001-pyproject-hooks-pyc-fix.patch and 002-pip-runner-pyc-fix.patch are
redone to use source files if they are present.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-44487: nghttp2 Security Release (High) (Depends on shared library provided by OpenWrt)
* CVE-2023-45143: undici Security Release (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Patch the target triple for Rust with glibc to include hard floating
point support.
The GNU target triple used elsewhere does not include hard float support,
instead `-mfloat-abi=hard` is passed separately. For Rust it must be
included in the target triple. This was already being done for musl,
this commit adds the same patching for glibc.
Without this patch Rust compilation fails with an error like this
(abbreviated to fit the line length):
ld: error: libstd.so uses VFP register arguments, ... does not
ld: failed to merge target specific data of file ...
Signed-off-by: Drew Young <dyoung@viridiparente.com>
Includes fix for CVE-2023-39325 (net/http, x/net/http2: rapid stream
resets can cause excessive work).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Notable Changes
This release addresses some regressions that appeared in Node.js 18.18.0:
(Windows) FS can not handle certain characters in file name #48673
18 and 20 node images give error - Text file busy (after re-build images) nodejs/docker-node#1968
libuv update in 18.18.0 breaks webpack's thread-loader #49911
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
- 1.6.4
- Add support for HTTP 307 and 308 redirect codes
- 1.6.3
- Fix type hints issues
- Add support for Python beta release 3.12 in CI
- Add maintainer email in setup.py
Signed-off-by: Javier Marcet <javier@marcet.info>
Python packages that use maturin to build do not call the maturin
program directly; they use the maturin build backend[1]. This build
backend is a Python library provided with maturin that interfaces with
the maturin program.
This changes the maturin package to use the Python build process so that
the build backend is installed correctly.
This also renames the source package to python-maturin and moves it into
the lang/python directory.
[1]: https://www.maturin.rs/#source-distribution
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a patch (submitted upstream in
https://github.com/PyO3/setuptools-rust/pull/364), to read the profile
to pass to cargo from an environment variable.
This also updates the Python include files to set the environment
variable based on values from rust-values.mk.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Using sccache makes recompilation of rustc and Rust packages faster.
This also makes the rust package visible in menuconfig, in order for the
sccache options to be accessible.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This allows cargo to use make's jobserver when building packages, by
marking the cargo command as recursive (with the + prefix[1]) and
setting MAKEFLAGS.
This also:
* Give cargo/x.py the build directory instead of having to change the
current directory (and opening subshells)
* Set PKG_BUILD_PARALLEL/HOST_BUILD_PARALLEL for Rust packages to enable
the use of make's jobserver
[1]: https://www.gnu.org/software/make/manual/html_node/POSIX-Jobserver.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This consolidates all environment variables for cargo into:
* CARGO_HOST_CONFIG_VARS / CARGO_PKG_CONFIG_VARS
These contain all cargo-specific environment variables, i.e. without
"common" variables like CC.
* CARGO_HOST_VARS / CARGO_PKG_VARS (renamed from CARGO_VARS)
These contain all environment variables to be passed to cargo.
This also:
* Set the CARGO_BUILD_TARGET environment variable instead of using the
--target command-line option
* Update Python include files to use CARGO_HOST_CONFIG_VARS /
CARGO_PKG_CONFIG_VARS
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
As CARGO_HOME mainly functions as a download and source cache[1], moving
it into $(DL_DIR) allows it to persist and be reused between different
buildroots/sdks (when DL_DIR is set to a custom/external location).
[1]: https://doc.rust-lang.org/cargo/guide/cargo-home.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also:
* Modify the "release" profile in place of adding the "stripped" profile
Only the profile for target is modified; there are no file size
constraints for host.
* For host, build with the "release" profile
* For target, build with either the "dev" or "release" profile based on
CONFIG_DEBUG
There is no environment variable to specify the "strip" option, but
enabling this option is not necessary as the build system will already
strip binaries based on CONFIG_NO_STRIP / CONFIG_USE_STRIP /
CONFIG_USE_SSTRIP.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This allows rustc/cargo/etc to be called without having to set PATH, as
$(STAGING_DIR)/host/bin is already in PATH.
This also fixes CARGO_HOME not being set during Host/Configure and
Host/Compile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Compress dist archives with gzip instead of xz; gzip is faster to
compress and decompress
* Use a for loop instead of calling find to extract archives
* Use libdeflate's gzip to decompress instead of gzip
* Limit search for install scripts to top level of extracted archives
This also runs the install scripts with bash instead of sh, in
accordance with the shebang lines inside the scripts.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Replace the PYTHON3_PYMYSQL_SHA_PASSWORD_SUPPORT option, which is
causing circular dependencies, with a meta-package that installs both
python3-pymysql and python3-cryptography.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Move the order in which BuildPackage is called, so that the libpython
package is built ahead of the module packages, to avoid forcing a
clean-build of the package when 'make package/python3/compile' is called
a second time without changes.
The library must be built first, so that when the buildsystem checks for
ABI version changes using libpython3.version, its timestamp should be
older than the dependent package's STAMP_PREPARED file.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This includes a patch to unpin the version of setuptools required for
build; the required version is newer than the version bundled with
Python 3.11. This patch should not be necessary when Python 3.12 is
available.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This includes a patch to update the version of ouroboros (Rust crate)
used, to fix RUSTSEC-2023-0042[1]. Upstream has switch from ouroboros to
self_cell so this patch should only be necessary for cryptography 41.
[1]: https://rustsec.org/advisories/RUSTSEC-2023-0042.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
setuptools-rust is a plugin for setuptools to build Rust Python
extensions implemented with PyO3 or rust-cpython.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
This small python library provides a few tools to handle SemVer in
Python. It follows strictly the 2.0.0 version of the SemVer scheme.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Move arch dependency for luajit to dedicated config HAS_LUAJIT_ARCH to
workaround recursive dependency limitation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
There are no longer any packages in the packages repo that depend on
this package. Since this package backports exception groups from Python
3.11, and Python in the packages repo has been updated to 3.11, there
should be no future need for this package.
This package will be added to the abandoned packages feed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Add OpenResty's mantained branch of luajit. Required for nginx lua
module to work correctly with their custom patches.
Signed-off-by: Javier Marcet <javier@marcet.info>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This renames the source package to python-networkx to match other Python
packages.
This also updates the list of dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
In order to use $(RUSTC_TARGET_ARCH) in HOST_BUILD_DIR, the line to
include rust-values.mk in the Rust makefile was moved in
f489e019ac, causing it to be included
before package.mk is included.
This had the side effect of preventing "-lssp_nonshared" from being
added to RUSTC_LDFLAGS, because PKG_SSP is indirectly set by package.mk
(package.mk includes hardening.mk, hardening.mk sets PKG_SSP).
There is a deeper issue; it is the Rust package's PKG_SSP value that
causes RUSTC_LDFLAGS to be set and written to the Cargo config file. For
packages that use Rust to build, their PKG_SSP value does not affect the
linker flag.
This sets rustflags with the RUSTFLAGS environment variable, instead of
writing the value to the Cargo config file, allowing PKG_SSP from the
package being built to be used and for the package being built to modify
the rustflags used.
This also:
* Fix "-lssp_nonshared" being added to TARGET_CFLAGS instead of
RUSTC_LDFLAGS, when CONFIG_PKG_CC_STACKPROTECTOR_STRONG is set.
* Remove the use of $(RUSTC_TARGET_ARCH) in HOST_BUILD_DIR and move the
include line for rust-values.mk back to after package.mk.
Since the host build directory was moved under the target build
directory in efdbac38dc, it is no longer
necessary to separate build directories with RUSTC_TARGET_ARCH;
$(BUILD_DIR) already separates build directories by target.
* Add BUILDONLY:=1, as the Rust package does not build a target package.
* Install the Cargo config file as "config.toml" instead of "config", as
this is the preferred form[1].
* Rename RUST_CFLAGS to RUSTC_CFLAGS and CONFIG_HOST_SUFFIX to
RUSTC_HOST_SUFFIX, for consistency.
* Allow CARGO_VARS to be set before rust-values.mk is included.
[1]: https://doc.rust-lang.org/cargo/reference/config.html#hierarchical-structure
Fixes: f489e019ac ("rust: compile host package per target")
Fixes: 83785a7ce0 ("rust-lang: Add the rust language support")
Fixes: https://github.com/openwrt/packages/issues/22133
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This allows other packages access to RUST_ARCH_DEPENDS by including
rust-values.mk, instead of rust-package.mk which also sets
Build/Compile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2023-40217 (Bypass TLS handshake on closed
sockets).
This also:
* Remove 027-install-python3-symlink-after-stdlib.patch
This was merged upstream in
https://github.com/python/cpython/pull/104693.
* Remove fix for unnecessary linking with libbsd
(60bf01cb60)
This was fixed upstream in
https://github.com/python/cpython/pull/105236.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the source package to python-xmltodict to match other
Python packages.
This also updates the list of dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Since February 2023, I decided to no longer work with Turris, I mean CZ.NIC company
due to some reasons how the development goes and since that day my work address is not
available and not sure if there is some redirect to someone else, but if anyone wants to
reach me, use my email address, where they can find me.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Both of us were working for Turris and using these devices on daily basis.
A few of these packages are still required and used by Turris. It would be great if
Turris people will take maintainership of these packages, but if they decide not to,
I can step in and take them.
Since Karel switched from using OpenWrt to NixOS and hopefully, I didn't reveal some
secret here, let's take maintainership of his packages.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- Add support for SSLKEYLOGFILE environment variable
- Add support for callable header arguments
- Change handling of proxy environment variables, is_secure set to
true now prevents http_proxy from getting used
Signed-off-by: Javier Marcet <javier@marcet.info>
This removes 014-remove-platform-so-suffix.patch and
016-adjust-config-paths.patch, restoring the platform triplet to paths
for:
* C extensions (*.cpython-311-*.so)
* Build config data directory (/usr/lib/python3.11/config-3.11-*/)
* sysconfig data file (/usr/lib/python3.11/_sysconfigdata_*.py)
Setting `_PYTHON_SYSCONFIGDATA_NAME` during package builds ensures that
sysconfig data for target Python is loaded, in particular so that C
extensions built will have the correct extension / platform triplet.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Currently, configure does not find the correct platform triplet for musl
as the default build/host values passed by OpenWrt buildroot does not
contain the text "linux-musl".
This backports
c163d7f0b6
to add detection for mips soft float and musl.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Support wildcards in install (`+`) paths
* Add fourth parameter to set directory permissions
If file permissions are given (third parameter), these will now apply
to files only.
* Add non-recursive set permissions command (`==`)
* Be more strict about filespec format
Blank lines and lines starting with `#` will be ignored. Other errors
(unknown command, missing path parameter, etc.) will cause the script
to exit.
* Be more strict about ensuring paths exist for all commands
* Avoid spawning subshells
This also removes outdated filespec paths in the python3 package; these
paths delete files that are no longer present.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Fix default Python package description not included in individual
package descriptions
* Update default Python package description text (from General Python
FAQ, "What is Python?")
* Add package descriptions for Python module packages
* Reduce duplication in package titles
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
There is no need to use Py3Package for python3 as it does not package
any Python files; it is an empty package with dependencies to install
the full Python installation.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
