perl fails to compile on x86_64 with glibc and stack smashing
protection enabled due to libssp not being specified in the
ldflags.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
All symbols on MacOS are prefixed with an underscore which
interfered with the filtering mechanism (added in perl 5.28)
for extension libraries to be linked into static perl.
Signed-off-by: Jakub Piotr Cłapa <jpc@loee.pl>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Currently external modules and non-base packages are numbered
from their own internal number space, and even though the Perl
ABI number is embedded into them this isn't externally visible.
For example, perl-html-parser-3.72.1 could be built for ABI
5.26 or for 5.28, we can't easily tell. This changes all of
that by embedding the ABI number into the filename.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Looking at Configure and Porting/config.sh, it seems that Perl
requires both of these options to build correctly.
Should fix FS #1464.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Refresh patches 900 and 910.
Add fix (920) for improperly gated variable.
Add workaround (020) for Storable's run-time check for stacksize.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
In Perl the 'do' construct has some odd side-effects regarding $@,
$!, and return values (i.e. 'do'ing a file which evaluates to undef
can be a little ambiguous).
Instead, generate a preamble to the Makefile.PL and execute it as
stdin.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Because nonexistent aarch64.config the build of perl will fail for ARM
64-bit targets. Fix it by adding mentioned config. Fixes#2963.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
It seems that Inline::C evaluates to undef which is problematic, so
we need to handle this better.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
There are a few packages which mysteriously fail during the configure
stage. Give us better means of understanding why.
Also, some Makefile.PL's have "use" statements which reference
files which are in or under ".".
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
5.26.1 introduced default_inc_excludes_dot which is causing
perl-html-tags and possibly other modules to fail. Add explict
dot back when invoking module's ./Makefile.PL.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Required changes:
* Add qualifying '.' to scripts or to @INC, as appropriate since we're
enabling default_inc_excludes_dot;
* Add new platform/library definitions like double-double format and
locale library functions/headers;
* Delete patch 020 as it's been upstreamed;
Optional changes:
* Instead of using -@rm and having that fail, emit an error message,
and be ignored, just use @rm -f instead which will always succeed.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598]
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous anyway.
[perl #131665]
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The standard way to pass -rdynamic (or -Wl,--dynamic-export) is via
the $ccdlflags variable. Do what is best practice.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Originally as PR #2383 but rewritten.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Alexander Ryzhov <openwrt@ryzhov-al.ru>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Certain strings are misinterpreted as comments by perlmod.mk and removed
when they shouldn't be (in particular, perl-cgi). Enable this whenever
you have sufficient flash space.
Globally, CONFIG_PERL_NOCOMMENT=y (default) causes comments to be stripped
as before. However, a package (like perl-cgi) can override this with
PKG_LEAVE_COMMENTS=1.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424 for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
perlbase-utf8 depends on perlbase-unicore however that dependency was missing.
This patch fixes that.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Stephane Chazelas discovered a bug in the environment handling in Perl.
Perl provides a Perl-space hash variable, %ENV, in which environment
variables can be looked up. If a variable appears twice in envp, only
the last value would appear in %ENV, but getenv would return the first.
Perl's taint security mechanism would be applied to the value in %ENV,
but not to the other rest of the environment. This could result in an
ambiguous environment causing environment variables to be propagated to
subprocesses, despite the protections supposedly offered by taint
checking.
With this update Perl changes the behavior to match the following:
a) %ENV is populated with the first environment variable, as getenv
would return.
b) Duplicate environment entries are removed.
References:
* http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath()
routine returned untained strings even if passed tainted input. This defect
undermines the guarantee of taint propagation, which is sometimes used to
ensure that unvalidated user input does not reach sensitive code.
This defect was found and reported by David Golden of MongoDB, and a patch
was provided by Tony Cook.
References:
* https://rt.perl.org/Public/Bug/Display.html?id=126862
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8607
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Apparently, recompiling/relinking fails under some circumstances. This
patch has been reported to work around that issue.
Signed-off-by: Marcel Denia <naoir@gmx.net>
Configuration scripts expect the libc identifier to be "uclibc" in case we're using it,
OpenWrt provides "uClibc". Oh well...
Signed-off-by: Marcel Denia <naoir@gmx.net>
This was previously manually set to '4.8.0'. Aside from just being incorrect,
it also breaks Errno's GCC5 detection.
Fixes#2044.
Signed-off-by: Marcel Denia <naoir@gmx.net>
This will make microperl unable to build. That's okay, since we haven't
been building it for quite a while now.
Signed-off-by: Marcel Denia <naoir@gmx.net>
perlbase-essential and perlbase-config depend on functionality from
each other. Previously, this was solved by just making perlbase-config depend
on perlbase-essential.
However, since a simple "use lib" is enough to trigger pulling in Config, this
approach doesn't seem to make much sense. So let's just make perlbase-essential
depend on perlbase-config instead.
This pulls in perlbase-config as a dependency to pretty much every Perl package,
so in the future we might want to just merge Config into perlbase-essential.
Thanks to Robert Högberg for spotting this.
Signed-off-by: Marcel Denia <naoir@gmx.net>
Dumper.pm, included in perlbase-data, uses module bytes, so add dependency
on openwrt package perlbase-bytes.
Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
Despite being just a packaging update, this update packs quite a few changes.
To start things off, we're finally passing perl's testsuite on at least
x86/musl. There are a lot of skipped tests left, as well as some oddities.
Nothing too heavy though. Making this happen was an ongoing effort since the
perl-5.20.1 release.
We still can't run module testsuites and I don't expect all target/libc
combinations to pass yet. So we'll leave test suite support marked as
experimental.
We've also switched from the old collection of target-specific configuration
files to a new, more flexible and easier-to-maintain system based on
perlconfig.pl. It'll generate a suitable configuration file using information
found in it's *.config files as well as command-line parameters passed.
See the POD and files/README.config for details.
Signed-off-by: Marcel Denia <naoir@gmx.net>
This test requires a ps which provides the -f option, as well as suitable output.
We can't provide either with busybox. Just skip it for now.
Signed-off-by: Marcel Denia <naoir@gmx.net>