The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
* Insufficient fix for macOS devices on v18.5.0
* CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
* CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
* CVE-2022-35255: Weak randomness in WebCrypto keygen
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
llhttp updated to 6.0.10
llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities.
* HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 658621bf5e)
Patch 030:
Backported from Python main branch[^1] for Python to distinguish between glibc and musl libc SOABI.
Patch 131:
Changes PLATFORM_TRIPLET -gnu/-musl suffix detection (performed by the backported patch)
to be based on the target OS instead of the building OS.
See included patches for more detailed descriptions.
Specifically this fixes cross-compilation for mpc8548 CPUs with SPE instructions[^2] enabled.
[^1]: merged to python:main as https://github.com/python/cpython/pull/24502 'bpo-43112: detect musl as a separate SOABI'
[^2]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Co-authored-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit 992fcd1bd8)
Notable Changes:
Experimental command-line argument parser API
Experimental ESM Loader Hooks API
Experimental test runner
Improved interoperability of the Web Crypto API
Dependency updates:
Updated Corepack to 0.12.1
Updated ICU to 71.1
Updated npm to 8.15.0
Updated Undici to 5.8.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 841b38f37a)
The uuid module has been split out into a separate package with the
update to Python 3.10.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit 52ae0a2018)
makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible
Quoting inner commit message:
This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.
While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.
Therefore I see no need to prevent them from running LuaJit
explicitly.
[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit a4a484fbca)
Update to v16.16.0
Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
No vulnerabilities related with openssl (uses system openssl)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 8db0d09823)
Description:
Update from v16.15.0
Changed handling of host's npm problems due to npm updates.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit fcfd2599d9)
Includes fix for CVE-2022-30634 (crypto/rand: Read hangs when passed
buffer larger than 1<<32 - 1).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 112cf09031)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit acd8384ede)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 20876aadf8)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 46ce0df523)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 005e114ddd)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit fb36a5226c)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 285efba8ea)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 3138eacbe3)
With the upgrade of node.js to version 16, the npm version will also change to version 8.
This fix is to support npm@8. npm@6 can also build without problems.
The modification method is different from other node modules.
The reason is due to the npm@8 issue.
https://github.com/npm/cli/issues/4027
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit eee26dbac6)
This update also changes npm from v6 to v8.
This change also requires node module packages to be modified.
Each package will be updated later.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 28be0c92c2)
Includes fixes for:
* CVE-2022-24675 - encoding/pem: stack overflow
* CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has
too many leading zeroes
This also adds -buildvcs=false to omit VCS information in Go programs.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8c0477a895)
Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit bed8dc2132)
It seems that Turris guys is using this package in the Turris OS, where
it is used for reForis (simple, basic UI for users)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[replace Daniel as maintainer, add commit message]
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
(cherry picked from commit 2366b26813)
This helps in cases, when someone forgets to bump PKG_RELEASE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 116c0d6c39)
It seems that Turris guys is using this package in the Turris OS, where
it is used for reForis (simple, basic UI for users)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[replace Daniel as maintainer, add commit message]
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
(cherry picked from commit 934a7e22cd)
**** 1.33 Dec 16, 2021
Fix rt.cpan.org #137768
Test t/05-SVCB.t on Perl 5.18.0 fails with deep recursion.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This package (more specifically, the host version) was added for mesa in
the video feed[1]; no packages in the packages feed require this
package.
As mesa will be updated to install Mako using host pip[2], there is no
need to continue maintaining the package here. It will be imported into
the abandoned packages repo[3].
[1]: 2e17cb9a1b (commitcomment-63047904)
[2]: https://github.com/openwrt/video/pull/25
[3]: https://github.com/openwrt/packages-abandoned/pull/26
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a recipe, Py3Build/InstallBuildDepends, that installs the
requirements listed in HOST_PYTHON3_PACKAGE_BUILD_DEPENDS. This allows
other (non-Python) packages to install host Python packages by calling
this recipe, without having to know the internals of python3-package.mk.
This also updates apparmor to call this recipe.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2.10.1:
- [Bug]: (CVE-2022-24302) Creation of new private key files using
PKey subclasses was subject to a race condition between file creation
& mode modification, which could be exploited by an attacker with
knowledge of where the Paramiko-using code would write out such
files.
- This has been patched by using os.open and os.fdopen to ensure new
files are opened with the correct mode immediately. We’ve left the
subsequent explicit chmod in place to minimize any possible
disruption, though it may get removed in future backwards-
incompatible updates.
- Thanks to Jan Schejbal for the report & feedback on the solution,
and to Jeremy Katz at Tidelift for coordinating the disclosure.
2.10.0:
- [Feature] Add support for OpenSSH’s Windows agent as a fallback
when Putty/WinPageant isn’t available or functional. Reported by
@benj56 with patches/PRs from @lewgordon and Patrick Spendrin.
- [Feature] Add support for the %C token when parsing SSH config
files. Foundational PR submitted by @jbrand42.
- [Bug] Significantly speed up low-level read/write actions on
SFTPFile objects by using bytearray/memoryview. This is unlikely to
change anything for users of the higher level methods like
SFTPClient.get or SFTPClient.getfo, but users of SFTPClient.open will
likely see orders of magnitude improvements for files larger than a
few megabytes in size.
- Thanks to @jkji for the original report and to Sevastian Tchernov
for the patch.
- [Support] Add six explicitly to install-requires; it snuck into
active use at some point but has only been indicated by transitive
dependency on bcrypt until they somewhat-recently dropped it. This
will be short-lived until we drop Python 2 support. Thanks to
Sondre Lillebø Gundersen for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
- No need to explicitly state two times section and category since this is
already done in define Package/chicken-scheme/Default
- Also add TITLE to Default
- Add conflict between chicken-scheme-interpreter and
chicken-scheme-full
They both provide the same files:
/usr/lib/libchicken.so
/usr/lib/chicken/11/chicken.time.import.so
/usr/lib/chicken/11/chicken.fixnum.import.so
/usr/lib/chicken/11/chicken.internal.import.so
/usr/lib/chicken/11/chicken.tcp.import.so
/usr/lib/chicken/11/chicken.continuation.import.so
/usr/lib/chicken/11/chicken.port.import.so
/usr/lib/chicken/11/chicken.random.import.so
/usr/lib/chicken/11/chicken.compiler.user-pass.import.so
/usr/lib/chicken/11/chicken.process-context.import.so
/usr/lib/chicken/11/chicken.bitwise.import.so
/usr/lib/chicken/11/srfi-4.import.so
/usr/lib/chicken/11/chicken.load.import.so
/usr/lib/chicken/11/chicken.blob.import.so
/usr/lib/chicken/11/chicken.time.posix.import.so
/usr/lib/chicken/11/chicken.file.posix.import.so
/usr/lib/chicken/11/chicken.flonum.import.so
/usr/lib/chicken/11/chicken.condition.import.so
/usr/lib/chicken/11/chicken.pretty-print.import.so
/usr/lib/chicken/11/types.db
/usr/lib/chicken/11/chicken.foreign.import.so
/usr/lib/chicken/11/chicken.repl.import.so
/usr/lib/chicken/11/chicken.pathname.import.so
/usr/lib/chicken/11/chicken.sort.import.so
/usr/lib/chicken/11/chicken.keyword.import.so
/usr/lib/chicken/11/chicken.process.signal.import.so
/usr/lib/chicken/11/chicken.platform.import.so
/usr/lib/chicken/11/chicken.base.import.so
/usr/lib/chicken/11/chicken.syntax.import.so
/usr/lib/chicken/11/chicken.file.import.so
/usr/lib/chicken/11/chicken.memory.import.so
/usr/lib/chicken/11/chicken.gc.import.so
/usr/lib/chicken/11/chicken.io.import.so
/usr/lib/chicken/11/chicken.memory.representation.import.so
/usr/lib/chicken/11/chicken.process.import.so
/usr/lib/chicken/11/chicken.plist.import.so
/usr/lib/chicken/11/chicken.string.import.so
/usr/lib/chicken/11/chicken.errno.import.so
/usr/lib/chicken/11/chicken.format.import.so
/usr/lib/chicken/11/chicken.eval.import.so
/usr/lib/chicken/11/chicken.irregex.import.so
/usr/lib/chicken/11/chicken.process-context.posix.import.so
/usr/lib/chicken/11/chicken.read-syntax.import.so
/usr/lib/chicken/11/chicken.csi.import.so
/usr/lib/chicken/11/chicken.locative.import.so
/usr/bin/csi
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
I can't seem to see any package that needs it.
This was added for cryptography, since it was needed up to version 2.7
asn1-crypto doesn't have a user since commit 9d892e3cf8
So, remove it.
Abandoned packaged PR: https://github.com/openwrt/packages-abandoned/pull/23
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
With the removal of Seafile, these library packages no longer have any
in-repo users. They will be imported into the abandoned packages
repo[1].
[1]: https://github.com/openwrt/packages-abandoned/pull/24
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- 1.3.1:
- Fix 10 year old bug and improve dispatcher handling for
run_forever
- Fix run_forever to never return None, only return True or False,
and add two tests
- Remove Python 3.6 support, EOL in Dec 2021
- 1.3.0:
- BREAKING: Set Origin header to use https:// scheme when wss://
WebSocket URL is passed
- Replace deprecated/broken WebSocket URLs with working ones
(6ad5197)
- Add documentation referencing rel for automatic reconnection with
run_forever()
- Add missing opcodes 1012, 1013
- Add errno.ENETUNREACH to improve error handling (da1b050)
- Minor documentation improvements and typo fixes
- 1.2.3:
- Fix broken run_forever() functionality
- 1.2.2:
- Migrate wsdump script in setup.py from scripts to newer
entry_points
- Add support for ssl.SSLContext for arbitrary SSL parameters
- Remove keep_running variable
- Remove HAVE_CONTEXT_CHECK_HOSTNAME variable (dac1692)
- Replace deprecated ssl.PROTOCOL_TLS with ssl.PROTOCOL_TLS_CLIENT
- Simplify code and improve Python 3 support
- Fill default license template fields
- Update CI tests
- Improve documentation
Signed-off-by: Javier Marcet <javier@marcet.info>
- BACKWARD COMPATIBILITY:
- Dropped support for EOL Pythons 2.7, 3.4 and 3.5
- Dropped support for LSB and uname back-ends when --root-dir is
specified
- Moved distro.py to src/distro/distro.py
- ENHANCEMENTS:
- Documented that distro.version() can return an empty string on
- rolling releases
- Documented support for Python 3.10
- Added official support for Rocky Linux distribution
- Added a shebang to distro.py to allow standalone execution
- Added support for AIX platforms
- Added compliance for PEP-561
- BUG FIXES:
- Fixed include_uname parameter oversight
- Fixed crash when uname -rs output is empty
- Fixed Amazon Linux identifier in distro.id() documentation
- Fixed OpenSuse >= 15 support
- Fixed encoding issues when opening distro release files
- Fixed linux_distribution regression
Signed-off-by: Javier Marcet <javier@marcet.info>
Includes fix for CVE-2022-21716 (The Twisted SSH client and server
implementation naively accepted an infinite amount of data for the
peer's SSH version identifier.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1. updated to 5.9.0
2. psutil can not be built on macos due to build script detects Darwin
using sys.platform and changes build logic to build for Darwin, but
OpenWrt is Linux.
This commit add patch to allow redefining sys.platform and uses
env var TARGET_SYS_PLATFORM to specify linux as sys platfrom.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
This includes fixes for:
* CVE-2022-23772: math/big: Rat.SetString may consume large amount of
RAM and crash
* CVE-2022-23806: crypto/elliptic: IsOnCurve returns true for invalid
field elements
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1. ruby/host build fails on macos due to Apple ld generates warning
if a folder from LDFLAGS is not exist. configure script catches this
warning and fails. This patch disables ld warnings for macos
2. ruby build fails on macos due /bin/true is not exist on macos.
This patch replaces /bin/true with true in OpenWrt Makefile
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
- Removed PYPI_SOURCE_EXT as this release provides tarball with .tar.gz
extension, which is default.
- Changelog: https://dnspython.readthedocs.io/en/stable/whatsnew.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
lyaml build script detects Darwin using `uname -s` and changes
build logic so lyaml package can not be built on macos.
This patch uses fakeuname host tool to redefine `uname -s` output
and fix build on macos.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
configure script detects Darwin and uses flags incompatible with
Linux target build.
This patch uses fakeuname tool if host OS is MacOS to avoid Darwin
detection on target build.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Update to v14.18.3
January 10th 2022 Security Releases:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
./configure script detects macos specific system headers
(IOKit/serial/ioss.h and sys/ttycom.h) that are not available
during compile time. There is no way to pass ac_cv_* vars to
./configure script due to perl wrappers
To fix this issue, fake(empty) headers provided during compile
time if build host is MacOS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
setup.py detects macos (darwin) and adds -flat_namespace flag. This
flag is not compatible with GCC that is used to compile target.
This patch patch disables darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luaossl detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux so build OS detection is disabled
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luasql ./config scripts checks `uname -s` output and changes
LIB_OPTION from '-static' to macos specific if detected OS is
Darwin. These flags are not compatible with GCC
OpenWrt is always Linux, this patch removes Darwin
specific stuff from compilation flags
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The last tagged release (v1.9.3) was in 2017. This updates the package
to the most recent commit of the master branch.
This also sets myself at the maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- [Bug]: Enhanced log output when connecting to servers that do not
support server-sig-algs extensions, making the new-as-of-2.9
defaulting to SHA2 pubkey algorithms more obvious when it kicks in.
- [Bug]: Connecting to servers which support server-sig-algs but
which have no overlap between that list and what a Paramiko client
supports, now raise an exception instead of defaulting to
rsa-sha2-512 (since the use of server-sig-algs allows us to know
what the server supports).
Signed-off-by: Javier Marcet <javier@marcet.info>
1. updated to 24.2 (RN: https://github.com/erlang/otp/releases/tag/OTP-24.2)
2. added libstdcpp dependency
3. erlang-hipe was removed in upstream
(ref fccb8482ef)
everything related to erlang-hipe was removed from Makefile
4. updated and refreshed patches
5. host-compile ssl library forced to OpenWrt LibreSSL to avoid using system library
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
lua-curl-v3 detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux, OS detection is disabled via UNAME=Linux
as a part of MAKE_FLAGS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2to3 is a Python program that reads Python 2.x source code and applies a
series of fixers to transform it into valid Python 3.x code. The standard
library contains a rich set of fixers that will handle almost all code. 2to3
supporting library lib2to3 is, however, a flexible and generic library, so it
is possible to write your own fixers for 2to3. lib2to3 could also be adapted
to custom applications in which Python code needs to be edited automatically.
This tool is necessary for fail2ban package because of issue
https://github.com/openwrt/packages/issues/17311https://github.com/openwrt/packages/pull/17341
Simple 2to3.py script from Debian, thanks to Matthias Klose <doko@ubuntu.com>
From: https://salsa.debian.org/cpython-team/python3-defaults
Co-authored-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Removed patches:
* 027-bpo-43158-Use-configure-values-for-building-_uuid-ex.patch
Already merged.
* 029-disable-deprecation-warning.patch
Packages should be patched/fixed to remove the use of distutils
instead of disabling this warning.
Also:
* Updates PKG_LICENSE to use the correct SPDX license identifier
* Fixes build for mipsel_24kc_24kf
Fixes https://github.com/openwrt/packages/issues/17217.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fixes for:
* CVE-2021-44716: unbounded growth of HTTP/2 header canonicalization
cache
* CVE-2021-44717: syscall.ForkExec error can close file descriptor 0
Added patches:
* 001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch:
https://github.com/golang/go/pull/49748 backported for Go 1.17,
this removes the requirement for the gold linker when building Go
programs that use Go plugins on arm/arm64
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When cURL is built with OpenSSL as backend SSL/TLS library,
pecl_http's configure tries to detect whether TLS 1.3 ciphers
are enabled. This does not work when cross-compiling so let's
pass it based on OpenSSL build configuration.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Active support for PHP 7.4 branch ended a few days ago.
Since we have PHP 8.x in the repository for a while
and we migrated all PECL extension packages already,
let's focus on that newer version and drop support for 7.4.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The functionality of this package - or at least similar one -
was meanwhile included in PHP8.
This package was mostly included as dependency for HTTP PECL package,
so it is not needed anymore and thus can be dropped.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This package is not compatible with PHP8 and seems to be not maintained
upstream anymore. Let's drop it.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Only a newer version of upstream includes support for PHP8, so while
migrating we need to update to latest upstream version.
We also need to adjust dependencies since JSON is now always integrated
not longer available as dedicated package.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Also update patches and remove obsolete ones.
We also need to add one to prevent mod_php to be enabled
by apxs in configuration file.
While at, remove the VARIANT setting for pecl extensions.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Relevant changes:
* quoted data urls which are not base64 encoded keep their spaces now
* accept bytes and text as input. All other types now raise a TypeError
* update python & gcc support
* python version will only accept the C implementation if the versions
match exactly. This should prevent using older installed C versions.
Along with the version bump:
- update maintainer email address
- use $(AUTORELEASE)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
What's Changed:
Fixed:
- Add missing trailing newline before adding new entry with set_key
by @bbc2 in #361
Signed-off-by: Javier Marcet <javier@marcet.info>
Django 1.x is not compatible with python 3.10.
Mark the package as BROKEN. Since its dependent packages will also
select it, they will need to be marked BROKEN as well to avoid recursive
dependencies--packages not marked as BROKEN will be able to select the
broken package.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
There's been a bit of overlapping opinions on some of these packages.
The best thing to do here is to reduce ownership and relinquish my
control.
This patch does that.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Manually re-applied:
008-distutils-use-python-sysroot.patch
016-adjust-config-paths.patch
Drop patch: 003-do-not-run-distutils-tests.patch
There is now a configure option '--disable-test-modules'
And seems we left the '_ctypes_test' around for quite some time.
Dropped now.
Refs:
https://bugs.python.org/issue27640https://bugs.python.org/issue43282
Drop patch: 013-getbuildinfo-date-time-source-date-epoch.patch
Python build honors SOURCE_DATE_EPOCH pretty well now.
Drop setuptools patches. Setuptools should be reproducible with Python 3.6+
according to a mention here:
https://github.com/pypa/setuptools/pull/1690#issuecomment-536517456
It's time to let upstream fix Setuptools reproduce-ability.
Drop patch: 010-do-not-add-rt-lib-dirs-when-cross-compiling.patch
I can't seem to fully remember why it's there.
And it seem to build fine without it.
Drop patch: 015-abort-on-failed-modules.patch
Python build supports a similar PYTHONSTRICTEXTENSIONBUILD=1 env-var
option.
Add patch: 026-openssl-feature-flags.patch
We need to keep this in our tree for a while.
See:
https://bugs.python.org/issue45627
Backport patch: 027-bpo-43158-Use-configure-values-for-building-_uuid-ex.patch
Link: https://github.com/python/cpython/pull/29353
Fixes the build for uuid C module.
Add patch: 028-host-python-support-ssl-with-libressl.patch
We need the _ssl module working on the host-side with LibreSSL for pip to
work to download from https://pypi.org
Refs: https://github.com/openwrt/openwrt/pull/4749
Add patch: 029-disable-deprecation-warning.patch
Fixes apparmor build. The warning causes a configure error.
Refreshed the rest of patches.
Some old build-flags were removed. They don't seem to be necessary anymore.
Split python3-uuid from python3-light. To better manage the libuuid library
(if needed). Also, fixing the uuid C module build. Seems this was failing,
and was falling back to using hashlib.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Contains fixes for:
* CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
accesses a memory location after the end of a buffer
* CVE-2021-41772: archive/zip Reader.Open panic via a crafted ZIP
archive containing an invalid name or an empty filename field
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Details:
- Cleaned up whitespace and removed comments (refer to official PHP documentation for that)
- Removed directives that no longer exist as of PHP 8.0.12
- Added newly existing directives commented out
- Added '~E_DEPRECATED' to 'error_reporting'
Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
Details:
- Cleaned up whitespace and removed comments (refer to official PHP documentation for that)
- Removed directives that no longer exist as of PHP 7.4.25
- Added '~E_DEPRECATED' to 'error_reporting'
Directives removed that no longer exist as of PHP 7.4.25:
- zend.ze1_compatibility_mode
- y2k_compliance
- register_globals
- register_long_arrays
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase
- always_populate_raw_post_data
Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
(cherry picked from commit 7e45ad87f3)
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This is the latest version, which still has support for PHP 7.x.
It's an intermediate step in the transition to PHP 8.x.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This PR prepares PHP for a few minor changes that cause PHP builds to fail when using --enable-intl with ICU 70.1.
Change UBool to bool for equality operators in ICU >= 70.1
https://github.com/php/php-src/pull/7596
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This PR prepares PHP for a few minor changes that cause PHP builds to fail when using --enable-intl with ICU 70.1.
Change UBool to bool for equality operators in ICU >= 70.1
https://github.com/php/php-src/pull/7596
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
The module will be available, once php8 is selected, at the same place
as the other apache modules.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Update to the newest versions and switch to $(AUTORELEASE) for the python3 packages (where I am the maintainer).
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
October 12th 2021 Security Releases:
HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)
HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This is a minor update, which officially supports Python 3.8, and
removes Python 2 code, among several bugfixes.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Features:
- Add cap_add and cap_drop parameters to service create and
ContainerSpec
- Add templating parameter to config create
Bugfixes:
- Fix getting a read timeout for logs/attach with a tty and slow
output
Miscellaneous:
- Fix documentation examples
Signed-off-by: Javier Marcet <javier@marcet.info>
What's Changed
- CHANGELOG.md: Fix typos discovered by codespell by @cclauss in #350
- Add Python 3.10 support by @theskumar in #359
Signed-off-by: Javier Marcet <javier@marcet.info>
Includes fix for CVE-2021-38297 (passing very large arguments to WASM
module functions can cause portions of the module to be overwritten).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Commit 3da874371 ("libsodium: include ed25519_core in minimal build")
broke the build of PyNaCl. Add patch to always include all ed25519
functions which are now always covered even if libsodium is built with
the MINIMAL option.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When running FindStdlib and running DependsCheckHostPipVersionMatch at
the same time, both commands were joined together resulting in a syntax
error.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Bluetooth support requires bluez-libs present, but they are only required
for the build, and don't seem to be needed to be present on the target.
There isn't any linking required to libbluetooth. It's only the bluetooth.h
header that is required for building BT support into Python.
For testing, this snippet was used from `Lib/test/test_socket.py` (inside
cpython):
```
def _have_socket_bluetooth():
"""Check whether AF_BLUETOOTH sockets are supported on this host."""
try:
# RFCOMM is supported by all platforms with bluetooth support. Windows
# does not support omitting the protocol.
s = socket.socket(socket.AF_BLUETOOTH, socket.SOCK_STREAM, socket.BTPROTO_RFCOMM)
except (AttributeError, OSError):
return False
else:
s.close()
return True
```
Fixes: https://github.com/openwrt/packages/issues/16544
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Without -ldl linker flag .so extensions are not loaded
when glibc is used. Fix it by providing adjusted LDFLAGS
for this case.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Without -ldl linker flag .so extensions are not loaded
when glibc is used. Fix it by providing adjusted LDFLAGS
for this case.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Changed:
- Require Python 3.5 or a later version. Python 2 and 3.4 are no
longer supported
- Raise ValueError if quote_mode isn't one of always, auto or never
in set_key
- When writing a value to a .env file with set_key or dotenv set
<key> <value>
Added:
- The dotenv_path argument of set_key and unset_key now has a type of
Union[str, os.PathLike] instead of just os.PathLike
Signed-off-by: Javier Marcet <javier@marcet.info>
Hirokazu MORIKAWA