We don't want to set LD_LIBRARY_PATH to a directory filled with target
libraries when running a host perl. When the host and target
architecture are the same, some libraries will be loaded from this
path, resulting in the build to break because of glibc/musl mismatch.
Reported-by: John Audia <therealgraysky@proton.me>
Fixes: e7b5a35e5c ("perl: drop 110-always_use_miniperl.patch")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
tcl:tcl is a better CPE ID than tcl_tk:tcl_tk as this CPE ID has the
latest CVE (whereas tcl_tk:tcl_tk only has CVEs up to 2008):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️tcl:tcl
Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
We have received reports of builds of perl occasionally failing when
building with many parallel jobs, with a log like the following:
LD_LIBRARY_PATH=[...]/perl/perl-5.40.0 ./miniperl -Ilib make_ext.pl \
dist/constant/pm_to_blib MAKE="make" LIBPERL_A=libperl.so
File/Path.pm did not return a true value at [...]/hostpkg/usr/lib/perl5/5.40.0/ExtUtils/MakeMaker.pm line 13.
BEGIN failed--compilation aborted at [...]/hostpkg/usr/lib/perl5/5.40.0/ExtUtils/MakeMaker.pm line 13.
Compilation failed in require at Makefile.PL line 3.
BEGIN failed--compilation aborted at Makefile.PL line 3.
Unsuccessful Makefile.PL(dist/constant): code=65280 at make_ext.pl line 532.
The failing extension (dist/constant in the above log) would differ
between runs.
The cause of the issue is the `-Ilib` in the command line of miniperl.
In the host build, `./miniperl -I lib` will use the following include
path:
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/AutoLoader/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/dist/Carp/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/dist/PathTools
[..]/build_dir/hostpkg/perl/perl-5.40.0/dist/PathTools/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/ExtUtils-Install/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/ExtUtils-MakeMaker/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/ExtUtils-Manifest/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/File-Path/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/ext/re
[..]/build_dir/hostpkg/perl/perl-5.40.0/dist/Term-ReadLine/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/dist/Exporter/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/ext/File-Find/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/Text-Tabs/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/dist/constant/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/version/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/Getopt-Long/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/Text-ParseWords/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/ExtUtils-PL2Bat/lib
[..]/build_dir/hostpkg/perl/perl-5.40.0/lib
.
Various dependencies of the extension build scripts (Makefile.PL) -
including File-Path, which failed to be loaded in the error log - are
included in the path by buildcustomize.pl, as these extensions are only
installed to `lib` as the build proceeds.
However, in a target build, miniperl is just a symlink to the previously
built host perl. As the host perl does not implicitly load
`buildcustomize.pl`, we get the following include path for
`./miniperl -Ilib`:
lib
[..]/staging_dir/hostpkg/usr/lib/perl5/site_perl/5.40.0/x86_64-linux
[..]/staging_dir/hostpkg/usr/lib/perl5/site_perl/5.40.0
[..]/staging_dir/hostpkg/usr/lib/perl5/5.40.0/x86_64-linux
[..]/staging_dir/hostpkg/usr/lib/perl5/5.40.0
The host perl's install location is used as the default include path
which provides File-Path etc. for the target build; however, as more
and more libraries get installed into `lib` during the extension build,
they may get loaded from there instead, as `lib` is at the beginning of
the include path. When multiple extensions are built in parallel, a
Makefile.PL may attempt to load File/Path from `lib` after the file has
been created, but before its contents have been written fully, resulting
in the build to fail.
In fact, we should not load anything from `lib` during the target build,
as it is the staging directory for the target, including native
extensions built for the target architecture - with one exception: The
build scripts expect to find target information in the `Config` module,
so simply removing `lib` from the include path completely would break
the build.
Solve the issue by creating an alternative lib directory `lib_build`,
symlinking `Config.pm` and its dependencies in it, and replacing the
`-Ilib` argument with `-Ilib_build` using a wrapper script around the
host perl executable. This is similar to the approach seen in perl's own
obsolete/broken cross compile scripts (`Cross/Makefile`).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The patch was introduced in commit 4c57844f0f ("lang/perl: Add hack to
make perl always use miniperl during build"), but it is not actually
necessary. By setting $perl to a non-empty value (using 'perl' as is
common on desktop distros), the logic works as intended and selects the
correct perl binary for host and target builds.
As miniperl just symlinks to host perl for target builds, the main
effect of this change is not unconditionally passing `-Ilib -I.`
anymore. This seems like a good thing; host libraries should be used
with host perl by default.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The patch was first introduced in commit 4a94479f96 ("perl: update to
5.26.1") to fix the target build when the host perl has
default_inc_excludes_dot enabled. It just added back the `-I`. to every
call of miniperl; this solution is questionable however, as it adds `.` to
the beginning of the search path, not as a final fallback like perl did
before default_inc_excludes_dot (and like miniperl does).
It is also not necessary - only two scripts, write_buildcustomize.pl and
configpm, expect to be able to include a file from `.` (in both cases a
file the script just generated). Just fix the two scripts instead.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The 'snmp' extension module uses net-snmp as library, but fails
to detect whether the library uses openssl when cross-compiling.
Pass the according autoconf variables as hint - net-snmp is not
using openssl at the moment as defined in the Makefile.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
ack would always set a return code of 1 if -c was used. Now it properly
returns 1 if no files match, and 0 if any files match.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Apache SpamAssassin 4.0.1 is a patch release that fixes issues that
have surfaced since the release of 4.0.0. It provides compatibility
with the latest version of Perl, 5.38, which was released in July,
2023, as well as with recent release versions of some required Perl
modules.
Many thanks to the committers (see CREDITS file), contributors, rule
testers, mass checkers, and code testers who have made this release
possible.
Notable features:
=================
None noted.
Notable changes
---------------
This release addresses the following issues:
- Incompatibilities with some versions of perl and some perl modules
that have been released since the release of SpamAssassin 4.0.0
- Problems using cpan to install SpamAssassin when certain required
or optional modules are not already installed
- Support for space characters in the path name of some executables
used by certain plugins
- Improved handling of URL shortener link redirects
- Improved TxRep locking management
- Added Mail::SpamAssassin::Plugin::AuthRes plugin to use
Authentication-Results header fields in other plugins
- Added a Pyzor Perl implementation
- Perl crash when certain uri_detail rules processed some messages
with UTF-8 characters
- Inconsistent handling of newlines in header rules
- Text or HTML content placed in octet-stream attachments by
spammers to bypass SpamAssassin scanning
- Implemented TCP fallback for truncated DNS UDP replies
* Spamc can now be built on a Windows platform as part of the gmake
build procedure, using the compiler toolchain that is part of a
standard Strawberry Perl installation, with no need to install a
separate Visual Studio, msys, or mingw.
The detailed list of all commits can be found in the Changes file.
A detailed view of the issues as they were filed in the Bugzilla issue
tracker can be seen at https://s.apache.org/7apqr
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
**** 1.50 Feb 21, 2025
Minor code improvements in Resolver::Base.
Add RESINFO package for resolver information.
Documentation revision and reformatting.
Fix rt.cpan.org #158714
Fedora41: IPv4 loopback disabled in IPv6-only configuration
Fix rt.cpan.org #158706
Use of uninitialized value [in _send_udp]
**** 1.49 Dec 27, 2024
Add DSYNC package for Generalized Notification.
EDNS: Add support for ZONEVERSION option.
Fix rt.cpan.org #157700
"Use of uninitialized value" errors when using TCP connections
Fix rt.cpan.org #157669
Net::DNS::Nameserver: SOA not present in NODATA response
Fix rt.cpan.org #157195
EDNS option structure does not match JSON from $packet->edns->print
Fix rt.cpan.org #157043
User-hostile return value from SVCB key methods
**** 1.48 Nov 8, 2024
SVCB: Add tls-suppored-groups parameter.
Fix failures in 01-resolver.t dry tests.
**** 1.47 Sep 18, 2024
Restore current domain name following $INCLUDE in zone file.
Update RFC and other document references.
Fix rt.cpan.org #155337
Issue with parallel run of TSIG tests
**** 1.46 Aug 19, 2024
Resync with IANA DNS Parameters registry.
Revise documentation for Packet.pm and Header.pm.
Random ID cache moved from header->id to packet->encode.
Restructure resolver method inheritance tree.
**** 1.45 May 2, 2024
Resync with IANA DNSSEC Algorithm Numbers registry.
Resync with IANA DS Digest Algorithms registry.
Add support for EDNS CO flag.
Fix rt.cpan.org #152756
Net::DNS::Resolver::UNIX creates $ENV{PATH} key if one doesn't exist
**** 1.44 Feb 15, 2024
Simplify testing of resolver error paths.
Prevent read beyond end of RDATA in corrupt SVCB RR.
**** 1.43 Jan 26, 2024
Update b.root-servers.net addresses in resolver hints.
Improve accuracy and completeness of dependency metadata.
Nameserver: hangs on persistent TCP connection (Windows).
IPSECKEY: leave gateway undefined for gatetype 0.
Remove remaining support for GOST.
Fix rt.cpan.org #151240
Nameserver.pm: DoS vulnerability in TCP handling
Fix rt.cpan.org #151232
Net::DNS::Resolver::new hangs for 150s on Win32 with no active DNS
Fix rt.cpan.org #151075
Bug in Net::DNS::Resolver::Recurse::_referral
Fix rt.cpan.org #151074
Deep recursion in Net::DNS::Resolver::Recurse
**** 1.42 Dec 24, 2023
Fix rt.cpan.org #150695
Hang in Net::DNS::Nameserver on Windows
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1ab3208a1fceb12fca8f24ba57d6e13c5bff15e3 'lua.h' back to redundancy in version definitions
21ff8de33a5aca9c3c907592b894e4b9ab036d3e Bug: Tricky _PROMPT may trigger undefined behavior
7eb1ed21b7057ab5f1b921f8271eddcf13659737 More permissive use of 'errno'
2db966fcbf757775c842bc66449d7e697826aa1d Bug: luaL_traceback may need more than 5 stack slots
ae9a0cbbb446499e759acae47664d1d136d7ba90 Bug: overlapping assignments
d5212c13b081ed62d8e1ae436779e79c79edf564 More disciplined use of 'errno'
e0efebdbe4e4053c6fb78588c546f1dc23aa964a Detail in the manual
e84f7bf19852c35ad0a1e9a1654a7b99a211e17c Details
dfbde4c7d540f81f2cc539741a2c1f4c00f91c10 Bug: Active-lines for stripped vararg functions
de794a6527058e75b674118b35f39dcbb13e88b1 Towards release 5.4.7
8b83417de982d068bd92e0428a42ca0cdd909789 Avoids a warning when lua_Number is 'float'
e288c5a91883793d14ed9e9d93464f6ee0b08915 Bug: Yielding in a hook stops in the wrong instruction
5853c37a83ec66ccb45094f9aeac23dfdbcde671 Bug: Buffer overflow in string concatenation
842a83f09caa2ebd4bc03e0076420148ac07c808 Panic functions should not raise errors
7923dbbf72da303ca1cca17efd24725668992f15 Bug: Recursion in 'getobjname' can stack overflow
81e4fce5303fdb274bc5572fb168dd766fb8208e Simpler test in 'luaH_getint'
6baee9ef9d5657ab582c8a4b9f885ec58ed502d0 Removed test for "corrupted binary dump"
edd8589f478e784bb8d1a8e9a3bb2bb3ca51738c Avoid casts from unsigned long to floating-point
07a9eab23ac073362f231ddc7215688cf221ff45 Cannot use 'getshrstr' before setting 'shrlen'
9363a8b9901a5643c9da061ea8dda8a86cdc7ef1 Documentation for "LUA_NOENV"
5ab6a5756b3c50c99f1388885e9a48a7da8cbe2d Bug: Wrong line number for function calls
9b4f39ab14fb2e55345c3d23537d129dac23b091 More disciplined use of 'getstr' and 'tsslen'
f4211a5ea4e235ccfa8b8dfa46031c23e9e839e2 More control over encoding of test files
1b3f507f620d996ffb69da7476a19251acfb89ca Bug: Call hook may be called twice when count hook yields
6b51133a988587f34ee9581d799ea9913581afd3 Thread stacks resized in the atomic phase
cbae01620278f9b568805db16a96d0631ced473d Details
ea39042e13645f63713425c05cc9ee4cfdcf0a40 Removed redundancy in definitions of version/release
05ec55f16b389a4377adab84efe374437da8dbd2 Avoid inclusion loop in 'ltm.h'
f623b969325be736297bc1dff48e763c08778243 Bug: read overflow in 'l_strcmp'
9be74ccc214eb6f4d9d0b9496fd973542c7377d9 Several functions turned 'static'
09f3c2372f5dbeaec9f50614a26c1b5761726a88 Option '-l' discards version sufix from file name
c197885cb00b85251c35cffdc4057efaee2d7a88 Small improvements in tests
934e77a286aeb97ca02badf56956ccc78217e9d0 Details
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
This is a major upgrade to latest stable PHP version.
- IMAP extension was unbundled from PHP
- align patch filenames with latest ones from Debian
- removed obsolete patches
- adapted/refreshed patches
- added patch to remove call to httpd during configure
Note: this assumes that 'prefork' mpm is used
Upstream changelog for this specific release:
https://www.php.net/ChangeLog-8.php#8.4.5
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
For the moment, we have to finetune the package
versioning to make apk happy.
This update provides compatibility with PHP 8.4.x.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This PECL package seems to be not actively maintained
anymore by upstream and it does not work with PHP 8.4.x
so let's drop it.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
go1.24.2 (released 2025-04-01) includes security fixes to the net/http
package, as well as bug fixes to the compiler, the runtime, the go
command, and the crypto/tls, go/types, net/http, and testing packages.
Link: https://github.com/golang/go/issues?q=milestone%3AGo1.24.2+label%3ACherryPickApproved
Signed-off-by: George Sapkin <george@sapk.in>
https://github.com/openwrt/packages/pull/26116
We will no longer be building packages for various target architectures for node.js.
I will be dropping node-related packages that are no longer needed for this reason.
You can still use hostpkg's node.js as a build tool, so you can still use yarn and javascript-obfuscator as before.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
https://github.com/openwrt/packages/issues/26078
As a result of the discussion in this thread, the node.js package was changed to hostpkg only. In addition, this fix uses the pre-built version distributed on nodejs.
The use of pre-build is based on the suggestion of @artynet.
The packages in the node module are successfully built, but the target node.js itself cannot be provided, so it cannot be used.
Yarn, which is used in packages for web front ends, etc., can be used without any problems.
Support for host builds other than linux x86_64.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.24.1 (released 2025-03-04) includes security fixes to the net/http
package, as well as bug fixes to cgo, the compiler, the go command,
and the reflect, runtime, and syscall packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Add libstdcpp and libtiff as dependencies, which are required by
debug/elf package.
Release note: https://go.dev/doc/go1.24
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Mark node BROKEN to disable its build in buildbot in order
to test the impact on preventing frequent buildbot hangups.
It is suspected that node causes frequent build timeouts/hangups
on aarch/arm/i386/x86 builds: approx 1/3 of builds get timeouted.
Disable node for now to test the hypothesis.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Disable parallel builds for node downstream packages, as the
buildbot is showing frequent timeout problems
for aarch644, arm, i386 and x86, and node & node packages
are the primary suspect.
Based on discussion in
https://github.com/openwrt/packages/issues/26078
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
For some reason, pip builds a broken Cython, which segfaults on attempting
to install wheel. Work around this by allowing to use precompiled wheels.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes podman build breakage which was caused by podman depending on
netavark, which in turn depends on rust-iptables.
rust-iptables requires rust 1.85.0 since commit 75825cd
75825cd9c1
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
go1.23.5 (released 2025-01-16) includes security fixes to the
crypto/x509 and net/http packages, as well as bug fixes to the
compiler, the runtime, and the net package.
go1.23.6 (released 2025-02-04) includes security fixes to the
crypto/elliptic package, as well as bug fixes to the compiler
and the go command.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This is a security release.
Notable Changes
CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.23.4 (released 2024-12-03) includes fixes to the compiler, the
runtime, the trace command, and the syscall package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Dropped:
003-without-vendored-meson.patch
004-workaround-for-multiple-top-level-packages-discovered.patch
This time, we really need to use meson to build numpy.
And to make things more complicated, the 'vendored' meson package (that
comes with numpy) must be used. This is because they have some special
logic in there that's specific to numpy.
With this change, we also need to keep a special/internal
'openwrt-cross.txt.in' file, because cross-compiling numpy also requires
that a 'longdouble_format' property be added.
More details about this:
https://github.com/numpy/numpy/issues/23972https://github.com/numpy/numpy/blob/maintenance/2.2.x/doc/source/building/cross_compilation.rst
Removing quirk fix for x86_64 with detecting 'avx512f'.
This should work with the new meson stuff.
And finally, added a test.sh script.
This should make sure that this package works fine during upgrades.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Matthias Schiffer