Make the python-jinja2/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Make the python-yaml/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is a security release
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.22.2 (released 2024-04-03) includes a security fix to the
net/http package, as well as bug fixes to the compiler, the
go command, the linker, and the encoding/gob, go/types,
net/http, and runtime/trace packages.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.2
Find out more:
https://github.com/golang/go/issues?q=milestone%3AGo1.22.2
Signed-off-by: Shi JiaYang <shi05275@163.com>
Relevant changes since previous 3.9.13:
- FIXED: Fix crash serializing str introduced in 3.9.11
- FIXED: Implement recursion limit of 1024 on orjson.loads()
- FIXED: Use byte-exact read on str formatting SIMD path to avoid crash
- Build now depends on Rust 1.72 or later
- Support serializing numpy.float16 (numpy.half)
- sdist uses metadata 2.3 instead of 2.1
- Improve Windows PyPI builds
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Go 1.22.1 contains the following security fixes:
- CVE-2024-24783:
crypto/x509: Verify panics on certificates with an unknown public key
algorithm
- CVE-2023-45290
net/http: memory exhaustion in Request.ParseMultipartForm
- CVE-2023-45289
net/http, net/http/cookiejar: incorrect forwarding of sensitive headers
and cookies on HTTP redirect
- CVE-2024-24785
html/template: errors returned from MarshalJSON methods may break
template escaping
- CVE-2024-24784
net/mail: comments in display names are incorrectly handled
https://go.dev/doc/devel/release#go1.22.1https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Added a third bootstrap stage since go1.22 (and onwards) requires
at least go1.20.14 to build.[1]
[1]: https://go.dev/doc/go1.22#bootstrap
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
go1.21.6 (released 2024-01-09) includes fixes to the compiler,
the runtime, and the crypto/tls, maps, and runtime/pprof packages.
go1.21.7 (released 2024-02-06) includes fixes to the compiler,
the go command, the runtime, and the crypto/x509 package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Most packages already use https URLs and for PHP and PECL
package downloads https is working properly.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
python-paho-mqtt is licensed under EPL-2.0, not EPL-1.0, since version
1.6.0 and
fabe7500fb
While at it, add LICENSE.txt to PKG_LICENSE_FILES
Fixes: 784f2a519b (python-paho-mqtt: bump to version 1.6.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
b3b0cc8 version 0.2.2
85515cd roidmi: initial support for NEX2 Pro
62addc2 isort imports
8695649 README: update other govee to govee_ht
33f6ade ruuvitag: remove device class for counter
2099607 Rename key govee->govee_ht
12acacd codestyle updates
dbba43d ruuvitag: drop redundant import
84878e0 base: add and use HumidityTemperatureSensor
e9f0046 xiaomi_lywsd03_atc: make send_custom a class variable
2f4809a base: use lowercase for instance variable
5b1af17 govee: add manufacturer
7891691 ruuvitag: add manufacturer
cfd799b ruuvitag: remove inheritance from SubscribeAndSetDataMixin
7be28a1 codestyle updates
bffcf5e Add Govee H5074 temperature/humidity sensor support (#77)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
Relevant changes since 3.9.10:
- Improve performance of serializing. str is significantly faster. Documents
using dict, list, and tuple are somewhat faster.
- FIXED: Minimal musllinux_1_1 build due to sporadic CI failure.
Signed-off-by: Timothy Ace <openwrt@timothyace.com>
- Fix the behavior of enum in the presence of 0 or 1 to properly
consider True and False unequal.
- Special case the error message for {min,max}
{Items,Length,Properties} when they're checking for emptiness rather
than true length.
Signed-off-by: Javier Marcet <javier@marcet.info>
https://github.com/numpy/numpy/releases
NumPy 1.26.2 Release Notes
NumPy 1.26.2 is a maintenance release that fixes bugs and regressions
discovered after the 1.26.1 release. The 1.26.release series is the last
planned minor release series before NumPy 2.0. The Python versions
supported by this release are 3.9-3.12.
Signed-off-by: Andy Syam <privasisource@gmail.com>
Dependency introduced by 21094e67cf
and
3c1fac9773
(And only for python versions below 3.12.)
Fixes: 64fa106 (python3-bleak: bump version to 0.21.1)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
- ENHANCEMENTS:
- Refactor distro.info() method to return an InfoDict
- Ignore the file '/etc/board-release'
- Ignore the file '/etc/ec2_version'
- RELEASE:
- Run Python 3.6 on Ubuntu 20.04 for CI and bump isort
- TESTS:
- Test on modern versions of CPython and PyPy and macOS
- Add support for ALT Linux Server 10.1 distribution
- Add Debian Testing to the tests
- Update archlinux resource for tests
Signed-off-by: Javier Marcet <javier@marcet.info>
Upgrade Notes:
- Removed SSL version (ssl_version) and explicit hostname check
(assert_hostname) options
- assert_hostname has not been used since Python 3.6 and was
removed in 3.12
- Python 3.7+ supports TLSv1.3 by default
- Websocket support is no longer included by default
- By default, docker-py hijacks the TCP connection and does not use
Websockets
- Websocket client is only required to use attach_socket(container,
ws=True)
- Python 3.7 no longer officially supported (reached end-of-life June
2023)
Features:
- Python 3.12 support
- Full networking_config support for containers.create()
- Replaces network_driver_opt (added in 6.1.0)
- Add health() property to container that returns status (e.g.
unhealthy)
- Add pause option to container.commit()
- Add support for bind mount propagation (e.g. rshared, private)
- Add filters, keep_storage, and all parameters to prune_builds()
(requires API v1.39+)
Bugfixes:
- Consistently return docker.errors.NotFound on 404 responses
- Validate tag format before image push
Miscellaneous:
- Upgraded urllib3 version in requirements.txt (used for
development/tests)
- Documentation typo fixes & formatting improvements
- Fixed integration test compatibility for newer Moby engine versions
- Switch to ruff for linting
Signed-off-by: Javier Marcet <javier@marcet.info>
- Renamed `mask` variable in ABNF to prevent name collision with
`mask()` function (9b51f73)
- Fixed old http import of HTTPStatus in _handshake.py (9b51f73)
- Add `send_text()` and `send_bytes()` to _app.py
- Improved typehint support (9b51f73, 8b73d00)
- General readability improvements, made all string concatenations
use f-strings (780584f, 3eabc6e)
- Applied black formatting style to code (da7f286)
Signed-off-by: Javier Marcet <javier@marcet.info>
Users might configure their own env variables on the host, and sometimes
it can lead build failure or unexpected behavior.
Fixes: #22889
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Some code refactoring has been done since 3.2.0 that
bufio.lua no longer exists, libeco.so and bufio.so have been added.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
41.0.6 included a fix for CVE-2023-49083 (loading certificates from a
PKCS#7 bundle could lead to a null-pointer-dereference and segfault).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also includes a test.sh script for the packages feed CI.
From the README:
When writing desktop application, finding the right location to store
user data and configuration varies per platform. Even for
single-platform apps, there may by plenty of nuances in figuring out the
right location.
This kind of thing is what the platformdirs package is for.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
JSON support files from the JSON Schema Specifications (metaschemas,
vocabularies, etc.), packaged for runtime access from Python as a
referencing-based Schema Registry.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
removed some sources to download perl. I believe I only need one source to download perl at https://www.cpan.org/src/5.0. I see some Linux distributions use that source to download.
change the position of PKG_MAINTAINER to make it neater and prettier
perform a patch refresh
removes some patches that have been applied in perl-5.38.0 as well as patches that are no longer used in perl-5.38.0
added one patch Perl/perl5@ba6e2c3 this fixes the issue regcomp*.c, regexec.c - fixup regex engine build under -Uusedl
provided updates and synchronized libc.config base.config version.config to perl-5.38.0
removed deprecated arybase in perl-5.29.4
Signed-off-by: Andy Syam <privasisource@gmail.com>
From the README:
pipx is a tool to help you install and run end-user applications written
in Python. It's roughly similar to macOS's brew, JavaScript's npx, and
Linux's apt.
It's closely related to pip. In fact, it uses pip, but is focused on
installing and managing Python packages that can be run from the command
line directly as applications.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
Argcomplete provides easy, extensible command line tab completion of
arguments for your Python application.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fixes for CVE-2023-45283 and CVE-2023-45284 (path/filepath:
insecure parsing of Windows paths).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Removed 050-py-stackctrl-fix-gcc-13.patch as it has been merged in the
new version.
This also:
* Add STRIP= (empty value) to skip micropython's stripping step, letting
the OpenWrt build system control stripping.
* Add a workaround for "variable might be clobbered" warning leading to
build error on riscv64
(https://github.com/micropython/micropython/issues/12838).
* Change Build/InstallDev to install host tools into an unversioned
directory, and update micropython-lib to use the unversioned path.
There is no need to keep available multiple versions of the host
tools.
* Add a test.sh script for the packages feed CI.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the package to mpremote and moves it into utils, as this is
a command-line utility and not a Python/MicroPython library.
This also adds a test.sh script for the packages feed CI.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
0001-Allow-profile-to-be-set-by-SETUPTOOLS_RUST_CARGO_PROFILE-env-variable.patch
has been merged in this version.
This also updates the list of dependencies for the package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
This is a tool for managing a recorded version number in
setuptools-based python projects. The goal is to remove the tedious and
error-prone "update the embedded version string" step from your release
process. Making a new release should be as easy as recording a new tag
in your version-control system, and maybe making new tarballs.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
node.js version 20.x is now active LTS.
mipsel (pistachio) is no longer supported.
Due to build difficulties, libuv shared libraries are not used.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This renames the source package to python-pyodbc to match other Python
packages.
This also updates the unixodbc dependency to libodbc, updates the
package title and description, and adds a test.sh script for the
packages feed CI.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
4.0.36 included a change to decimal parsing[1] that requires the decimal
module. Trying to load the pyodbc module without python3-decimal
installed would lead to a segmentation fault.
This adds python3-decimal as a dependency.
This also adds python3-uuid as a dependency as the module can accept and
return uuid objects[2].
[1]: 6b107a2bca
[2]: 2ad7a9ced7
Fixes: f02f3ee8c7 ("pyodbc: Update to 4.0.39")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
setuptools provides a local copy of distutils and when building a C
extension, this distutils will add the target LIBDIR (/usr/lib) to the
list of library paths.
If the build system has a libpython3.11.so in /usr/lib, then the linker
will try to link to this shared library and fail.
This adapts 008-distutils-use-python-sysroot.patch for host setuptools
to add the correct library directory.
Fixes: https://github.com/openwrt/packages/issues/22330
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Currently, rust fails to build for mipsel_24kc+24kf with "opcode not
supported on this processor: mips1 (mips1)" errors when building
libunwind.
Because mipsel_24kc+24kf is hard-float, a certain section of
src/llvm-project/libunwind/src/UnwindRegistersRestore.S is selected to
be compiled; the instructions in this section require MIPS II.
mipsel_24kc+24kf is compiled for MIPS32 Release 2 (MIPS32 is based on
MIPS II), but the C flags used to select this architecture were not
passed to the rust bootstrap (to be passed back to gcc).
This passes the C flags to rust bootstrap to fix this compile error.
This also adds PKG_BUILD_FLAGS:=no-mips16 as attempting to generate
MIPS16 code leads to a different compile error.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The rust bootstrap downloads files into a "tmp" directory then moves the
files into the "cache" directory using std::fs::rename. There are no
issues in the original/unpatched case as "tmp" and "cache" are
subdirectories in the build directory ($(HOST_BUILD_DIR)/build) and so
are nearly guaranteed to be on the same filesystem.
35768bf31e changed where files are
saved/cached (in $(DL_DIR)/rustc). If HOST_BUILD_DIR and DL_DIR are on
separate filesystems, then using std::fs::rename to move the files will
fail.[1]
This updates 0002-rustc-bootstrap-cache.patch to account for this case,
i.e. if std::fs::rename fails, fall back to copying the file then
removing the original.
[1]: https://github.com/openwrt/packages/pull/22457
Fixes: 35768bf31e ("rust: Cache bootstrap downloads to $(DL_DIR)/rustc")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
001-pyproject-hooks-pyc-fix.patch and 002-pip-runner-pyc-fix.patch are
redone to use source files if they are present.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-44487: nghttp2 Security Release (High) (Depends on shared library provided by OpenWrt)
* CVE-2023-45143: undici Security Release (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Patch the target triple for Rust with glibc to include hard floating
point support.
The GNU target triple used elsewhere does not include hard float support,
instead `-mfloat-abi=hard` is passed separately. For Rust it must be
included in the target triple. This was already being done for musl,
this commit adds the same patching for glibc.
Without this patch Rust compilation fails with an error like this
(abbreviated to fit the line length):
ld: error: libstd.so uses VFP register arguments, ... does not
ld: failed to merge target specific data of file ...
Signed-off-by: Drew Young <dyoung@viridiparente.com>
Includes fix for CVE-2023-39325 (net/http, x/net/http2: rapid stream
resets can cause excessive work).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Notable Changes
This release addresses some regressions that appeared in Node.js 18.18.0:
(Windows) FS can not handle certain characters in file name #48673
18 and 20 node images give error - Text file busy (after re-build images) nodejs/docker-node#1968
libuv update in 18.18.0 breaks webpack's thread-loader #49911
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
- 1.6.4
- Add support for HTTP 307 and 308 redirect codes
- 1.6.3
- Fix type hints issues
- Add support for Python beta release 3.12 in CI
- Add maintainer email in setup.py
Signed-off-by: Javier Marcet <javier@marcet.info>
Python packages that use maturin to build do not call the maturin
program directly; they use the maturin build backend[1]. This build
backend is a Python library provided with maturin that interfaces with
the maturin program.
This changes the maturin package to use the Python build process so that
the build backend is installed correctly.
This also renames the source package to python-maturin and moves it into
the lang/python directory.
[1]: https://www.maturin.rs/#source-distribution
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a patch (submitted upstream in
https://github.com/PyO3/setuptools-rust/pull/364), to read the profile
to pass to cargo from an environment variable.
This also updates the Python include files to set the environment
variable based on values from rust-values.mk.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Using sccache makes recompilation of rustc and Rust packages faster.
This also makes the rust package visible in menuconfig, in order for the
sccache options to be accessible.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This allows cargo to use make's jobserver when building packages, by
marking the cargo command as recursive (with the + prefix[1]) and
setting MAKEFLAGS.
This also:
* Give cargo/x.py the build directory instead of having to change the
current directory (and opening subshells)
* Set PKG_BUILD_PARALLEL/HOST_BUILD_PARALLEL for Rust packages to enable
the use of make's jobserver
[1]: https://www.gnu.org/software/make/manual/html_node/POSIX-Jobserver.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This consolidates all environment variables for cargo into:
* CARGO_HOST_CONFIG_VARS / CARGO_PKG_CONFIG_VARS
These contain all cargo-specific environment variables, i.e. without
"common" variables like CC.
* CARGO_HOST_VARS / CARGO_PKG_VARS (renamed from CARGO_VARS)
These contain all environment variables to be passed to cargo.
This also:
* Set the CARGO_BUILD_TARGET environment variable instead of using the
--target command-line option
* Update Python include files to use CARGO_HOST_CONFIG_VARS /
CARGO_PKG_CONFIG_VARS
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jianhui Zhao