If the download directory is on another filesystem (NFS), then the
current implementation of bootstrapping rust fails. Because the 'syscall'
(rename) does not work on crossing filesystem boundary.
This chnage was already merged upstream to the github main rust repository.
rust-lang/rust#124975
The patch has been rebased so that it can be applied correctly.
No functional change.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Preparing to update icu4c to 75.
Created a patch for build errors in php-intl.
```
In file included from /mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/unistr.h:39,
from ext/intl/intl_convertcpp.h:22,
from ext/intl/intl_convertcpp.cpp:17:
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:29: error: 'enable_if_t' in namespace 'std' does not name a template type
133 | typename = std::enable_if_t<
| ^~~~~~~~~~~
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:24: note: 'std::enable_if_t' is only available from C++14 onwards
133 | typename = std::enable_if_t<
| ^~~
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:40: error: expected '>' before '<' token
133 | typename = std::enable_if_t<
| ^
```
The FreeBSD ports patch was used as a reference.
e680bd98d3
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Add new lua version 5.4 required by new version of nmap.
Patches are copied from lua 5.3.
- Readline patch has to be reworked as lua 5.4 now supports
no readline for Linux but still needs some tweaks for macOS
and bsd systems.
- Patch shared lib required some rework.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This is a security release.
Notable Changes
* CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Reverts [1] to resolve the following build error on macOS:
/Volumes/wrt3200/openwrt/staging_dir/hostpkg/usr/bin/perl installperl --destdir=/Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install
WARNING: You've never run 'make test' or some tests failed! (Installing anyway.)
/usr/bin/perl5.38.2
error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/install_name_tool: input file: /Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install/usr/bin/perl5.38.2 is not a Mach-O file
[1] 88efce3814
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Make the python-jinja2/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Make the python-yaml/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is a security release
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.22.2 (released 2024-04-03) includes a security fix to the
net/http package, as well as bug fixes to the compiler, the
go command, the linker, and the encoding/gob, go/types,
net/http, and runtime/trace packages.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.2
Find out more:
https://github.com/golang/go/issues?q=milestone%3AGo1.22.2
Signed-off-by: Shi JiaYang <shi05275@163.com>
Relevant changes since previous 3.9.13:
- FIXED: Fix crash serializing str introduced in 3.9.11
- FIXED: Implement recursion limit of 1024 on orjson.loads()
- FIXED: Use byte-exact read on str formatting SIMD path to avoid crash
- Build now depends on Rust 1.72 or later
- Support serializing numpy.float16 (numpy.half)
- sdist uses metadata 2.3 instead of 2.1
- Improve Windows PyPI builds
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1 ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Go 1.22.1 contains the following security fixes:
- CVE-2024-24783:
crypto/x509: Verify panics on certificates with an unknown public key
algorithm
- CVE-2023-45290
net/http: memory exhaustion in Request.ParseMultipartForm
- CVE-2023-45289
net/http, net/http/cookiejar: incorrect forwarding of sensitive headers
and cookies on HTTP redirect
- CVE-2024-24785
html/template: errors returned from MarshalJSON methods may break
template escaping
- CVE-2024-24784
net/mail: comments in display names are incorrectly handled
https://go.dev/doc/devel/release#go1.22.1https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Added a third bootstrap stage since go1.22 (and onwards) requires
at least go1.20.14 to build.[1]
[1]: https://go.dev/doc/go1.22#bootstrap
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Florian Eckert