| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.1.9:
- Removed support for Python 3.8.
- Fixed issues to improve lists output.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 0.14.0:
- fix: Add DottedKey to a super table gives wrong output
- feat: enhance custom encoders to accept _parent and _sort_keys
parameters
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.6.2:
- Updated libsodium to 1.0.20-stable (2025-12-31 build) to resolve
CVE-2025-69277.
From 1.6.1:
- The MAKE environment variable can now be used to specify the make
binary that should be used in the build process.
From 1.6.0:
- BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7.
- Added support for the low level AEAD AES bindings.
- Added support for crypto_core_ed25519_from_uniform.
- Update libsodium to 1.0.20-stable (2025-08-27 build).
- Added support for free-threaded Python 3.14.
- Added support for Windows on ARM wheels.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15504
The vulnerability is patched in v0.17.2, however NVD is currently tracking
the CVE without any version info (or more like with out any CPE info)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2025-15504
Changelog:
- Differentiate Mach-O FAT magic bytes and Java class
- Fix MinGW compilation for some configuration
- Fix alignment issue when rebuilding PE relocations
- Fix infinite loop when processing v2 dynamic relocation
- Ensure that added DYN ELF sections are properly aligned
- Fix GnuHash null dereference
- Fix strong performance issue when parsing certain Mach-O
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-42969
Upstream could not reproduce the issue.
The vulnerability has currently the "disputed" flag in the NVD database,
and Github has revoked their related advisory[1].
Ignore this CVE due to this.
[1]: https://github.com/advisories/GHSA-w596-4wvx-j9j6
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2026-21860
Changelog:
- safe_join on Windows does not allow more special device names,
regardless of extension or surrounding spaces.
- The multipart form parser handles a \r\n sequence at a chunk boundary.
This fixes the previous attempt, which caused incorrect content lengths.
- Fix AttributeError when initializing DebuggedApplication with pin_security=False.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python watchdog has removed all dependencies except optional `pyyaml`
dependency for `watchmedo` utility, like follows [1]:
* pathtools dependency was removed in 1.0.0
* python-argh dependency removed in 2.1.6
* requests was never a dependency
* pyyaml only needed for extras (`watchmedo`) and may not be strictly necessary
[1] https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst
Signed-off-by: Tero Kinnunen <tero.kinnunen@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 26.1.0:
Introduces the 2026 stable style, stabilizing the following changes:
- always_one_newline_after_import: Always force one blank line after
import statements, except when the line after the import is a
comment or an import statement
- fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner
declarations, such as def foo(): return "mock" # fmt: skip, where
previously the declaration would have been incorrectly collapsed
- fix_module_docstring_detection: Fix module docstrings being
treated as normal strings if preceded by comments
- fix_type_expansion_split: Fix type expansions split in generic
functions
- multiline_string_handling: Make expressions involving multiline
strings more compact
- normalize_cr_newlines: Add \r style newlines to the potential
newlines to normalize file newlines both from and to
- remove_parens_around_except_types: Remove parentheses around
multiple exception types in except and except* without as
- remove_parens_from_assignment_lhs: Remove unnecessary parentheses
from the left-hand side of assignments while preserving magic
trailing commas and intentional multiline formatting
- standardize_type_comments: Format type comments which have zero
or more spaces between # and type: or between type: and value to
# type: (value)
The following change was not in any previous stable release:
- Regenerated the _width_table.py and added tests for the Khmer
language
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add pytokens release 0.4.0:
- Various packaging and dev improvements
- Just avoid using uv
- Move setup.cfg to pyproject.toml
- Use mypyc for compilation
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New, non-LTS version.
Release notes: https://github.com/django/django/blob/main/docs/releases/6.0.txt
New features in a nutshell:
- Content Security Policy support
- Template Partials
- Background Tasks
- Adoption of Python's modern email API
Ptest summary:
Ran 18643 tests in 164.287s
OK (skipped=1404, expected failures=5)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Django 4.2.x recipe has been deleted, the dependencies that were specific
to version 5.x can be moved to the common .inc file.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Execute the standard, non-selenium tests. The execution is
on the slower side: on my idle machine, KVM enabled it takes
a bit more than 2.5 minutes to execute it (executing tests with
4 threads parallel, 1/core, the default configuration). If the machine is
under load, it easily grows to over 10 minutes.
Added two backported patches for Django 5.2 to fix some tests that
would otherwise fail:
0001-Fix-test_strip_tags-test.patch: tag stripping tests failed due to
changed Python behavior
0001-fix-test_msgfmt_error_including_non_ascii-test.patch: tests were
updated to work with msgfmt 0.25
Most of the skipped tests require some specific database backend
(Postgres, MySQL, Oracle...) or are Selenium tests.
The output is very long (the suite contains way over 15k tests),
so I omit the example output here.
The current summary (for v5.2.9):
Ran 18121 tests in 140.891s
OK (skipped=1394, expected failures=5)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Though the version is not EOL yet, it doesn't support the Python
that comes with oe-core. The last version is supports is 3.12[1],
however oe-core comes with Python 3.13.
[1]: https://docs.djangoproject.com/en/6.0/faq/install/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Serialization library for Exceptions and Tracebacks.
It is a runtime dependency for python3-django ptests.
The ptests for this recipe run under a second.
Sample output:
root@qemux86-64:~# ptest-runner
START: ptest-runner
2026-01-15T19:37
BEGIN: /usr/lib/python3-tblib/ptest
PASS: tests/test_issue30.py:test_30
PASS: tests/test_issue65.py:test_65
PASS: tests/test_perf.py:test_perf
[...many passing lines...]
PASS: tests/test_tblib.py:test_parse_traceback
PASS: tests/test_tblib.py:test_large_line_number
PASS: tests/test_tblib.py:test_pytest_integration
============================================================================
Testsuite summary
DURATION: 1
END: /usr/lib/python3-tblib/ptest
2026-01-15T19:37
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==============
- fix: resolve TOCTOU vulnerabilities in app_data and lock directory creation
- fix: Prevent NameError when accessing _DISTUTILS_PATCH during file overwrite
- Upgrade pip and fix 3.15 picking old wheel
- fix: wrong path on migrated venv
- test_too_many_open_files: assert on errno.EMFILE instead of strerror
- fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146
- fix: resolve EncodingWarning in tox upgrade environment
- Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1
- Add support for PEP 440 version specifiers in the --python flag.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Add TOML v1.1.0 compatibility
- Add binary wheels for Windows arm64
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
==============
- Add allow_private_network in CORSMiddleware
- Increase warning stacklevel on DeprecationWarning for wsgi module
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Add wait_for_activation parameter to pystemd.run to wait only for service activation without blocking until completion
- Document cwd and wait_for_activation parameters in pystemd.run
- Drop support for Python 3.6-3.10, now requires Python 3.11+
- Add unit property and unit_name to TransientUnitProcess for easy access to the running unit
- Change development tooling to use uv for package management
- Change lint/format stack from black/mypy to ruff/pyrefly
- Add a lot of typing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Make sure tests/__init__.py is included in sdist
- Fix compatibility with pytest
- Explicitly tag Python 3.14 compatibility
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
AISTracker.update now accepts raw sentences as well as decoded messages
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: copyright year updated to 2026
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add ptest and upgrade to release 0.13.1:
- pyproject.toml: add pytest as dev dependency
- Import Self from type_checking if needed to be compat with 3.9
- CI: run pytest via uv
- CI: test against multiple python versions
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.6.0:
- "Modernize" build system to use pyproject.toml and github actions.
Fixes:
WARNING: python3-huey-2.6.0-r0 do_check_backend: QA Issue: inherits
setuptools3 but has pyproject.toml with setuptools.build_meta, use
the correct class [pep517-backend]
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upgrade to release 3.20.3:
- Fix TOCTOU symlink vulnerability in SoftFileLock
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 3.1.16:
- standardized handling of negative numbers in flags
- support dictionary-like key access to NamedTuple
- remove newer setup.py option include_package_data
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 4.0.4:
- Fixed false positive for ``invalid-name`` where module-level
constants were incorrectly classified as variables when a
class-level attribute with the same name exists.
- Fix a false positive for ``invalid-name`` on an UPPER_CASED
name inside an ``if`` branch that assigns an object.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
1. Changelog
https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md
2. Drop 0001-make-the-TLS-tests-skip-when-pyopenssl-isn-t-availab.patch as it was merged upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 4.0.0:
- Added new query_dns() method returning native pycares 5.x
DNSResult types
- Deprecated query() method - still works with backward-compatible
result types
- Deprecated gethostbyname() method - use getaddrinfo() instead
- Added compatibility layer for pycares 4.x result types to ease
migration
- Updated dependencies
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 5.0.1:
- Use Literal for type
- Use CMake for compiling c-ares
- Move project metadata to pyproject.toml
- Remove gethostbyname
- Remove getsock
- Replace ares_{get,set}servers with ares_{get,set}_servers_csv
- Remove ares_init and ares_mkquery, they are unused
- Make c-ares thread-safety mandatory
- Migrate API to c-ares' dnsrec variants
- Build wheels in parallel
- Update bundled c-ares to v1.34.6
- Make callback a mandatory kwarg-only argument
- Return bytes data for TXT records
- Add support for TLSA, HTTP and URI queries
- Remove event_thread option, make it implicit
- Fix IDNA 2008 test
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 0.0.69:
- Add Georgian console fonts
- Add Adlm script to SN
- Add dra, Tutg, ath, cmc, Cham, tai
- Remove License classifier (license tag with SPDX license
expression is already there)
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.6.15:
- Add .piskel extension
- Fix: make PKGBUILD files a superset of .bash
- [pre-commit.ci] pre-commit autoupdate
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tests take <15s to execute.
Sample output:
root@qemux86-64:~# ptest-runner
START: ptest-runner
2026-01-09T18:00
BEGIN: /usr/lib/python3-filelock/ptest
PASS: tests/test_async_filelock.py:test_simple[a-str-AsyncUnixFileLock]
PASS: tests/test_async_filelock.py:test_simple[a-str-AsyncSoftFileLock]
PASS: tests/test_async_filelock.py:test_simple[a-PurePath-AsyncUnixFileLock]
PASS: tests/test_async_filelock.py:test_simple[a-PurePath-AsyncSoftFileLock]
PASS: tests/test_async_filelock.py:test_simple[a-Path-AsyncUnixFileLock]
PASS: tests/test_async_filelock.py:test_simple[a-Path-AsyncSoftFileLock]
[...many lines...]
PASS: tests/test_filelock.py:test_mtime_zero_exit_branch[SoftFileLock-TimeoutError]
PASS: tests/test_filelock.py:test_mtime_zero_exit_branch[UnixFileLock-PermissionError]
PASS: tests/test_virtualenv.py:test_virtualenv
============================================================================
Testsuite summary
DURATION: 10
END: /usr/lib/python3-filelock/ptest
2026-01-09T18:00
STOP: ptest-runner
TOTAL: 1 FAIL: 0
(There are 20 Windows-only tests, which are skipped)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 8.5:
Breaking changes:
- The option --lcov-test-name doesn't accept values with spaces
anymore.
- The option --lcov-format-1.x is deprecated and mapped to
--lcov-format-version=1.x.
- Changes to HTML templates.
New features and notable changes:
- Due to added support for LLVM source based code coverage format
some configuration file keys got changed. The old gcov named
options are still supported but they also affect the LLVM
toolchain.
Bug fixes and small improvements:
- Fix coveralls report if there are several coverage elements per
line.
- Fix not excluded conditions if branches are excluded by comments.
- Fix reported excluded branches in LCOV report.
- Fix exclusion filter --gcov-exclude.
- Add --json-trace-data-source to include the trace data source in
the JSON report independent from --verbose.
- Remove generated gcov files on error and catch additional gcov
error message.
- Change default HTML theme excluded line color.
- Move theme colors to a separate CSS file so they can be overridden
with a simple --html-template-dir directory with only the
style.colors.css file.
- Fix regular expression for detecting a version mismatch between
gcc and gcov.
- Improve logging messages for GCOV execution errors to not print
information twice and add trace messages for gcov execution.
- Fix handling of lines after function specialization.
- Improve performance by changing logging messages (level and lazy
interpolation).
- Fix text report for covered decisions.
- Fix runtime problem introduced with 8.4.
- Fix wrong entries in data source attribute of JSON report.
- Fix nested HTML report without coverage data.
- Add warning if coverage data is empty.
- Add warning if function lines are missing in external generated
GCOV files.
- Extend support for zipped reports. If last suffix is .xz then
LZMA is used to compress the report.
- Fix function exclusion in report generation.
- Do not ignore lines without functions, e.g. from inlined code.
- Ignore all whitespaces instead of only spaces for detection of
noncode lines.
- Add support for temporary merging line coverage objects without
modifying the data model.
- Change internal behavior of --exclude-function-lines to exclude
the line of function definition instead of removing it completely.
- Ensure that all functions have a line coverage element in LCOV
report.
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 4.3.0:
- Add arguments validation for schemas and validation methods (by
validation contexts)
- Add custom XPath parser for find/findall/iterfind APIs on schemas
for match singleton sequence also if position is a number greater
than 1 in predicate expression
- Improve build of XSD elements and groups, using a three-state
built flag for components
- Extend and fix memory tests (Python 3.14+ seems to consume more
memory)
- Drop support for Python 3.9 and add development support for
Python 3.15
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2025.12.0:
- fsspec.parquet to support filters and multiple files
- passing withdirs in aync _glob()
- fix _rm_file/_rm redirection in async
- allow arrowFile to be seekable
- add size attribute to arrowFile
- support py3.14 and drop 3.9
- avoid ruff warning
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upgrade to release 0.21.1:
- Fix escaping in help text when rich is installed but not used.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2012-5825
The Debian bugtracker[1] indicated that the issue is tracked by
upstream in github[2] (with a difference CVE ID, but same issue),
where the vulnerability was confirmed. Later in the same github issue
the solution is confirmed: the project switched to use the requests
library, which doesn't suffer from this vulnerability.
Due to this mark the CVE as patched.
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692444
[2]: https://github.com/tweepy/tweepy/issues/279
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-7694
The vulnerability was reported to the project[1], and the commit[2] that
resolved the issue has been part of the project since version 0.11.7.
Mark the CVE as patched due to this.
[1]: https://github.com/Kludex/uvicorn/issues/723
[2]: https://github.com/Kludex/uvicorn/commit/895807f94ea9a8e588605c12076b7d7517cda503
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-28463
According to Debian[1] it has been fixed since version 3.5.55[2]
Mark is as patched.
[1]: https://security-tracker.debian.org/tracker/CVE-2020-28463
[2]: https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Changelog:https://docs.aiohttp.org/en/stable/changes.html
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Changelog:
https://github.com/hbldh/bleak/blob/v2.1.1/CHANGELOG.rst
2. Skip integration tests in ptest
After upgrade to 2.1.1, a new test set integration was added.
https://github.com/hbldh/bleak/tree/v2.1.1/tests/integration
According to the description, the tests need kernel module hci_vhci,
but hci_vhci is disabled in yocto, so skip these tests.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657
The commit[1] that fixes the vulnerability has been part of the
package since version 0.39.0
[1]: https://git.sr.ht/~mcepl/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127
The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
