Fixes:
https://github.com/openwrt/packages/issues/12707
Seems to work.
Looking into the 'venv' lib, it seems it's installing pip & setuptools
inside a virtual environment.
`python3-pip` is already ~6 MB.
This adds another ~3 MB.
But, this gives users the ability to run Python virtual environments, which
is a pretty common feature of Python in production cases (usually web
stuff).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
A new PEP 517 (https://www.python.org/dev/peps/pep-0517/) has defined that
Python packages can be shipped without any `setup.py` file, and that a
`pyproject.toml` file is sufficient.
A `setup.py` shim layer is suggested as a method for running the build.
For these cases, we will add a support in the OpenWrt build-system to
provide the default `setup.py` shim layer in case this file does not exist,
but there is a `pyproject.toml` file.
We also seem to need to tweak the shim layer with the PKG_VERSION,
otherwise the detected version is 0.0.0.
We will need to see if this will be fixed later in setuptools{-scm}.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
When CC is set to e.g. "ccache mips-openwrt-linux-musl-gcc" it needs
to be quoted to avoid word splitting on substitution.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Go1.19.5 (released 2023-01-10) includes fixes to the compiler,
the linker, and the crypto/x509, net/http, sync/atomic,
and syscall packages.
Removed upstreamed patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The old 2.python-requests.org URL is not reachable on modern browsers,
and is not the current canonical URL for the project. Update to the
current best URL for the project.
Signed-off-by: Karl Palsson <karlp@etactica.com>
PycURL changeLog:
-----------------------------------------------------------------
PycURL 7.45.2 - 2022-12-16
-----------------------------------------------------------------
This release fixes several minor issues and adds support for several libcurl options.
-----------------------------------------------------------------
PycURL 7.45.1 - 2022-03-13
-----------------------------------------------------------------
This release fixes build when libcurl < 7.64.1 is used.
-----------------------------------------------------------------
PycURL 7.45.0 - 2022-03-09
-----------------------------------------------------------------
This release adds support for SecureTransport SSL backend (MacOS), adds ability to unset a number of multi options, adds ability to duplicate easy handles and permits pycurl classes to be subclassed.
-----------------------------------------------------------------
PycURL 7.44.1 - 2021-08-15
-----------------------------------------------------------------
This release repairs incorrect Python thread initialization logic which caused operations to hang.
-----------------------------------------------------------------
Signed-off-by: Waldemar Konik <informatyk74@interia.pl>
Compile tested: x86_64
Version 8.1.3
Released 2022-04-28
Use verbose form of typing.Callable for @command and @group.
pallets/click#2255
Show error when attempting to create an option with multiple=True,
is_flag=True. Use count instead. pallets/click#2246
Version 8.1.2
Released 2022-03-31
Fix error message for readable path check that was mixed up with the
executable check. pallets/click#2236
Restore parameter order for Path, placing the executable parameter at
the end. It is recommended to use keyword arguments instead of
positional arguments. pallets/click#2235
Version 8.1.1
Released 2022-03-30
Fix an issue with decorator typing that caused type checking to
report that a command was not callable. pallets/click#2227
Version 8.1.0
Released 2022-03-28
Drop support for Python 3.6. pallets/click#2129
Remove previously deprecated code. pallets/click#2130
Group.resultcallback is renamed to result_callback.
autocompletion parameter to Command is renamed to shell_complete.
get_terminal_size is removed, use shutil.get_terminal_size instead.
get_os_args is removed, use sys.argv[1:] instead.
Rely on PEP 538 and PEP 540 to handle selecting UTF-8 encoding
instead of ASCII. Click’s locale encoding detection is removed.
pallets/click#2198
Single options boolean flags with show_default=True only show the
default if it is True. pallets/click#1971
The command and group decorators can be applied with or without
parentheses. pallets/click#1359
The Path type can check whether the target is executable.
pallets/click#1961
Command.show_default overrides Context.show_default, instead of the
other way around. pallets/click#1963
Parameter decorators and @group handles cls=None the same as not
passing cls. @option handles help=None the same as not passing help.
pallets/click#1959
A flag option with required=True requires that the flag is passed
instead of choosing the implicit default value. pallets/click#1978
Indentation in help text passed to Option and Command is cleaned the
same as using the @option and @command decorators does. A command’s
epilog and short_help are also processed. pallets/click#1985
Store unprocessed Command.help, epilog and short_help strings.
Processing is only done when formatting help text for output.
pallets/click#2149
Allow empty str input for prompt() when confirmation_prompt=True and
default="". pallets/click#2157
Windows glob pattern expansion doesn’t fail if a value is an invalid
pattern. pallets/click#2195
It’s possible to pass a list of params to @command. Any params
defined with decorators are appended to the passed params.
pallets/click#2131
@command decorator is annotated as returning the correct type if a
cls argument is used. pallets/click#2211
A Group with invoke_without_command=True and chain=False will invoke
its result callback with the group function’s return value.
pallets/click#2124
to_info_dict will not fail if a ParamType doesn’t define a name.
pallets/click#2168
Shell completion prioritizes option values with option prefixes over
new options. pallets/click#2040
Options that get an environment variable value using
autoenvvar_prefix treat an empty value as None, consistent with a
direct envvar. pallets/click#2146
Version 8.0.4
Released 2022-02-18
open_file recognizes Path("-") as a standard stream, the same as the
string "-". pallets/click#2106
The option and argument decorators preserve the type annotation of
the decorated function. pallets/click#2155
A callable default value can customize its help text by overriding
__str__ instead of always showing (dynamic). pallets/click#2099
Fix a typo in the Bash completion script that affected file and
directory completion. If this script was generated by a previous
version, it should be regenerated. pallets/click#2163
Fix typing for echo and secho file argument. pallets/click#2174,
pallets/click#2185
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Version 2.1.2
Released 2022-03-24
Handle date overflow in timed unsign on 32-bit systems.
pallets/itsdangerous#299
Version 2.1.1
Released 2022-03-09
Handle date overflow in timed unsign. pallets/itsdangerous#296
Version 2.1.0
Released 2022-02-17
Drop support for Python 3.6. pallets/itsdangerous#272
Remove previously deprecated code. pallets/itsdangerous#273
JWS functionality: Use a dedicated library such as Authlib instead.
import itsdangerous.json: Import json from the standard library instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Version 2.2.2
Released 2022-08-08
Fix router to restore the 2.1 strict_slashes == False behaviour
whereby leaf-requests match branch rules and vice versa.
pallets/werkzeug#2489
Fix router to identify invalid rules rather than hang parsing them,
and to correctly parse / within converter arguments.
pallets/werkzeug#2489
Update subpackage imports in werkzeug.routing to use the import as
syntax for explicitly re-exporting public attributes.
pallets/werkzeug#2493
Parsing of some invalid header characters is more robust.
pallets/werkzeug#2494
When starting the development server, a warning not to use it in a
production deployment is always shown. pallets/werkzeug#2480
LocalProxy.__wrapped__ is always set to the wrapped object when the
proxy is unbound, fixing an issue in doctest that would cause it to
fail. pallets/werkzeug#2485
Address one ResourceWarning related to the socket used by run_simple.
pallets/werkzeug#2421
Version 2.2.1
Released 2022-07-27
Fix router so that /path/ will match a rule /path if strict slashes
mode is disabled for the rule. pallets/werkzeug#2467
Fix router so that partial part matches are not allowed i.e. /2df
does not match /<int>. pallets/werkzeug#2470
Fix router static part weighting, so that simpler routes are matched
before more complex ones. pallets/werkzeug#2471
Restore ValidationError to be importable from werkzeug.routing.
pallets/werkzeug#2465
Version 2.2.0
Released 2022-07-23
Deprecated get_script_name, get_query_string, peek_path_info,
pop_path_info, and extract_path_info. pallets/werkzeug#2461
Remove previously deprecated code. pallets/werkzeug#2461
Add MarkupSafe as a dependency and use it to escape values when
rendering HTML. pallets/werkzeug#2419
Added the werkzeug.debug.preserve_context mechanism for restoring
context-local data for a request when running code in the debug
console. pallets/werkzeug#2439
Fix compatibility with Python 3.11 by ensuring that end_lineno and
end_col_offset are present on AST nodes. pallets/werkzeug#2425
Add a new faster matching router based on a state machine.
pallets/werkzeug#2433
Fix branch leaf path masking branch paths when strict-slashes is
disabled. pallets/werkzeug#1074
Names within options headers are always converted to lowercase. This
matches RFC 6266 that the case is not relevant. pallets/werkzeug#2442
AnyConverter validates the value passed for it when building URLs.
pallets/werkzeug#2388
The debugger shows enhanced error locations in tracebacks in Python
3.11. pallets/werkzeug#2407
Added Sans-IO is_resource_modified and parse_cookie functions based
on WSGI versions. pallets/werkzeug#2408
Added Sans-IO get_content_length function. pallets/werkzeug#2415
Don’t assume a mimetype for test responses. pallets/werkzeug#2450
Type checking FileStorage accepts os.PathLike. pallets/werkzeug#2418
Version 2.1.2
Released 2022-04-28
The development server does not set Transfer-Encoding: chunked for
1xx, 204, 304, and HEAD responses. pallets/werkzeug#2375
Response HTML for exceptions and redirects starts with <!doctype
html> and <html lang=en>. pallets/werkzeug#2390
Fix ability to set some cache_control attributes to False.
pallets/werkzeug#2379
Disable keep-alive connections in the development server, which are
not supported sufficiently by Python’s http.server.
pallets/werkzeug#2397
Version 2.1.1
Released 2022-04-01
ResponseCacheControl.s_maxage converts its value to an int, like
max_age. pallets/werkzeug#2364
Version 2.1.0
Released 2022-03-28
Drop support for Python 3.6. pallets/werkzeug#2277
Using gevent or eventlet requires greenlet>=1.0 or PyPy>=7.3.7.
werkzeug.locals and contextvars will not work correctly with older
versions. pallets/werkzeug#2278
Remove previously deprecated code. pallets/werkzeug#2276
Remove the non-standard shutdown function from the WSGI environ
when running the development server. See the docs for alternatives.
Request and response mixins have all been merged into the Request
and Response classes.
The user agent parser and the useragents module is removed. The
user_agent module provides an interface that can be subclassed to
add a parser, such as ua-parser. By default it only stores the
whole string.
The test client returns TestResponse instances and can no longer be
treated as a tuple. All data is available as properties on the
response.
Remove locals.get_ident and related thread-local code from locals,
it no longer makes sense when moving to a contextvars-based
implementation.
Remove the python -m werkzeug.serving CLI.
The has_key method on some mapping datastructures; use key in data
instead.
Request.disable_data_descriptor is removed, pass shallow=True
instead.
Remove the no_etag parameter from Response.freeze().
Remove the HTTPException.wrap class method.
Remove the cookie_date function. Use http_date instead.
Remove the pbkdf2_hex, pbkdf2_bin, and safe_str_cmp functions. Use
equivalents in hashlib and hmac modules instead.
Remove the Href class.
Remove the HTMLBuilder class.
Remove the invalidate_cached_property function. Use del obj.attr
instead.
Remove bind_arguments and validate_arguments. Use Signature.bind()
and inspect.signature() instead.
Remove detect_utf_encoding, it’s built-in to json.loads.
Remove format_string, use string.Template instead.
Remove escape and unescape. Use MarkupSafe instead.
The multiple parameter of parse_options_header is deprecated.
pallets/werkzeug#2357
Rely on PEP 538 and PEP 540 to handle decoding file names with the
correct filesystem encoding. The filesystem module is removed.
pallets/werkzeug#1760
Default values passed to Headers are validated the same way values
added later are. pallets/werkzeug#1608
Setting CacheControl int properties, such as max_age, will convert
the value to an int. pallets/werkzeug#2230
Always use socket.fromfd when restarting the dev server.
pallets/werkzeug#2287
When passing a dict of URL values to Map.build, list values do not
filter out None or collapse to a single value. Passing a MultiDict
does collapse single items. This undoes a previous change that made
it difficult to pass a list, or None values in a list, to custom URL
converters. pallets/werkzeug#2249
run_simple shows instructions for dealing with “address already in
use” errors, including extra instructions for macOS.
pallets/werkzeug#2321
Extend list of characters considered always safe in URLs based on RFC
3986. pallets/werkzeug#2319
Optimize the stat reloader to avoid watching unnecessary files in
more cases. The watchdog reloader is still recommended for
performance and accuracy. pallets/werkzeug#2141
The development server uses Transfer-Encoding: chunked for streaming
responses when it is configured for HTTP/1.1. pallets/werkzeug#2090,
pallets/werkzeug#1327, pallets/werkzeug#2091
The development server uses HTTP/1.1, which enables keep-alive
connections and chunked streaming responses, when threaded or
processes is enabled. pallets/werkzeug#2323
cached_property works for classes with __slots__ if a corresponding
_cache_{name} slot is added. pallets/werkzeug#2332
Refactor the debugger traceback formatter to use Python’s built-in
traceback module as much as possible. pallets/werkzeug#1753
The TestResponse.text property is a shortcut for
r.get_data(as_text=True), for convenient testing against text instead
of bytes. pallets/werkzeug#2337
safe_join ensures that the path remains relative if the trusted
directory is the empty string. pallets/werkzeug#2349
Percent-encoded newlines (%0a), which are decoded by WSGI servers,
are considered when routing instead of terminating the match early.
pallets/werkzeug#2350
The test client doesn’t set duplicate headers for CONTENT_LENGTH and
CONTENT_TYPE. pallets/werkzeug#2348
append_slash_redirect handles PATH_INFO with internal slashes.
pallets/werkzeug#1972, pallets/werkzeug#2338
The default status code for append_slash_redirect is 308 instead of
301. This preserves the request body, and matches a previous change
to strict_slashes in routing. pallets/werkzeug#2351
Fix ValueError: I/O operation on closed file. with the test client
when following more than one redirect. pallets/werkzeug#2353
Response.autocorrect_location_header is disabled by default. The
Location header URL will remain relative, and exclude the scheme and
domain, by default. pallets/werkzeug#2352
Request.get_json() will raise a 400 BadRequest error if the
Content-Type header is not application/json. This makes a very common
source of confusion more visible. pallets/werkzeug#2339
Version 2.0.3
Released 2022-02-07
ProxyFix supports IPv6 addresses. pallets/werkzeug#2262
Type annotation for Response.make_conditional,
HTTPException.get_response, and Map.bind_to_environ accepts Request
in addition to WSGIEnvironment for the first parameter.
pallets/werkzeug#2290
Fix type annotation for Request.user_agent_class.
pallets/werkzeug#2273
Accessing LocalProxy.__class__ and __doc__ on an unbound proxy
returns the fallback value instead of a method object.
pallets/werkzeug#2188
Redirects with the test client set RAW_URI and REQUEST_URI correctly.
pallets/werkzeug#2151
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Version 2.1.1
Released 2022-03-14
Avoid ambiguous regex matches in striptags. pallets/markupsafe#293
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove libressl specific patches. With commit
("tools/libressl: update to 3.7.0") they are no longer needed,
rather they cause python3 to be compiled without working ssl-support.
Fixes: #20107
Suggested-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Update the Flent package and move it to net/, renaming it to just 'flent'
instead of python3-flent (it's not a library, having the python3- prefix
makes no sense). Also add python3-defusedxml as a dependency to protect
against XML bombs if using the one of the backends that use XML-RPC, and
trim the dependencies to those used directly by Flent.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Perl threads seem to be supported and working for aarch64, and
including aarch64 here would allow packages like freeswitch-mod-perl
to become available from the standard OpwnWrt package repository for
popular routers such as the Linksys E8450 and Belkin RT3200.
Signed-off-by: Doug Thomson <dwt62f+github@gmail.com>
go1.19.4 (released 2022-12-06) includes security fixes to the net/http
and os packages, as well as bug fixes to the compiler, the runtime,
and the crypto/x509, os/exec, and sync/atomic packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Package does not currently build because of distutil dependency. Fix
this by updating to the latest version.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Also bump Cython version to 0.29.32
And yeeeey: zip -> tar.gz
And they fixed the Intel AVX extension stuff/detection.
Which is why I deferred updating it until now.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
* Insufficient fix for macOS devices on v18.5.0
* CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
* CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
* CVE-2022-35255: Weak randomness in WebCrypto keygen
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
llhttp updated to 6.0.10
llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities.
* HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
libwolfsslcpu-crypto has to be taken into consideration when selecting
the default SSL backend.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
- Improve the base URI behavior when resolving a $ref to a resolution
URI which is different from the resolved schema's declared $id.
- Accessing jsonschema.draftN_format_checker is deprecated. Instead,
if you want access to the format checker itself, it is exposed as
jsonschema.validators.DraftNValidator.FORMAT_CHECKER on any
jsonschema.protocols.Validator.
Signed-off-by: Javier Marcet <javier@marcet.info>
As described on GitHub page [0]:
Flent is a Python wrapper to run multiple simultaneous
netperf/iperf/ping instances and aggregate the results.
[0] - https://github.com/tohojo/flent
Signed-off-by: Nick Hainke <vincent@systemli.org>
Patch 030:
Backported from Python main branch[^1] for Python to distinguish between glibc and musl libc SOABI.
Patch 131:
Changes PLATFORM_TRIPLET -gnu/-musl suffix detection (performed by the backported patch)
to be based on the target OS instead of the building OS.
See included patches for more detailed descriptions.
Specifically this fixes cross-compilation for mpc8548 CPUs with SPE instructions[^2] enabled.
[^1]: merged to python:main as https://github.com/python/cpython/pull/24502 'bpo-43112: detect musl as a separate SOABI'
[^2]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Co-authored-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
- Fix stack growth bug when `run_forever` reconnects
- Add doctest CI for sphinx docs code examples (d150099)
- General docs improvements
- Fix automatic reconnect with `run_forever`
- Allow a timeout to be set when using a proxy
Signed-off-by: Javier Marcet <javier@marcet.info>
Added:
- CLI: add support for invocations via 'python -m'.
- load_dotenv function now returns False.
- CLI: add --format= option to list command.
Fixed:
- Drop Python 3.5 and 3.6 and upgrade GA
- Use open instead of io.open.
- Improve documentation for variables without a value
- Add parse_it to Related Projects
- Update README.md
- Improve documentation with direct use of MkDocs
Signed-off-by: Javier Marcet <javier@marcet.info>
Currently, lua-eco will add dependencies to all SSL libraries that are
selected, even though it will only use one of them. That means that the
package downloaded from the regular repository will install OpenSSL,
wolfSSL and mbedTLS, even though it will only use OpenSSL.
Fix that by adding a built option so that the default can be changed at
build-time. To maintain the author's intention, a default symbol is
computed based on what libraries are being built into the image, or just
selected as a module. Originally, the order or preference was OpenSSL,
wolfSSL, then mbedTLS.
One change was made to the original order: if OpenSSL and wolfSSL are
both selected as module, and mbedTLS is not built into the image,
wolfSSL will be preferred over OpenSSL. This is being done to keep the
package consistent with OpenWRT's selection of wolfSSL as the default
SSL library. If they are both included in the image, then OpenSSL will
be preferred.
The order of preference is:
1. If at least one library is included in the image, use the first of
OpenSSL, wolfSSL, and mbedTLS that is included in the image.
2. If at least one library is selected, but none included in the image,
prefer wolfSSL, then OpenSSL, then mbedTLS.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Notable Changes:
Experimental command-line argument parser API
Experimental ESM Loader Hooks API
Experimental test runner
Improved interoperability of the Web Crypto API
Dependency updates:
Updated Corepack to 0.12.1
Updated ICU to 71.1
Updated npm to 8.15.0
Updated Undici to 5.8.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Was only used by Bigclown.
The project (Bigclown) has accepted the switch from simplejson to it's
built-in json lib, and we can now drop this lib.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible
Quoting inner commit message:
This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.
While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.
Therefore I see no need to prevent them from running LuaJit
explicitly.
[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
LibreSSL 3.5 and later provide and need to use
PEM_write_bio_PrivateKey_traditional()
upstream commit:
e25fb0d0d8b02815271f
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
Cherry-pick four upstream commits that prevent building of
otp_test_engine when LibreSSL-3.5.0 is used.
Since OpenWrt bumped LibreSSL to 3.5.3 the erlang host builds fail to
complete.
CC ../priv/obj/x86_64-pc-linux-gnu/otp_test_engine.o
otp_test_engine.c: In function 'test_engine_md5_init':
otp_test_engine.c:144:34: error: dereferencing pointer to incomplete type 'EVP_MD_CTX' {aka 'struct env_md_ctx_st'}
#define data(ctx) ((MD5_CTX *)ctx->md_data)
^~
Also switch to AUTORELEASE.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Since the OpenWrt's stub libiconv implementation is now gone,
we can build against musl's internal one or the external libiconv
implementation.
This needs minor adjustements in the makefile to allow PHPs build
to choose the right path when cross-compiling.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Update to v16.16.0
Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
No vulnerabilities related with openssl (uses system openssl)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
What's Changed:
- Type annotate format checker methods by @sirosen
- Fix fuzzer to include instrumentation by @DavidKorczynski
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci
Signed-off-by: Javier Marcet <javier@marcet.info>
What's Changed:
- Add package_url for changelog by @fhightower
- Only validate unevaluated properties/items on applicable types by
@EpicWink
- Mark library as typed (PEP-561) by @ssbarnea
- Add v4.5.1 to changelog by @sirosen
- Modernize the packaging setup via PEP 621 and Hatch. by @Julian
New Contributors:
- @fhightower made their first contribution
- @EpicWink made their first contribution
Signed-off-by: Javier Marcet <javier@marcet.info>
for some use cases, for example:
a system with 64 bit kernel
and 32 bit userspace programs
the local Go installation is "detected"
using the kernel "uname",
causing build failure if they happen to differ
by adding the argument GOHOSTARCH using the corresponding make variable
it would be fully controlled in the openwrt git tree
based on the HOST_ARCH make variable.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
the default Configure recipe for packages
assumes that there is a "configure" script
in the source tree directory
Go does not have such a script,
configure and compile is done with the same script
so split the current Compile recipe
into both Configure and Compile recipes
Signed-off-by: Michael Pratt <mcpratt@pm.me>
What's Changed:
- Extend dynamicRef keyword by @nezhar
- Add FORMAT_CHECKER attribute for Validator by @TiborVoelcker
- Remove stray double-quote by @lurch
- Ensure proper sorting of list in error message by @ssbarnea
Signed-off-by: Javier Marcet <javier@marcet.info>
2.11.0:
- [Feature] Add SSH config token expansion (eg %h, %p) when parsing
ProxyJump directives. Patch courtesy of Bruno Inec.
- [Support] (via #2011) Apply unittest skipIf to tests currently
using SHA1 in their critical path, to avoid failures on systems
starting to disable SHA1 outright in their crypto backends (eg RHEL
9). Report & patch via Paul Howarth.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch,
and to Thomas Grainger and Jun Omae for patch workshopping.
- [Support] Recent versions of Cryptography have deprecated Blowfish
algorithm support; in lieu of an easy method for users to remove it
from the list of algorithms Paramiko tries to import and use, we’ve
decided to remove it from our “preferred algorithms” list. This will
both discourage use of a weak algorithm, and avoid warnings. Credit
for report/patch goes to Mike Roest.
2.10.5:
- [Bug] Windows-native SSH agent support as merged in 2.10 could
encounter Errno 22 OSError exceptions in some scenarios (eg server
not cleanly closing a relevant named pipe). This has been worked
around and should be less problematic. Reported by Danilo Campana
Fuchs and patched by Jun Omae.
- [Bug] OpenSSH 7.7 and older has a bug preventing it from
understanding how to perform SHA2 signature verification for RSA
certificates (specifically certs - not keys), so when we added SHA2
support it broke all clients using RSA certificates with these
servers. This has been fixed in a manner similar to what OpenSSH’s
own client does: a version check is performed and the algorithm used
is downgraded if needed. Reported by Adarsh Chauhan, with fix
suggested by Jun Omae.
- [Bug] Align signature verification algorithm with OpenSSH re:
zero-padding signatures which don’t match their nominal size/length.
This shouldn’t affect most users, but will help Paramiko-implemented
SSH servers handle poorly behaved clients such as PuTTY. Thanks to
Jun Omae for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
- [Bug] Servers offering certificate variants of hostkey algorithms
(eg ssh-rsa-cert-v01@openssh.com) could not have their host keys
verified by Paramiko clients, as it only ever considered non-cert key
types for that part of connection handshaking. This has been fixed.
- [Bug] PKey instances’ __eq__ did not have the usual safety guard in
place to ensure they were being compared to another PKey object,
causing occasional spurious BadHostKeyException (among other things).
This has been fixed. Thanks to Shengdun Hua for the original report
/patch and to Christopher Papke for the final version of the fix.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch, and
to Thomas Grainger and Jun Omae for patch workshopping.
Signed-off-by: Javier Marcet <javier@marcet.info>
As we are using this package in Turris OS
and Daniel Golle decided to no longer maintain this
and some other Python packages I'd like to take
this package maintainership as was originally
suggested in https://github.com/openwrt/packages/pull/17911
by Josef Schlehofer (@BKPepe).
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
As we are using this package in Turris OS
and Daniel Golle decided to no longer maintain this
and some other Python packages I'd like to take
this package maintainership as was originally
suggested in https://github.com/openwrt/packages/pull/17911
by Josef Schlehofer (@BKPepe).
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
The modification method is different from other node modules.
The reason is due to the npm@8 issue.
https://github.com/npm/cli/issues/4027
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This update also changes npm from v6 to v8.
This change also requires node module packages to be modified.
Each package will be updated later.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Includes fixes for:
* CVE-2022-24675 - encoding/pem: stack overflow
* CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has
too many leading zeroes
This also adds -buildvcs=false to omit VCS information in Go programs.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- Add support for pre-initialized stream socket in new WebSocketApp
- Remove rel.saferead() in examples (f0bf03d)
- Increase scope of linting checks (dca4022)
- Start adding type hints (a8a4099)
Signed-off-by: Javier Marcet <javier@marcet.info>
2.10.2:
- [Bug] Fix Python 2 compatibility breakage introduced in 2.10.1.
Spotted by Christian Hammond.
2.10.3:
- [Bug] Switch from module-global to thread-local storage when
recording thread IDs for a logging helper; this should avoid one
flavor of memory leak for long-running processes. Catch & patch via
Richard Kojedzinszky.
- [Bug] Certificate-based pubkey auth was inadvertently broken when
adding SHA2 support; this has been fixed. Reported by Erik Forsberg
and fixed by Jun Omae.
Signed-off-by: Javier Marcet <javier@marcet.info>
It seems that Turris guys is using this package in the Turris OS, where
it is used for reForis (simple, basic UI for users)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[replace Daniel as maintainer, add commit message]
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
It seems that Turris guys is using this package in the Turris OS, where
it is used for reForis (simple, basic UI for users)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[replace Daniel as maintainer, add commit message]
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
**** 1.33 Dec 16, 2021
Fix rt.cpan.org #137768
Test t/05-SVCB.t on Perl 5.18.0 fails with deep recursion.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This package (more specifically, the host version) was added for mesa in
the video feed[1]; no packages in the packages feed require this
package.
As mesa will be updated to install Mako using host pip[2], there is no
need to continue maintaining the package here. It will be imported into
the abandoned packages repo[3].
[1]: 2e17cb9a1b (commitcomment-63047904)
[2]: https://github.com/openwrt/video/pull/25
[3]: https://github.com/openwrt/packages-abandoned/pull/26
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a recipe, Py3Build/InstallBuildDepends, that installs the
requirements listed in HOST_PYTHON3_PACKAGE_BUILD_DEPENDS. This allows
other (non-Python) packages to install host Python packages by calling
this recipe, without having to know the internals of python3-package.mk.
This also updates apparmor to call this recipe.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2.10.1:
- [Bug]: (CVE-2022-24302) Creation of new private key files using
PKey subclasses was subject to a race condition between file creation
& mode modification, which could be exploited by an attacker with
knowledge of where the Paramiko-using code would write out such
files.
- This has been patched by using os.open and os.fdopen to ensure new
files are opened with the correct mode immediately. We’ve left the
subsequent explicit chmod in place to minimize any possible
disruption, though it may get removed in future backwards-
incompatible updates.
- Thanks to Jan Schejbal for the report & feedback on the solution,
and to Jeremy Katz at Tidelift for coordinating the disclosure.
2.10.0:
- [Feature] Add support for OpenSSH’s Windows agent as a fallback
when Putty/WinPageant isn’t available or functional. Reported by
@benj56 with patches/PRs from @lewgordon and Patrick Spendrin.
- [Feature] Add support for the %C token when parsing SSH config
files. Foundational PR submitted by @jbrand42.
- [Bug] Significantly speed up low-level read/write actions on
SFTPFile objects by using bytearray/memoryview. This is unlikely to
change anything for users of the higher level methods like
SFTPClient.get or SFTPClient.getfo, but users of SFTPClient.open will
likely see orders of magnitude improvements for files larger than a
few megabytes in size.
- Thanks to @jkji for the original report and to Sevastian Tchernov
for the patch.
- [Support] Add six explicitly to install-requires; it snuck into
active use at some point but has only been indicated by transitive
dependency on bcrypt until they somewhat-recently dropped it. This
will be short-lived until we drop Python 2 support. Thanks to
Sondre Lillebø Gundersen for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
- No need to explicitly state two times section and category since this is
already done in define Package/chicken-scheme/Default
- Also add TITLE to Default
- Add conflict between chicken-scheme-interpreter and
chicken-scheme-full
They both provide the same files:
/usr/lib/libchicken.so
/usr/lib/chicken/11/chicken.time.import.so
/usr/lib/chicken/11/chicken.fixnum.import.so
/usr/lib/chicken/11/chicken.internal.import.so
/usr/lib/chicken/11/chicken.tcp.import.so
/usr/lib/chicken/11/chicken.continuation.import.so
/usr/lib/chicken/11/chicken.port.import.so
/usr/lib/chicken/11/chicken.random.import.so
/usr/lib/chicken/11/chicken.compiler.user-pass.import.so
/usr/lib/chicken/11/chicken.process-context.import.so
/usr/lib/chicken/11/chicken.bitwise.import.so
/usr/lib/chicken/11/srfi-4.import.so
/usr/lib/chicken/11/chicken.load.import.so
/usr/lib/chicken/11/chicken.blob.import.so
/usr/lib/chicken/11/chicken.time.posix.import.so
/usr/lib/chicken/11/chicken.file.posix.import.so
/usr/lib/chicken/11/chicken.flonum.import.so
/usr/lib/chicken/11/chicken.condition.import.so
/usr/lib/chicken/11/chicken.pretty-print.import.so
/usr/lib/chicken/11/types.db
/usr/lib/chicken/11/chicken.foreign.import.so
/usr/lib/chicken/11/chicken.repl.import.so
/usr/lib/chicken/11/chicken.pathname.import.so
/usr/lib/chicken/11/chicken.sort.import.so
/usr/lib/chicken/11/chicken.keyword.import.so
/usr/lib/chicken/11/chicken.process.signal.import.so
/usr/lib/chicken/11/chicken.platform.import.so
/usr/lib/chicken/11/chicken.base.import.so
/usr/lib/chicken/11/chicken.syntax.import.so
/usr/lib/chicken/11/chicken.file.import.so
/usr/lib/chicken/11/chicken.memory.import.so
/usr/lib/chicken/11/chicken.gc.import.so
/usr/lib/chicken/11/chicken.io.import.so
/usr/lib/chicken/11/chicken.memory.representation.import.so
/usr/lib/chicken/11/chicken.process.import.so
/usr/lib/chicken/11/chicken.plist.import.so
/usr/lib/chicken/11/chicken.string.import.so
/usr/lib/chicken/11/chicken.errno.import.so
/usr/lib/chicken/11/chicken.format.import.so
/usr/lib/chicken/11/chicken.eval.import.so
/usr/lib/chicken/11/chicken.irregex.import.so
/usr/lib/chicken/11/chicken.process-context.posix.import.so
/usr/lib/chicken/11/chicken.read-syntax.import.so
/usr/lib/chicken/11/chicken.csi.import.so
/usr/lib/chicken/11/chicken.locative.import.so
/usr/bin/csi
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
I can't seem to see any package that needs it.
This was added for cryptography, since it was needed up to version 2.7
asn1-crypto doesn't have a user since commit 9d892e3cf8
So, remove it.
Abandoned packaged PR: https://github.com/openwrt/packages-abandoned/pull/23
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
With the removal of Seafile, these library packages no longer have any
in-repo users. They will be imported into the abandoned packages
repo[1].
[1]: https://github.com/openwrt/packages-abandoned/pull/24
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- 1.3.1:
- Fix 10 year old bug and improve dispatcher handling for
run_forever
- Fix run_forever to never return None, only return True or False,
and add two tests
- Remove Python 3.6 support, EOL in Dec 2021
- 1.3.0:
- BREAKING: Set Origin header to use https:// scheme when wss://
WebSocket URL is passed
- Replace deprecated/broken WebSocket URLs with working ones
(6ad5197)
- Add documentation referencing rel for automatic reconnection with
run_forever()
- Add missing opcodes 1012, 1013
- Add errno.ENETUNREACH to improve error handling (da1b050)
- Minor documentation improvements and typo fixes
- 1.2.3:
- Fix broken run_forever() functionality
- 1.2.2:
- Migrate wsdump script in setup.py from scripts to newer
entry_points
- Add support for ssl.SSLContext for arbitrary SSL parameters
- Remove keep_running variable
- Remove HAVE_CONTEXT_CHECK_HOSTNAME variable (dac1692)
- Replace deprecated ssl.PROTOCOL_TLS with ssl.PROTOCOL_TLS_CLIENT
- Simplify code and improve Python 3 support
- Fill default license template fields
- Update CI tests
- Improve documentation
Signed-off-by: Javier Marcet <javier@marcet.info>
- BACKWARD COMPATIBILITY:
- Dropped support for EOL Pythons 2.7, 3.4 and 3.5
- Dropped support for LSB and uname back-ends when --root-dir is
specified
- Moved distro.py to src/distro/distro.py
- ENHANCEMENTS:
- Documented that distro.version() can return an empty string on
- rolling releases
- Documented support for Python 3.10
- Added official support for Rocky Linux distribution
- Added a shebang to distro.py to allow standalone execution
- Added support for AIX platforms
- Added compliance for PEP-561
- BUG FIXES:
- Fixed include_uname parameter oversight
- Fixed crash when uname -rs output is empty
- Fixed Amazon Linux identifier in distro.id() documentation
- Fixed OpenSuse >= 15 support
- Fixed encoding issues when opening distro release files
- Fixed linux_distribution regression
Signed-off-by: Javier Marcet <javier@marcet.info>
Includes fix for CVE-2022-21716 (The Twisted SSH client and server
implementation naively accepted an infinite amount of data for the
peer's SSH version identifier.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1. updated to 5.9.0
2. psutil can not be built on macos due to build script detects Darwin
using sys.platform and changes build logic to build for Darwin, but
OpenWrt is Linux.
This commit add patch to allow redefining sys.platform and uses
env var TARGET_SYS_PLATFORM to specify linux as sys platfrom.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
This includes fixes for:
* CVE-2022-23772: math/big: Rat.SetString may consume large amount of
RAM and crash
* CVE-2022-23806: crypto/elliptic: IsOnCurve returns true for invalid
field elements
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1. ruby/host build fails on macos due to Apple ld generates warning
if a folder from LDFLAGS is not exist. configure script catches this
warning and fails. This patch disables ld warnings for macos
2. ruby build fails on macos due /bin/true is not exist on macos.
This patch replaces /bin/true with true in OpenWrt Makefile
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
- Removed PYPI_SOURCE_EXT as this release provides tarball with .tar.gz
extension, which is default.
- Changelog: https://dnspython.readthedocs.io/en/stable/whatsnew.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
lyaml build script detects Darwin using `uname -s` and changes
build logic so lyaml package can not be built on macos.
This patch uses fakeuname host tool to redefine `uname -s` output
and fix build on macos.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
configure script detects Darwin and uses flags incompatible with
Linux target build.
This patch uses fakeuname tool if host OS is MacOS to avoid Darwin
detection on target build.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Update to v14.18.3
January 10th 2022 Security Releases:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
./configure script detects macos specific system headers
(IOKit/serial/ioss.h and sys/ttycom.h) that are not available
during compile time. There is no way to pass ac_cv_* vars to
./configure script due to perl wrappers
To fix this issue, fake(empty) headers provided during compile
time if build host is MacOS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
setup.py detects macos (darwin) and adds -flat_namespace flag. This
flag is not compatible with GCC that is used to compile target.
This patch patch disables darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luaossl detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux so build OS detection is disabled
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luasql ./config scripts checks `uname -s` output and changes
LIB_OPTION from '-static' to macos specific if detected OS is
Darwin. These flags are not compatible with GCC
OpenWrt is always Linux, this patch removes Darwin
specific stuff from compilation flags
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The last tagged release (v1.9.3) was in 2017. This updates the package
to the most recent commit of the master branch.
This also sets myself at the maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- [Bug]: Enhanced log output when connecting to servers that do not
support server-sig-algs extensions, making the new-as-of-2.9
defaulting to SHA2 pubkey algorithms more obvious when it kicks in.
- [Bug]: Connecting to servers which support server-sig-algs but
which have no overlap between that list and what a Paramiko client
supports, now raise an exception instead of defaulting to
rsa-sha2-512 (since the use of server-sig-algs allows us to know
what the server supports).
Signed-off-by: Javier Marcet <javier@marcet.info>
1. updated to 24.2 (RN: https://github.com/erlang/otp/releases/tag/OTP-24.2)
2. added libstdcpp dependency
3. erlang-hipe was removed in upstream
(ref fccb8482ef)
everything related to erlang-hipe was removed from Makefile
4. updated and refreshed patches
5. host-compile ssl library forced to OpenWrt LibreSSL to avoid using system library
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
lua-curl-v3 detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux, OS detection is disabled via UNAME=Linux
as a part of MAKE_FLAGS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2to3 is a Python program that reads Python 2.x source code and applies a
series of fixers to transform it into valid Python 3.x code. The standard
library contains a rich set of fixers that will handle almost all code. 2to3
supporting library lib2to3 is, however, a flexible and generic library, so it
is possible to write your own fixers for 2to3. lib2to3 could also be adapted
to custom applications in which Python code needs to be edited automatically.
This tool is necessary for fail2ban package because of issue
https://github.com/openwrt/packages/issues/17311https://github.com/openwrt/packages/pull/17341
Simple 2to3.py script from Debian, thanks to Matthias Klose <doko@ubuntu.com>
From: https://salsa.debian.org/cpython-team/python3-defaults
Co-authored-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Removed patches:
* 027-bpo-43158-Use-configure-values-for-building-_uuid-ex.patch
Already merged.
* 029-disable-deprecation-warning.patch
Packages should be patched/fixed to remove the use of distutils
instead of disabling this warning.
Also:
* Updates PKG_LICENSE to use the correct SPDX license identifier
* Fixes build for mipsel_24kc_24kf
Fixes https://github.com/openwrt/packages/issues/17217.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fixes for:
* CVE-2021-44716: unbounded growth of HTTP/2 header canonicalization
cache
* CVE-2021-44717: syscall.ForkExec error can close file descriptor 0
Added patches:
* 001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch:
https://github.com/golang/go/pull/49748 backported for Go 1.17,
this removes the requirement for the gold linker when building Go
programs that use Go plugins on arm/arm64
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When cURL is built with OpenSSL as backend SSL/TLS library,
pecl_http's configure tries to detect whether TLS 1.3 ciphers
are enabled. This does not work when cross-compiling so let's
pass it based on OpenSSL build configuration.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Active support for PHP 7.4 branch ended a few days ago.
Since we have PHP 8.x in the repository for a while
and we migrated all PECL extension packages already,
let's focus on that newer version and drop support for 7.4.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The functionality of this package - or at least similar one -
was meanwhile included in PHP8.
This package was mostly included as dependency for HTTP PECL package,
so it is not needed anymore and thus can be dropped.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This package is not compatible with PHP8 and seems to be not maintained
upstream anymore. Let's drop it.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Only a newer version of upstream includes support for PHP8, so while
migrating we need to update to latest upstream version.
We also need to adjust dependencies since JSON is now always integrated
not longer available as dedicated package.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Also update patches and remove obsolete ones.
We also need to add one to prevent mod_php to be enabled
by apxs in configuration file.
While at, remove the VARIANT setting for pecl extensions.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Relevant changes:
* quoted data urls which are not base64 encoded keep their spaces now
* accept bytes and text as input. All other types now raise a TypeError
* update python & gcc support
* python version will only accept the C implementation if the versions
match exactly. This should prevent using older installed C versions.
Along with the version bump:
- update maintainer email address
- use $(AUTORELEASE)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
What's Changed:
Fixed:
- Add missing trailing newline before adding new entry with set_key
by @bbc2 in #361
Signed-off-by: Javier Marcet <javier@marcet.info>
Django 1.x is not compatible with python 3.10.
Mark the package as BROKEN. Since its dependent packages will also
select it, they will need to be marked BROKEN as well to avoid recursive
dependencies--packages not marked as BROKEN will be able to select the
broken package.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
There's been a bit of overlapping opinions on some of these packages.
The best thing to do here is to reduce ownership and relinquish my
control.
This patch does that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Manually re-applied:
008-distutils-use-python-sysroot.patch
016-adjust-config-paths.patch
Drop patch: 003-do-not-run-distutils-tests.patch
There is now a configure option '--disable-test-modules'
And seems we left the '_ctypes_test' around for quite some time.
Dropped now.
Refs:
https://bugs.python.org/issue27640https://bugs.python.org/issue43282
Drop patch: 013-getbuildinfo-date-time-source-date-epoch.patch
Python build honors SOURCE_DATE_EPOCH pretty well now.
Drop setuptools patches. Setuptools should be reproducible with Python 3.6+
according to a mention here:
https://github.com/pypa/setuptools/pull/1690#issuecomment-536517456
It's time to let upstream fix Setuptools reproduce-ability.
Drop patch: 010-do-not-add-rt-lib-dirs-when-cross-compiling.patch
I can't seem to fully remember why it's there.
And it seem to build fine without it.
Drop patch: 015-abort-on-failed-modules.patch
Python build supports a similar PYTHONSTRICTEXTENSIONBUILD=1 env-var
option.
Add patch: 026-openssl-feature-flags.patch
We need to keep this in our tree for a while.
See:
https://bugs.python.org/issue45627
Backport patch: 027-bpo-43158-Use-configure-values-for-building-_uuid-ex.patch
Link: https://github.com/python/cpython/pull/29353
Fixes the build for uuid C module.
Add patch: 028-host-python-support-ssl-with-libressl.patch
We need the _ssl module working on the host-side with LibreSSL for pip to
work to download from https://pypi.org
Refs: https://github.com/openwrt/openwrt/pull/4749
Add patch: 029-disable-deprecation-warning.patch
Fixes apparmor build. The warning causes a configure error.
Refreshed the rest of patches.
Some old build-flags were removed. They don't seem to be necessary anymore.
Split python3-uuid from python3-light. To better manage the libuuid library
(if needed). Also, fixing the uuid C module build. Seems this was failing,
and was falling back to using hashlib.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Contains fixes for:
* CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
accesses a memory location after the end of a buffer
* CVE-2021-41772: archive/zip Reader.Open panic via a crafted ZIP
archive containing an invalid name or an empty filename field
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Details:
- Cleaned up whitespace and removed comments (refer to official PHP documentation for that)
- Removed directives that no longer exist as of PHP 8.0.12
- Added newly existing directives commented out
- Added '~E_DEPRECATED' to 'error_reporting'
Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
Details:
- Cleaned up whitespace and removed comments (refer to official PHP documentation for that)
- Removed directives that no longer exist as of PHP 7.4.25
- Added '~E_DEPRECATED' to 'error_reporting'
Directives removed that no longer exist as of PHP 7.4.25:
- zend.ze1_compatibility_mode
- y2k_compliance
- register_globals
- register_long_arrays
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase
- always_populate_raw_post_data
Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
(cherry picked from commit 7e45ad87f3)
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This is the latest version, which still has support for PHP 7.x.
It's an intermediate step in the transition to PHP 8.x.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This PR prepares PHP for a few minor changes that cause PHP builds to fail when using --enable-intl with ICU 70.1.
Change UBool to bool for equality operators in ICU >= 70.1
https://github.com/php/php-src/pull/7596
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This PR prepares PHP for a few minor changes that cause PHP builds to fail when using --enable-intl with ICU 70.1.
Change UBool to bool for equality operators in ICU >= 70.1
https://github.com/php/php-src/pull/7596
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
The module will be available, once php8 is selected, at the same place
as the other apache modules.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Update to the newest versions and switch to $(AUTORELEASE) for the python3 packages (where I am the maintainer).
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
October 12th 2021 Security Releases:
HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)
HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This is a minor update, which officially supports Python 3.8, and
removes Python 2 code, among several bugfixes.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Features:
- Add cap_add and cap_drop parameters to service create and
ContainerSpec
- Add templating parameter to config create
Bugfixes:
- Fix getting a read timeout for logs/attach with a tty and slow
output
Miscellaneous:
- Fix documentation examples
Signed-off-by: Javier Marcet <javier@marcet.info>
What's Changed
- CHANGELOG.md: Fix typos discovered by codespell by @cclauss in #350
- Add Python 3.10 support by @theskumar in #359
Signed-off-by: Javier Marcet <javier@marcet.info>
Includes fix for CVE-2021-38297 (passing very large arguments to WASM
module functions can cause portions of the module to be overwritten).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Commit 3da874371 ("libsodium: include ed25519_core in minimal build")
broke the build of PyNaCl. Add patch to always include all ed25519
functions which are now always covered even if libsodium is built with
the MINIMAL option.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When running FindStdlib and running DependsCheckHostPipVersionMatch at
the same time, both commands were joined together resulting in a syntax
error.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Bluetooth support requires bluez-libs present, but they are only required
for the build, and don't seem to be needed to be present on the target.
There isn't any linking required to libbluetooth. It's only the bluetooth.h
header that is required for building BT support into Python.
For testing, this snippet was used from `Lib/test/test_socket.py` (inside
cpython):
```
def _have_socket_bluetooth():
"""Check whether AF_BLUETOOTH sockets are supported on this host."""
try:
# RFCOMM is supported by all platforms with bluetooth support. Windows
# does not support omitting the protocol.
s = socket.socket(socket.AF_BLUETOOTH, socket.SOCK_STREAM, socket.BTPROTO_RFCOMM)
except (AttributeError, OSError):
return False
else:
s.close()
return True
```
Fixes: https://github.com/openwrt/packages/issues/16544
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Without -ldl linker flag .so extensions are not loaded
when glibc is used. Fix it by providing adjusted LDFLAGS
for this case.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Without -ldl linker flag .so extensions are not loaded
when glibc is used. Fix it by providing adjusted LDFLAGS
for this case.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Changed:
- Require Python 3.5 or a later version. Python 2 and 3.4 are no
longer supported
- Raise ValueError if quote_mode isn't one of always, auto or never
in set_key
- When writing a value to a .env file with set_key or dotenv set
<key> <value>
Added:
- The dotenv_path argument of set_key and unset_key now has a type of
Union[str, os.PathLike] instead of just os.PathLike
Signed-off-by: Javier Marcet <javier@marcet.info>
Bugfixes:
- Fix disable_buffering regression
- Bring back support for ssh identity file
- Cleanup remaining python-2 dependencies
- Fix image save example in docs
Miscellaneous:
- Bump urllib3 to 1.26.5
- Bump requests to 2.26.0
Signed-off-by: Javier Marcet <javier@marcet.info>
Refreshed patches.
And apply hack for line-endings in pep517 (from pip).
Hack comment:
# FIXME: [1] get rid of this asap; 'patch' doesn't like Windows endings, and this file is full of them...
# I actually tried this in a number of ways and the only way to fix this is to implement
# a poor-man's dos2unix using sed.
# The issue is with the pip package; it seems that it throws in some Windows line-endings
# and 'patch' won't handle them. So, we do a "dos2unix" and then patch.
# We can get rid of this once this is solved upstream and in pip:
# https://github.com/pypa/pep517/pull/130
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The addressed issue is related to #6893 as its resolution
is actually causing the problem.
When changing the priority of the config file it happens
that after a sysupgrade the previous file is restored
and the new file is added, ending up in a situation
like this:
/etc/php7/15_openssl.ini
/etc/php7/20_openssl.ini
Causing a double extension=openssl.so to be parsed,
which is not appropriate and leads to error message.
The same problem might also occur for mysqli since there
was also a priority change - let's take care about this
at the same time.
The solution is to remove one of the files. Since it is
a configuration file, the user might have adjusted it, so
lets just use the previous version to replace the new
installed version.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Changelog:
- Bumped upper bound of the chardet runtime dependency to allow their v4.0 version stream.
From a1158c5389/CHANGES.rst
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
It often happens that we update a package to a new version (e.g. cffi) to a
newer version, but we forget to update the version for cffi in the
`lang/python/host-pip-requirements/cffi.txt` file.
This check adds a minimal check, so that when a build occurs for a Python
package, if there is a mention/listing of this package in
`lang/python/host-pip-requirements/` it will check that the versions match.
This way, when we update a package, we get a build failure and update the
host version as well.
This will omit packages (like Cython) that are not packaged for OpenWrt,
but are host-side dependencies only.
But until we find some mechanism to check for those, we will probably only
notice to update them when another build occurs (at the very least).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Django 1.11 (host-build) is only needed for Seahub.
And won't ever be needed for anything else (hopefully).
This change moves it to the Seahub folder.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* update license (changed in 1.2.0)
* removed python3-six dependency (removed in 1.0.0)
* do not install tests
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
I tried to install matplotlib by using pip and it failed with the following output:
2021-08-18T11:52:26,171 Collecting matplotlib
2021-08-18T11:52:26,173 Created temporary directory: /tmp/pip-unpack-wuth2u0e
2021-08-18T11:52:26,565 Using cached matplotlib-3.4.3.tar.gz (37.9 MB)
2021-08-18T11:52:38,659 Added matplotlib from https://files.pythonhosted.org/packages/21/37/ 197e68df384ff694f78d687a49ad39f96c67b8d75718bc61503e1676b617/matplotlib-3.4.3.tar. gz#sha256=fc4f526dfdb31c9bd6b8ca06bf9fab663ca12f3ec9cdf4496fb44bc680140318 to build tracker '/tmp/pip- req-tracker-u30x8pht'
2021-08-18T11:52:38,660 Running setup.py (path:/tmp/pip-install-afiyiers/ matplotlib_8e717e38862f4976a3d6cb1832ba3261/setup.py) egg_info for package matplotlib
2021-08-18T11:52:38,661 Created temporary directory: /tmp/pip-pip-egg-info-kbtiezxq
2021-08-18T11:52:38,662 Running command python setup.py egg_info
2021-08-18T11:52:38,831 Traceback (most recent call last):
2021-08-18T11:52:38,832 File "<string>", line 1, in <module>
2021-08-18T11:52:38,832 File "/usr/lib/python3.9/site-packages/setuptools/__init__.py", line 8, in <module>
2021-08-18T11:52:38,833 ModuleNotFoundError: No module named '_distutils_hack'
More details about it:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968410
Once I applied the patch from the bug tracker, I got further to install
it.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Avoid parallel relinking and usage of the host perl binary by wrapping
its usage around flock calls.
Sometimes, two packages will try to relink the static host perl binary
at the same time. Neither of them will have the other's module linked
in, and one of them will unavoidably clobber the other one's binary.
This will lead to errors when a package will not be able to find a
module that was supposed to be installed.
To fix that, an exclusive flock is used when relinking, with a 900
seconds timeout to avoid locking up the build process forever.
This is not enough because the binary may be concurrently used to build
another module package; perl is used in Configure, Compile, and Install
procedures. If timing is right, a package will fail with a "permission
denied" error.
So a shared flock call is added in Configure, Compile, and Install
definitions for host and target, with a shorter, 300 seconds timeout.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Changelog:
PycURL 7.44.0 - 2021-08-08
--------------------------
This release reinstates best effort Python 2 support, adds Python 3.9 and
Python 3.10 alpha support and implements support for several libcurl options.
Official Windows builds are currently not being produced.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
If TOPDIR starts with /usr, then the configure script will use the
staging tree hierarchy instead of using plain /usr/lib. For example, if
TOPDIR=/usr/src/openwrt, then the files will not be available under
$(PKG_INSTALL_DIR)/usr/lib/lua/5.1/, as expected, but under
$(PKG_INSTALL_DIR)/usr/src/openwrt/staging_dir/hostpkg/lib/lua/5.1/.
Set the correct path when calling 'make'. As a bonus, the hardcoded
version number in the Makefile can be dropped.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
When installing a host perl module, the host perl binary in the staging
dir is replaced by using 'cp'. However, if the binary is running in a
parallel job, cp will fail with a text file busy error. Use
$(INSTALL_BIN), which unliks the file first to avoid the error.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
- BACKWARDS COMPATIBILITY:
- Deprecated the distro.linux_distribution() function. Use
distro.id(), distro.version() and distro.name() instead [#296]
- Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will
only support Python 3.6+
- ENHANCEMENTS:
- Added type hints to distro module [#269]
- Added __version__ for checking distro version [#292]
- Added support for arbitrary rootfs via the root_dir parameter
[#247]
- Added the --root-dir option to CLI [#161]
- Added fallback to /usr/lib/os-release when /etc/os-release isn't
available [#262]
- BUG FIXES:
- Fixed subprocess.CalledProcessError when running lsb_release
[#261]
- Ignore /etc/iredmail-release file while parsing distribution
[#268]
- Use a binary file for /dev/null to avoid TextIOWrapper overhead
[#271]
- RELEASE:
- Moved repository from nir0s/distro to python-distro/distro on
GitHub.
Signed-off-by: Javier Marcet <javier@marcet.info>
This package was updated without a hash change.
Fixes: c157522580 ("pyodbc: update to version 4.0.31")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
July 2021 Security Releases:
Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Also bump Cython version to 0.29.23.
And add support for OpenBLAS.
Currently optional, but will be enabled by default on some architectures
later.
Depends on PR https://github.com/openwrt/packages/pull/15685
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This version prefers charset_normalizer instead of chardet.
chardet is still usable if available.
Dropping patches for idna. Not required anymore.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Includes fix for CVE-2021-34558 (crypto/tls: clients can panic when
provided a certificate of the wrong type for the negotiated parameters).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Python works with GNU DBM and with Berkley DBM.
Berkley DBM has been under Oracle for some time.
And it's not clear how many Python users actually use DBM.
In the packages feed, we have both libdb47 (which is now under Oracle) and
GNU DBM. The GNU DBM has a compatibility layer for Berkley DBM.
There are newer versions than libdb47, but it's probably not worth having
them yet. The libbd47 tarball is ~40+ MB. Odds are newer versions will be
bigger and more bloated.
This change merges the old `python3-gdbm` package into the `python3-dbm`
package, since they are effectively using the same underlying library now,
i.e. gdbm.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
I seem to forget to check/select setuptools and pip (that come bundled with
Python).
This change will do a simple 'ls' on the 2 wheel files, so that the build
fails even if just building Python.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Dropped patches:
0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch
0005-Switch-get_-Update-APIs-to-get0.patch
Reworked patches:
0001-Add-new-ASN1_STRING_get0_data-API.patch
0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch
These 2 require that we keep only the CUSTOMIZATIONS stuff for now. Maybe
later we can drop this.
Ran 'make package/python-cryptography/refresh'.
Added patch:
0004-disable-rust.patch
upstream did a sloppy job with the CRYPTOGRAPHY_DONT_BUILD_RUST logic; we
need to patch it, to make sure the setuptools-rust isn't installed.
We may need to carry this patch in our tree for a bit longer than upstream,
because in newer versions, CRYPTOGRAPHY_DONT_BUILD_RUST logic gets removed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
By adding these dependencies, it is much easier for users (both
applications that use Twisted and end users) to have secure
communications by default.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1.16.1 included fixes for:
* CVE-2021-27918 - encoding/xml: infinite loop when using
xml.NewTokenDecoder with a custom TokenReader
* CVE-2021-27919 - archive/zip: can panic when calling Reader.Open
1.16.4 included fixes for:
* CVE-2021-31525 - net/http: ReadRequest can stack overflow due to
recursion with very large headers
1.16.5 includes fixes for:
* CVE-2021-33195 - net: Lookup functions may return invalid host names
* CVE-2021-33196 - archive/zip: malformed archive may cause panic or
memory exhaustion
* CVE-2021-33197 - net/http/httputil: ReverseProxy forwards Connection
headers if first one is empty
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Python3 comes with a built-in readline module. It wasn't included up until
now; mostly because it wasn't considered.
This change introduces it as a sub-package of the main Python3 package.
readline support is included in Python.
libreadline pulls libncursesw as a package, so python3-ncurses was
updated to pull libncursesw as well.
It should be the same package; mostly done for consistency.
Resolves the issue reported here:
https://forum.openwrt.org/t/python3-repl-missing-readline/90039
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Notable Changes:
Diagnostics channel (experimental module)
UUID support in the crypto module
Experimental support for AbortController and AbortSignal
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Refreshed Python patches.
Updated pip & setuptools version.
For pip, patch '001-pep517-pyc-fix.patch' was reworked.
Also, the current version of the bundled pip (21.1.1) no longer supports
Python2, so the 'py2.py3' suffix gets replaced with just py3.
For setuptools, there is no longer a script/module:
https://github.com/pypa/setuptools/pull/2544
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Related to discussion:
https://github.com/openwrt/packages/pull/14060
Every once in a while a version bump will occur that requires an ABI
change. Example: Python 3.8 to 3.9. When this happens some Python packages
would need to be rebuilt. In setups where everything gets rebuilt, this
isn't a problem.
It's usually a bigger problem when needing to upgrade something via
opkg.
To accommodate for this, we add a libpython with it's own ABI_VERSION
flag. If this ABI_VERSION changes, then this should propagate forward.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/15370
This is inspired from:
330bc94dcc/lang/python-greenlet/Makefile
The `PKG_USE_MIPS16:=0` is not taken into consideration when building
Python modules. That's because the sysconfig is used.
This is only an issue with greenlet (on MIPS) so far.
One option is to do `PKG_USE_MIPS16:=0` in the core Python package.
But, since we know that the `wlanslovenija` group has successfully used
greenlet on MIPS with this construct, we might as well adopt it until GCC10
becomes the main compiler.
As noted here:
https://github.com/openwrt/packages/issues/15370#issuecomment-817015484
GCC10 doesn't have this problem.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes two CVEs:
CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Faster to compile.
Add license information.
Several cleanups for consistency between packages.
Small patch fix now that uClibc-ng is gone.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Swith to building with CMake to avoid huge patching of the stock
Makefile.
Reorganize Makefile for consistency between packages.
Add patch to fix deprecated OpenSSL functions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
faster to compile.
A small selection of packages was tested going from:
Executed in 696.30 secs fish external
usr time 82.98 mins 395.00 micros 82.98 mins
sys time 9.02 mins 0.00 micros 9.02 mins
to:
Executed in 592.20 secs fish external
usr time 84.84 mins 361.00 micros 84.84 mins
sys time 8.85 mins 57.00 micros 8.85 mins
Tested by running make -j 12 and wiping staging/build_dir/target_x
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Use AUTORELEASE for simplicity
Switch to compilation with ninja as it's faster.
Use the proper install paths to install ev.so
Use codeload for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bugfixes:
- Remove LD_LIBRARY_PATH and SSL_CERT_FILE environment variables when
shelling out to the ssh client.
Signed-off-by: Javier Marcet <javier@marcet.info>
Add --with-imagick=$(STAGING_DIR)/usr so that configure picks
MagickWand-config from there, before it finds an eventual host-installed
version.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
When building with QUILT, unlike the regular build, Build/Prepare does
not apply the patches. So when buildconf is called with QUILT on, at
the end of Build/Prepare, it will not have the patched sources, and
build will fail.
To fix the problem, run buildconf in Build/Prepare only when QUILT is
off, and do it in Build/Configure otherwise.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Commit d741a64b7 ("lang/php7: Don't run phpize7 with QUILT") changed
pecl.mk to not run phpize7 during Package/prepare if QUILT is set. The
intention was to allow prepare, refresh and update targets to run
without building dependencies.
As a side-effect, Package/configure and Package/compile fail when QUILT
is defined because they can't find ./configure or a Makefile. It also
impacts the github tests run with pull requests, because QUILT is
defined there.
To avoid that failure and still keep the prepare, refresh, and update
speedup, call phpize7 before Package/Configure if QUILT is defined.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Update to v14.16.0
February 2021 Security Releases
- HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (Critical) (CVE-2021-22883)
- DNS rebinding in --inspect (CVE-2021-22884)
- OpenSSL - Integer overflow in CipherUpdate (CVE-2021-23840)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Psycopg is the most popular PostgreSQL adapter for the Python programming language
It's used by the python-sqlalchemy for postgresql
This package was removed by this commit for lacking python3 support:
c37b15e1c4
Version 2.8.6 used in this package now supports pyhton3
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
as a query args separator
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
