Fixes a number of security issues and adds support for PUT/DELETE. From the
release mail:
<snip>
Stephen Röttger reported a number of security bugs, the most serious of
which is a potential heap overflow in sliding_buffer.c (file uploads).
There is a potential for remote code execution.
At the same time, I've made an *experimental* change to allow RESTful
API's possible:
* PUT and DELETE methods are handled by the POST and GET handlers.
* For mostly historical reasons, data on the URI is still called
GET.<var>, and data in the body is named POST.<var>
* If the Content-Type is not "application/x-www-form-urlencoded", Haserl
won't try to urldecode the POST contents - it will just put the body in
POST.body verbatim.
</snip>
The lua handling now uses pkg-config, so adjust the code to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 0.8 version hasn't seen any updates since 2005, and there's no real
reason to continue to use it today, so deprecate it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In the Config.in file of package foo, it often happens that there are other
symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense
when foo itself is enabled. There are two ways to express this: with
depends on BR2_PACKAGE_FOO
in each extra symbol, or with
if BR2_PACKAGE_FOO
...
endif
around the entire set of extra symbols.
The if/endif approach avoids the repetition of 'depends on' statements on
multiple symbols, so this is clearly preferred. But even when there is only
one extra symbol, if/endif is a more logical choice:
- it is future-proof for when extra symbols are added
- it allows to have just one strategy instead of two (less confusion)
This patch modifies the Config.in files accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The Lua website says:
"Like most names, it should be written in lower case with an initial capital,
that is, "Lua". Please do not write it as "LUA", which is both ugly and
confusing, because then it becomes an acronym with different meanings for
different people."
http://www.lua.org/about.html
So, let's honor this request in buildroot.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The 0.8.0 version is at /projects/haserl/haserl/0.8.0, and 0.9.x versions
at /projects/haserl/haserl-devel/.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
On commit 5538e47662 the versioned package
patches changed the directory structure but the packages weren't fixed.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
haserl no longer ships haserl_lualib.inc so our lua2c hack didn't work
anymore.
Fix is by adding a patch to re-add it and move the Makefile.in changes
to here rather than with sed.
Longer term we should probably add host-lua support instead.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The configuration cache shared between packages, while being in
principle a nice idea to speed-up the configuration of packages by
avoiding repetitive identical checks, turned out to be unreliable due
to the subtle differences between similar but not identical checks in
different packages. After spending some time trying to fix those, we
concluded that supporting the shared configuration cache is definitely
too hard and too unreliable, and that we'd better get rid of it
altogether.
This patch therefore removes the shared configuration cache
infrastructure and usage.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Now that <pkg>_INSTALL_TARGET_OPT always defaults to
'DESTDIR=$(TARGET_DIR) install', we can remove the
<pkg>_INSTALL_TARGET_OPT definition from a lot of packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The ac_cv_path_install override is needed to strip the target binary for
haserl 0.8.0, but it doesn't interact nicely with the shared cache, so
disable the cache for now.
Longer term we should probably forget about install-strip and do the
strip/cleanup/mklibs stuff as a post processing step before the target
filesystem rules are run.
