| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Needed in scarthgap for native build on hosts with gcc-14 and newer.
It was in master since:
https://git.openembedded.org/meta-openembedded/diff/meta-python/recipes-devtools/python/python3-h5py_3.11.0.bb?id=f0c767407d033e3f39ceeccc2f7e03a1ca7a6443
and then removed as fixed in 3.11.0 by:
https://git.openembedded.org/meta-openembedded/commit/?id=4b990b6dbabaeb65df5bf46546a873c69032a040
but scarthgap has older 3.10.0, backport necessary changes.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
In the SRC_URI, the branch of maintenance/3.1.x has been reomved,
which will cause do fetch error. So update as "branch=main"
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
protobuf has upgraded to 4.25.8. Sync with it.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fixes:
https://lists.openembedded.org/g/openembedded-devel/message/117255
DEBUG: Executing shell function do_compile
* Getting build dependencies for wheel...
/usr/lib/ld-linux-aarch64.so.1: No such file or directory
Traceback (most recent call last):
File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py",
line 389, in <module>
main()
~~~~^^
File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py",
line 373, in main
json_out["return_val"] = hook(**hook_input["kwargs"])
~~~~^^^^^^^^^^^^^^^^^^^^^^^^
File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py",
line 143, in get_requires_for_build_wheel
return hook(config_settings)
File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/setuptools/build_meta.py",
line 334, in get_requires_for_build_wheel
return self._get_build_requires(config_settings, requirements=[])
~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/setuptools/build_meta.py",
line 304, in _get_build_requires
self.run_setup()
~~~~~~~~~~~~~~^^
File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/setuptools/build_meta.py",
line 320, in run_setup
exec(code, locals())
~~~~^^^^^^^^^^^^^^^^
File "<string>", line 23, in <module>
File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/posix_ipc-1.2.0/build_support/discover_system_info.py",
line 409, in discover
d["QUEUE_PRIORITY_MAX"] = sniff_mq_prio_max()
~~~~~~~~~~~~~~~~~^^
File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/posix_ipc-1.2.0/build_support/discover_system_info.py",
line 238, in sniff_mq_prio_max
if max_priority < 0:
^^^^^^^^^^^^^^^^
TypeError: '<' not supported between instances of 'str' and 'int'
ERROR Backend subprocess exited when trying to invoke
get_requires_for_build_wheel
WARNING: TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/temp/run.do_compile.2736023:168
exit 1 from 'nativepython3 -m build --no-isolation --wheel --outdir
TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/dist
TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/posix_ipc-1.2.0'
WARNING: Backtrace (BB generated script):
On some hosts.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
0001-Use-default-cc-from-environment-variable.patch
removed since it's not available in 1.2.0
License-Update: Reorg and rename files; add pyproject.toml
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c
allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
_mask.c is generated by cython and encodes sourcepaths into
comments which are absolute. Edit them out.
Fixes buildpaths QA errors
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This error is due to absolute paths leaking into ELF files due to
-rpath option in compiler cmdline, therefore patch them out.
Apply patch [1] from Debian
[1] https://sources.debian.org/data/main/p/python-pyproj/3.6.1-4/debian/patches/rpath.patch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cython does not provide a direct option to disable or customize
the metadata written in the generated C files. The metadata
includes information like the Cython version and absolute paths to
the original Cython files, which can be problematic for doing
reproducible builds
Therefore edit out these comments from the cython generated C files
they are nicely tucked between two known tags at the top of file.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set GRPC_PYTHON_BUILD_EXT_COMPILER_JOBS to limit spawned compiler
processes. Without this it uses all available CPUs (via
multiprocessing.cpu_count()) and can exhaust build host since there are
lot of files to compile (e.g. with 128 cores it manages to spawn 128 gcc
processes)
Note that this is a general problem for all setuptools based builds with
build_ext compilation which can either compile with 1 thread or
cpu_count threads. grpcio hot-patches setuptools and allows to set
specific build concurrency value.
(From master rev: fe582374d3ba474164005942799eb2bddc52a080)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-56374
Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.18/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-56374
Release Notes:
https://docs.djangoproject.com/en/dev/releases/5.0.11/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick commit [1] mentioned in [2].
[1] https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-11407
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-53907 and CVE-2024-53908
Release Notes:
https://docs.djangoproject.com/en/dev/releases/5.0.10/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-53907 and CVE-2024-53908
Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.17/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
https://github.com/tornadoweb/tornado/releases/tag/v6.4.2
https://github.com/tornadoweb/tornado/releases/tag/v6.4.1
Switch to python_setuptools_build_meta -
https://github.com/tornadoweb/tornado/commit/e71fb6e616e08838df55dddb494c96a80454f812
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-49767
Changelog:
==========
https://github.com/pallets/werkzeug/blob/3.0.6/CHANGES.rst
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Without this the native recipe cannot be built.
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
(cherry picked from commit 4a86f8a54fe96f4aa05232180a2a744a15638f55)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize()
urlize and urlizetrunc were subject to a potential denial-of-service attack
via very large inputs with a specific sequence of characters.
CVE-2024-45231: Potential user email enumeration via response status on
password reset
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email
sending are now handled and logged using the django.contrib.auth logger.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with
a large exponent.
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with
a very large number of Unicode characters.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as
a passed *arg.
CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize()
urlize() and urlizetrunc() were subject to a potential denial-of-service
attack via certain inputs with a very large number of brackets.
CVE-2024-39329: Username enumeration through timing difference for users with
unusable passwords
The django.contrib.auth.backends.ModelBackend.authenticate() method allowed
remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.
CVE-2024-39330: Potential directory-traversal in
django.core.files.storage.Storage.save()
Derived classes of the django.core.files.storage.Storage base class which
override generate_filename() without replicating the file path validations
existing in the parent class, allowed for potential directory-traversal via
certain inputs when calling save().
Built-in Storage sub-classes were not affected by this vulnerability.
CVE-2024-39614: Potential denial-of-service in
django.utils.translation.get_supported_language_variant()
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
To mitigate this vulnerability, the language code provided to
get_supported_language_variant() is now parsed up to a maximum length of
500 characters.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize()
urlize and urlizetrunc were subject to a potential denial-of-service attack
via very large inputs with a specific sequence of characters.
CVE-2024-45231: Potential user email enumeration via response status on
password reset
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email
sending are now handled and logged using the django.contrib.auth logger.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with
a large exponent.
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with
a very large number of Unicode characters.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as
a passed *arg.
CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize()
urlize() and urlizetrunc() were subject to a potential denial-of-service
attack via certain inputs with a very large number of brackets.
CVE-2024-39329: Username enumeration through timing difference for users with
unusable passwords
The django.contrib.auth.backends.ModelBackend.authenticate() method allowed
remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.
CVE-2024-39330: Potential directory-traversal in
django.core.files.storage.Storage.save()
Derived classes of the django.core.files.storage.Storage base class which
override generate_filename() without replicating the file path validations
existing in the parent class, allowed for potential directory-traversal via
certain inputs when calling save().
Built-in Storage sub-classes were not affected by this vulnerability.
CVE-2024-39614: Potential denial-of-service in
django.utils.translation.get_supported_language_variant()
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
To mitigate this vulnerability, the language code provided to
get_supported_language_variant() is now parsed up to a maximum length of
500 characters.
Fixed a crash in Django 4.2 when validating email max line lengths with content
decoded using the surrogateescape error handling scheme (#35361)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Change the reference to the MIT license containing COPYING file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Change the reference to the Apache-2.0 license containing LICENSE file
in the downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Contents of
https://github.com/pycurl/pycurl/blob/REL_7_45_2/COPYING-LGPL
correspond to version 2.1 of the license rather than 2.0.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the source code repository the LICENSE file is GPL-3.0-only:
https://github.com/nmmapper/python3-nmap/blob/1.5.2/LICENSE
https://github.com/nmmapper/python3-nmap/blob/1.7.0/LICENSE
Also change the LIC_FILES_CHKSUM reference to the GPLv3.0 license
containing LICENSE file in the downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
According to
https://github.com/FutureLinkCorporation/fann2/tree/1.1.2?tab=readme-ov-file#license
and https://github.com/FutureLinkCorporation/fann2/blob/1.1.2/LICENSE
this project is subject to LGPL-2.1-only license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
https://github.com/tartley/colorama?tab=readme-ov-file#license and
https://github.com/tartley/colorama/blob/0.4.6/LICENSE.txt declare
that this project is subject to BSD-3-Clause license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
According to https://pypi.org/project/platformdirs/ and
https://github.com/platformdirs/platformdirs/blob/4.2.0/LICENSE
the project is subject to MIT license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to https://pypi.org/project/pillow/ and
https://github.com/python-pillow/Pillow/blob/10.3.0/LICENSE the project
is subject to HPND license.
Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
According to https://pypi.org/project/parse-type/ and
https://github.com/jenisys/parse_type/blob/v0.6.2/LICENSE the
project is subject to MIT license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
According to
https://github.com/testing-cabal/mock/blob/5.1.0/LICENSE.txt the
project is subject to BSD-2-Clause license. (Also
https://pypi.org/project/mock/ states 'BSD License'.)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to https://pypi.org/project/lru-dict/ and
https://github.com/amitdev/lru-dict/blob/v1.3.0/LICENSE the project is
licensed under MIT.
Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both https://pypi.org/project/email-validator/ and
https://github.com/JoshData/python-email-validator/blob/v2.1.1/LICENSE
declare this project is subject to 'Unlicense'.
For additional reference, see upstream commit
https://github.com/JoshData/python-email-validator/commit/5d72f53412821189ebc826100fb2a673530c5ac6
("Relicense under the Unlicense (instead of CC0)")
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
According to https://github.com/ICRAR/crc32c/blob/v2.3/LICENSE and
https://github.com/ICRAR/crc32c?tab=readme-ov-file#license change
'LGPL-2.0-or-later' in LICENSE value to 'LGPL-2.1-or-later'.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Both project pypi page: https://pypi.org/project/cbor2/ as well as
https://github.com/agronholm/cbor2/blob/5.6.3/LICENSE.txt state that it
is subject to MIT rather than Apache-2.0 license. Also update
LIC_FILES_CHKSUM value to reference the LICENSE.txt file from the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
According to homepage https://xlsxwriter.readthedocs.io/license.html
and pypi page https://pypi.org/project/XlsxWriter/ as well as
https://github.com/jmcnamara/XlsxWriter/blob/RELEASE_3.1.9/LICENSE.txt
the module is licensed under BSD-2-Clause.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the
`Access-Control-Allow-Private-Network` CORS header to be set to true
by default, without any configuration option. This behavior can expose
private network resources to unauthorized external access, leading to
significant security risks such as data breaches, unauthorized access
to sensitive information, and potential network intrusions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6221
Upsteam-Patch:
https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Twisted is an event-based framework for internet applications, supporting
Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process
pipelined HTTP requests out-of-order, possibly resulting in information
disclosure. This vulnerability is fixed in 24.7.0rc1.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-41671
Upstream-patches:
https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Add missing RDEPENDS for ptest:
- python3-zoneinfo
- tzdata
Similar to fixes in Styhead 110b636836348530ec4965ebd3ee753928f21b44 but for 2.18.4
and without needing to add the python3-tzdata recipe.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a new upstream fix to remove the TMPDIR
reference from the rust code.
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
We've seen TMPDIR [build-paths] contamination in the
built pydantic_core/_pydantic_core.cpython-*-*-linux-gnu.so
See discussion upstream in:
https://github.com/pydantic/pydantic-core/issues/1365
Backport fix from:
https://github.com/pydantic/pydantic-core/commit/e07c41b3bad75948201a2201387225694c2fb501
Similar to Styhead 6f0a41130c0dcf80e22f6f3fd93d39369c235693, but for 2.18.4
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://docs.pydantic.dev/latest/changelog/#v274-2024-06-12
What's Changed
* Packaging
- Bump pydantic.v1 to v1.10.16 reference by @sydney-runkle in
#9639
* Fixes
- Specify recursive_guard as kwarg in FutureRef._evaluate by
@vfazio in #9612
Full commit log:
https://github.com/pydantic/pydantic/compare/v2.7.3...v2.7.4
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipe for pydantic currently is at version 2.7.3. This
project specifies in its pyproject.toml that it depends on
pydantic-core version 2.18.4. Because an older 2.16.3 version
of pydantic-core was used now, a simple bit of code will break.
from enum import Enum
from pydantic import BaseModel
class Color(str, Enum):
RED = "RED"
BLUE = "BLUE"
class Car(BaseModel):
color: Color
print(Car(color=Color.RED))
This will upgrade the python3-pydantic-core recipe to make it
compatible with python3-pydantic, so that the above snippet of
code will no longer fail.
Two patches are removed, these backports are now included in the
upstream code. A new patch is added to set the required rust
compiler from 1.76 to 1.75. Version 1.76 is not actually needed.
File python3-pydantic-core-crates.inc is regenerated by running
'bitbake -c update_crates python3-pydantic-core'.
The recipes RDEPENDS now includes python3-compression. The pydantic
schema validator imports 'importlib.metadata' which wants to import
'zipfile'.
The buildpaths QA check is skipped. This should be fixed at some
point, but it was already failing before this change.
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport from Styhead bee8b9bbc48e5ee9a4b67aed09027e62143eb34c as part of the overall scarthgap fix
Fix typo in python3-pydantic version, it was 2.7.3 not 2.7.2
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For full changelog, see:
https://github.com/pydantic/pydantic/compare/v2.7.1...v2.7.3
Highlights:
v2.7.3 (2024-06-03)
Bump pydantic-core to v2.18.4 by @sydney-runkle in #9550
v2.7.2 (2024-05-28)
Bump pydantic-core to v2.18.3 by @sydney-runkle in #9515
Backport from Styhead a45050c6433818e2196bc9e9ceaf2fb9ceec7095 as part of the overall scarthgap fix
Fix typo in version number, it was upgraded to 2.7.3, not 2.7.2
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
-Bump pydantic-core to v2.18.2
-Ftp and Websocket connection strings support
-Use field description for RootModel schema description when there is no docstring
-Fix validation_alias behavior with model_construct for AliasChoices and AliasPath
-Revert typing.Literal and import it outside the TYPE_CHECKING block
-Fix Secret serialization schema, applicable for unions
-Fix strict application to function-after with use_enum_values
-Address case where model_construct on a class which defines model_post_init fails with AttributeError
-Fix model_json_schema with config types
-Support multiple zeros as an int
-Fix validation of ints with leading unary plus
-Fix interaction between extra != 'ignore' and from_attributes=True
-Handle error from Enum's missing function as ValidationError
-Fix memory leak with Iterable validation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport from Styhead 6112eb064ccaf7b9c74b285e3fc070bab0343340 as part of the overall scarthgap fix
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport upstream abseil-cpp fix[1] for SIGILL crash on RISC-V with
6.6 and newer kernels. The patch has been tweaked to apply on top
of the existing patch stack to the vendored copy of abseil-cpp.
[1]: https://github.com/abseil/abseil-cpp/commit/7335a36d
(cherry-picked from 080287ebe1f6958088871194f8ae5674edd41589)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* crypto: use _Generic only if !defined(__cplusplus)
* fixes build with gcc-14 which has __builtin_addc and __builtin_subc
with gcc-13 it was already using the #else branch because of missing builtins
* fixes
https://github.com/grpc/grpc/issues/35945
http://errors.yoctoproject.org/Errors/Details/766916/
* _Generic was introduced in boringssl with:
https://boringssl.googlesource.com/boringssl/+/70ca6bc24be103dabd68e448cd3af29b929b771d%5E%21/#F4
* but e.g. third_party/boringssl-with-bazel/src/ssl/d1_both.cc includes
this internal.h and from the .cc extension gcc will process it as C++
where _Generic isn't available, causing:
In file included from third_party/boringssl-with-bazel/src/ssl/d1_both.cc:125:
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h: In function 'uint32_t CRYPTO_addc_u32(uint32_t, uint32_t, uint32_t, uint32_t*)':
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1159:7: error: expected primary-expression before 'unsigned'
1159 | unsigned: __builtin_addc, \
| ^~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1166:10: note: in expansion of macro 'CRYPTO_GENERIC_ADDC'
1166 | return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
| ^~~~~~~~~~~~~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1160:7: error: expected primary-expression before 'unsigned'
1160 | unsigned long: __builtin_addcl, \
| ^~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1166:10: note: in expansion of macro 'CRYPTO_GENERIC_ADDC'
1166 | return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
| ^~~~~~~~~~~~~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1161:7: error: expected primary-expression before 'unsigned'
1161 | unsigned long long: __builtin_addcll))((x), (y), (carry), (out_carry))
| ^~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1166:10: note: in expansion of macro 'CRYPTO_GENERIC_ADDC'
1166 | return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
| ^~~~~~~~~~~~~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1158:4: error: '_Generic' was not declared in this scope
1158 | (_Generic((x), \
| ^~~~~~~~
third_party/boringssl-with-bazel/src/ssl/../crypto/internal.h:1166:10: note: in expansion of macro 'CRYPTO_GENERIC_ADDC'
1166 | return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
| ^~~~~~~~~~~~~~~~~~~
(cherry picked from commit 5778e32eae201072c5dc37c9db67dc1848ffb9de)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This needs to be upgraded to 2.19+ but until then
backport a fix to keep it building.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Tim Orling <ticotimo@gmail.com>
(cherry picked from commit 39d164f0c33d24f40e676aac152dfe50f2c00695)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Fixed typo 'marking' instead of 'marketing' in case-insensitive mailbox name list.
- When DNS-based deliverability checks fail, in some cases exceptions are now
thrown with raise ... from for better nested exception tracking.
- Fixed tests to work when no local resolver can be configured.
- This project is now licensed under the Unlicense (instead of CC0).
- Minor improvements to tests.
- Minor improvements to code style.
License-Update: Relicense under the Unlicense (instead of CC0)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0dd1264a9499b213ff9edd3618ea2a3e8fae9c56)
Signed-off-by: Richard Leitner <dev@g0hl1n.net>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
