Tianling Shen [Mon, 16 Oct 2023 08:46:38 +0000 (16:46 +0800)]
Merge pull request #22349 from miska/samba4-22.03
[22.03] samba4: Update to version 4.18.7
Jeffery To [Sat, 25 Feb 2023 11:59:40 +0000 (19:59 +0800)]
python-pycparser: Add host build
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
8f32fd202e2369ad5f8c33e45fb2d2f846613631)
Michal Hrusecky [Mon, 16 Oct 2023 05:15:46 +0000 (07:15 +0200)]
samba4: Update to version 4.18.8
Mainly security release, fixing CVE-2023-3961, CVE-2023-4091,
CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670. For more details see:
https://www.samba.org/samba/history/samba-4.18.8.html
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit
c9c5f62e30a7d6cdc07f20accd8dfc95910e213e)
Jeffery To [Tue, 28 Feb 2023 17:50:34 +0000 (01:50 +0800)]
python-hatchling: Add new host-only package
From the README:
This is the extensible, standards compliant build backend used by Hatch.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
5e832f44fc5d36fcb5b1f52f2bec60ccd3466efa)
Jeffery To [Tue, 28 Feb 2023 18:02:57 +0000 (02:02 +0800)]
python-hatch-fancy-pypi-readme: Add new host-only package
From the README:
hatch-fancy-pypi-readme is a Hatch metadata plugin for everyone who
cares about the first impression of their project’s PyPI landing page.
It allows you to define your PyPI project description in terms of
concatenated fragments that are based on static strings, files, and most
importantly: parts of files defined using cut-off points or regular
expressions.
Once you’ve assembled your readme, you can additionally run regular
expression-based substitutions over it. For instance to make relative
links absolute or to linkify users and issue numbers in your changelog.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
6294cf26c7eaf76b97da8c1e29b86b31316fa054)
Jeffery To [Tue, 28 Feb 2023 17:55:46 +0000 (01:55 +0800)]
python-hatch-vcs: Add new host-only package
From the README:
This provides a plugin for Hatch that uses your preferred version
control system (like Git) to determine project versions.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
fb48859907be034284890e63901893c32db26b8c)
Jeffery To [Fri, 17 Feb 2023 00:49:36 +0000 (08:49 +0800)]
python-setuptools-scm: Add new host-only package
The host build replaces the use of the host pip requirements file. This
also updates the dependants of setuptools-scm to depend on the host
build.
This also removes the toml host pip requirements file as toml is not
used by any other package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
3ee4e7297cf07b644bac3dfafc508da5f31bf63d)
Javier Marcet [Fri, 16 Dec 2022 14:35:12 +0000 (15:35 +0100)]
python-jsonschema: Update to 4.17.3
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
b80213e65e1a2f40728fbb5cac178de4e2b6dd11)
Javier Marcet [Sat, 10 Sep 2022 01:36:55 +0000 (03:36 +0200)]
python-jsonschema: Update to 4.16.0
- Improve the base URI behavior when resolving a $ref to a resolution
URI which is different from the resolved schema's declared $id.
- Accessing jsonschema.draftN_format_checker is deprecated. Instead,
if you want access to the format checker itself, it is exposed as
jsonschema.validators.DraftNValidator.FORMAT_CHECKER on any
jsonschema.protocols.Validator.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
6c553c35b37a5a760b18b5fcf58e85306889ec36)
Javier Marcet [Wed, 7 Sep 2022 18:15:17 +0000 (20:15 +0200)]
python-jsonschema: Update to 4.15.0, broken since 4.6.0
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
617efbc02e52ee9cbb9955bdf19348bcf33f4a46)
Javier Marcet [Mon, 1 Aug 2022 17:02:01 +0000 (19:02 +0200)]
python-jsonschema: Update to 4.9.0
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
500cdd1243bc9e5456c84b987dc7d6982d45ca70)
Javier Marcet [Wed, 29 Jun 2022 12:17:42 +0000 (14:17 +0200)]
python-jsonschema: Update to 4.6.1
What's Changed:
- Type annotate format checker methods by @sirosen
- Fix fuzzer to include instrumentation by @DavidKorczynski
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
83de96fbb32d3feb3f740e1cd24f58511d223cf8)
Javier Marcet [Mon, 6 Jun 2022 11:29:12 +0000 (13:29 +0200)]
python-jsonschema: Update to 4.6.0
What's Changed:
- Add package_url for changelog by @fhightower
- Only validate unevaluated properties/items on applicable types by
@EpicWink
- Mark library as typed (PEP-561) by @ssbarnea
- Add v4.5.1 to changelog by @sirosen
- Modernize the packaging setup via PEP 621 and Hatch. by @Julian
New Contributors:
- @fhightower made their first contribution
- @EpicWink made their first contribution
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
f7a00eb6abd054e83bfe4d9df1951da96f737030)
Javier Marcet [Tue, 24 May 2022 16:39:32 +0000 (18:39 +0200)]
python-jsonschema: Update to 4.5.1
What's Changed:
- Extend dynamicRef keyword by @nezhar
- Add FORMAT_CHECKER attribute for Validator by @TiborVoelcker
- Remove stray double-quote by @lurch
- Ensure proper sorting of list in error message by @ssbarnea
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
f1ed3f5bc299d4c2e326b7555bed7986ad5d716c)
Jeffery To [Mon, 4 Sep 2023 21:29:19 +0000 (05:29 +0800)]
python-yaml: Update to 6.0.1
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
60315a663884b9cf76f787eca10714bfc085335e)
Jeffery To [Mon, 6 Mar 2023 14:29:15 +0000 (22:29 +0800)]
python-packages: Clean up build variables
* Rename PYTHON3_PKG_SETUP_VARS to PYTHON3_PKG_BUILD_VARS, and
PYTHON3_PKG_SETUP_DIR to PYTHON3_PKG_BUILD_PATH
The new variable names emphasize that these values apply to the new
build process.
* Remove PYTHON3_PKG_SETUP_ARGS set to the empty string
These were set to override the default arguments in the old build
process and not applicable to the new build process.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
b1b008f42ff0a6da96b801e2eaf68be4e2f2b5bb)
Jeffery To [Tue, 7 Mar 2023 05:38:07 +0000 (13:38 +0800)]
i2c-tools: Prepare for new Python build process
This sets build options and adds a call to Py3Build/Install to prepare
for the new Python build process.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
39991fec1e42c1bed0a94e4b9dc584265d07e4f5)
Javier Marcet [Sun, 2 Oct 2022 16:58:15 +0000 (18:58 +0200)]
python-stem: update to v1.8.1
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
e6cc43a7f0077019c3dd9b43cb1c2850afee155d)
Jeffery To [Sat, 25 Feb 2023 13:21:53 +0000 (21:21 +0800)]
python-cffi: Update to 1.15.1, add host build
The host build replaces the use of the host pip requirements file. This
also updates the dependants of cffi to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
aabe27a3793dab740a486611c656b56db68f95da)
Fabian Lipken [Tue, 13 Dec 2022 10:08:12 +0000 (11:08 +0100)]
python-pycares: PKG_RELEASE:=1
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
(cherry picked from commit
85a4c5978b39747ed538d0744b8990381d9dfa70)
Fabian Lipken [Mon, 12 Dec 2022 13:38:15 +0000 (14:38 +0100)]
python-pycares: bump to 4.3.0
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
(cherry picked from commit
b0afdf5991899f6a7f4df786c50982312188f540)
Javier Marcet [Fri, 16 Dec 2022 14:34:52 +0000 (15:34 +0100)]
python3-paramiko: update to version 2.12.0
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
2ee0f893e3bbc63e1d7cd98617ce9624b46c2422)
Javier Marcet [Tue, 24 May 2022 16:40:38 +0000 (18:40 +0200)]
python3-paramiko: update to version 2.11.0
2.11.0:
- [Feature] Add SSH config token expansion (eg %h, %p) when parsing
ProxyJump directives. Patch courtesy of Bruno Inec.
- [Support] (via #2011) Apply unittest skipIf to tests currently
using SHA1 in their critical path, to avoid failures on systems
starting to disable SHA1 outright in their crypto backends (eg RHEL
9). Report & patch via Paul Howarth.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch,
and to Thomas Grainger and Jun Omae for patch workshopping.
- [Support] Recent versions of Cryptography have deprecated Blowfish
algorithm support; in lieu of an easy method for users to remove it
from the list of algorithms Paramiko tries to import and use, we’ve
decided to remove it from our “preferred algorithms” list. This will
both discourage use of a weak algorithm, and avoid warnings. Credit
for report/patch goes to Mike Roest.
2.10.5:
- [Bug] Windows-native SSH agent support as merged in 2.10 could
encounter Errno 22 OSError exceptions in some scenarios (eg server
not cleanly closing a relevant named pipe). This has been worked
around and should be less problematic. Reported by Danilo Campana
Fuchs and patched by Jun Omae.
- [Bug] OpenSSH 7.7 and older has a bug preventing it from
understanding how to perform SHA2 signature verification for RSA
certificates (specifically certs - not keys), so when we added SHA2
support it broke all clients using RSA certificates with these
servers. This has been fixed in a manner similar to what OpenSSH’s
own client does: a version check is performed and the algorithm used
is downgraded if needed. Reported by Adarsh Chauhan, with fix
suggested by Jun Omae.
- [Bug] Align signature verification algorithm with OpenSSH re:
zero-padding signatures which don’t match their nominal size/length.
This shouldn’t affect most users, but will help Paramiko-implemented
SSH servers handle poorly behaved clients such as PuTTY. Thanks to
Jun Omae for catch & patch.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
117e3d6a1853088357d9ebf6fa95bd215fc4f196)
Javier Marcet [Sun, 1 May 2022 14:40:38 +0000 (16:40 +0200)]
python3-paramiko: update to version 2.10.4
- [Bug] Servers offering certificate variants of hostkey algorithms
(eg ssh-rsa-cert-v01@openssh.com) could not have their host keys
verified by Paramiko clients, as it only ever considered non-cert key
types for that part of connection handshaking. This has been fixed.
- [Bug] PKey instances’ __eq__ did not have the usual safety guard in
place to ensure they were being compared to another PKey object,
causing occasional spurious BadHostKeyException (among other things).
This has been fixed. Thanks to Shengdun Hua for the original report
/patch and to Christopher Papke for the final version of the fix.
- [Support] Update camelCase method calls against the threading
module to be snake_case; this and related tweaks should fix some
deprecation warnings under Python 3.10. Thanks to Karthikeyan
Singaravelan for the report, @Narendra-Neerukonda for the patch, and
to Thomas Grainger and Jun Omae for patch workshopping.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
b1159e876456f72798a107138dc4299c4fe578b1)
Javier Marcet [Tue, 29 Mar 2022 13:05:35 +0000 (15:05 +0200)]
python3-paramiko: update to version 2.10.3
2.10.2:
- [Bug] Fix Python 2 compatibility breakage introduced in 2.10.1.
Spotted by Christian Hammond.
2.10.3:
- [Bug] Switch from module-global to thread-local storage when
recording thread IDs for a logging helper; this should avoid one
flavor of memory leak for long-running processes. Catch & patch via
Richard Kojedzinszky.
- [Bug] Certificate-based pubkey auth was inadvertently broken when
adding SHA2 support; this has been fixed. Reported by Erik Forsberg
and fixed by Jun Omae.
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
539f9d07a1a5fc3772f15348b47f3198a2fe34b2)
Jeffery To [Mon, 20 Feb 2023 04:58:27 +0000 (12:58 +0800)]
python-docker: Add missing build dependency
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
be90d8aecd0994ebe96d5481cf793d4cbb2d077e)
Javier Marcet [Fri, 16 Dec 2022 14:35:29 +0000 (15:35 +0100)]
python-docker: Update to 6.0.1
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
360383a997baa8e076d9b50d3f7509e8b4fea6ac)
Javier Marcet [Tue, 6 Sep 2022 21:34:54 +0000 (23:34 +0200)]
python-docker: Update to 6.0.0
Signed-off-by: Javier Marcet <javier@marcet.info>
(cherry picked from commit
7b3ceb95d97c0b3dfcf9bbad453c729babb009c9)
Jeffery To [Mon, 6 Mar 2023 03:54:02 +0000 (11:54 +0800)]
python-libraries: Update build options
This updates the build options for these packages to work with the
pyproject.toml-based build process, and removes
PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
63d13aa15f847d35d7f7473e1595de6c9d53f655)
Alexandru Ardelean [Mon, 3 Apr 2023 07:04:04 +0000 (10:04 +0300)]
pillow: bump to version 9.5.0
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
0b0232ed66e81e5db521461544b1f22763611d27)
Alexandru Ardelean [Sat, 21 Jan 2023 19:37:59 +0000 (20:37 +0100)]
pillow: bump to version 9.4.0
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
acc96ee984eca8e380b1e0d92d73c1c0ad205768)
Alexandru Ardelean [Sun, 30 Oct 2022 17:32:00 +0000 (19:32 +0200)]
pillow: bump to version 9.3.0
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
b8e20215a2fe6e0d4c652fc86e5edbc5fbf057b6)
Alexandru Ardelean [Sat, 4 Feb 2023 15:22:31 +0000 (17:22 +0200)]
python-evdev: bump to version 1.6.1
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
23b09de42d86492bb44c6472f2b0f4c1385449e8)
Alexandru Ardelean [Fri, 12 Aug 2022 13:47:19 +0000 (16:47 +0300)]
python-evdev: bump to 1.6.0
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
f5f282f0bbca406c09b70041049015d8bb4008bc)
Alexandru Ardelean [Mon, 28 Mar 2022 06:53:34 +0000 (09:53 +0300)]
python-evdev: bump to version 1.5.0
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
306af23e08feadd72e78c7224cc349cec08118c4)
Waldemar Konik [Tue, 20 Dec 2022 15:44:15 +0000 (16:44 +0100)]
python-curl: update to version 7.45.2
PycURL changeLog:
-----------------------------------------------------------------
PycURL 7.45.2 - 2022-12-16
-----------------------------------------------------------------
This release fixes several minor issues and adds support for several libcurl options.
-----------------------------------------------------------------
PycURL 7.45.1 - 2022-03-13
-----------------------------------------------------------------
This release fixes build when libcurl < 7.64.1 is used.
-----------------------------------------------------------------
PycURL 7.45.0 - 2022-03-09
-----------------------------------------------------------------
This release adds support for SecureTransport SSL backend (MacOS), adds ability to unset a number of multi options, adds ability to duplicate easy handles and permits pycurl classes to be subclassed.
-----------------------------------------------------------------
PycURL 7.44.1 - 2021-08-15
-----------------------------------------------------------------
This release repairs incorrect Python thread initialization logic which caused operations to hang.
-----------------------------------------------------------------
Signed-off-by: Waldemar Konik <informatyk74@interia.pl>
Compile tested: x86_64
(cherry picked from commit
da564ae8cca1d481a991aa28d062a17ca81a4b97)
Jeffery To [Mon, 6 Mar 2023 03:46:09 +0000 (11:46 +0800)]
python-libraries: Force old build process
These packages will need adjustments to work with pyproject.toml-based
builds, so set PYTHON3_PKG_FORCE_DISTUTILS_SETUP:=1 to force the old
build process (when pyproject.toml-based builds are in place) for now.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
e6ae9e29d59001a8c31781c1e2c32261f34c05be)
Jeffery To [Tue, 3 Oct 2023 14:59:58 +0000 (22:59 +0800)]
python-packaging: Update to 23.2
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
78bcdd0fd1291a1a02e0d73e43c28e04f36d507d)
Jeffery To [Wed, 17 May 2023 09:51:11 +0000 (17:51 +0800)]
python-packaging: Update to 23.1
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
16779c2d6eb3ac456a29ee93bd01764e93b243c0)
Jeffery To [Sat, 18 Feb 2023 10:19:59 +0000 (18:19 +0800)]
python-packaging: Remove BROKEN
With proper support of pyproject.toml-based builds in place, this
package will now build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
84d9831dcb794bffaa1f12cdb4cd39426c9ecd0e)
Jeffery To [Thu, 3 Aug 2023 16:07:14 +0000 (00:07 +0800)]
python-flask-seasurf: Update to 1.1.1
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
68c434dd6a92917351ffd9d39c7dfed1b64f51ef)
Jeffery To [Tue, 29 Aug 2023 03:46:35 +0000 (11:46 +0800)]
python-urllib3: Update to 2.0.4
The package changed to the hatchling build backend.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
1b2811920a5c6b02963a449bed51fb7b92d01fcc)
Jeffery To [Wed, 28 Jun 2023 17:54:50 +0000 (01:54 +0800)]
python-markupsafe: Update to 2.1.3, add host build
The host build will be used for mako (to be added later).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
ff51716aaae66c3e307b07f019f17aee3e455d03)
Jeffery To [Mon, 29 May 2023 11:59:38 +0000 (19:59 +0800)]
MarkupSafe: Update to 2.1.2, rename source package
This renames the source package from MarkupSafe to python-markupsafe to
match other Python packages.
This also updates the package title and description.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
5602cc85d393bef68bc7104529aee12937dbe4c0)
Daniel Golle [Tue, 20 Dec 2022 23:20:06 +0000 (23:20 +0000)]
MarkupSafe: update to version 2.1.1
Version 2.1.1
Released 2022-03-14
Avoid ambiguous regex matches in striptags. pallets/markupsafe#293
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
6957a4275afb3ec8c08dbed3146b42be67984933)
Alexandru Ardelean [Mon, 3 Apr 2023 07:05:10 +0000 (10:05 +0300)]
python-pytz: bump to version 2023.3
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
c59cbd13f343009513e36f302eb157b54dd5e034)
Alexandru Ardelean [Sat, 21 Jan 2023 19:39:22 +0000 (20:39 +0100)]
python-pytz: bump to version 2022.7.1
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
5257477a02385a304b7355fbeccae19d9179a413)
Jeffery To [Sat, 25 Feb 2023 11:55:59 +0000 (19:55 +0800)]
python-ply: Add host build
The host build replaces the use of the host pip requirements file. This
also updates the dependants of ply to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
790beee4305f735e72bd0315fc0f2d428ec6b82b)
Jeffery To [Tue, 28 Feb 2023 07:05:07 +0000 (15:05 +0800)]
python-pyproject-hooks: Add new host-only package
From the README:
This is a low-level library for calling build-backends in
pyproject.toml-based project. It provides the basic functionality to
help write tooling that generates distribution files from Python
projects.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
f6d68782d99c6f1ddb1472e4eedc902e947de2f3)
Jeffery To [Tue, 28 Feb 2023 07:50:07 +0000 (15:50 +0800)]
python-build: Add new host-only package
From the documentation:
A simple, correct PEP 517 build frontend.
build will invoke the PEP 517 hooks to build a distribution package. It
is a simple build tool and does not perform any dependency management.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
34fb0202f9abeb77691b18279b75640a015e871f)
Jeffery To [Mon, 27 Feb 2023 14:15:30 +0000 (22:15 +0800)]
python-installer: Add host-only package
From the README:
This is a low-level library for installing a Python package from a wheel
distribution. It provides basic functionality and abstractions for
handling wheels and installing packages from wheels.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
37caea7c93bbdbf3ce1d44cdc762b1d920a59e57)
Jeffery To [Sat, 25 Feb 2023 11:49:25 +0000 (19:49 +0800)]
python-cython: Add new host-only package
The host build replaces the use of the host pip requirements file. This
also updates the dependants of Cython to depend on the host build.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
dcf551fbcf49146186302f7267fecfacebeede53)
Jeffery To [Tue, 28 Feb 2023 08:19:23 +0000 (16:19 +0800)]
python-wheel: Add new host-only package
From the README:
This library is the reference implementation of the Python wheel
packaging standard, as defined in PEP 427.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
afd6f8e44524a4452927c702ab272f7248b5bb17)
Jeffery To [Mon, 27 Feb 2023 12:20:15 +0000 (20:20 +0800)]
python-flit-core: Add host-only package
From the README:
This provides a PEP 517 build backend for packages using Flit. The only
public interface is the API specified by PEP 517, at flit_core.buildapi.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
2f37a616afe3f537aa23f8953ed55fc9e5f5fa25)
Jeffery To [Tue, 28 Feb 2023 06:36:12 +0000 (14:36 +0800)]
python-packaging: Update to 23.0, add host build
This also adds myself as maintainer, and marks the target package as
BROKEN (for now) as the update requires proper support for
pyproject.toml-based builds.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
e9dd1a1dfc0dc924a1e9d7ea448ca27591574557)
Jeffery To [Mon, 20 Feb 2023 11:10:39 +0000 (19:10 +0800)]
python: Better host pip options
pip by default will read system-wide and per-user configuration
files[1]. Setting PIP_CONFIG_FILE=/dev/null instructs pip to not read
any config files[2].
pip will spawn child processes of itself to do work, but not all options
are passed down to the child processes[3]. Setting global options as
environment variables[4] ensures they are passed down to any child
processes.
[1]: https://pip.pypa.io/en/stable/topics/configuration/#configuration-files
[2]: https://pip.pypa.io/en/stable/topics/configuration/#pip-config-file
[3]: https://github.com/pypa/pip/issues/9081#issue-
733819665
[4]: https://pip.pypa.io/en/stable/topics/configuration/#environment-variables
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
8c2abb74031e2403dde83536a8e7f13c63cdd4ab)
Jeffery To [Sat, 25 Feb 2023 11:42:39 +0000 (19:42 +0800)]
python: Add pyproject.toml-based builds for host Python packages
Using pip to install host packages with pyproject.toml-based (PEP 517)
builds is problematic:
* If build isolation is used, pip will create an isolated build
environment, install any build dependencies for the requested package,
then build the requested package.
It does not appear currently possible to have pip install the build
dependencies with hash-checking mode enabled[1].
* If build isolation is not used, any build dependencies must be
installed in the build environment before invoking pip to build the
requested package[2].
This would require creating a package dependency resolution system to
install build dependencies, and any dependencies of dependencies, in
the correct order.
* It is very difficult to patch the packages installed by pip.
This adds a new include file (python3-host-build.mk) with recipes to
install host Python packages with pyproject.toml-based builds. This is
backwards-compatible with packages that require running setup.py.
Besides addressing the above issues (the OpenWrt build system already
resolves dependencies between packages, checks all source downloads
against known hashes, and supports patching packages), host packages
also:
* Capture package licensing and maintainer information
* Enable uscan checking for package updates/CVEs
* Are a known concept for OpenWrt packagers/developers
The existing functionality of using host pip to install packages will
remain for now, but should be considered deprecated and expected to be
removed in the future.
This also updates Py3Build/CheckHostPipVersionMatch for the case where
the host-pip-requirements directory does not exist or is empty.
[1]: https://pip.pypa.io/en/stable/user_guide/#changes-to-the-pip-dependency-resolver-in-20-3-2020
[2]: https://pip.pypa.io/en/stable/cli/pip_install/#cmdoption-no-build-isolation
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
fe78c07a316b1722b8d35b63772a7067dfd87c5e)
Alexandru Ardelean [Mon, 15 Nov 2021 07:26:29 +0000 (09:26 +0200)]
python-build: add support for pyproject.toml files
A new PEP 517 (https://www.python.org/dev/peps/pep-0517/) has defined that
Python packages can be shipped without any `setup.py` file, and that a
`pyproject.toml` file is sufficient.
A `setup.py` shim layer is suggested as a method for running the build.
For these cases, we will add a support in the OpenWrt build-system to
provide the default `setup.py` shim layer in case this file does not exist,
but there is a `pyproject.toml` file.
We also seem to need to tweak the shim layer with the PKG_VERSION,
otherwise the detected version is 0.0.0.
We will need to see if this will be fixed later in setuptools{-scm}.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
61f202c0170785addbbc449e4de61cc5886f0833)
Jeffery To [Thu, 2 Mar 2023 15:35:00 +0000 (23:35 +0800)]
python: Unset Python environment variables
This will prevent the user's environment variables from affecting host
Python, removing the need to manually override these variables.
It is also not necessary to set PYTHONPATH (when not working on target
Python packages) because the given directories are already included in
Python's search path by default.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
6ef46bb9194b5d3f5fc17471d8869bcae729d215)
Jeffery To [Mon, 29 May 2023 12:13:37 +0000 (20:13 +0800)]
Werkzeug: Update to 2.3.4, rename source package
This renames the source package from Werkzeug to python-werkzeug to
match other Python packages.
This also updates the package title, description, and list of
dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
574d43fca627bdaee03f43a1be10ba35dd9dd26d)
Daniel Golle [Tue, 20 Dec 2022 23:20:59 +0000 (23:20 +0000)]
Werkzeug: update to version 2.2.2
Version 2.2.2
Released 2022-08-08
Fix router to restore the 2.1 strict_slashes == False behaviour
whereby leaf-requests match branch rules and vice versa.
pallets/werkzeug#2489
Fix router to identify invalid rules rather than hang parsing them,
and to correctly parse / within converter arguments.
pallets/werkzeug#2489
Update subpackage imports in werkzeug.routing to use the import as
syntax for explicitly re-exporting public attributes.
pallets/werkzeug#2493
Parsing of some invalid header characters is more robust.
pallets/werkzeug#2494
When starting the development server, a warning not to use it in a
production deployment is always shown. pallets/werkzeug#2480
LocalProxy.__wrapped__ is always set to the wrapped object when the
proxy is unbound, fixing an issue in doctest that would cause it to
fail. pallets/werkzeug#2485
Address one ResourceWarning related to the socket used by run_simple.
pallets/werkzeug#2421
Version 2.2.1
Released 2022-07-27
Fix router so that /path/ will match a rule /path if strict slashes
mode is disabled for the rule. pallets/werkzeug#2467
Fix router so that partial part matches are not allowed i.e. /2df
does not match /<int>. pallets/werkzeug#2470
Fix router static part weighting, so that simpler routes are matched
before more complex ones. pallets/werkzeug#2471
Restore ValidationError to be importable from werkzeug.routing.
pallets/werkzeug#2465
Version 2.2.0
Released 2022-07-23
Deprecated get_script_name, get_query_string, peek_path_info,
pop_path_info, and extract_path_info. pallets/werkzeug#2461
Remove previously deprecated code. pallets/werkzeug#2461
Add MarkupSafe as a dependency and use it to escape values when
rendering HTML. pallets/werkzeug#2419
Added the werkzeug.debug.preserve_context mechanism for restoring
context-local data for a request when running code in the debug
console. pallets/werkzeug#2439
Fix compatibility with Python 3.11 by ensuring that end_lineno and
end_col_offset are present on AST nodes. pallets/werkzeug#2425
Add a new faster matching router based on a state machine.
pallets/werkzeug#2433
Fix branch leaf path masking branch paths when strict-slashes is
disabled. pallets/werkzeug#1074
Names within options headers are always converted to lowercase. This
matches RFC 6266 that the case is not relevant. pallets/werkzeug#2442
AnyConverter validates the value passed for it when building URLs.
pallets/werkzeug#2388
The debugger shows enhanced error locations in tracebacks in Python
3.11. pallets/werkzeug#2407
Added Sans-IO is_resource_modified and parse_cookie functions based
on WSGI versions. pallets/werkzeug#2408
Added Sans-IO get_content_length function. pallets/werkzeug#2415
Don’t assume a mimetype for test responses. pallets/werkzeug#2450
Type checking FileStorage accepts os.PathLike. pallets/werkzeug#2418
Version 2.1.2
Released 2022-04-28
The development server does not set Transfer-Encoding: chunked for
1xx, 204, 304, and HEAD responses. pallets/werkzeug#2375
Response HTML for exceptions and redirects starts with <!doctype
html> and <html lang=en>. pallets/werkzeug#2390
Fix ability to set some cache_control attributes to False.
pallets/werkzeug#2379
Disable keep-alive connections in the development server, which are
not supported sufficiently by Python’s http.server.
pallets/werkzeug#2397
Version 2.1.1
Released 2022-04-01
ResponseCacheControl.s_maxage converts its value to an int, like
max_age. pallets/werkzeug#2364
Version 2.1.0
Released 2022-03-28
Drop support for Python 3.6. pallets/werkzeug#2277
Using gevent or eventlet requires greenlet>=1.0 or PyPy>=7.3.7.
werkzeug.locals and contextvars will not work correctly with older
versions. pallets/werkzeug#2278
Remove previously deprecated code. pallets/werkzeug#2276
Remove the non-standard shutdown function from the WSGI environ
when running the development server. See the docs for alternatives.
Request and response mixins have all been merged into the Request
and Response classes.
The user agent parser and the useragents module is removed. The
user_agent module provides an interface that can be subclassed to
add a parser, such as ua-parser. By default it only stores the
whole string.
The test client returns TestResponse instances and can no longer be
treated as a tuple. All data is available as properties on the
response.
Remove locals.get_ident and related thread-local code from locals,
it no longer makes sense when moving to a contextvars-based
implementation.
Remove the python -m werkzeug.serving CLI.
The has_key method on some mapping datastructures; use key in data
instead.
Request.disable_data_descriptor is removed, pass shallow=True
instead.
Remove the no_etag parameter from Response.freeze().
Remove the HTTPException.wrap class method.
Remove the cookie_date function. Use http_date instead.
Remove the pbkdf2_hex, pbkdf2_bin, and safe_str_cmp functions. Use
equivalents in hashlib and hmac modules instead.
Remove the Href class.
Remove the HTMLBuilder class.
Remove the invalidate_cached_property function. Use del obj.attr
instead.
Remove bind_arguments and validate_arguments. Use Signature.bind()
and inspect.signature() instead.
Remove detect_utf_encoding, it’s built-in to json.loads.
Remove format_string, use string.Template instead.
Remove escape and unescape. Use MarkupSafe instead.
The multiple parameter of parse_options_header is deprecated.
pallets/werkzeug#2357
Rely on PEP 538 and PEP 540 to handle decoding file names with the
correct filesystem encoding. The filesystem module is removed.
pallets/werkzeug#1760
Default values passed to Headers are validated the same way values
added later are. pallets/werkzeug#1608
Setting CacheControl int properties, such as max_age, will convert
the value to an int. pallets/werkzeug#2230
Always use socket.fromfd when restarting the dev server.
pallets/werkzeug#2287
When passing a dict of URL values to Map.build, list values do not
filter out None or collapse to a single value. Passing a MultiDict
does collapse single items. This undoes a previous change that made
it difficult to pass a list, or None values in a list, to custom URL
converters. pallets/werkzeug#2249
run_simple shows instructions for dealing with “address already in
use” errors, including extra instructions for macOS.
pallets/werkzeug#2321
Extend list of characters considered always safe in URLs based on RFC
3986. pallets/werkzeug#2319
Optimize the stat reloader to avoid watching unnecessary files in
more cases. The watchdog reloader is still recommended for
performance and accuracy. pallets/werkzeug#2141
The development server uses Transfer-Encoding: chunked for streaming
responses when it is configured for HTTP/1.1. pallets/werkzeug#2090,
pallets/werkzeug#1327, pallets/werkzeug#2091
The development server uses HTTP/1.1, which enables keep-alive
connections and chunked streaming responses, when threaded or
processes is enabled. pallets/werkzeug#2323
cached_property works for classes with __slots__ if a corresponding
_cache_{name} slot is added. pallets/werkzeug#2332
Refactor the debugger traceback formatter to use Python’s built-in
traceback module as much as possible. pallets/werkzeug#1753
The TestResponse.text property is a shortcut for
r.get_data(as_text=True), for convenient testing against text instead
of bytes. pallets/werkzeug#2337
safe_join ensures that the path remains relative if the trusted
directory is the empty string. pallets/werkzeug#2349
Percent-encoded newlines (%0a), which are decoded by WSGI servers,
are considered when routing instead of terminating the match early.
pallets/werkzeug#2350
The test client doesn’t set duplicate headers for CONTENT_LENGTH and
CONTENT_TYPE. pallets/werkzeug#2348
append_slash_redirect handles PATH_INFO with internal slashes.
pallets/werkzeug#1972, pallets/werkzeug#2338
The default status code for append_slash_redirect is 308 instead of
301. This preserves the request body, and matches a previous change
to strict_slashes in routing. pallets/werkzeug#2351
Fix ValueError: I/O operation on closed file. with the test client
when following more than one redirect. pallets/werkzeug#2353
Response.autocorrect_location_header is disabled by default. The
Location header URL will remain relative, and exclude the scheme and
domain, by default. pallets/werkzeug#2352
Request.get_json() will raise a 400 BadRequest error if the
Content-Type header is not application/json. This makes a very common
source of confusion more visible. pallets/werkzeug#2339
Version 2.0.3
Released 2022-02-07
ProxyFix supports IPv6 addresses. pallets/werkzeug#2262
Type annotation for Response.make_conditional,
HTTPException.get_response, and Map.bind_to_environ accepts Request
in addition to WSGIEnvironment for the first parameter.
pallets/werkzeug#2290
Fix type annotation for Request.user_agent_class.
pallets/werkzeug#2273
Accessing LocalProxy.__class__ and __doc__ on an unbound proxy
returns the fallback value instead of a method object.
pallets/werkzeug#2188
Redirects with the test client set RAW_URI and REQUEST_URI correctly.
pallets/werkzeug#2151
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
d99b5473e512ced7097c44c0d60ed6a784284bb2)
Jeffery To [Mon, 29 May 2023 11:39:45 +0000 (19:39 +0800)]
Jinja2: Update to 3.1.2, rename source package
This renames the source package from Jinja2 to python-jinja2 to match
other Python packages.
This also updates the package license files, title, and list of
dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
572387f0cb41f21c72a33533280a58723b7ed570)
Šimon Bořek [Wed, 1 Feb 2023 19:06:49 +0000 (20:06 +0100)]
Jinja2: get rid of deprecated AUTORELEASE
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
b4c6c4e7c1af92444765185be5f342a876bc779b)
Jeffery To [Sun, 16 Jul 2023 08:29:41 +0000 (16:29 +0800)]
python-babel: Update to 2.12.1, add host build
Also updated dependencies for the new version.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
0174cea69757589be50b9dd774394ce18cf61dae)
Jeffery To [Thu, 3 Aug 2023 15:57:40 +0000 (23:57 +0800)]
python-flask-babel: Update to 3.1.0
The package changed to the poetry-core build backend.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
c579a4ab0e71b6112a593969ffb900faa46af7e5)
Michal Hrusecky [Tue, 10 Oct 2023 13:52:19 +0000 (15:52 +0200)]
mariadb: Update to version 10.6.15
For list of changes, see:
* https://mariadb.com/kb/en/mariadb-10-6-15-release-notes/
* https://mariadb.com/kb/en/mariadb-10-6-14-release-notes/
* https://mariadb.com/kb/en/mariadb-10-6-13-release-notes/
* https://mariadb.com/kb/en/mariadb-10-6-12-release-notes/
* https://mariadb.com/kb/en/mariadb-10-6-11-release-notes/
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Michal Hrusecky [Wed, 11 Oct 2023 06:18:45 +0000 (08:18 +0200)]
curl: Update to version 8.4.0
For detailed changes, see https://curl.se/changes.html#8_4_0
Switching to tar.bz2 for the time being as tar.xz is not yet available.
Fixes CVE-2023-38546 and CVE-2023-38545.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from
d353218c320073bf6c2b48f4b9eeab5d4aeeed1c)
Olivier Poitrey [Sat, 7 Oct 2023 01:30:25 +0000 (01:30 +0000)]
nextdns: Update to version 1.41.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Christian Marangi [Sat, 30 Sep 2023 14:09:18 +0000 (16:09 +0200)]
net-snmp: move to PCRE2 library
Add upstream patch adding support for pcre2 and update dependency to
require libpcre2 instead of libpcre.
--with-pcre2-8 is now needed to exclude support for pcre and only
require pcre2 as net-snmp still use and try to use pcre by default.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
daf29ecbb2e17adce7ba9c25759b60c9afff9c01)
Florian Eckert [Wed, 19 Oct 2022 08:40:18 +0000 (10:40 +0200)]
net-snmp: rename stop_service to service_stopped
The commands in the function 'stop_service' do not stop the service.
Rather, they are commands that are to be executed when the service has
already been stopped. By renaming the function, the commands are now
executed after the service has been stopped.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
9b67f7d1340abe08e6a0c2c80fb32572577a1441)
Florian Eckert [Wed, 19 Oct 2022 09:00:36 +0000 (11:00 +0200)]
net-snmp: fix whitespaces
Replace spaces with tabs
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
d6edd837f5d8ae18f53b474910358fad2930aa32)
Luiz Angelo Daros de Luca [Sat, 7 Oct 2023 03:00:07 +0000 (00:00 -0300)]
libvpx: update to 1.13.1
v1.13.0
This release includes more Neon and AVX2 optimizations, adds a new codec
control to set per frame QP, upgrades GoogleTest to v1.12.1, and includes
numerous bug fixes.
v1.13.1
This release contains two security related fixes. One each for VP8 and VP9.
- https://crbug.com/
1486441 (CVE-2023-5217)
- Fix bug with smaller width bigger size (CVE-2023-44488)
Fixes #22318
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
36566a99af9074334eee3293a6d5a0aa7f4e8246)
Rosen Penev [Sat, 5 Nov 2022 04:30:29 +0000 (21:30 -0700)]
libvpx: update to 1.12.0
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d4410f7750aa3201cf438f61566c90e1d1047f0e)
Daniel Golle [Fri, 6 Oct 2023 21:38:23 +0000 (23:38 +0200)]
exim: update to version 4.96.1
This is a security release.
JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
could be triggered by externally-supplied input. Found by Trend Micro.
CVE-2023-42115
JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
7c8f4a2a1c2e883ae3ebd62aab96bb45e31b4d55)
Eneas U de Queiroz [Wed, 4 Oct 2023 19:19:07 +0000 (16:19 -0300)]
python3: avoid unnecessary rebuilds
Move the order in which BuildPackage is called, so that the libpython
package is built ahead of the module packages, to avoid forcing a
clean-build of the package when 'make package/python3/compile' is called
a second time without changes.
The library must be built first, so that when the buildsystem checks for
ABI version changes using libpython3.version, its timestamp should be
older than the dependent package's STAMP_PREPARED file.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
c230d7bd7f8a794032d2414588f1cdfc1a5ec74e)
S. Brusch [Mon, 2 Oct 2023 15:30:48 +0000 (17:30 +0200)]
crowdsec-firewall-bouncer: new upstream release version 0.0.28
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0-rc3
Description: Update crowdsec-firewall-bouncer to latest upstream release version 0.0.28
(cherry picked from commit
401d2428ac24abcd90dcaa7bf5bc32ef33e6769b)
Christian Marangi [Wed, 27 Sep 2023 17:10:39 +0000 (19:10 +0200)]
atftp: move to PCRE2
Move atftp to PCRE2 as PCRE is flagged as EOL and won't receive security
updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
f81a1a1212c17f460721fe6f4d4497e66ee418c6)
Christian Marangi [Wed, 27 Sep 2023 17:09:56 +0000 (19:09 +0200)]
atftp: bump to release 0.8.0
Bump to release 0.8.0. Autorecong is now needed to correctly compile the
package.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
364fe00b17ddfeb9f2bdf16298eda84866d58d27)
Jan Kratochvil [Tue, 3 Oct 2023 04:46:43 +0000 (12:46 +0800)]
ffmpeg: Add avi muxer
Otherwise one cannot produce *.avi containers needed for some H.264
camera codecs.
Signed-off-by: Jan Kratochvil <jan@jankratochvil.net>
(cherry picked from commit
62f01d7b36ca621f3b9e2e01c78a64e897dbf4e8)
Josef Schlehofer [Sun, 17 Sep 2023 11:06:48 +0000 (13:06 +0200)]
btrfs-progs: update to version 6.5.1
Release notes:
https://github.com/kdave/btrfs-progs/releases/tag/v6.5.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
16e484cad1d2e9686916c0cfcafd54cf3777378f)
(cherry picked from commit
c6656a6289d1335a229e4ddf11efbd0a1350b5f7)
Tianling Shen [Wed, 17 May 2023 05:33:38 +0000 (13:33 +0800)]
btrfs-progs: Update to 6.3
Fixed build issue with musl 1.2.4.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c2b8dbd08586d7fa225d8164c9a29e3d2aae1186)
Tianling Shen [Wed, 4 Oct 2023 02:31:50 +0000 (10:31 +0800)]
wget: Update to 1.21.4
Removed upstreamed patches and unneeded autoreconf.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
54593c0ba9a52ca72c69a1041b11bc9ef558db77)
Josef Schlehofer [Wed, 4 Oct 2023 10:26:54 +0000 (12:26 +0200)]
syslog-ng: update to version 4.4.0
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.4.0
- Bump version in config file
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
4dd49d7c3cd571107958154f1ed1ec8d8dba7464)
Josef Schlehofer [Fri, 29 Sep 2023 15:40:29 +0000 (17:40 +0200)]
prometheus-node-exporter-lua: drop bmx6 package
In the OpenWrt routing feed, package bmx6 and luci-app-bmx6 were removed because the LuCI app was vulnerable to several CVEs, as found by dependabot. It has been reporting it for a few months and has even created an issue. These two packages are not maintained in OpenWrt as well in upstream.
Users should switch to the bmx7 package.
Fixes: 9fb9d9343ea27d6dbb5008ece10c0c843dd2c781 ("bmx6: drop package") in the routing feed
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
9c2bf859005ada11c17835f74826b356cdb0fb7b)
Daniel Golle [Sun, 1 Oct 2023 17:28:53 +0000 (18:28 +0100)]
exim: apply hotfix for some ZDI reported vulnerabilities
Apply preliminary hotfix for some (three?) of the 0-day
vulnerabilities reported by ZDI.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
db85d9ead6c3258757e199ad1fbd5bd20c9aac5f)
Christian Marangi [Wed, 27 Sep 2023 14:27:44 +0000 (16:27 +0200)]
apache: bump to release 2.4.57
Bump apache to release 2.4.57 and refresh patch automatically.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
86f9af41c1cb8670e56be5d0fec8b64daf7c7499)
Christian Marangi [Wed, 27 Sep 2023 14:28:14 +0000 (16:28 +0200)]
apache: move to PCRE2
Move apache to PCRE2 now that PCRE is flagged EOL and won't receive any
security update.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
d14fe0c51c0be8d66772b83a165c7fb3c4850af0)
Noah Meyerhans [Wed, 27 Sep 2023 17:42:59 +0000 (10:42 -0700)]
bind: bump to 9.18.19
Fixes CVEs:
CVE-2023-3341 - Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out of available
stack memory, causing named to terminate unexpectedly.
CVE-2023-4236 - A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit
835b1051511b592d69bc0b8a7d5d993337f890da)
Matthias Schiffer [Sat, 23 Sep 2023 16:10:30 +0000 (18:10 +0200)]
openvswitch: disable groff manpage check
The openvswitch build trips over a number of warnings during the
manpage-check step if groff 1.23 is installed on the build host,
resulting in a failed build.
As this check is optional, and we don't even install the manpages, simply
override the groff configure check to never detect groff.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
db34f33cc712ef2c6c4ca2f7ace1f428e83f316c)
Matthias Schiffer [Tue, 26 Sep 2023 18:14:57 +0000 (20:14 +0200)]
tunneldigger: set PKG_SOURCE_DATE
opkg requires monotonically increasing version numbers to know which
version of a package is newer. As git commit IDs do not satisfy this
condition, PKG_SOURCE_DATE must be set to the date of the referenced
commit, resulting in the complete version number '2021-03-08-
4f72b305-1'.
As the source date also becomes part of the paths inside the download
archive, the source hash must be updated as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
0a3e5dd122abb92f215369eeb0a957114b61746f)
Matthias Schiffer [Tue, 26 Sep 2023 16:58:11 +0000 (18:58 +0200)]
tunneldigger: add group option to UCI config
The group can be used for policy routing and similar purposes.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
21dd77f6c48f5c59beee5dccc4aee9a2afa3e137)
Salem Huang [Sun, 25 Jun 2023 16:43:29 +0000 (00:43 +0800)]
netbird: update to 0.21.7
1. Release notes:
https://github.com/netbirdio/netbird/releases/tag/v0.21.2
https://github.com/netbirdio/netbird/releases/tag/v0.21.3
https://github.com/netbirdio/netbird/releases/tag/v0.21.4
https://github.com/netbirdio/netbird/releases/tag/v0.21.5
https://github.com/netbirdio/netbird/releases/tag/v0.21.6
https://github.com/netbirdio/netbird/releases/tag/v0.21.7
2. Update GO_PKG_LDFLAGS, because of https://github.com/netbirdio/netbird/commit/
292ee260ad564d1e65199b1cb3430b0cd7ba9646
3. Define the configuration file.
Signed-off-by: Salem Huang <solohoh@hotmail.com>
(cherry picked from commit
35b668b6ca432425e3b10b080f43344c15903380)
Oskari Rauta [Sun, 11 Jun 2023 09:44:54 +0000 (12:44 +0300)]
netbird: update to 0.21.1
Release notes: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
9bc2733f31fb9ef083d7b2ed8235ffef9dbc3b21)
Oskari Rauta [Sun, 26 Mar 2023 17:10:55 +0000 (20:10 +0300)]
netbird: update to 0.14.5
Release Notes
Management
- Introduce a new ACL engine based on Rego (Open Policy Agent) for firewall control
- Personal access tokens generation as a first iteration toward public API release
- Add Keycloak support as an IDP manager
Agent
- Introduce a Firewall interface to apply granular access control (e.g., connection direction, port, or protocol level)
- Make the agent run on Android (mobile support)
Changelog
- Feat rego default policy
- Don't drop Rules from file storage after migration to Policies
- Add version info command to signal server
- Feat firewall controller interface
- Adding Personal Access Token generation
- Exchange proxy mode via signal
- Fix connstate indication
- Mobile
- PAT persistence
- Add Keycloak Idp Manager
- Adjustments for the change server flow
- Disable peer expiration of peers added with setup keys
- Add JWT middleware validation failure log
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
12f8ebc4b1adf63989c366c36509b54da59ba426)
Oskari Rauta [Mon, 20 Mar 2023 17:34:08 +0000 (19:34 +0200)]
netbird: update to 0.14.4
Bug fixes & refactor
Fix: send remote agents updates when peer re-authenticates
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
ab573bdb4d7b30d5dc46e70941cb025800d4cabd)
Oskari Rauta [Sun, 12 Mar 2023 23:16:25 +0000 (01:16 +0200)]
netbird: update to 0.14.3
Bug fixes & refactor
Release notes:
- Fix: send remote agents updates when peer re-authenticates
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
f9e3af87f516b285daffc01636083f2db369c27b)
Oskari Rauta [Mon, 6 Mar 2023 10:56:34 +0000 (10:56 +0000)]
netbird: update to 0.14.2
Update from 0.12.0 -> 0.14.2
Release notes: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
58fcaf8fc4d56c929a43be14fcd5c10d349502ec)
Oskari Rauta [Thu, 2 Feb 2023 13:06:08 +0000 (13:06 +0000)]
netbird: new package
Netbird is similar vpn service as tailscale and zerotier.
Description:
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
a4d8d2459aa4fc0de453b23c34355311366f8d3b)
S. Brusch [Tue, 19 Sep 2023 12:51:45 +0000 (14:51 +0200)]
crowdsec: new upstream release version 1.5.4
Update crowdsec to latest upstream release version 1.5.4
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Build tested: package build checked, no run test due to limited space
Description: update to latest version of upstream
(cherry picked from commit
7528bf76821eb9234d4665752371c85496ca5b89)
Dengfeng Liu [Fri, 22 Sep 2023 02:00:21 +0000 (02:00 +0000)]
apfree-wifidog: Update to v6.08.1950
Fixed some memory leak bug
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
5b3e517be4a1d2674fc12ea81a60ba885423758a)