This includes a patch to unpin the version of setuptools required for
build; the required version is newer than the version bundled with
Python 3.11. This patch should not be necessary when Python 3.12 is
available.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit dd5af62695)
This is the last released version before bcrypt's Rust rewrite; this
package can be further updated after the OpenWrt Rust toolchain has
stablized.
This also renames the source package from bcrypt to python-bcrypt to
match other Python packages, and updates the list of dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 3def783d3c)
From the README:
This is the extensible, standards compliant build backend used by Hatch.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 5e832f44fc)
From the README:
hatch-fancy-pypi-readme is a Hatch metadata plugin for everyone who
cares about the first impression of their project’s PyPI landing page.
It allows you to define your PyPI project description in terms of
concatenated fragments that are based on static strings, files, and most
importantly: parts of files defined using cut-off points or regular
expressions.
Once you’ve assembled your readme, you can additionally run regular
expression-based substitutions over it. For instance to make relative
links absolute or to linkify users and issue numbers in your changelog.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6294cf26c7)
From the README:
This provides a plugin for Hatch that uses your preferred version
control system (like Git) to determine project versions.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit fb48859907)
The host build replaces the use of the host pip requirements file. This
also updates the dependants of setuptools-scm to depend on the host
build.
This also removes the toml host pip requirements file as toml is not
used by any other package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 3ee4e7297c)
- Improve the base URI behavior when resolving a $ref to a resolution
URI which is different from the resolved schema's declared $id.
- Accessing jsonschema.draftN_format_checker is deprecated. Instead,
if you want access to the format checker itself, it is exposed as
jsonschema.validators.DraftNValidator.FORMAT_CHECKER on any
jsonschema.protocols.Validator.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit 6c553c35b3)
What's Changed:
- Type annotate format checker methods by @sirosen
- Fix fuzzer to include instrumentation by @DavidKorczynski
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit 83de96fbb3)
What's Changed:
- Add package_url for changelog by @fhightower
- Only validate unevaluated properties/items on applicable types by
@EpicWink
- Mark library as typed (PEP-561) by @ssbarnea
- Add v4.5.1 to changelog by @sirosen
- Modernize the packaging setup via PEP 621 and Hatch. by @Julian
New Contributors:
- @fhightower made their first contribution
- @EpicWink made their first contribution
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit f7a00eb6ab)
What's Changed:
- Extend dynamicRef keyword by @nezhar
- Add FORMAT_CHECKER attribute for Validator by @TiborVoelcker
- Remove stray double-quote by @lurch
- Ensure proper sorting of list in error message by @ssbarnea
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit f1ed3f5bc2)
* Rename PYTHON3_PKG_SETUP_VARS to PYTHON3_PKG_BUILD_VARS, and
PYTHON3_PKG_SETUP_DIR to PYTHON3_PKG_BUILD_PATH
The new variable names emphasize that these values apply to the new
build process.
* Remove PYTHON3_PKG_SETUP_ARGS set to the empty string
These were set to override the default arguments in the old build
process and not applicable to the new build process.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit b1b008f42f)
The host build replaces the use of the host pip requirements file. This
also updates the dependants of cffi to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit aabe27a379)
2.11.0:
- [Feature] Add SSH config token expansion (eg %h, %p) when parsing
ProxyJump directives. Patch courtesy of Bruno Inec.
- [Support] (via #2011) Apply unittest skipIf to tests currently
using SHA1 in their critical path, to avoid failures on systems
starting to disable SHA1 outright in their crypto backends (eg RHEL
9). Report & patch via Paul Howarth.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch,
and to Thomas Grainger and Jun Omae for patch workshopping.
- [Support] Recent versions of Cryptography have deprecated Blowfish
algorithm support; in lieu of an easy method for users to remove it
from the list of algorithms Paramiko tries to import and use, we’ve
decided to remove it from our “preferred algorithms” list. This will
both discourage use of a weak algorithm, and avoid warnings. Credit
for report/patch goes to Mike Roest.
2.10.5:
- [Bug] Windows-native SSH agent support as merged in 2.10 could
encounter Errno 22 OSError exceptions in some scenarios (eg server
not cleanly closing a relevant named pipe). This has been worked
around and should be less problematic. Reported by Danilo Campana
Fuchs and patched by Jun Omae.
- [Bug] OpenSSH 7.7 and older has a bug preventing it from
understanding how to perform SHA2 signature verification for RSA
certificates (specifically certs - not keys), so when we added SHA2
support it broke all clients using RSA certificates with these
servers. This has been fixed in a manner similar to what OpenSSH’s
own client does: a version check is performed and the algorithm used
is downgraded if needed. Reported by Adarsh Chauhan, with fix
suggested by Jun Omae.
- [Bug] Align signature verification algorithm with OpenSSH re:
zero-padding signatures which don’t match their nominal size/length.
This shouldn’t affect most users, but will help Paramiko-implemented
SSH servers handle poorly behaved clients such as PuTTY. Thanks to
Jun Omae for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit 117e3d6a18)
- [Bug] Servers offering certificate variants of hostkey algorithms
(eg ssh-rsa-cert-v01@openssh.com) could not have their host keys
verified by Paramiko clients, as it only ever considered non-cert key
types for that part of connection handshaking. This has been fixed.
- [Bug] PKey instances’ __eq__ did not have the usual safety guard in
place to ensure they were being compared to another PKey object,
causing occasional spurious BadHostKeyException (among other things).
This has been fixed. Thanks to Shengdun Hua for the original report
/patch and to Christopher Papke for the final version of the fix.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch, and
to Thomas Grainger and Jun Omae for patch workshopping.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit b1159e8764)
2.10.2:
- [Bug] Fix Python 2 compatibility breakage introduced in 2.10.1.
Spotted by Christian Hammond.
2.10.3:
- [Bug] Switch from module-global to thread-local storage when
recording thread IDs for a logging helper; this should avoid one
flavor of memory leak for long-running processes. Catch & patch via
Richard Kojedzinszky.
- [Bug] Certificate-based pubkey auth was inadvertently broken when
adding SHA2 support; this has been fixed. Reported by Erik Forsberg
and fixed by Jun Omae.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit 539f9d07a1)
This updates the build options for these packages to work with the
pyproject.toml-based build process, and removes
PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 63d13aa15f)
PycURL changeLog:
-----------------------------------------------------------------
PycURL 7.45.2 - 2022-12-16
-----------------------------------------------------------------
This release fixes several minor issues and adds support for several libcurl options.
-----------------------------------------------------------------
PycURL 7.45.1 - 2022-03-13
-----------------------------------------------------------------
This release fixes build when libcurl < 7.64.1 is used.
-----------------------------------------------------------------
PycURL 7.45.0 - 2022-03-09
-----------------------------------------------------------------
This release adds support for SecureTransport SSL backend (MacOS), adds ability to unset a number of multi options, adds ability to duplicate easy handles and permits pycurl classes to be subclassed.
-----------------------------------------------------------------
PycURL 7.44.1 - 2021-08-15
-----------------------------------------------------------------
This release repairs incorrect Python thread initialization logic which caused operations to hang.
-----------------------------------------------------------------
Signed-off-by: Waldemar Konik <informatyk74@interia.pl>
Compile tested: x86_64
(cherry picked from commit da564ae8cc)
These packages will need adjustments to work with pyproject.toml-based
builds, so set PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1 to force the old
build process (when pyproject.toml-based builds are in place) for now.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e6ae9e29d5)
With proper support of pyproject.toml-based builds in place, this
package will now build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 84d9831dcb)
This renames the source package from MarkupSafe to python-markupsafe to
match other Python packages.
This also updates the package title and description.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 5602cc85d3)
Version 2.1.1
Released 2022-03-14
Avoid ambiguous regex matches in striptags. pallets/markupsafe#293
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6957a4275a)
The host build replaces the use of the host pip requirements file. This
also updates the dependants of ply to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 790beee430)
From the README:
This is a low-level library for calling build-backends in
pyproject.toml-based project. It provides the basic functionality to
help write tooling that generates distribution files from Python
projects.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f6d68782d9)
From the documentation:
A simple, correct PEP 517 build frontend.
build will invoke the PEP 517 hooks to build a distribution package. It
is a simple build tool and does not perform any dependency management.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 34fb0202f9)
From the README:
This is a low-level library for installing a Python package from a wheel
distribution. It provides basic functionality and abstractions for
handling wheels and installing packages from wheels.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 37caea7c93)
The host build replaces the use of the host pip requirements file. This
also updates the dependants of Cython to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit dcf551fbcf)
From the README:
This library is the reference implementation of the Python wheel
packaging standard, as defined in PEP 427.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit afd6f8e445)
From the README:
This provides a PEP 517 build backend for packages using Flit. The only
public interface is the API specified by PEP 517, at flit_core.buildapi.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 2f37a616af)
This also adds myself as maintainer, and marks the target package as
BROKEN (for now) as the update requires proper support for
pyproject.toml-based builds.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e9dd1a1dfc)
Using pip to install host packages with pyproject.toml-based (PEP 517)
builds is problematic:
* If build isolation is used, pip will create an isolated build
environment, install any build dependencies for the requested package,
then build the requested package.
It does not appear currently possible to have pip install the build
dependencies with hash-checking mode enabled[1].
* If build isolation is not used, any build dependencies must be
installed in the build environment before invoking pip to build the
requested package[2].
This would require creating a package dependency resolution system to
install build dependencies, and any dependencies of dependencies, in
the correct order.
* It is very difficult to patch the packages installed by pip.
This adds a new include file (python3-host-build.mk) with recipes to
install host Python packages with pyproject.toml-based builds. This is
backwards-compatible with packages that require running setup.py.
Besides addressing the above issues (the OpenWrt build system already
resolves dependencies between packages, checks all source downloads
against known hashes, and supports patching packages), host packages
also:
* Capture package licensing and maintainer information
* Enable uscan checking for package updates/CVEs
* Are a known concept for OpenWrt packagers/developers
The existing functionality of using host pip to install packages will
remain for now, but should be considered deprecated and expected to be
removed in the future.
This also updates Py3Build/CheckHostPipVersionMatch for the case where
the host-pip-requirements directory does not exist or is empty.
[1]: https://pip.pypa.io/en/stable/user_guide/#changes-to-the-pip-dependency-resolver-in-20-3-2020
[2]: https://pip.pypa.io/en/stable/cli/pip_install/#cmdoption-no-build-isolation
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit fe78c07a31)
A new PEP 517 (https://www.python.org/dev/peps/pep-0517/) has defined that
Python packages can be shipped without any `setup.py` file, and that a
`pyproject.toml` file is sufficient.
A `setup.py` shim layer is suggested as a method for running the build.
For these cases, we will add a support in the OpenWrt build-system to
provide the default `setup.py` shim layer in case this file does not exist,
but there is a `pyproject.toml` file.
We also seem to need to tweak the shim layer with the PKG_VERSION,
otherwise the detected version is 0.0.0.
We will need to see if this will be fixed later in setuptools{-scm}.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 61f202c017)
This will prevent the user's environment variables from affecting host
Python, removing the need to manually override these variables.
It is also not necessary to set PYTHONPATH (when not working on target
Python packages) because the given directories are already included in
Python's search path by default.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6ef46bb919)
This renames the source package from Werkzeug to python-werkzeug to
match other Python packages.
This also updates the package title, description, and list of
dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 574d43fca6)
Version 2.2.2
Released 2022-08-08
Fix router to restore the 2.1 strict_slashes == False behaviour
whereby leaf-requests match branch rules and vice versa.
pallets/werkzeug#2489
Fix router to identify invalid rules rather than hang parsing them,
and to correctly parse / within converter arguments.
pallets/werkzeug#2489
Update subpackage imports in werkzeug.routing to use the import as
syntax for explicitly re-exporting public attributes.
pallets/werkzeug#2493
Parsing of some invalid header characters is more robust.
pallets/werkzeug#2494
When starting the development server, a warning not to use it in a
production deployment is always shown. pallets/werkzeug#2480
LocalProxy.__wrapped__ is always set to the wrapped object when the
proxy is unbound, fixing an issue in doctest that would cause it to
fail. pallets/werkzeug#2485
Address one ResourceWarning related to the socket used by run_simple.
pallets/werkzeug#2421
Version 2.2.1
Released 2022-07-27
Fix router so that /path/ will match a rule /path if strict slashes
mode is disabled for the rule. pallets/werkzeug#2467
Fix router so that partial part matches are not allowed i.e. /2df
does not match /<int>. pallets/werkzeug#2470
Fix router static part weighting, so that simpler routes are matched
before more complex ones. pallets/werkzeug#2471
Restore ValidationError to be importable from werkzeug.routing.
pallets/werkzeug#2465
Version 2.2.0
Released 2022-07-23
Deprecated get_script_name, get_query_string, peek_path_info,
pop_path_info, and extract_path_info. pallets/werkzeug#2461
Remove previously deprecated code. pallets/werkzeug#2461
Add MarkupSafe as a dependency and use it to escape values when
rendering HTML. pallets/werkzeug#2419
Added the werkzeug.debug.preserve_context mechanism for restoring
context-local data for a request when running code in the debug
console. pallets/werkzeug#2439
Fix compatibility with Python 3.11 by ensuring that end_lineno and
end_col_offset are present on AST nodes. pallets/werkzeug#2425
Add a new faster matching router based on a state machine.
pallets/werkzeug#2433
Fix branch leaf path masking branch paths when strict-slashes is
disabled. pallets/werkzeug#1074
Names within options headers are always converted to lowercase. This
matches RFC 6266 that the case is not relevant. pallets/werkzeug#2442
AnyConverter validates the value passed for it when building URLs.
pallets/werkzeug#2388
The debugger shows enhanced error locations in tracebacks in Python
3.11. pallets/werkzeug#2407
Added Sans-IO is_resource_modified and parse_cookie functions based
on WSGI versions. pallets/werkzeug#2408
Added Sans-IO get_content_length function. pallets/werkzeug#2415
Don’t assume a mimetype for test responses. pallets/werkzeug#2450
Type checking FileStorage accepts os.PathLike. pallets/werkzeug#2418
Version 2.1.2
Released 2022-04-28
The development server does not set Transfer-Encoding: chunked for
1xx, 204, 304, and HEAD responses. pallets/werkzeug#2375
Response HTML for exceptions and redirects starts with <!doctype
html> and <html lang=en>. pallets/werkzeug#2390
Fix ability to set some cache_control attributes to False.
pallets/werkzeug#2379
Disable keep-alive connections in the development server, which are
not supported sufficiently by Python’s http.server.
pallets/werkzeug#2397
Version 2.1.1
Released 2022-04-01
ResponseCacheControl.s_maxage converts its value to an int, like
max_age. pallets/werkzeug#2364
Version 2.1.0
Released 2022-03-28
Drop support for Python 3.6. pallets/werkzeug#2277
Using gevent or eventlet requires greenlet>=1.0 or PyPy>=7.3.7.
werkzeug.locals and contextvars will not work correctly with older
versions. pallets/werkzeug#2278
Remove previously deprecated code. pallets/werkzeug#2276
Remove the non-standard shutdown function from the WSGI environ
when running the development server. See the docs for alternatives.
Request and response mixins have all been merged into the Request
and Response classes.
The user agent parser and the useragents module is removed. The
user_agent module provides an interface that can be subclassed to
add a parser, such as ua-parser. By default it only stores the
whole string.
The test client returns TestResponse instances and can no longer be
treated as a tuple. All data is available as properties on the
response.
Remove locals.get_ident and related thread-local code from locals,
it no longer makes sense when moving to a contextvars-based
implementation.
Remove the python -m werkzeug.serving CLI.
The has_key method on some mapping datastructures; use key in data
instead.
Request.disable_data_descriptor is removed, pass shallow=True
instead.
Remove the no_etag parameter from Response.freeze().
Remove the HTTPException.wrap class method.
Remove the cookie_date function. Use http_date instead.
Remove the pbkdf2_hex, pbkdf2_bin, and safe_str_cmp functions. Use
equivalents in hashlib and hmac modules instead.
Remove the Href class.
Remove the HTMLBuilder class.
Remove the invalidate_cached_property function. Use del obj.attr
instead.
Remove bind_arguments and validate_arguments. Use Signature.bind()
and inspect.signature() instead.
Remove detect_utf_encoding, it’s built-in to json.loads.
Remove format_string, use string.Template instead.
Remove escape and unescape. Use MarkupSafe instead.
The multiple parameter of parse_options_header is deprecated.
pallets/werkzeug#2357
Rely on PEP 538 and PEP 540 to handle decoding file names with the
correct filesystem encoding. The filesystem module is removed.
pallets/werkzeug#1760
Default values passed to Headers are validated the same way values
added later are. pallets/werkzeug#1608
Setting CacheControl int properties, such as max_age, will convert
the value to an int. pallets/werkzeug#2230
Always use socket.fromfd when restarting the dev server.
pallets/werkzeug#2287
When passing a dict of URL values to Map.build, list values do not
filter out None or collapse to a single value. Passing a MultiDict
does collapse single items. This undoes a previous change that made
it difficult to pass a list, or None values in a list, to custom URL
converters. pallets/werkzeug#2249
run_simple shows instructions for dealing with “address already in
use” errors, including extra instructions for macOS.
pallets/werkzeug#2321
Extend list of characters considered always safe in URLs based on RFC
3986. pallets/werkzeug#2319
Optimize the stat reloader to avoid watching unnecessary files in
more cases. The watchdog reloader is still recommended for
performance and accuracy. pallets/werkzeug#2141
The development server uses Transfer-Encoding: chunked for streaming
responses when it is configured for HTTP/1.1. pallets/werkzeug#2090,
pallets/werkzeug#1327, pallets/werkzeug#2091
The development server uses HTTP/1.1, which enables keep-alive
connections and chunked streaming responses, when threaded or
processes is enabled. pallets/werkzeug#2323
cached_property works for classes with __slots__ if a corresponding
_cache_{name} slot is added. pallets/werkzeug#2332
Refactor the debugger traceback formatter to use Python’s built-in
traceback module as much as possible. pallets/werkzeug#1753
The TestResponse.text property is a shortcut for
r.get_data(as_text=True), for convenient testing against text instead
of bytes. pallets/werkzeug#2337
safe_join ensures that the path remains relative if the trusted
directory is the empty string. pallets/werkzeug#2349
Percent-encoded newlines (%0a), which are decoded by WSGI servers,
are considered when routing instead of terminating the match early.
pallets/werkzeug#2350
The test client doesn’t set duplicate headers for CONTENT_LENGTH and
CONTENT_TYPE. pallets/werkzeug#2348
append_slash_redirect handles PATH_INFO with internal slashes.
pallets/werkzeug#1972, pallets/werkzeug#2338
The default status code for append_slash_redirect is 308 instead of
301. This preserves the request body, and matches a previous change
to strict_slashes in routing. pallets/werkzeug#2351
Fix ValueError: I/O operation on closed file. with the test client
when following more than one redirect. pallets/werkzeug#2353
Response.autocorrect_location_header is disabled by default. The
Location header URL will remain relative, and exclude the scheme and
domain, by default. pallets/werkzeug#2352
Request.get_json() will raise a 400 BadRequest error if the
Content-Type header is not application/json. This makes a very common
source of confusion more visible. pallets/werkzeug#2339
Version 2.0.3
Released 2022-02-07
ProxyFix supports IPv6 addresses. pallets/werkzeug#2262
Type annotation for Response.make_conditional,
HTTPException.get_response, and Map.bind_to_environ accepts Request
in addition to WSGIEnvironment for the first parameter.
pallets/werkzeug#2290
Fix type annotation for Request.user_agent_class.
pallets/werkzeug#2273
Accessing LocalProxy.__class__ and __doc__ on an unbound proxy
returns the fallback value instead of a method object.
pallets/werkzeug#2188
Redirects with the test client set RAW_URI and REQUEST_URI correctly.
pallets/werkzeug#2151
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d99b5473e5)
This renames the source package from Jinja2 to python-jinja2 to match
other Python packages.
This also updates the package license files, title, and list of
dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 572387f0cb)
Move the order in which BuildPackage is called, so that the libpython
package is built ahead of the module packages, to avoid forcing a
clean-build of the package when 'make package/python3/compile' is called
a second time without changes.
The library must be built first, so that when the buildsystem checks for
ABI version changes using libpython3.version, its timestamp should be
older than the dependent package's STAMP_PREPARED file.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c230d7bd7f)
Since February 2023, I decided to no longer work with Turris, I mean CZ.NIC company
due to some reasons how the development goes and since that day my work address is not
available and not sure if there is some redirect to someone else, but if anyone wants to
reach me, use my email address, where they can find me.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 1e1b2051db)
Update to v16.20.2
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 14th July.
* OpenSSL security advisory 19th July.
* OpenSSL security advisory 31st July
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Includes fix for CVE-2023-29409 (crypto/tls: verifying certificate
chains containing large RSA keys is slow).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Update to v16.20.1
The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 28th March.
* OpenSSL security advisory 20th April.
* OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This also restores (and updates) a patch for pip that was removed
earlier but is still necessary.
Fixes: 7a756db002 ("python3: bump to version 3.10.9")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates 026-openssl-feature-flags.patch with a newer version from
OpenBSD[1].
This also adds 029-no-FIPS_mode.patch to patch out a call to
FIPS_mode(). LibreSSL 3.4 does not have a function definition for
FIPS_mode.
[1]: 26a04435bf/lang/python/3.10/patches/patch-Modules__hashopenssl_c
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds $(STAGING_DIR_HOST)/include/e2fsprogs to HOST_CFLAGS and
HOST_CPPFLAGS so that configure can find uuid/uuid.h.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 44fb4927f1,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
By default, the Python build process will add /usr/local/{lib,include},
and multiarch paths (e.g. /usr/{lib,include}/x86_64-linux-gnu) if
building on Debian/Ubuntu, to its library and includes paths.
006-remove-multi-arch-and-local-paths.patch was added in
84202f17e1 to stop the Python build
process from adding these paths.
006-remove-multi-arch-and-local-paths.patch was removed in
48277ec915.
006-do-not-add-multiarch-paths-when-cross-compiling.patch was added in
0c8b0b0bf7 to stop the Python build
process from adding these paths for target Python.
These paths are still added by the Python build process when building
host Python.
This replaces the cross-compiling-only patch with the original patch,
renamed slightly and adapted for Python 3.10.
Fixes: 48277ec915 ("python3: bump to version 3.8")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f006d0ea23,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When doing parallel builds, host Python can install the python3 symlink
before the Python standard library is installed completely.
When this occurs, it is possible for other packages to detect the
python3 symlink and try to use host Python before it is fully installed.
This adds a patch to make commoninstall (where the standard library is
installed) a prerequisite of bininstall (where the python3 symlink is
installed), so that commoninstall is fully completed before bininstall
begins.
Patch has been submitted upstream:
https://github.com/python/cpython/pull/104693
Fixes: https://github.com/openwrt/packages/issues/19241
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 67e47f1196)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The Makefile lines to add READELF to TARGET_CONFIGURE_OPTS was removed
in 4e05541782.
Without setting READELF, configure finds the symlink to
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-readelf) instead of
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-muslgnueabi-readelf).
This leads to the symlink name being saved to _sysconfigdata.py, and so
the readelf name is not replaced correctly (in
Py3Package/python3-base/install).
This restores the removed Makefile lines.
Fixes: 4e05541782 ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e1a9578635,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
003-do-not-run-distutils-tests.patch was removed in
4e05541782. This patch stopped "make
install" from, among other things, running compileall.
When this patch was removed, "make install" ran compileall as normal and
created bytecode files in __pycache__ directories. These files were then
packaged in python3-light.
This adds a patch to stop compileall from being run during "make
install".
Fixes: 4e05541782 ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8a4da01790,
adjusted PKG_RELEASE, refreshed patches)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
--without-pymalloc was added in 7bf1ae65a8
because leaving it enabled added an "m" flag/suffix to file names.
This flag/suffix was removed in Python 3.8[1], so disabling pymalloc is
no longer necessary.
[1]: https://docs.python.org/3.8/whatsnew/3.8.html#build-and-c-api-changes
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 3032e7063f,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Oversight from when the expat host build was removed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit d09844e395)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
old eventlet is not working well with python3.10
```
root@turris:~# python3
Python 3.10.9 (main, Feb 9 2023, 10:37:45) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import eventlet
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/__init__.py", line 17, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/convenience.py", line 7, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/socket.py", line 4, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/_socket_nodns.py", line 11, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/__init__.py", line 3, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/base.py", line 32, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/timeout.py", line 166, in wrap_is_timeout
TypeError: cannot set 'is_timeout' attribute of immutable type 'TimeoutError'
```
see 0.33.3 release notes for details - https://eventlet.net/doc/changelog.html#id1
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
(cherry picked from commit eb7275402e)
Jeffery To