Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=walnascar 2024-12-19T17:41:21+00:00 2024-12-19T17:41:21+00:00 Derek Straka derek@asterius.io 2024-12-16T15:55:14+00:00 urn:sha1:c089690f57155cc62c3b22a9af9527ec927b16e3 With the upstream check migrated to the simple repo API, a number of the recipes required updates to: 1. Remove outdated UPSTREAM_CHECK_REGEX checks 2. Add recipe specific UPSTREAM_CHECK_PYPI_PACKAGE definitions for packages that use '_', CamelCase, or other deviations from PEP625 in the source archive Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-09-03T14:05:13+00:00 Soumya Sambu soumya.sambu@windriver.com 2024-09-03T12:52:59+00:00 urn:sha1:dadb8790bdf59463ab41ebb65f87e659eafa5664 A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. References: https://nvd.nist.gov/vuln/detail/CVE-2024-6221 Upsteam-Patch: https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2023-09-30T08:03:17+00:00 Derek Straka derek@asterius.io 2023-09-29T22:00:09+00:00 urn:sha1:6c29bdf1fd5edeea789b891f7bffcd4c07329f39 Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>