GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
for coping libc.a, libpthread.a and libstdc++ to target.
Add config option to eliminate need for -lstdc++ and -lgcc_pic
switches when linking statically
Signed-off-by: Noble Pepper <noblepepper@gmail.com>
* use gunicorn instead of Flask for main server threads
* generate and deploy random database password
* provide distribution files
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The last commit added PKG_CPE_ID and now uscan detects a CVE that I missed
Reordered patches by date
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[tweaked commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Patches taken from official git repository.
Added PKG_CPE_ID for proper CVE tracking.
Added PKG_BUILD_PARALLEL for faster compilation.
Also adjusted Makefile to be more similar to other projects.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Here was the first error I got:
xstrtol-error.c:84:26: error: invalid use of undefined type 'struct
rpl_option'
More information on this error here:
https://www.mail-archive.com/clfs-support@lists.clfs.org/msg00297.html
I'm not sure if this is an issue in my build environment, but I believe
this is the proper fix because gzip and zile use the same option:
./utils/gzip/Makefile: gl_cv_func_getopt_gnu=yes \
./utils/zile/Makefile: gl_cv_func_getopt_gnu=yes \
This commit is mostly a reformat/sign-off of previous work by Dirk
Morris <dmorris@untangle.com>
Signed-off-by: Sébastien Delafond <sdelafond@gmail.com>
Defining _GLIBCXX_INCLUDE_NEXT_C_HEADERS instructs gcc 7.x libstdc++ to
include the system's stdlib.h and math.h, and not their own.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
NEWS has these comments:
Noteworthy changes in release 1.4.18 (2016-12-31) [stable]
* Diagnose --word-regexp as unsupported if it was not configured.
* Preliminary support for OS/2.
* A number of portability improvements inherited from gnulib.
SHA256SUM is used as package checksum
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The LEDE buildbots currently fail to build the package since there seems
to be a problem with the emacs installed on the buildbot(s) (e.g. [1]):
-snip-
Making all in emacs
make[7]: Entering directory `/opt/buildbot/slaves/lede-slave-tah/x86_64/build/sdk/build_dir/target-x86_64_musl-1.1.15/autoconf-2.69/lib/emacs'
WARNING: Warnings can be ignored. :-)
if test "emacs" != no; then \
set x; \
list='autoconf-mode.el autotest-mode.el'; for p in $list; do \
if test -f "$p"; then d=; else d="./"; fi; \
set x "$@" "$d$p"; shift; \
done; \
shift; \
EMACS="emacs" /bin/bash ../../build-aux/elisp-comp "$@" || exit 1; \
else : ; fi
4;1H; last errno 10)
No buffers needed saving: you didn't lose any work.
mv: cannot stat '*.elc': No such file or directory
make[7]: *** [elc-stamp] Error 1
-snap-
So let's disable the emacs usage - the resulting artifacts are not
packaged at the moment at all.
[1] https://downloads.lede-project.org/snapshots/faillogs/x86_64/packages/autoconf/compile.txt
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We're currently preparing a change in LEDE that will change the host
staging dirs in a way that might break the sed commands used by the
automake Makefile. Change the command in a way that doesn't depend on the
path of the staging dir.
While it would be nicer to modify the configure script to use the correct
path in the first place, this doesn't work for the perl path, as perl is
used in shebang lines and must thus be an absolute path. Some scripts are
used both during build and on the target system, so fixing up the scripts
in the install step seems like the best option.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We can just set M4 in the configure command instead of fixing up the paths
using sed afterwards. This makes the build more robust (and we're currently
preparing a change of the host staging dirs in LEDE that might break this
otherwise).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We can just set GREP and SED in the configure command instead of fixing up
the paths using sed afterwards. This makes the build more robust (and we're
currently preparing a change of the host staging dirs in LEDE that might
break this otherwise).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add two patches to address three distinct build problems spotted by our
build bots when compiling lttng-tools:
1) unconditional use of `__GLIBC_PREREQ`
On musl based toolchains there is no such macro defined, leading to the
following preprocessor error:
CC compat-epoll.lo
In file included from compat-epoll.c:33:0:
poll.h:76:19: error: missing binary operator before token "("
#if __GLIBC_PREREQ(2, 9)
2) undeclared `mode_t` type
On musl based toolchains the `mode_t` type is not implicitely defined through
other includes, leading to the following compile error:
CC hashtable.lo
In file included from ../../../src/common/common.h:24:0,
from hashtable.c:24:
../../../src/common/runas.h:25:46: error: unknown type name 'mode_t'
int run_as_mkdir_recursive(const char *path, mode_t mode, uid_t uid, gid_t gid);
^
../../../src/common/runas.h:26:36: error: unknown type name 'mode_t'
int run_as_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid);
^
../../../src/common/runas.h:27:46: error: unknown type name 'mode_t'
int run_as_open(const char *path, int flags, mode_t mode, uid_t uid, gid_t gid);
^
3) multiple definitions
The header files declare several `const char *` pointers which are initialized
in various `*.c` files later on. Due to a missing `extern` declaration in the
header, the final linking of the executables fails with errors such as:
CCLD lttng
../../../src/common/.libs/libcommon.a(mi-lttng.o):(.data.rel.ro.local+0x0): multiple definition of `mi_lttng_element_snapshots'
commands/enable_events.o:(.bss+0x18): first defined here
collect2: error: ld returned 1 exit status
This commits addresses these issues with two patches, `100-musl-compat.patch`
fixes issue 1 by declaring a fallback dummy declaration of `__GLIBC_PREREQ` and
issue 2 by explicitely including `sys/stat.h` which provides `mode_t` according
to POSIX.
The second patch, `200-use-extern.patch` declares all char pointers in the
header file as `extern`, fixing the observed linker errors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
GNU libtool is used to ease the usage of shared libraries in Makefiles.
The new package libtool-bin contains the script libtoolize which is used
to prepare a package to use libtool.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
To make automake work correctly it is necessary to have files
* automake
* aclocal
* automake-$(PKG_VERSION)
* aclocal-$(PKG_VERSION)
The files without version number can be supplied as symbolic
links.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
pkg-config is a helper tool used when compiling applications and libraries.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[Fixed trailing whitespace in package description.]
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
A new package automake is provided.
version 2:
do not reference staging directory in distributed files
copy only one version of automake
resolve whitespace issues
CC: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch provides package autoconf.
Autoconf is required to generated the configure script of autotools
projects.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[Fixed commit summary (first line of commit message)]
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
GNU M4 is a prerequisite to run autoconf and automake.
This patch packages the macro processor.
This is a prerequisite for packaging autoconf and automake.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[Fixed commit summary according to our best-practise]
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
OpenWRT provides gcc but lacks make. So building foreign software is
difficult.
This patch provides GNU Make 4.1.
Built on Debian Jessie amd64.
Tested on TP-Link MR3020 (ar71xx/generic).
version 4:
remove gnumake.h from the package
We could package it in a separate make-dev package if really needed.
version 3:
use Build/InstallDev to provide build time dependency
version 2:
superfluous lines removed as suggested by Yousong Zhou
CC: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>