Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
python-paho-mqtt is licensed under EPL-2.0, not EPL-1.0, since version
1.6.0 and
fabe7500fb
While at it, add LICENSE.txt to PKG_LICENSE_FILES
Fixes: 784f2a519b (python-paho-mqtt: bump to version 1.6.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
b3b0cc8 version 0.2.2
85515cd roidmi: initial support for NEX2 Pro
62addc2 isort imports
8695649 README: update other govee to govee_ht
33f6ade ruuvitag: remove device class for counter
2099607 Rename key govee->govee_ht
12acacd codestyle updates
dbba43d ruuvitag: drop redundant import
84878e0 base: add and use HumidityTemperatureSensor
e9f0046 xiaomi_lywsd03_atc: make send_custom a class variable
2f4809a base: use lowercase for instance variable
5b1af17 govee: add manufacturer
7891691 ruuvitag: add manufacturer
cfd799b ruuvitag: remove inheritance from SubscribeAndSetDataMixin
7be28a1 codestyle updates
bffcf5e Add Govee H5074 temperature/humidity sensor support (#77)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
Relevant changes since 3.9.10:
- Improve performance of serializing. str is significantly faster. Documents
using dict, list, and tuple are somewhat faster.
- FIXED: Minimal musllinux_1_1 build due to sporadic CI failure.
Signed-off-by: Timothy Ace <openwrt@timothyace.com>
- Fix the behavior of enum in the presence of 0 or 1 to properly
consider True and False unequal.
- Special case the error message for {min,max}
{Items,Length,Properties} when they're checking for emptiness rather
than true length.
Signed-off-by: Javier Marcet <javier@marcet.info>
https://github.com/numpy/numpy/releases
NumPy 1.26.2 Release Notes
NumPy 1.26.2 is a maintenance release that fixes bugs and regressions
discovered after the 1.26.1 release. The 1.26.release series is the last
planned minor release series before NumPy 2.0. The Python versions
supported by this release are 3.9-3.12.
Signed-off-by: Andy Syam <privasisource@gmail.com>
Dependency introduced by 21094e67cf
and
3c1fac9773
(And only for python versions below 3.12.)
Fixes: 64fa106 (python3-bleak: bump version to 0.21.1)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
- ENHANCEMENTS:
- Refactor distro.info() method to return an InfoDict
- Ignore the file '/etc/board-release'
- Ignore the file '/etc/ec2_version'
- RELEASE:
- Run Python 3.6 on Ubuntu 20.04 for CI and bump isort
- TESTS:
- Test on modern versions of CPython and PyPy and macOS
- Add support for ALT Linux Server 10.1 distribution
- Add Debian Testing to the tests
- Update archlinux resource for tests
Signed-off-by: Javier Marcet <javier@marcet.info>
Upgrade Notes:
- Removed SSL version (ssl_version) and explicit hostname check
(assert_hostname) options
- assert_hostname has not been used since Python 3.6 and was
removed in 3.12
- Python 3.7+ supports TLSv1.3 by default
- Websocket support is no longer included by default
- By default, docker-py hijacks the TCP connection and does not use
Websockets
- Websocket client is only required to use attach_socket(container,
ws=True)
- Python 3.7 no longer officially supported (reached end-of-life June
2023)
Features:
- Python 3.12 support
- Full networking_config support for containers.create()
- Replaces network_driver_opt (added in 6.1.0)
- Add health() property to container that returns status (e.g.
unhealthy)
- Add pause option to container.commit()
- Add support for bind mount propagation (e.g. rshared, private)
- Add filters, keep_storage, and all parameters to prune_builds()
(requires API v1.39+)
Bugfixes:
- Consistently return docker.errors.NotFound on 404 responses
- Validate tag format before image push
Miscellaneous:
- Upgraded urllib3 version in requirements.txt (used for
development/tests)
- Documentation typo fixes & formatting improvements
- Fixed integration test compatibility for newer Moby engine versions
- Switch to ruff for linting
Signed-off-by: Javier Marcet <javier@marcet.info>
- Renamed `mask` variable in ABNF to prevent name collision with
`mask()` function (9b51f73)
- Fixed old http import of HTTPStatus in _handshake.py (9b51f73)
- Add `send_text()` and `send_bytes()` to _app.py
- Improved typehint support (9b51f73, 8b73d00)
- General readability improvements, made all string concatenations
use f-strings (780584f, 3eabc6e)
- Applied black formatting style to code (da7f286)
Signed-off-by: Javier Marcet <javier@marcet.info>
Users might configure their own env variables on the host, and sometimes
it can lead build failure or unexpected behavior.
Fixes: #22889
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Some code refactoring has been done since 3.2.0 that
bufio.lua no longer exists, libeco.so and bufio.so have been added.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
41.0.6 included a fix for CVE-2023-49083 (loading certificates from a
PKCS#7 bundle could lead to a null-pointer-dereference and segfault).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also includes a test.sh script for the packages feed CI.
From the README:
When writing desktop application, finding the right location to store
user data and configuration varies per platform. Even for
single-platform apps, there may by plenty of nuances in figuring out the
right location.
This kind of thing is what the platformdirs package is for.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
JSON support files from the JSON Schema Specifications (metaschemas,
vocabularies, etc.), packaged for runtime access from Python as a
referencing-based Schema Registry.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
removed some sources to download perl. I believe I only need one source to download perl at https://www.cpan.org/src/5.0. I see some Linux distributions use that source to download.
change the position of PKG_MAINTAINER to make it neater and prettier
perform a patch refresh
removes some patches that have been applied in perl-5.38.0 as well as patches that are no longer used in perl-5.38.0
added one patch Perl/perl5@ba6e2c3 this fixes the issue regcomp*.c, regexec.c - fixup regex engine build under -Uusedl
provided updates and synchronized libc.config base.config version.config to perl-5.38.0
removed deprecated arybase in perl-5.29.4
Signed-off-by: Andy Syam <privasisource@gmail.com>