735ae03108
postgresql: upgrade 16.3 -> 16.4
...
0003-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 16.4
drop: CVE-2024-7348.patch
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4d253bca26akuster808@gmail.com >
---
[V2]
Missed dropping CVE patch
2024-09-15 15:46:40 -04:00
1b62af8ac6
samba: upgrade 4.19.7 -> 4.19.8
...
Changelog:
https://www.samba.org/samba/history/samba-4.19.8.html
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 3cbd140c7dakuster808@gmail.com >
2024-09-15 12:28:06 -04:00
d3cd9c14cb
samba: upgrade 4.19.6 -> 4.19.7
...
ChangeLog:
https://www.samba.org/samba/history/samba-4.19.7.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 41df431b91akuster808@gmail.com >
2024-09-15 12:27:56 -04:00
a306751658
xerces-c: fix buildpaths QA issue
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bbcb7d6023akuster808@gmail.com >
2024-09-15 12:18:05 -04:00
ea1926c742
gpm: fix buildpaths QA issue
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7e8a786c29akuster808@gmail.com >
2024-09-15 12:16:46 -04:00
fc5b65d80f
polkit: update SRC_URI
...
Project has moved to github.
Signed-off-by: Marc Ferland <marc.ferland@gmail.com >
(cherry picked from commit fb34082702akuster808@gmail.com >
2024-09-15 12:13:15 -04:00
94d83e480b
gnome-remote-desktop: update 46.1 -> 46.2
...
46.2
====
* Potential crasher fix
* Improved disconnection messages
* Broader client compatibility support
* Various security hardening improvements
* CVE-2024-5148 Limit login screen->user session handover access to appropriate user
Contributors:
Pascal Nowack, Ray Strode
Translators:
Balázs Úr [hu], Efstathios Iosifidis [el], Fabio Tomat [fur],
Hugo Carvalho [pt], Jordi Mas i Hernandez [ca],
Juliano de Souza Camargo [pt_BR]
- add polkitd user and fix permissions to avoid:
Error: Transaction test error:
file /usr/share/polkit-1/rules.d conflicts between attempted installs of gnome-remote-desktop-46.2-r0.corei7_64 and gnome-control-center-46.2-r0.corei7_64
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7ecfdeb3cfakuster808@gmail.com >
2024-09-15 12:10:56 -04:00
8018494831
python3-libevdev: Fix LIC_FILES_CHKSUM
...
Change the reference to the MIT license containing COPYING file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
32d0b39f04
python3-haversine: Fix LIC_FILES_CHKSUM
...
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
fa1f7f7057
python3-googleapis-common-protos: Fix LIC_FILES_CHKSUM
...
Change the reference to the Apache-2.0 license containing LICENSE file
in the downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
465ced17db
python3-pycurl: Fix LICENSE
...
Contents of
https://github.com/pycurl/pycurl/blob/REL_7_45_2/COPYING-LGPL
correspond to version 2.1 of the license rather than 2.0.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
fac657774b
python3-nmap: Fix LICENSE and LIC_FILES_CHKSUM
...
In the source code repository the LICENSE file is GPL-3.0-only:
https://github.com/nmmapper/python3-nmap/blob/1.5.2/LICENSE
https://github.com/nmmapper/python3-nmap/blob/1.7.0/LICENSE
Also change the LIC_FILES_CHKSUM reference to the GPLv3.0 license
containing LICENSE file in the downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
eb7381e885
python3-fann2: Fix LICENSE
...
According to
https://github.com/FutureLinkCorporation/fann2/tree/1.1.2?tab=readme-ov-file#license
and https://github.com/FutureLinkCorporation/fann2/blob/1.1.2/LICENSE
this project is subject to LGPL-2.1-only license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
d23e9e2c68
python3-colorama: Fix LICENSE
...
https://github.com/tartley/colorama?tab=readme-ov-file#license and
https://github.com/tartley/colorama/blob/0.4.6/LICENSE.txt declare
that this project is subject to BSD-3-Clause license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
597808066b
python3-platformdirs: Fix LICENSE
...
According to https://pypi.org/project/platformdirs/ and
https://github.com/platformdirs/platformdirs/blob/4.2.0/LICENSE
the project is subject to MIT license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
f091c53f65
python3-pillow: Fix LICENSE and change SUMMARY to DESCRIPTION
...
According to https://pypi.org/project/pillow/ and
https://github.com/python-pillow/Pillow/blob/10.3.0/LICENSE the project
is subject to HPND license.
Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:19:20 -04:00
2f4c729b12
python3-parse-type: Fix LICENSE
...
According to https://pypi.org/project/parse-type/ and
https://github.com/jenisys/parse_type/blob/v0.6.2/LICENSE the
project is subject to MIT license.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:09:56 -04:00
c8a4cdeb26
python3-mock: Fix LICENSE
...
According to
https://github.com/testing-cabal/mock/blob/5.1.0/LICENSE.txt the
project is subject to BSD-2-Clause license. (Also
https://pypi.org/project/mock/ states 'BSD License'.)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:09:53 -04:00
4949169c3c
python3-lru-dict: Fix LICENSE and change SUMMARY to DESCRIPTION
...
According to https://pypi.org/project/lru-dict/ and
https://github.com/amitdev/lru-dict/blob/v1.3.0/LICENSE the project is
licensed under MIT.
Also change SUMMARY to DESCRIPTION as it's value is clearly over 72
characters long.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:09:50 -04:00
23bda39c1f
python3-email-validator: Fix LICENSE
...
Both https://pypi.org/project/email-validator/ and
https://github.com/JoshData/python-email-validator/blob/v2.1.1/LICENSE
declare this project is subject to 'Unlicense'.
For additional reference, see upstream commit
https://github.com/JoshData/python-email-validator/commit/5d72f53412821189ebc826100fb2a673530c5ac6
("Relicense under the Unlicense (instead of CC0)")
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:07:50 -04:00
753486b270
python3-crc32c: Amend LICENSE declaration
...
According to https://github.com/ICRAR/crc32c/blob/v2.3/LICENSE and
https://github.com/ICRAR/crc32c?tab=readme-ov-file#license change
'LGPL-2.0-or-later' in LICENSE value to 'LGPL-2.1-or-later'.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:07:46 -04:00
0f8a8d46e3
python3-cbor2: Fix LICENSE and LIC_FILES_CHKSUM
...
Both project pypi page: https://pypi.org/project/cbor2/ as well as
https://github.com/agronholm/cbor2/blob/5.6.3/LICENSE.txt state that it
is subject to MIT rather than Apache-2.0 license. Also update
LIC_FILES_CHKSUM value to reference the LICENSE.txt file from the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:07:42 -04:00
5a3fe1fcfc
python3-xlsxwriter: Fix LICENSE
...
According to homepage https://xlsxwriter.readthedocs.io/license.html
and pypi page https://pypi.org/project/XlsxWriter/ as well as
https://github.com/jmcnamara/XlsxWriter/blob/RELEASE_3.1.9/LICENSE.txt
the module is licensed under BSD-2-Clause.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 19:05:10 -04:00
a89f9b2db0
postgresql: Backport fix for CVE-2024-7348
...
Upstream-Status: Backport []https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=79c7a7e29695a32fef2e65682be224b8d61ec972
Signed-off-by: Ashish Sharma <asharma@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 15:33:19 -04:00
4f0f1bd855
wireshark: upgrade 4.2.5 -> 4.2.7
...
CVE's fixed by upgrade:
CVE-2024-8250
Other Changes between 4.2.5 -> 4.2.7
======================================
https://www.wireshark.org/docs/relnotes/wireshark-4.2.7.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.6.html
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 15:33:16 -04:00
e5c0a0be96
mariadb: fix runtime failure on riscv
...
Starting with Linux 6.6, RDCYCLE is a privileged instruction on RISC-V
and can't be used directly from userland. This causes 'systemctl start
mysqld.service' failed with error:
[ 1456.918172] mariadbd[12115]: unhandled signal 4 code 0x1 at 0x000055558689d134 in mariadbd[555585bfa000+14a7000]
[ 1456.921772] CPU: 1 PID: 12115 Comm: mariadbd Not tainted 6.6.43-yocto-standard #1
[ 1456.922327] Hardware name: riscv-virtio,qemu (DT)
[ 1456.923045] epc : 000055558689d134 ra : 000055558620ea48 sp : 00007fffdc487770
[ 1456.923525] gp : 00005555872ec400 tp : 00007fff89560780 t0 : 0000555587be32e8
[ 1456.923951] t1 : 0000555586886042 t2 : 000000002d6a89f0 s0 : 00007fffdc4877b0
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 15:15:27 -04:00
1d85f63192
Revert "gcab: ignore buildpaths error from sources"
...
This reverts commit e11df06133https://lists.openembedded.org/g/openembedded-devel/message/112048
This doesn't work with multilib where the package is named ${PN}-src
(e.g. lib32-gcab-src) and it's better to just lower buildpaths from
ERROR_QA to WARN_QA instead of skipping it completely, because it's
still an issue which should be fixed (at least to improve hashserv
efficiency if you don't care about reproducibility itself)
and commits in master:
https://git.openembedded.org/meta-openembedded/commit/?id=154f5bb1342739d88185ac0cce9c15b7b2958187
https://git.openembedded.org/meta-openembedded/commit/?id=6644c4a420db82da1ce71697ff889e7b1b6e41ad
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 15:15:01 -04:00
f88706fe2f
python3-flask-cors: Fix CVE-2024-6221
...
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the
`Access-Control-Allow-Private-Network` CORS header to be set to true
by default, without any configuration option. This behavior can expose
private network resources to unauthorized external access, leading to
significant security risks such as data breaches, unauthorized access
to sensitive information, and potential network intrusions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6221
Upsteam-Patch:
https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 15:14:48 -04:00
3750a34393
python3-flatbuffers: provide nativesdk support
...
nativesdk support is needed in some of the projects for codegeneration
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de >
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-09 15:14:25 -04:00
1235dd4ed4
python3-twisted: Fix CVE-2024-41671
...
Twisted is an event-based framework for internet applications, supporting
Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process
pipelined HTTP requests out-of-order, possibly resulting in information
disclosure. This vulnerability is fixed in 24.7.0rc1.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-41671
Upstream-patches:
https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-25 15:15:10 -04:00
399b7b9051
gtk+: Fix CVE-2024-6655
...
A flaw was found in the GTK library. Under certain conditions, it is possible for a
library to be injected into a GTK application from the current working directory.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6655
Upstream-patch:
https://gitlab.gnome.org/GNOME/gtk/-/commit/3bbf0b6176d42836d23c36a6ac410e807ec0a7a7
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-25 15:15:03 -04:00
208caeb50a
krb5: fix CVE-2024-26458 and CVE-2024-26461
...
CVE-2024-26458:
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in
/krb5/src/lib/rpc/pmap_rmt.c.
CVE-2024-26461:
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak
vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-26458
https://nvd.nist.gov/vuln/detail/CVE-2024-26461
Upstream Patch:
https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-25 11:59:26 -04:00
c432a61a29
poppler: CVE-2024-6239
...
A flaw was found in the Poppler's Pdfinfo utility. This issue
occurs when using -dests parameter with pdfinfo utility. By
using certain malformed input files, an attacker could cause
the utility to crash, leading to a denial of service.
CVE-2024-6239-0002 is the CVE fix and CVE-2024-6239-0001 is
dependent commit to fix the CVE.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-6239
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
https://gitlab.freedesktop.org/poppler/poppler/-/commit/fc1c711cb5f769546c6b31cc688bf0ee7f0c1dbc
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-21 16:45:50 -04:00
b7148ebb47
nginx: Backport fix for CVE-2024-7347
...
Upstream-Status: Backport [https://github.com/nginx/nginx/commit/88955b1044ef38315b77ad1a509d63631a790a0f and https://github.com/nginx/nginx/commit/7362d01658b61184108c21278443910da68f93b4 ]
Signed-off-by: Ashish Sharma <asharma@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-21 16:45:46 -04:00
28f14d5d19
netplan: add missing runtime dependencies
...
The json module is used in several cli commands.
The fcntl module is used in terminal input handling.
Signed-off-by: Esben Haabendal <esben@geanix.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cb50c93096akuster808@gmail.com >
2024-08-21 16:45:37 -04:00
17aacc80f7
networkmanager: remove modemmanager rdepends
...
This reverts commit: 5edb8335dcadrian.freihofer@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-21 16:45:33 -04:00
be2127dce5
squid: patch CVE-2024-37894
...
Reference: https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-21 16:45:29 -04:00
8887a98d27
libndp: Patch CVE-2024-5564
...
Pick https://github.com/jpirko/libndp/commit/05e4ba7b0d126eea4c04387dcf40596059ee24af.patch
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-21 16:45:23 -04:00
8e6bee4c20
cjson: upgrade 1.7.17 -> 1.7.18
...
Changelog:
============
* Add NULL check to cJSON_SetValuestring()(CVE-2024-31755)
* Remove non-functional list handling of compiler flags
* Fix heap buffer overflow
* remove misused optimization flag -01
* Set free'd pointers to NULL whenever they are not reassigned immediately after
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(From meta-openembedded rev: 535822eff7peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-21 16:43:25 -04:00
64c481d017
libjs-jquery-icheck: Correct LIC_FILES_CHKSUM
...
Only include the lines from icheck.js that cover the copyright and the
license text.
License-Update: Only include the relevant parts of icheck.js
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:19:55 -04:00
142c97ff8e
hostapd: Only include the relevant parts from README in LIC_FILES_CHKSUM
...
Only include the lines from the README that cover the copyright and the
license text.
License-Update: Only include the relevant parts of the README
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:19:24 -04:00
8c4769623d
hostapd: Support running "devtool modify hostapd"
...
For "devtool modify" to work correctly, ${B} needs to match ${S}.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:18:47 -04:00
bcef006ce5
python3-pydantic-core: add missing RDEPENDS for ptest
...
Signed-off-by: Frank de Brabander <debrabander@gmail.com >
Add missing RDEPENDS for ptest:
- python3-zoneinfo
- tzdata
Similar to fixes in Styhead 110b636836tim.orling@konsulko.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:15:30 -04:00
e041b4d270
python3-pydantic-core: fix TMPDIR path reference
...
Backport a new upstream fix to remove the TMPDIR
reference from the rust code.
Signed-off-by: Frank de Brabander <debrabander@gmail.com >
We've seen TMPDIR [build-paths] contamination in the
built pydantic_core/_pydantic_core.cpython-*-*-linux-gnu.so
See discussion upstream in:
https://github.com/pydantic/pydantic-core/issues/1365
Backport fix from:
https://github.com/pydantic/pydantic-core/commit/e07c41b3bad75948201a2201387225694c2fb501
Similar to Styhead 6f0a41130ctim.orling@konsulko.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:15:30 -04:00
994221f60c
python3-pydantic: upgrade 2.7.3 -> 2.7.4
...
https://docs.pydantic.dev/latest/changelog/#v274-2024-06-12
What's Changed
* Packaging
- Bump pydantic.v1 to v1.10.16 reference by @sydney-runkle in
#9639
* Fixes
- Specify recursive_guard as kwarg in FutureRef._evaluate by
@vfazio in #9612
Full commit log:
https://github.com/pydantic/pydantic/compare/v2.7.3...v2.7.4
Signed-off-by: Tim Orling <tim.orling@konsulko.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:15:30 -04:00
a8870edecc
python3-pydantic-core: fix incompatible version
...
The recipe for pydantic currently is at version 2.7.3. This
project specifies in its pyproject.toml that it depends on
pydantic-core version 2.18.4. Because an older 2.16.3 version
of pydantic-core was used now, a simple bit of code will break.
from enum import Enum
from pydantic import BaseModel
class Color(str, Enum):
RED = "RED"
BLUE = "BLUE"
class Car(BaseModel):
color: Color
print(Car(color=Color.RED))
This will upgrade the python3-pydantic-core recipe to make it
compatible with python3-pydantic, so that the above snippet of
code will no longer fail.
Two patches are removed, these backports are now included in the
upstream code. A new patch is added to set the required rust
compiler from 1.76 to 1.75. Version 1.76 is not actually needed.
File python3-pydantic-core-crates.inc is regenerated by running
'bitbake -c update_crates python3-pydantic-core'.
The recipes RDEPENDS now includes python3-compression. The pydantic
schema validator imports 'importlib.metadata' which wants to import
'zipfile'.
The buildpaths QA check is skipped. This should be fixed at some
point, but it was already failing before this change.
Signed-off-by: Frank de Brabander <debrabander@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Backport from Styhead bee8b9bbc4tim.orling@konsulko.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:15:30 -04:00
76f02096aa
python3-pydantic: Upgrade to 2.7.3
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
For full changelog, see:
https://github.com/pydantic/pydantic/compare/v2.7.1...v2.7.3
Highlights:
v2.7.3 (2024-06-03)
Bump pydantic-core to v2.18.4 by @sydney-runkle in #9550
v2.7.2 (2024-05-28)
Bump pydantic-core to v2.18.3 by @sydney-runkle in #9515
Backport from Styhead a45050c643tim.orling@konsulko.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:15:30 -04:00
f219f025a9
python3-pydantic: upgrade 2.7.0 -> 2.7.1
...
Changelog:
============
-Bump pydantic-core to v2.18.2
-Ftp and Websocket connection strings support
-Use field description for RootModel schema description when there is no docstring
-Fix validation_alias behavior with model_construct for AliasChoices and AliasPath
-Revert typing.Literal and import it outside the TYPE_CHECKING block
-Fix Secret serialization schema, applicable for unions
-Fix strict application to function-after with use_enum_values
-Address case where model_construct on a class which defines model_post_init fails with AttributeError
-Fix model_json_schema with config types
-Support multiple zeros as an int
-Fix validation of ints with leading unary plus
-Fix interaction between extra != 'ignore' and from_attributes=True
-Handle error from Enum's missing function as ValidationError
-Fix memory leak with Iterable validation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Backport from Styhead 6112eb064ctim.orling@konsulko.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-08-14 10:15:30 -04:00
fb3e644585
jsonrpc: Fix contains reference to TMPDIR [buildpaths] warning
...
WARNING: jsonrpc-1.4.1-r0 do_package_qa: QA Issue: File /usr/lib/libjson-rpc-cpp/cmake/libjson-rpc-cppTargets.cmake in package jsonrpc-dev contains reference to TMPDIR [buildpaths]
Signed-off-by: alperak <alperyasinak1@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cb2e8f98b4akuster808@gmail.com >
2024-08-14 10:12:56 -04:00
6434e4328b
exiv2: Upgrade 0.28.2 to 0.28.3 for CVE fix
...
Release Notes:
* https://github.com/Exiv2/exiv2/issues/3008
* https://github.com/Exiv2/exiv2/milestone/14?closed=1
This release also fixes a low-severity security issue in asfvideo.cpp:
* [CVE-2024-39695](https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh ): out-of-bounds read in AsfVideo::streamProperties.
This vulnerability is in a new feature (ASF video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.
Signed-off-by: alperak <alperyasinak1@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 9f4361418dakuster808@gmail.com >
2024-08-10 11:37:34 -04:00
Wang Mingyu
Yi Zhao
Martin Jansa
Marc Ferland
Markus Volk
Niko Mauno
Ashish Sharma
Vijay Anusuri
Changqing Li
Soumya Sambu
akash hadke
Yogita Urade
Esben Haabendal
Adrian Freihofer
Peter Marko
Peter Kjellerstedt
Frank de Brabander
Tim Orling
Khem Raj
alperak