Dropped patches:
0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch
0005-Switch-get_-Update-APIs-to-get0.patch
Reworked patches:
0001-Add-new-ASN1_STRING_get0_data-API.patch
0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch
These 2 require that we keep only the CUSTOMIZATIONS stuff for now. Maybe
later we can drop this.
Ran 'make package/python-cryptography/refresh'.
Added patch:
0004-disable-rust.patch
upstream did a sloppy job with the CRYPTOGRAPHY_DONT_BUILD_RUST logic; we
need to patch it, to make sure the setuptools-rust isn't installed.
We may need to carry this patch in our tree for a bit longer than upstream,
because in newer versions, CRYPTOGRAPHY_DONT_BUILD_RUST logic gets removed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 01d1b4581e)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Python3 comes with a built-in readline module. It wasn't included up until
now; mostly because it wasn't considered.
This change introduces it as a sub-package of the main Python3 package.
readline support is included in Python.
libreadline pulls libncursesw as a package, so python3-ncurses was
updated to pull libncursesw as well.
It should be the same package; mostly done for consistency.
Resolves the issue reported here:
https://forum.openwrt.org/t/python3-repl-missing-readline/90039
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 49faf5d7ca)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
By adding these dependencies, it is much easier for users (both
applications that use Twisted and end users) to have secure
communications by default.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8349546208)
Updating Eneas' email as requested on Github:
https://github.com/openwrt/packages/pull/15622
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 6185156e69)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1.16.1 included fixes for:
* CVE-2021-27918 - encoding/xml: infinite loop when using
xml.NewTokenDecoder with a custom TokenReader
* CVE-2021-27919 - archive/zip: can panic when calling Reader.Open
1.16.4 included fixes for:
* CVE-2021-31525 - net/http: ReadRequest can stack overflow due to
recursion with very large headers
1.16.5 includes fixes for:
* CVE-2021-33195 - net: Lookup functions may return invalid host names
* CVE-2021-33196 - archive/zip: malformed archive may cause panic or
memory exhaustion
* CVE-2021-33197 - net/http/httputil: ReverseProxy forwards Connection
headers if first one is empty
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit fe3c49fe07)
Add --with-imagick=$(STAGING_DIR)/usr so that configure picks
MagickWand-config from there, before it finds an eventual host-installed
version.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit f434a33a13)
Refreshed Python patches.
Updated pip & setuptools version.
For pip, patch '001-pep517-pyc-fix.patch' was reworked.
Also, the current version of the bundled pip (21.1.1) no longer supports
Python2, so the 'py2.py3' suffix gets replaced with just py3.
For setuptools, there is no longer a script/module:
https://github.com/pypa/setuptools/pull/2544
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit e312275dd9)
Related to discussion:
https://github.com/openwrt/packages/pull/14060
Every once in a while a version bump will occur that requires an ABI
change. Example: Python 3.8 to 3.9. When this happens some Python packages
would need to be rebuilt. In setups where everything gets rebuilt, this
isn't a problem.
It's usually a bigger problem when needing to upgrade something via
opkg.
To accommodate for this, we add a libpython with it's own ABI_VERSION
flag. If this ABI_VERSION changes, then this should propagate forward.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 27aee1fbf0)
For some reason Python3 jumped from 3.9.2 to 3.9.4 in about a week.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 156e2e354e)
Notable Changes:
Diagnostics channel (experimental module)
UUID support in the crypto module
Experimental support for AbortController and AbortSignal
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/15370
This is inspired from:
330bc94dcc/lang/python-greenlet/Makefile
The `PKG_USE_MIPS16:=0` is not taken into consideration when building
Python modules. That's because the sysconfig is used.
This is only an issue with greenlet (on MIPS) so far.
One option is to do `PKG_USE_MIPS16:=0` in the core Python package.
But, since we know that the `wlanslovenija` group has successfully used
greenlet on MIPS with this construct, we might as well adopt it until GCC10
becomes the main compiler.
As noted here:
https://github.com/openwrt/packages/issues/15370#issuecomment-817015484
GCC10 doesn't have this problem.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit bde027188a)
Notes:
Build is disabled for arc and mips because
greenlet isn't ported for these platforms
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 837f1b5924)
Psycopg is the most popular PostgreSQL adapter for the Python programming language
It's used by the python-sqlalchemy for postgresql
This package was removed by this commit for lacking python3 support:
c37b15e1c4
Version 2.8.6 used in this package now supports pyhton3
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
(cherry picked from commit 7cfb9a04af)
Fixes two CVEs:
CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
April 2021 Security Releases
- OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)
- OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)
- npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)
OpenSSL-related vulnerabilities do not affect the OpenWrt package. Because OpenWrt's OpenSSL shared library has been updated.
NODEJS_ICU_SMALL is default
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This is d4979cff0 ported to php8.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit db3389edc2)
This is d4979cff0 ported to php8.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 8c6d7dc37c)
Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
as a query args separator
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6d9005d5ac)
When building with QUILT, unlike the regular build, Build/Prepare does
not apply the patches. So when buildconf is called with QUILT on, at
the end of Build/Prepare, it will not have the patched sources, and
build will fail.
To fix the problem, run buildconf in Build/Prepare only when QUILT is
off, and do it in Build/Configure otherwise.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d4979cff06)
Commit d741a64b7 ("lang/php7: Don't run phpize7 with QUILT") changed
pecl.mk to not run phpize7 during Package/prepare if QUILT is set. The
intention was to allow prepare, refresh and update targets to run
without building dependencies.
As a side-effect, Package/configure and Package/compile fail when QUILT
is defined because they can't find ./configure or a Makefile. It also
impacts the github tests run with pull requests, because QUILT is
defined there.
To avoid that failure and still keep the prepare, refresh, and update
speedup, call phpize7 before Package/Configure if QUILT is defined.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 3476816cc8)
Update to v14.16.0
February 2021 Security Releases
- HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (Critical) (CVE-2021-22883)
- DNS rebinding in --inspect (CVE-2021-22884)
- OpenSSL - Integer overflow in CipherUpdate (CVE-2021-23840)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit a68820bb74)
Made the necessary changes to build the latest version of adguardhome.
See this thread : https://github.com/openwrt/packages/pull/14717
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 884761c4df)
Add the necessary new package to build the latest version of adguardhome.
See this thread : https://github.com/openwrt/packages/pull/14717
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 5d8d4fbbcb)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The Python version of python-config is installed when building on macOS,
rather than the shell script version when building on Linux. When run on
macOS, the Python version of python-config will return values with
Mac-specific customizations.
This patches the python-config install recipe so that which version is
installed can be controlled by the package makefile. When building on
macOS, this installs the Python version for host Python and the shell
script version for target Python.
This also updates Host/Compile and Host/Install to use the default host
build recipes, so that the various HOST_* variables are taken into
account automatically.
Fixes https://github.com/openwrt/packages/issues/14652
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 18330902a0)
The $(TOPDIR) seemed to cause Makefile parsing issues with CI.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit 52668b1e97)
Added a check for macOS 11 and newer to resolve a compile error:
*** Unexpected product version 11.2.
Added Internals::getcwd.
Fallback to the built-in getcwd to resolve compile errors on macOS:
Can't locate Errno.pm in @INC
/miniperl not found
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Allows targets such as prepare, refresh, or update to be run without
building dependencies for easier patch maintenance.
This is d741a64b7 applied to php8.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The build process uses a minilua helper for code generation
which must not be compiled with target cross-compiler but
the host compiler.
This error was spotted by buildbots:
ext/opcache/minilua /builder/shared-workdir/build/sdk/build_dir/
target-x86_64_musl/php-8.0.1/ext/opcache/jit/dynasm/dynasm.lua
-D X64=1 -o ext/opcache/jit/zend_jit_x86.c /builder/shared-workdir
/build/sdk/build_dir/target-x86_64_musl/php-8.0.1/ext/opcache/jit/zend_jit_x86.dasc
/bin/bash: ext/opcache/minilua: No such file or directory
Makefile:406: recipe for target 'ext/opcache/jit/zend_jit_x86.c' failed
make[4]: *** [ext/opcache/jit/zend_jit_x86.c] Error 127
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Allows targets such as prepare, refresh, or update to be run without
building dependencies for easier patch maintenance.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
This includes fixes for:
* CVE-2021-3114: crypto/elliptic: incorrect operations on the P-224
curve
* CVE-2021-3115: cmd/go: packages using cgo can cause arbitrary code
execution on Windows
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This properly disables compilation on ARC, where perl is not supported.
Also matches dependencies with other perl packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
No package version bump as no change to built package. URL now points
to current useful webpage, and description is based on current release.
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
This became a requirement in libwww-perl 6.17.
Note that there are two other missing "soft" dependencies, Authen::Ntlm
as used by LWP::Authen::Ntlm, and Data::Dump as used by
LWP::Debug::TraceHTTP, that are not required for basic functionality.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Add spamc and spamc-ssl SpamAssassin client packages.
Also package SpamAssassin Perl backend, but that still lacks many
features due to Perl packages missing in OpenWrt.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Disable native code for now as it fails due to the package's
build-system not considering STAGING_DIR.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
