Fixes CVE-2018-12015 - In Perl through 5.26.2, the Archive::Tar module
allows remote attackers to bypass a directory-traversal protection
mechanism, and overwrite arbitrary files, via an archive file containing a
symlink and a regular file with the same name.
Patch from
ae65651eab
with path rewritten to match perl tarball.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Instead of DL_DIR, the package should now use $(PKG)_DL_DIR to ease the
transition into a new directory structure for DL_DIR.
This commit has been generated with the following scripts:
for i in $(find . -iname "*.mk"); do
if ! grep -q "\$(DL_DIR)" ${i}; then
continue
fi
pkg_name="$(basename $(dirname ${i}))"
[ "${pkg_name}" = "package" ] && continue
raw_pkg_name=$(echo ${pkg_name} | tr [a-z] [A-Z] | tr '-' '_')
pkg_dl_dir="${raw_pkg_name}_DL_DIR"
sed -i "s/\$(DL_DIR)/\$($pkg_dl_dir)/" ${i}
done
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.
The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove the redundant usr/ component of the HOST_DIR paths. Since a
previous commit added a symlink from $(HOST_DIR)/usr to $(HOST_DIR),
everything keeps on working.
This is a mechanical change with
git grep -l '\$(HOST_DIR)/usr' | xargs sed -i 's%\(prefix\|PREFIX\)=\("\?\)\$(HOST_DIR)/usr%\1=\2$(HOST_DIR)%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We no longer support building the full-blown libintl in static linking
scenarios, as it causes too many problems. Therefore, remove the patch
that was handling this.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for licenses as much as possible. SPDX
short identifier for GPLv1/GPLv1+ is GPL-1.0/GPL-1.0+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/GPLv1(\+)?/GPL-1.0\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
perl may fail to build on newer host architectures such as aarch64 due
to its inability to guess the host architecture to build 'miniperl',
which is built during the process. An error message looks like this:
Configuring build-time miniperl for unknown
ERROR: No $target defined (?!)
ERROR: configure --mode=buildmini failed
This happens because the config.sub and config.guess files from perl are
not modified and may become outdated.
These files are normally updated automatically by a Buildroot hook for
autotools packages, to avoid problems like these.
Although perl uses the config.sub and config.guess files, it is not a
strict autotools package, so it is not defined as an "autotools-package"
in Buildroot and so it doesn't inherit the hook.
This commit makes perl borrow the hook from the autotools infrastructure
so that it can build on newer build architectures.
This has been tested by building it on an aarch64 host machine.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit e1a4b820ff.
As explained by François Perrad:
"""
perl-cross 1.1.0 is not mature (11 issues opened on september), it is
a full refactor, there are already 19 commits after this tag.
I never bump a perl version 5.x.0, I always wait the version 5.x.1
If you really need a perl 5.24.0, cross-compiled it with
perl-5.24.0-cross-1.0.3.
When I bump a perl version, I run on target the full Perl test suite
(~ 800 000 tests), and failures are not expected.
With cross-perl 1.0.3 and 1.1.0 tags, there have failures described in
https://github.com/arsv/perl-cross/issues/33
"""
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Register package-specific target-finalize hooks with the
newly-introduced <PKG>_TARGET_FINALIZE_HOOKS.
This incidentally fixes luarocks, which was registering target-finalize
hooks even when it was not enabled.
To be noted, the skeleton package is not converted, because it is not
optional, we always have it; so its hooks would always be registered
anyway. Besides, the followup patches would render this conversion moot
anyway, since those hooks would be spread across the various skeleton
packages.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The hostname does not look like it serves any useful purpose, except
maybe to set set perladmin email.
Which is undoubtfully useless on the target.
A followup commit will make the hostname depend on the default skeleton,
so it won't always be available. We can not rely on it to be set.
Besides, even today it is not guaranteed to be set; a user may well
leave it empty.
Use a dummy hostname.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas:
- add comment in scancpan about the version dependency, suggested by
Yann E. Morin.
- add comment in perl.mk about the need to sync any version change with
scancpan, also suggested by Yann E. Morin.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
my previous patch about static build (0001-fix-EUMM.patch) was not the good fix.
see discussion: http://github.com/arsv/perl-cross/issues/18
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now the ccache handling has moved to the toolchain wrapper, it is no
longer necessary to pass TARGET_CC_NOCCACHE.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The PERL_FINALIZE_TARGET always runs, even if perl is not installed.
This results in errors from the find command when it fails to find
anything, even when doing "make -s":
>>> Finalizing target directory
find: `...../output/target/usr/lib/perl5/': No such file or directory
find: `...../output/target/usr/lib/perl5/': No such file or directory
find: `...../output/target/usr/lib/perl5/': No such file or directory
This is not helpful for projects that do not select Perl. Silence this
by making the hook conditional on package selection.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
fix some build failures,
see https://github.com/arsv/perl-cross/issues/17
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
These are no longer required so remove them.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that largefile is mandatory removes package dependencies and
conditionals.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Instead of manually using the DOWNLOAD macro (which should remain an
internal macro), this commit converts the Perl package to use
<pkg>_EXTRA_DOWNLOADS, now that it has been extended to allow full
URLs.
[Thomas: as suggested by Yann, keep comment explaining how we handle
perl-cross.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
this release contains a fix for yacc/bison issue,
see http://github.com/arsv/perl-cross/issues/13
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit makes sure the date of a C file is newer than the date of
the corresponding Bison source file, so that the build process doesn't
try to regenerate it. This avoids the need to have host-bison as a
dependency for the perl build.
Fixes:
http://autobuild.buildroot.net/results/1c2/1c261b09f5a4a314d5dcbc1e5811af9c7d18658a/
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix:
WARNING: No hash found for perl-5.20.1-cross-0.9.4.tar.gz
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
