musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
As noted in the release notes of musl 1.2.4, we can use
CFLAGS to pass -D_LARGEFILE64_SOURCE to allow to keep
using LFS64 definitions (as a short-term solution).
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This also removes the patch to avoid setuptools-scm and adds a build
dependency on python-setuptools-scm/host.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
_LARGEFILE64_SOURCE has to be defined in the source, or CFLAGS can be used
to pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This stops numpy from reading .numpy-site.cfg in the build user's home
directory. The code actually tries to find both .numpy-site.cfg and
site.cfg in the user's home directory; this patch prevents both.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Currently, if OpenBLAS support is not enabled, a site.cfg file is not
written and numpy will use build host paths for libraries. If the build
host has any conflicting libraries, specifically libpython3.10.a, then
compilation will fail.
This ensures site.cfg is always written with buildroot paths.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The versions of setuptools and wheel pinned in pyproject.toml are older
than the versions available in the packages repo. This unpins the
versions so that the build can proceed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
Canonical source for classifiers on PyPI.
Classifiers categorize projects per PEP 301. Use this package to
validate classifiers in packages for PyPI upload or download.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
The calver package is a setuptools extension for automatically defining
your Python package version as a calendar version.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
old eventlet is not working well with python3.10
```
root@turris:~# python3
Python 3.10.9 (main, Feb 9 2023, 10:37:45) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import eventlet
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/__init__.py", line 17, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/convenience.py", line 7, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/socket.py", line 4, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/_socket_nodns.py", line 11, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/__init__.py", line 3, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/base.py", line 32, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/timeout.py", line 166, in wrap_is_timeout
TypeError: cannot set 'is_timeout' attribute of immutable type 'TimeoutError'
```
see 0.33.3 release notes for details - https://eventlet.net/doc/changelog.html#id1
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
Ruby uses extensions (.so files) that might also depend on other
libraries. When the linker builds an executable, it will refer to the
path it found the library, including those in the stagging dir. However,
when it links a shared library (like ruby exts), it will let that
dependency to be resolved at runtime.
During host and target build, ruby build script runs ruby scripts. When
it loads a ext that depends on another library, it will, by default,
look for the system libraries to satisfy that, breaking the build when
it fails. Setting LD_LIBRARY_PATH to the stagging lib dir is a valid
workaround.
Ruby can also be built statically linking all exts into ruby executable.
That will make the linker point to the stagging library path, fixing the
issue. It was used in the past but, at some point, ruby broke it. Now it
is working as expected.
Closes#20839
While at it, clean up excluded extensions not used by host ruby.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This updates the python3-find-stdlib-depends.sh script for these
changes:
* The gdbm (dbm.gnu) package was merged into the dbm package in
78f6c2c5ad.
* The uuid module was split into a separate package in
4e05541782.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Rename PYTHON3_PKG_SETUP_VARS to PYTHON3_PKG_BUILD_VARS, and
PYTHON3_PKG_SETUP_DIR to PYTHON3_PKG_BUILD_PATH
The new variable names emphasize that these values apply to the new
build process.
* Remove PYTHON3_PKG_SETUP_ARGS set to the empty string
These were set to override the default arguments in the old build
process and not applicable to the new build process.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates the build options for these packages to work with the
pyproject.toml-based build process, and removes
PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This removes the changes made in
61f202c017 and adds actual support for
pyproject.toml-based (PEP 517) builds of Python packages.
Packages can force the use of the old build process by setting
PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1; this should only be a temporary
workaround until the package can be updated/fixed to use the new build
process.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
These packages will need adjustments to work with pyproject.toml-based
builds, so set PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1 to force the old
build process (when pyproject.toml-based builds are in place) for now.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2022-39348 (NameVirtualHost Host header injection).
This adds a build dependency that will be required for
pyproject.toml-based builds.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a build dependency that will be required for
pyproject.toml-based builds.
This also removes the run-time dependency on python3-attrs; there is no
indication this package is required.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
These will be required for pyproject.toml-based builds.
This also includes a patch to unpin the version requirement for
setuptools, as the current in-repo version of setuptools does not
fulfill this requirement, and there does not appear to be any specific
reason why this version requirement is necessary.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a build dependency that will be required for
pyproject.toml-based builds.
This also marks the package as BROKEN (for now) as it requires proper
support for pyproject.toml-based builds.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
setuptools-scm is a declared build dependency[1], and pkgconfig will
allow setup to find the required libraries, replacing the need to set
environment variables.
[1]: https://github.com/borgbackup/borg/blob/1.2.4/setup.py#L313
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
pkgconfig is a Python module to interface with the pkg-config command
line tool for Python 3.3+.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.
The following temporary change was made to the core:
diff --git a/rules.mk b/rules.mk
index 57d7995d4fa8..f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))
COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
all:
FORCE: ;
And this command used to fix affected packages:
for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/download
done
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Description:
Update to v18.16.0
Fixed a bug when selecting arm-fpu for vfpv3-d16.
Notable changes
Add initial support for single executable applications
Replace url parser with Ada
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This release includes security fixes. Please check the topics below for
details.
- CVE-2023-28755: ReDoS vulnerability in URI
- CVE-2023-28756: ReDoS vulnerability in Time
See https://github.com/ruby/ruby/releases/tag/v3_2_2 for further details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Note that init script won't do much without configuration provided.
The init script comes from the upstream README file.
Also add missing dependency.
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
See commit da370098 "treewide: add support for "gc-sections" in
PKG_BUILD_FLAGS" on the main repository.
Note: This only touches packages which use all three parts
(-ffunction-sections, -fdata-sections and -Wl,--gc-sections) enabled by
this build flag. Some packages only use a subset, and these are left
unchanged for now.
Signed-off-by: Andre Heider <a.heider@gmail.com>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
From the README:
hatch-fancy-pypi-readme is a Hatch metadata plugin for everyone who
cares about the first impression of their project’s PyPI landing page.
It allows you to define your PyPI project description in terms of
concatenated fragments that are based on static strings, files, and most
importantly: parts of files defined using cut-off points or regular
expressions.
Once you’ve assembled your readme, you can additionally run regular
expression-based substitutions over it. For instance to make relative
links absolute or to linkify users and issue numbers in your changelog.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
This provides a plugin for Hatch that uses your preferred version
control system (like Git) to determine project versions.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also marks python3-pytest as BROKEN (for now) as the in-tree
version is not compatible with this version of pluggy.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
pathspec is a utility library for pattern matching of file paths. So far
this only includes Git's wildmatch pattern matching which itself is
derived from Rsync's wildmatch. Git uses wildmatch for its gitignore
files.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
A Python library for creating "editable wheels"
This library supports the building of wheels which, when installed, will
expose packages in a local directory on sys.path in "editable mode". In
other words, changes to the package source will be reflected in the
package visible to Python, without needing a reinstall.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
A PEP 518 build backend that uses setuptools_scm to generate a version
file from your version control system, then flit_core to build the
package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
A PEP 517 build backend implementation developed for Poetry. This
project is intended to be a light weight, fully compliant,
self-contained package allowing PEP 517 compatible build frontends to
build Poetry managed projects.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The host build replaces the use of the host pip requirements file. This
also updates the dependants of setuptools-scm to depend on the host
build.
This also removes the toml host pip requirements file as toml is not
used by any other package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The host build replaces the use of the host pip requirements file. This
also updates the dependants of cffi to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The host build replaces the use of the host pip requirements file. This
also updates the dependants of ply to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The host build replaces the use of the host pip requirements file. This
also updates the dependants of Cython to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
This library is the reference implementation of the Python wheel
packaging standard, as defined in PEP 427.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the documentation:
A simple, correct PEP 517 build frontend.
build will invoke the PEP 517 hooks to build a distribution package. It
is a simple build tool and does not perform any dependency management.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
This is a low-level library for calling build-backends in
pyproject.toml-based project. It provides the basic functionality to
help write tooling that generates distribution files from Python
projects.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
Tomli is a Python library for parsing TOML. Tomli is fully compatible
with TOML v1.0.0.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also adds myself as maintainer, and marks the target package as
BROKEN (for now) as the update requires proper support for
pyproject.toml-based builds.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
This is a low-level library for installing a Python package from a wheel
distribution. It provides basic functionality and abstractions for
handling wheels and installing packages from wheels.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
also add new variable CARGO_VARS to make it possible
to pass environment variables for cargo process.
This is necessary when for example, cross-compiling
netavark.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
From the README:
This provides a PEP 517 build backend for packages using Flit. The only
public interface is the API specified by PEP 517, at flit_core.buildapi.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Using pip to install host packages with pyproject.toml-based (PEP 517)
builds is problematic:
* If build isolation is used, pip will create an isolated build
environment, install any build dependencies for the requested package,
then build the requested package.
It does not appear currently possible to have pip install the build
dependencies with hash-checking mode enabled[1].
* If build isolation is not used, any build dependencies must be
installed in the build environment before invoking pip to build the
requested package[2].
This would require creating a package dependency resolution system to
install build dependencies, and any dependencies of dependencies, in
the correct order.
* It is very difficult to patch the packages installed by pip.
This adds a new include file (python3-host-build.mk) with recipes to
install host Python packages with pyproject.toml-based builds. This is
backwards-compatible with packages that require running setup.py.
Besides addressing the above issues (the OpenWrt build system already
resolves dependencies between packages, checks all source downloads
against known hashes, and supports patching packages), host packages
also:
* Capture package licensing and maintainer information
* Enable uscan checking for package updates/CVEs
* Are a known concept for OpenWrt packagers/developers
The existing functionality of using host pip to install packages will
remain for now, but should be considered deprecated and expected to be
removed in the future.
This also updates Py3Build/CheckHostPipVersionMatch for the case where
the host-pip-requirements directory does not exist or is empty.
[1]: https://pip.pypa.io/en/stable/user_guide/#changes-to-the-pip-dependency-resolver-in-20-3-2020
[2]: https://pip.pypa.io/en/stable/cli/pip_install/#cmdoption-no-build-isolation
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This will prevent the user's environment variables from affecting host
Python, removing the need to manually override these variables.
It is also not necessary to set PYTHONPATH (when not working on target
Python packages) because the given directories are already included in
Python's search path by default.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The initial package submission was missing
some required and optional dependencies
due to lack of testing on a system without any python
related packages pre-installed.
Some optional but highly recommended dependencies
were discovered with the stdlib module as described in:
392a68e247/lang/python/README.mdFixes#20441
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
llvm-bpf is not ready for generic usage, so use prebuilt llvm toolchain
provided by the rust project to speedup build (~1hour faster).
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Added new RustBinPackage, RustBinHostBuild wrapper.
Added new RUST_PKG_FEATURES flag.
Moved CARGO_HOME to STAGING_DIR_HOSTPKG.
Overrode default Build/Compile and Host/Compile to Cargo build.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
These tarball cannot be reused, so simply drop them.
Also move cargo config to a file instead of using echo command.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This package is a dependency of bleak. Building and installing this package via
pip on a router is not difficult and the build crashes when memory is
exhausted.
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
Includes fixes for:
* 1.20.1:
* CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
Windows
* CVE-2022-41723: net/http: avoid quadratic complexity in HPACK
decoding
* CVE-2022-41724: crypto/tls: large handshake records may cause panics
* CVE-2022-41725: net/http, mime/multipart: denial of service from
excessive resource consumption
* 1.20.2:
* CVE-2023-24532: crypto/elliptic: specific unreduced P-256 scalars
produce incorrect results
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2023-2453 (crypto/elliptic: specific unreduced
P-256 scalars produce incorrect results).
This also includes makefile updates for Go 1.19.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages,
as well as bug fixes to the go command, the linker, the runtime,
and the crypto/x509, net/http, and time packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Thursday February 16 2023 Security Releases
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
- 1.5.1
- Fix logic bug that can cause disconnects
- 1.5.0
- Refactor and improve ping/pong logic to resolve several issues,
including an infinite loop issue during reconnect
- Fix issue where `skip_utf8_validation = True` is ignored
- Fix issue where sslopt `is_ssl` is ignored
- Downgrade "websocket connected" message from logging.warning to
logging.info
- Update github actions to newer versions (669fe1b)
Signed-off-by: Javier Marcet <javier@marcet.info>
Fixes:
https://github.com/openwrt/packages/issues/12707
Seems to work.
Looking into the 'venv' lib, it seems it's installing pip & setuptools
inside a virtual environment.
`python3-pip` is already ~6 MB.
This adds another ~3 MB.
But, this gives users the ability to run Python virtual environments, which
is a pretty common feature of Python in production cases (usually web
stuff).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
A new PEP 517 (https://www.python.org/dev/peps/pep-0517/) has defined that
Python packages can be shipped without any `setup.py` file, and that a
`pyproject.toml` file is sufficient.
A `setup.py` shim layer is suggested as a method for running the build.
For these cases, we will add a support in the OpenWrt build-system to
provide the default `setup.py` shim layer in case this file does not exist,
but there is a `pyproject.toml` file.
We also seem to need to tweak the shim layer with the PKG_VERSION,
otherwise the detected version is 0.0.0.
We will need to see if this will be fixed later in setuptools{-scm}.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
When CC is set to e.g. "ccache mips-openwrt-linux-musl-gcc" it needs
to be quoted to avoid word splitting on substitution.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Go1.19.5 (released 2023-01-10) includes fixes to the compiler,
the linker, and the crypto/x509, net/http, sync/atomic,
and syscall packages.
Removed upstreamed patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The old 2.python-requests.org URL is not reachable on modern browsers,
and is not the current canonical URL for the project. Update to the
current best URL for the project.
Signed-off-by: Karl Palsson <karlp@etactica.com>
PycURL changeLog:
-----------------------------------------------------------------
PycURL 7.45.2 - 2022-12-16
-----------------------------------------------------------------
This release fixes several minor issues and adds support for several libcurl options.
-----------------------------------------------------------------
PycURL 7.45.1 - 2022-03-13
-----------------------------------------------------------------
This release fixes build when libcurl < 7.64.1 is used.
-----------------------------------------------------------------
PycURL 7.45.0 - 2022-03-09
-----------------------------------------------------------------
This release adds support for SecureTransport SSL backend (MacOS), adds ability to unset a number of multi options, adds ability to duplicate easy handles and permits pycurl classes to be subclassed.
-----------------------------------------------------------------
PycURL 7.44.1 - 2021-08-15
-----------------------------------------------------------------
This release repairs incorrect Python thread initialization logic which caused operations to hang.
-----------------------------------------------------------------
Signed-off-by: Waldemar Konik <informatyk74@interia.pl>
Compile tested: x86_64
Version 8.1.3
Released 2022-04-28
Use verbose form of typing.Callable for @command and @group.
pallets/click#2255
Show error when attempting to create an option with multiple=True,
is_flag=True. Use count instead. pallets/click#2246
Version 8.1.2
Released 2022-03-31
Fix error message for readable path check that was mixed up with the
executable check. pallets/click#2236
Restore parameter order for Path, placing the executable parameter at
the end. It is recommended to use keyword arguments instead of
positional arguments. pallets/click#2235
Version 8.1.1
Released 2022-03-30
Fix an issue with decorator typing that caused type checking to
report that a command was not callable. pallets/click#2227
Version 8.1.0
Released 2022-03-28
Drop support for Python 3.6. pallets/click#2129
Remove previously deprecated code. pallets/click#2130
Group.resultcallback is renamed to result_callback.
autocompletion parameter to Command is renamed to shell_complete.
get_terminal_size is removed, use shutil.get_terminal_size instead.
get_os_args is removed, use sys.argv[1:] instead.
Rely on PEP 538 and PEP 540 to handle selecting UTF-8 encoding
instead of ASCII. Click’s locale encoding detection is removed.
pallets/click#2198
Single options boolean flags with show_default=True only show the
default if it is True. pallets/click#1971
The command and group decorators can be applied with or without
parentheses. pallets/click#1359
The Path type can check whether the target is executable.
pallets/click#1961
Command.show_default overrides Context.show_default, instead of the
other way around. pallets/click#1963
Parameter decorators and @group handles cls=None the same as not
passing cls. @option handles help=None the same as not passing help.
pallets/click#1959
A flag option with required=True requires that the flag is passed
instead of choosing the implicit default value. pallets/click#1978
Indentation in help text passed to Option and Command is cleaned the
same as using the @option and @command decorators does. A command’s
epilog and short_help are also processed. pallets/click#1985
Store unprocessed Command.help, epilog and short_help strings.
Processing is only done when formatting help text for output.
pallets/click#2149
Allow empty str input for prompt() when confirmation_prompt=True and
default="". pallets/click#2157
Windows glob pattern expansion doesn’t fail if a value is an invalid
pattern. pallets/click#2195
It’s possible to pass a list of params to @command. Any params
defined with decorators are appended to the passed params.
pallets/click#2131
@command decorator is annotated as returning the correct type if a
cls argument is used. pallets/click#2211
A Group with invoke_without_command=True and chain=False will invoke
its result callback with the group function’s return value.
pallets/click#2124
to_info_dict will not fail if a ParamType doesn’t define a name.
pallets/click#2168
Shell completion prioritizes option values with option prefixes over
new options. pallets/click#2040
Options that get an environment variable value using
autoenvvar_prefix treat an empty value as None, consistent with a
direct envvar. pallets/click#2146
Version 8.0.4
Released 2022-02-18
open_file recognizes Path("-") as a standard stream, the same as the
string "-". pallets/click#2106
The option and argument decorators preserve the type annotation of
the decorated function. pallets/click#2155
A callable default value can customize its help text by overriding
__str__ instead of always showing (dynamic). pallets/click#2099
Fix a typo in the Bash completion script that affected file and
directory completion. If this script was generated by a previous
version, it should be regenerated. pallets/click#2163
Fix typing for echo and secho file argument. pallets/click#2174,
pallets/click#2185
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Version 2.1.2
Released 2022-03-24
Handle date overflow in timed unsign on 32-bit systems.
pallets/itsdangerous#299
Version 2.1.1
Released 2022-03-09
Handle date overflow in timed unsign. pallets/itsdangerous#296
Version 2.1.0
Released 2022-02-17
Drop support for Python 3.6. pallets/itsdangerous#272
Remove previously deprecated code. pallets/itsdangerous#273
JWS functionality: Use a dedicated library such as Authlib instead.
import itsdangerous.json: Import json from the standard library instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Version 2.2.2
Released 2022-08-08
Fix router to restore the 2.1 strict_slashes == False behaviour
whereby leaf-requests match branch rules and vice versa.
pallets/werkzeug#2489
Fix router to identify invalid rules rather than hang parsing them,
and to correctly parse / within converter arguments.
pallets/werkzeug#2489
Update subpackage imports in werkzeug.routing to use the import as
syntax for explicitly re-exporting public attributes.
pallets/werkzeug#2493
Parsing of some invalid header characters is more robust.
pallets/werkzeug#2494
When starting the development server, a warning not to use it in a
production deployment is always shown. pallets/werkzeug#2480
LocalProxy.__wrapped__ is always set to the wrapped object when the
proxy is unbound, fixing an issue in doctest that would cause it to
fail. pallets/werkzeug#2485
Address one ResourceWarning related to the socket used by run_simple.
pallets/werkzeug#2421
Version 2.2.1
Released 2022-07-27
Fix router so that /path/ will match a rule /path if strict slashes
mode is disabled for the rule. pallets/werkzeug#2467
Fix router so that partial part matches are not allowed i.e. /2df
does not match /<int>. pallets/werkzeug#2470
Fix router static part weighting, so that simpler routes are matched
before more complex ones. pallets/werkzeug#2471
Restore ValidationError to be importable from werkzeug.routing.
pallets/werkzeug#2465
Version 2.2.0
Released 2022-07-23
Deprecated get_script_name, get_query_string, peek_path_info,
pop_path_info, and extract_path_info. pallets/werkzeug#2461
Remove previously deprecated code. pallets/werkzeug#2461
Add MarkupSafe as a dependency and use it to escape values when
rendering HTML. pallets/werkzeug#2419
Added the werkzeug.debug.preserve_context mechanism for restoring
context-local data for a request when running code in the debug
console. pallets/werkzeug#2439
Fix compatibility with Python 3.11 by ensuring that end_lineno and
end_col_offset are present on AST nodes. pallets/werkzeug#2425
Add a new faster matching router based on a state machine.
pallets/werkzeug#2433
Fix branch leaf path masking branch paths when strict-slashes is
disabled. pallets/werkzeug#1074
Names within options headers are always converted to lowercase. This
matches RFC 6266 that the case is not relevant. pallets/werkzeug#2442
AnyConverter validates the value passed for it when building URLs.
pallets/werkzeug#2388
The debugger shows enhanced error locations in tracebacks in Python
3.11. pallets/werkzeug#2407
Added Sans-IO is_resource_modified and parse_cookie functions based
on WSGI versions. pallets/werkzeug#2408
Added Sans-IO get_content_length function. pallets/werkzeug#2415
Don’t assume a mimetype for test responses. pallets/werkzeug#2450
Type checking FileStorage accepts os.PathLike. pallets/werkzeug#2418
Version 2.1.2
Released 2022-04-28
The development server does not set Transfer-Encoding: chunked for
1xx, 204, 304, and HEAD responses. pallets/werkzeug#2375
Response HTML for exceptions and redirects starts with <!doctype
html> and <html lang=en>. pallets/werkzeug#2390
Fix ability to set some cache_control attributes to False.
pallets/werkzeug#2379
Disable keep-alive connections in the development server, which are
not supported sufficiently by Python’s http.server.
pallets/werkzeug#2397
Version 2.1.1
Released 2022-04-01
ResponseCacheControl.s_maxage converts its value to an int, like
max_age. pallets/werkzeug#2364
Version 2.1.0
Released 2022-03-28
Drop support for Python 3.6. pallets/werkzeug#2277
Using gevent or eventlet requires greenlet>=1.0 or PyPy>=7.3.7.
werkzeug.locals and contextvars will not work correctly with older
versions. pallets/werkzeug#2278
Remove previously deprecated code. pallets/werkzeug#2276
Remove the non-standard shutdown function from the WSGI environ
when running the development server. See the docs for alternatives.
Request and response mixins have all been merged into the Request
and Response classes.
The user agent parser and the useragents module is removed. The
user_agent module provides an interface that can be subclassed to
add a parser, such as ua-parser. By default it only stores the
whole string.
The test client returns TestResponse instances and can no longer be
treated as a tuple. All data is available as properties on the
response.
Remove locals.get_ident and related thread-local code from locals,
it no longer makes sense when moving to a contextvars-based
implementation.
Remove the python -m werkzeug.serving CLI.
The has_key method on some mapping datastructures; use key in data
instead.
Request.disable_data_descriptor is removed, pass shallow=True
instead.
Remove the no_etag parameter from Response.freeze().
Remove the HTTPException.wrap class method.
Remove the cookie_date function. Use http_date instead.
Remove the pbkdf2_hex, pbkdf2_bin, and safe_str_cmp functions. Use
equivalents in hashlib and hmac modules instead.
Remove the Href class.
Remove the HTMLBuilder class.
Remove the invalidate_cached_property function. Use del obj.attr
instead.
Remove bind_arguments and validate_arguments. Use Signature.bind()
and inspect.signature() instead.
Remove detect_utf_encoding, it’s built-in to json.loads.
Remove format_string, use string.Template instead.
Remove escape and unescape. Use MarkupSafe instead.
The multiple parameter of parse_options_header is deprecated.
pallets/werkzeug#2357
Rely on PEP 538 and PEP 540 to handle decoding file names with the
correct filesystem encoding. The filesystem module is removed.
pallets/werkzeug#1760
Default values passed to Headers are validated the same way values
added later are. pallets/werkzeug#1608
Setting CacheControl int properties, such as max_age, will convert
the value to an int. pallets/werkzeug#2230
Always use socket.fromfd when restarting the dev server.
pallets/werkzeug#2287
When passing a dict of URL values to Map.build, list values do not
filter out None or collapse to a single value. Passing a MultiDict
does collapse single items. This undoes a previous change that made
it difficult to pass a list, or None values in a list, to custom URL
converters. pallets/werkzeug#2249
run_simple shows instructions for dealing with “address already in
use” errors, including extra instructions for macOS.
pallets/werkzeug#2321
Extend list of characters considered always safe in URLs based on RFC
3986. pallets/werkzeug#2319
Optimize the stat reloader to avoid watching unnecessary files in
more cases. The watchdog reloader is still recommended for
performance and accuracy. pallets/werkzeug#2141
The development server uses Transfer-Encoding: chunked for streaming
responses when it is configured for HTTP/1.1. pallets/werkzeug#2090,
pallets/werkzeug#1327, pallets/werkzeug#2091
The development server uses HTTP/1.1, which enables keep-alive
connections and chunked streaming responses, when threaded or
processes is enabled. pallets/werkzeug#2323
cached_property works for classes with __slots__ if a corresponding
_cache_{name} slot is added. pallets/werkzeug#2332
Refactor the debugger traceback formatter to use Python’s built-in
traceback module as much as possible. pallets/werkzeug#1753
The TestResponse.text property is a shortcut for
r.get_data(as_text=True), for convenient testing against text instead
of bytes. pallets/werkzeug#2337
safe_join ensures that the path remains relative if the trusted
directory is the empty string. pallets/werkzeug#2349
Percent-encoded newlines (%0a), which are decoded by WSGI servers,
are considered when routing instead of terminating the match early.
pallets/werkzeug#2350
The test client doesn’t set duplicate headers for CONTENT_LENGTH and
CONTENT_TYPE. pallets/werkzeug#2348
append_slash_redirect handles PATH_INFO with internal slashes.
pallets/werkzeug#1972, pallets/werkzeug#2338
The default status code for append_slash_redirect is 308 instead of
301. This preserves the request body, and matches a previous change
to strict_slashes in routing. pallets/werkzeug#2351
Fix ValueError: I/O operation on closed file. with the test client
when following more than one redirect. pallets/werkzeug#2353
Response.autocorrect_location_header is disabled by default. The
Location header URL will remain relative, and exclude the scheme and
domain, by default. pallets/werkzeug#2352
Request.get_json() will raise a 400 BadRequest error if the
Content-Type header is not application/json. This makes a very common
source of confusion more visible. pallets/werkzeug#2339
Version 2.0.3
Released 2022-02-07
ProxyFix supports IPv6 addresses. pallets/werkzeug#2262
Type annotation for Response.make_conditional,
HTTPException.get_response, and Map.bind_to_environ accepts Request
in addition to WSGIEnvironment for the first parameter.
pallets/werkzeug#2290
Fix type annotation for Request.user_agent_class.
pallets/werkzeug#2273
Accessing LocalProxy.__class__ and __doc__ on an unbound proxy
returns the fallback value instead of a method object.
pallets/werkzeug#2188
Redirects with the test client set RAW_URI and REQUEST_URI correctly.
pallets/werkzeug#2151
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Version 2.1.1
Released 2022-03-14
Avoid ambiguous regex matches in striptags. pallets/markupsafe#293
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove libressl specific patches. With commit
("tools/libressl: update to 3.7.0") they are no longer needed,
rather they cause python3 to be compiled without working ssl-support.
Fixes: #20107
Suggested-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Update the Flent package and move it to net/, renaming it to just 'flent'
instead of python3-flent (it's not a library, having the python3- prefix
makes no sense). Also add python3-defusedxml as a dependency to protect
against XML bombs if using the one of the backends that use XML-RPC, and
trim the dependencies to those used directly by Flent.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Perl threads seem to be supported and working for aarch64, and
including aarch64 here would allow packages like freeswitch-mod-perl
to become available from the standard OpwnWrt package repository for
popular routers such as the Linksys E8450 and Belkin RT3200.
Signed-off-by: Doug Thomson <dwt62f+github@gmail.com>
go1.19.4 (released 2022-12-06) includes security fixes to the net/http
and os packages, as well as bug fixes to the compiler, the runtime,
and the crypto/x509, os/exec, and sync/atomic packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Package does not currently build because of distutil dependency. Fix
this by updating to the latest version.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Also bump Cython version to 0.29.32
And yeeeey: zip -> tar.gz
And they fixed the Intel AVX extension stuff/detection.
Which is why I deferred updating it until now.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
* Insufficient fix for macOS devices on v18.5.0
* CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
* CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
* CVE-2022-35255: Weak randomness in WebCrypto keygen
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
llhttp updated to 6.0.10
llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities.
* HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
libwolfsslcpu-crypto has to be taken into consideration when selecting
the default SSL backend.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
- Improve the base URI behavior when resolving a $ref to a resolution
URI which is different from the resolved schema's declared $id.
- Accessing jsonschema.draftN_format_checker is deprecated. Instead,
if you want access to the format checker itself, it is exposed as
jsonschema.validators.DraftNValidator.FORMAT_CHECKER on any
jsonschema.protocols.Validator.
Signed-off-by: Javier Marcet <javier@marcet.info>
As described on GitHub page [0]:
Flent is a Python wrapper to run multiple simultaneous
netperf/iperf/ping instances and aggregate the results.
[0] - https://github.com/tohojo/flent
Signed-off-by: Nick Hainke <vincent@systemli.org>
Patch 030:
Backported from Python main branch[^1] for Python to distinguish between glibc and musl libc SOABI.
Patch 131:
Changes PLATFORM_TRIPLET -gnu/-musl suffix detection (performed by the backported patch)
to be based on the target OS instead of the building OS.
See included patches for more detailed descriptions.
Specifically this fixes cross-compilation for mpc8548 CPUs with SPE instructions[^2] enabled.
[^1]: merged to python:main as https://github.com/python/cpython/pull/24502 'bpo-43112: detect musl as a separate SOABI'
[^2]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Co-authored-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
- Fix stack growth bug when `run_forever` reconnects
- Add doctest CI for sphinx docs code examples (d150099)
- General docs improvements
- Fix automatic reconnect with `run_forever`
- Allow a timeout to be set when using a proxy
Signed-off-by: Javier Marcet <javier@marcet.info>
Added:
- CLI: add support for invocations via 'python -m'.
- load_dotenv function now returns False.
- CLI: add --format= option to list command.
Fixed:
- Drop Python 3.5 and 3.6 and upgrade GA
- Use open instead of io.open.
- Improve documentation for variables without a value
- Add parse_it to Related Projects
- Update README.md
- Improve documentation with direct use of MkDocs
Signed-off-by: Javier Marcet <javier@marcet.info>
Currently, lua-eco will add dependencies to all SSL libraries that are
selected, even though it will only use one of them. That means that the
package downloaded from the regular repository will install OpenSSL,
wolfSSL and mbedTLS, even though it will only use OpenSSL.
Fix that by adding a built option so that the default can be changed at
build-time. To maintain the author's intention, a default symbol is
computed based on what libraries are being built into the image, or just
selected as a module. Originally, the order or preference was OpenSSL,
wolfSSL, then mbedTLS.
One change was made to the original order: if OpenSSL and wolfSSL are
both selected as module, and mbedTLS is not built into the image,
wolfSSL will be preferred over OpenSSL. This is being done to keep the
package consistent with OpenWRT's selection of wolfSSL as the default
SSL library. If they are both included in the image, then OpenSSL will
be preferred.
The order of preference is:
1. If at least one library is included in the image, use the first of
OpenSSL, wolfSSL, and mbedTLS that is included in the image.
2. If at least one library is selected, but none included in the image,
prefer wolfSSL, then OpenSSL, then mbedTLS.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Notable Changes:
Experimental command-line argument parser API
Experimental ESM Loader Hooks API
Experimental test runner
Improved interoperability of the Web Crypto API
Dependency updates:
Updated Corepack to 0.12.1
Updated ICU to 71.1
Updated npm to 8.15.0
Updated Undici to 5.8.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Was only used by Bigclown.
The project (Bigclown) has accepted the switch from simplejson to it's
built-in json lib, and we can now drop this lib.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible
Quoting inner commit message:
This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.
While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.
Therefore I see no need to prevent them from running LuaJit
explicitly.
[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
LibreSSL 3.5 and later provide and need to use
PEM_write_bio_PrivateKey_traditional()
upstream commit:
e25fb0d0d8b02815271f
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
Cherry-pick four upstream commits that prevent building of
otp_test_engine when LibreSSL-3.5.0 is used.
Since OpenWrt bumped LibreSSL to 3.5.3 the erlang host builds fail to
complete.
CC ../priv/obj/x86_64-pc-linux-gnu/otp_test_engine.o
otp_test_engine.c: In function 'test_engine_md5_init':
otp_test_engine.c:144:34: error: dereferencing pointer to incomplete type 'EVP_MD_CTX' {aka 'struct env_md_ctx_st'}
#define data(ctx) ((MD5_CTX *)ctx->md_data)
^~
Also switch to AUTORELEASE.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Since the OpenWrt's stub libiconv implementation is now gone,
we can build against musl's internal one or the external libiconv
implementation.
This needs minor adjustements in the makefile to allow PHPs build
to choose the right path when cross-compiling.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Update to v16.16.0
Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
No vulnerabilities related with openssl (uses system openssl)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
What's Changed:
- Type annotate format checker methods by @sirosen
- Fix fuzzer to include instrumentation by @DavidKorczynski
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci
Signed-off-by: Javier Marcet <javier@marcet.info>
What's Changed:
- Add package_url for changelog by @fhightower
- Only validate unevaluated properties/items on applicable types by
@EpicWink
- Mark library as typed (PEP-561) by @ssbarnea
- Add v4.5.1 to changelog by @sirosen
- Modernize the packaging setup via PEP 621 and Hatch. by @Julian
New Contributors:
- @fhightower made their first contribution
- @EpicWink made their first contribution
Signed-off-by: Javier Marcet <javier@marcet.info>
for some use cases, for example:
a system with 64 bit kernel
and 32 bit userspace programs
the local Go installation is "detected"
using the kernel "uname",
causing build failure if they happen to differ
by adding the argument GOHOSTARCH using the corresponding make variable
it would be fully controlled in the openwrt git tree
based on the HOST_ARCH make variable.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
the default Configure recipe for packages
assumes that there is a "configure" script
in the source tree directory
Go does not have such a script,
configure and compile is done with the same script
so split the current Compile recipe
into both Configure and Compile recipes
Signed-off-by: Michael Pratt <mcpratt@pm.me>
What's Changed:
- Extend dynamicRef keyword by @nezhar
- Add FORMAT_CHECKER attribute for Validator by @TiborVoelcker
- Remove stray double-quote by @lurch
- Ensure proper sorting of list in error message by @ssbarnea
Signed-off-by: Javier Marcet <javier@marcet.info>
2.11.0:
- [Feature] Add SSH config token expansion (eg %h, %p) when parsing
ProxyJump directives. Patch courtesy of Bruno Inec.
- [Support] (via #2011) Apply unittest skipIf to tests currently
using SHA1 in their critical path, to avoid failures on systems
starting to disable SHA1 outright in their crypto backends (eg RHEL
9). Report & patch via Paul Howarth.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch,
and to Thomas Grainger and Jun Omae for patch workshopping.
- [Support] Recent versions of Cryptography have deprecated Blowfish
algorithm support; in lieu of an easy method for users to remove it
from the list of algorithms Paramiko tries to import and use, we’ve
decided to remove it from our “preferred algorithms” list. This will
both discourage use of a weak algorithm, and avoid warnings. Credit
for report/patch goes to Mike Roest.
2.10.5:
- [Bug] Windows-native SSH agent support as merged in 2.10 could
encounter Errno 22 OSError exceptions in some scenarios (eg server
not cleanly closing a relevant named pipe). This has been worked
around and should be less problematic. Reported by Danilo Campana
Fuchs and patched by Jun Omae.
- [Bug] OpenSSH 7.7 and older has a bug preventing it from
understanding how to perform SHA2 signature verification for RSA
certificates (specifically certs - not keys), so when we added SHA2
support it broke all clients using RSA certificates with these
servers. This has been fixed in a manner similar to what OpenSSH’s
own client does: a version check is performed and the algorithm used
is downgraded if needed. Reported by Adarsh Chauhan, with fix
suggested by Jun Omae.
- [Bug] Align signature verification algorithm with OpenSSH re:
zero-padding signatures which don’t match their nominal size/length.
This shouldn’t affect most users, but will help Paramiko-implemented
SSH servers handle poorly behaved clients such as PuTTY. Thanks to
Jun Omae for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
- [Bug] Servers offering certificate variants of hostkey algorithms
(eg ssh-rsa-cert-v01@openssh.com) could not have their host keys
verified by Paramiko clients, as it only ever considered non-cert key
types for that part of connection handshaking. This has been fixed.
- [Bug] PKey instances’ __eq__ did not have the usual safety guard in
place to ensure they were being compared to another PKey object,
causing occasional spurious BadHostKeyException (among other things).
This has been fixed. Thanks to Shengdun Hua for the original report
/patch and to Christopher Papke for the final version of the fix.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch, and
to Thomas Grainger and Jun Omae for patch workshopping.
Signed-off-by: Javier Marcet <javier@marcet.info>
As we are using this package in Turris OS
and Daniel Golle decided to no longer maintain this
and some other Python packages I'd like to take
this package maintainership as was originally
suggested in https://github.com/openwrt/packages/pull/17911
by Josef Schlehofer (@BKPepe).
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
As we are using this package in Turris OS
and Daniel Golle decided to no longer maintain this
and some other Python packages I'd like to take
this package maintainership as was originally
suggested in https://github.com/openwrt/packages/pull/17911
by Josef Schlehofer (@BKPepe).
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
The modification method is different from other node modules.
The reason is due to the npm@8 issue.
https://github.com/npm/cli/issues/4027
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This update also changes npm from v6 to v8.
This change also requires node module packages to be modified.
Each package will be updated later.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Includes fixes for:
* CVE-2022-24675 - encoding/pem: stack overflow
* CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has
too many leading zeroes
This also adds -buildvcs=false to omit VCS information in Go programs.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- Add support for pre-initialized stream socket in new WebSocketApp
- Remove rel.saferead() in examples (f0bf03d)
- Increase scope of linting checks (dca4022)
- Start adding type hints (a8a4099)
Signed-off-by: Javier Marcet <javier@marcet.info>
2.10.2:
- [Bug] Fix Python 2 compatibility breakage introduced in 2.10.1.
Spotted by Christian Hammond.
2.10.3:
- [Bug] Switch from module-global to thread-local storage when
recording thread IDs for a logging helper; this should avoid one
flavor of memory leak for long-running processes. Catch & patch via
Richard Kojedzinszky.
- [Bug] Certificate-based pubkey auth was inadvertently broken when
adding SHA2 support; this has been fixed. Reported by Erik Forsberg
and fixed by Jun Omae.
Signed-off-by: Javier Marcet <javier@marcet.info>
It seems that Turris guys is using this package in the Turris OS, where
it is used for reForis (simple, basic UI for users)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[replace Daniel as maintainer, add commit message]
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
It seems that Turris guys is using this package in the Turris OS, where
it is used for reForis (simple, basic UI for users)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[replace Daniel as maintainer, add commit message]
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
**** 1.33 Dec 16, 2021
Fix rt.cpan.org #137768
Test t/05-SVCB.t on Perl 5.18.0 fails with deep recursion.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This package (more specifically, the host version) was added for mesa in
the video feed[1]; no packages in the packages feed require this
package.
As mesa will be updated to install Mako using host pip[2], there is no
need to continue maintaining the package here. It will be imported into
the abandoned packages repo[3].
[1]: 2e17cb9a1b (commitcomment-63047904)
[2]: https://github.com/openwrt/video/pull/25
[3]: https://github.com/openwrt/packages-abandoned/pull/26
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a recipe, Py3Build/InstallBuildDepends, that installs the
requirements listed in HOST_PYTHON3_PACKAGE_BUILD_DEPENDS. This allows
other (non-Python) packages to install host Python packages by calling
this recipe, without having to know the internals of python3-package.mk.
This also updates apparmor to call this recipe.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2.10.1:
- [Bug]: (CVE-2022-24302) Creation of new private key files using
PKey subclasses was subject to a race condition between file creation
& mode modification, which could be exploited by an attacker with
knowledge of where the Paramiko-using code would write out such
files.
- This has been patched by using os.open and os.fdopen to ensure new
files are opened with the correct mode immediately. We’ve left the
subsequent explicit chmod in place to minimize any possible
disruption, though it may get removed in future backwards-
incompatible updates.
- Thanks to Jan Schejbal for the report & feedback on the solution,
and to Jeremy Katz at Tidelift for coordinating the disclosure.
2.10.0:
- [Feature] Add support for OpenSSH’s Windows agent as a fallback
when Putty/WinPageant isn’t available or functional. Reported by
@benj56 with patches/PRs from @lewgordon and Patrick Spendrin.
- [Feature] Add support for the %C token when parsing SSH config
files. Foundational PR submitted by @jbrand42.
- [Bug] Significantly speed up low-level read/write actions on
SFTPFile objects by using bytearray/memoryview. This is unlikely to
change anything for users of the higher level methods like
SFTPClient.get or SFTPClient.getfo, but users of SFTPClient.open will
likely see orders of magnitude improvements for files larger than a
few megabytes in size.
- Thanks to @jkji for the original report and to Sevastian Tchernov
for the patch.
- [Support] Add six explicitly to install-requires; it snuck into
active use at some point but has only been indicated by transitive
dependency on bcrypt until they somewhat-recently dropped it. This
will be short-lived until we drop Python 2 support. Thanks to
Sondre Lillebø Gundersen for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
- No need to explicitly state two times section and category since this is
already done in define Package/chicken-scheme/Default
- Also add TITLE to Default
- Add conflict between chicken-scheme-interpreter and
chicken-scheme-full
They both provide the same files:
/usr/lib/libchicken.so
/usr/lib/chicken/11/chicken.time.import.so
/usr/lib/chicken/11/chicken.fixnum.import.so
/usr/lib/chicken/11/chicken.internal.import.so
/usr/lib/chicken/11/chicken.tcp.import.so
/usr/lib/chicken/11/chicken.continuation.import.so
/usr/lib/chicken/11/chicken.port.import.so
/usr/lib/chicken/11/chicken.random.import.so
/usr/lib/chicken/11/chicken.compiler.user-pass.import.so
/usr/lib/chicken/11/chicken.process-context.import.so
/usr/lib/chicken/11/chicken.bitwise.import.so
/usr/lib/chicken/11/srfi-4.import.so
/usr/lib/chicken/11/chicken.load.import.so
/usr/lib/chicken/11/chicken.blob.import.so
/usr/lib/chicken/11/chicken.time.posix.import.so
/usr/lib/chicken/11/chicken.file.posix.import.so
/usr/lib/chicken/11/chicken.flonum.import.so
/usr/lib/chicken/11/chicken.condition.import.so
/usr/lib/chicken/11/chicken.pretty-print.import.so
/usr/lib/chicken/11/types.db
/usr/lib/chicken/11/chicken.foreign.import.so
/usr/lib/chicken/11/chicken.repl.import.so
/usr/lib/chicken/11/chicken.pathname.import.so
/usr/lib/chicken/11/chicken.sort.import.so
/usr/lib/chicken/11/chicken.keyword.import.so
/usr/lib/chicken/11/chicken.process.signal.import.so
/usr/lib/chicken/11/chicken.platform.import.so
/usr/lib/chicken/11/chicken.base.import.so
/usr/lib/chicken/11/chicken.syntax.import.so
/usr/lib/chicken/11/chicken.file.import.so
/usr/lib/chicken/11/chicken.memory.import.so
/usr/lib/chicken/11/chicken.gc.import.so
/usr/lib/chicken/11/chicken.io.import.so
/usr/lib/chicken/11/chicken.memory.representation.import.so
/usr/lib/chicken/11/chicken.process.import.so
/usr/lib/chicken/11/chicken.plist.import.so
/usr/lib/chicken/11/chicken.string.import.so
/usr/lib/chicken/11/chicken.errno.import.so
/usr/lib/chicken/11/chicken.format.import.so
/usr/lib/chicken/11/chicken.eval.import.so
/usr/lib/chicken/11/chicken.irregex.import.so
/usr/lib/chicken/11/chicken.process-context.posix.import.so
/usr/lib/chicken/11/chicken.read-syntax.import.so
/usr/lib/chicken/11/chicken.csi.import.so
/usr/lib/chicken/11/chicken.locative.import.so
/usr/bin/csi
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
I can't seem to see any package that needs it.
This was added for cryptography, since it was needed up to version 2.7
asn1-crypto doesn't have a user since commit 9d892e3cf8
So, remove it.
Abandoned packaged PR: https://github.com/openwrt/packages-abandoned/pull/23
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
With the removal of Seafile, these library packages no longer have any
in-repo users. They will be imported into the abandoned packages
repo[1].
[1]: https://github.com/openwrt/packages-abandoned/pull/24
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- 1.3.1:
- Fix 10 year old bug and improve dispatcher handling for
run_forever
- Fix run_forever to never return None, only return True or False,
and add two tests
- Remove Python 3.6 support, EOL in Dec 2021
- 1.3.0:
- BREAKING: Set Origin header to use https:// scheme when wss://
WebSocket URL is passed
- Replace deprecated/broken WebSocket URLs with working ones
(6ad5197)
- Add documentation referencing rel for automatic reconnection with
run_forever()
- Add missing opcodes 1012, 1013
- Add errno.ENETUNREACH to improve error handling (da1b050)
- Minor documentation improvements and typo fixes
- 1.2.3:
- Fix broken run_forever() functionality
- 1.2.2:
- Migrate wsdump script in setup.py from scripts to newer
entry_points
- Add support for ssl.SSLContext for arbitrary SSL parameters
- Remove keep_running variable
- Remove HAVE_CONTEXT_CHECK_HOSTNAME variable (dac1692)
- Replace deprecated ssl.PROTOCOL_TLS with ssl.PROTOCOL_TLS_CLIENT
- Simplify code and improve Python 3 support
- Fill default license template fields
- Update CI tests
- Improve documentation
Signed-off-by: Javier Marcet <javier@marcet.info>
- BACKWARD COMPATIBILITY:
- Dropped support for EOL Pythons 2.7, 3.4 and 3.5
- Dropped support for LSB and uname back-ends when --root-dir is
specified
- Moved distro.py to src/distro/distro.py
- ENHANCEMENTS:
- Documented that distro.version() can return an empty string on
- rolling releases
- Documented support for Python 3.10
- Added official support for Rocky Linux distribution
- Added a shebang to distro.py to allow standalone execution
- Added support for AIX platforms
- Added compliance for PEP-561
- BUG FIXES:
- Fixed include_uname parameter oversight
- Fixed crash when uname -rs output is empty
- Fixed Amazon Linux identifier in distro.id() documentation
- Fixed OpenSuse >= 15 support
- Fixed encoding issues when opening distro release files
- Fixed linux_distribution regression
Signed-off-by: Javier Marcet <javier@marcet.info>
Includes fix for CVE-2022-21716 (The Twisted SSH client and server
implementation naively accepted an infinite amount of data for the
peer's SSH version identifier.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1. updated to 5.9.0
2. psutil can not be built on macos due to build script detects Darwin
using sys.platform and changes build logic to build for Darwin, but
OpenWrt is Linux.
This commit add patch to allow redefining sys.platform and uses
env var TARGET_SYS_PLATFORM to specify linux as sys platfrom.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
This includes fixes for:
* CVE-2022-23772: math/big: Rat.SetString may consume large amount of
RAM and crash
* CVE-2022-23806: crypto/elliptic: IsOnCurve returns true for invalid
field elements
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1. ruby/host build fails on macos due to Apple ld generates warning
if a folder from LDFLAGS is not exist. configure script catches this
warning and fails. This patch disables ld warnings for macos
2. ruby build fails on macos due /bin/true is not exist on macos.
This patch replaces /bin/true with true in OpenWrt Makefile
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
- Removed PYPI_SOURCE_EXT as this release provides tarball with .tar.gz
extension, which is default.
- Changelog: https://dnspython.readthedocs.io/en/stable/whatsnew.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
lyaml build script detects Darwin using `uname -s` and changes
build logic so lyaml package can not be built on macos.
This patch uses fakeuname host tool to redefine `uname -s` output
and fix build on macos.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
configure script detects Darwin and uses flags incompatible with
Linux target build.
This patch uses fakeuname tool if host OS is MacOS to avoid Darwin
detection on target build.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Update to v14.18.3
January 10th 2022 Security Releases:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
./configure script detects macos specific system headers
(IOKit/serial/ioss.h and sys/ttycom.h) that are not available
during compile time. There is no way to pass ac_cv_* vars to
./configure script due to perl wrappers
To fix this issue, fake(empty) headers provided during compile
time if build host is MacOS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
setup.py detects macos (darwin) and adds -flat_namespace flag. This
flag is not compatible with GCC that is used to compile target.
This patch patch disables darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luaossl detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux so build OS detection is disabled
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luasql ./config scripts checks `uname -s` output and changes
LIB_OPTION from '-static' to macos specific if detected OS is
Darwin. These flags are not compatible with GCC
OpenWrt is always Linux, this patch removes Darwin
specific stuff from compilation flags
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The last tagged release (v1.9.3) was in 2017. This updates the package
to the most recent commit of the master branch.
This also sets myself at the maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- [Bug]: Enhanced log output when connecting to servers that do not
support server-sig-algs extensions, making the new-as-of-2.9
defaulting to SHA2 pubkey algorithms more obvious when it kicks in.
- [Bug]: Connecting to servers which support server-sig-algs but
which have no overlap between that list and what a Paramiko client
supports, now raise an exception instead of defaulting to
rsa-sha2-512 (since the use of server-sig-algs allows us to know
what the server supports).
Signed-off-by: Javier Marcet <javier@marcet.info>
1. updated to 24.2 (RN: https://github.com/erlang/otp/releases/tag/OTP-24.2)
2. added libstdcpp dependency
3. erlang-hipe was removed in upstream
(ref fccb8482ef)
everything related to erlang-hipe was removed from Makefile
4. updated and refreshed patches
5. host-compile ssl library forced to OpenWrt LibreSSL to avoid using system library
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
lua-curl-v3 detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux, OS detection is disabled via UNAME=Linux
as a part of MAKE_FLAGS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2to3 is a Python program that reads Python 2.x source code and applies a
series of fixers to transform it into valid Python 3.x code. The standard
library contains a rich set of fixers that will handle almost all code. 2to3
supporting library lib2to3 is, however, a flexible and generic library, so it
is possible to write your own fixers for 2to3. lib2to3 could also be adapted
to custom applications in which Python code needs to be edited automatically.
This tool is necessary for fail2ban package because of issue
https://github.com/openwrt/packages/issues/17311https://github.com/openwrt/packages/pull/17341
Simple 2to3.py script from Debian, thanks to Matthias Klose <doko@ubuntu.com>
From: https://salsa.debian.org/cpython-team/python3-defaults
Co-authored-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Removed patches:
* 027-bpo-43158-Use-configure-values-for-building-_uuid-ex.patch
Already merged.
* 029-disable-deprecation-warning.patch
Packages should be patched/fixed to remove the use of distutils
instead of disabling this warning.
Also:
* Updates PKG_LICENSE to use the correct SPDX license identifier
* Fixes build for mipsel_24kc_24kf
Fixes https://github.com/openwrt/packages/issues/17217.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fixes for:
* CVE-2021-44716: unbounded growth of HTTP/2 header canonicalization
cache
* CVE-2021-44717: syscall.ForkExec error can close file descriptor 0
Added patches:
* 001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch:
https://github.com/golang/go/pull/49748 backported for Go 1.17,
this removes the requirement for the gold linker when building Go
programs that use Go plugins on arm/arm64
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When cURL is built with OpenSSL as backend SSL/TLS library,
pecl_http's configure tries to detect whether TLS 1.3 ciphers
are enabled. This does not work when cross-compiling so let's
pass it based on OpenSSL build configuration.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Active support for PHP 7.4 branch ended a few days ago.
Since we have PHP 8.x in the repository for a while
and we migrated all PECL extension packages already,
let's focus on that newer version and drop support for 7.4.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The functionality of this package - or at least similar one -
was meanwhile included in PHP8.
This package was mostly included as dependency for HTTP PECL package,
so it is not needed anymore and thus can be dropped.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This package is not compatible with PHP8 and seems to be not maintained
upstream anymore. Let's drop it.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Only a newer version of upstream includes support for PHP8, so while
migrating we need to update to latest upstream version.
We also need to adjust dependencies since JSON is now always integrated
not longer available as dedicated package.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Also update patches and remove obsolete ones.
We also need to add one to prevent mod_php to be enabled
by apxs in configuration file.
While at, remove the VARIANT setting for pecl extensions.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Relevant changes:
* quoted data urls which are not base64 encoded keep their spaces now
* accept bytes and text as input. All other types now raise a TypeError
* update python & gcc support
* python version will only accept the C implementation if the versions
match exactly. This should prevent using older installed C versions.
Along with the version bump:
- update maintainer email address
- use $(AUTORELEASE)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
What's Changed:
Fixed:
- Add missing trailing newline before adding new entry with set_key
by @bbc2 in #361
Signed-off-by: Javier Marcet <javier@marcet.info>
Django 1.x is not compatible with python 3.10.
Mark the package as BROKEN. Since its dependent packages will also
select it, they will need to be marked BROKEN as well to avoid recursive
dependencies--packages not marked as BROKEN will be able to select the
broken package.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
There's been a bit of overlapping opinions on some of these packages.
The best thing to do here is to reduce ownership and relinquish my
control.
This patch does that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Manually re-applied:
008-distutils-use-python-sysroot.patch
016-adjust-config-paths.patch
Drop patch: 003-do-not-run-distutils-tests.patch
There is now a configure option '--disable-test-modules'
And seems we left the '_ctypes_test' around for quite some time.
Dropped now.
Refs:
https://bugs.python.org/issue27640https://bugs.python.org/issue43282
Drop patch: 013-getbuildinfo-date-time-source-date-epoch.patch
Python build honors SOURCE_DATE_EPOCH pretty well now.
Drop setuptools patches. Setuptools should be reproducible with Python 3.6+
according to a mention here:
https://github.com/pypa/setuptools/pull/1690#issuecomment-536517456
It's time to let upstream fix Setuptools reproduce-ability.
Drop patch: 010-do-not-add-rt-lib-dirs-when-cross-compiling.patch
I can't seem to fully remember why it's there.
And it seem to build fine without it.
Drop patch: 015-abort-on-failed-modules.patch
Python build supports a similar PYTHONSTRICTEXTENSIONBUILD=1 env-var
option.
Add patch: 026-openssl-feature-flags.patch
We need to keep this in our tree for a while.
See:
https://bugs.python.org/issue45627
Backport patch: 027-bpo-43158-Use-configure-values-for-building-_uuid-ex.patch
Link: https://github.com/python/cpython/pull/29353
Fixes the build for uuid C module.
Add patch: 028-host-python-support-ssl-with-libressl.patch
We need the _ssl module working on the host-side with LibreSSL for pip to
work to download from https://pypi.org
Refs: https://github.com/openwrt/openwrt/pull/4749
Add patch: 029-disable-deprecation-warning.patch
Fixes apparmor build. The warning causes a configure error.
Refreshed the rest of patches.
Some old build-flags were removed. They don't seem to be necessary anymore.
Split python3-uuid from python3-light. To better manage the libuuid library
(if needed). Also, fixing the uuid C module build. Seems this was failing,
and was falling back to using hashlib.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Contains fixes for:
* CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
accesses a memory location after the end of a buffer
* CVE-2021-41772: archive/zip Reader.Open panic via a crafted ZIP
archive containing an invalid name or an empty filename field
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
