Changelog:
PycURL 7.44.0 - 2021-08-08
--------------------------
This release reinstates best effort Python 2 support, adds Python 3.9 and
Python 3.10 alpha support and implements support for several libcurl options.
Official Windows builds are currently not being produced.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- BACKWARDS COMPATIBILITY:
- Deprecated the distro.linux_distribution() function. Use
distro.id(), distro.version() and distro.name() instead [#296]
- Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will
only support Python 3.6+
- ENHANCEMENTS:
- Added type hints to distro module [#269]
- Added __version__ for checking distro version [#292]
- Added support for arbitrary rootfs via the root_dir parameter
[#247]
- Added the --root-dir option to CLI [#161]
- Added fallback to /usr/lib/os-release when /etc/os-release isn't
available [#262]
- BUG FIXES:
- Fixed subprocess.CalledProcessError when running lsb_release
[#261]
- Ignore /etc/iredmail-release file while parsing distribution
[#268]
- Use a binary file for /dev/null to avoid TextIOWrapper overhead
[#271]
- RELEASE:
- Moved repository from nir0s/distro to python-distro/distro on
GitHub.
Signed-off-by: Javier Marcet <javier@marcet.info>
This package was updated without a hash change.
Fixes: c157522580 ("pyodbc: update to version 4.0.31")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
July 2021 Security Releases:
Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Also bump Cython version to 0.29.23.
And add support for OpenBLAS.
Currently optional, but will be enabled by default on some architectures
later.
Depends on PR https://github.com/openwrt/packages/pull/15685
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This version prefers charset_normalizer instead of chardet.
chardet is still usable if available.
Dropping patches for idna. Not required anymore.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Includes fix for CVE-2021-34558 (crypto/tls: clients can panic when
provided a certificate of the wrong type for the negotiated parameters).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Python works with GNU DBM and with Berkley DBM.
Berkley DBM has been under Oracle for some time.
And it's not clear how many Python users actually use DBM.
In the packages feed, we have both libdb47 (which is now under Oracle) and
GNU DBM. The GNU DBM has a compatibility layer for Berkley DBM.
There are newer versions than libdb47, but it's probably not worth having
them yet. The libbd47 tarball is ~40+ MB. Odds are newer versions will be
bigger and more bloated.
This change merges the old `python3-gdbm` package into the `python3-dbm`
package, since they are effectively using the same underlying library now,
i.e. gdbm.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
I seem to forget to check/select setuptools and pip (that come bundled with
Python).
This change will do a simple 'ls' on the 2 wheel files, so that the build
fails even if just building Python.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Dropped patches:
0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch
0005-Switch-get_-Update-APIs-to-get0.patch
Reworked patches:
0001-Add-new-ASN1_STRING_get0_data-API.patch
0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch
These 2 require that we keep only the CUSTOMIZATIONS stuff for now. Maybe
later we can drop this.
Ran 'make package/python-cryptography/refresh'.
Added patch:
0004-disable-rust.patch
upstream did a sloppy job with the CRYPTOGRAPHY_DONT_BUILD_RUST logic; we
need to patch it, to make sure the setuptools-rust isn't installed.
We may need to carry this patch in our tree for a bit longer than upstream,
because in newer versions, CRYPTOGRAPHY_DONT_BUILD_RUST logic gets removed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
By adding these dependencies, it is much easier for users (both
applications that use Twisted and end users) to have secure
communications by default.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
1.16.1 included fixes for:
* CVE-2021-27918 - encoding/xml: infinite loop when using
xml.NewTokenDecoder with a custom TokenReader
* CVE-2021-27919 - archive/zip: can panic when calling Reader.Open
1.16.4 included fixes for:
* CVE-2021-31525 - net/http: ReadRequest can stack overflow due to
recursion with very large headers
1.16.5 includes fixes for:
* CVE-2021-33195 - net: Lookup functions may return invalid host names
* CVE-2021-33196 - archive/zip: malformed archive may cause panic or
memory exhaustion
* CVE-2021-33197 - net/http/httputil: ReverseProxy forwards Connection
headers if first one is empty
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Josef Schlehofer
Jeffery To
Javier Marcet
Tianling Shen
Daniel Golle
Hirokazu MORIKAWA
Michael Heimpold
Alexandru Ardelean
Jan Pavlinec
Rainer Poisel
Luiz Angelo Daros de Luca
Rosen Penev
Siger Yang