This includes fixes for:
* CVE-2022-23772: math/big: Rat.SetString may consume large amount of
RAM and crash
* CVE-2022-23806: crypto/elliptic: IsOnCurve returns true for invalid
field elements
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1. ruby/host build fails on macos due to Apple ld generates warning
if a folder from LDFLAGS is not exist. configure script catches this
warning and fails. This patch disables ld warnings for macos
2. ruby build fails on macos due /bin/true is not exist on macos.
This patch replaces /bin/true with true in OpenWrt Makefile
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
- Removed PYPI_SOURCE_EXT as this release provides tarball with .tar.gz
extension, which is default.
- Changelog: https://dnspython.readthedocs.io/en/stable/whatsnew.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
lyaml build script detects Darwin using `uname -s` and changes
build logic so lyaml package can not be built on macos.
This patch uses fakeuname host tool to redefine `uname -s` output
and fix build on macos.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
configure script detects Darwin and uses flags incompatible with
Linux target build.
This patch uses fakeuname tool if host OS is MacOS to avoid Darwin
detection on target build.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Update to v14.18.3
January 10th 2022 Security Releases:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
./configure script detects macos specific system headers
(IOKit/serial/ioss.h and sys/ttycom.h) that are not available
during compile time. There is no way to pass ac_cv_* vars to
./configure script due to perl wrappers
To fix this issue, fake(empty) headers provided during compile
time if build host is MacOS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
setup.py detects macos (darwin) and adds -flat_namespace flag. This
flag is not compatible with GCC that is used to compile target.
This patch patch disables darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luaossl detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux so build OS detection is disabled
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luasql ./config scripts checks `uname -s` output and changes
LIB_OPTION from '-static' to macos specific if detected OS is
Darwin. These flags are not compatible with GCC
OpenWrt is always Linux, this patch removes Darwin
specific stuff from compilation flags
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The last tagged release (v1.9.3) was in 2017. This updates the package
to the most recent commit of the master branch.
This also sets myself at the maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- [Bug]: Enhanced log output when connecting to servers that do not
support server-sig-algs extensions, making the new-as-of-2.9
defaulting to SHA2 pubkey algorithms more obvious when it kicks in.
- [Bug]: Connecting to servers which support server-sig-algs but
which have no overlap between that list and what a Paramiko client
supports, now raise an exception instead of defaulting to
rsa-sha2-512 (since the use of server-sig-algs allows us to know
what the server supports).
Signed-off-by: Javier Marcet <javier@marcet.info>
1. updated to 24.2 (RN: https://github.com/erlang/otp/releases/tag/OTP-24.2)
2. added libstdcpp dependency
3. erlang-hipe was removed in upstream
(ref fccb8482ef)
everything related to erlang-hipe was removed from Makefile
4. updated and refreshed patches
5. host-compile ssl library forced to OpenWrt LibreSSL to avoid using system library
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
lua-curl-v3 detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux, OS detection is disabled via UNAME=Linux
as a part of MAKE_FLAGS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2to3 is a Python program that reads Python 2.x source code and applies a
series of fixers to transform it into valid Python 3.x code. The standard
library contains a rich set of fixers that will handle almost all code. 2to3
supporting library lib2to3 is, however, a flexible and generic library, so it
is possible to write your own fixers for 2to3. lib2to3 could also be adapted
to custom applications in which Python code needs to be edited automatically.
This tool is necessary for fail2ban package because of issue
https://github.com/openwrt/packages/issues/17311https://github.com/openwrt/packages/pull/17341
Simple 2to3.py script from Debian, thanks to Matthias Klose <doko@ubuntu.com>
From: https://salsa.debian.org/cpython-team/python3-defaults
Co-authored-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Removed patches:
* 027-bpo-43158-Use-configure-values-for-building-_uuid-ex.patch
Already merged.
* 029-disable-deprecation-warning.patch
Packages should be patched/fixed to remove the use of distutils
instead of disabling this warning.
Also:
* Updates PKG_LICENSE to use the correct SPDX license identifier
* Fixes build for mipsel_24kc_24kf
Fixes https://github.com/openwrt/packages/issues/17217.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fixes for:
* CVE-2021-44716: unbounded growth of HTTP/2 header canonicalization
cache
* CVE-2021-44717: syscall.ForkExec error can close file descriptor 0
Added patches:
* 001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch:
https://github.com/golang/go/pull/49748 backported for Go 1.17,
this removes the requirement for the gold linker when building Go
programs that use Go plugins on arm/arm64
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When cURL is built with OpenSSL as backend SSL/TLS library,
pecl_http's configure tries to detect whether TLS 1.3 ciphers
are enabled. This does not work when cross-compiling so let's
pass it based on OpenSSL build configuration.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>