October 12th 2021 Security Releases:
HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)
HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This is a minor update, which officially supports Python 3.8, and
removes Python 2 code, among several bugfixes.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Features:
- Add cap_add and cap_drop parameters to service create and
ContainerSpec
- Add templating parameter to config create
Bugfixes:
- Fix getting a read timeout for logs/attach with a tty and slow
output
Miscellaneous:
- Fix documentation examples
Signed-off-by: Javier Marcet <javier@marcet.info>
What's Changed
- CHANGELOG.md: Fix typos discovered by codespell by @cclauss in #350
- Add Python 3.10 support by @theskumar in #359
Signed-off-by: Javier Marcet <javier@marcet.info>
Includes fix for CVE-2021-38297 (passing very large arguments to WASM
module functions can cause portions of the module to be overwritten).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Commit 3da874371 ("libsodium: include ed25519_core in minimal build")
broke the build of PyNaCl. Add patch to always include all ed25519
functions which are now always covered even if libsodium is built with
the MINIMAL option.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When running FindStdlib and running DependsCheckHostPipVersionMatch at
the same time, both commands were joined together resulting in a syntax
error.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Bluetooth support requires bluez-libs present, but they are only required
for the build, and don't seem to be needed to be present on the target.
There isn't any linking required to libbluetooth. It's only the bluetooth.h
header that is required for building BT support into Python.
For testing, this snippet was used from `Lib/test/test_socket.py` (inside
cpython):
```
def _have_socket_bluetooth():
"""Check whether AF_BLUETOOTH sockets are supported on this host."""
try:
# RFCOMM is supported by all platforms with bluetooth support. Windows
# does not support omitting the protocol.
s = socket.socket(socket.AF_BLUETOOTH, socket.SOCK_STREAM, socket.BTPROTO_RFCOMM)
except (AttributeError, OSError):
return False
else:
s.close()
return True
```
Fixes: https://github.com/openwrt/packages/issues/16544
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Without -ldl linker flag .so extensions are not loaded
when glibc is used. Fix it by providing adjusted LDFLAGS
for this case.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Without -ldl linker flag .so extensions are not loaded
when glibc is used. Fix it by providing adjusted LDFLAGS
for this case.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Changed:
- Require Python 3.5 or a later version. Python 2 and 3.4 are no
longer supported
- Raise ValueError if quote_mode isn't one of always, auto or never
in set_key
- When writing a value to a .env file with set_key or dotenv set
<key> <value>
Added:
- The dotenv_path argument of set_key and unset_key now has a type of
Union[str, os.PathLike] instead of just os.PathLike
Signed-off-by: Javier Marcet <javier@marcet.info>
Bugfixes:
- Fix disable_buffering regression
- Bring back support for ssh identity file
- Cleanup remaining python-2 dependencies
- Fix image save example in docs
Miscellaneous:
- Bump urllib3 to 1.26.5
- Bump requests to 2.26.0
Signed-off-by: Javier Marcet <javier@marcet.info>
Refreshed patches.
And apply hack for line-endings in pep517 (from pip).
Hack comment:
# FIXME: [1] get rid of this asap; 'patch' doesn't like Windows endings, and this file is full of them...
# I actually tried this in a number of ways and the only way to fix this is to implement
# a poor-man's dos2unix using sed.
# The issue is with the pip package; it seems that it throws in some Windows line-endings
# and 'patch' won't handle them. So, we do a "dos2unix" and then patch.
# We can get rid of this once this is solved upstream and in pip:
# https://github.com/pypa/pep517/pull/130
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The addressed issue is related to #6893 as its resolution
is actually causing the problem.
When changing the priority of the config file it happens
that after a sysupgrade the previous file is restored
and the new file is added, ending up in a situation
like this:
/etc/php7/15_openssl.ini
/etc/php7/20_openssl.ini
Causing a double extension=openssl.so to be parsed,
which is not appropriate and leads to error message.
The same problem might also occur for mysqli since there
was also a priority change - let's take care about this
at the same time.
The solution is to remove one of the files. Since it is
a configuration file, the user might have adjusted it, so
lets just use the previous version to replace the new
installed version.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Changelog:
- Bumped upper bound of the chardet runtime dependency to allow their v4.0 version stream.
From a1158c5389/CHANGES.rst
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
It often happens that we update a package to a new version (e.g. cffi) to a
newer version, but we forget to update the version for cffi in the
`lang/python/host-pip-requirements/cffi.txt` file.
This check adds a minimal check, so that when a build occurs for a Python
package, if there is a mention/listing of this package in
`lang/python/host-pip-requirements/` it will check that the versions match.
This way, when we update a package, we get a build failure and update the
host version as well.
This will omit packages (like Cython) that are not packaged for OpenWrt,
but are host-side dependencies only.
But until we find some mechanism to check for those, we will probably only
notice to update them when another build occurs (at the very least).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Hirokazu MORIKAWA
Eneas U de Queiroz
Javier Marcet
Jeffery To
Daniel Golle
Alexandru Ardelean
Michal Vasilek
Michael Heimpold
Zbyněk Kocur
Matt Merhar
Maxim Storchak
Josef Schlehofer
Kerma Gérald
Robert Högberg