summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* python3-aiohttp: upgrade 3.13.4 -> 3.13.5Gyorgy Sarvari2026-04-061-1/+1
| | | | | | | | | | Changelog: Skipped the duplicate singleton header check in lax mode (the default for response parsing). In strict mode (request parsing, or -X dev), all RFC 9110 singletons are still enforced. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* nodejs: ignore fixed CVEsGyorgy Sarvari2026-04-061-0/+7
| | | | | | | | | | | | | All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712, which does not affect v22 series, because it was introduced in a later version[2]. All these CVEs are tracked without version info by NVD at the time of creating this patch. [1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md [2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* mbedtls: upgrade 3.6.5 -> 3.6.6Gyorgy Sarvari2026-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Contains fixes for CVE-2026-25833, CVE-2026-25834, CVE-2026-25835, CVE-2026-34872, CVE-2026-34873, CVE-2026-34874 and CVE-2026-34875. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6 Ptests passed successfully: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-04-06T14:04 BEGIN: /usr/lib/mbedtls/ptest PASS: test_suite_aes.cbc PASS: test_suite_aes.cfb PASS: test_suite_aes.ctr ... PASS: test_suite_version PASS: test_suite_x509parse PASS: test_suite_x509write DURATION: 24 END: /usr/lib/mbedtls/ptest 2026-04-06T14:04 STOP: ptest-runner Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* mbedtls: drop recipe for v2Gyorgy Sarvari2026-04-061-79/+0
| | | | | | | | It has been unmaintained/EOL for over a year - there is a recipe for a newer, still supported version. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libraw: upgrade 0.21.4 -> 0.22.1Gyorgy Sarvari2026-04-062-10/+13
| | | | | | | | | | | | | | | Contains fixes for CVE-2026-5318[1] and CVE-2026-5318[2] (both are tracked without a version by NVD, so they are explicitly marked as patched) License-update: copyright year bump Changelog: https://github.com/LibRaw/LibRaw/blob/0.22-stable/Changelog.txt [1]: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b [2]: https://github.com/LibRaw/LibRaw/commit/2468614a9cbcab6b75ca279ab60cac62156f7aeb Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* leancrypto: upgrade 1.7.0 -> 1.7.1Gyorgy Sarvari2026-04-061-2/+3
| | | | | | | | | | | | | | | | | | | Contains fix for CVE-2026-34610 (which is however tracked without a version by NVD, so it is marked as patched explicitly) Changelog: - Offer a means to select the AES-C constant time / S-Box implementation via lc_init API - use the AES-C constant time implementation by default - it is about 3 times slower than the AES-C S-Box implementation, but more secure. As the leancrypto library is about secure by default, the CT implementation is just right. Furthermore, if a caller wants to have the faster AES-C S-Box, he can call lc_init(LC_INIT_AES_SBOX) at the beginning. - X.509: fix security issue (CVE-2026-34610) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* giflib: mark CVE-2026-23868 patchedGyorgy Sarvari2026-04-061-0/+2
| | | | | | | | | | The fix[1] that is referenced by the NVD advisory is already included in the current recipe version. [1]: https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* freeipmi: mark CVE-2026-33554 patchedGyorgy Sarvari2026-04-061-0/+1
| | | | | | | | The CVE is tracked by NVD without version info. It's description confirms that it is fixed in version 1.6.17. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* dovecot: ignore already fixed CVEsGyorgy Sarvari2026-04-061-0/+5
| | | | | | | | | | | | | | | | | | | The following CVEs are fixed in the current version already, however they are tracked without version info. Upstream has confirmed[1] that these vulnerabilities are fixed, and Debian has also identified the relevant commits: CVE-2025-30189: https://security-tracker.debian.org/tracker/CVE-2025-30189 CVE-2026-0394: https://security-tracker.debian.org/tracker/CVE-2026-0394 CVE-2026-24031: https://security-tracker.debian.org/tracker/CVE-2026-24031 CVE-2026-27855: https://security-tracker.debian.org/tracker/CVE-2026-27855 CVE-2026-27860: https://security-tracker.debian.org/tracker/CVE-2026-27860 [1]: https://seclists.org/fulldisclosure/2026/Mar/13 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* botan: mark CVE-2026-32877 and CVE-2026-32883 patchedGyorgy Sarvari2026-04-061-0/+3
| | | | | | | | | | | | Both CVEs were fixed in version 3.11.0, however NVD tracks them without version/CPE info. Relevant commits: CVE-2026-32877: https://github.com/randombit/botan/commit/798a332e11949afa8b004564bb9031e66c1a4d13 CVE-2026-32883: https://github.com/randombit/botan/commit/6ecc62a4e36937d036df8c8eda6a85708abb8c37 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* botan: upgrade 3.11.0 -> 3.11.1Gyorgy Sarvari2026-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contains fixes for CVE-2026-35580 and CVE-2026-35582 Changelog: https://botan.randombit.net/news.html#version-3-11-1-2026-03-31 -CVE-2026-35580: Resolve certificate verification bypass bug introduced in 3.11.0 -CVE-2026-35582: Resolve TLS 1.3 client authentication bypass -Add optimized Argon2 implementation using AVX512 -Add optimized and constant-time Twofish implementation using AVX512/GFNI -Add optimized and constant-time SEED implementation using AVX512/GFNI -Add optimized and constant-time Whirlpool implementations using AVX2 and AVX512 -Add SSSE3/NEON and AVX2 optimized codepaths for CTR -Add constant time implementations of Camellia, ARIA, SEED and SM4 using AES-NI or ARMv8 AES instructions to implement sbox lookups -Improve performance of the AVX512 implementation of SHA-512 especially for Clang -Optimizations for the IDEA modular multiplication -Fix various minor TLS conformance issues flagged by TLS-Anvil -Fix bug in Ed25519 where an invalid signature checked with PK_Verifier might cause a later valid signature to be rejected. -Fix a bug in handling of ECDSA DER-encode signatures where an invalid signature checked with PK_Verifier might cause a later valid signature to be rejected. -Fix a problem introduced in 3.11.0 which could cause crashes on processors without SSSE3 support, particularly when compiled by GCC. -Fix various new warnings from clang-tidy 22 -Fix a compilation error introduced in 3.11.0 which prevented using ffi unless bcrypt was also enabled. -Avoid a macro collision with Microsoft headers that could cause a compilation problem in amalgamation mode. -Enable explicit_bzero, getentropy, getrandom on Hurd Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* webmin: upgrade 2.621 -> 2.630Jason Schonberg2026-04-061-1/+1
| | | | | | | Changelog: https://github.com/webmin/webmin/releases/tag/2.630 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libgphoto2: Fix c23 build errorsKhem Raj2026-04-052-0/+85
| | | | | | | | | | | | | | Fixes errors e.g. error: assigning to 'char *' from 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] 131 | dot = strrchr(filename, '.'); | ^ ~~~~~~~~~~~~~~~~~~~~~~ 1 error generated. They are latent and brought to fore with autoconf 2.73 which switches defaults to use -std=gnu23 Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ez-ipupdate: Update to 3.0.11b8Khem Raj2026-04-055-83/+60
| | | | | | | Drop upstreamed patches Add a patch to fix C23 build break Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-pyroute2: add missing rdepend of python3-unittestJeroen Hofstee2026-04-051-0/+1
| | | | | | | | Without it, it will throw "ModuleNotFoundError: No module named 'unittest'" from pyroute2/netlink/rtnl/iprsocket.py" line 6. Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libavif: use system libxml2 for building appsMarkus Volk2026-04-041-1/+1
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libavif: enable libyuv supportMarkus Volk2026-04-041-1/+3
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libavif: add PACKAGECONFIG for appsMarkus Volk2026-04-041-4/+6
| | | | | | - This allows to build avifdec,avifenc and avifgainmaputil Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libavif: add gdk-pixbuf support for av1 image formatMarkus Volk2026-04-041-2/+4
| | | | | | | | This commit adds a PACKAGECONFIG to build the av1 gdk-pixbuf-loader/thumbnailer and enables it by default. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* krb5: Fix build with autotools 2.73Khem Raj2026-04-032-0/+38
| | | | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libavif: update 1.3.0 -> 1.4.1Markus Volk2026-04-032-16/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - add missing dependencies - add PACKAGECONFIG for aom,svt-av1 1.4.1 - 2026-03-20 Changed since 1.4.0 Fix build with CMake 3.22 Update aom.cmd/LocalAom.cmake: v3.13.2 Update libxml2.cmd/LocalLibXml2.cmake: v2.15.2 Update libyuv.cmd/LocalLibyuv.cmake: 6067afde5 (1922) Support long path names in Windows Fix cicp management and memory leaks in avifgainmaputil #3102. Removed since 1.4.0 Remove experimental status for the following options of avifenc: --progressive, --layered and --scaling-mode, and the extraLayerCount option of avifEncoder. 1.4.0 - 2026-03-04 Added since 1.3.0 Allow avifenc to read png or jpeg files through stdin using --stdin-format. Support some Sample Transform schemes as defined in the version 1.2 of the AVIF specification. Add an optional argument to the --depth flag of avifenc used to enable a bit depth extension scheme in the encoded file. Add support for converting jpeg files with Apple style gain maps. Add support for PNG cICP chunk when decoding PNG files. If a PNG file contains a cICP chunk and other color information chunks, such as iCCP (ICC profile), the other chunks are ignored as per the PNG Specification Third Edition Section 4.3. Support reading Sample-Transform-based 16-bit AVIF files when avifDecoder::imageContentToDecode & AVIF_IMAGE_CONTENT_SAMPLE_TRANSFORMS is not zero. Support Sample Transform derived image items with grid input image items. Add --sato flag to avifdec to enable Sample Transforms support at decoding. Add --grid option to avifgainmaputil. Apply clean aperture crop, rotation and mirror when decoding to PNG or JPEG. Remove orientation information from Exif if present. Add avif::RGBImageCleanup to the C++ API. Changed since 1.3.0 Set avifDecoder::image->depth to the same value after avifDecoderParse() as after avifDecoderNextImage() when the file to decode contains a 'sato' derived image item. avifdec only enables Sample Transform decoding when --depth is set to 16. Update dav1d.cmd/dav1d_android.sh/LocalDav1d.cmake: 1.5.3 Update googletest.cmd/LocalGTest.cmake: v1.17.0 Update libgav1.cmd: v0.20.0 Update libjpeg.cmd/LocalJpeg.cmake: 3.1.3 Update libyuv.cmd/LocalLibyuv.cmake: deeb764bb (1922) Update libsharpyuv.cmd/LocalLibsharpyuv.cmake: v1.6.0 Update libxml2.cmd/LocalLibXml2.cmake: v2.15.1 Update aom.cmd/LocalAom.cmake: v3.13.1 Update LocalAvm.cmake: research-v13.0.0 Update rav1e.cmd/LocalRav1e.cmake: cargo-c v0.10.20, corrosion v0.6.1, rav1e v0.8.1 Update svt.cmd/svt.sh/LocalSvt.cmake: v4.0.1 Update zlibpng.cmd/LocalZlibpng.cmake: libpng 1.6.55, zlib 1.3.2 Fix grayscale conversion when changing the bit depth. Bump cmake_minimum_required from 3.13 to 3.22 Associate transformative properties with alpha auxiliary image items. Always forward the CICP color primaries, transfer characteristics, and matrix coefficients to the AV1 encoder, which writes them in the Sequence Header OBU, for compatibility with libraries that wrongly ignore the colr box. Use a "quality to quantizer (QP)" mapping formula designed for AOM_TUNE_IQ. Set tuning before applying the user-provided specific aom codec options. Use AOM_TUNE_PSNR by default when encoding alpha with libaom because AOM_TUNE_SSIM causes ringing for alpha. Use AOM_TUNE_IQ by default when encoding still non-RGB color samples with libaom v3.13.0 or later. Converting an image containing a gain map using avifenc with the --grid flag now also splits the gain map into a grid. In avifenc, set Exif orientation to 1 (no transformation) when converting JPEGs to AVIF. Use all-intra encoding for a layered image if the total number of layers is 2 and the quality of the first layer is very low (q <= 10). Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* bmap-writer: upgrade 1.0.3 -> 1.0.4Ayoub Zaki2026-04-031-1/+4
| | | | | | | | Add PACKAGECONFIG for libkcapi to optionally enable kernel crypto API support. Changelog: https://github.com/embetrix/bmap-writer/releases/tag/1.0.4 Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* pkcs11-provider: upgrade 1.1 -> 1.2Ayoub Zaki2026-04-031-1/+1
| | | | | | Changelog: https://github.com/openssl-projects/pkcs11-provider/releases/tag/v1.2.0 Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* opensc: upgrade 0.26.1 -> 0.27.1Ayoub Zaki2026-04-031-2/+2
| | | | | | Changelog: https://github.com/OpenSC/OpenSC/releases/tag/0.27.1 Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* fastfetch: Remove directx-headers dependencyTafil Avdyli2026-04-031-1/+0
| | | | | | | | The directx-headers dependency is no longer required and got removed from CMakeLists.txt Signed-off-by: Tafil Avdyli <tafil@tafhub.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-icu: enable building -native and nativesdk- variantsHongxu Jia2026-04-031-0/+2
| | | | | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-configargparse: upgrade 1.7.3 -> 1.7.5Liu Yiding2026-04-031-2/+4
| | | | | | | Changelog: Slightly simplified PyPI deployment workflow via setuptools-scm Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* dlt-daemon: update patch to fix dlt-daemon crash issueChangqing Li2026-04-031-2/+3
| | | | | | | | A wrong type conversion makes dlt-daemon crash, update the patch to fix it Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ebtables: Use update alternatives for "ebtables"Zhang Xiao2026-04-021-1/+5
| | | | | | | | | The ebtables utility can be provided by both ebtables and iptables packages. Set higher priority for the version provided by iptables to prefer it. Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-ujson: upgrade 5.11.0 -> 5.12.0Wang Mingyu2026-04-021-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-ninja: fix ninja_syntax import and version for setuptools buildJiaying Song2026-04-021-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | Fixes issues introduced in commit 16a72067f5 ("python3-ninja: upgrade 1.11.1.1 -> 1.13.0"). Upstream's __init__.py uses a relative import: from .ninja_syntax import Writer, escape, expand This requires ninja_syntax.py to be present inside the ninja package directory. Upstream relies on CMake (via scikit-build-core) to copy ninja_syntax.py from ninja-upstream/misc/ into the package during build [1]. Since the OE recipe replaces scikit-build-core with setuptools (no-scikit-build.patch), CMake is not invoked and this copy does not happen, causing ImportError at runtime. Similarly, upstream uses scikit-build-core's generate feature to create _version.py from the SCM version. With setuptools, this does not happen automatically, so generate it in do_configure. [1] https://github.com/scikit-build/ninja-python-distributions/commit/f3b4a786be Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libnet-ssleay-perl: upgrade 1.94 -> 1.96Liu Yiding2026-04-023-64/+1
| | | | | | | | | | | | 1.Changelog: https://metacpan.org/dist/Net-SSLeay/changes 2.Remove following patches as merged upstream 0001-tests-Address-another-formatting-difference-in-OpenSSL-3.4.1.patch 0001-test-32_x509_get_cert_info-allow-single-colon.patch Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libtsm: upgrade 4.4.2 -> 4.4.3Liu Yiding2026-04-021-1/+1
| | | | | | | | Changelog: https://github.com/kmscon/libtsm/releases/tag/v4.4.3 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* vsftpd: Fix multilib install conflictsZheng Ruoqin2026-04-011-1/+2
| | | | | | | | | | Fix following error when multilib is used: Running transaction test Error: Transaction test error: file /etc/pam.d/vsftpd conflicts between attempted installs of vsftpd-3.0.5-r0.x86_64_v3 and lib32-vsftpd-3.0.5-r0.core2_32 Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* thunar: upgrade 4.21.4 -> 4.21.5Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ============ - Popup menu at tab label on keybord activated - Add keyboard support for context menu on terminal - Add keyboard support for history menu on back and forward buttons - Add keyboard support for context menu on toolbar - Popup menu on tree view item for keyboard activated - Popup menu at focused widget on keyboard activated - Disable overlay scrolling by default (#367) - Wrap long filenames in error dialogs (#1412) - Limit filname length for create/rename (#1812) - Add fallback for backdrop highlight color - Properties dialog - add separator for fs data - Show filesystem type in preferences - At tooltips to 'Capacity' and 'Usage' (#1806) - Show as well 'usable' size in 'Capacity' row (#1806) - Differ between total and usable fs space (#1806) - Add help text for URL arguments - Call xfconf_shutdown before exit - Store pending column size changes on close (#1318) - Use GtkTreeModelFilter for tree view side pane (#1460) - Tree-view pane: Fix wrong selection on open new window - Prevent shortcuts view focus lost (#1675) - Add 'grab_focus' parameter to 'set directory' calls (#1675) - Expose drag-drop-mode in preferences - Init media_fs_uuids on startup - Never ask twice on replace/overwrite (#1794) - Fix translations for XML file (#1790) - Improve statusbar loading text (#1787) - Detect CDROM media changes using ID_FD_UUID udev property - Add %d to strings to fix some transl. (#939) - Pass current dir to catfish (#1785) - Ignore G_IO_ERROR_NOT_SUPPORTED (#1782) - Show selection busy information on statusbar Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* thingsboard-gateway: upgrade 3.8.2 -> 3.8.3Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* sip: upgrade 6.15.2 -> 6.15.3Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* setxkbmap: upgrade 1.3.4 -> 1.3.5Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-werkzeug: upgrade 3.1.6 -> 3.1.7Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | Changelog: ========== - parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. - WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. - Transfer-Encoding is parsed as a set. - Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. - Fix multipart form parser handling of newline at boundary. - Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. - merge_slashes merges any number of consecutive slashes. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-tomli: upgrade 2.4.0 -> 2.4.1Wang Mingyu2026-04-011-1/+1
| | | | | | | | Changelog: Limit number of parts of a TOML key to address quadratic time complexity Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-sentry-sdk: upgrade 2.55.0 -> 2.56.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | Changelog: ========= - (asgi) Add option to disable suppressing chained exceptions - (logging) Separate ignore lists for events/breadcrumbs and sentry logs - Set exception info on streaming span when applicable - Patch AsyncStream.close() and AsyncMessageStream.close() to finish spans - Patch Stream.close() and MessageStream.close() to finish spans - (starlette) Catch Jinja2Templates ImportError - Add note on AI PRs to CONTRIBUTING.md - Pin GitHub Actions to full-length commit SHAs - Add -latest alias for each integration test suite - Use date-based branch names for toxgen PRs - Update test matrix with new releases (03/19) - Add client report tests for span streaming Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-regex: upgrade 2026.2.28 -> 2026.3.32Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-redis: upgrade 7.3.0 -> 7.4.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | Changelog: ========== - Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info (#3999) - Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs (#3998) - Refactored connection count and SCH metric collection (#4001) - Refactored health check logic for MultiDBClient (#3994) - Expose basic Otel classes and functions to be importable through redis.observability to match the examples in the readthedocs Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-pyais: upgrade 2.20.0 -> 2.20.1Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | this release reduces the supply chain attack surface - pins dependencies - pins workflows - adds a SHA256 hash sum for deployed artifacts - migrates to PyPI trusted publishing Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-marshmallow: upgrade 4.2.2 -> 4.2.3Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | Changelog: =========== - Make marshmallow.fields.Number and marshmallow.fields.Mapping abstract base classes to prevent using them within Schemas - Allow required to be set on marshmallow.fields.Contant - Fix marshmallow.validate.OneOf emitting extra pairs when labels outnumber choices - Fix behavior when passing a dot-delimited attribute name to partial for a key with data_key set - Fix Enum field by-name lookup to only return actual members - marshmallow.fields.DateTime with format="timestamp_ms" properly rejects bool values - Fix typing of error_essages argument to marshmallow.fields.Field - Add ipaddress.* to marshmallow.Schema.TYPE_MAPPING - Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-ipython: upgrade 9.11.0 -> 9.12.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-gunicorn: upgrade 25.1.0 -> 25.3.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug Fixes ========== - HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558) - ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk - HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561) - Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556) - Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563) - uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. - FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to FileWrapper for full PEP 3333 compliance. Previously only supported old-style __getitem__ iteration which broke code explicitly using iter() or next(). Security ============= - ASGI Parser Header Validation: Add security checks per RFC 9110/9112: - Reject duplicate Content-Length headers - Reject requests with both Content-Length and Transfer-Encoding - Reject chunked transfer encoding in HTTP/1.0 - Reject stacked chunked encoding - Validate Transfer-Encoding values - Strict chunk size validation Changes ========== - Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection - ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser - Docker Images: Update to Python 3.14 New Features ============ - Fast HTTP Parser (gunicorn_h1c 0.6.0): Integrate new exception types and limit parameters from gunicorn_h1c 0.6.0 for both WSGI and ASGI workers - Requires gunicorn_h1c >= 0.6.0 for http_parser='fast' - Falls back to Python parser in auto mode if version not met - Proper HTTP status codes for limit errors (414, 431) Performance ============ - ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance - Callback-based parsing with direct bytearray buffer operations - Use bytearray.find() directly instead of converting to bytes first - Use index-based iteration for header parsing instead of list.pop(0) (O(1) vs O(n)) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-fsspec: upgrade 2026.2.0 -> 2026.3.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-fastapi: upgrade 0.135.1 -> 0.135.2Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-faker: upgrade 40.11.0 -> 40.12.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | Changelog: Add address providers for ar_DZ and fr_DZ locale Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-21 18:49:03 +0000