This also adds GO_PKG_INSTALL_BIN_PATH which determines the path where
binaries are installed by GoPackage/Package/Install/Bin (this was
previously hard-coded to /usr/bin).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
In Go 1.15, the linker now defaults to internal linking mode for
-buildmode=pie on amd64 and arm64[1], however this results in go tool
binaries with the wrong dynamic linker/interpreter.
External linking is still used when PIE is enabled for other platforms,
whereas internal linking is used when PIE is not enabled.
This changes target Go to always use external linking, to fix PIE
binaries for amd64/arm64 and for consistency.
[1]: https://golang.org/doc/go1.15#linker
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Reuse GO_PKG_ENABLE_PIE from golang-package.mk
* Replace $(if ...) with $(or ...) to get default values
* Refactor vars common to each compile stage into variable
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also adds a config option GOLANG_BUILD_CACHE_DIR to customize the
location of the build cache directory.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also adds a config option GOLANG_MOD_CACHE_WORLD_READABLE; if
enabled, chmod is run after a Go package build to make all
files/directories in the module cache world-readable.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Developers of click decided to change their tarball, so it does no
longer contains capital C and because of that, we can throw
PYPI_SOURCE_NAME.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
1.15.1 includes a fix for CVE-2020-24553:
net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type
is not specified
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Vulnerabilities fixed:
* CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
* CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).
Imported patches from the debian package.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[strip C library after adding it to openwrt repository]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[strip C library after adding it to openwrt repository]]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
PycURL changeLog:
Version 7.43.0.6 - 2020-09-02
-----------------------------------------------------------------
This release improves SSL backend detection on various systems, adds support for libcurl’s multiple SSL backend functionality and adds support for several libcurl options.
Signed-off-by: Waldemar Konik <informatyk74@interia.pl>
Compile tested: x86_64
OpenWrt added pcre/host recently. When it is available (installed)
erlang finds staging_dir/hostpkg/include/pcre.h before it finds its own
copy and the build fails.
CC obj/x86_64-pc-linux-gnu/opt/smp/erl_bif_chksum.o
CC obj/x86_64-pc-linux-gnu/opt/smp/erl_bif_re.o
beam/erl_bif_re.c: In function 'erts_init_bif_re':
beam/erl_bif_re.c:96:5: error: 'erts_pcre_malloc' undeclared (first use in this function)
erts_pcre_malloc = &erts_erts_pcre_malloc;
^~~~~~~~~~~~~~~~
beam/erl_bif_re.c:96:5: note: each undeclared identifier is reported only once for each function it appears in
beam/erl_bif_re.c:97:5: error: 'erts_pcre_free' undeclared (first use in this function)
erts_pcre_free = &erts_erts_pcre_free;
^~~~~~~~~~~~~~
This adds a patch from Romain Naour and Bernd Kuhls to prevent that.
Patch snatched from buildroot [1].
[1] https://github.com/buildroot/buildroot/blob/master/package/erlang/0002-erts-emulator-reorder-inclued-headers-paths.patch
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This also removes PKG_BUILD_PARALLEL:=0 that was added for packages that
use HOST_PYTHON3_PACKAGE_BUILD_DEPENDS.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
In hash-checking mode[1], pip will verify downloaded package archives
(source tarballs in our case) against known SHA256 hashes before
installing the packages.
As a consequence, this requires the use of requirements files[2] and
pinning packages to known versions.
The syntax for package Makefiles has changed slightly;
HOST_PYTHON3_PACKAGE_BUILD_DEPENDS no longer accepts requirement
specifiers like "foo>=1.0", only requirements file names (which are the
same as package names in the most common case).
This also updates affected packages, in particular:
* python-zipp: "setuptools_scm[toml]" has been split into
"setuptools-scm toml" to reuse the requirements file for
setuptools-scm (the extra depends installed by "setuptools_scm[toml]"
is toml).
* python-pycparser: This previously used ply 3.10, whereas the
requirements file will now install 3.11.
[1]: https://pip.pypa.io/en/stable/reference/pip_install/#hash-checking-mode
[2]: https://pip.pypa.io/en/stable/user_guide/#requirements-files
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a config option PYTHON3_HOST_PIP_CACHE_WORLD_READABLE; if
enabled, chmod will be run after pip install to make all
files/directories in the host pip cache world-readable.
Supersedes https://github.com/openwrt/packages/pull/13012.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This includes a fix for CVE-2020-16845 (encoding/binary: ReadUvarint and
ReadVarint can read an unlimited number of bytes from invalid inputs).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Fixes https://github.com/openwrt/packages/issues/13016
Patch [1] broke compilation for python-pynacl.
The fix is to patch PyNaCl to consider that
PYNACL_HAS_CRYPTO_SCALARMULT_ED25519 is always available.
[1] 3ef28a4ab0
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
upgrade npm to 6.14.6
update openssl to 1.1.1g
Vulnerabilities fixed:
* CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
* CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
* CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Also:
* Remove patches that are included in the update
* Replace the python3 dependency with a smaller list (python3-urllib is
needed because it is a dependency of python3-email)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This version includes fixes for:
* CVE-2020-15801 - Fixes python3x._pth being ignored on Windows
* CVE-2019-20907 - Avoid infinite loop when reading specially crafted
TAR files using the tarfile module
This also:
* Remove patches that are included in the update
* Add a dependency in python3-distutils for python3-email[1]
[1]: https://github.com/python/cpython/blob/v3.8.5/Lib/distutils/dist.py#L10
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This version includes fixes for:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2020-15523: Python uses invalid DLL path after calling Py_SetPath
on Windows
This version also includes support for OpenSSL 1.1.x builds that use
'no-deprecated' and '--api=1.1.0'[1], and so this removes the previous
OpenSSL-related patches.
This also backports fixes for security issues, including:
* CVE-2019-20907: Infinite loop in the tarfile module
This also updates the setuptools and pip packages to 47.1.0 and 20.1.1,
respectively.
[1]: https://github.com/python/cpython/pull/20566
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a new Makefile variable, GO_PKG_TAGS, for Go packages. When
set, the value is passed as the parameter of the -tags option for 'go
install'.
This also updates syncthing to use this variable.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This reverts commit 33525fa8d5.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add me as co-maintainer, bump PKG_RELEASE, Makefile polishing]
