This reverts commit 29da5d65b6.
That fix doesn't work fully correct as the egg directory has version 0.0.0.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes https://github.com/openwrt/packages/issues/15988
It seems that the newer setuptools-scm package (6.0.1) has some
Python3-only syntax.
For the 19.07 release, where Python2 is still around this causes the
python-dateutil package to fail to build.
See https://github.com/pypa/setuptools_scm/issues/541
However, removing 'setuptools-scm' from the build also works.
This change does that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes two CVEs:
CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
CVE-2021-28965: XML round-trip vulnerability in REXML
After this release, ruby 2.6 is now in security maintenance phase.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Recently, I updated icu for issues with node feed, but it broke
compiling of php7.
Error:
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: error: 'TRUE' undeclared (first use in this function)
collator_sort_internal( TRUE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
^~~~
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:349:26: note: each undeclared identifier is reported only once for each function it appears in
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c: In function 'zif_collator_asort':
/foo/target-aarch64_cortex-a53_musl/php-7.2.34/ext/intl/collator/collator_sort.c:543:26: error: 'FALSE' undeclared (first use in this function); did you mean 'FILE'?
collator_sort_internal( FALSE, INTERNAL_FUNCTION_PARAM_PASSTHRU );
^~~~~
FILE
make[3]: *** [Makefile:1031: ext/intl/collator/collator_sort.lo] Error 1
More details:
https://github.com/php/php-src/commit/8eaaabd
Backport of patch from PHP7.3 didn't work for me, but this one was suggested that
Homebrew is using it and it works for me. However, PHP7.2 is EoL.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Docs say it also supports MQTT 5.0.
Added to description.
Updated title as on pypi.org
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit ee0e11c1ab)
Includes fixes for:
* CVE-2021-3177 - ctypes: Buffer overflow in PyCArg_repr
* CVE-2021-23336 - urllib parse_qsl(): Web cache poisoning - semicolon
as a query args separator
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Try to fix license according to SPDX.
Add PKG_LICENSE_FILES.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f8e36f9fd6)
[use pypi.mk for Python package]
- Remove PKG_BUILD_DEPENDS as it is no longer necessary.
- The Python3 is already included in DEPENDS.
- Remove PKG_BUILD_DIR and PKG_UNPACK was for dual Python version.
- Change TITLE and description
- Add source package
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 267796c316)
- Change TITLE and URL to better one
- Add source package
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 19e12971b8)
This includes a fix for CVE-2020-16845 (encoding/binary: ReadUvarint and
ReadVarint can read an unlimited number of bytes from invalid inputs).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This backports fixes for security issues, including:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2019-20907: Infinite loop in the tarfile module
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This package fails to build with newer setuptools, because setuptools
removed the (deprecated) Features feature in v46.0.0[1].
This adapts a commit[2] to remove the use of this feature. (Changes to
code formatting prevent the original commit/patch to be used.)
[1]: aff64ae89e/CHANGES.rst (v4600)
[2]: 3aac426e35
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This lets the Python build process set _PYTHON_HOST_PLATFORM instead of
forcing an explicit value.
Also:
* Save the target _PYTHON_HOST_PLATFORM value during Build/InstallDev
for use when building target Python packages (in python3-package.mk).
* Use the (mostly) default PYTHON_FOR_BUILD value, instead patch
configure to remove the platform triplet from the sysconfigdata file
name.
* Remove the "CROSS_COMPILE=yes" make variable (there is no indication
that this variable is necessary).
* Force host pip to build packages from source instead of downloading
binary wheels.
Previously, host pip can download universal (platform-independent)
wheels but not platform-specific wheels, because of the custom
_PYTHON_HOST_PLATFORM value. (Packages that do not have universal
wheels would be compiled from source.)
With a correct _PYTHON_HOST_PLATFORM, host pip can install
platform-specific wheels as well. However, the pre-built shared object
(.so) files in these wheels will have the host's platform triplet in
their file names. When target Python packages are built (using the
target's _PYTHON_HOST_PLATFORM), Python will not use these shared
object files.
By forcing host pip to build packages from source, the built shared
object files will not have the platform triplet in their file names.
(Host Python has been patched to remove the platform triplet from file
names.) This allows these packages to be used when building target
Python packages.
(The net effect of this complete change is that platform-dependent
packages will continue to be compiled from source, while
platform-independent packages will now also be compiled from source.)
Fixes https://github.com/openwrt/packages/issues/12680.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The perl Configure file was matching GCC 10 against "1*" and treating it
as GCC 1, causing ABI breakage and segfaults.
Cherry-pick the upstream patch which fixes it to check against (e.g)
"1.*" instead, which will make it work for hundreds more GCC versions
to come.
https://github.com/Perl/perl5/commit/6bd6308fcea3541
"Adapt Configure to GCC version 10"
Also includes the previous commit just adding GCC 8 and 9 to one case:
https://github.com/Perl/perl5/commit/ae195500577d707
"Add gcc-8 and gcc-9 for FORTIFY_SOURCE"
Signed-off-by: Ken Wong <xinxijishuwyq@gmail.com>
(cherry picked from commit 65578a43f0)
When a Python package is installed from source (i.e. using setup.py)
into a custom location (with --home), setuptools may want to create a
site.py file in the custom location. This file is created based on the
source code of site-patch.py, a file bundled with setuptools.
Because the normal OpenWrt setuptools package does not contain Python
source code, this file is missing and the installation will end with an
error.
This copies site-patch.py to site-patch.py.txt so that it will be
included in python3-setuptools, and patches setuptools to look for this
file.
See https://github.com/openwrt/packages/issues/12223
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When a Python package is installed from source (i.e. using setup.py)
into a custom location (with --home), setuptools may want to create a
site.py file in the custom location. This file is created based on the
source code of site-patch.py, a file bundled with setuptools.
Because the normal OpenWrt setuptools package does not contain Python
source code, this file is missing and the installation will end with an
error.
This copies site-patch.py to site-patch.py.txt so that it will be
included in python3-setuptools, and patches setuptools to look for this
file.
See https://github.com/openwrt/packages/issues/12223
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 70a7f736c5)
The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).
From https://github.com/openwrt/packages/issues/12209
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Because the first stage for building target Go is actually a host build,
the default platform options (GO386, GOARM, etc.) are detected from the
host. These values are written to a source file and kept when building
the second stage.
This modifies this source file to set the appropriate values for the
target platform, and reset values for other platforms to their
cross-compiling / most compatible defaults.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit da3fb97b9c)
Python will record the values of CC, CXX, AR, and RANLIB (and other
configure options) used during compilation. pip will use these programs
when asked to compile extension modules on the target device.
* If ccache is used during build, CC and CXX will be ccache_cc and
ccache_cxx, respectively, which are not available on-device (#11912).
* If an external toolchain is used during build, the values of these
variables will contain the external toolchain prefix, which may not be
available on target.
* If the normal toolchain is used during build, AR and RANLIB will
contain the toolchain prefix, but the names of ar and ranlib on-device
do not contain the prefix; they are named "ar" and "ranlib".
This changes the values of these variables in Python's files to match
the names available on-device, and without any toolchain prefix.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
