Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=dunfell 2024-04-02T12:12:59+00:00 2024-04-02T12:12:59+00:00 Hitendra Prajapati hprajapati@mvista.com 2024-03-12T06:02:31+00:00 urn:sha1:830419a2d9dccea49e8507169151d6296b321be8 Upstream-Status: Backport from https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2024-03-03T21:38:27+00:00 Vijay Anusuri vanusuri@mvista.com 2024-02-23T02:14:43+00:00 urn:sha1:c74ebbddfd9dbe02d3f7422016324451eb218e1e Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a & https://github.com/python-pillow/Pillow/commit/0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80 & https://github.com/python-pillow/Pillow/commit/557ba59d13de919d04b3fd4cdef8634f7d4b3348] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-17T20:36:42+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2023-11-20T22:32:18+00:00 urn:sha1:91a1284a8ca86bb269087ecd6fcff1ff40534130 The command "bitbake universe -c fetch" currently throws a ton of warnings as there are many 'impossible' dependencies. In some cases these variants may never have worked and were just added by copy and paste of recipes. In some cases they once clearly did work but became broken somewhere along the way. Users may also be carrying local bbappend files which add further BBCLASSEXTEND. Having universe fetch work without warnings is desireable so clean up the broken variants. Anyone actually needing something dropped here can propose adding it and the correct functional dependencies back quite easily. This also then ensures we're not carrying or fixing things nobody uses. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d4aa17dc436beb96a804860bc6d18cf72283709e) Backport: * Adapted paths to follow PV changes * Adapted modified recipes to the ones generating warnings Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-06-23T10:58:18+00:00 Vijay Anusuri vanusuri@mvista.com 2023-06-09T09:19:04+00:00 urn:sha1:a0a0abb5409d40f019d6b927808d0443d08c0a51 Upstream-Status: Backport [https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-02-22T16:24:23+00:00 Shubham Kulkarni skulkarni@mvista.com 2023-02-03T11:12:09+00:00 urn:sha1:eadcdb97d43d083b8b614e203c19bda5469678c8 Fix for CVE-2022-45198: Improper Handling of Highly Compressed GIF Data Backport from https://github.com/python-pillow/Pillow/commit/884437f8a2b953a0abd2a3b130a87fcfb438092e Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2022-09-11T17:49:52+00:00 Hitendra Prajapati hprajapati@mvista.com 2022-08-02T04:16:07+00:00 urn:sha1:e5e63be86e247f1e243e4a8aa2be94e09df06c4c Source: https://github.com/lxml/lxml MR: 119399 Type: Security Fix Disposition: Backport from https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f ChangeID: 0b1ef4ce4c901ef6574a83ecbe4c4b1d2ab24777 Description: CVE-2022-2309 libxml: NULL Pointer Dereference allows attackers to cause a denial of service. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> 2022-06-15T13:45:03+00:00 Adrian Fiergolski adrian.fiergolski@fastree3d.com 2022-06-01T14:22:25+00:00 urn:sha1:986bb14aafe514ef20c11071ca8cd747b39c3b0e In order to fix the dependency issue on PIL module, python3-pillow is required. Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d4e70a19600bee178d81b467dd9e118cbf057f65) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit fcc7d7eae82be4c180f2e8fa3db90a8ab3be07b7) [fixup for honister context] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 44c394f3cbdce8c7297af01c0f5ee030e1e3dacd) [fixup for dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com> 2022-05-26T02:34:39+00:00 Martin Jansa martin.jansa@gmail.com 2022-05-10T16:30:12+00:00 urn:sha1:b99a386cd1398f1272798bbe3e4fc6c1be560e36 * backport the actual code change from https://github.com/pyca/cryptography/pull/5747 without the docs and CI changes (which aren't applicable on old 2.8 version) and backport 2 older changes to make this fix applicable on 2.8. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2022-04-18T14:37:42+00:00 Ranjitsinh Rathod ranjitsinh.rathod@kpit.com 2022-04-08T09:57:49+00:00 urn:sha1:dbf01a10e27d91f55c215156d97c62096d22d56a Add patch to fix CVE-2020-26137 Link: https://ubuntu.com/security/CVE-2020-26137 Link: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b.patch Add patch to fix CVE-2021-33503 Link: https://ubuntu.com/security/CVE-2021-33503 Link: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec.patch Signed-off-by: Nikhil R <nikhil.r@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2021-11-17T20:26:21+00:00 Armin Kuster akuster808@gmail.com 2021-11-07T19:09:24+00:00 urn:sha1:59bff77ad0b3a66417194670de25f60183a4f6bb This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>