linux/meta-openembedded.git/meta-python/recipes-devtools, branch walnascar

python3-django: ignore CVE-2025-27556

2025-10-13T07:21:31+00:00

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27556 Vulnerability affects only Windows - ignore it. Signed-off-by: Gyorgy Sarvari

python3-evdev: add ptest

2025-09-10T14:08:15+00:00

root@qemux86-64:~# ptest-runner python3-evdev START: ptest-runner 2025-05-02T22:19 BEGIN: /usr/lib/python3-evdev/ptest [ 61.988046] input: test-py-evdev-uinput as /devices/virtual/input/input18 [ 61.990878] input: test-py-evdev-uinput as /devices/virtual/input/input19 [ 61.993060] input: test-py-evdev-uinput as /devices/virtual/input/input20 [ 61.994497] input: py-evdev-uinput as /devices/virtual/input/input21 [ 61.996659] input: test-py-evdev-uinput as /devices/virtual/input/input22 PASS: tests/test_ecodes.py:test_equality PASS: tests/test_ecodes.py:test_access PASS: tests/test_ecodes.py:test_overlap PASS: tests/test_ecodes.py:test_generated PASS: tests/test_events.py:test_categorize PASS: tests/test_events.py:test_keyevent PASS: tests/test_uinput.py:test_open PASS: tests/test_uinput.py:test_open_context PASS: tests/test_uinput.py:test_maxnamelen PASS: tests/test_uinput.py:test_enable_events PASS: tests/test_uinput.py:test_abs_values PASS: tests/test_uinput.py:test_write PASS: tests/test_uinput.py:test_not_a_character_device PASS: tests/test_uinput.py:test_not_a_character_device_2 PASS: tests/test_uinput.py:test_not_a_character_device_3 PASS: tests/test_util.py:test_match_ecodes_a ============================================================================ Testsuite summary DURATION: 0 END: /usr/lib/python3-evdev/ptest 2025-05-02T22:19 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Yoann Congal Signed-off-by: Khem Raj Signed-off-by: Gyorgy Sarvari

python3-evdev: add missing uinput header

2025-09-10T14:07:59+00:00

Without uinput.h header, the evdev module can't be imported because it lacks the UI_FF* constants. Signed-off-by: Yoann Congal Signed-off-by: Khem Raj Signed-off-by: Gyorgy Sarvari

python3-evdev: upgrade 1.9.1 -> 1.9.2

2025-09-10T14:07:17+00:00

* Remove a merged reproducibility patch * Adapt the --reproducible option Changelog (from [0]): 1.9.2 (May 01, 2025) ==================== - Add the "--reproducible" build option which removes the build date and used headers from the generated ``ecodes.c``. Example usage:: python -m build --config-setting=--build-option='build_ecodes --reproducible' -n - Use ``Generic`` to set precise type for ``InputDevice.path``. [0]: https://github.com/gvalkov/python-evdev/blob/v1.9.2/docs/changelog.rst Signed-off-by: Yoann Congal Signed-off-by: Khem Raj Signed-off-by: Gyorgy Sarvari

python3-protobuf: upgrade from 5.29.4 to 5.29.5

2025-09-07T05:37:56+00:00

protobuf is upgraded from 5.29.4 to 5.29.5. Upgrade python3-protobuf to sync. Signed-off-by: Chen Qi Signed-off-by: Khem Raj Signed-off-by: Gyorgy Sarvari

CVE-2025-53643.patch: Add CVE ID

2025-09-06T14:17:15+00:00

Signed-off-by: Robert Yang Signed-off-by: Gyorgy Sarvari

python3-moteus: upgrade 0.3.88 -> 0.3.89

2025-09-06T14:17:06+00:00

Update python3-moteus to the latest release. Since no formal changelog is available, here's the git shortlog of the moteus python library [1] for the corresponding release: Josh Pieper (2): Add some more register definitions Add --version options to moteus_tool and tview [1] https://github.com/mjbots/moteus/commits/main/lib/python Signed-off-by: Richard Leitner Signed-off-by: Khem Raj (cherry picked from commit 0285799f54661ceb649c8a7d9d4e0522d615a1aa) Signed-off-by: Richard Leitner Signed-off-by: Gyorgy Sarvari

python3-aiohttp: fix CVE-2025-53643

2025-07-27T18:35:10+00:00

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-53643 Signed-off-by: Jiaying Song Signed-off-by: Armin Kuster

python3-tornado: upgrade 6.4.2 -> 6.5

2025-07-27T18:35:10+00:00

Changelog: https://github.com/tornadoweb/tornado/releases/tag/v6.5.0 Signed-off-by: Praveen Kumar Signed-off-by: Armin Kuster

python3-pycares: fix CVE-2025-48945

2025-07-06T23:23:22+00:00

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism. References: https://nvd.nist.gov/vuln/detail/CVE-2025-48945 Signed-off-by: Jiaying Song Signed-off-by: Armin Kuster