Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=whinlatter 2026-05-08T01:52:44+00:00 2026-05-08T01:52:44+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-30T11:46:39+00:00 urn:sha1:8a69f13465ee5437329eacdd37feee8e8c68fa4d Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.30/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-04-30T11:46:38+00:00 urn:sha1:e424330cc18aabd4d16e6904f7354240bfab915f Contains fixes for CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033 and CVE-2026-33034. Changelog: https://docs.djangoproject.com/en/6.0/releases/5.2.13/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Bartosz Golaszewski bartosz.golaszewski@oss.qualcomm.com 2026-04-30T11:46:37+00:00 urn:sha1:d301c5a3e0909ca4aecb387baeffc981f72615c1 Bug-fix release addressing a buffer overflow bug discovered during an AI-augmented security audit as well as another minor issue with unnecessarily duplicated code. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 7e24f2b5a868989719a1afde14258b323c7a3a56) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Wang Mingyu wangmy@fujitsu.com 2026-04-30T11:46:36+00:00 urn:sha1:2259e75e79be1e8c51c74604574b7ea9690980ff Changelog: ========== * fixed critial findings in C Extension Analysis Report * add tests, in particular 'devel/test_capi.py' Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 041704b01cc0c039390b42ee72a28bdc13a630b2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Wang Mingyu wangmy@fujitsu.com 2026-04-30T11:46:35+00:00 urn:sha1:f92680f61d0b5cca2d8b9c87c8846c0a3bd1cc67 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 36111dde1a7cd9f9df139d8dded91ea771336a69) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Wang Mingyu wangmy@fujitsu.com 2026-04-30T11:46:34+00:00 urn:sha1:8ecca3786cb534069f397d1bd191c6311499fbff Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2c0a4edb58da813ca3d9709baed7b5c67ae85e2e) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Wang Mingyu wangmy@fujitsu.com 2026-04-30T11:46:33+00:00 urn:sha1:2ce4783d774d7feed9b4a95160ad06c0a8f9be22 Request.host and get_host return the empty string if the header is missing or has invalid characters. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit d8c310aa52e669ca894d4b343bd83a97cb6eb8d4) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Wang Mingyu wangmy@fujitsu.com 2026-04-30T11:46:32+00:00 urn:sha1:f110ce82a6afb077deeec79ad8be65ea0f13b293 Changelog: ========== - parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. - WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. - Transfer-Encoding is parsed as a set. - Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. - Fix multipart form parser handling of newline at boundary. - Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. - merge_slashes merges any number of consecutive slashes. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit db8bd24b0db925cdbd4b9d444981846871c354f2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Mingli Yu mingli.yu@windriver.com 2026-04-30T11:46:31+00:00 urn:sha1:6ae02f0f60e77f8e69cbcc9cfc13e67569a3f5c9 Changlog: https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.19.2 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 27d096d984b1a5b567ba1b217c3fee8581284575) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-05-08T01:52:44+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-04-23T12:48:16+00:00 urn:sha1:9f003507af4c56d52b378714c6614cfb0f656b9d Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33186 The vulnerability only affects the Go implememtation of the library, not the Python one. Ignore this CVE due to this. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 468ee626f88272eedf275efe6f68640ee643c3f4) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>