Package python-idna was updated 2 weeks ago in OpenWrt 19.07.
It causes an issue:
pkg_resources.ContextualVersionConflict: (idna 2.9 (/usr/lib/python3.7/site-packages), Requirement.parse('idna<2.9,>=2.5'), {'requests'})
This is fixed in 2.23.0.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit d62e8b9f3c)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
This backports a patch[1] to fix several request smuggling attacks.
This includes fixes for:
* CVE-2020-10108
* CVE-2020-10109
[1]: 4a7d22e490
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This backports patches from bpo-34585[1] to fix byte order detection of
floats.
Fixing byte order detection allows the repr() of floats to be shorter (a
feature backported to Python 2.7 from Python 3.1[2]).
sys.float_repr_style should be 'short' instead of 'legacy' on supported
platforms.
See #11134.
[1]: https://bugs.python.org/issue34585
[2]: https://docs.python.org/2.7/whatsnew/2.7.html#python-3-1-features
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from a0da5aec7f)
Omitted PKG_RELEASE change
Optionally fixes compilation with uClibc-ng.
Based on the surrounding code, this looks like an oversight.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from 608df65a62)
Adjusted PKG_RELEASE
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This package is required by other packages to run some binaries via
`load_entry_point`.
So, this splits this package away from setuptools.
setuptools is pretty big, akd pkg-resources is also big, but not as big.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit ed0e77f3c3)
Reference to discussion at
c61579b564 (commitcomment-36665837)
Adjusted python PKG_RELEASE items to current situation
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Relevant bits of upstream changelog
New Features
argon2: Support more hashes
scrypt: Now uses python 3.6 stdlib’s hashlib.scrypt() as backend, if present (issue 86).
Bugfixes
Python 3.8 compatibility fixes
passlib.apache.HtpasswdFile: improve compatibility with Apache 2.4's htpasswd
passlib.totp: fix some compatibility issues with older TOTP clients (issue 92)
Fixed error in argon2.parsehash() (issue 97)
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This adds a new (optional) variable, PYPI_SOURCE_NAME, to pypi.mk.
For some PyPi packages (e.g. aiohttp_cors, click, django-compressor),
the name of the package and the source tarball name are slightly
different (usually by capitalisation or hyphen/underscore change).
This new variable is to make this difference explicit. PYPI_NAME is
meant for the "official" package name, whereas PYPI_SOURCE_NAME is meant
for the source tarball name.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry-picked from commit 1bacdd52f7)
This adds pypi.mk, which can be included in Python packages that
download their sources from PyPI, to auto-fill various PKG_* variables
based on the value of PYPI_NAME.
This makefile should be included after $(TOPDIR)/rules.mk but before
$(INCLUDE_DIR)/package.mk (and $(INCLUDE_DIR)/host-build.mk).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry-picked from commit add4c42191)
This change also updates the maintainer email to cotequeiroz@gmail.com, as
requested on a different change.
Not updating deps here, since that will be done in the next changeset that
will convert packages to the Python[3] packaging format.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry-picked from commit 70ebc7a2f4)
This changes the python[3]-django dependencies in packages to be
non-selecting, and adds an MDEPENDS line so that the *-src packages get
placed inside the django menu as well.
Added MENU:= to the src-package definitions in python[3]-package.mk,
so it does not import that setting from the binary package.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry-picked from commit 90527d75af)
This change also updates the maintainer email to cotequeiroz@gmail.com, as
requested on a different change.
Also, changing here is the download URL to github's codeload, since that
one offers .tar.gz archives.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry-picked from commit 545cff8b63)
The email change was part of a previous request from a different PR series.
In this series, the change is the only thing left to do (from what the
original changeset intended to do).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry-picked from commit f5eb040e6b)
