This also restores (and updates) a patch for pip that was removed
earlier but is still necessary.
Fixes: 7a756db002 ("python3: bump to version 3.10.9")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates 026-openssl-feature-flags.patch with a newer version from
OpenBSD[1].
This also adds 029-no-FIPS_mode.patch to patch out a call to
FIPS_mode(). LibreSSL 3.4 does not have a function definition for
FIPS_mode.
[1]: 26a04435bf/lang/python/3.10/patches/patch-Modules__hashopenssl_c
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds $(STAGING_DIR_HOST)/include/e2fsprogs to HOST_CFLAGS and
HOST_CPPFLAGS so that configure can find uuid/uuid.h.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 44fb4927f1,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
By default, the Python build process will add /usr/local/{lib,include},
and multiarch paths (e.g. /usr/{lib,include}/x86_64-linux-gnu) if
building on Debian/Ubuntu, to its library and includes paths.
006-remove-multi-arch-and-local-paths.patch was added in
84202f17e1 to stop the Python build
process from adding these paths.
006-remove-multi-arch-and-local-paths.patch was removed in
48277ec915.
006-do-not-add-multiarch-paths-when-cross-compiling.patch was added in
0c8b0b0bf7 to stop the Python build
process from adding these paths for target Python.
These paths are still added by the Python build process when building
host Python.
This replaces the cross-compiling-only patch with the original patch,
renamed slightly and adapted for Python 3.10.
Fixes: 48277ec915 ("python3: bump to version 3.8")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f006d0ea23,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When doing parallel builds, host Python can install the python3 symlink
before the Python standard library is installed completely.
When this occurs, it is possible for other packages to detect the
python3 symlink and try to use host Python before it is fully installed.
This adds a patch to make commoninstall (where the standard library is
installed) a prerequisite of bininstall (where the python3 symlink is
installed), so that commoninstall is fully completed before bininstall
begins.
Patch has been submitted upstream:
https://github.com/python/cpython/pull/104693
Fixes: https://github.com/openwrt/packages/issues/19241
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 67e47f1196)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The Makefile lines to add READELF to TARGET_CONFIGURE_OPTS was removed
in 4e05541782.
Without setting READELF, configure finds the symlink to
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-readelf) instead of
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-muslgnueabi-readelf).
This leads to the symlink name being saved to _sysconfigdata.py, and so
the readelf name is not replaced correctly (in
Py3Package/python3-base/install).
This restores the removed Makefile lines.
Fixes: 4e05541782 ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e1a9578635,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
003-do-not-run-distutils-tests.patch was removed in
4e05541782. This patch stopped "make
install" from, among other things, running compileall.
When this patch was removed, "make install" ran compileall as normal and
created bytecode files in __pycache__ directories. These files were then
packaged in python3-light.
This adds a patch to stop compileall from being run during "make
install".
Fixes: 4e05541782 ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8a4da01790,
adjusted PKG_RELEASE, refreshed patches)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Oversight from when the expat host build was removed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit d09844e395)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
old eventlet is not working well with python3.10
```
root@turris:~# python3
Python 3.10.9 (main, Feb 9 2023, 10:37:45) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import eventlet
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/__init__.py", line 17, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/convenience.py", line 7, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/socket.py", line 4, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/_socket_nodns.py", line 11, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/__init__.py", line 3, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/base.py", line 32, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/timeout.py", line 166, in wrap_is_timeout
TypeError: cannot set 'is_timeout' attribute of immutable type 'TimeoutError'
```
see 0.33.3 release notes for details - https://eventlet.net/doc/changelog.html#id1
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
(cherry picked from commit eb7275402e)
This release includes security fixes. Please check the topics below for
details.
- CVE-2023-28755: ReDoS vulnerability in URI
- CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some bug fixes. See the
https://github.com/ruby/ruby/releases/tag/v3_0_6 for further details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
The initial package submission was missing
some required and optional dependencies
due to lack of testing on a system without any python
related packages pre-installed.
Some optional but highly recommended dependencies
were discovered with the stdlib module as described in:
392a68e247/lang/python/README.mdFixes#20441
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
(cherry picked from commit 1f25be97b6)
Description:
Update to v16.20.0
Fixed a bug with system-icu.
Fixed a bug when selecting arm-fpu for vfpv3-d16.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Includes fix for CVE-2023-2453 (crypto/elliptic: specific unreduced
P-256 scalars produce incorrect results).
This also includes makefile updates for Go 1.19.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8677ed11e3)
go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages,
as well as bug fixes to the go command, the linker, the runtime,
and the crypto/x509, net/http, and time packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0cdd7b8c0e)
Thursday February 16 2023 Security Releases
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 6cd5a2c57f)
Refresh patches.
Bump setuptools to 65.5.0
Bump pip to 22.3.1
Removed patch: patches-pip/001-pep517-pyc-fix.patch
No longer needed as per:
fa4b2efbab
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Package does not currently build because of distutil dependency. Fix
this by updating to the latest version.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 4a16e5eb8c)
[do not use AUTORELEASE]
The old 2.python-requests.org URL is not reachable on modern browsers,
and is not the current canonical URL for the project. Update to the
current best URL for the project.
Signed-off-by: Karl Palsson <karlp@etactica.com>
(cherry picked from commit 4969de2bdf)
Go1.19.5 (released 2023-01-10) includes fixes to the compiler,
the linker, and the crypto/x509, net/http, sync/atomic,
and syscall packages.
Removed upstreamed patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5a25a731c6)
go1.19.4 (released 2022-12-06) includes security fixes to the net/http
and os packages, as well as bug fixes to the compiler, the runtime,
and the crypto/x509, os/exec, and sync/atomic packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6a0ee524b1)
Perl threads seem to be supported and working for aarch64, and
including aarch64 here would allow packages like freeswitch-mod-perl
to become available from the standard OpwnWrt package repository for
popular routers such as the Linksys E8450 and Belkin RT3200.
Signed-off-by: Doug Thomson <dwt62f+github@gmail.com>
(cherry picked from commit 6db2fe93cd)
