go1.23.5 (released 2025-01-16) includes security fixes to the
crypto/x509 and net/http packages, as well as bug fixes to the
compiler, the runtime, and the net package.
go1.23.6 (released 2025-02-04) includes security fixes to the
crypto/elliptic package, as well as bug fixes to the compiler
and the go command.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This is a security release.
Notable Changes
CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.23.4 (released 2024-12-03) includes fixes to the compiler, the
runtime, the trace command, and the syscall package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Dropped:
003-without-vendored-meson.patch
004-workaround-for-multiple-top-level-packages-discovered.patch
This time, we really need to use meson to build numpy.
And to make things more complicated, the 'vendored' meson package (that
comes with numpy) must be used. This is because they have some special
logic in there that's specific to numpy.
With this change, we also need to keep a special/internal
'openwrt-cross.txt.in' file, because cross-compiling numpy also requires
that a 'longdouble_format' property be added.
More details about this:
https://github.com/numpy/numpy/issues/23972https://github.com/numpy/numpy/blob/maintenance/2.2.x/doc/source/building/cross_compilation.rst
Removing quirk fix for x86_64 with detecting 'avx512f'.
This should work with the new meson stuff.
And finally, added a test.sh script.
This should make sure that this package works fine during upgrades.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
This backported patch is required to fix the build for loongarch64:
...
... loongarch64-openwrt-linux-musl/bin/ld.bfd: Zend/zend_fibers.o: in function `zend_fiber_init_context':
zend_fibers.c:(.text+0xb34): undefined reference to `getcontext'
... loongarch64-openwrt-linux-musl/bin/ld.bfd: zend_fibers.c:(.text+0xb38): undefined reference to `getcontext'
... loongarch64-openwrt-linux-musl/bin/ld.bfd: zend_fibers.c:(.text+0xb74): undefined reference to `makecontext'
... loongarch64-openwrt-linux-musl/bin/ld.bfd: zend_fibers.c:(.text+0xb78): undefined reference to `makecontext'
... loongarch64-openwrt-linux-musl/bin/ld.bfd: Zend/zend_fibers.o: in function `.L170':
zend_fibers.c:(.text+0xe34): undefined reference to `swapcontext'
...
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Relevant changes since previous 3.10.0:
- FIXED: Serializing numpy.ndarray with non-native endianness raises orjson.JSONEncodeError.
- FIXED: Fix int serialization on 32-bit Python 3.8, 3.9, 3.10. This was introduced in 3.10.8.
- Improve performance of serializing.
- Drop support for arm7.
- int serialization no longer chains OverflowError to the the __cause__ attribute of orjson.JSONEncodeError when range exceeded.
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
Ruby 3.3.6 is a routine update that includes minor bug fixes. It also
stops warning missing default gem dependencies that will be bundled gems
in Ruby 3.5.
Link: https://github.com/ruby/ruby/releases/tag/v3_3_6
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Upgrade Version 22.11.0 'Jod' (LTS)
Notable Changes
This release marks the transition of Node.js 22.x into Long Term Support (LTS) with the codename 'Jod'. The 22.x release line now moves into "Active LTS" and will remain so until October 2025. After that time, it will move into "Maintenance" until end of life in April 2027.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Hirokazu MORIKAWA