Commit Graph

2280 Commits

Author SHA1 Message Date
Michael Heimpold 3cf0c61f2e php7: update to 7.2.27
This fixes:
  - CVE-2020-7059
  - CVE-2020-7060

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2020-02-07 21:09:24 +01:00
Jan Pavlinec 268ea7a78c python-importlib-metadata: add new package
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-02-06 10:34:41 +01:00
Jeffery To 1d7cda2edc golang: Improve build isolation from user environment
* Set GOENV=off when building Go compiler and packages, to ignore user's
  environment configuration file
* Set GOCACHE when building host Go
* Unset GOTMPDIR, to use the buildroot temp directory instead of temp
  directories in build_dir

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 3b5f1c73fb)
2020-02-04 04:16:17 +08:00
Jeffery To 9a792f41c9 golang: Update to 1.13.7, add PKG_CPE_ID to Makefile
This update includes fixes for[1]:
* CVE-2020-7919 - doesn't appear to be published publicly yet
* CVE-2020-0601 - a Windows-related issue

[1]: https://github.com/golang/go/issues?q=milestone%3AGo1.13.7+label%3ACherryPickApproved

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 0dc4fa6efb)
2020-02-03 05:02:27 +08:00
Rosen Penev cff7a04a6a Merge pull request #11176 from jefferyto/python-fix-float-byte-order-openwrt-19.07
[openwrt-19.07] python,python3: Fix float byte order detection
2020-01-30 16:27:49 -08:00
Eneas U de Queiroz 36a1c0c5ae python-certify: bump to 2019.11.28
This is a regular Mozilla CA bundle update.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c799f2a913)
2020-01-30 14:59:51 -03:00
Jeffery To ad50eb7c0a python3: Fix float byte order detection
This backports patches from bpo-34585[1] to fix byte order detection of
floats.

Fixing byte order detection allows the repr() of floats to be
shorter[2]. sys.float_repr_style should be 'short' instead of 'legacy'
on supported platforms.

See #11134.

[1]: https://bugs.python.org/issue34585
[2]: https://docs.python.org/3.8/whatsnew/3.1.html#other-language-changes

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-01-30 19:12:25 +08:00
Jeffery To a76dd0635c python: Fix float byte order detection
This backports patches from bpo-34585[1] to fix byte order detection of
floats.

Fixing byte order detection allows the repr() of floats to be shorter (a
feature backported to Python 2.7 from Python 3.1[2]).
sys.float_repr_style should be 'short' instead of 'legacy' on supported
platforms.

See #11134.

[1]: https://bugs.python.org/issue34585
[2]: https://docs.python.org/2.7/whatsnew/2.7.html#python-3-1-features

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from a0da5aec7f)
Omitted PKG_RELEASE change
2020-01-30 19:07:37 +08:00
Rosen Penev 30d0c2ee0f python: Replace utime with utimes
Optionally fixes compilation with uClibc-ng.

Based on the surrounding code, this looks like an oversight.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

(cherry picked from 608df65a62)
Adjusted PKG_RELEASE
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-01-30 19:04:39 +08:00
Rosen Penev 9cb0c7f4a0 Merge pull request #10990 from BKPepe/django-19.07
[OpenWrt 19.07] django: update to version 1.11.27
2020-01-22 18:41:20 -08:00
Jeffery To 2dbc88762c golang: Update to 1.13.6
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-01-15 01:26:40 +08:00
Jeffery To fdd202bd1e golang: Fix selection of GOARM value
This fixes how GOARM is selected for arm platforms, based on support for
VFP/VFPv3 rather than CPU version.

Fixes #10967.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-01-15 00:58:28 +08:00
Josef Schlehofer a50eeb01fc django: update to version 1.11.27
Fixes: CVE-2019-19844

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-01-11 23:15:13 +01:00
Alexandru Ardelean e847333d15 python,python3: split python[3]-pkg-resources from setuptools
This package is required by other packages to run some binaries via
`load_entry_point`.

So, this splits this package away from setuptools.
setuptools is pretty big, akd pkg-resources is also big, but not as big.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

(cherry picked from commit ed0e77f3c3)
Reference to discussion at
https://github.com/openwrt/packages/commit/c61579b564a3877235d74684b1a75915d77e42a9#commitcomment-36665837
Adjusted python PKG_RELEASE items to current situation
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2020-01-10 18:57:16 +02:00
Jeffery To fc313e772b golang: Format TARGET_LDFLAGS for gcc
go invokes the external linker by calling gcc, so -zxxx options in
TARGET_LDFLAGS (in golang-package.mk) need to be formatted as -Wl,z,xxx.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from dbd6f224c3)
2019-12-29 18:51:15 +08:00
Daniel F. Dickinson bcdb9d00a5 passlib: Update passlib to 1.7.2
Relevant bits of upstream changelog

New Features

    argon2: Support more hashes
    scrypt: Now uses python 3.6 stdlib’s hashlib.scrypt() as backend, if present (issue 86).

Bugfixes

    Python 3.8 compatibility fixes
    passlib.apache.HtpasswdFile: improve compatibility with Apache 2.4's htpasswd
    passlib.totp: fix some compatibility issues with older TOTP clients (issue 92)
    Fixed error in argon2.parsehash() (issue 97)

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
2019-12-27 14:06:39 -05:00
Jeffery To db9a8a1e74 golang: Fix ldflags when GO_PKG_LDFLAGS is set
go build/install supports multiple -ldflags arguments, but they are not
combined; for each package, the latest match on the command line is
used.[1]

Previously, the main executable would not be affected by the default
ldflags if GO_PKG_LDFLAGS or GO_PKG_LDFLAGS_X were set. (The default
ldflags instructs go to use the external linker.)

This fixes golang-package.mk so that the default ldflags take effect in
all cases.

[1]: https://golang.org/cmd/go/#hdr-Compile_packages_and_dependencies

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 4827bc7509)
2019-12-26 21:09:01 +08:00
Josef Schlehofer c5d6ffaf1c python3: Updated to version 3.7.6
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-12-21 14:35:31 +01:00
Michael Heimpold 13de8da3b3 php7: update to 7.2.26
This fixes:
  - CVE-2019-11046
  - CVE-2019-11044
  - CVE-2019-11045
  - CVE-2019-11050
  - CVE-2019-11047

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit d5c18b1d5e)
2019-12-18 21:23:12 +01:00
Josef Schlehofer c1dd9499b1 golang: Update to 1.13.5
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 791729cfc06ab6608018c15ce84d7f6e37ba3f5a)
2019-12-09 23:28:07 +01:00
Jan Pavlinec b88b43dd12 python-more-itertools: add new package
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from 4bade3b2f7)
2019-12-06 15:41:53 -08:00
Matthias Schiffer 03b412db2e luasrcdiet: add package (moved from luci-base package)
We use luasrcdiet in Gluon as well. Move it from the luci feed to packages.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 46d68b8699)
2019-11-26 19:52:28 +01:00
Rosen Penev d0e97caca6 Merge pull request #10631 from jefferyto/python-pyopenssl-19.1.0-openwrt-19.07
[openwrt-19.07] python-pyopenssl: Update to 19.1.0
2019-11-25 11:14:29 -08:00
Josef Schlehofer 4a82137613 php7: Update to version 7.2.25
- Fixes CVE-2019-11043

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9bc48abd2a)
2019-11-24 22:04:15 +01:00
W. Michael Petullo 36358e7e38 php7: mark /etc/config/php7-fastcgi as conffile
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 5bc9bb04c5)
2019-11-24 22:03:41 +01:00
Michael Heimpold 3be4577ee9 php7-mod-xmlreader: add conditional dependency to php7-mod-dom (fixes #10201)
PHP7 fails to load xmlreader.so (php7-mod-xmlreader) module without
dom.so (php7-mod-dom) module loaded:

-snip-
PHP Warning:  PHP Startup: Unable to load dynamic library 'xmlreader.so'
 (tried: /usr/lib/php/xmlreader.so (Error relocating /usr/lib/php/xmlreader.so:
 dom_node_class_entry: symbol not found), /usr/lib/php/xmlreader.so.so (Error
 loading shared library /usr/lib/php/xmlreader.so.so: No such file or
 directory)) in Unknown on line 0
^C
-snap-

However, this dependency only exists when during build also php7-mod-dom
is selected.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit b8c22fc1ec)
2019-11-24 22:03:11 +01:00
Stefaan Ghysels 7aadc71300 php7: bump to 7.2.23
Signed-off-by: Stefaan Ghysels <stefaang@gmail.com>
(cherry picked from commit dacda44755)
2019-11-24 22:02:30 +01:00
Jeffery To fc33728724 python-pyopenssl: Update to 19.1.0
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from aff03aee1f)
2019-11-25 04:40:19 +08:00
Alexandru Ardelean 2969a1842d django: bump to version 1.11.26
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2019-11-19 10:49:50 +02:00
Rosen Penev 41503554d0 Merge pull request #10577 from jefferyto/python-zope-interface-4.7.1-openwrt-19.07
[openwrt-19.07] python-zope-interface: Update to 4.7.1, refresh patch
2019-11-17 18:11:45 -08:00
Rosen Penev 209ecba6be Merge pull request #10575 from jefferyto/python-twisted-19.10.0-openwrt-19.07
[openwrt-19.07] python-twisted: Update to 19.10.0, refresh patches
2019-11-17 18:11:27 -08:00
Jeffery To 1f417d7ed0 python-zope-interface: Update to 4.7.1, refresh patch
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 5e8feda04a)
2019-11-18 04:49:46 +08:00
Jeffery To 87ccd3ddbd python-twisted: Update to 19.10.0, refresh patches
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from c56770a570)
2019-11-18 04:35:45 +08:00
Jeffery To 7504b410a6 python-pyasn1: Update to 0.4.8
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from b99abe8dd8)
2019-11-18 04:07:32 +08:00
Jeffery To daebf4aba9 python-six: Update to 1.13.0
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 5be603a836)
2019-11-11 18:39:36 +08:00
Josef Schlehofer aa4c5e7de6 Revert "Revert "perl-www-curl: curl 7.66.0 compatibility""
This is required as curl 7.66.0 was cherry-picked to openwrt-19.07 3
days ago. Otherwise, compilation of perl-www-curl fails.

This reverts commit ec6cd9b9c3.
2019-11-10 20:40:19 +01:00
Josef Schlehofer a6f026ff5b python-zipp: fix python-more-itertools dependency
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit 426ed75dbe)
2019-11-10 18:30:30 +01:00
Jan Pavlinec 0faf7bfcc2 python-zipp: add new package
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from commit f0a79ca148)
2019-11-10 18:30:19 +01:00
Jakub Piotr Cłapa 91da56a942 perl: fixed host compilation of static perl on MacOS
All symbols on MacOS are prefixed with an underscore which
interfered with the filtering mechanism (added in perl 5.28)
for extension libraries to be linked into static perl.

Signed-off-by: Jakub Piotr Cłapa <jpc@loee.pl>
(cherry-picked from commit 3954356)
2019-11-10 18:28:23 +01:00
Rosen Penev ec6cd9b9c3 Revert "perl-www-curl: curl 7.66.0 compatibility"
This reverts commit 3d98d7fd05.

This was a bad backport.
2019-11-09 11:30:15 -08:00
Rosen Penev 16657121a1 Merge pull request #10458 from jefferyto/python-cffi-1.13.2-openwrt-19.07
[openwrt-19.07] python-cffi: Update to 1.13.2
2019-11-04 09:28:13 -08:00
Jeffery To e1d9652edc python-cffi: Update to 1.13.2
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from c21eee0df4)
2019-11-04 23:45:03 +08:00
Jeffery To 07835fc26e golang: Update to 1.13.4
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from 37facb63f5cc9906f4b32791b572506f68e0d79e)
2019-11-04 22:55:53 +08:00
Jeffery To 58ed21040c python,python3: Add PYPI_SOURCE_NAME to pypi.mk
This adds a new (optional) variable, PYPI_SOURCE_NAME, to pypi.mk.

For some PyPi packages (e.g. aiohttp_cors, click, django-compressor),
the name of the package and the source tarball name are slightly
different (usually by capitalisation or hyphen/underscore change).

This new variable is to make this difference explicit. PYPI_NAME is
meant for the "official" package name, whereas PYPI_SOURCE_NAME is meant
for the source tarball name.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry-picked from commit 1bacdd52f7)
2019-11-02 20:21:46 +01:00
Jeffery To 866b42c60e python,python3: Add pypi makefile
This adds pypi.mk, which can be included in Python packages that
download their sources from PyPI, to auto-fill various PKG_* variables
based on the value of PYPI_NAME.

This makefile should be included after $(TOPDIR)/rules.mk but before
$(INCLUDE_DIR)/package.mk (and $(INCLUDE_DIR)/host-build.mk).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry-picked from commit add4c42191)
2019-11-02 19:01:21 +01:00
Alexandru Ardelean 807c557cf9 django: bump to version 1.11.25
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit e9e687a1f1)
2019-10-30 23:16:57 +08:00
Alexandru Ardelean 4574e8fcb9 python-cffi: bump to version 1.13.1
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from dff2fe2963)
2019-10-30 05:49:55 +08:00
Luiz Angelo Daros de Luca 702c655874 ruby: update to 2.6.5
2.6.5 fixes:
* CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
* CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
* CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
* CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication

2.6.4 fixes:
* Multiple jQuery vulnerabilities in RDoc

Changelog: https://github.com/ruby/ruby/compare/v2_6_3...v2_6_5

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit d3d0c28149)
2019-10-27 16:09:43 -03:00
Alexandru Ardelean f18bc652c7 django-ranged-response: update packaging format + add python3 variant
This change also updates the maintainer email to cotequeiroz@gmail.com, as
requested on a different change.

Not updating deps here, since that will be done in the next changeset that
will convert packages to the Python[3] packaging format.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry-picked from commit 70ebc7a2f4)
2019-10-24 21:33:37 +02:00
Josef Schlehofer 629b8fb60e flup: add Python3 variant and src package
- Add PKG_LICENSE_FILES
- Reorder things in Makefile
- Add dependency python3-logging otherwise I cannot import
flup.server.ajp
flup.server.scgi

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry-picked from commit a5b2ba9b4d)
2019-10-23 15:34:59 +02:00