Includes fixes for CVE-2023-45283 and CVE-2023-45284 (path/filepath:
insecure parsing of Windows paths).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Removed 050-py-stackctrl-fix-gcc-13.patch as it has been merged in the
new version.
This also:
* Add STRIP= (empty value) to skip micropython's stripping step, letting
the OpenWrt build system control stripping.
* Add a workaround for "variable might be clobbered" warning leading to
build error on riscv64
(https://github.com/micropython/micropython/issues/12838).
* Change Build/InstallDev to install host tools into an unversioned
directory, and update micropython-lib to use the unversioned path.
There is no need to keep available multiple versions of the host
tools.
* Add a test.sh script for the packages feed CI.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the package to mpremote and moves it into utils, as this is
a command-line utility and not a Python/MicroPython library.
This also adds a test.sh script for the packages feed CI.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
0001-Allow-profile-to-be-set-by-SETUPTOOLS_RUST_CARGO_PROFILE-env-variable.patch
has been merged in this version.
This also updates the list of dependencies for the package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
This is a tool for managing a recorded version number in
setuptools-based python projects. The goal is to remove the tedious and
error-prone "update the embedded version string" step from your release
process. Making a new release should be as easy as recording a new tag
in your version-control system, and maybe making new tarballs.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
node.js version 20.x is now active LTS.
mipsel (pistachio) is no longer supported.
Due to build difficulties, libuv shared libraries are not used.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This renames the source package to python-pyodbc to match other Python
packages.
This also updates the unixodbc dependency to libodbc, updates the
package title and description, and adds a test.sh script for the
packages feed CI.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4.0.36 included a change to decimal parsing[1] that requires the decimal
module. Trying to load the pyodbc module without python3-decimal
installed would lead to a segmentation fault.
This adds python3-decimal as a dependency.
This also adds python3-uuid as a dependency as the module can accept and
return uuid objects[2].
[1]: 6b107a2bca
[2]: 2ad7a9ced7
Fixes: f02f3ee8c7 ("pyodbc: Update to 4.0.39")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
setuptools provides a local copy of distutils and when building a C
extension, this distutils will add the target LIBDIR (/usr/lib) to the
list of library paths.
If the build system has a libpython3.11.so in /usr/lib, then the linker
will try to link to this shared library and fail.
This adapts 008-distutils-use-python-sysroot.patch for host setuptools
to add the correct library directory.
Fixes: https://github.com/openwrt/packages/issues/22330
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Currently, rust fails to build for mipsel_24kc+24kf with "opcode not
supported on this processor: mips1 (mips1)" errors when building
libunwind.
Because mipsel_24kc+24kf is hard-float, a certain section of
src/llvm-project/libunwind/src/UnwindRegistersRestore.S is selected to
be compiled; the instructions in this section require MIPS II.
mipsel_24kc+24kf is compiled for MIPS32 Release 2 (MIPS32 is based on
MIPS II), but the C flags used to select this architecture were not
passed to the rust bootstrap (to be passed back to gcc).
This passes the C flags to rust bootstrap to fix this compile error.
This also adds PKG_BUILD_FLAGS:=no-mips16 as attempting to generate
MIPS16 code leads to a different compile error.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The rust bootstrap downloads files into a "tmp" directory then moves the
files into the "cache" directory using std::fs::rename. There are no
issues in the original/unpatched case as "tmp" and "cache" are
subdirectories in the build directory ($(HOST_BUILD_DIR)/build) and so
are nearly guaranteed to be on the same filesystem.
35768bf31e changed where files are
saved/cached (in $(DL_DIR)/rustc). If HOST_BUILD_DIR and DL_DIR are on
separate filesystems, then using std::fs::rename to move the files will
fail.[1]
This updates 0002-rustc-bootstrap-cache.patch to account for this case,
i.e. if std::fs::rename fails, fall back to copying the file then
removing the original.
[1]: https://github.com/openwrt/packages/pull/22457
Fixes: 35768bf31e ("rust: Cache bootstrap downloads to $(DL_DIR)/rustc")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
001-pyproject-hooks-pyc-fix.patch and 002-pip-runner-pyc-fix.patch are
redone to use source files if they are present.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-44487: nghttp2 Security Release (High) (Depends on shared library provided by OpenWrt)
* CVE-2023-45143: undici Security Release (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Patch the target triple for Rust with glibc to include hard floating
point support.
The GNU target triple used elsewhere does not include hard float support,
instead `-mfloat-abi=hard` is passed separately. For Rust it must be
included in the target triple. This was already being done for musl,
this commit adds the same patching for glibc.
Without this patch Rust compilation fails with an error like this
(abbreviated to fit the line length):
ld: error: libstd.so uses VFP register arguments, ... does not
ld: failed to merge target specific data of file ...
Signed-off-by: Drew Young <dyoung@viridiparente.com>
Includes fix for CVE-2023-39325 (net/http, x/net/http2: rapid stream
resets can cause excessive work).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Notable Changes
This release addresses some regressions that appeared in Node.js 18.18.0:
(Windows) FS can not handle certain characters in file name #48673
18 and 20 node images give error - Text file busy (after re-build images) nodejs/docker-node#1968
libuv update in 18.18.0 breaks webpack's thread-loader #49911
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
- 1.6.4
- Add support for HTTP 307 and 308 redirect codes
- 1.6.3
- Fix type hints issues
- Add support for Python beta release 3.12 in CI
- Add maintainer email in setup.py
Signed-off-by: Javier Marcet <javier@marcet.info>
Python packages that use maturin to build do not call the maturin
program directly; they use the maturin build backend[1]. This build
backend is a Python library provided with maturin that interfaces with
the maturin program.
This changes the maturin package to use the Python build process so that
the build backend is installed correctly.
This also renames the source package to python-maturin and moves it into
the lang/python directory.
[1]: https://www.maturin.rs/#source-distribution
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a patch (submitted upstream in
https://github.com/PyO3/setuptools-rust/pull/364), to read the profile
to pass to cargo from an environment variable.
This also updates the Python include files to set the environment
variable based on values from rust-values.mk.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Using sccache makes recompilation of rustc and Rust packages faster.
This also makes the rust package visible in menuconfig, in order for the
sccache options to be accessible.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This allows cargo to use make's jobserver when building packages, by
marking the cargo command as recursive (with the + prefix[1]) and
setting MAKEFLAGS.
This also:
* Give cargo/x.py the build directory instead of having to change the
current directory (and opening subshells)
* Set PKG_BUILD_PARALLEL/HOST_BUILD_PARALLEL for Rust packages to enable
the use of make's jobserver
[1]: https://www.gnu.org/software/make/manual/html_node/POSIX-Jobserver.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This consolidates all environment variables for cargo into:
* CARGO_HOST_CONFIG_VARS / CARGO_PKG_CONFIG_VARS
These contain all cargo-specific environment variables, i.e. without
"common" variables like CC.
* CARGO_HOST_VARS / CARGO_PKG_VARS (renamed from CARGO_VARS)
These contain all environment variables to be passed to cargo.
This also:
* Set the CARGO_BUILD_TARGET environment variable instead of using the
--target command-line option
* Update Python include files to use CARGO_HOST_CONFIG_VARS /
CARGO_PKG_CONFIG_VARS
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
As CARGO_HOME mainly functions as a download and source cache[1], moving
it into $(DL_DIR) allows it to persist and be reused between different
buildroots/sdks (when DL_DIR is set to a custom/external location).
[1]: https://doc.rust-lang.org/cargo/guide/cargo-home.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also:
* Modify the "release" profile in place of adding the "stripped" profile
Only the profile for target is modified; there are no file size
constraints for host.
* For host, build with the "release" profile
* For target, build with either the "dev" or "release" profile based on
CONFIG_DEBUG
There is no environment variable to specify the "strip" option, but
enabling this option is not necessary as the build system will already
strip binaries based on CONFIG_NO_STRIP / CONFIG_USE_STRIP /
CONFIG_USE_SSTRIP.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This allows rustc/cargo/etc to be called without having to set PATH, as
$(STAGING_DIR)/host/bin is already in PATH.
This also fixes CARGO_HOME not being set during Host/Configure and
Host/Compile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Compress dist archives with gzip instead of xz; gzip is faster to
compress and decompress
* Use a for loop instead of calling find to extract archives
* Use libdeflate's gzip to decompress instead of gzip
* Limit search for install scripts to top level of extracted archives
This also runs the install scripts with bash instead of sh, in
accordance with the shebang lines inside the scripts.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Replace the PYTHON3_PYMYSQL_SHA_PASSWORD_SUPPORT option, which is
causing circular dependencies, with a meta-package that installs both
python3-pymysql and python3-cryptography.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Move the order in which BuildPackage is called, so that the libpython
package is built ahead of the module packages, to avoid forcing a
clean-build of the package when 'make package/python3/compile' is called
a second time without changes.
The library must be built first, so that when the buildsystem checks for
ABI version changes using libpython3.version, its timestamp should be
older than the dependent package's STAMP_PREPARED file.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This includes a patch to unpin the version of setuptools required for
build; the required version is newer than the version bundled with
Python 3.11. This patch should not be necessary when Python 3.12 is
available.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This includes a patch to update the version of ouroboros (Rust crate)
used, to fix RUSTSEC-2023-0042[1]. Upstream has switch from ouroboros to
self_cell so this patch should only be necessary for cryptography 41.
[1]: https://rustsec.org/advisories/RUSTSEC-2023-0042.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
setuptools-rust is a plugin for setuptools to build Rust Python
extensions implemented with PyO3 or rust-cpython.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
This small python library provides a few tools to handle SemVer in
Python. It follows strictly the 2.0.0 version of the SemVer scheme.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Move arch dependency for luajit to dedicated config HAS_LUAJIT_ARCH to
workaround recursive dependency limitation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
There are no longer any packages in the packages repo that depend on
this package. Since this package backports exception groups from Python
3.11, and Python in the packages repo has been updated to 3.11, there
should be no future need for this package.
This package will be added to the abandoned packages feed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Add OpenResty's mantained branch of luajit. Required for nginx lua
module to work correctly with their custom patches.
Signed-off-by: Javier Marcet <javier@marcet.info>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This renames the source package to python-networkx to match other Python
packages.
This also updates the list of dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
In order to use $(RUSTC_TARGET_ARCH) in HOST_BUILD_DIR, the line to
include rust-values.mk in the Rust makefile was moved in
f489e019ac, causing it to be included
before package.mk is included.
This had the side effect of preventing "-lssp_nonshared" from being
added to RUSTC_LDFLAGS, because PKG_SSP is indirectly set by package.mk
(package.mk includes hardening.mk, hardening.mk sets PKG_SSP).
There is a deeper issue; it is the Rust package's PKG_SSP value that
causes RUSTC_LDFLAGS to be set and written to the Cargo config file. For
packages that use Rust to build, their PKG_SSP value does not affect the
linker flag.
This sets rustflags with the RUSTFLAGS environment variable, instead of
writing the value to the Cargo config file, allowing PKG_SSP from the
package being built to be used and for the package being built to modify
the rustflags used.
This also:
* Fix "-lssp_nonshared" being added to TARGET_CFLAGS instead of
RUSTC_LDFLAGS, when CONFIG_PKG_CC_STACKPROTECTOR_STRONG is set.
* Remove the use of $(RUSTC_TARGET_ARCH) in HOST_BUILD_DIR and move the
include line for rust-values.mk back to after package.mk.
Since the host build directory was moved under the target build
directory in efdbac38dc, it is no longer
necessary to separate build directories with RUSTC_TARGET_ARCH;
$(BUILD_DIR) already separates build directories by target.
* Add BUILDONLY:=1, as the Rust package does not build a target package.
* Install the Cargo config file as "config.toml" instead of "config", as
this is the preferred form[1].
* Rename RUST_CFLAGS to RUSTC_CFLAGS and CONFIG_HOST_SUFFIX to
RUSTC_HOST_SUFFIX, for consistency.
* Allow CARGO_VARS to be set before rust-values.mk is included.
[1]: https://doc.rust-lang.org/cargo/reference/config.html#hierarchical-structure
Fixes: f489e019ac ("rust: compile host package per target")
Fixes: 83785a7ce0 ("rust-lang: Add the rust language support")
Fixes: https://github.com/openwrt/packages/issues/22133
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
