This is a security release.
Notable Changes
CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.23.4 (released 2024-12-03) includes fixes to the compiler, the
runtime, the trace command, and the syscall package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Dropped:
003-without-vendored-meson.patch
004-workaround-for-multiple-top-level-packages-discovered.patch
This time, we really need to use meson to build numpy.
And to make things more complicated, the 'vendored' meson package (that
comes with numpy) must be used. This is because they have some special
logic in there that's specific to numpy.
With this change, we also need to keep a special/internal
'openwrt-cross.txt.in' file, because cross-compiling numpy also requires
that a 'longdouble_format' property be added.
More details about this:
https://github.com/numpy/numpy/issues/23972https://github.com/numpy/numpy/blob/maintenance/2.2.x/doc/source/building/cross_compilation.rst
Removing quirk fix for x86_64 with detecting 'avx512f'.
This should work with the new meson stuff.
And finally, added a test.sh script.
This should make sure that this package works fine during upgrades.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
This backported patch is required to fix the build for loongarch64:
...
... loongarch64-openwrt-linux-musl/bin/ld.bfd: Zend/zend_fibers.o: in function `zend_fiber_init_context':
zend_fibers.c:(.text+0xb34): undefined reference to `getcontext'
... loongarch64-openwrt-linux-musl/bin/ld.bfd: zend_fibers.c:(.text+0xb38): undefined reference to `getcontext'
... loongarch64-openwrt-linux-musl/bin/ld.bfd: zend_fibers.c:(.text+0xb74): undefined reference to `makecontext'
... loongarch64-openwrt-linux-musl/bin/ld.bfd: zend_fibers.c:(.text+0xb78): undefined reference to `makecontext'
... loongarch64-openwrt-linux-musl/bin/ld.bfd: Zend/zend_fibers.o: in function `.L170':
zend_fibers.c:(.text+0xe34): undefined reference to `swapcontext'
...
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Relevant changes since previous 3.10.0:
- FIXED: Serializing numpy.ndarray with non-native endianness raises orjson.JSONEncodeError.
- FIXED: Fix int serialization on 32-bit Python 3.8, 3.9, 3.10. This was introduced in 3.10.8.
- Improve performance of serializing.
- Drop support for arm7.
- int serialization no longer chains OverflowError to the the __cause__ attribute of orjson.JSONEncodeError when range exceeded.
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
Ruby 3.3.6 is a routine update that includes minor bug fixes. It also
stops warning missing default gem dependencies that will be bundled gems
in Ruby 3.5.
Link: https://github.com/ruby/ruby/releases/tag/v3_3_6
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Upgrade Version 22.11.0 'Jod' (LTS)
Notable Changes
This release marks the transition of Node.js 22.x into Long Term Support (LTS) with the codename 'Jod'. The 22.x release line now moves into "Active LTS" and will remain so until October 2025. After that time, it will move into "Maintenance" until end of life in April 2027.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.23.3 (released 2024-11-06) includes fixes to the linker,
the runtime, and the net/http, os, and syscall packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
vala now sort of depends on gobject-introspection. In order to avoid
adding, override GI_GIRDIR to avoid depending on goject-introspection.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Michael Heimpold
Hirokazu MORIKAWA
Jianhui Zhao
hingbong lo
Tianling Shen
Alexandru Ardelean
Austin Lane
Timothy M. Ace
Javier Marcet
Fabian Lipken
Luiz Angelo Daros de Luca
Finn Landweber
Glenn Strauss
Hannu Nyman
Rosen Penev
Daniel Golle
John Audia