buildroot/package/python-web2py/python-web2py.mk, branch 2017.08

package/python-web2py: remove admin panel

2017-07-31T20:56:24+00:00

This commmit adds an option to remove admin panel to save speace if not needed. Signed-off-by: Angelo Compagnucci [Thomas: fix indentation.] Signed-off-by: Thomas Petazzoni

package/python-web2py: move password generation

2017-07-31T20:46:19+00:00

This commit moves the password generation as a post build step. This prepares the option to remove the admin panel from installation. Signed-off-by: Angelo Compagnucci Signed-off-by: Thomas Petazzoni

package/python-web2py: reduce installation size

2017-07-31T20:45:12+00:00

This commit exclude some useless files from standard installation to save space on embedded systems. Signed-off-by: Angelo Compagnucci Signed-off-by: Thomas Petazzoni

Globally replace $(HOST_DIR)/usr/bin with $(HOST_DIR)/bin

2017-07-05T13:19:29+00:00

Since things are no longer installed in $(HOST_DIR)/usr, the callers should also not refer to it. This is a mechanical change with git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) Signed-off-by: Thomas Petazzoni

python-web2py: security bump to version 2.14.6

2017-04-26T07:20:16+00:00

CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. Signed-off-by: Peter Korsgaard

package: use SPDX short identifier for LGPLv3/LGPLv3+

2017-04-01T13:18:39+00:00

We want to use SPDX identifier for license string as much as possible. SPDX short identifier for LGPLv3/LGPLv3+ is LGPL-3.0/LGPL-3.0+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv3(\+)?/LGPL-3.0\1/g' Signed-off-by: Rahul Bedarkar Signed-off-by: Thomas Petazzoni

python/web2py: bump to version 2.12.3 - hash file

2015-11-24T18:43:50+00:00

This patch bumps web2py to the latest released version (2.12.3) and adds hash file. Signed-off-by: Angelo Compagnucci Signed-off-by: Thomas Petazzoni

python-web2py: bump to version 2.11.3

2015-11-22T13:10:20+00:00

This patch bumps web2py version to 2.11.3 Signed-off-by: Angelo Compagnucci Signed-off-by: Thomas Petazzoni

package/python-web2py: fix permissions

2015-11-04T20:48:42+00:00

The PYTHON_WEB2PY_PERMISSIONS table was using the user and group names instead of the uid and gid, causing makedevs to retrieve the uid and gid from the host system. Signed-off-by: Noé Rubinstein Signed-off-by: Thomas Petazzoni

package/python-web2py: bump to version R-2.11.2

2015-07-26T16:34:03+00:00

This patch bumps python-web2py to version R-2.11.2. Signed-off-by: Angelo Compagnucci Signed-off-by: Thomas Petazzoni