- Change URL of the website and for PKG_SOURCE_URL
- Change TITLE and description
- Remove PKG_BUILD_DEPENDS, PKG_UNPACK as they are not necessary
- Add src package
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25e8b2cda2)
When installing a host perl module, the host perl binary in the staging
dir is replaced by using 'cp'. However, if the binary is running in a
parallel job, cp will fail with a text file busy error. Use
$(INSTALL_BIN), which unliks the file first to avoid the error.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 19c7496648)
This release includes security fixes like:
CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
CVE-2021-31799: A command injection vulnerability in RDoc
We ordinally do not fix Ruby 2.6 except security fixes, but this release
also includes some regressed bugs and build problem fixes.
Ruby 2.6 is now under the state of the security maintenance phase, until
the end of March of 2022. After that date, maintenance of Ruby 2.6 will
be ended.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This reverts commit 29da5d65b6.
That fix doesn't work fully correct as the egg directory has version 0.0.0.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes https://github.com/openwrt/packages/issues/15988
It seems that the newer setuptools-scm package (6.0.1) has some
Python3-only syntax.
For the 19.07 release, where Python2 is still around this causes the
python-dateutil package to fail to build.
See https://github.com/pypa/setuptools_scm/issues/541
However, removing 'setuptools-scm' from the build also works.
This change does that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes two CVEs:
CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
CVE-2021-28965: XML round-trip vulnerability in REXML
After this release, ruby 2.6 is now in security maintenance phase.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Recently, I updated icu for issues with node feed, but it broke
compiling of php7.
Error:
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: error: 'TRUE' undeclared (first use in this function)
collator_sort_internal( TRUE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
^~~~
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: note: each undeclared identifier is reported only once for each function it appears in
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c: In function 'zif_collator_asort':
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:543:26: error: 'FALSE' undeclared (first use in this function); did you mean 'FILE'?
collator_sort_internal( FALSE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
^~~~~
FILE
make[3]: *** [Makefile:1031: ext/intl/collator/collator_sort.lo] Error 1
More details:
https://github.com/php/php-src/commit/8eaaabd
Backport of patch from PHP7.3 didn't work for me, but this one was suggested that
Homebrew is using it and it works for me. However, PHP7.2 is EoL.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Docs say it also supports MQTT 5.0.
Added to description.
Updated title as on pypi.org
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit ee0e11c1ab)
Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
as a query args separator
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Try to fix license according to SPDX.
Add PKG_LICENSE_FILES.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f8e36f9fd6)
[use pypi.mk for Python package]
- Remove PKG_BUILD_DEPENDS as it is no longer necessary.
- The Python3 is already included in DEPENDS.
- Remove PKG_BUILD_DIR and PKG_UNPACK was for dual Python version.
- Change TITLE and description
- Add source package
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 267796c316)
- Change TITLE and URL to better one
- Add source package
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 19e12971b8)
This includes a fix for CVE-2020-16845 (encoding/binary: ReadUvarint and
ReadVarint can read an unlimited number of bytes from invalid inputs).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This backports fixes for security issues, including:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2019-20907: Infinite loop in the tarfile module
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This package fails to build with newer setuptools, because setuptools
removed the (deprecated) Features feature in v46.0.0[1].
This adapts a commit[2] to remove the use of this feature. (Changes to
code formatting prevent the original commit/patch to be used.)
[1]: aff64ae89e/CHANGES.rst (v4600)
[2]: 3aac426e35
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This lets the Python build process set _PYTHON_HOST_PLATFORM instead of
forcing an explicit value.
Also:
* Save the target _PYTHON_HOST_PLATFORM value during Build/InstallDev
for use when building target Python packages (in python3-package.mk).
* Use the (mostly) default PYTHON_FOR_BUILD value, instead patch
configure to remove the platform triplet from the sysconfigdata file
name.
* Remove the "CROSS_COMPILE=yes" make variable (there is no indication
that this variable is necessary).
* Force host pip to build packages from source instead of downloading
binary wheels.
Previously, host pip can download universal (platform-independent)
wheels but not platform-specific wheels, because of the custom
_PYTHON_HOST_PLATFORM value. (Packages that do not have universal
wheels would be compiled from source.)
With a correct _PYTHON_HOST_PLATFORM, host pip can install
platform-specific wheels as well. However, the pre-built shared object
(.so) files in these wheels will have the host's platform triplet in
their file names. When target Python packages are built (using the
target's _PYTHON_HOST_PLATFORM), Python will not use these shared
object files.
By forcing host pip to build packages from source, the built shared
object files will not have the platform triplet in their file names.
(Host Python has been patched to remove the platform triplet from file
names.) This allows these packages to be used when building target
Python packages.
(The net effect of this complete change is that platform-dependent
packages will continue to be compiled from source, while
platform-independent packages will now also be compiled from source.)
Fixes https://github.com/openwrt/packages/issues/12680.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The perl Configure file was matching GCC 10 against "1*" and treating it
as GCC 1, causing ABI breakage and segfaults.
Cherry-pick the upstream patch which fixes it to check against (e.g)
"1.*" instead, which will make it work for hundreds more GCC versions
to come.
https://github.com/Perl/perl5/commit/6bd6308fcea3541
"Adapt Configure to GCC version 10"
Also includes the previous commit just adding GCC 8 and 9 to one case:
https://github.com/Perl/perl5/commit/ae195500577d707
"Add gcc-8 and gcc-9 for FORTIFY_SOURCE"
Signed-off-by: Ken Wong <xinxijishuwyq@gmail.com>
(cherry picked from commit 65578a43f0)
