| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick commit [1] mentioned in [2].
[1] https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-11407
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-53907 and CVE-2024-53908
Release Notes:
https://docs.djangoproject.com/en/dev/releases/5.0.10/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-53907 and CVE-2024-53908
Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.17/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
https://github.com/tornadoweb/tornado/releases/tag/v6.4.2
https://github.com/tornadoweb/tornado/releases/tag/v6.4.1
Switch to python_setuptools_build_meta -
https://github.com/tornadoweb/tornado/commit/e71fb6e616e08838df55dddb494c96a80454f812
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-49767
Changelog:
==========
https://github.com/pallets/werkzeug/blob/3.0.6/CHANGES.rst
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Without this the native recipe cannot be built.
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
(cherry picked from commit 4a86f8a54fe96f4aa05232180a2a744a15638f55)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize()
urlize and urlizetrunc were subject to a potential denial-of-service attack
via very large inputs with a specific sequence of characters.
CVE-2024-45231: Potential user email enumeration via response status on
password reset
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email
sending are now handled and logged using the django.contrib.auth logger.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with
a large exponent.
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with
a very large number of Unicode characters.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as
a passed *arg.
CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize()
urlize() and urlizetrunc() were subject to a potential denial-of-service
attack via certain inputs with a very large number of brackets.
CVE-2024-39329: Username enumeration through timing difference for users with
unusable passwords
The django.contrib.auth.backends.ModelBackend.authenticate() method allowed
remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.
CVE-2024-39330: Potential directory-traversal in
django.core.files.storage.Storage.save()
Derived classes of the django.core.files.storage.Storage base class which
override generate_filename() without replicating the file path validations
existing in the parent class, allowed for potential directory-traversal via
certain inputs when calling save().
Built-in Storage sub-classes were not affected by this vulnerability.
CVE-2024-39614: Potential denial-of-service in
django.utils.translation.get_supported_language_variant()
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
To mitigate this vulnerability, the language code provided to
get_supported_language_variant() is now parsed up to a maximum length of
500 characters.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize()
urlize and urlizetrunc were subject to a potential denial-of-service attack
via very large inputs with a specific sequence of characters.
CVE-2024-45231: Potential user email enumeration via response status on
password reset
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email
sending are now handled and logged using the django.contrib.auth logger.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with
a large exponent.
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with
a very large number of Unicode characters.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as
a passed *arg.
CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize()
urlize() and urlizetrunc() were subject to a potential denial-of-service
attack via certain inputs with a very large number of brackets.
CVE-2024-39329: Username enumeration through timing difference for users with
unusable passwords
The django.contrib.auth.backends.ModelBackend.authenticate() method allowed
remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.
CVE-2024-39330: Potential directory-traversal in
django.core.files.storage.Storage.save()
Derived classes of the django.core.files.storage.Storage base class which
override generate_filename() without replicating the file path validations
existing in the parent class, allowed for potential directory-traversal via
certain inputs when calling save().
Built-in Storage sub-classes were not affected by this vulnerability.
CVE-2024-39614: Potential denial-of-service in
django.utils.translation.get_supported_language_variant()
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
To mitigate this vulnerability, the language code provided to
get_supported_language_variant() is now parsed up to a maximum length of
500 characters.
Fixed a crash in Django 4.2 when validating email max line lengths with content
decoded using the surrogateescape error handling scheme (#35361)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Change the reference to the MIT license containing COPYING file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Change the reference to the Apache-2.0 license containing LICENSE file
in the downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Contents of
https://github.com/pycurl/pycurl/blob/REL_7_45_2/COPYING-LGPL
correspond to version 2.1 of the license rather than 2.0.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the source code repository the LICENSE file is GPL-3.0-only:
https://github.com/nmmapper/python3-nmap/blob/1.5.2/LICENSE
https://github.com/nmmapper/python3-nmap/blob/1.7.0/LICENSE
Also change the LIC_FILES_CHKSUM reference to the GPLv3.0 license
containing LICENSE file in the downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
According to
https://github.com/FutureLinkCorporation/fann2/tree/1.1.2?tab=readme-ov-file#license
and https://github.com/FutureLinkCorporation/fann2/blob/1.1.2/LICENSE
this project is subject to LGPL-2.1-only license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
https://github.com/tartley/colorama?tab=readme-ov-file#license and
https://github.com/tartley/colorama/blob/0.4.6/LICENSE.txt declare
that this project is subject to BSD-3-Clause license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
According to https://pypi.org/project/platformdirs/ and
https://github.com/platformdirs/platformdirs/blob/4.2.0/LICENSE
the project is subject to MIT license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to https://pypi.org/project/pillow/ and
https://github.com/python-pillow/Pillow/blob/10.3.0/LICENSE the project
is subject to HPND license.
Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
According to https://pypi.org/project/parse-type/ and
https://github.com/jenisys/parse_type/blob/v0.6.2/LICENSE the
project is subject to MIT license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
According to
https://github.com/testing-cabal/mock/blob/5.1.0/LICENSE.txt the
project is subject to BSD-2-Clause license. (Also
https://pypi.org/project/mock/ states 'BSD License'.)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to https://pypi.org/project/lru-dict/ and
https://github.com/amitdev/lru-dict/blob/v1.3.0/LICENSE the project is
licensed under MIT.
Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both https://pypi.org/project/email-validator/ and
https://github.com/JoshData/python-email-validator/blob/v2.1.1/LICENSE
declare this project is subject to 'Unlicense'.
For additional reference, see upstream commit
https://github.com/JoshData/python-email-validator/commit/5d72f53412821189ebc826100fb2a673530c5ac6
("Relicense under the Unlicense (instead of CC0)")
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
According to https://github.com/ICRAR/crc32c/blob/v2.3/LICENSE and
https://github.com/ICRAR/crc32c?tab=readme-ov-file#license change
'LGPL-2.0-or-later' in LICENSE value to 'LGPL-2.1-or-later'.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Both project pypi page: https://pypi.org/project/cbor2/ as well as
https://github.com/agronholm/cbor2/blob/5.6.3/LICENSE.txt state that it
is subject to MIT rather than Apache-2.0 license. Also update
LIC_FILES_CHKSUM value to reference the LICENSE.txt file from the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
According to homepage https://xlsxwriter.readthedocs.io/license.html
and pypi page https://pypi.org/project/XlsxWriter/ as well as
https://github.com/jmcnamara/XlsxWriter/blob/RELEASE_3.1.9/LICENSE.txt
the module is licensed under BSD-2-Clause.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the
`Access-Control-Allow-Private-Network` CORS header to be set to true
by default, without any configuration option. This behavior can expose
private network resources to unauthorized external access, leading to
significant security risks such as data breaches, unauthorized access
to sensitive information, and potential network intrusions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6221
Upsteam-Patch:
https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Twisted is an event-based framework for internet applications, supporting
Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process
pipelined HTTP requests out-of-order, possibly resulting in information
disclosure. This vulnerability is fixed in 24.7.0rc1.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-41671
Upstream-patches:
https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Add missing RDEPENDS for ptest:
- python3-zoneinfo
- tzdata
Similar to fixes in Styhead 110b636836348530ec4965ebd3ee753928f21b44 but for 2.18.4
and without needing to add the python3-tzdata recipe.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a new upstream fix to remove the TMPDIR
reference from the rust code.
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
We've seen TMPDIR [build-paths] contamination in the
built pydantic_core/_pydantic_core.cpython-*-*-linux-gnu.so
See discussion upstream in:
https://github.com/pydantic/pydantic-core/issues/1365
Backport fix from:
https://github.com/pydantic/pydantic-core/commit/e07c41b3bad75948201a2201387225694c2fb501
Similar to Styhead 6f0a41130c0dcf80e22f6f3fd93d39369c235693, but for 2.18.4
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://docs.pydantic.dev/latest/changelog/#v274-2024-06-12
What's Changed
* Packaging
- Bump pydantic.v1 to v1.10.16 reference by @sydney-runkle in
#9639
* Fixes
- Specify recursive_guard as kwarg in FutureRef._evaluate by
@vfazio in #9612
Full commit log:
https://github.com/pydantic/pydantic/compare/v2.7.3...v2.7.4
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipe for pydantic currently is at version 2.7.3. This
project specifies in its pyproject.toml that it depends on
pydantic-core version 2.18.4. Because an older 2.16.3 version
of pydantic-core was used now, a simple bit of code will break.
from enum import Enum
from pydantic import BaseModel
class Color(str, Enum):
RED = "RED"
BLUE = "BLUE"
class Car(BaseModel):
color: Color
print(Car(color=Color.RED))
This will upgrade the python3-pydantic-core recipe to make it
compatible with python3-pydantic, so that the above snippet of
code will no longer fail.
Two patches are removed, these backports are now included in the
upstream code. A new patch is added to set the required rust
compiler from 1.76 to 1.75. Version 1.76 is not actually needed.
File python3-pydantic-core-crates.inc is regenerated by running
'bitbake -c update_crates python3-pydantic-core'.
The recipes RDEPENDS now includes python3-compression. The pydantic
schema validator imports 'importlib.metadata' which wants to import
'zipfile'.
The buildpaths QA check is skipped. This should be fixed at some
point, but it was already failing before this change.
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport from Styhead bee8b9bbc48e5ee9a4b67aed09027e62143eb34c as part of the overall scarthgap fix
Fix typo in python3-pydantic version, it was 2.7.3 not 2.7.2
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For full changelog, see:
https://github.com/pydantic/pydantic/compare/v2.7.1...v2.7.3
Highlights:
v2.7.3 (2024-06-03)
Bump pydantic-core to v2.18.4 by @sydney-runkle in #9550
v2.7.2 (2024-05-28)
Bump pydantic-core to v2.18.3 by @sydney-runkle in #9515
Backport from Styhead a45050c6433818e2196bc9e9ceaf2fb9ceec7095 as part of the overall scarthgap fix
Fix typo in version number, it was upgraded to 2.7.3, not 2.7.2
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
-Bump pydantic-core to v2.18.2
-Ftp and Websocket connection strings support
-Use field description for RootModel schema description when there is no docstring
-Fix validation_alias behavior with model_construct for AliasChoices and AliasPath
-Revert typing.Literal and import it outside the TYPE_CHECKING block
-Fix Secret serialization schema, applicable for unions
-Fix strict application to function-after with use_enum_values
-Address case where model_construct on a class which defines model_post_init fails with AttributeError
-Fix model_json_schema with config types
-Support multiple zeros as an int
-Fix validation of ints with leading unary plus
-Fix interaction between extra != 'ignore' and from_attributes=True
-Handle error from Enum's missing function as ValidationError
-Fix memory leak with Iterable validation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport from Styhead 6112eb064ccaf7b9c74b285e3fc070bab0343340 as part of the overall scarthgap fix
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport upstream abseil-cpp fix[1] for SIGILL crash on RISC-V with
6.6 and newer kernels. The patch has been tweaked to apply on top
of the existing patch stack to the vendored copy of abseil-cpp.
[1]: https://github.com/abseil/abseil-cpp/commit/7335a36d
(cherry-picked from 080287ebe1f6958088871194f8ae5674edd41589)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* crypto: use _Generic only if !defined(__cplusplus)
* fixes build with gcc-14 which has __builtin_addc and __builtin_subc
with gcc-13 it was already using the #else branch because of missing builtins
* fixes
https://github.com/grpc/grpc/issues/35945
http://errors.yoctoproject.org/Errors/Details/766916/
* _Generic was introduced in boringssl with:
https://boringssl.googlesource.com/boringssl/+/70ca6bc24be103dabd68e448cd3af29b929b771d%5E%21/#F4
* but e.g. third_party/boringssl-with-bazel/src/ssl/d1_both.cc includes
this internal.h and from the .cc extension gcc will process it as C++
where _Generic isn't available, causing:
In file included from third_party/boringssl-with-bazel/src/ssl/d1_both.cc:125:
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h: In function 'uint32_t CRYPTO_addc_u32(uint32_t, uint32_t, uint32_t, uint32_t*)':
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1159:7: error: expected primary-expression before 'unsigned'
1159 | unsigned: __builtin_addc, \
| ^~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1166:10: note: in expansion of macro 'CRYPTO_GENERIC_ADDC'
1166 | return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
| ^~~~~~~~~~~~~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1160:7: error: expected primary-expression before 'unsigned'
1160 | unsigned long: __builtin_addcl, \
| ^~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1166:10: note: in expansion of macro 'CRYPTO_GENERIC_ADDC'
1166 | return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
| ^~~~~~~~~~~~~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1161:7: error: expected primary-expression before 'unsigned'
1161 | unsigned long long: __builtin_addcll))((x), (y), (carry), (out_carry))
| ^~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1166:10: note: in expansion of macro 'CRYPTO_GENERIC_ADDC'
1166 | return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
| ^~~~~~~~~~~~~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1158:4: error: '_Generic' was not declared in this scope
1158 | (_Generic((x), \
| ^~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1166:10: note: in expansion of macro 'CRYPTO_GENERIC_ADDC'
1166 | return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
| ^~~~~~~~~~~~~~~~~~~
(cherry picked from commit 5778e32eae201072c5dc37c9db67dc1848ffb9de)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This needs to be upgraded to 2.19+ but until then
backport a fix to keep it building.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Tim Orling <ticotimo@gmail.com>
(cherry picked from commit 39d164f0c33d24f40e676aac152dfe50f2c00695)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Fixed typo 'marking' instead of 'marketing' in case-insensitive mailbox name list.
- When DNS-based deliverability checks fail, in some cases exceptions are now
thrown with raise ... from for better nested exception tracking.
- Fixed tests to work when no local resolver can be configured.
- This project is now licensed under the Unlicense (instead of CC0).
- Minor improvements to tests.
- Minor improvements to code style.
License-Update: Relicense under the Unlicense (instead of CC0)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0dd1264a9499b213ff9edd3618ea2a3e8fae9c56)
Signed-off-by: Richard Leitner <dev@g0hl1n.net>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-34069
The license didn't change but the file was renamed.
Changelog:
==========
https://github.com/pallets/werkzeug/blob/3.0.3/CHANGES.rst
https://github.com/pallets/werkzeug/blob/3.0.2/CHANGES.rst
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing a heavily nested list to sqlparse.parse() leads to a Denial
of Service due to RecursionError.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-4340
Upstream-patch:
https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our python3-protobuf is installed in standard site-packages location,
there's no need for an extra .pth file. So this .pth is useless.
What's worse, this .pth file is problematic for python 3.12 ptest. It will
cause the following test case to hang forever:
test.test__xxsubinterpreters.CreateTests.test_in_thread
I've filed an issue[1] for cpython. Until the problem is resolved there,
we should avoid packaging this .pth file.
In fact, Debian also removes this file in the rules file, though their reason
for removal is likely that the file is useless.
rules: find $(CURDIR)/debian/python3-protobuf -name 'protobuf-*-nspkg.pth' -delete
Some more information below, just for better tracking:
1. That .pth file is way too complicated according to .pth design[2].
2. The subinterpreter is not offically part of python, at least for 3.12. The PEP[3][4]
has not been accepted. The test__xxsubinterpreter is a preparation for it.
[1] https://github.com/python/cpython/issues/122220
[2] https://docs.python.org/3/library/site.html
[3] https://peps.python.org/pep-0554/
[4] https://peps.python.org/pep-0554/
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
backport from master:
56e2e5df9 python3-pyyaml-include: support native and nativesdk build
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream toml file mentions Jinja2 and pytest-metadata as runtime
dependencies.
Link: https://github.com/pytest-dev/pytest-html/blob/cfd32d08488e2c6fb72f0617db94ab41d3fca8d0/pyproject.toml#L42
Signed-off-by: Grygorii Tertychnyi <grygorii.tertychnyi@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ca28badd147afdb11b8ee785b277bc9797d012fe)
Signed-off-by: Grygorii Tertychnyi <grembeter@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The flow module was removed in Twisted 9.0.0 a long time
and currently does not install anything. Let's remove it
to cleanup the recipe.
This commit also removes python3-twisted-news package because
the source files were removed in Twisted 21.2.0. All other
files which no longer exist in the source are also removed from FILES.
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes an issue where split packages were no populated since all the files
were picked up by FILES:${PN}
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
define proper macro for ppc/ppc64 to fix compile error
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For now, the known non-reproducible packages list is stored inside the
autobuilder config.json file. This is not ideal. Let's move this list
into each layers of meta-openembedded.
These lists can be used with, in local.conf:
include conf/include/non-repro-meta-oe.inc
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "${KNOWN_NON_REPRO_META_OE}"
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It looks like python3-six was dropped as a dependency between
version 3.17.0 and 3.18.0. Looking at the PyPi downloads indicates
this coincides with when Python 2 support was dropped.
I couldn't find any release notes so this patch is based on looking
at the source code downloaded from PyPi.
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- build backend is hatchling.build
- python3-six is not a runtime dependency, it's not imported anywhere in the source
- add python3-asyncio to RDEPENDS
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Dependency added in gcov-7.1.
Wrapping lines and alphabetically ordering while touching RDEPENDS.
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
python3-six is no longer a dependency and Python 2 support has already been dropped.
Change python3-twisted to python3-twisted-core such that only required modules
are installed.
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
