* [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python
@ 2018-04-04 15:51 Peter Korsgaard
2018-04-04 15:51 ` [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39 Peter Korsgaard
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Peter Korsgaard @ 2018-04-04 15:51 UTC (permalink / raw)
To: buildroot
webpy uses hashlib for session handling, so ensure it is available:
web/session.py: import hashlib
web/session.py: sha1 = hashlib.sha1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python-webpy/Config.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/python-webpy/Config.in b/package/python-webpy/Config.in
index 12dbe61723..5f4df7832b 100644
--- a/package/python-webpy/Config.in
+++ b/package/python-webpy/Config.in
@@ -1,6 +1,7 @@
config BR2_PACKAGE_PYTHON_WEBPY
bool "python-webpy"
depends on BR2_PACKAGE_PYTHON
+ select BR2_PACKAGE_PYTHON_HASHLIB
help
web.py is a web framework for Python that is as simple as it
is powerful.
--
2.11.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39
2018-04-04 15:51 [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Peter Korsgaard
@ 2018-04-04 15:51 ` Peter Korsgaard
2018-04-08 19:42 ` Peter Korsgaard
2018-04-11 15:47 ` Peter Korsgaard
2018-04-04 20:55 ` [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Thomas Petazzoni
` (3 subsequent siblings)
4 siblings, 2 replies; 9+ messages in thread
From: Peter Korsgaard @ 2018-04-04 15:51 UTC (permalink / raw)
To: buildroot
From the changelog:
2018-02-28 0.39
* Fixed a security issue with the form module (tx Orange Tsai)
* Fixed a security issue with the db module (tx Adri?n Brav and Orange Tsai)
2016-07-08 0.38
..
* Fixed a potential remote exeution risk in `reparam` (tx Adri?n Brav)
License files are still not included on pypi, so continue to use the git
repo. Upstream has unfortunately not tagged 0.39, so use the latest commit
on the 0.39 branch. A request to fix this has been submitted:
https://github.com/webpy/webpy/issues/449
0.39 now uses setuptools, so change the _SETUP_TYPE.
Add hashes for the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python-webpy/python-webpy.hash | 4 +++-
package/python-webpy/python-webpy.mk | 5 +++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/package/python-webpy/python-webpy.hash b/package/python-webpy/python-webpy.hash
index 0e0a8d0fb8..30a14f4705 100644
--- a/package/python-webpy/python-webpy.hash
+++ b/package/python-webpy/python-webpy.hash
@@ -1,2 +1,4 @@
# Locally computed
-sha256 c3cb8930739294103b1ad109e5fd1d0efae67c06d5b6d59fce5b5a2ee6b21624 python-webpy-webpy-0.37.tar.gz
+sha256 e17ac483846fb15629c76c43cf64c0b65eac3c870dca2251801b459b1e4e12b8 python-webpy-6df75fe581e0e838d28334d5c53f52421560d38b.tar.gz
+sha256 3826fd531a9b904841f5e3560fcda7e93f2ab8d11ef124ec65e10625efa26c34 LICENSE.txt
+sha256 7347fd17bfd33c4093c31dc77076733e1e0150ce8c13296c56dc042bbecede84 web/wsgiserver/LICENSE.txt
diff --git a/package/python-webpy/python-webpy.mk b/package/python-webpy/python-webpy.mk
index 8bcc8ec37f..1e67cd6fd8 100644
--- a/package/python-webpy/python-webpy.mk
+++ b/package/python-webpy/python-webpy.mk
@@ -4,9 +4,10 @@
#
################################################################################
-PYTHON_WEBPY_VERSION = webpy-0.37
+# corresponds to 0.39
+PYTHON_WEBPY_VERSION = 6df75fe581e0e838d28334d5c53f52421560d38b
PYTHON_WEBPY_SITE = $(call github,webpy,webpy,$(PYTHON_WEBPY_VERSION))
-PYTHON_WEBPY_SETUP_TYPE = distutils
+PYTHON_WEBPY_SETUP_TYPE = setuptools
PYTHON_WEBPY_LICENSE = Public Domain, CherryPy License
PYTHON_WEBPY_LICENSE_FILES = LICENSE.txt web/wsgiserver/LICENSE.txt
--
2.11.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python
2018-04-04 15:51 [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Peter Korsgaard
2018-04-04 15:51 ` [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39 Peter Korsgaard
@ 2018-04-04 20:55 ` Thomas Petazzoni
2018-04-04 22:55 ` Arnout Vandecappelle
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Thomas Petazzoni @ 2018-04-04 20:55 UTC (permalink / raw)
To: buildroot
Hello,
On Wed, 4 Apr 2018 17:51:31 +0200, Peter Korsgaard wrote:
> webpy uses hashlib for session handling, so ensure it is available:
>
> web/session.py: import hashlib
> web/session.py: sha1 = hashlib.sha1
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/python-webpy/Config.in | 1 +
> 1 file changed, 1 insertion(+)
Both applied. Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python
2018-04-04 15:51 [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Peter Korsgaard
2018-04-04 15:51 ` [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39 Peter Korsgaard
2018-04-04 20:55 ` [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Thomas Petazzoni
@ 2018-04-04 22:55 ` Arnout Vandecappelle
2018-04-05 6:05 ` Peter Korsgaard
2018-04-08 19:41 ` Peter Korsgaard
2018-04-11 15:46 ` Peter Korsgaard
4 siblings, 1 reply; 9+ messages in thread
From: Arnout Vandecappelle @ 2018-04-04 22:55 UTC (permalink / raw)
To: buildroot
On 04-04-18 17:51, Peter Korsgaard wrote:
> webpy uses hashlib for session handling, so ensure it is available:
>
> web/session.py: import hashlib
> web/session.py: sha1 = hashlib.sha1
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/python-webpy/Config.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/python-webpy/Config.in b/package/python-webpy/Config.in
> index 12dbe61723..5f4df7832b 100644
> --- a/package/python-webpy/Config.in
> +++ b/package/python-webpy/Config.in
> @@ -1,6 +1,7 @@
> config BR2_PACKAGE_PYTHON_WEBPY
> bool "python-webpy"
> depends on BR2_PACKAGE_PYTHON
> + select BR2_PACKAGE_PYTHON_HASHLIB
# runtime ?
Regards,
Arnout
> help
> web.py is a web framework for Python that is as simple as it
> is powerful.
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python
2018-04-04 22:55 ` Arnout Vandecappelle
@ 2018-04-05 6:05 ` Peter Korsgaard
0 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2018-04-05 6:05 UTC (permalink / raw)
To: buildroot
>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:
> On 04-04-18 17:51, Peter Korsgaard wrote:
>> webpy uses hashlib for session handling, so ensure it is available:
>>
>> web/session.py: import hashlib
>> web/session.py: sha1 = hashlib.sha1
>>
>> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>> ---
>> package/python-webpy/Config.in | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/package/python-webpy/Config.in b/package/python-webpy/Config.in
>> index 12dbe61723..5f4df7832b 100644
>> --- a/package/python-webpy/Config.in
>> +++ b/package/python-webpy/Config.in
>> @@ -1,6 +1,7 @@
>> config BR2_PACKAGE_PYTHON_WEBPY
>> bool "python-webpy"
>> depends on BR2_PACKAGE_PYTHON
>> + select BR2_PACKAGE_PYTHON_HASHLIB
> # runtime ?
I argued about that as well, but given that it is a sub option of python
(so not something you can add to _DEPENDENCIES anyway), and
(host-)python is a build time dependency it isn't really black / white
and I decided to not add it.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python
2018-04-04 15:51 [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Peter Korsgaard
` (2 preceding siblings ...)
2018-04-04 22:55 ` Arnout Vandecappelle
@ 2018-04-08 19:41 ` Peter Korsgaard
2018-04-11 15:46 ` Peter Korsgaard
4 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2018-04-08 19:41 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> webpy uses hashlib for session handling, so ensure it is available:
> web/session.py: import hashlib
> web/session.py: sha1 = hashlib.sha1
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39
2018-04-04 15:51 ` [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39 Peter Korsgaard
@ 2018-04-08 19:42 ` Peter Korsgaard
2018-04-11 15:47 ` Peter Korsgaard
1 sibling, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2018-04-08 19:42 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> From the changelog:
> 2018-02-28 0.39
> * Fixed a security issue with the form module (tx Orange Tsai)
> * Fixed a security issue with the db module (tx Adri?n Brav and Orange Tsai)
> 2016-07-08 0.38
> ..
> * Fixed a potential remote exeution risk in `reparam` (tx Adri?n Brav)
> License files are still not included on pypi, so continue to use the git
> repo. Upstream has unfortunately not tagged 0.39, so use the latest commit
> on the 0.39 branch. A request to fix this has been submitted:
> https://github.com/webpy/webpy/issues/449
> 0.39 now uses setuptools, so change the _SETUP_TYPE.
> Add hashes for the license files.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python
2018-04-04 15:51 [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Peter Korsgaard
` (3 preceding siblings ...)
2018-04-08 19:41 ` Peter Korsgaard
@ 2018-04-11 15:46 ` Peter Korsgaard
4 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2018-04-11 15:46 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> webpy uses hashlib for session handling, so ensure it is available:
> web/session.py: import hashlib
> web/session.py: sha1 = hashlib.sha1
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39
2018-04-04 15:51 ` [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39 Peter Korsgaard
2018-04-08 19:42 ` Peter Korsgaard
@ 2018-04-11 15:47 ` Peter Korsgaard
1 sibling, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2018-04-11 15:47 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> From the changelog:
> 2018-02-28 0.39
> * Fixed a security issue with the form module (tx Orange Tsai)
> * Fixed a security issue with the db module (tx Adri?n Brav and Orange Tsai)
> 2016-07-08 0.38
> ..
> * Fixed a potential remote exeution risk in `reparam` (tx Adri?n Brav)
> License files are still not included on pypi, so continue to use the git
> repo. Upstream has unfortunately not tagged 0.39, so use the latest commit
> on the 0.39 branch. A request to fix this has been submitted:
> https://github.com/webpy/webpy/issues/449
> 0.39 now uses setuptools, so change the _SETUP_TYPE.
> Add hashes for the license files.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-04-11 15:47 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-04 15:51 [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Peter Korsgaard
2018-04-04 15:51 ` [Buildroot] [PATCH 2/2] python-webpy: security bump to version 0.39 Peter Korsgaard
2018-04-08 19:42 ` Peter Korsgaard
2018-04-11 15:47 ` Peter Korsgaard
2018-04-04 20:55 ` [Buildroot] [PATCH 1/2] python-webpy: needs hashlib support in python Thomas Petazzoni
2018-04-04 22:55 ` Arnout Vandecappelle
2018-04-05 6:05 ` Peter Korsgaard
2018-04-08 19:41 ` Peter Korsgaard
2018-04-11 15:46 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.