As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424 for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This fixes the following CVEs:
- in intl: CVE-2016-7416
- in mysqlnd: CVE-2016-7412
- in phar: CVE-2016-7414
- in spl: CVE-2016-7417
- in wddx: CVE-2016-7413, CVE-2016-7418
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Some PECL modules (possibly also php modules) depend on
special load order, otherwise loading the module will fail
due to unresolvable symbols.
This changeset introduces a very simple compile-time defined
order by specifying a prefix for the ini file with the load
directive. If not given, it uses a default value.
It also updates all current pecl module packages to take
this new approach.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This is a copy of the existing php5 stuff, adopted for PHP7.
Please not, that its not supported to install both php5
and php7 in parallel on the target.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- in GD: CVE-2015-8874, CVE-2016-5766, CVE-2016-5767
- in mbstring: CVE-2016-5768
- in mcrypt: CVE-2016-5769
- in SPL: CVE-2016-5770, CVE-2016-5771
- in WDDX: CVE-2016-5772
- in zip: CVE-2016-5773
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- in BCMath: CVE-2016-4537, CVE-2016-4538
- in EXIF: CVE-2016-4542, CVE-2016-4543, CVE-2016-4544
- in GD: CVE-2016-3074
- in Intl: CVE-2016-4540, CVE-2016-4541
- in XML: CVE-2016-4539
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- in PCRE: CVE-2015-2325, CVE-2015-2326
- in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability,
a heap buffer overflow in unpack and a integer overflow in ftp_genlist,
which also results in a heap overflow.
For more details, see http://php.net/ChangeLog-5.php#5.6.9
Also sync the timezone patch with latest version from Debian and
adopt this patch for the changes in this php release.
Refresh 950-Fix-dl-cross-compiling-issue.patch.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This patch adds build infrastructure for PHP's OPcache extension.
Compared with the other extension, this is a Zend module and it
need a little workaround during cross-compiling.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- CVE-2015-1351
- CVE-2015-1352
- CVE-2015-2783
- CVE-2015-3329
- CVE-2015-3330
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: wuqiong <memccpy@gmail.com>
- split fpm config into main and pool file
- introduced uci config file
- re-worked init script
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- fileinfo: PHP actually uses its own libmagic implementation
- pdo-sqlite/sqlite3: libsqlite3 itself depends on libpthread,
not the extension
- xml{reader,writer}: both do not use iconv stuff
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This commit adds a patch to enforce the usage of an alternative
code path, preventing the need of libiconv in the bundled libgd
of php.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold
Matthias Schiffer
Felix Fietkau
W. Michael Petullo
wuqiong
Ted Hess