This version includes fixes for:
* CVE-2020-15801 - Fixes python3x._pth being ignored on Windows
* CVE-2019-20907 - Avoid infinite loop when reading specially crafted
TAR files using the tarfile module
This also:
* Remove patches that are included in the update
* Add a dependency in python3-distutils for python3-email[1]
[1]: https://github.com/python/cpython/blob/v3.8.5/Lib/distutils/dist.py#L10
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This version includes fixes for:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2020-15523: Python uses invalid DLL path after calling Py_SetPath
on Windows
This version also includes support for OpenSSL 1.1.x builds that use
'no-deprecated' and '--api=1.1.0'[1], and so this removes the previous
OpenSSL-related patches.
This also backports fixes for security issues, including:
* CVE-2019-20907: Infinite loop in the tarfile module
This also updates the setuptools and pip packages to 47.1.0 and 20.1.1,
respectively.
[1]: https://github.com/python/cpython/pull/20566
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This adds a new Makefile variable, GO_PKG_TAGS, for Go packages. When
set, the value is passed as the parameter of the -tags option for 'go
install'.
This also updates syncthing to use this variable.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This reverts commit 33525fa8d5.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add me as co-maintainer, bump PKG_RELEASE, Makefile polishing]
Log:
pkg_resources.DistributionNotFound: The 'ciso8601==2.1.3' distribution was not found and is required by homeassistant
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This lets the Python build process set _PYTHON_HOST_PLATFORM instead of
forcing an explicit value.
Also:
* Save the target _PYTHON_HOST_PLATFORM value during Build/InstallDev
for use when building target Python packages (in python3-package.mk).
* Use the (mostly) default PYTHON_FOR_BUILD value, instead patch
configure to remove the platform triplet from the sysconfigdata file
name.
* Remove the "CROSS_COMPILE=yes" make variable (there is no indication
that this variable is necessary).
* Force host pip to build packages from source instead of downloading
binary wheels.
Previously, host pip can download universal (platform-independent)
wheels but not platform-specific wheels, because of the custom
_PYTHON_HOST_PLATFORM value. (Packages that do not have universal
wheels would be compiled from source.)
With a correct _PYTHON_HOST_PLATFORM, host pip can install
platform-specific wheels as well. However, the pre-built shared object
(.so) files in these wheels will have the host's platform triplet in
their file names. When target Python packages are built (using the
target's _PYTHON_HOST_PLATFORM), Python will not use these shared
object files.
By forcing host pip to build packages from source, the built shared
object files will not have the platform triplet in their file names.
(Host Python has been patched to remove the platform triplet from file
names.) This allows these packages to be used when building target
Python packages.
(The net effect of this complete change is that platform-dependent
packages will continue to be compiled from source, while
platform-independent packages will now also be compiled from source.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The main user for this package was Seafile.
In the meantime, Seafile switch to PyMySQL.
https://pypi.org/project/PyMySQL/
PyMySQL seems to be a replacement for python-mysqlclient, and while it may
not be fully compatible with the MySQL API, it may be that those APIs
wouldn't be used.
This change drops this package.
If there is enough usage/reason to bring it back, we can.
For python-mysqlclient, the tag-line/description is:
```
This is a fork of MySQLdb1.
This project adds Python 3 support and bug fixes. I hope this fork is
merged back to MySQLdb1 like distribute was merged back to setuptools.
```
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Bump host Cython version as well.
Add note near PKG_VERSION to remember to periodically update it.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This adds PKG_BUILD_PARALLEL:=0 to packages that depend on host Python
packages (HOST_PYTHON3_PACKAGE_BUILD_DEPENDS), because installing
packages with multiple concurrent pip processes can lead to errors or
unexpected results[1].
This also:
* Move HOST_PYTHON3_PACKAGE_BUILD_DEPENDS definitions to before
python3-package.mk is included
* Update Python folder readme to include PKG_BUILD_PARALLEL:=0
[1]: https://github.com/pypa/pip/issues/2361
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This evaluates the arguments passed to "go install" during Build/Compile
rather than when golang-package.mk is included.
This also changes build directory-related variables to be recursively
expanded, because PKG_BUILD_DIR depends on BUILD_VARIANT and so can
change during different runs of Build/Compile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Essentially, this is a re-spin from
https://github.com/openwrt/packages/pull/9797/
But a really trimmed down version.
Only the Py3 variant is added now, which makes the Makefile really small
now.
Cython is needed on the host, to cythonize some files.
The package needs targets with hard-float enabled. This is because on some
soft-float targets floating-point exception constants aren't defined.
We can define some dummy values, but that ends up being a bit too much
work.
So, for that, the package depends on HAS_FPU or KERNEL_MIPS_FPU_EMULATOR.
This way, numpy should be buildable on hard-float, or for MIPS on the FPU
emulator being compiled in.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This also removes a link to pypi.org; the previous sentence already
links to pypi.org, a second link in the same paragraph isn't necessary.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>