Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=wrynose 2025-12-31T16:34:02+00:00 2025-12-31T16:34:02+00:00 Gyorgy Sarvari skandigraun@gmail.com 2025-12-31T07:54:23+00:00 urn:sha1:6ab68968c267b76f0b4fcfc9ff8d06b4356261bf The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797|joblib_project|joblib|||1.1.1|< CVE-2024-34997|joblib_project|joblib|1.4.2|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-12-24T21:18:28+00:00 Wang Mingyu wangmy@fujitsu.com 2025-12-24T09:12:55+00:00 urn:sha1:b92546dea25f13b729454e6176c95f391583d9a7 Changelog: =========== - The Memory object won't overwrite an already existing .gitignore file in its cache directory anymore. - Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive memory allocation and potential crashes by limiting the allowed length of the expression and the maximum numeric value of sub-expressions and not evaluating expressions with non-numeric literals. - Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined abstract base classes and type annotations in Python 3.14+. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>