There are a few packages which mysteriously fail during the configure
stage. Give us better means of understanding why.
Also, some Makefile.PL's have "use" statements which reference
files which are in or under ".".
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
5.26.1 introduced default_inc_excludes_dot which is causing
perl-html-tags and possibly other modules to fail. Add explict
dot back when invoking module's ./Makefile.PL.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Required changes:
* Add qualifying '.' to scripts or to @INC, as appropriate since we're
enabling default_inc_excludes_dot;
* Add new platform/library definitions like double-double format and
locale library functions/headers;
* Delete patch 020 as it's been upstreamed;
Optional changes:
* Instead of using -@rm and having that fail, emit an error message,
and be ignored, just use @rm -f instead which will always succeed.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598]
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous anyway.
[perl #131665]
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The standard way to pass -rdynamic (or -Wl,--dynamic-export) is via
the $ccdlflags variable. Do what is best practice.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Originally as PR #2383 but rewritten.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Alexander Ryzhov <openwrt@ryzhov-al.ru>
That way some python packages can choose
to keep their egg-info dirs, if they want to, or they're needed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The FPM SAPI works fine without the CGI SAPI installed. It seems that
this is a copy & paste error introduced a long time ago, when FPM support
was added - and nobody noticed.
So drop the dependency now to allow smaller footprints on installations
which only use FPM.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This release contains some security fixes.
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Multiple vulnerabilities in RubyGems
Update bundled libyaml to version 0.1.7.
And many other bugfix.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Not sure how it can happen that the files are not
installed via the host build.
Maybe some SDK-like build.
Let's make sure they are installed via InstallDev rule too.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The host pip install should have the host's CFLAGS, LDFLAGS, etc
available.
And not the target's flags.
Otherwise, weird things can happen when installing
packages (host-side) that need to build C code.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>