Python update to 2.7.15 #3628
Python update to 2.7.15 #3628
Conversation
|
@chickenandpork Thanks Allan. Looks great. You are correct when you wrote all Python 2 based applications have now to be rebuilt and published... That was in my plans since vulnerability alerts about "requests" in almost all "requirements.txt": https://github.com/SynoCommunity/spksrc/network/alerts |
|
Hmm. Another big build job.
It’s like we need to have some sort of a fan-out on validation of builds and acceptance.
… On Feb 16, 2019, at 09:24, Yves Martin ***@***.***> wrote:
@chickenandpork Thanks Allan. Looks great. You are correct when you wrote all Python 2 based applications have now to be rebuilt and published... That was in my plans since vulnerability alerts about "requests" in almost all "requirements.txt": https://github.com/SynoCommunity/spksrc/network/alerts
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
So what is different from the other PR #3552? Looks exactly the same. Strange it builds now. The only reason all packages need to be rebuild is the |
|
I think the biggest thing was rebasing.
I hand-replicates the same changes, skipping what was rebased out. Bumped bcrypt as a side-effect.
I parameterized the PLIST after but it should not affect compile.
… On Feb 17, 2019, at 07:31, Safihre ***@***.***> wrote:
So what is different from the other PR #3552? Looks exactly the same. Strange it builds now.
The only reason all packages need to be rebuild is the requests package vulnerability?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
@ymartin59 Did you actually read the vulnerability that was fixed in This is not something that requires republishing of all packages, as it requires a potential attacker to be able to perform man-in-the-middle attacks on networks. |
|
Python 2.7.16 will come in the near future. I am not sure if this will affect this PR.. I certainly hope not because users have been waiting for months to get the new SABnzbd and this is all blocked by this update. |
|
I would suggest merging this now and doing 2.7.16 when it’s available.
Always waiting for the next release means we never move ahead.
This builds, I think the builds are already in my beta space (spk.chickenandporn.com), rather work on 2.7.16 when it drops.
… On Feb 23, 2019, at 13:42, Safihre ***@***.***> wrote:
Python 2.7.16 will come in the near future.
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
I am not sure if this will affect this PR.. I certainly hope not because users have been waiting for months to get the new SABnzbd and this is all blocked by this update.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
@chickenandpork this is a bit off topic: what email can I reach you on? I would also like to setup maybe a spk server. You can also reach me at [email protected] :) |
* upstream/master: (151 commits) Fix build of itools (usbmuxd) for arch 88f6281 Fix compilation of cross/fuse for arch ppc853x Update templates mono: update to 5.18.0.240 (release) (SynoCommunity#3561) syncthing: update to 1.1.0 and go to 1.12 syncthing: split up firewall ports more granularly ffmpeg: fix for qoriq (SynoCommunity#3655) [Sonarr] Update to v2.0.0.5301 Update Sonarr for v3 upgrade compatibility [Lidarr] Update to v0.5.0583 [Radarr] Update to v0.2.0.1293 [Jackett] Update to v0.11.43 homeassistant: update to 0.87.1 and generic installer and service (SynoCommunity#3462) sabnzbd: update to 2.3.7 (SynoCommunity#3555) python" update to 2.7.15 (SynoCommunity#3628) tvheadend: fixes on 4.2.8 (SynoCommunity#3623) framework: improve icon generation (SynoCommunity#3172) framework: fix DISTRIB_DIR recursive definition ffmpeg: fix GMP install prefix framework: new docker image based on Debian Stretch ...
Motivation: This is basically @ymartin59's #3552 but with:
cross/python/PLISTis parameterizedApachev2license isASL2The changes above are minimal, and reflect the kind of cleanup that @ymartin59 tends to do to mine anyhow :) So, honestly, I haven't really done anything to his work except redo it by hand, which can avoid maybe quotation marks that look like other quotes or something else.
Maybe the rebasing to recent version is what did it.
Linked issues: #3546
Checklist
all-supportedcompleted successfullyChecked upgrade of
2.7.14-19to2.7.15-20Basic in-place test is: