Refresh patches 900 and 910.
Add fix (920) for improperly gated variable.
Add workaround (020) for Storable's run-time check for stacksize.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
In Perl the 'do' construct has some odd side-effects regarding $@,
$!, and return values (i.e. 'do'ing a file which evaluates to undef
can be a little ambiguous).
Instead, generate a preamble to the Makefile.PL and execute it as
stdin.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Required changes:
* Add qualifying '.' to scripts or to @INC, as appropriate since we're
enabling default_inc_excludes_dot;
* Add new platform/library definitions like double-double format and
locale library functions/headers;
* Delete patch 020 as it's been upstreamed;
Optional changes:
* Instead of using -@rm and having that fail, emit an error message,
and be ignored, just use @rm -f instead which will always succeed.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598]
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous anyway.
[perl #131665]
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The standard way to pass -rdynamic (or -Wl,--dynamic-export) is via
the $ccdlflags variable. Do what is best practice.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Certain strings are misinterpreted as comments by perlmod.mk and removed
when they shouldn't be (in particular, perl-cgi). Enable this whenever
you have sufficient flash space.
Globally, CONFIG_PERL_NOCOMMENT=y (default) causes comments to be stripped
as before. However, a package (like perl-cgi) can override this with
PKG_LEAVE_COMMENTS=1.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424 for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
perlbase-utf8 depends on perlbase-unicore however that dependency was missing.
This patch fixes that.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Stephane Chazelas discovered a bug in the environment handling in Perl.
Perl provides a Perl-space hash variable, %ENV, in which environment
variables can be looked up. If a variable appears twice in envp, only
the last value would appear in %ENV, but getenv would return the first.
Perl's taint security mechanism would be applied to the value in %ENV,
but not to the other rest of the environment. This could result in an
ambiguous environment causing environment variables to be propagated to
subprocesses, despite the protections supposedly offered by taint
checking.
With this update Perl changes the behavior to match the following:
a) %ENV is populated with the first environment variable, as getenv
would return.
b) Duplicate environment entries are removed.
References:
* http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath()
routine returned untained strings even if passed tainted input. This defect
undermines the guarantee of taint propagation, which is sometimes used to
ensure that unvalidated user input does not reach sensitive code.
This defect was found and reported by David Golden of MongoDB, and a patch
was provided by Tony Cook.
References:
* https://rt.perl.org/Public/Bug/Display.html?id=126862
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8607
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Configuration scripts expect the libc identifier to be "uclibc" in case we're using it,
OpenWrt provides "uClibc". Oh well...
Signed-off-by: Marcel Denia <naoir@gmx.net>
This was previously manually set to '4.8.0'. Aside from just being incorrect,
it also breaks Errno's GCC5 detection.
Fixes#2044.
Signed-off-by: Marcel Denia <naoir@gmx.net>
Despite being just a packaging update, this update packs quite a few changes.
To start things off, we're finally passing perl's testsuite on at least
x86/musl. There are a lot of skipped tests left, as well as some oddities.
Nothing too heavy though. Making this happen was an ongoing effort since the
perl-5.20.1 release.
We still can't run module testsuites and I don't expect all target/libc
combinations to pass yet. So we'll leave test suite support marked as
experimental.
We've also switched from the old collection of target-specific configuration
files to a new, more flexible and easier-to-maintain system based on
perlconfig.pl. It'll generate a suitable configuration file using information
found in it's *.config files as well as command-line parameters passed.
See the POD and files/README.config for details.
Signed-off-by: Marcel Denia <naoir@gmx.net>
This replaces the previously used collection of configuration files for every single
architecture in conjunction with hacky overrides, which became an increasing burden to maintain.
Fixes a number of outstanding bugs and oddities, with the most important one being the
previously wrong signal order(as shown by ext/POSIX/t/sigaction.t).
See files/perlconfig.pl's POD and files/README.config for details.
Signed-off-by: Marcel Denia <naoir@gmx.net>
- Add patch to inhibit the libm IEEE math switch on musl
- Add postprocessing for config.sh to the Makefile to fixup
defines for musl, idea taken
from http://patchwork.openembedded.org/patch/91707/
This is the least invasive approach I could come up to fix the build
failure asap. Another possibility is maintaining yet another set of
musl specific architecture config files, but I think that this introduces
a lot of maintenance overhead.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
While host-perl only exists to run build scripts(and thus, should have
no influence on built packages at all), most packages depend heavily on the
feature set of the perl installation that ran their configuration scripts.
This change makes them see that threading support is enabled(if it actually
is selected).
We can't use configuration symbol overrides for this one, as they are
visible to host-perl as well. Using overrides would make it act as if it
had threading support enabled without actually having it.
Signed-off-by: Marcel Denia <naoir@gmx.net>
- Update copyright notice
- Make perlbase-experimental's TITLE show up in menuconfig again
- Formatting changes
Signed-off-by: Marcel Denia <naoir@gmx.net>