Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=wrynose 2026-04-01T20:16:41+00:00 2026-04-01T20:16:41+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-31T11:38:35+00:00 urn:sha1:90d7c9007503d7fae253cb1fc9b5a0b1275786be Changes: * Support Python 3.14 * Fix bug in Levenshtein distance when substitution_cost > 2 * Fix bug in Treebank detokeniser re quote ordering * Fix bug in Jaro similarity for empty strings * Several security enhancements * Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder * Implement TextTiling vocabulary introduction method (Hearst 1997) * Fix ALINE feature matrix errors and add comprehensive tests * Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids * Let downloader fallback to md5 when sha256 is unavailable * Several other minor bugfixes and code cleanups Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> 2026-03-18T21:33:28+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-16T16:50:29+00:00 urn:sha1:001d503fe7f26ff8985f9414a0995bfaa1479fed Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0846 It has been fixed in version 3.9.3, however NVD tracks it without CPE/version info. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2026-02-25T06:30:31+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-02-24T17:04:48+00:00 urn:sha1:14d464c15094d1758dc14706646a8aa645a3bf34 Contains fix for CVE-2026-14009. Changelog: * Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader * Block path traversal/arbitrary reads in nltk.data for protocol-less refs * Block path traversal/abs paths in corpus readers and FS pointers * Validate external StanfordSegmenter JARs using SHA256 * Add optional sandbox enforcement for filestring() * Maintenance: downloader/zipped models, CI/tooling updates Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-12-31T16:28:55+00:00 Gyorgy Sarvari skandigraun@gmail.com 2025-12-30T15:48:58+00:00 urn:sha1:1225394e9528ac7d654e9c4ff9aec9d2d3a491d9 The CVEs for this project are tracked under nltk:nltk CPE, which doesn't match the default python:nltk CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'nltk'; CVE-2019-14751|nltk|nltk|||3.4.5|< CVE-2021-3828|nltk|nltk|||3.6.3|<= CVE-2021-3842|nltk|nltk|||3.6.6|< CVE-2021-43854|nltk|nltk|||3.6.5|< Set the CVE_PRODUCT so it can be used to match CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-10-14T16:00:23+00:00 Wang Mingyu wangmy@fujitsu.com 2025-10-14T09:19:11+00:00 urn:sha1:73fce7c7699239bc8007df918e2f02fa107e02e2 Changelog: ============= * Update download checksums to use SHA256 in built index * Fix percentage escape in new-style string formatting * replace shortened URLs using goo.gl * Make Wordnet interoperable with various taggers and tagged corpora * Fix saving PerceptronTagger * Document how to reproduce old Wordnet studies * properly initialize Portuguese corpus reader * support for mixed rules conversion into Chomsky Normal Form * only import tkinter if a GUI is needed * issue #2112 with Corenlp * new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL * Lesk defaults to most frequent sense in case of ties Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-11-20T17:32:08+00:00 Thomas Perrot thomas.perrot@bootlin.com 2024-11-20T14:54:03+00:00 urn:sha1:02673cbf61cb737026674c697642b3dacb5bb6d0 The Natural Language Toolkit (NLTK) is a Python package for natural language processing. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>