadlock in multi-thread/multi-process (using Process.fork) applications, like for example Puma
2.5.4: Fixes multiple vulnerabilities:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Fix only release, including:
* CVE-2018-16396: Tainted flags are not propagated in Array#pack
and String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
correctly
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 74216a55e1)
Automatic detection of the arm architecture does not work well.
http://downloads.lede-project.org/snapshots/faillogs/arm_arm1176jzf-s_vfp/packages/node/compile.txt
```
../deps/v8/src/arm/assembler-arm.cc:176:2: error: #error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
#error "CAN_USE_ARMV7_INSTRUCTIONS should match CAN_USE_VFP3_INSTRUCTIONS"
^~~~~
```
https://github.com/openwrt/packages/issues/5728
Explicitly set cpu arch optimization flag to the compiler option so that "configure" script correctly identifies "arm version".
(Raspberry Pi Zero W)
Raspbian:
```
raspberrypi:~ $ echo | gcc -dM -E - | grep ARM_ARCH
```
OpenWrt (cross-env):
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -dM -E - | grep ARM_ARCH
```
```
ubuntu:~ $ echo | ./arm-openwrt-linux-muslgnueabi-gcc -mcpu=arm1176jzf-s -dM -E - | grep ARM_ARCH
```
Also specifying an option lines compactly.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 3482320c2a)
The following error shows that mysqlnd depends on functions
provided by hash:
root@OpenWrt:/etc/php7# php-cli -m
PHP Warning: PHP Startup: Unable to load dynamic library
'mysqlnd.so' (tried: /usr/lib/php/mysqlnd.so (Error
relocating /usr/lib/php/mysqlnd.so: PHP_SHA256Final: symbol
not found), /usr/lib/php/mysqlnd.so.so (Error loading shared
library /usr/lib/php/mysqlnd.so.so: No such file or
directory)) in Unknown on line 0
So let's model this dep in package metadata.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Currently external modules and non-base packages are numbered
from their own internal number space, and even though the Perl
ABI number is embedded into them this isn't externally visible.
For example, perl-html-parser-3.72.1 could be built for ABI
5.26 or for 5.28, we can't easily tell. This changes all of
that by embedding the ABI number into the filename.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 0d9584724f)
Refresh patches 900 and 910.
Add fix (920) for improperly gated variable.
Add workaround (020) for Storable's run-time check for stacksize.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit b94744496f)
Josef Schlehofer