These patches address issue:
CVE-2019-9636: urlsplit does not handle NFKC normalization
Link to Python issue:
https://bugs.python.org/issue36216
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Packages such as Perl, Lua, shell scripts don't generate binary files.
Add PKGARCH:=all to them.
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
This changes Build/InstallDev for both Python 2 and 3 to only copy files
from target Python, not from host Python, since InstallDev files are
used for target packages to link to other target packages.
In particular, usr/lib/python{2.7,3.7}/_sysconfigdata.py holds system
configuration data generated at build time, and is different for target
Python and host Python.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>
Maintainer: myself ( Jeronimo Pellegrini <j_p@aleph0.info> )
Compile tested: compiles on x86_64, target mips (AR7xxx), OpenWRT master
and OpenWRT 18.06.2
Run tested: on AR7xxx (TP-Link Archer C7 v.4)
Description:
This is an efficient Scheme interpreter, which comes with several
modules for networking, filesystem access, and other useful tasks.
It can be used as scripting language for automating tasks, by users
who prefer dynamic functional languages over imperative or
object-oriented ones.
This adds several variables for Go package Makefiles:
* GO_PKG_GCFLAGS - go tool compile arguments
* GO_PKG_LDFLAGS - go tool link arguments
* GO_PKG_LDFLAGS_X - go tool link -X definitions
Settings these will add the corresponding flags to the go install
command line. (Other command line arguments can still be added by
passing them as the first argument to GoPackage/Build/Compile.)
This also adds Go's runtime environment variables (GOGC, GOMAXPROCS,
GOTRACEBACK) to the unexport list.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/8399
These 2 patches cause some breakage for other packages.
For now, we drop them and wait for upstream to finalize a fix.
We can live with deprecated SSL APIs for a while. No need to hurry, since
this doesn't seem to help.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Bug fixes and a security update of the bundled RubyGems:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Removing python3 conditional DEPENDS to avoid a circular dependency.
Fixes a typo in Makefile.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This updates the Python 2 and 3 versions of each package to share the
same title field.
This also updates the package title, url and source urls.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>