Commit Graph

1458 Commits

Author SHA1 Message Date
Rosen Penev 19d101bd22 ldbus: Add zip/host build dependency
Needed when zip is missing on the host (very rare).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-16 12:51:27 -07:00
Josef Schlehofer 6d55ff558b Merge pull request #9513 from BKPepe/openwrt-18.06_python_shebang
[OpenWrt 18.06] python,python3: move shebang handle in install script
2019-08-14 21:19:50 +02:00
Josef Schlehofer 78bf09b084 golang: update to version 1.10.8
Fixes CVEs

1.10.6
CVE-2018-16873
CVE-2018-16874
CVE-2018-16875

1.10.8
CVE-2019-6486

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-08-13 09:02:17 +02:00
Yousong Zhou 87b6ed6b93 jamvm: depends on supported architectures
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from 11f0544744)
2019-08-11 12:59:34 -07:00
Jeffery To af975f0f30 python,python3: Fix overridden usr/bin symlinks
Currently, all files in usr/bin (presumably all Python scripts) are run
through sed to replace the shebang; sed will overwrite the file whether
or not a match is found. This causes symlinks to be overridden and made
into copies of their targets. python[3]-base and python[3]-dev are
affected by this.

This adds the --follow-symlinks flag to sed, in addition to using
$(SED), so that symlinks are not overridden.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-08-08 13:38:37 +02:00
Alexandru Ardelean 421c58a946 python,python3: move shebang handle in install script
This extends the Python[3] shebang fixup to all packages.
Only Python scripts in `/usr/bin` will be handled at the moment. Later it
may make sense to also cover executables in `/bin`, though typically Python
executables shouldn't be placed there.

Previously the shebang handling was only done for python[3]-pip &
python[3]-setuptools.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2019-08-08 13:38:36 +02:00
Jeffery To 5cb4c348a7 python,python3: Fix ctypes.util.find_library()
Python's ctypes.util.find_library() function currently doesn't work for
musl libraries/systems[1].

This adds a patch to fix this function, based on a patch from Alpine
Linux[2].

Fixes #9448.

[1]: https://bugs.python.org/issue21622
[2]: https://git.alpinelinux.org/aports/tree/main/python2/musl-find_library.patch

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-07-22 21:38:08 +08:00
Josef Schlehofer d16a931db4 python: add patch for CVE-2018-20852
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-07-22 15:22:56 +02:00
Alexandru Ardelean 2402c223df python: bump to version 2.7.16
This change updates Python to version 2.7.16, which is a bugfix release
in the Python 2.7 series.
This also removes patches back-ported from upstream.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2019-07-22 15:22:55 +02:00
Josef Schlehofer ae21f4990d python3: update to version 3.6.9
3.6.9 is the latest security fix release of Python 3.6.

- Fixes: CVE-2018-20852, CVE-2019-9948, CVE-2019-9740, CVE-2019-5010
- Refreshed patches
- Removed a few backports patches

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-07-22 10:17:35 +02:00
Michael Heimpold 68461c4c54 php7: update to 7.2.19
Compile and run tested on mxs platform

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 134ebb7a9d)
2019-06-26 22:36:43 +02:00
Michael Heimpold f9b20e9ddb php7: update to 7.2.18
Compile and run tested on mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 59e48a68ba)
2019-06-26 22:33:52 +02:00
Michael Heimpold 7879bbdb4b Revert "php7: Fix compilation without deprecated OpenSSL APIs"
This reverts commit a176ffa0a1.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-06-21 10:29:21 +02:00
Michael Heimpold 115f72fc48 Revert "php7: update to 7.2.18"
This reverts commit 8e9429f3e9.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-06-21 10:28:48 +02:00
Michael Heimpold 70e4af4416 Revert "php7: update to 7.2.19"
This reverts commit 8abaf8a308.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-06-21 10:27:01 +02:00
Michael Heimpold 8abaf8a308 php7: update to 7.2.19
Compile and run tested on mxs platform

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 134ebb7a9d)
2019-06-21 06:54:05 +02:00
Michael Heimpold 8e9429f3e9 php7: update to 7.2.18
Compile and run tested on mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 59e48a68ba)
2019-06-21 06:53:48 +02:00
Rosen Penev a176ffa0a1 php7: Fix compilation without deprecated OpenSSL APIs
Refreshed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit b81a2bd384)
2019-06-21 06:53:27 +02:00
Michael Heimpold 53742f130c php7: update to 7.2.17
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 71d3f6aa8c)
2019-06-21 06:52:30 +02:00
Josef Schlehofer 76ebe2be00 Merge pull request #8765 from BKPepe/1806-urllib3
[OpenWrt 18.06] python-urllib3: update to 1.24.3
2019-05-12 11:09:35 +02:00
Josef Schlehofer 8459433eb8 python-urllib3: update to 1.24.3
- Fixes CVE-2019-9740, CVE-2019-11324
- RFC 3986 compliant
- Fix TITLE, which was too long for make menuconfig
- Add PKG_LICENSE_FILES
- Remove current maintainer

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-05-08 19:23:10 +02:00
Eneas U de Queiroz 9f74ef0f89 luasec: cleanup Makefile
The LIBDIR and INCDIR assignments are duplicate of the original
Makefile, changing LIB_PATH and INC_PATH to LDFLAGS and CPPFLAGS.

Setting LIB_PATH and INC_PATH to empty strings will do the same
without duplicating the flags.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-24 11:13:48 -07:00
Eneas U de Queiroz bbfd71a598 luasec: use gcc to link instead of ld
Linking with ld is not portable and was causing problems for some
targets, e.g. i386_pentium4:
i486-openwrt-linux-musl-ld: x509.o: in function `push_asn1_objname':
x509.c:(.text+0x61): undefined reference to `__stack_chk_fail_local'
...

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from e3f1532297)
2019-04-24 11:13:48 -07:00
Rosen Penev 7059f94769 luasec: Replace -fPIC with $(FPIC)
Currently i386 and the PPC targets have issues linking issues.

https://github.com/openwrt/packages/issues/3319

says that replacing -fPIC with -fpic works.

Patch added to avoid package overriding settings set by toolchain and make
compilation less noisy

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from cf23dd2eb0)
2019-04-24 11:13:48 -07:00
Jeffery To fbcac2d532 python,python3: Fix CVE-2019-9636 - urlsplit missing NFKC normalization
These patches address issue:
CVE-2019-9636: urlsplit does not handle NFKC normalization

Link to Python issue:
https://bugs.python.org/issue36216

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-04-21 00:52:30 +08:00
Rosen Penev 890993d406 Merge pull request #8477 from BKPepe/openwrt-18.06_perl
[OpenWrt 18.06] perlmod: fix ability to build module out-of-feed
2019-04-11 09:42:51 -07:00
Jan Pavlinec 1a23db5b23 php7: Add PKG_CPE_ID for proper CVE tracking
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 0465f6fb46)
2019-03-26 20:21:10 +01:00
Michael Heimpold 7aacf24236 php7: update to 7.2.16
Also refresh patch which does not apply cleanly anymore.

Run tested on Duckbill for mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 80cdd53134)
2019-03-26 20:21:04 +01:00
Michael Heimpold 27433fc3eb php7: fix cross compiling patch (fixes #8166)
Fixes: e148924a4 ("php7: update to 7.2.15")

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 1d4081dd4c)
2019-03-26 20:20:57 +01:00
Michael Heimpold 00f6119bd2 php7: update to 7.2.15
Also refresh patch which does not apply cleanly anymore.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit e148924a4c)
2019-03-26 20:20:51 +01:00
Michael Heimpold ef57201aa9 php7: update to 7.2.14
While at, add --with-pic to configure arguments. This prevents the following
build errors spotted by the build bots for i386 targets:

-snip-
...
ext/openssl/.libs/openssl.o: direct GOT relocation R_386_GOT32X against
`X509_REQ_free' without base register can not be used when making a shared object
...
-snap-

This parameter seems to make no difference on other targets, nor
improve or make worse the package size.

Run tested for i386 in VirtualBox VM and on Duckbill for mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 963c841463)
2019-03-26 20:20:43 +01:00
Michael Heimpold e9271cf276 php7: update to 7.2.13
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 794f8f8e94)
2019-03-26 20:20:36 +01:00
Michael Heimpold 1308ba92ce php7: update to 7.2.12
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 2186fe821d)
2019-03-26 20:20:31 +01:00
Michael Heimpold 9e330d6e9d php7: update to 7.2.11
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 797776a3b3)
2019-03-26 20:20:24 +01:00
Michael Heimpold 5e25be5353 php7: update to 7.2.10
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit c69af6717c)
2019-03-26 20:20:18 +01:00
Michael Heimpold 85c616557f php7: adjust load priority for openssl (fixes #6893)
This orders loading of openssl extension before extensions
which require openssl functions.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5afeb3f9c8)
2019-03-26 20:20:05 +01:00
Philip Prindeville b8970833bf perlmod: fix ability to build module out-of-feed
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2019-03-23 13:06:13 +01:00
Rosen Penev e47fe43ea5 Jinja2: Update to 2.10
Switch URL to a deterministic one.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-03-19 00:19:46 +01:00
Luiz Angelo Daros de Luca 8d7e62d952 ruby: update to 2.5.5
2.5.5: Bug fix for a deadlock in multi-thread/multi-process (using Process.fork) applications, like for example Puma

2.5.4: Fixes multiple vulnerabilities:

CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-03-18 14:39:28 -03:00
Luiz Angelo Daros de Luca 17a0279dd1 ruby: fix build for uclibc
Backporting upstream fix. Closes #8051.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit f9b16dea51)
2019-03-18 14:39:21 -03:00
Karel Kočí 2324d341ea Jinja2: add missing dependency on markupsafe
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
2019-03-05 17:20:36 +01:00
Alexandru Ardelean d0f5ae180c [18.06] python3: fix [CVE-2018-20406]
Link to Python bug:
  https://bugs.python.org/issue34656

Upstream commit:
  https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc

OpenWrt 18.06 contains version Python 3.6.5, which doesn't contain this
fix.
Python 2.7 is not affected.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2019-02-13 10:27:22 +02:00
Jeffery To 4368783e97 python-idna: Add missing dependency on python(3)-codecs
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-01-27 20:26:48 +08:00
Jeffery To 480e4d7e88 python/python3: Fix lib2to3 fixes search
This is the patch from c98b12d9a9 (#7931),
applied for both python 2 and 3.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-01-13 06:14:36 +08:00
Hannu Nyman 85bfefb561 Merge pull request #7757 from jefferyto/openwrt-18.06-python-dist-info
[openwrt-18.06] python/python3: fix .dist-info missing for setuptools and pip
2019-01-01 21:55:43 +02:00
Hannu Nyman 94b3e50e04 Merge pull request #7820 from commodo/18-06-python3-CVE-2018-14647
[18.06] python3: backport CVE-2018-14647 patch from upstream
2018-12-31 22:33:38 +02:00
Alexandru Ardelean 34dec81901 python3: backport CVE-2018-14647 patch from upstream [18.06]
These patches are backports from Python 3.6 upstream.
The security issue is described here:
  https://nvd.nist.gov/vuln/detail/CVE-2018-14647

The Python bug report:
  https://bugs.python.org/issue34623

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-12-31 19:20:27 +02:00
Alexandru Ardelean 3785db429f python: backport CVE-2018-14647 patches from upstream [18.06]
These patches are backports from Python 2.7 upstream.
The security issue is described here:
  https://nvd.nist.gov/vuln/detail/CVE-2018-14647

The Python bug report:
  https://bugs.python.org/issue34623

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-12-31 18:58:19 +02:00
Jeffery To e3f32b75b3 python/python3: fix .dist-info missing for setuptools and pip
Without .dist-info (similar to .egg-info), setuptools and pip are not
discoverable by pkg_resources.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2018-12-23 03:28:02 +08:00
Luiz Angelo Daros de Luca 06579f632e ruby: bump to 2.5.3
Fix only release, including:
* CVE-2018-16396: Tainted flags are not propagated in Array#pack
  and String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
  correctly

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 74216a55e1)
2018-10-22 14:14:12 -03:00