Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 8d6a63df8ad0b8bdb4073e20774f34ae26791c5d)

The initial fix was done in a2e76e497.
Later we could revert it with 5779ae4c5 since a global fix
in gcc was deployed.

But now, PHP itself applied a workaround/fix in 8.2.8,
so that we now require the initial fix again.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 43b10ad9c1c288e3bc034a1c2be3bb0bd2749634)

Required by sifiveu and upcoming riscv targets.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit cf59047d3c3f07baed76751e19f06db9c6541800)

4.0.36 included a change to decimal parsing[1] that requires the decimal
module. Trying to load the pyodbc module without python3-decimal
installed would lead to a segmentation fault.

This adds python3-decimal as a dependency.

This also adds python3-uuid as a dependency as the module can accept and
return uuid objects[2].

[1]: https://github.com/mkleehammer/pyodbc/commit/6b107a2bcaf7379e5ba182007b6ecae1bc2fc931
[2]: https://github.com/mkleehammer/pyodbc/commit/2ad7a9ced7c9c33232c173668c0830a484cc92f3



Fixes: f02f3ee8c768 ("pyodbc: Update to 4.0.39")

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 668a0f9dd8baa2fb6275ff0e022b6f1bf390b7c2)

setuptools provides a local copy of distutils and when building a C
extension, this distutils will add the target LIBDIR (/usr/lib) to the
list of library paths.

If the build system has a libpython3.11.so in /usr/lib, then the linker
will try to link to this shared library and fail.

This adapts 008-distutils-use-python-sysroot.patch for host setuptools
to add the correct library directory.

Fixes: https://github.com/openwrt/packages/issues/22330



Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 624fb955619c0b4b368e2ac1880619f159e3b8d6)

Currently, rust fails to build for mipsel_24kc+24kf with "opcode not
supported on this processor: mips1 (mips1)" errors when building
libunwind.

Because mipsel_24kc+24kf is hard-float, a certain section of
src/llvm-project/libunwind/src/UnwindRegistersRestore.S is selected to
be compiled; the instructions in this section require MIPS II.

mipsel_24kc+24kf is compiled for MIPS32 Release 2 (MIPS32 is based on
MIPS II), but the C flags used to select this architecture were not
passed to the rust bootstrap (to be passed back to gcc).

This passes the C flags to rust bootstrap to fix this compile error.

This also adds PKG_BUILD_FLAGS:=no-mips16 as attempting to generate
MIPS16 code leads to a different compile error.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 54616e7049701996fab1dfb85ba0ebc3189b53ec)

The rust bootstrap downloads files into a "tmp" directory then moves the
files into the "cache" directory using std::fs::rename. There are no
issues in the original/unpatched case as "tmp" and "cache" are
subdirectories in the build directory ($(HOST_BUILD_DIR)/build) and so
are nearly guaranteed to be on the same filesystem.

35768bf31e5867046874dc6fd0374ff8fe575da2 changed where files are
saved/cached (in $(DL_DIR)/rustc). If HOST_BUILD_DIR and DL_DIR are on
separate filesystems, then using std::fs::rename to move the files will
fail.[1]

This updates 0002-rustc-bootstrap-cache.patch to account for this case,
i.e. if std::fs::rename fails, fall back to copying the file then
removing the original.

[1]: https://github.com/openwrt/packages/pull/22457



Fixes: 35768bf31e58 ("rust: Cache bootstrap downloads to $(DL_DIR)/rustc")

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f9f1e0220f872263d8f12c38df9984a40625430f)

Add pending patch converting the package to PCRE2.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit d191c3d0c409e150d7234a52715718dbe05c1bce)

Patch the target triple for Rust with glibc to include hard floating
point support.

The GNU target triple used elsewhere does not include hard float support,
instead `-mfloat-abi=hard` is passed separately. For Rust it must be
included in the target triple. This was already being done for musl,
this commit adds the same patching for glibc.

Without this patch Rust compilation fails with an error like this
(abbreviated to fit the line length):

    ld: error: libstd.so uses VFP register arguments, ... does not
    ld: failed to merge target specific data of file ...

Signed-off-by: Drew Young <dyoung@viridiparente.com>
(cherry picked from commit 3d799c3eeedfe8813ca3fb2debadffb231f621c1)

This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-44487: nghttp2 Security Release (High) (Depends on shared library provided by OpenWrt)
* CVE-2023-45143: undici Security Release (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 9101a21e535d2247b3fb85e0660f7bb0dd4a4290)

Includes fix for CVE-2023-39325 (net/http, x/net/http2: rapid stream
resets can cause excessive work).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f151ab8c0e6becdabc146e3c2fd1aa2d02708bd4)

patches refreshed.
changelog at https://github.com/rust-lang/rust/releases/tag/1.73.0

Also added a configuration ardument and patch
from https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-lang/rust/files/1.72.0-bump-libc-deps-to-0.2.146.patch?id=515b5920046117355d88b3494c74da269ce9b30a


to provide support for building rust on musl hosts.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>

rust: add support for musl build hosts

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit d3b1b0d34e24c16b6c285874113313221a69e675)

Notable Changes

 This release addresses some regressions that appeared in Node.js 18.18.0:

    (Windows) FS can not handle certain characters in file name #48673
    18 and 20 node images give error - Text file busy (after re-build images) nodejs/docker-node#1968
    libuv update in 18.18.0 breaks webpack's thread-loader #49911

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit b2079b87d1425f69feb89b8fa9f48f0a913e8fb2)

This adds a patch (submitted upstream in
https://github.com/PyO3/setuptools-rust/pull/364

), to read the profile
to pass to cargo from an environment variable.

This also updates the Python include files to set the environment
variable based on values from rust-values.mk.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 29ca9797a66f7e4d2ae40d26b91f3d1c2982a744)

* codegen-units, lto, opt-level - Set to values to optimize binary
  size[1].

* overflow-checks - Enabled because in release mode, integer overflows
  are defined as two's complement wrap[2]. It is highly unlikely that
  any program is intentionally relying on this behaviour; it would be
  better to panic instead of continue execution in this case.

* debug, debug-assertions, panic, rpath - Set to their default (release)
  values, to override any settings made by packages, e.g. ripgrep sets
  debug = 1[3].

[1]: https://github.com/johnthagen/min-sized-rust
[2]: https://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/
[3]: https://github.com/BurntSushi/ripgrep/blob/13.0.0/Cargo.toml#L79-L80



Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8bf2725f9be82eec0849cc5efe77bedeb0a693a0)

Using sccache makes recompilation of rustc and Rust packages faster.

This also makes the rust package visible in menuconfig, in order for the
sccache options to be accessible.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit b4ec01739865770e3d0432683406844f7fd8e707)

This allows cargo to use make's jobserver when building packages, by
marking the cargo command as recursive (with the + prefix[1]) and
setting MAKEFLAGS.

This also:

* Give cargo/x.py the build directory instead of having to change the
  current directory (and opening subshells)

* Set PKG_BUILD_PARALLEL/HOST_BUILD_PARALLEL for Rust packages to enable
  the use of make's jobserver

[1]: https://www.gnu.org/software/make/manual/html_node/POSIX-Jobserver.html



Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 0dfc1b508d5e5b361978ef9783cb63775176c305)
[omit changes to arp-whisper and procs]
Signed-off-by: Jeffery To <jeffery.to@gmail.com>

This consolidates all environment variables for cargo into:

* CARGO_HOST_CONFIG_VARS / CARGO_PKG_CONFIG_VARS

  These contain all cargo-specific environment variables, i.e. without
  "common" variables like CC.

* CARGO_HOST_VARS / CARGO_PKG_VARS (renamed from CARGO_VARS)

  These contain all environment variables to be passed to cargo.

This also:

* Set the CARGO_BUILD_TARGET environment variable instead of using the
  --target command-line option

* Update Python include files to use CARGO_HOST_CONFIG_VARS /
  CARGO_PKG_CONFIG_VARS

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 9db7284d589dc8490f8c7dbe56af731fce953eda)

As CARGO_HOME mainly functions as a download and source cache[1], moving
it into $(DL_DIR) allows it to persist and be reused between different
buildroots/sdks (when DL_DIR is set to a custom/external location).

[1]: https://doc.rust-lang.org/cargo/guide/cargo-home.html



Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 853c9c9e8625c54a2c3214b2ef770ffc76bd3495)

This also:

* Modify the "release" profile in place of adding the "stripped" profile

  Only the profile for target is modified; there are no file size
  constraints for host.

* For host, build with the "release" profile

* For target, build with either the "dev" or "release" profile based on
  CONFIG_DEBUG

There is no environment variable to specify the "strip" option, but
enabling this option is not necessary as the build system will already
strip binaries based on CONFIG_NO_STRIP / CONFIG_USE_STRIP /
CONFIG_USE_SSTRIP.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 5c5123f0f63cfda1d4f17a5d315356883fd82923)

This allows rustc/cargo/etc to be called without having to set PATH, as
$(STAGING_DIR)/host/bin is already in PATH.

This also fixes CARGO_HOME not being set during Host/Configure and
Host/Compile.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 49aaf19c65a35c37725ead7a438684411b512d6f)

* Compress dist archives with gzip instead of xz; gzip is faster to
  compress and decompress

* Use a for loop instead of calling find to extract archives

* Use libdeflate's gzip to decompress instead of gzip

* Limit search for install scripts to top level of extracted archives

This also runs the install scripts with bash instead of sh, in
accordance with the shebang lines inside the scripts.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 855623d8cce4db8655af58bed5d52c64d38608c5)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 35768bf31e5867046874dc6fd0374ff8fe575da2)

Features to be enabled for host may not be the same as those for target.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit d24095b8fc5b8d4e509d59f73d6901842b50c4bd)

The build system already requires Python to be installed.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit a00dae9ed071030426a9e2c624aec58bb62538f0)

This also updates the list of dependencies and adds a test.sh script for
the packages feed CI.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 7e8f7b28d74ca2044309dff9c789dec055ee43c5)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 2aba43afe9e1bf5d9dc5e3578af7f82f6da51b2b)

Includes fix for CVE-2023-39323 (cmd/go: line directives allows
arbitrary execution during build).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit a8374204bbf5c111f8492995560088a4c399dca4)

Move the order in which BuildPackage is called, so that the libpython
package is built ahead of the module packages, to avoid forcing a
clean-build of the package when 'make package/python3/compile' is called
a second time without changes.

The library must be built first, so that when the buildsystem checks for
ABI version changes using libpython3.version, its timestamp should be
older than the dependent package's STAMP_PREPARED file.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c230d7bd7f8a794032d2414588f1cdfc1a5ec74e)

The package changed to the hatchling build backend.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 00841f98731fe7599c7f2cae2bf4e08599833647)

This includes a patch to unpin the version of setuptools required for
build; the required version is newer than the version bundled with
Python 3.11. This patch should not be necessary when Python 3.12 is
available.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit dd5af62695e2c0fcf421adfffbea92f37d1a652d)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 78bcdd0fd1291a1a02e0d73e43c28e04f36d507d)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6b3da46777bb5d029a4933481ee5939efa7c7109)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit bb278a015c6b76ca2c9fdf6663dbd7428777915e)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 85540346fef07abf5df1a2d3558b341e7afb60d8)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit cb8648679b01982131eda7b2e74aff02f9a7499e)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 423235b40a84663c611e0f95abb11aaa7202681d)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit c12e4e873d43c6d61909f1a110be924918be1ab5)

This includes a patch to update the version of ouroboros (Rust crate)
used, to fix RUSTSEC-2023-0042[1]. Upstream has switch from ouroboros to
self_cell so this patch should only be necessary for cryptography 41.

[1]: https://rustsec.org/advisories/RUSTSEC-2023-0042.html



Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 9fdff3ea94662653188c3902840e97c35e9f138f)

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 4d43be8549c8240f5039040fd1efd44aa2eb61fa)