Commit Graph

1491 Commits

Author SHA1 Message Date
Michael Heimpold bb636880d8 php7: update to version 7.2.31
This fixes:
  - CVE-2019-11048

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 2e6bd4cb86)
2020-05-16 14:17:24 +02:00
Jeffery To dd5896c7c4 python: Update to 2.7.18, refresh patches
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-04-29 06:08:03 +08:00
Josef Schlehofer f85dd8b965 php7: update to version 7.2.30
Fixes:
CVE-2020-7066
CVE-2020-7064

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 09738290a3)
2020-04-25 23:31:13 +02:00
Michael Heimpold ae0e27548f php7: fix dependencies for mysqlnd (fixes #11113)
When during the build the openssl extension is also selected, then
the mysqlnd extension depends on it, too.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 50b1cd3757)
2020-04-25 23:30:29 +02:00
Luiz Angelo Daros de Luca 3066aaa825 ruby: update to 2.5.8
This release includes security fixes, specially:

* CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2020-04-15 17:20:17 -03:00
Michael Heimpold c05ea69d6d php7: update to 7.2.28
This fixes:
  - CVE-2020-7062
  - CVE-2020-7063

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 95c72d8aba)
2020-02-25 22:39:03 +01:00
Michael Heimpold 31e16f276f php7: update to 7.2.27
This fixes:
  - CVE-2020-7059
  - CVE-2020-7060

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 3cf0c61f2e)
2020-02-25 22:13:58 +01:00
Hirokazu MORIKAWA d905324e49 node-hid: fix i386 build fail
more stability for parallel build

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry-picked from 1aa55f86b5)
2020-01-26 20:44:02 -08:00
Hirokazu MORIKAWA 4ac86244ab node-serialport: fix i386 build fail
more stability for parallel build

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry-picked from 1ce1ca6e06)
2020-01-26 20:38:07 -08:00
Jeffery To 4c6ac36d52 golang: Fix selection of GOARM value
This fixes how GOARM is selected for arm platforms, based on support for
VFP/VFPv3 rather than CPU version.

Fixes #10967.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-01-15 00:59:28 +08:00
Michael Heimpold 3727d98ce2 php7: update to 7.2.26
This fixes:
  - CVE-2019-11046
  - CVE-2019-11044
  - CVE-2019-11045
  - CVE-2019-11050
  - CVE-2019-11047

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit d5c18b1d5e)
2019-12-22 13:36:39 +01:00
Josef Schlehofer 29fe5f91d7 python3: Updated to version 3.6.10
Remove backported patches:
025-bpo-34155-Dont-parse-domains-containing-GH-13079-GH-.patch
026-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch

Fixes CVE-2019-16056

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-12-21 18:12:34 +01:00
W. Michael Petullo cce63a697b luajit: install libluajit-5.1.so.2
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry-picked from commit 30d5958)
2019-12-06 15:02:32 +01:00
W. Michael Petullo c1975f5a1f luajit: add .hpp to InstallDev
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry-picked from commit efb7d0be6d)
2019-12-06 15:01:51 +01:00
Josef Schlehofer 71969eb041 php7: Update to version 7.2.25
- Fixes CVE-2019-11043

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9bc48abd2a)
2019-11-24 22:11:39 +01:00
W. Michael Petullo 3d409f615a php7: mark /etc/config/php7-fastcgi as conffile
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 5bc9bb04c5)
2019-11-24 22:11:31 +01:00
Michael Heimpold d77c32928d php7-mod-xmlreader: add conditional dependency to php7-mod-dom (fixes #10201)
PHP7 fails to load xmlreader.so (php7-mod-xmlreader) module without
dom.so (php7-mod-dom) module loaded:

-snip-
PHP Warning:  PHP Startup: Unable to load dynamic library 'xmlreader.so'
 (tried: /usr/lib/php/xmlreader.so (Error relocating /usr/lib/php/xmlreader.so:
 dom_node_class_entry: symbol not found), /usr/lib/php/xmlreader.so.so (Error
 loading shared library /usr/lib/php/xmlreader.so.so: No such file or
 directory)) in Unknown on line 0
^C
-snap-

However, this dependency only exists when during build also php7-mod-dom
is selected.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit b8c22fc1ec)
2019-11-24 22:11:24 +01:00
Stefaan Ghysels 8667e35c1e php7: bump to 7.2.23
Signed-off-by: Stefaan Ghysels <stefaang@gmail.com>
(cherry picked from commit dacda44755)
2019-11-24 22:11:04 +01:00
Michael Heimpold 8dc64ea145 php7: update to 7.2.22
While at, update the SPDX license id to most recent format.

Compile and run tested on mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 5805da860e)
2019-11-24 22:09:50 +01:00
Michael Heimpold 882e46916a php7: update to 7.2.21
This fixes CVE-2019-11042 and CVE-2019-11041.

Compile and run tested on mxs platform

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 8e419c6d4c)
2019-11-24 22:09:50 +01:00
Jakub Piotr Cłapa b83b26c33d perl: fixed host compilation of static perl on MacOS
All symbols on MacOS are prefixed with an underscore which
interfered with the filtering mechanism (added in perl 5.28)
for extension libraries to be linked into static perl.

Signed-off-by: Jakub Piotr Cłapa <jpc@loee.pl>
2019-11-10 14:09:56 +01:00
Luiz Angelo Daros de Luca 938818ec41 ruby: bump to 2.5.7
2.5.7 fixes:
* CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
* CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
* CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
* CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication

2.5.6 fixes:
* Multiple jQuery vulnerabilities in RDoc
* About 40 bugs

Changelog: https://github.com/ruby/ruby/compare/v2_5_5...v2_5_7

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-10-27 11:40:26 -03:00
Josef Schlehofer 0f0c062d3c python-cryptography: fix CVE-2018-10903
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-10-25 01:30:27 +02:00
Josef Schlehofer 5a9d222e5c python-cryptography: Add support for LibreSSL 2.7.x
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-10-25 01:30:27 +02:00
Jeffery To f184eb5f0e python: Update to 2.7.17, refresh patches
Patches already merged and so removed:
* 019-bpo-36216-Add-check-for-characters-in-netloc-that-normalize-to-separators-GH-12216.patch
* 020-bpo-36216-Only-print-test-messages-when-verbose-GH-12291.patch
* 021-2.7-bpo-35121-prefix-dot-in-domain-for-proper-subdom.patch
* 027-bpo-38243-Escape-the-server-title-of-DocXMLRPCServer.patch
* 028-bpo-34155-Dont-parse-domains-containing-GH-13079.patch

Patches no longer necessary and so removed:
* 017_lib2to3_fix_pyc_search.patch

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 83b300aa83)
2019-10-22 01:04:43 +08:00
Alexandru Ardelean e84deea057 python3-pip: fix install rule
This seems to have slipped for some time. No idea if it ever worked.
It could be that this worked at some point.

In any case, the shebang is properly updated now.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry-picked from commit 1b96dc0171)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(bump PKG_RELEASE for python3-pip)
2019-10-08 09:48:19 +02:00
Jeffery To dad9a1a2a4 python: Fix CVE-2019-16056, CVE-2019-16935
These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py

Links to Python issues:
https://bugs.python.org/issue34155
https://bugs.python.org/issue38243

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-10-05 00:58:08 +08:00
Josef Schlehofer 126cdd7c6b python3: fix CVE-2019-16056 and delete two patches
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-30 17:23:40 +02:00
Josef Schlehofer 0d9eeca453 python3: backport three security patches
Fixes: CVE-2019-16935

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 80def9e)
2019-09-30 10:03:35 +02:00
Rosen Penev 8eca9c9164 python-crypto: Fix two CVEs
CVE-2013-7459 and CVE-2018-6594. Both patches taken from Fedora.

Also took the liberty to update the PKG_SOURCE_URL to a standard one.

Updated the home URL as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 32b23e28ad)
2019-09-26 19:42:54 -07:00
Rosen Penev f292062517 django: Update to 1.8.19
Fixes:

CVE-2018-7536
CVE-2018-7537

Switches to pypi, as in upstream. Updated maintainer as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-20 11:45:45 -07:00
Hirokazu MORIKAWA 45e38f116c node-serialport: fix i386 build fail
more stability for parallel build

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry-picked from 1ce1ca6e06)
2019-08-21 19:35:50 -07:00
Hirokazu MORIKAWA 19ee25df60 node-hid: fix i386 build fail
more stability for parallel build

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry-picked from 1aa55f86b5)
2019-08-21 19:33:12 -07:00
Rosen Penev 19d101bd22 ldbus: Add zip/host build dependency
Needed when zip is missing on the host (very rare).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-16 12:51:27 -07:00
Josef Schlehofer 6d55ff558b Merge pull request #9513 from BKPepe/openwrt-18.06_python_shebang
[OpenWrt 18.06] python,python3: move shebang handle in install script
2019-08-14 21:19:50 +02:00
Josef Schlehofer 78bf09b084 golang: update to version 1.10.8
Fixes CVEs

1.10.6
CVE-2018-16873
CVE-2018-16874
CVE-2018-16875

1.10.8
CVE-2019-6486

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-08-13 09:02:17 +02:00
Yousong Zhou 87b6ed6b93 jamvm: depends on supported architectures
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from 11f0544744)
2019-08-11 12:59:34 -07:00
Jeffery To af975f0f30 python,python3: Fix overridden usr/bin symlinks
Currently, all files in usr/bin (presumably all Python scripts) are run
through sed to replace the shebang; sed will overwrite the file whether
or not a match is found. This causes symlinks to be overridden and made
into copies of their targets. python[3]-base and python[3]-dev are
affected by this.

This adds the --follow-symlinks flag to sed, in addition to using
$(SED), so that symlinks are not overridden.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-08-08 13:38:37 +02:00
Alexandru Ardelean 421c58a946 python,python3: move shebang handle in install script
This extends the Python[3] shebang fixup to all packages.
Only Python scripts in `/usr/bin` will be handled at the moment. Later it
may make sense to also cover executables in `/bin`, though typically Python
executables shouldn't be placed there.

Previously the shebang handling was only done for python[3]-pip &
python[3]-setuptools.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2019-08-08 13:38:36 +02:00
Jeffery To 5cb4c348a7 python,python3: Fix ctypes.util.find_library()
Python's ctypes.util.find_library() function currently doesn't work for
musl libraries/systems[1].

This adds a patch to fix this function, based on a patch from Alpine
Linux[2].

Fixes #9448.

[1]: https://bugs.python.org/issue21622
[2]: https://git.alpinelinux.org/aports/tree/main/python2/musl-find_library.patch

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-07-22 21:38:08 +08:00
Josef Schlehofer d16a931db4 python: add patch for CVE-2018-20852
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-07-22 15:22:56 +02:00
Alexandru Ardelean 2402c223df python: bump to version 2.7.16
This change updates Python to version 2.7.16, which is a bugfix release
in the Python 2.7 series.
This also removes patches back-ported from upstream.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2019-07-22 15:22:55 +02:00
Josef Schlehofer ae21f4990d python3: update to version 3.6.9
3.6.9 is the latest security fix release of Python 3.6.

- Fixes: CVE-2018-20852, CVE-2019-9948, CVE-2019-9740, CVE-2019-5010
- Refreshed patches
- Removed a few backports patches

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-07-22 10:17:35 +02:00
Michael Heimpold 68461c4c54 php7: update to 7.2.19
Compile and run tested on mxs platform

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 134ebb7a9d)
2019-06-26 22:36:43 +02:00
Michael Heimpold f9b20e9ddb php7: update to 7.2.18
Compile and run tested on mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 59e48a68ba)
2019-06-26 22:33:52 +02:00
Michael Heimpold 7879bbdb4b Revert "php7: Fix compilation without deprecated OpenSSL APIs"
This reverts commit a176ffa0a1.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-06-21 10:29:21 +02:00
Michael Heimpold 115f72fc48 Revert "php7: update to 7.2.18"
This reverts commit 8e9429f3e9.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-06-21 10:28:48 +02:00
Michael Heimpold 70e4af4416 Revert "php7: update to 7.2.19"
This reverts commit 8abaf8a308.
I just noticed that I accidentally used wrong openwrt branch
to compile this, with 18.09 branch the compilation fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-06-21 10:27:01 +02:00
Michael Heimpold 8abaf8a308 php7: update to 7.2.19
Compile and run tested on mxs platform

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 134ebb7a9d)
2019-06-21 06:54:05 +02:00
Michael Heimpold 8e9429f3e9 php7: update to 7.2.18
Compile and run tested on mxs platform.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 59e48a68ba)
2019-06-21 06:53:48 +02:00