This fixes the following CVEs:
- in PCRE: CVE-2015-2325, CVE-2015-2326
- in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Builtbots currently fail to compile this package with (example message):
... /libevent-0.1.0/libevent.c:1403:42: error: 'EVBUFFER_READ' undeclared (first use in this function)
REGISTER_LONG_CONSTANT("EVBUFFER_READ", EVBUFFER_READ, CONST_CS | CONST_PERSISTENT);
With libevent2, the main include file event.h is deprecated, but includes
enough stuff and other compat includes that it _should work_. I could not figure
out why it fails (all locally builds work out-of-the-box), so this is a trial to
circumvent this compat header file and include the libevent2 headers directly.
While at, add a missing dependency to the sockets extension.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
While host-perl only exists to run build scripts(and thus, should have
no influence on built packages at all), most packages depend heavily on the
feature set of the perl installation that ran their configuration scripts.
This change makes them see that threading support is enabled(if it actually
is selected).
We can't use configuration symbol overrides for this one, as they are
visible to host-perl as well. Using overrides would make it act as if it
had threading support enabled without actually having it.
Signed-off-by: Marcel Denia <naoir@gmx.net>
This will not change any existing packages' functionality. All packages
that used this symbol before during build(with it's value being "cc -E") most
likely would've failed compilation.
Note that this change is only in effect during build.
Signed-off-by: Marcel Denia <naoir@gmx.net>
This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability,
a heap buffer overflow in unpack and a integer overflow in ftp_genlist,
which also results in a heap overflow.
For more details, see http://php.net/ChangeLog-5.php#5.6.9
Also sync the timezone patch with latest version from Debian and
adopt this patch for the changes in this php release.
Refresh 950-Fix-dl-cross-compiling-issue.patch.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This patch adds build infrastructure for PHP's OPcache extension.
Compared with the other extension, this is a Zend module and it
need a little workaround during cross-compiling.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* fix failure on buildbot where lua devel files are searched in home directory
* add a patch to pass proper target optimization flags
* remove unused PKG_INSTALL & Build/Install
Signed-off-by: Nicolas Thill <nico@openwrt.org>
This fixes the following CVEs:
- CVE-2015-1351
- CVE-2015-1352
- CVE-2015-2783
- CVE-2015-3329
- CVE-2015-3330
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
libyaml is an optional dep for ruby psych. When missing, it uses
a bundled version of yaml. However, when libyaml is present in
openwrt build, ruby-psych packaging failed with deps not declared.
Now libyaml is configured as a hard dep for ruby-psych.
Also, the tk module was disabled in order to avoid a possible similar
problem if tk+x11 is provided in openwrt build. It was currently not
build because of missing deps.
Other minor changes:
- win32* modules where disabled (avoid err msg, no compile changes)
- Some files where removed in 2.2.x (like gserver.rb). They were already
not packaged but generates a build warning message. Now removed from install.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This is a small ruby release, mainly to fix
CVE-2015-1855: Ruby OpenSSL Hostname Verification
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Michael Heimpold
Paul Oranje
Roger
Alexandru Ardelean
Marcel Denia
Alexander Ryzhov
Dirk Chang
Ted Hess
Lars Gierth
Nicolas Thill
Luiz Angelo Daros de Luca