From: Ross Burton Date: Tue, 14 Apr 2026 15:56:52 +0000 (+0100) Subject: perl: link to the system bzip2 instead of a vendored copy X-Git-Tag: yocto-6.0~112 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32dffd9a4ec7abb028765c3f662bcaede3f9f060;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git perl: link to the system bzip2 instead of a vendored copy The perl module Compress-Raw-Bzip2 defaults to using a vendored copy of the bzip2 sources. We should be building perl against the system bzip2 recipe to avoid potential security issues. This is a little fiddly in the DEPENDS as bzip2-native is assume-provided so we need to depend on bzip2-replacement-native for the native build. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-devtools/perl/perl_5.42.0.bb b/meta/recipes-devtools/perl/perl_5.42.0.bb index 5992ac2d92..cf28067bab 100644 --- a/meta/recipes-devtools/perl/perl_5.42.0.bb +++ b/meta/recipes-devtools/perl/perl_5.42.0.bb @@ -30,7 +30,9 @@ B = "${WORKDIR}/perl-${PV}-build" inherit upstream-version-is-even update-alternatives -DEPENDS += "perlcross-native zlib virtual/crypt" +DEPENDS += "perlcross-native bzip2 zlib virtual/crypt" +DEPENDS:append:class-native = " bzip2-replacement-native" + # make 4.1 has race issues with the double-colon usage of MakeMaker, see #14096 DEPENDS += "make-native" @@ -59,8 +61,10 @@ CFLAGS:append:toolchain-clang = " -fno-strict-aliasing" # Needed with -march=x86-64-v3 CFLAGS:append:toolchain-gcc:class-target:x86-64 = " -fno-builtin-memcpy -D__NO_STRING_INLINES -U_FORTIFY_SOURCE" -# Link Compress-Raw-Zlib to the system zlib instead of a vendored copy +# Link Compress-Raw-Zlib to the system libraries instead of a vendored copy EXTRA_OEMAKE += "BUILD_ZLIB=False ZLIB_INCLUDE=${STAGING_INCDIR} ZLIB_LIB=${STAGING_LIBDIR}" +# Link Compress-Raw-Bzip2 to the system libraries instead of a vendored copy +EXTRA_OEMAKE += "BUILD_BZIP2=False BZIP2_INCLUDE=${STAGING_INCDIR} BZIP2_LIB=${STAGING_LIBDIR}" CVE_STATUS[CVE-2026-4176] = "not-applicable-config: we do not use the vendorered zlib"