mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-06-21 13:54:22 +02:00

Commit Graph

Author	SHA1	Message	Date
Ross Burton	4e2dac74d5	perl: link to the system zlib instead of a vendored copy The perl module Compress-Raw-Zlib defaults to using a vendored copy of the zlib sources which has a number of CVEs. A newer version of perl updates this to zlib 1.3.2 to resolve them, but we should be linking to our zlib recipe instead of the vendored code. This mitigates CVE-2026-4176 so mark it as not appropriate. (From OE-Core rev: 6e83e5520f415fc6ca9029a8aaa0af31cd832a90) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bf515229043685d4f00c965eb3e0236c37b6b403) Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>	2026-06-10 14:35:20 +01:00
Archana Polampalli	c8b84eb224	perl: upgrade 5.38.2 -> 5.38.4 update include fix for CVE-2024-56406 https://perldoc.perl.org/5.38.4/perl5384delta (From OE-Core rev: a9edffbd3c129966d4028505940ae6286273f399) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-05-02 08:20:12 -07:00

Author

SHA1

Message

Date

Ross Burton

4e2dac74d5

perl: link to the system zlib instead of a vendored copy

The perl module Compress-Raw-Zlib defaults to using a vendored copy of
the zlib sources which has a number of CVEs.  A newer version of perl
updates this to zlib 1.3.2 to resolve them, but we should be linking to
our zlib recipe instead of the vendored code.

This mitigates CVE-2026-4176 so mark it as not appropriate.

(From OE-Core rev: 6e83e5520f415fc6ca9029a8aaa0af31cd832a90)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf515229043685d4f00c965eb3e0236c37b6b403)
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>

2026-06-10 14:35:20 +01:00

Archana Polampalli

c8b84eb224

perl: upgrade 5.38.2 -> 5.38.4

update include fix for CVE-2024-56406

https://perldoc.perl.org/5.38.4/perl5384delta

(From OE-Core rev: a9edffbd3c129966d4028505940ae6286273f399)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-05-02 08:20:12 -07:00

2 Commits