The initial package submission was missing
some required and optional dependencies
due to lack of testing on a system without any python
related packages pre-installed.
Some optional but highly recommended dependencies
were discovered with the stdlib module as described in:
392a68e247/lang/python/README.mdFixes#20441
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
llvm-bpf is not ready for generic usage, so use prebuilt llvm toolchain
provided by the rust project to speedup build (~1hour faster).
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Added new RustBinPackage, RustBinHostBuild wrapper.
Added new RUST_PKG_FEATURES flag.
Moved CARGO_HOME to STAGING_DIR_HOSTPKG.
Overrode default Build/Compile and Host/Compile to Cargo build.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
These tarball cannot be reused, so simply drop them.
Also move cargo config to a file instead of using echo command.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This package is a dependency of bleak. Building and installing this package via
pip on a router is not difficult and the build crashes when memory is
exhausted.
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
Includes fixes for:
* 1.20.1:
* CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
Windows
* CVE-2022-41723: net/http: avoid quadratic complexity in HPACK
decoding
* CVE-2022-41724: crypto/tls: large handshake records may cause panics
* CVE-2022-41725: net/http, mime/multipart: denial of service from
excessive resource consumption
* 1.20.2:
* CVE-2023-24532: crypto/elliptic: specific unreduced P-256 scalars
produce incorrect results
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2023-2453 (crypto/elliptic: specific unreduced
P-256 scalars produce incorrect results).
This also includes makefile updates for Go 1.19.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages,
as well as bug fixes to the go command, the linker, the runtime,
and the crypto/x509, net/http, and time packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Thursday February 16 2023 Security Releases
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
- 1.5.1
- Fix logic bug that can cause disconnects
- 1.5.0
- Refactor and improve ping/pong logic to resolve several issues,
including an infinite loop issue during reconnect
- Fix issue where `skip_utf8_validation = True` is ignored
- Fix issue where sslopt `is_ssl` is ignored
- Downgrade "websocket connected" message from logging.warning to
logging.info
- Update github actions to newer versions (669fe1b)
Signed-off-by: Javier Marcet <javier@marcet.info>
Fixes:
https://github.com/openwrt/packages/issues/12707
Seems to work.
Looking into the 'venv' lib, it seems it's installing pip & setuptools
inside a virtual environment.
`python3-pip` is already ~6 MB.
This adds another ~3 MB.
But, this gives users the ability to run Python virtual environments, which
is a pretty common feature of Python in production cases (usually web
stuff).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
