Update to v18.16.1
The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 28th March.
* OpenSSL security advisory 20th April.
* OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This reverts commit a2e76e4978.
Now that the issue is fixed on gcc side (see openwrt/openwrt@7b4a966),
we can revert this workaround here.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This renames the source package to python-asgiref to match other Python
packages.
This also updates the package title and URL.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This package was originally added[1] as it was a dependency of
etesync-server 0.3.0. When etesync-server was renamed to etebase and
upgraded to 0.6.1[2], this dependency was removed. No other package in
the packages feed depends on this package.
Upstream has also archived the git repo[3] and stated that the
repo/package is deprecated. It does not appear that any newer version of
etebase uses this package.
This removes the python3-django-etesync-journal package; it will be
submitted to the abandoned packages repo.
[1]: https://github.com/openwrt/packages/pull/10469
[2]: https://github.com/openwrt/packages/pull/14063
[3]: https://github.com/etesync/journal-manager
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the source package from passlib to python-passlib to match
other Python packages.
This also updates the package URL and list of dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The buildbots failed for the mentioned platform with the following error:
(I shortened the pathnames and broke long lines a little bit for readability)
.../lib/gcc/riscv64-openwrt-linux-musl/12.3.0/../../../../
riscv64-openwrt-linux-musl/bin/ld: Zend/zend_execute_API.o: in function `.L533':
zend_execute_API.c:(.text+0x1b1c): undefined reference to `__atomic_exchange_1'
.../riscv64-openwrt-linux-musl/bin/ld: Zend/zend_atomic.o:
in function `zend_atomic_bool_exchange':
zend_atomic.c:(.text+0xc): undefined reference to `__atomic_exchange_1'
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile:350: sapi/cli/php] Error 1
Inspired by the blog post[1], linking to libatomic explicitly seems to
do the trick.
[1] A RISC-V gcc pitfall revealed by a glibc update
https://blog.jiejiss.com/A-RISC-V-gcc-pitfall-revealed-by-a-glibc-update
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
From the README:
This CLI tool provides an integrated set of utilities to remotely
interact with and automate a MicroPython device over a serial
connection.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The package has been reworked to install the same files that are
available to be downloaded/installed by mip, the package manager new to
MicroPython 1.20.0.
This also splits the original target package into four:
* micropython-lib
* Includes packages common to all MicroPython ports (python-stdlib,
python-ecosys, micropython)
* Contains mpy bytecode files
* micropython-lib-src
* Includes packages common to all MicroPython ports (python-stdlib,
python-ecosys, micropython)
* Contains py source files
* micropython-lib-unix
* Includes packages specific to the MicroPython Unix port (unix-ffi)
* Contains mpy bytecode files
* Installs a specific launcher (micropython-unix) that adds the Unix
package directory into MicroPython's library path
* micropython-lib-unix-src
* Includes packages specific to the MicroPython Unix port (unix-ffi)
* Contains py source files
This also updates the package license, title, and description.
Patches:
* 001-build-unix-ffi.patch
This enables the repo build script to also build the Unix-specific
packages. Not sure if upstream is open to accepting this since the
Unix-specific packages don't fit well into the existing package
distribution mechanism.
* 002-add-unix-ffi-os-path.patch and 003-add-unix-ffi-uu.patch
These fix instances where the unix-ffi version of the os package is
overridden by the python-stdlib version. These have been submitted to
upstream: https://github.com/micropython/micropython-lib/pull/672
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Patches 000-Makefile-no-errors.patch and 020-mpy-cross-fix-flags.patch
are no longer necessary.
This also adds a Build/InstallDev recipe to install files necessary for
micropython-lib.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the source package from Werkzeug to python-werkzeug to
match other Python packages.
This also updates the package title, description, and list of
dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the source package from MarkupSafe to python-markupsafe to
match other Python packages.
This also updates the package title and description.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the source package from Jinja2 to python-jinja2 to match
other Python packages.
This also updates the package license files, title, and list of
dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the source package from click-log to python-click-log to
match other Python packages.
This also updates the package to download from PyPI, and updates the
package title, URL, and dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This is the last released version before bcrypt's Rust rewrite; this
package can be further updated after the OpenWrt Rust toolchain has
stablized.
This also renames the source package from bcrypt to python-bcrypt to
match other Python packages, and updates the list of dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
setuptools 64.0.0 deprecated the use of --global-option to pass build
parameters[1]. This replaces the use of --global-option with
--build-option.
[1]: https://github.com/pypa/setuptools/blob/main/CHANGES.rst#v6400
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
