| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Reverts [1] to resolve the following build error on macOS:
/Volumes/wrt3200/openwrt/staging_dir/hostpkg/usr/bin/perl installperl --destdir=/Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install
WARNING: You've never run 'make test' or some tests failed! (Installing anyway.)
/usr/bin/perl5.38.2
error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/install_name_tool: input file: /Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install/usr/bin/perl5.38.2 is not a Mach-O file
[1] https://github.com/Perl/perl5/commit/88efce38149481334db7ddb932f9b74eaaa9765b
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
| |
Smaller and avoids badly named tarball with just the version.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
|
| |
|
|
|
|
| |
Also added python-cython/host as a build dependency.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| |
|
|
|
|
| |
Support POSIX basename used in musl libc 1.2.5.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |\
| |
| | |
django,django-restframework: bump versions
|
| | |
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| | |
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| |\ \
| | |
| | | |
php8: update to 8.3.6
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes:
- CVE-2024-1874
- CVE-2024-2756
- CVE-2024-2757
- CVE-2024-3096
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |\ \
| | |
| | | |
python-cython: bump to version 3.0.10
|
| | |/
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the python-jinja2/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
|
| |/
|
|
|
|
|
|
|
| |
Make the python-yaml/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
|
| |
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |\
| |
| | |
numpy: update to 1.26.4
|
| | |
| |
| |
| |
| |
| | |
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |\ \
| |/
|/| |
golang: update to 1.22.2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
go1.22.2 (released 2024-04-03) includes a security fix to the
net/http package, as well as bug fixes to the compiler, the
go command, the linker, and the encoding/gob, go/types,
net/http, and runtime/trace packages.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.2
Find out more:
https://github.com/golang/go/issues?q=milestone%3AGo1.22.2
Signed-off-by: Shi JiaYang <shi05275@163.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
This is a security release
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant changes since previous 3.9.13:
- FIXED: Fix crash serializing str introduced in 3.9.11
- FIXED: Implement recursion limit of 1024 on orjson.loads()
- FIXED: Use byte-exact read on str formatting SIMD path to avoid crash
- Build now depends on Rust 1.72 or later
- Support serializing numpy.float16 (numpy.half)
- sdist uses metadata 2.3 instead of 2.1
- Improve Windows PyPI builds
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
|
| |
|
|
| |
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| |
|
|
| |
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
|
| |
|
|
| |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |
|
|
|
|
|
|
| |
- Restore patch hunk mis-deleted in dccb910
- Refresh patches
- Remove --enable-missing-tools configure option deleted in the upstream
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
| |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |\
| |
| | |
php8: update to 8.3.4
|
| | |
| |
| |
| | |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Go 1.22.1 contains the following security fixes:
- CVE-2024-24783:
crypto/x509: Verify panics on certificates with an unknown public key
algorithm
- CVE-2023-45290
net/http: memory exhaustion in Request.ParseMultipartForm
- CVE-2023-45289
net/http, net/http/cookiejar: incorrect forwarding of sensitive headers
and cookies on HTTP redirect
- CVE-2024-24785
html/template: errors returned from MarshalJSON methods may break
template escaping
- CVE-2024-24784
net/mail: comments in display names are incorrectly handled
https://go.dev/doc/devel/release#go1.22.1
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Added a third bootstrap stage since go1.22 (and onwards) requires
at least go1.20.14 to build.[1]
[1]: https://go.dev/doc/go1.22#bootstrap
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
|
| |\ \
| | |
| | | |
python-{pytz,dateutil,evdev},django: bump versions
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| | |/
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| |/
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
| |
lua-struct is a implementation of binary packing/unpacking in pure lua.
Resulting-package:
* lua-struct
Signed-off-by: jasle <jasle@riseup.net>
|
| |
|
|
| |
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
go1.21.6 (released 2024-01-09) includes fixes to the compiler,
the runtime, and the crypto/tls, maps, and runtime/pprof packages.
go1.21.7 (released 2024-02-06) includes fixes to the compiler,
the go command, the runtime, and the crypto/x509 package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
| |
Most packages already use https URLs and for PHP and PECL
package downloads https is working properly.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
|
|
|
| |
- Use .xz for source archive
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
|
|
| |
package fails to build with mold linker due to unregocnized flag.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
| |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
| |
Issue was avoided with glib2.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|