Save a copy of unixodbc_conf.h in STAGING_DIR to be used by host build.
Use STAGING_DIR/tmp/unixodbc instead of include.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
For host compilation, the configure-generated config.h from the target
compilation is used in place of the host-generated file. When the
target package is compiled with clean-build, that file is gone. This
saves the file under $(STAGING_DIR), and fetch it from there.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
When copying config.h from PKG_BUILD_DIR to HOST_BUILD_DIR, LIB_PREFIX
is set to /usr/lib. Then when odbc_config is run, it reports /usr/lib
as the --lib-dir, and in --libs as well, and dependent packages may
fail. Set it to $(STAGING_DIR)/usr/lib to make it right.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Revert the addition of build dependency in commit 2d1694ff7
to a non-existent host build of zlib.
The host build of zlib was removed already in April 2018 by
https://github.com/openwrt/openwrt/commit/8dcd941d8b934891676a8d4bbef1ee78e89a4bf7#diff-1ed408c61d79f9c6c5d197333e94ce8d
which made zlib a build tool defined in /tools
The newly introduced build dependency causes always a warning like:
WARNING: Makefile 'package/feeds/packages/postgresql/Makefile'
has a build dependency on 'zlib/host', which does not exist
Not sure what was the error that 2d1694ff7 tried to fix,
but reference to a non-existent host build is not the solution.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit d8e61d49da)
spotted on buildbot trying postgresql/host build:
configure: error: zlib library not found
Fix this by adding zlib/host to HOST_BUILD_DEPENDS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 2d1694ff7c)
cherry-pick and squash commits from master for GNUnet
04eb431cb libgabe: add package
7831fb63b libgabe: update to shared library version
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
cherry-pick commit 4c5d25458 libpbc: add new package
from master as GNUnet started to depend on libgabe which depends on
libpbc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport and squash the following commits from master:
43ec390bd postgresql: security bump to 9.6.10
845aab78a postgresql: Update to 9.6.11
fe6597dd7 postgresql: update to version 9.6.12
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport and squash the following commits from master:
853e9d1c3 libextractor: Update to 1.7
1a23de5db libextractor: update to version 1.8
a50f26941 libextractor: fix PKG_HASH
6709d9b82 libextractor: update to version 1.9
Defaulting to -fPIC is a bad idea, especially for executables (here:
sqlite3-cli). In short, there are certain security implications as well
as overhead/performance penalties. Details see:
https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
The configure script is able to detect the need for PIC and adds the
flag when needed anyway (when compiling the library).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This bumps libtiff's minor version from 9 to 10. In addition to the CVE
fixes that we already included this fixes:
CVE-2017-17095
CVE-2018-17101
CVE-2018-18557
The update is 100% backwards compatible, no symbol changes.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
The only known user of this library is currently unable to get their
application to work with with the fixed 0.7.6 release of this library.
To prevent accidental use by unknown parties of a flawed library, mark
it as BROKEN.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 14ad4cb976)
Makefile and package changes to support builds with both Python 2.x and Python 3.x versions.
Python versioning is automatically configured from lang/python repository xxx-version.mk files.
Signed-off-by: Ted Hess <thess@kitschensync.net>
libbsd gets picked up since it's no longer limited to glibc.
Patch identical to libtalloc one. Same codebase.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 33dc529e00)
Use $(CP) instead of $(INSTALL) so that libtdb.so.1 is installed as
symlink, and not duplicated.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 75d9ab331d)
Backport Rosen's commit in master to 18.06 to address open CVEs. This
fixes:
CVE-2017-11613
CVE-2018-5784
CVE-2018-7456
CVE-2018-8905
CVE-2018-10963
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This update includes fixes for the following CVEs:
- CVE-2018-1115
- CVE-2018-10925
- CVE-2018-10915
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Commit dcd68100c23f980a7bbd1d7d9567a315ee584bdf fixed the zlib pkgconfig
file. But libxml2/host is stuck in the compile phase on the build bots.
Bumping the revision will force a clean build.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Bump to v1.35
Refresh patches.
Update Makefile to use new '--disable-doc' configure flag.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Update to new upstream version. Needed to add a patch provided by upstream to compile with musl.
Signed-off-by: David Mora <iamperson347+public@gmail.com>
Rosen Penev