| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Stephane Chazelas discovered a bug in the environment handling in Perl.
Perl provides a Perl-space hash variable, %ENV, in which environment
variables can be looked up. If a variable appears twice in envp, only
the last value would appear in %ENV, but getenv would return the first.
Perl's taint security mechanism would be applied to the value in %ENV,
but not to the other rest of the environment. This could result in an
ambiguous environment causing environment variables to be propagated to
subprocesses, despite the protections supposedly offered by taint
checking.
With this update Perl changes the behavior to match the following:
a) %ENV is populated with the first environment variable, as getenv
would return.
b) Duplicate environment entries are removed.
References:
* http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
| |/
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
| |\
| |
| | |
perl: ensure File::Spec::canonpath() preserves taint [CVE-2015-8607]
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath()
routine returned untained strings even if passed tainted input. This defect
undermines the guarantee of taint propagation, which is sometimes used to
ensure that unvalidated user input does not reach sensitive code.
This defect was found and reported by David Golden of MongoDB, and a patch
was provided by Tony Cook.
References:
* https://rt.perl.org/Public/Bug/Display.html?id=126862
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8607
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
| |/
|
|
|
|
| |
changes in trunk
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
| |
Apparently, recompiling/relinking fails under some circumstances. This
patch has been reported to work around that issue.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
| |
Configuration scripts expect the libc identifier to be "uclibc" in case we're using it,
OpenWrt provides "uClibc". Oh well...
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
| |
This was previously manually set to '4.8.0'. Aside from just being incorrect,
it also breaks Errno's GCC5 detection.
Fixes #2044.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
| |
The old scheme didn't make any sense...not that there was a scheme really.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
| |
This will make microperl unable to build. That's okay, since we haven't
been building it for quite a while now.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
perlbase-essential and perlbase-config depend on functionality from
each other. Previously, this was solved by just making perlbase-config depend
on perlbase-essential.
However, since a simple "use lib" is enough to trigger pulling in Config, this
approach doesn't seem to make much sense. So let's just make perlbase-essential
depend on perlbase-config instead.
This pulls in perlbase-config as a dependency to pretty much every Perl package,
so in the future we might want to just merge Config into perlbase-essential.
Thanks to Robert Högberg for spotting this.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |\
| |
| | |
perlbase-data: Add dependency on perlbase-bytes
|
| | |
| |
| |
| |
| |
| |
| | |
Dumper.pm, included in perlbase-data, uses module bytes, so add dependency
on openwrt package perlbase-bytes.
Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Despite being just a packaging update, this update packs quite a few changes.
To start things off, we're finally passing perl's testsuite on at least
x86/musl. There are a lot of skipped tests left, as well as some oddities.
Nothing too heavy though. Making this happen was an ongoing effort since the
perl-5.20.1 release.
We still can't run module testsuites and I don't expect all target/libc
combinations to pass yet. So we'll leave test suite support marked as
experimental.
We've also switched from the old collection of target-specific configuration
files to a new, more flexible and easier-to-maintain system based on
perlconfig.pl. It'll generate a suitable configuration file using information
found in it's *.config files as well as command-line parameters passed.
See the POD and files/README.config for details.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
| |
This test requires a ps which provides the -f option, as well as suitable output.
We can't provide either with busybox. Just skip it for now.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
| |
- Add perlbase-meta-notation
- Include missing files and tests/test data
- Install Archive::Tar utilities
- Update dependencies
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
| |
- Add some useful options for debugging tests and test failures
- Properly handle tests located in lib/
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
| |
This needs to be a concatenation of {nonxs,dynamic,static}_ext, as
shown by Config/Extensions.t.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
| |
There is no other place for them really.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
While setlocale() is present, musl currently doesn't provide a suitable implementation.
It'll silently accept every locale, even if not present at all, defaulting them
to C.UTF-8. This will confuse applications as well as our testsuite(see lib/locale.t).
Even if a locale does exist, it's effects will not apply to an extent that will
satisfy many applications.
Avoid further mischief here and just disable setlocale() for now.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This replaces the previously used collection of configuration files for every single
architecture in conjunction with hacky overrides, which became an increasing burden to maintain.
Fixes a number of outstanding bugs and oddities, with the most important one being the
previously wrong signal order(as shown by ext/POSIX/t/sigaction.t).
See files/perlconfig.pl's POD and files/README.config for details.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
| |
- Remove perlbase-cgi
- Remove Module::Build from perlbase-module
- Remove perlbase-package
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
| |
This will simplify updating the package in the future.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add patch to inhibit the libm IEEE math switch on musl
- Add postprocessing for config.sh to the Makefile to fixup
defines for musl, idea taken
from http://patchwork.openembedded.org/patch/91707/
This is the least invasive approach I could come up to fix the build
failure asap. Another possibility is maintaining yet another set of
musl specific architecture config files, but I think that this introduces
a lot of maintenance overhead.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
| |
Fixes broken largefile support.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
While host-perl only exists to run build scripts(and thus, should have
no influence on built packages at all), most packages depend heavily on the
feature set of the perl installation that ran their configuration scripts.
This change makes them see that threading support is enabled(if it actually
is selected).
We can't use configuration symbol overrides for this one, as they are
visible to host-perl as well. Using overrides would make it act as if it
had threading support enabled without actually having it.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
| |
perl would have done the same.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
|
|
|
|
|
| |
This will not change any existing packages' functionality. All packages
that used this symbol before during build(with it's value being "cc -E") most
likely would've failed compilation.
Note that this change is only in effect during build.
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|
| |
|
|
| |
Signed-off-by: Marcel Denia <naoir@gmx.net>
|