| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
python-cffi: bump to version 1.13.1
|
| | |
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\ \
| | |
| | | |
pillow: bump to version 6.2.1
|
| | |/
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\
| |
| | |
python-pytz: update to 2019.03
|
| | |
| |
| |
| | |
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After many failed attempts at upgrading Django to 2.2.6, the solution seems
to be to split a `python-django1` package that works with Python2 and
upgrade `python3-django` to the latest 2.2[.6] LTS release.
This also means that all Python2 Django packages will be stuck & based on
Django 1.11[.24] LTS release. But, it's currently the sanest approach I
could find to be able to perform an upgrade of Django to 2.2, and not break
Seafile.
Upgrading Seafile is also pretty difficult, as their Python3 support is not
yet finished & released. And in the meantime, we want to allow people to
use newer Django versions.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\
| |
| | |
python: Update to 2.7.17, refresh patches
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Patches already merged and so removed:
* 011-fix-ssl-build-use-have-npn.patch
* 019-bpo-36216-Add-check-for-characters-in-netloc-that-normalize-to-separators-GH-12216.patch
* 020-bpo-36216-Only-print-test-messages-when-verbose-GH-12291.patch
* 021-2.7-bpo-35121-prefix-dot-in-domain-for-proper-subdom.patch
* 022-bpo-30458-Disallow-control-chars-in-http-URLs-GH-13315.patch
* 023-bpo-35907-Avoid-file-reading-as-disallowing-the-unnecessary-URL-scheme-in-urllib-GH-11842.patch
* 027-bpo-38243-Escape-the-server-title-of-DocXMLRPCServer.patch
* 028-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
Patches no longer necessary and so removed:
* 017_lib2to3_fix_pyc_search.patch
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \
| | |
| | | |
python3: bump to version 3.8
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This required a bit work to get working, compared to other versions. So,
some things have changed a bit more significantly.
Some highlights:
* there is no longer a pgen executable, seems this is now part of
libpython; let's see what this means for us in the future
* blake2 hash (from OpenSSL) detection needs some fixing; will upstream
added patch 002-fix-blake2-detection.patch
* removed all bpo patches; those should be fixed in upstream
* some needed to be manually re-applied as stuff changed:
- 001-enable-zlib.patch - file changed
- 004-do-not-write-bytes-codes.patch - file changed
- 015-abort-on-failed-modules.patch - variable was renamed
cross_compiling -> CROSS_COMPILING
* 017_lib2to3_fix_pyc_search.patch - the code changed, it does not seem to
have the original problem with respect to file-extension, as there
does not seem to be any special extension logic anymore there
* 006-remove-multi-arch-and-local-paths.patch - dropped patch; I can't
remember the full-details of this issue; it was something with
Debian/Ubuntu's multi-arch stuff; it was probably added maybe due to
some overzealous (on my part) thingy caused by some weird reports,
that I could never solve; let's have this patch dropped and see
* make package/python3/refresh to reduce fuzz for the rest
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a new (optional) variable, PYPI_SOURCE_NAME, to pypi.mk.
For some PyPi packages (e.g. aiohttp_cors, click, django-compressor),
the name of the package and the source tarball name are slightly
different (usually by capitalisation or hyphen/underscore change).
This new variable is to make this difference explicit. PYPI_NAME is
meant for the "official" package name, whereas PYPI_SOURCE_NAME is meant
for the source tarball name.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
With this update, the package no longer depends on python-asn1crypto[1].
[1]: https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst#28---2019-10-16
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\
| |
| | |
python,python3: Add pypi makefile
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds pypi.mk, which can be included in Python packages that
download their sources from PyPI, to auto-fill various PKG_* variables
based on the value of PYPI_NAME.
This makefile should be included after $(TOPDIR)/rules.mk but before
$(INCLUDE_DIR)/package.mk (and $(INCLUDE_DIR)/host-build.mk).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\
| |
| | |
python[3]-simplejson: drop tests from simplejson package
|
| | |
| |
| |
| |
| |
| | |
These tests take-up a bit of space. And they aren't typically needed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |\ \
| | |
| | | |
python-attrs: Update to 19.2.0
|
| | |/
| |
| |
| | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \
| | |
| | | |
python-asn1crypto: bump to version 1.0.1
|
| | |/
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py (for
Python 2.7)
CVE-2019-16935 was fixed for python3 in #10109
Links to Python issues:
https://bugs.python.org/issue34155
https://bugs.python.org/issue38243
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
simplejson depends on the decimal module[1][2]. This adds
python[3]-decimal to the package's DEPENDS.
[1]: https://github.com/simplejson/simplejson/blob/v3.16.0/simplejson/__init__.py#L110
[2]: https://github.com/simplejson/simplejson/blob/v3.16.0/simplejson/encoder.py#L7
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\
| |
| | |
Werkzeug: Update to version 0.16.0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Remove PKG_BUILD_DEPENDS as it is no longer necessary.
- The Python3 is already included in DEPENDS.
- Remove PKG_BUILD_DIR and PKG_UNPACK was for dual Python version.
- Change TITLE and description
- Add source package
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |\ \
| | |
| | | |
Flask: Update to version 1.1.1
|
| | |/
| |
| |
| |
| |
| |
| | |
- Change TITLE and URL to better one
- Add source package
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
| |
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
| |
Fixes: CVE-2019-16935
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |\
| |
| | |
python-sentry-sdk: Update to version 0.12.2
|
| | |
| |
| |
| | |
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
And splitting the gunicorn[3] binary/executable away from the
python[3]-gunicorn libraries. This was inspired from Debian packaging.
The gunicorn[3] binaries require the new `python[3]-pkg-resources`
libraries to run, which add ~1.1 MB on the [ram]disk when uncompressed.
For the Python2 variant, the `_gaiohttp.py` is dropped as it fails to
compile, so it would likely be unusable anyway:
```
File "/usr/lib/python2.7/site-packages/gunicorn/workers/_gaiohttp.py", line 84
yield from self.wsgi.close()
^
SyntaxError: invalid syntax
```
People around the web recommend this as well:
https://stackoverflow.com/questions/25611140/syntax-error-installing-gunicorn
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803170
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803202
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some packages just install some Python binaries, that may need their
shebang fixed.
This change adds some utilities to help with that and try to centralize the
sed rules a bit.
It also removes the logic from the `python-package-install.sh` into the
`python-package[3].mk` files. This does 2 things:
1. It minimizes the need for the shell script to know the Python
version 2/3
2. Makes the logic re-usable in packages; especially if the install rules
differ a bit
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This package is required by other packages to run some binaries via
`load_entry_point`.
So, this splits this package away from setuptools.
setuptools is pretty big, akd pkg-resources is also big, but not as big.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
| |
As I remember this worked.
But since `set -e` is set, I am a bit paranoid about it. In the sense that
it may fail if `ver` != 3.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a whole bunchs of CVEs:
CVE-2019-3498
CVE-2019-6975
CVE-2019-12308
CVE-2019-12781
CVE-2019-14232
CVE-2019-14233
CVE-2019-14234
CVE-2019-14235
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|