| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
python-cffi: bump to version 1.13.1
|
| | |
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\ \
| | |
| | | |
pillow: bump to version 6.2.1
|
| | |/
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2.6.5 fixes:
* CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
* CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
* CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
* CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrickâs Digest access authentication
2.6.4 fixes:
* Multiple jQuery vulnerabilities in RDoc
Changelog: https://github.com/ruby/ruby/compare/v2_6_3...v2_6_5
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |\
| |
| | |
python-pytz: update to 2019.03
|
| | |
| |
| |
| | |
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After many failed attempts at upgrading Django to 2.2.6, the solution seems
to be to split a `python-django1` package that works with Python2 and
upgrade `python3-django` to the latest 2.2[.6] LTS release.
This also means that all Python2 Django packages will be stuck & based on
Django 1.11[.24] LTS release. But, it's currently the sanest approach I
could find to be able to perform an upgrade of Django to 2.2, and not break
Seafile.
Upgrading Seafile is also pretty difficult, as their Python3 support is not
yet finished & released. And in the meantime, we want to allow people to
use newer Django versions.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\
| |
| | |
php7: mark /etc/config/php7-fastcgi as conffile
|
| | |
| |
| |
| | |
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |\ \
| | |
| | | |
python: Update to 2.7.17, refresh patches
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Patches already merged and so removed:
* 011-fix-ssl-build-use-have-npn.patch
* 019-bpo-36216-Add-check-for-characters-in-netloc-that-normalize-to-separators-GH-12216.patch
* 020-bpo-36216-Only-print-test-messages-when-verbose-GH-12291.patch
* 021-2.7-bpo-35121-prefix-dot-in-domain-for-proper-subdom.patch
* 022-bpo-30458-Disallow-control-chars-in-http-URLs-GH-13315.patch
* 023-bpo-35907-Avoid-file-reading-as-disallowing-the-unnecessary-URL-scheme-in-urllib-GH-11842.patch
* 027-bpo-38243-Escape-the-server-title-of-DocXMLRPCServer.patch
* 028-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
Patches no longer necessary and so removed:
* 017_lib2to3_fix_pyc_search.patch
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \ \
| | | |
| | | | |
python3: bump to version 3.8
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This required a bit work to get working, compared to other versions. So,
some things have changed a bit more significantly.
Some highlights:
* there is no longer a pgen executable, seems this is now part of
libpython; let's see what this means for us in the future
* blake2 hash (from OpenSSL) detection needs some fixing; will upstream
added patch 002-fix-blake2-detection.patch
* removed all bpo patches; those should be fixed in upstream
* some needed to be manually re-applied as stuff changed:
- 001-enable-zlib.patch - file changed
- 004-do-not-write-bytes-codes.patch - file changed
- 015-abort-on-failed-modules.patch - variable was renamed
cross_compiling -> CROSS_COMPILING
* 017_lib2to3_fix_pyc_search.patch - the code changed, it does not seem to
have the original problem with respect to file-extension, as there
does not seem to be any special extension logic anymore there
* 006-remove-multi-arch-and-local-paths.patch - dropped patch; I can't
remember the full-details of this issue; it was something with
Debian/Ubuntu's multi-arch stuff; it was probably added maybe due to
some overzealous (on my part) thingy caused by some weird reports,
that I could never solve; let's have this patch dropped and see
* make package/python3/refresh to reduce fuzz for the rest
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a new (optional) variable, PYPI_SOURCE_NAME, to pypi.mk.
For some PyPi packages (e.g. aiohttp_cors, click, django-compressor),
the name of the package and the source tarball name are slightly
different (usually by capitalisation or hyphen/underscore change).
This new variable is to make this difference explicit. PYPI_NAME is
meant for the "official" package name, whereas PYPI_SOURCE_NAME is meant
for the source tarball name.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With this update, the package no longer depends on python-asn1crypto[1].
[1]: https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst#28---2019-10-16
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |/
|
|
|
|
| |
Fixes CVE-2019-17596
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\
| |
| | |
python,python3: Add pypi makefile
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds pypi.mk, which can be included in Python packages that
download their sources from PyPI, to auto-fill various PKG_* variables
based on the value of PYPI_NAME.
This makefile should be included after $(TOPDIR)/rules.mk but before
$(INCLUDE_DIR)/package.mk (and $(INCLUDE_DIR)/host-build.mk).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
PHP7 fails to load xmlreader.so (php7-mod-xmlreader) module without
dom.so (php7-mod-dom) module loaded:
-snip-
PHP Warning: PHP Startup: Unable to load dynamic library 'xmlreader.so'
(tried: /usr/lib/php/xmlreader.so (Error relocating /usr/lib/php/xmlreader.so:
dom_node_class_entry: symbol not found), /usr/lib/php/xmlreader.so.so (Error
loading shared library /usr/lib/php/xmlreader.so.so: No such file or
directory)) in Unknown on line 0
^C
-snap-
However, this dependency only exists when during build also php7-mod-dom
is selected.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |/
|
|
| |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\
| |
| | |
python[3]-simplejson: drop tests from simplejson package
|
| | |
| |
| |
| |
| |
| | |
These tests take-up a bit of space. And they aren't typically needed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\ \
| | |
| | | |
luasec: update to 0.8.2
|
| | | |
| | |
| | |
| | | |
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |\ \ \
| | | |
| | | | |
php7-pecl-mcrypt: update to 1.0.3
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |\ \ \
| |/ /
|/| | |
luaposix: disable documentation build
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Lost when luaposix converted their upstream build system.
Required to prevent the build from attempting to invoke "ldoc" on the
host and also simply to speed it up.
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
|
| |\ \ \
| | | |
| | | | |
python-sentry-sdk: Update to version 0.12.3
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \
| | |
| | | |
python-attrs: Update to 19.2.0
|
| | |/
| |
| |
| | |
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \
| | |
| | | |
python-asn1crypto: bump to version 1.0.1
|
| | |/
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py (for
Python 2.7)
CVE-2019-16935 was fixed for python3 in #10109
Links to Python issues:
https://bugs.python.org/issue34155
https://bugs.python.org/issue38243
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
simplejson depends on the decimal module[1][2]. This adds
python[3]-decimal to the package's DEPENDS.
[1]: https://github.com/simplejson/simplejson/blob/v3.16.0/simplejson/__init__.py#L110
[2]: https://github.com/simplejson/simplejson/blob/v3.16.0/simplejson/encoder.py#L7
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\
| |
| |
| | |
php7-mod-gd: enable libwebp
php7: bump to 7.2.23
|
| | |
| |
| |
| | |
Signed-off-by: Stefaan Ghysels <stefaang@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Stefaan Ghysels <stefaang@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Removed inactive maintainer.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|