41.0.6 included a fix for CVE-2023-49083 (loading certificates from a
PKCS#7 bundle could lead to a null-pointer-dereference and segfault).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This includes a patch to update the version of ouroboros (Rust crate)
used, to fix RUSTSEC-2023-0042[1]. Upstream has switch from ouroboros to
self_cell so this patch should only be necessary for cryptography 41.
[1]: https://rustsec.org/advisories/RUSTSEC-2023-0042.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The host build replaces the use of the host pip requirements file. This
also updates the dependants of cffi to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
There's been a bit of overlapping opinions on some of these packages.
The best thing to do here is to reduce ownership and relinquish my
control.
This patch does that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Dropped patches:
0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch
0005-Switch-get_-Update-APIs-to-get0.patch
Reworked patches:
0001-Add-new-ASN1_STRING_get0_data-API.patch
0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch
These 2 require that we keep only the CUSTOMIZATIONS stuff for now. Maybe
later we can drop this.
Ran 'make package/python-cryptography/refresh'.
Added patch:
0004-disable-rust.patch
upstream did a sloppy job with the CRYPTOGRAPHY_DONT_BUILD_RUST logic; we
need to patch it, to make sure the setuptools-rust isn't installed.
We may need to carry this patch in our tree for a bit longer than upstream,
because in newer versions, CRYPTOGRAPHY_DONT_BUILD_RUST logic gets removed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Regenerated patches from:
https://github.com/pyca/cryptography/pull/4920
The patch names were kept as generated via 'git format-patch 3.3.1..'
And ran through quilt.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This also removes PKG_BUILD_PARALLEL:=0 that was added for packages that
use HOST_PYTHON3_PACKAGE_BUILD_DEPENDS.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
In hash-checking mode[1], pip will verify downloaded package archives
(source tarballs in our case) against known SHA256 hashes before
installing the packages.
As a consequence, this requires the use of requirements files[2] and
pinning packages to known versions.
The syntax for package Makefiles has changed slightly;
HOST_PYTHON3_PACKAGE_BUILD_DEPENDS no longer accepts requirement
specifiers like "foo>=1.0", only requirements file names (which are the
same as package names in the most common case).
This also updates affected packages, in particular:
* python-zipp: "setuptools_scm[toml]" has been split into
"setuptools-scm toml" to reuse the requirements file for
setuptools-scm (the extra depends installed by "setuptools_scm[toml]"
is toml).
* python-pycparser: This previously used ply 3.10, whereas the
requirements file will now install 3.11.
[1]: https://pip.pypa.io/en/stable/reference/pip_install/#hash-checking-mode
[2]: https://pip.pypa.io/en/stable/user_guide/#requirements-files
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Also:
* Remove patches that are included in the update
* Replace the python3 dependency with a smaller list (python3-urllib is
needed because it is a dependency of python3-email)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds PKG_BUILD_PARALLEL:=0 to packages that depend on host Python
packages (HOST_PYTHON3_PACKAGE_BUILD_DEPENDS), because installing
packages with multiple concurrent pip processes can lead to errors or
unexpected results[1].
This also:
* Move HOST_PYTHON3_PACKAGE_BUILD_DEPENDS definitions to before
python3-package.mk is included
* Update Python folder readme to include PKG_BUILD_PARALLEL:=0
[1]: https://github.com/pypa/pip/issues/2361
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This removes:
* Python 3 variants (VARIANT:=python3)
* "for Python3" from package titles
* Package selection condition from package dependencies, e.g.
+PACKAGE_python3-six:python3-light replaced with +python3-light
* "Default" package information sections, e.g.
Package/python-six/Default removed and package details merged into
Package/python3-six
* "(Variant for Python3)" from package descriptions
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Since cffi is installed by HOST_PYTHON3_PACKAGE_BUILD_DEPENDS, it
shouldn't be necessary to clear setup_requirements anymore.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates all Python packages that download their source from PyPi to
use pypi.mk.
This will allow future improvements/changes to pypi.mk to affect all
relevant packages.
This also makes it easier for future Python packages to start using
pypi.mk, when it's clear how it is used in existing packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Upstream backport. It seems the holdup is on python-twisted.
Without this, it fails with
SSL_get0_next_proto_negotiated: symbol not found
Signed-off-by: Rosen Penev <rosenp@gmail.com>
python-cryptography's build depends (host cffi, libffi) were transferred
to python-cffi at some point; this corrects the situation.
python-cryptography's host Python build depends is copied from its
setup.py[1].
[1]: https://github.com/pyca/cryptography/blob/2.6.1/setup.py#L47
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Version 2.6 includes OpenSSL no-engine support.
This also removes python-idna as a dependency. idna became optional with
version 2.5 (https://cryptography.io/en/latest/changelog/#v2-5).
This also updates the package title field and updates both Python 2 and
3 versions to use the same field.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Version 2.3.1 has been released recently and requested via Github #6967Fixes#6967.
Also, changed URL to `https://files.pythonhosted.org` ; fewer redirects.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This guarantees for the package feeds that
the mk files will always be available for all packages.
Will need to see about external-feed Python packages
a bit later.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
I admit this may be be a bit aggressive, but the lang
folder is getting cluttered/filled up with Python, PHP, Perl,
Ruby, etc. packages.
Makes sense to try to group them into per-lang folders.
I took the Pythons.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Jeffery To