Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
as a query args separator
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6d9005d5ac)
When building with QUILT, unlike the regular build, Build/Prepare does
not apply the patches. So when buildconf is called with QUILT on, at
the end of Build/Prepare, it will not have the patched sources, and
build will fail.
To fix the problem, run buildconf in Build/Prepare only when QUILT is
off, and do it in Build/Configure otherwise.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d4979cff06)
Commit d741a64b7 ("lang/php7: Don't run phpize7 with QUILT") changed
pecl.mk to not run phpize7 during Package/prepare if QUILT is set. The
intention was to allow prepare, refresh and update targets to run
without building dependencies.
As a side-effect, Package/configure and Package/compile fail when QUILT
is defined because they can't find ./configure or a Makefile. It also
impacts the github tests run with pull requests, because QUILT is
defined there.
To avoid that failure and still keep the prepare, refresh, and update
speedup, call phpize7 before Package/Configure if QUILT is defined.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 3476816cc8)
Update to v14.16.0
February 2021 Security Releases
- HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (Critical) (CVE-2021-22883)
- DNS rebinding in --inspect (CVE-2021-22884)
- OpenSSL - Integer overflow in CipherUpdate (CVE-2021-23840)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit a68820bb74)
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 5d8d4fbbcb)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The Python version of python-config is installed when building on macOS,
rather than the shell script version when building on Linux. When run on
macOS, the Python version of python-config will return values with
Mac-specific customizations.
This patches the python-config install recipe so that which version is
installed can be controlled by the package makefile. When building on
macOS, this installs the Python version for host Python and the shell
script version for target Python.
This also updates Host/Compile and Host/Install to use the default host
build recipes, so that the various HOST_* variables are taken into
account automatically.
Fixes https://github.com/openwrt/packages/issues/14652
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 18330902a0)
The $(TOPDIR) seemed to cause Makefile parsing issues with CI.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit 52668b1e97)
Added a check for macOS 11 and newer to resolve a compile error:
*** Unexpected product version 11.2.
Added Internals::getcwd.
Fallback to the built-in getcwd to resolve compile errors on macOS:
Can't locate Errno.pm in @INC
/miniperl not found
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Allows targets such as prepare, refresh, or update to be run without
building dependencies for easier patch maintenance.
This is d741a64b7 applied to php8.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The build process uses a minilua helper for code generation
which must not be compiled with target cross-compiler but
the host compiler.
This error was spotted by buildbots:
ext/opcache/minilua /builder/shared-workdir/build/sdk/build_dir/
target-x86_64_musl/php-8.0.1/ext/opcache/jit/dynasm/dynasm.lua
-D X64=1 -o ext/opcache/jit/zend_jit_x86.c /builder/shared-workdir
/build/sdk/build_dir/target-x86_64_musl/php-8.0.1/ext/opcache/jit/zend_jit_x86.dasc
/bin/bash: ext/opcache/minilua: No such file or directory
Makefile:406: recipe for target 'ext/opcache/jit/zend_jit_x86.c' failed
make[4]: *** [ext/opcache/jit/zend_jit_x86.c] Error 127
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Allows targets such as prepare, refresh, or update to be run without
building dependencies for easier patch maintenance.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
