Make the python-yaml/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is a security release
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.22.2 (released 2024-04-03) includes a security fix to the
net/http package, as well as bug fixes to the compiler, the
go command, the linker, and the encoding/gob, go/types,
net/http, and runtime/trace packages.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.2
Find out more:
https://github.com/golang/go/issues?q=milestone%3AGo1.22.2
Signed-off-by: Shi JiaYang <shi05275@163.com>
Relevant changes since previous 3.9.13:
- FIXED: Fix crash serializing str introduced in 3.9.11
- FIXED: Implement recursion limit of 1024 on orjson.loads()
- FIXED: Use byte-exact read on str formatting SIMD path to avoid crash
- Build now depends on Rust 1.72 or later
- Support serializing numpy.float16 (numpy.half)
- sdist uses metadata 2.3 instead of 2.1
- Improve Windows PyPI builds
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Go 1.22.1 contains the following security fixes:
- CVE-2024-24783:
crypto/x509: Verify panics on certificates with an unknown public key
algorithm
- CVE-2023-45290
net/http: memory exhaustion in Request.ParseMultipartForm
- CVE-2023-45289
net/http, net/http/cookiejar: incorrect forwarding of sensitive headers
and cookies on HTTP redirect
- CVE-2024-24785
html/template: errors returned from MarshalJSON methods may break
template escaping
- CVE-2024-24784
net/mail: comments in display names are incorrectly handled
https://go.dev/doc/devel/release#go1.22.1https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Added a third bootstrap stage since go1.22 (and onwards) requires
at least go1.20.14 to build.[1]
[1]: https://go.dev/doc/go1.22#bootstrap
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
go1.21.6 (released 2024-01-09) includes fixes to the compiler,
the runtime, and the crypto/tls, maps, and runtime/pprof packages.
go1.21.7 (released 2024-02-06) includes fixes to the compiler,
the go command, the runtime, and the crypto/x509 package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Most packages already use https URLs and for PHP and PECL
package downloads https is working properly.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
python-paho-mqtt is licensed under EPL-2.0, not EPL-1.0, since version
1.6.0 and
fabe7500fb
While at it, add LICENSE.txt to PKG_LICENSE_FILES
Fixes: 784f2a519b (python-paho-mqtt: bump to version 1.6.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
b3b0cc8 version 0.2.2
85515cd roidmi: initial support for NEX2 Pro
62addc2 isort imports
8695649 README: update other govee to govee_ht
33f6ade ruuvitag: remove device class for counter
2099607 Rename key govee->govee_ht
12acacd codestyle updates
dbba43d ruuvitag: drop redundant import
84878e0 base: add and use HumidityTemperatureSensor
e9f0046 xiaomi_lywsd03_atc: make send_custom a class variable
2f4809a base: use lowercase for instance variable
5b1af17 govee: add manufacturer
7891691 ruuvitag: add manufacturer
cfd799b ruuvitag: remove inheritance from SubscribeAndSetDataMixin
7be28a1 codestyle updates
bffcf5e Add Govee H5074 temperature/humidity sensor support (#77)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
Relevant changes since 3.9.10:
- Improve performance of serializing. str is significantly faster. Documents
using dict, list, and tuple are somewhat faster.
- FIXED: Minimal musllinux_1_1 build due to sporadic CI failure.
Signed-off-by: Timothy Ace <openwrt@timothyace.com>
- Fix the behavior of enum in the presence of 0 or 1 to properly
consider True and False unequal.
- Special case the error message for {min,max}
{Items,Length,Properties} when they're checking for emptiness rather
than true length.
Signed-off-by: Javier Marcet <javier@marcet.info>
https://github.com/numpy/numpy/releases
NumPy 1.26.2 Release Notes
NumPy 1.26.2 is a maintenance release that fixes bugs and regressions
discovered after the 1.26.1 release. The 1.26.release series is the last
planned minor release series before NumPy 2.0. The Python versions
supported by this release are 3.9-3.12.
Signed-off-by: Andy Syam <privasisource@gmail.com>
Dependency introduced by 21094e67cf
and
3c1fac9773
(And only for python versions below 3.12.)
Fixes: 64fa106 (python3-bleak: bump version to 0.21.1)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
- ENHANCEMENTS:
- Refactor distro.info() method to return an InfoDict
- Ignore the file '/etc/board-release'
- Ignore the file '/etc/ec2_version'
- RELEASE:
- Run Python 3.6 on Ubuntu 20.04 for CI and bump isort
- TESTS:
- Test on modern versions of CPython and PyPy and macOS
- Add support for ALT Linux Server 10.1 distribution
- Add Debian Testing to the tests
- Update archlinux resource for tests
Signed-off-by: Javier Marcet <javier@marcet.info>
Upgrade Notes:
- Removed SSL version (ssl_version) and explicit hostname check
(assert_hostname) options
- assert_hostname has not been used since Python 3.6 and was
removed in 3.12
- Python 3.7+ supports TLSv1.3 by default
- Websocket support is no longer included by default
- By default, docker-py hijacks the TCP connection and does not use
Websockets
- Websocket client is only required to use attach_socket(container,
ws=True)
- Python 3.7 no longer officially supported (reached end-of-life June
2023)
Features:
- Python 3.12 support
- Full networking_config support for containers.create()
- Replaces network_driver_opt (added in 6.1.0)
- Add health() property to container that returns status (e.g.
unhealthy)
- Add pause option to container.commit()
- Add support for bind mount propagation (e.g. rshared, private)
- Add filters, keep_storage, and all parameters to prune_builds()
(requires API v1.39+)
Bugfixes:
- Consistently return docker.errors.NotFound on 404 responses
- Validate tag format before image push
Miscellaneous:
- Upgraded urllib3 version in requirements.txt (used for
development/tests)
- Documentation typo fixes & formatting improvements
- Fixed integration test compatibility for newer Moby engine versions
- Switch to ruff for linting
Signed-off-by: Javier Marcet <javier@marcet.info>
- Renamed `mask` variable in ABNF to prevent name collision with
`mask()` function (9b51f73)
- Fixed old http import of HTTPStatus in _handshake.py (9b51f73)
- Add `send_text()` and `send_bytes()` to _app.py
- Improved typehint support (9b51f73, 8b73d00)
- General readability improvements, made all string concatenations
use f-strings (780584f, 3eabc6e)
- Applied black formatting style to code (da7f286)
Signed-off-by: Javier Marcet <javier@marcet.info>
Users might configure their own env variables on the host, and sometimes
it can lead build failure or unexpected behavior.
Fixes: #22889
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Some code refactoring has been done since 3.2.0 that
bufio.lua no longer exists, libeco.so and bufio.so have been added.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
41.0.6 included a fix for CVE-2023-49083 (loading certificates from a
PKCS#7 bundle could lead to a null-pointer-dereference and segfault).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This also includes a test.sh script for the packages feed CI.
From the README:
When writing desktop application, finding the right location to store
user data and configuration varies per platform. Even for
single-platform apps, there may by plenty of nuances in figuring out the
right location.
This kind of thing is what the platformdirs package is for.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
JSON support files from the JSON Schema Specifications (metaschemas,
vocabularies, etc.), packaged for runtime access from Python as a
referencing-based Schema Registry.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
removed some sources to download perl. I believe I only need one source to download perl at https://www.cpan.org/src/5.0. I see some Linux distributions use that source to download.
change the position of PKG_MAINTAINER to make it neater and prettier
perform a patch refresh
removes some patches that have been applied in perl-5.38.0 as well as patches that are no longer used in perl-5.38.0
added one patch Perl/perl5@ba6e2c3 this fixes the issue regcomp*.c, regexec.c - fixup regex engine build under -Uusedl
provided updates and synchronized libc.config base.config version.config to perl-5.38.0
removed deprecated arybase in perl-5.29.4
Signed-off-by: Andy Syam <privasisource@gmail.com>
From the README:
pipx is a tool to help you install and run end-user applications written
in Python. It's roughly similar to macOS's brew, JavaScript's npx, and
Linux's apt.
It's closely related to pip. In fact, it uses pip, but is focused on
installing and managing Python packages that can be run from the command
line directly as applications.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the README:
Argcomplete provides easy, extensible command line tab completion of
arguments for your Python application.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fixes for CVE-2023-45283 and CVE-2023-45284 (path/filepath:
insecure parsing of Windows paths).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Marcus Folkesson