This is a feature release including improvement to OIDC and security
enhancements, as well as bugfixes.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry-picked from commit ab990af307)
* Remove $$$$(pkg-config --static --libs libcrypto libssl) from
HOST_LDFLAGS
Having this leads to an "unknown type name 'u_int'" error on Mac.
Removing it doesn't appear to affect Python's ability to find
buildroot LibreSSL.
* Change -Wl,-rpath=... to -Wl,-rpath,... in HOST_LDFLAGS
The equals sign version is not supported by the Mac linker (appears to
be an GNU extension). The comma version is supported; -rpath and its
argument will be separated by a space when passed to the linker.
* Add ac_cv_header_libintl_h=no to HOST_CONFIGURE_VARS for Mac
Python on Mac doesn't expect to use libintl, but if gettext-full is
compiled for host, it will try, leading to undefined symbol errors
during compilation. This prevents configure from finding libintl.h.
Fixes#7171.
Fixes#9621.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- Reorder alphabetically dependencies
- Add python3-logging as a dependency
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit cd13d5d4de)
This allows compilation when libcurl is build with wolfssl as its SSL
backend.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry-picked from 3e78945eaf)
Shorter TITLE
- The longer one was not shown in make menuconfig.
Reodered stuff in Makefile
Removed PKG_UNPACK and change PKG_BUILD_DIR
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from 0a3e4d8)
- Update setuptools to 40.8.0
- Update pip to 19.0.3
- Refreshed patches
- Removed 4 patches (2 of them was included in 3.7.3 and other two are
included in this release)
Makefile python3:
- Move PKG_MAINTAINER above PKG_LICENSE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from ce769db007)
This patch, taken from buildroot, avoids the use of host paths when
compiling third-party extensions.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry-picked from 523c52f6f2)
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
[Add me as maintainer]
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from 6cdcfd9)
Reorder one thing in Makefile and add two spaces in description
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-pick from bec7011401 )
Upstream backport. It seems the holdup is on python-twisted.
Without this, it fails with
SSL_get0_next_proto_negotiated: symbol not found
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from commit 0859931)
Build/InstallDev is passed a second argument, a path where host binaries
should be placed (ultimately $(STAGING_DIR)/host).
This change moves python[3]-config to that directory.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
These patches address issue:
CVE-2019-9948: Unnecessary URL scheme exists to allow local_file://
reading file in urllib
Link to Python issue:
https://bugs.python.org/issue35907
Issue 35907 is still currently open, waiting for a decision for
Python 3.5; these patches for Python 2.7 and 3.7 have been merged.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
These patches address issues:
CVE-2019-9740: Python urllib CRLF injection vulnerability
CVE-2019-9947: Header Injection in urllib
Links to Python issues:
https://bugs.python.org/issue36276 (resolved duplicated of 30458)
https://bugs.python.org/issue35906 (resolved duplicated of 30458)
https://bugs.python.org/issue30458
Issue 30458 is still currently open, waiting for a decision for
Python 3.5; these patches for Python 2.7 and 3.7 have been merged.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This changes the "patched" indicator files for host setuptools and pip
to include their PKG_RELEASE values. This also removes host setuptools
and/or pip before host install, if the installed copy does not match the
version (and PKG_RELEASE) of the copy to be installed.
This will allow added or removed patches to affect host setuptools /
pip, since these changes will cause PKG_RELEASE to be incremented.
This also fixes the host install error, when the install tries to patch
an already patched copy of setuptools. (This error occurs because the
existing indicator files do not have version numbers in their file
names, whereas host install expected version numbers to be present.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds the current setuptools/pip version numbers to the indicator
files' names, which should allow upgraded versions to be patched.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
python-cryptography's build depends (host cffi, libffi) were transferred
to python-cffi at some point; this corrects the situation.
python-cryptography's host Python build depends is copied from its
setup.py[1].
[1]: https://github.com/pyca/cryptography/blob/2.6.1/setup.py#L47
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This uses two find commands to delete __pycache__ contents then the
__pycache__ directories, rather than a for loop.
The second command omits a -empty test, so that if the first command
doesn't remove all directory contents for some reason, the second
command will return an error (find will not delete a non-empty
directory).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This changes the --prefix option, passed to host pip when "installing"
target setuptools and pip, to /usr, in case the prefix is recorded in
the packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds --cache-dir and --disable-pip-version-check options for host
pip, when "installing" target setuptools and pip.
This also changes the pip command to use $(HOST_PYTHON[3]_PIP) from
python[3]-host.mk.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Normally, Python will include the user's site-packages directory
(~/.local/lib/python$(PYTHON_VERSION)/site-packages) in it's internal
search path for modules.
This disables this default inclusion for host Python.
This change is applied during Host/Configure instead of as a patch to
keep this setting unchanged for target Python.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Add --cache-dir option to set the pip cache to a directory in
$(DL_DIR), instead of pip's default (build user's ~/.cache/pip),
fixes#9066
* Add --disable-pip-version-check option, since the version check only
prints a message saying a new version is available
* Combine host_python_pip_install and host_python_pip_install_host into
Build/Compile/HostPy[3]PipInstall
* Remove --root and --prefix options, since this function is only used
to install packages to host Python's default site-packages directory
(setting these may serve to confuse pip)
* Pass all of $(HOST_PYTHON[3]_PACKAGE_BUILD_DEPENDS) to the function,
since pip can handle multiple arguments/packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
After some thinking over this, documenting this behavior makes sense
versus adding some functionst to handle this.
There is some validity/use-cases where some users may want to reference
a python[3]-package.mk from some other location as well as have the
flexibility to change it (locally). One example can be when the local
`packages` is renamed to something else.
This does not fall on the responsibility of the Python maintainers, but
it can be documented.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This changes --with-ensurepip=install to upgrade, to upgrade host
versions of setuptools and pip to the Python-bundled versions.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The Python 2 and 3 versions of chardet both install a script with the
same name (/usr/bin/chardetect). This is the issue identified in #9006
(https://github.com/openwrt/packages/pull/9006#issuecomment-493709812).
This renames the Python 3 script to chardetect3.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Added a python3 variant, and removed python-cryptography, and pyjwt from
the dependencies. They are required only to run one test, that is not
even being installed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This adds the ability to patch setuptools (and pip), and adds 3
reproducibility patches from Debian[1].
(003-PKG-INFO-output-reproducible.patch addresses the issue identified
in #9039.)
The patching is not perfect, in that the patches are applied to
setuptools and pip after they have been installed, since they are
installed from wheels which are already "precompiled".
Also, patching for the host install cannot be updated in place, for
example if a patch is added or removed.
[1]: https://sources.debian.org/patches/python-setuptools/40.8.0-1/
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
luajit didn't understand completely that it was building in a cross
compiled environment for Linux target. This would cause issues when
building under openwrt on macos.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The current package does not work, due to missing dependencies, so they
are being added now, along with python3 support.
This versions brings many bugfixes, and the option to use defusedxml if
available, protecting against many xml exploits.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This is a dependency of the openpyxl package.
The package Makefile was reworked, and a python3 variant was added.
Maintainer was changed to Alexandru Ardelean & Eneas U de Queiroz.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This is a dependency of the openpyxl package.
The package Makefile was reworked, and a python3 variant was added.
Maintainer was changed to Alexandru Ardelean & Eneas U de Queiroz.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Changed PKG_LICENSE to reflect spdx license tag, and PKG_LICENSE_FILES
to include all lincense-related files applicable to the parts of the
code we are actually using to build and/or distributing. The
Windows-only files, and the python-bundled Tools we're not using have
been left out.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Changed PKG_LICENSE to reflect spdx license tag, and PKG_LICENSE_FILES
to include all lincense-related files applicable to the parts of the
code we are actually using to build and/or distributing. The
Windows-only files, and the python-bundled Tools we're not using have
been left out.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
If a package builds python & python3 variants, then the respective
PACKAGE-python* conditional DEPENDS were added, since circular
dependencies should all be resolved now.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Adding the conditionals to DEPENDS should not cause circular
dependencies any more. This adjusts the text to point out that it used
to be a problem, and if it happens again, one should open an issue.
Also, some spotted trivial errors were fixed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Added python-rcssmin, and django-appconfig as dependencies, and a note
in the package help text about not having a rjsmin package, so the
jsmin (javascript) filter will not work.
Adjusted the Makefile to conform to current python-package style, and to
display the package title correctly in menuconfig.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This is a dependency of django-compressor.
The package Makefile was reworked, and a python3 variant was added.
Maintainer was changed to Alexandru Ardelean & Eneas U de Queiroz.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The defusedxml package contains several Python-only workarounds and
fixes for denial of service and other vulnerabilities in Python's XML
libraries. In order to benefit from the protection you just have to
import and use the listed functions / classes from the right defusedxml
module instead of the original module.
Currently, openpyxl detects, and uses defusedxml, if installed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Fixes issue #8978. If libcurl's SSL library is set to an SSL
library other than libmbedtls, compilation fails. This patch
configures python-curl to use the currently selected SSL library
for libcurl.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
With pip3.7, `--index-url ""` is different from absence of --index-url
argument. Apply the same for python3 variant
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is largely done by suffixing "python" or "py" with "3". The
README.md file is also copied here and we intend to maintain it
independently from its python2 counterpart.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The note was note correct when mentioning encodings vs python[3]-codecs.
This change fixes this confusion.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This describes the proposal outlined in #8520, with a few
additions/modifications:
* Describes the handling of the Python 2 interpreter
* Allows for normal updates of Python 2 libraries that share the same
Makefile as their Python 3 version
* Mass removal event has a name
Supersedes #8788.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
These Go library packages were added to support obfs4proxy. As
obfs4proxy was updated to allow dependency management by the Go
compiler, these packages no longer have any dependants.
This removes these packages from the feed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This add the pecl package for communicating with redis servers.
Run-tested on mxs platform with a local redis test server.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This change changes the maintainer to
`Alexandru Ardelean <ardeleanalex@gmail.com`
for all Python packages owned by
`Gergely Kiss <mail.gery@gmail.com>`
No functional changes.
Bumping PKG_RELEASE on each package that is updated.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Node does not support arc or armeb systems.
Moved i18 option to straight under node instead of on its own menu.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The python2 host variant is not needed anymore as openvswitch has now
switch to using python3 for building
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is a minor cleanup.
Use PYTHON[3]_PKG_SETUP_GLOBAL_ARGS variable to specify extra build args.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This change removes a series of Python packages that are added to
seafile-seahub and are not needed.
After some investigation into seafile, there are no references for it.
These are some of the low-hanging fruits.
They're not used [not sure when they were], and these packages were born
out of some weird sprints somewhere and forgotten on web and left
un-maintained.
So, remove them.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
