Includes fix for CVE-2023-39325 (net/http, x/net/http2: rapid stream
resets can cause excessive work).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Upstream has updated the Go compiler to not use gold when building for
arm, and is waiting for a fix to binutils (released in 2.41) before
doing the same for aarch64.[1]
Based on the above, it does not appear that
golang/go#49748 will be merged. This removes the
patch from that pull request.
[1]: golang/go#22040
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
also add new variable CARGO_VARS to make it possible
to pass environment variables for cargo process.
This is necessary when for example, cross-compiling
netavark.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Includes fixes for:
* 1.20.1:
* CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
Windows
* CVE-2022-41723: net/http: avoid quadratic complexity in HPACK
decoding
* CVE-2022-41724: crypto/tls: large handshake records may cause panics
* CVE-2022-41725: net/http, mime/multipart: denial of service from
excessive resource consumption
* 1.20.2:
* CVE-2023-24532: crypto/elliptic: specific unreduced P-256 scalars
produce incorrect results
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2023-2453 (crypto/elliptic: specific unreduced
P-256 scalars produce incorrect results).
This also includes makefile updates for Go 1.19.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
llvm-bpf is not ready for generic usage, so use prebuilt llvm toolchain
provided by the rust project to speedup build (~1hour faster).
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Added new RustBinPackage, RustBinHostBuild wrapper.
Added new RUST_PKG_FEATURES flag.
Moved CARGO_HOME to STAGING_DIR_HOSTPKG.
Overrode default Build/Compile and Host/Compile to Cargo build.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
These tarball cannot be reused, so simply drop them.
Also move cargo config to a file instead of using echo command.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
