Bug fixes and a security update of the bundled RubyGems:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Removing python3 conditional DEPENDS to avoid a circular dependency.
Fixes a typo in Makefile.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This updates the Python 2 and 3 versions of each package to share the
same title field.
This also updates the package title, url and source urls.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The package was missing dependencies on pillow and python-setuptools.
The Makefile was simplified.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Package is rewritten to be current type of python package with variants
but for backward compatibility the simplejson package name was left as
is and new Python3 specific package was named correctly as
python3-simplejson.
Signed-off-by: Karel Kočí <cynerd@email.cz>
This change updates Python to version 2.7.16, which is a bugfix release
in the Python 2.7 series.
This also removes patches back-ported from upstream.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
As it was suggested in PR from the current package maintainer, I have become a new maintainer.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Version 2.6 includes OpenSSL no-engine support.
This also removes python-idna as a dependency. idna became optional with
version 2.5 (https://cryptography.io/en/latest/changelog/#v2-5).
This also updates the package title field and updates both Python 2 and
3 versions to use the same field.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
For a while now, Jeffery has helped quite a lot with Python, and is now
unofficial go-to guy [for problems] with Python packages.
This change adds him as co-maintainer [if he also agrees].
I'm not going away; I'll be still doing the same work for Python.
This change serves to recognize Jeffery in an official way, since he's
already taking on these things. And 2 co-maintainers is better in case one
kicks the bucket [by accident].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/8301
This seems to have slipped for some time. No idea if it ever worked.
It could be that this worked at some point.
In any case, the shebang is properly updated now.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This is the result of this discussion:
https://github.com/openwrt/packages/issues/8285
`urllib.request` requires the `email` module/lib, which was part of
python3-light.
This change moves the Lib/urllib folder from the python3-light into it's
own package, making it lighter. At least this way, users that want `urllib`
(on top of `python3-light`) will be forced to install it via opkg and this
will make sure `python3-email` gets installed as well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
If users want to define these before including python[3]-package.mk, these
vars will be overridden during the include.
So, override these vars if they haven't been defined.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Eneas U de Queiroz
Luiz Angelo Daros de Luca
Philip Prindeville
W. Michael Petullo
Jan Pavlinec
Michael Heimpold
Josef Schlehofer
Stepan Henek
Rosen Penev
Hannu Nyman
Karel Kočí
Karel Kočí
Jeffery To
Xingwang Liao
Alexandru Ardelean
Daniel Golle
Josef Schlehofer
Richard Yu