5.9.5.1:
* Only a version numbering fix.
5.9.5.2:
* Fix an issue with needing limits.h included.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.128.0:
- Drop support for pydantic.v1
- Run performance tests only on Pydantic v2
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.6.1:
API Changes
- Add spectral bipartition community finding and greedy bipartition
using node swaps
Enhancements
- Nodelists for from_biadjacency_matrix
- Add spectral bipartition community finding and greedy bipartition
using node swaps
- Fix draw_networkx_nodes with list node_shape and add regression
test
Bug Fixes
- Fix: allow graph subclasses to have additional arguments
Documentation
- DOC: Improve benchmarking readme
- DOC: More details re: RC releases in the release process devdocs
- DOC: clarify difference between G.nodes/G.nodes() and
G.edges/G.edges() in tutorial
- DOC: Add blurb to contributor guide about drawing tests
- DOC: Fix underline lens in docstrings
- Rolling back shortest paths links
Maintenance
- MAINT: Replace string literal with comment
- Bump actions/checkout from 5 to 6 in the actions group
- pin python 3.14 to be version 3.14.0 until dataclasses are fixed
- Blocklist Python 3.14.1
Other
- TST: add tests for unsupported graph types in MST algorithms
- TST: clean up isomorphism tests
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.6.6:
- Disable setuptools-scm: Too many side-effects
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 5.16:
- project going into super low maintenance mode, I don't plan on
working on it any longer unless nasty bugs are reported.
- properties can now be a streaming generator too
- loopCondition is relayed from start_ns_loop() to its daemon
- removed Python 3.8 and 3.9 from the support list (they are EOL).
Now supported on Python 3.10 or newer.
- docs: clarify @expose on a class not automatically exposing base
class(es).
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fixes for CVE-2025-61911 and CVE-2025-61912
Changelog:
Security fixes:
- CVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce str input in
ldap.filter.escape_filter_chars with escape_mode=1; ensure proper
escaping.
- CVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in
ldap.dn.escape_dn_chars to \00 per RFC 4514.
Fixes:
- ReconnectLDAPObject now properly reconnects on UNAVAILABLE, CONNECT_ERROR
and TIMEOUT exceptions (previously only SERVER_DOWN), fixing reconnection
issues especially during server restarts
- Fixed syncrepl.py to use named constants instead of raw decimal values
for result types
- Fixed error handling in SearchNoOpMixIn to prevent a undefined variable error
Tests:
- Added comprehensive reconnection test cases including concurrent operation
handling and server restart scenarios
Doc:
- Updated installation docs and fixed various documentation typos
- Added ReadTheDocs configuration file
Infrastructure:
- Add testing and document support for Python 3.13
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2025-68131
Changelog:
- Added readahead buffering to C decoder for improved performance.
The decoder now uses a 4 KB buffer by default to reduce the number
of read calls. Benchmarks show 20-140% performance improvements for
decoding operations.
- Fixed Python decoder not preserving share index when decoding array
items containing nested shareable tags, causing shared references to
resolve to wrong objects
- Reset shared reference state at the start of each top-level encode/decode
operation
Ptests passed:
...
PASS: tests/test_tool.py:test_dtypes_from_file
PASS: tests/test_tool.py:test_ignore_tag
PASS: tests/test_types.py:test_frozendict
============================================================================
Testsuite summary
DURATION: 4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.20.2:
- Support Unix systems without O_NOFOLLOW
- [pre-commit.ci] pre-commit autoupdate
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2.0.0:
- Drop suport for Python 2
- Fix test_trash_topdir failing on macOS
- Update source installation instructions
- Update gio implementation, don't use deprecated GObject.GError
License-Update: The license remains the same
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch to Pypi fetcher
Switch to PEP-517 build backend
Fixes
WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nginx has a long history, and has used multiple CPEs
over time. Set CVE_PRODUCT to reflect current and historic
vendor:product pairs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Append -Wno-error=deprecated-declarations to CXXFLAGS so builds
don't break when Boost marks APIs like strand::wrap() as deprecated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
During the compile step, CMake will attempt to generate a test
certificate with openssl-native using a hard-coded path to the openssl
config:
openssl req -config /etc/ssl/openssl.cnf ...
Thus using the build host's openssl config. If the build host's openssl
is configured with options that openssl-native does not understand or
accept, the test certificate will not be generated:
[log.do_configure on openSUSE 16.0]
Searching for OpenSSL executable and dlls
OpenSSL executable: .../build/tmp/work/cortexa53-crypto-oe-linux/libwebsockets/4.5.2/recipe-sysroot-native/usr/bin/openssl
GENCERTS = 1
Generating SSL Certificates for the test-server...
Error configuring OpenSSL modules
4037413D467F0000:error:030000A9:digital envelope routines:alg_module_init:unknown option:../sources/openssl-3.5.4/crypto/evp/evp_cnf.c:61:name=rh-allow-sha1-signatures, value=yes
4037413D467F0000:error:0700006D:configuration file routines:module_run:module initialization error:../sources/openssl-3.5.4/crypto/conf/conf_mod.c:288:module=alg_section, value=evp_properties retcode=-1
CMake Warning at lib/tls/CMakeLists.txt:528 (message):
!!! Failed to generate SSL certificate for Test Server!!!:
OpenSSL return code = 1
and the subsequent do_install() step will fail:
| CMake Error at test-apps/cmake_install.cmake:126 (file):
| file INSTALL cannot find
| ".../build/tmp/work/cortexa53-crypto-oe-linux/libwebsockets/4.5.2/build/libwebsockets-test-server.key.pem":
| No such file or directory.
ERROR: Task (.../layers/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.5.2.bb:do_install) failed with exit code '1'
Fix the location where CMake looks for the openssl.cnf file in order
to use the one that comes with the openssl-native that will be used to
generate the certificate. Thus ensuring that they are in step in terms
of which configuration options will be acceptable.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upstream site (landley.net) serves inconsistent content when using HTTP,
causing checksum mismatches during do_fetch. Using HTTPS ensures stable
downloads and resolves checksum failures.
Signed-off-by: Sanjay Chitroda <sanjayembeddedse@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default ${PN} (python3-scapy) CVE fails to match relevant CVEs,
because they are tracked under the scapy:scapy CPE.
Set CVE_PRODUCT to the correct value.
See CVE db query:
sqlite> select * from products where product like '%scapy%';
CVE-2019-1010142|scapy|scapy|2.4.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:pymongo CPE fails to match related CVE entries, because
they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%pymongo%';
CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:orjson CPE fails to match related CVEs, because NVD
tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%orjson%';
CVE-2024-27454|ijl|orjson|||3.9.15|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:python_multipart CPE doesn't match relevant CVE entries,
because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE,
and Mitre uses kludex:python-multipart for others.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%python%multipart%';
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't
match relevant entries.
The correct values were taken from the CVE db, by checking which CVEs
are relevant.
See CVE db query:
sqlite> select * from products where product like '%ecdsa%';
CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|<
CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=||
CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=||
CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=||
CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=||
CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|<
CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|<
CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|<
CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Relevant CVEs are tracked with gevent:gevent CPE, and the default
python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%gevent%';
CVE-2023-41419|gevent|gevent|||23.9.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked using dnspython:dnspython CPE, and the
default python:dnspython CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%dnspython%';
CVE-2023-29483|dnspython|dnspython|||2.6.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVE entries are tracked with encode:starlette CPE, and
the default python:starlette CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%starlette%';
CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|<
CVE-2023-30798|encode|starlette|||0.25.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVE entries are tracked with executablebooks:markdown-it-py CPE
value, and the default python:markdown-it-py CPE doesn't match relevant
entries. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%markdown-it-py%';
CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|<
CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with configobj_peroject:configobj CPE in the
database, and the default python:configobj CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%configobj%';
CVE-2023-26112|configobj_project|configobj|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with py7zr_project:py7zr CPE in the database,
and the default python:py7zr CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%py7zr%';
CVE-2022-44900|py7zr_project|py7zr|||0.20.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using oathlib_project:oathlib CPE,
and the default python:oauthlib CPE doesn't match relevant entries.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'oauthlib';
CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set CVE_PRODUCT to the value that is used to track CVEs for this
recipe in the CVE db.
See CVE db query (priority-software vendor is not relevant):
sqlite> select * from products where product like '%priority%';
CVE-2016-6580|python|python_priority_library|1.0.0|=||
CVE-2016-6580|python|python_priority_library|1.1.0|=||
CVE-2016-6580|python|python_priority_library|1.1.1|=||
CVE-2021-26832|priority-software|priority_enterprise_management_system|8.00|=||
CVE-2022-23172|priority-software|priority|||22.0|<
CVE-2022-23173|priority-software|priority|||22.0|<
CVE-2023-23459|priority-software|priority|||22.1|<
CVE-2023-23460|priority-software|priority|19.1.0.68|=||
CVE-2024-41697|priority-software|priority|||24.0|<
CVE-2024-41698|priority-software|priority|||24.0|<
CVE-2024-41699|priority-software|priority|||24.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with joblib_project:joblib CPE, and the
default python:joblib CPE doesn't match this. Set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%joblib%';
CVE-2022-21797|joblib_project|joblib|||1.1.1|<
CVE-2024-34997|joblib_project|joblib|1.4.2|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with ethereum:eth-account CPE, and
the default python:eth-account one doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%eth-account%';
CVE-2022-1930|ethereum|eth-account|||0.5.9|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't
match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like '%binwalk%';
CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0
CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked in the CVE db with encode:httpx CPE
instead of the default python:httpx. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%httpx%';
CVE-2021-41945|encode|httpx|||0.23.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT to be used instead of ${PN}.
See CVE db query:
sqlite> select * from products where product like '%cvxopt%';
CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with sqlparse_project:sqlparse CPE,
and the default python:sqlparse CPE doesn't match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%sqlparse%';
CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|<
CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using flask-restx_project:flask-restx CPE,
which makes the default python:flask-restx CPE to not match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%flask-restx%';
CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT - the default (python:fastapi) is not the one
that is used to track CVEs.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'fastapi';
CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0
CVE-2025-55526|n8n|fastapi|0.115.14|=|||0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The correct CVE_PRODUCT is "lief" for this recipe instead of the default
${PN}, that doesn't match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like 'lief';
CVE-2021-32297|lief-project|lief|||0.11.4|<=
CVE-2022-38306|lief-project|lief|||0.12.1|<
CVE-2022-38307|lief-project|lief|||0.12.1|<
CVE-2022-38495|lief-project|lief|||0.12.1|<=
CVE-2022-38496|lief-project|lief|||0.12.1|<=
CVE-2022-38497|lief-project|lief|||0.12.1|<=
CVE-2022-40922|lief-project|lief|0.12.1|=||
CVE-2022-40923|lief-project|lief|0.12.1|=||
CVE-2022-43171|lief-project|lief|0.12.1|=||
CVE-2024-31636|lief-project|lief|0.14.1|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant
CVEs.
See CVE query (n8n vendor is not relevant):
sqlite> select * from products where product like '%pydantic%';
CVE-2021-29510|pydantic|pydantic|||1.6.2|<
CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|<
CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|<
CVE-2024-3772|pydantic|pydantic|||1.10.13|<
CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|<
CVE-2025-55526|n8n|pydantic|2.11.7|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
