This fixes the following CVEs:
- in intl: CVE-2016-7416
- in mysqlnd: CVE-2016-7412
- in phar: CVE-2016-7414
- in spl: CVE-2016-7417
- in standard: CVS-2016-7411
- in wddx: CVE-2016-7413, CVE-2016-7418
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- in GD: CVE-2015-8874, CVE-2016-5766, CVE-2016-5767
- in mbstring: CVE-2016-5768
- in mcrypt: CVE-2016-5769
- in SPL: CVE-2016-5770, CVE-2016-5771
- in WDDX: CVE-2016-5772
- in zip: CVE-2016-5773
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- in BCMath: CVE-2016-4537, CVE-2016-4538
- in EXIF: CVE-2016-4542, CVE-2016-4543, CVE-2016-4544
- in GD: CVE-2016-3074
- in Intl: CVE-2016-4540, CVE-2016-4541
- in XML: CVE-2016-4539
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The original Google Code repository is not available anymore, use the
equivalent Github repository instead.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This release includes new SSL certificates for RubyGems. And, this also
includes about 80 bug fixes after the previous release. See the
http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog for details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This release includes a security fix for Fiddle extension.
* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL
There are also some bugfixes.
In package, now LD_FLAGS is copied to DLD_FLAGS (used by ruby for libraries).
The missing values from LD_FLAGS cause build error when gcc does not implicitly
include staging/usr/lib.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This fixes the following CVEs:
- in PCRE: CVE-2015-2325, CVE-2015-2326
- in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability,
a heap buffer overflow in unpack and a integer overflow in ftp_genlist,
which also results in a heap overflow.
For more details, see http://php.net/ChangeLog-5.php#5.6.9
Also sync the timezone patch with latest version from Debian and
adopt this patch for the changes in this php release.
Refresh 950-Fix-dl-cross-compiling-issue.patch.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This patch adds build infrastructure for PHP's OPcache extension.
Compared with the other extension, this is a Zend module and it
need a little workaround during cross-compiling.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Since 94f87dc1, host build of Python depends on expat installed in host
staging directory. However, pyexpat extension fails to build if expat
was not built and installed to staging dir before - adding host build
dependency should fix this.
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
Patch removing multiarch paths from build should be applied only when
Python is built for target, but not for host. When the paths are removed
during host build, host python throws some ugly errors when importing
some hashlib modules. Also it reports that modules crypt and nis failed
to build (tested on Ubuntu 14.04 host).
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
Build depends must refer to the source package name, not the binary one,
therefore we need to use `bzip2` in order to enforce a build of libbz2.so.
Also make the host python build depend on the bzip2 host build in order to
ensure that host python is built with bzip2 support. We don't need a build
dependency for the target python as this already depends on +libbz2 through
python-light. That package dependency in turn implies a build dependency.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
