These patches address issues:
CVE-2019-9740: Python urllib CRLF injection vulnerability
CVE-2019-9947: Header Injection in urllib
Links to Python issues:
https://bugs.python.org/issue36276 (resolved duplicated of 30458)
https://bugs.python.org/issue35906 (resolved duplicated of 30458)
https://bugs.python.org/issue30458
Issue 30458 is still currently open, waiting for a decision for
Python 3.5; these patches for Python 2.7 and 3.7 have been merged.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Add support for uci config file.
Only a global 'enabled" switch has been implemented so far.
* Default config disables irqbalance initially, so that there is
no change with the previous behaviour (and the possibly existing
separate launch scripts in people's builds).
Config file and init script can be later extended for irqbalance
options like the oneshot mode or the evaluation interval
(Also change the init file to use tabs)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
It was causing regressions in systems without some particular
development tools (see #8129)
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This changes the "patched" indicator files for host setuptools and pip
to include their PKG_RELEASE values. This also removes host setuptools
and/or pip before host install, if the installed copy does not match the
version (and PKG_RELEASE) of the copy to be installed.
This will allow added or removed patches to affect host setuptools /
pip, since these changes will cause PKG_RELEASE to be incremented.
This also fixes the host install error, when the install tries to patch
an already patched copy of setuptools. (This error occurs because the
existing indicator files do not have version numbers in their file
names, whereas host install expected version numbers to be present.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Removed upstreamed patches. Also fixes a redefinition error on some
platforms.
Cleaned up the DEPENDS to be simpler and more concise.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Current version in OpenWrt (3.16.2) fails against the Arch Linux
in System Rescue CD's NBD as rootfs (to allow sharing ISO across
network). Based on resolved issues and web searching it seems
nbd had endianness issues (which affected my ath79 device).
This updates to 3.19 which allows System Rescue CD PXE boot with
NBD rootfs to work.
Removed patches no longer required due to upstream changes, and
added new configure option (--without-libnl) required to avoid
linking against full libnl and libnl-genl (if present in build).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* change iptables whitelist target from 'ACCEPT' to 'RETURN'
to stop traversing the banIP chain and resume at the next chain
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add patch that detects when -latomic is needed.
Fix compilation without deprecated OpenSSL APIs.
Hard-code lua to avoid luajit dependency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This adds the current setuptools/pip version numbers to the indicator
files' names, which should allow upgraded versions to be patched.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
python-cryptography's build depends (host cffi, libffi) were transferred
to python-cffi at some point; this corrects the situation.
python-cryptography's host Python build depends is copied from its
setup.py[1].
[1]: https://github.com/pyca/cryptography/blob/2.6.1/setup.py#L47
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This uses two find commands to delete __pycache__ contents then the
__pycache__ directories, rather than a for loop.
The second command omits a -empty test, so that if the first command
doesn't remove all directory contents for some reason, the second
command will return an error (find will not delete a non-empty
directory).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This changes the --prefix option, passed to host pip when "installing"
target setuptools and pip, to /usr, in case the prefix is recorded in
the packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds --cache-dir and --disable-pip-version-check options for host
pip, when "installing" target setuptools and pip.
This also changes the pip command to use $(HOST_PYTHON[3]_PIP) from
python[3]-host.mk.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Normally, Python will include the user's site-packages directory
(~/.local/lib/python$(PYTHON_VERSION)/site-packages) in it's internal
search path for modules.
This disables this default inclusion for host Python.
This change is applied during Host/Configure instead of as a patch to
keep this setting unchanged for target Python.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Add --cache-dir option to set the pip cache to a directory in
$(DL_DIR), instead of pip's default (build user's ~/.cache/pip),
fixes#9066
* Add --disable-pip-version-check option, since the version check only
prints a message saying a new version is available
* Combine host_python_pip_install and host_python_pip_install_host into
Build/Compile/HostPy[3]PipInstall
* Remove --root and --prefix options, since this function is only used
to install packages to host Python's default site-packages directory
(setting these may serve to confuse pip)
* Pass all of $(HOST_PYTHON[3]_PACKAGE_BUILD_DEPENDS) to the function,
since pip can handle multiple arguments/packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Commit 32aaaaa led to failures when openwrt ARCH did not match kernel
ARCH, and this may not be its only side-effect.
This restores the previous Build/Compile and Build/Install, using the
default ones only when using external toolchain; in this case, ARCH is
set to LINUX_KARCH.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
After some thinking over this, documenting this behavior makes sense
versus adding some functionst to handle this.
There is some validity/use-cases where some users may want to reference
a python[3]-package.mk from some other location as well as have the
flexibility to change it (locally). One example can be when the local
`packages` is renamed to something else.
This does not fall on the responsibility of the Python maintainers, but
it can be documented.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This changes --with-ensurepip=install to upgrade, to upgrade host
versions of setuptools and pip to the Python-bundled versions.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>