Bug fixes and a security update of the bundled RubyGems:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Removing python3 conditional DEPENDS to avoid a circular dependency.
Fixes a typo in Makefile.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This updates the Python 2 and 3 versions of each package to share the
same title field.
This also updates the package title, url and source urls.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Package is rewritten to be current type of python package with variants
but for backward compatibility the simplejson package name was left as
is and new Python3 specific package was named correctly as
python3-simplejson.
Signed-off-by: Karel Kočí <cynerd@email.cz>
This change updates Python to version 2.7.16, which is a bugfix release
in the Python 2.7 series.
This also removes patches back-ported from upstream.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
As it was suggested in PR from the current package maintainer, I have become a new maintainer.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Version 2.6 includes OpenSSL no-engine support.
This also removes python-idna as a dependency. idna became optional with
version 2.5 (https://cryptography.io/en/latest/changelog/#v2-5).
This also updates the package title field and updates both Python 2 and
3 versions to use the same field.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
For a while now, Jeffery has helped quite a lot with Python, and is now
unofficial go-to guy [for problems] with Python packages.
This change adds him as co-maintainer [if he also agrees].
I'm not going away; I'll be still doing the same work for Python.
This change serves to recognize Jeffery in an official way, since he's
already taking on these things. And 2 co-maintainers is better in case one
kicks the bucket [by accident].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/8301
This seems to have slipped for some time. No idea if it ever worked.
It could be that this worked at some point.
In any case, the shebang is properly updated now.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This is the result of this discussion:
https://github.com/openwrt/packages/issues/8285
`urllib.request` requires the `email` module/lib, which was part of
python3-light.
This change moves the Lib/urllib folder from the python3-light into it's
own package, making it lighter. At least this way, users that want `urllib`
(on top of `python3-light`) will be forced to install it via opkg and this
will make sure `python3-email` gets installed as well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
If users want to define these before including python[3]-package.mk, these
vars will be overridden during the include.
So, override these vars if they haven't been defined.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This adds a variable (PYTHON_PKG_SETUP_DIR / PYTHON3_PKG_SETUP_DIR) that
allows a Python package Makefile to control the directory where setup.py
is called (as part of PyBuild/Compile/Default /
Py3Build/Compile/Default).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Thanks to fix 200a5a2eec all base packages
now contain all binaries that are generated as part of python
installation. That causes collision between those packages with package
managers that consider this such as Turris updater-ng. This is also just
wrong. Those binaries were not included and should not be after
mentioned fix as well.
This just adds empty install definition. The idea is to override the
default one that is otherwise used.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
This updates the Python 2 and 3 versions of each package to share the
same title field. (For packages that only had this change, their
PKG_RELEASE were not incremented.)
This also updates the package title, url and source urls, where
necessary.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates these packages to use the default PyBuild/Compile, instead
of defining their own Build/Compile.
This also updates the Python 2 and 3 versions to use the same TITLE.
This also updates the source url and adds src packages for python-gmpy2.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>