This changes the default build cache directory from $(TOPDIR)/.go-build
to $(TMP_DIR)/go-build, so that the cache directory is ignored by git
and is removed by "make dirclean".
This does not move/remove a build cache directory in the previous
location; it will need to be removed manually.
Fixes https://github.com/openwrt/packages/issues/13675.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also adds GO_PKG_INSTALL_BIN_PATH which determines the path where
binaries are installed by GoPackage/Package/Install/Bin (this was
previously hard-coded to /usr/bin).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
In Go 1.15, the linker now defaults to internal linking mode for
-buildmode=pie on amd64 and arm64[1], however this results in go tool
binaries with the wrong dynamic linker/interpreter.
External linking is still used when PIE is enabled for other platforms,
whereas internal linking is used when PIE is not enabled.
This changes target Go to always use external linking, to fix PIE
binaries for amd64/arm64 and for consistency.
[1]: https://golang.org/doc/go1.15#linker
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Reuse GO_PKG_ENABLE_PIE from golang-package.mk
* Replace $(if ...) with $(or ...) to get default values
* Refactor vars common to each compile stage into variable
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also adds a config option GOLANG_BUILD_CACHE_DIR to customize the
location of the build cache directory.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also adds a config option GOLANG_MOD_CACHE_WORLD_READABLE; if
enabled, chmod is run after a Go package build to make all
files/directories in the module cache world-readable.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Developers of click decided to change their tarball, so it does no
longer contains capital C and because of that, we can throw
PYPI_SOURCE_NAME.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
1.15.1 includes a fix for CVE-2020-24553:
net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type
is not specified
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Vulnerabilities fixed:
* CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
* CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).
Imported patches from the debian package.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>