This patch addresses issue:
[ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service
Link to Python issue:
https://bugs.python.org/issue35746
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This extends the Python[3] shebang fixup to all packages.
Only Python scripts in `/usr/bin` will be handled at the moment. Later it
may make sense to also cover executables in `/bin`, though typically Python
executables shouldn't be placed there.
Previously the shebang handling was only done for python[3]-pip &
python[3]-setuptools.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Piping to xargs does not handle spaces in paths too well, because it splits
up the paths.
For deleting empty dirs, we also need to do several retries, otherwise
`find` will try to go through the directories after they're deleted.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
It's a common operation for both Python & Python3, so move it to the
script `python-package-install.sh` script.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Some programs that use the Python C API have difficulties finding
cross-compiled Python3 without the pkgconfig, so make sure we have
python3.pc and python-3.7.pc in pkgconfig staging dir.
CircleCI requires a package Makefile change to actually
do the CI check, so bump PKG_RELEASE.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
bcrypt is a secure password hashing mechanism and is
extremely useful for more secure Radicale authentication,
so add it.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
While at, add --with-pic to configure arguments. This prevents the following
build errors spotted by the build bots for i386 targets:
-snip-
...
ext/openssl/.libs/openssl.o: direct GOT relocation R_386_GOT32X against
`X509_REQ_free' without base register can not be used when making a shared object
...
-snap-
This parameter seems to make no difference on other targets, nor
improve or make worse the package size.
Run tested for i386 in VirtualBox VM and on Duckbill for mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
python3's lib2to3 would fail in silence if python3 and its packages are installed as compiled .pyc files. Root cause is, in Lib/lib2to3/refactor.py, the function get_all_fix_names only searches '.py' fix names.
Signed-off-by: Nj Hsiong <nj.hsiong@gmail.com>
It was a semi-popular request a while back that I put off for a while.
Here's a quick doc.
I'll update it later as things change and I don't forget.
It also lets other people update if something is wrong.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Update the packaging to use the generic bits by @commodo.
Radicale 2.x requires Python3 and python-dateutils, so
build for Python3 as well.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This change upgrades the version of pyasn1-modules to version 0.2.3.
Run-tested on an x86 VM.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Lbrary for vCard and vCalendar support for Python{3}.
vobject is used by Radicale2 so add it.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
`setuptools` & `pip` whl files were selected via wildcards, because it was
easier in the beginning.
Also, initially there weren't any PYTHON{3}_{SETUTPTOOLS/PIP}_VERSION
variables. But now since these vars exist, it makes sense to use them,
because we can catch easier (at build) time if Python/Python3 bump these
versions.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
go 1.11 added modules, which are cached locally. The go developers have
decided to make this cache read-only (golang/go#27455), which causes
problems with package clean / autoremove (#7635).
This adds a call to clear this cache right after building, as currently
there is no easy way to hook into autoremove (it may be possible to hook
into package clean).
This also adds whitespace (blank lines) to certain places in make
output, to aid debugging.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>