Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=dunfell 2024-04-02T12:12:59+00:00 2024-04-02T12:12:59+00:00 Hitendra Prajapati hprajapati@mvista.com 2024-03-12T06:02:31+00:00 urn:sha1:830419a2d9dccea49e8507169151d6296b321be8 Upstream-Status: Backport from https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2024-03-03T21:38:27+00:00 Vijay Anusuri vanusuri@mvista.com 2024-02-23T02:14:43+00:00 urn:sha1:c74ebbddfd9dbe02d3f7422016324451eb218e1e Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a & https://github.com/python-pillow/Pillow/commit/0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80 & https://github.com/python-pillow/Pillow/commit/557ba59d13de919d04b3fd4cdef8634f7d4b3348] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-17T20:36:42+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2023-11-20T22:32:18+00:00 urn:sha1:91a1284a8ca86bb269087ecd6fcff1ff40534130 The command "bitbake universe -c fetch" currently throws a ton of warnings as there are many 'impossible' dependencies. In some cases these variants may never have worked and were just added by copy and paste of recipes. In some cases they once clearly did work but became broken somewhere along the way. Users may also be carrying local bbappend files which add further BBCLASSEXTEND. Having universe fetch work without warnings is desireable so clean up the broken variants. Anyone actually needing something dropped here can propose adding it and the correct functional dependencies back quite easily. This also then ensures we're not carrying or fixing things nobody uses. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d4aa17dc436beb96a804860bc6d18cf72283709e) Backport: * Adapted paths to follow PV changes * Adapted modified recipes to the ones generating warnings Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-17T20:36:42+00:00 Khem Raj raj.khem@gmail.com 2023-11-20T22:32:17+00:00 urn:sha1:a7ead38b9ce2994b1864b48f350895eb6fd19a52 Signed-off-by: Khem Raj <raj.khem@gmail.com> Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com> (cherry picked from commit e43a9898fc536d1d3bc726180d5c2afd15db0b19) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-12-17T20:36:41+00:00 Bartosz Golaszewski bartosz.golaszewski@linaro.org 2023-11-20T22:32:16+00:00 urn:sha1:0fb64aff055ef12530b0e8d817ec694088be3d14 Add the missing run-time dependency on python3-json. As a result we no longer need to pull python3 native and can drop other *DEPENDS. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 40b4cf5a83098a5f1be873be5c29f26380bc7993) Backported: adapted to old override syntax Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-06-23T10:58:18+00:00 Vijay Anusuri vanusuri@mvista.com 2023-06-09T09:19:04+00:00 urn:sha1:a0a0abb5409d40f019d6b927808d0443d08c0a51 Upstream-Status: Backport [https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-02-22T16:24:23+00:00 Shubham Kulkarni skulkarni@mvista.com 2023-02-03T11:12:09+00:00 urn:sha1:eadcdb97d43d083b8b614e203c19bda5469678c8 Fix for CVE-2022-45198: Improper Handling of Highly Compressed GIF Data Backport from https://github.com/python-pillow/Pillow/commit/884437f8a2b953a0abd2a3b130a87fcfb438092e Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2022-09-11T17:49:52+00:00 Hitendra Prajapati hprajapati@mvista.com 2022-08-02T04:16:07+00:00 urn:sha1:e5e63be86e247f1e243e4a8aa2be94e09df06c4c Source: https://github.com/lxml/lxml MR: 119399 Type: Security Fix Disposition: Backport from https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f ChangeID: 0b1ef4ce4c901ef6574a83ecbe4c4b1d2ab24777 Description: CVE-2022-2309 libxml: NULL Pointer Dereference allows attackers to cause a denial of service. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> 2022-06-15T13:45:03+00:00 Adrian Fiergolski adrian.fiergolski@fastree3d.com 2022-06-01T14:22:25+00:00 urn:sha1:986bb14aafe514ef20c11071ca8cd747b39c3b0e In order to fix the dependency issue on PIL module, python3-pillow is required. Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d4e70a19600bee178d81b467dd9e118cbf057f65) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit fcc7d7eae82be4c180f2e8fa3db90a8ab3be07b7) [fixup for honister context] Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 44c394f3cbdce8c7297af01c0f5ee030e1e3dacd) [fixup for dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com> 2022-05-26T02:34:39+00:00 Martin Jansa martin.jansa@gmail.com 2022-05-10T16:30:12+00:00 urn:sha1:b99a386cd1398f1272798bbe3e4fc6c1be560e36 * backport the actual code change from https://github.com/pyca/cryptography/pull/5747 without the docs and CI changes (which aren't applicable on old 2.8 version) and backport 2 older changes to make this fix applicable on 2.8. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>