| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream project has switched to build_meta build backend with
version 4.2.21, and when the recipe was update to 4.2.26, the build
backend was changed in the layer also.
Even though the recipe compilation didn't fail, it didn't install the required
files (it pretty much produced empty folders), because the build backend
required a much newer setuptools version than the one provided by oe-core,
it errored out silently. This problem may be hidden by other layers that
ship a newer version of setuptools, like the kirkstone-rust branch in
meta-lts-mixins layer.
To be able to install the recipe (without adding extra layers), this patch
partially reverts the build backend change from upstream, and adds back
setuptools build support.
Ptest summary after this patch:
Ran 16377 tests in 353.124s
OK (skipped=1287, expected failures=5)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
- Fix CVE-2025-13372
- Fix CVE-2025-64460
- Fixed a regression in Django 4.2.26 where DisallowedRedirect was
raised by HttpResponseRedirect and HttpResponsePermanentRedirect
for URLs longer than 2048 characters. The limit is now 16384 characters
https://docs.djangoproject.com/en/6.0/releases/4.2.27/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change is for python3-django_2.2.28.
The patch was accidentally backported incorrectly. The patch in general
introduces a field-length restrictrion on the email input fields, however
the patch was backported in a way that the restriction was applied on
file input fields instead of email fields.
This change amends the patch in a way to restrict the email field.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These patches are for python3-django_3.2.25
These patches only touch the tests folder, which is normally not installed.
Most of these changes are backported patches, that adapt tests to modern(er)
Python environment than they were written for, and some other just fix a bug
in the tests that were always present.
0001-Fix-tag_strip-tests.patch: The html parser's behavior in Python has changed,
making this testcase fail. This is a partial backport of the patch, which handles
only the Python version that is shipped with oe-core (The original patch handles
both old and new versions)
0001-Fixed-test_utils.tests.HTMLEqualTests.test_parsing_e.patch: this backported
patch makes a test-verification conform to html5 standard. Previously the test failed.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch is only for python3-django_3.2.25.
The URL validator didn't detect invalid IPv6 addresses, treating them
as correct ones, making a testcase fail. (Also, according to the comment,
it could also crash in some cases, though I haven't encountered that)
This backported patch mitigates this behavior.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These patches are for python3-django_2.2.28
These patches only touch the tests folder, which is normally not installed.
Most of these changes are backported patches, that adapt tests to modern(er)
Python environment than they were written for, and some other just fix a bug
in the tests that were always present.
0001-Fix-tag_strip-tests.patch: The html parser's behavior in Python has changed
since 3.9, making this testcase fail. This is a partial backport of the patch,
which handles only the Python version that is shipped with oe-core (The original
patch handles both old and new versions)
0001-Fixed-inspectdb.tests.InspectDBTestCase.test_custom_.patch: SQLite3's behavior
has changed also since the tests were written, making some testcases fail. This
backported patch fixes that.
0001-Fixed-test_utils.tests.HTMLEqualTests.test_parsing_e.patch: this backported
patch makes a test-verification conform to html5 standard. Previously the test failed.
0001-Made-RemoteTestResultTest.test_pickle_errors_detecti.patch: This backported
patch once again adapts a test to an evolved library. tblib's behavior has changed
in a way that the tests couldn't pickle the exceptions from the library, and the
tests that verify exceptions were failing due to this.
0001-fix-quote-type-in-expected-error-message.patch: This is not a backported patch.
Error messages are localized, and a test verifies an error message that contains
a quote. The test expects double quotes, but the default locale used with the testimage
is using single quotes. Since the test and the expected error message are correct
otherwise, just changed this expected quote in the test.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch is only for python3-django_2.2.28.
The URL validator didn't detect invalid IPv6 addresses, treating them
as correct ones, making a testcase fail. (Also, according to the comment,
it could also crash in some cases, though I haven't encountered that)
This backported patch mitigates this behavior.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch is for python3-django_2.2.28
The hostname's length has been incorrectly validated, it was checking
an incorrect section of the URL, this made a testcase fail.
This backported patch mitigates this issue.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change is for python3-django_2.2.28.
During backporting a patch for CVE-2024-56374, an import got into
the patch for v2.2.28 that does not exist yet in that version.
This patch handles this import with a fallback to prevent throwing
and ImportError.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change is for python3-django_2.2.28.
This patch is an extension for CVE-2024-27351.patch. The class that patch
introduced wasn't completely suitable for this version of the recipe, because
it was accessing a function of it that was not implemented (the upstream
version that introduced this class did not use that function, it is specific
to this old version).
This patch adds the missing implementation to avoid errors.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This change is for python3-django_2.2.28.
The patch that mitigated CVE-2024-246680 accidentally also brought
a regression, some numbers were converted to (human-friendly) string incorrectly.
This backported patch mitigates this problem.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This change is for python3-django_2.2.28.
This patch contains an incorrect intendation, making the tests fail.
This change fixes that.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following error introduced by CVE-2024-42005.patch:
AttributeError: module 'django.db.models' has no attribute 'JSONField'
The patch assumes JSONField is available from django.db.models, which
is not the case for this Django version.
Revert the changes in the following files to restore compatibility:
tests/expressions/models.py
tests/expressions/test_queryset_values.py
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix the following error introduced by CVE-2024-27351.patch and
CVE-2025-32873.patch:
NameError: name '_lazy_re_compile' is not defined
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Pick patch per [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-69277
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 889ccce6848276fa68b3736b345552a533bc6bd2)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-24476
https://nvd.nist.gov/vuln/detail/CVE-2024-24478
https://nvd.nist.gov/vuln/detail/CVE-2024-24479
Upstream disputes all three vulnerabilities[1]. Looking at the history,
even though they were valid issues for some period of time, none of
them made it to an actual stable release: the vulnerabilities were
caused, caught and fixed in the same development cycle between two
releases.
CVE-2024-24476: vulnerability introduced with[2], fixed with[3]
CVE-2024-24478: vulnerability introduced with[4], fixed with[5]
CVE-2024-24479: vulnerability introduced with[6], fixed with[7]
Ignore all three of these vulnerabilities, as they are not present
in the used recipe version.
[1]: https://www.wireshark.org/docs/relnotes/wireshark-4.2.4.html
[2]: https://github.com/wireshark/wireshark/commit/395e3b6cb595bfc610f3c26e7e9eb1f8729fd952
[3]: https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78
[4]: https://github.com/wireshark/wireshark/commit/a9a62ff576ae79e0d6afb3214a5d409ec4cdf9d7
[5]: https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef
[6]: https://github.com/wireshark/wireshark/commit/53ec634ac2bf5f87a594aa72f16ca21c25a146a9
[7]: https://github.com/wireshark/wireshark/commit/c3720cff158c265dec2a0c6104b1d65954ae6bfd
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are all bugfix releases.
Drop CVE-2022-3190.patch, as it is included in 3.4.16.
Changelogs:
3.4.13: https://www.wireshark.org/docs/relnotes/wireshark-3.4.13.html
3.4.14: https://www.wireshark.org/docs/relnotes/wireshark-3.4.14.html
3.4.15: https://www.wireshark.org/docs/relnotes/wireshark-3.4.15.html
3.4.16: https://www.wireshark.org/docs/relnotes/wireshark-3.4.16.html
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/513e5d49724f4a0695c5d2a08ce422c09cb999c8
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-34062
Pick the patch mentioned by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-52804
Pick the patch mentioned by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-28370
The NVD advisory mentions that the vulnerability was fixed
in v6.3.2. I checked the commits in that tag, and picked the
only one that's commit message described the same vulnerability
as the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The recipe contains two CVE_CHECK_IGNORE declarations, and the second
one overwrites the first one - however the first one is also important.
Instead of overwriting it, just append them to each other. Also, move the
operations closer to each other, so it's easier to see what's going on.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2024-3566 only effects Microsoft Windows.
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d68c56e1ed2adc8246a18424ed5d9ede5e8254a0)
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/b4e6f826d9ddcc2d72eac432746807e1234266db
Reference: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127
The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49769
Pick the patch that is referenced in the NVD report (which is
a merge commit. The patches here are the individual patches from
that merge).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49768
Pick the patch mentioned in the NVD report (which is a merge commit,
and the patches here are the individual commits from that merge)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49766
https://nvd.nist.gov/vuln/detail/CVE-2025-66221
Both vulnerabilities affect Windows only - ignore them.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove change of default for clear_untrusted_proxy_headers
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ef4e48c7a06b16755181a11d1d2d0d823353a95d)
Contains fix for CVE-2022-31015
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4d964d4d79388c8c2db8d8a3fec029a656f9f937)
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-29063
Pick the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-29217
Pick the patch referenced by the NVD advsory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
| |
The only change is a fix for CVE-2022-21797
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-24816
Pick the patch referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938
Pick the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-30861
Pick the patch referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112
Pick the patch that resolves the issue referenced in the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64076
The vunerability was introduced in v5.6.0[1], the recipe version doesn't
contain the vulnerable piece of code.
[1]: https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Similarly to c++ protobuf, add products matching historical entries.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ae7556a737f7d21b0e345226fdab4a286d2f85db)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These grpc python modules contain parts of grpc core.
Each CVE needs to be assessed if the patch applies also to core parts
included in each module.
Note that so far there was never a CVE specific for python module, only
for grpc:grpc and many of those needed to be fixed at leasts in grpcio:
sqlite> select vendor, product, count(*) from products where product like '%grpc%' group by vendor, product;
grpc|grpc|21
grpck|grpck|1
linuxfoundation|grpc_swift|9
microsoft|grpconv|1
opentelemetry|configgrpc|1
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f993cb2ecb62193bcce8d3d0e06e180a7fef44b8)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-43612
Pick the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is a bugfix release, with some ioctl handling fixes.
Changelog:
- Adjust the handling of SPI_IOC_RD_LSB_FIRST ioctl call
- Parameter for SPI_IOC_WR_LSB_FIRST ioctl is {0, 1}.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
2.0.4:
- Fix missing comma in JSON output.
2.0.3:
- Fix segfault when filelimit is used and tree encounters a directory it
cannot enter.
- Use += when assigning CFLAGS and LDFLAGS in the Makefile allowing
them to be modified by environment variables during make. (Ben Brown)
Possibly assumes GNU make.
- Fixed broken -x option (stops recursing.)
- Fix use after free (causing segfault) for dir/subdir in list.c
- Fixes for .gitignore functionality
- Fixed * handing in patmatch. Worked almost like ** before, now properly
stops at /'s. These issues were the result of forgetting that patmatch()
was just to match filenames to patterns, not paths.
- Patterns starting with / are actually relative to the .gitignore file,
not the root of the filesystem, go figure.
- Patterns without /'s in .gitignore apply to any file in any directory
under the .gitignore, not just the .gitignore directory
- Remove "All rights reserved" from copyright statements. A left-over from
trees original artistic license.
- Add in --du and --prune to --help output
- Fixed segfault when an unknown directory is given with -X
- Fixed output up for -X and -J options.
- Remove one reference to strnlen which isn't necessary since it may not
be available on some OS's.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
2.6.2:
- Bug in C code (with gcc 1.5) fixed
2.6.1:
- Wrapper now handles devices with non-continuous interface numbering:
www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?f=2&t=2915&p=19605
- catch error with retrieving the active configuration, exit gracefully:
https://bugs.launchpad.net/bugs/1880191
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Changelog:
- Fixed minor leak
- Documentation fixes
- Updated translations
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The upstream site (landley.net) serves inconsistent content when using HTTP,
causing checksum mismatches during do_fetch. Using HTTPS ensures stable
downloads and resolves checksum failures.
Signed-off-by: Sanjay Chitroda <sanjayembeddedse@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32019
The vulnerability affects the ndsudo binary, part of netdata.
This binary was introduced in version 1.45.0[1], and the recipe
contains v1.34.1 - which is not vulnerable yet.
Ignore the CVE due to this.
[1]: https://github.com/netdata/netdata/commit/0c8b46cbfd05109a45ee4de27f034567569fa3fa
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36137
The vulnerability affects the permission model, which was introduced[1]
in v20 - the recipe version isn't vulerable yet.
[1]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-3566
https://nvd.nist.gov/vuln/detail/CVE-2024-36138
This vulnerabilities affect Windows only.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
