poky/recipes-support at 016ca6a8a83761fe071f15ef76c6f2ba3a3f26d2 - poky

mirror of https://git.yoctoproject.org/poky synced 2026-04-27 03:32:12 +02:00

Files

Jiaying Song 82902b3d64 diffoscope: fix CVE-2024-25711

diffoscope before 256 allows directory traversal via an embedded
filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa,
may be disclosed to an attacker. This occurs because the value of the
gpg --use-embedded-filenames option is trusted.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-25711

Upstream patches:
458f7f04bc

(From OE-Core rev: da4977e9414361a30eb322d1456a664515b35693)

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-12-09 07:54:03 -08:00

apr

apr: upgrade 1.7.2 -> 1.7.5

2024-09-07 05:38:17 -07:00

argp-standalone

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

aspell

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

atk

at-spi2-core: backport a patch to fix build with gcc-14 on host

2024-11-02 06:32:36 -07:00

attr

acl/attr: ptest fixes and improvements

2023-08-26 04:24:02 -10:00

bash-completion

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

bmap-tools

bmap-tools: update HOMEPAGE and SRC_URI

2024-11-02 06:32:36 -07:00

boost

boost: fix install of fiber shared libraries

2022-08-23 15:22:52 +01:00

ca-certificates

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

consolekit

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

curl

curl: patch CVE-2024-9681

2024-11-15 06:05:32 -08:00

db: remove obsolete support for renamed libtool

2021-12-12 18:10:22 +00:00

debianutils

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

diffoscope

diffoscope: fix CVE-2024-25711

2024-12-09 07:54:03 -08:00

dos2unix

meta: Add explict branch to git SRC_URIs

2021-10-30 18:56:47 +01:00

enchant

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

fribidi

fribidi: upgrade 1.0.12 -> 1.0.13

2023-07-01 08:37:24 -10:00

gdbm

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

gmp

gmp: add missing COPYINGv3

2022-04-14 09:47:00 +01:00

gnome-desktop-testing

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

gnupg

gnupg: ignore CVE-2022-3515

2024-12-09 07:54:03 -08:00

gnutls

gnutls: fix CVE-2024-28835

2024-05-02 06:21:09 -07:00

gpgme

gpgme: upgrade 1.17.0 -> 1.17.1

2022-03-10 13:07:37 +00:00

icu

icu: fix make_icudata dependencies

2022-01-26 06:27:00 +00:00

iso-codes

iso-codes: upgrade 4.13.0 -> 4.15.0

2023-06-23 04:16:40 -10:00

itstool

itstool: add missing COPYING.GPL3

2022-04-14 09:47:00 +01:00

libassuan

libassuan: upgrade 2.5.5 -> 2.5.6

2023-08-02 04:47:13 -10:00

libatomic-ops

libatomic-ops: upgrade 7.6.12 -> 7.6.14

2022-09-12 08:41:47 +01:00

libbsd

libbsd: Add correct license for all packages

2023-05-10 04:19:57 -10:00

libcap

libcap: fix CVE-2023-2603 Integer Overflow in _libcap_strdup()

2023-07-12 05:11:37 -10:00

libcap-ng

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libcheck

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libcroco

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libdaemon

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libevdev

libevdev: upgrade 1.12.0 -> 1.12.1

2022-03-29 15:59:29 +01:00

libevent

libevent,btrfs-tools: fix Upstream-Status tag

2021-10-23 22:26:48 +01:00

libexif

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libffi

libffi: backport a fix to build libffi-native with gcc-14

2024-11-02 06:32:36 -07:00

libfm

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libgcrypt

meta/scripts: Automated conversion of OE renamed variables

2022-02-21 23:37:27 +00:00

libgit2

libgit2: Fix CVE-2024-24575 and CVE-2024-24577

2024-02-15 03:51:57 -10:00

libgpg-error

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libical

libical: upgrade 3.0.15 -> 3.0.16

2022-12-01 19:35:04 +00:00

libjitterentropy

libjitterentropy: upgrade 3.3.1 -> 3.4.0

2022-03-24 17:45:29 +00:00

libksba

libksba: upgrade 1.6.3 -> 1.6.4

2023-08-02 04:47:13 -10:00

libmd

libmd: upgrade 1.0.3 -> 1.0.4

2021-10-23 17:42:26 +01:00

libmicrohttpd

libmicrohttpd: upgrade 0.9.75 -> 0.9.76

2023-03-20 17:20:44 +00:00

libmpc

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libnl

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libpcre

libpcre2: patch CVE-2022-41409

2023-08-07 04:40:43 -10:00

libproxy

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libpsl

libpsl: Add config knobs for runtime/builtin conversion choices

2021-04-20 13:56:48 +01:00

libseccomp

libseccomp: fix for the ptest result format

2023-03-09 13:19:03 +00:00

libsoup

libsoup-2.4: Backport fix for CVE-2024-52531

2024-12-09 07:54:03 -08:00

libssh2

libssh2: fix CVE-2023-48795

2024-04-21 06:33:34 -07:00

libunistring

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libunwind

libunwind: update 1.6.0 -> 1.6.2

2021-12-08 20:22:11 +00:00

liburcu

liburcu: upgrade 0.13.1 -> 0.13.2

2022-09-12 08:41:47 +01:00

libusb

libusb1: Strip trailing whitespaces

2023-02-04 23:32:20 +00:00

libxslt

libxslt: Mark CVE-2022-29824 as not applying

2022-06-07 11:53:26 +01:00

libyaml

libyaml: Ignore CVE-2024-35325

2024-09-04 05:57:57 -07:00

lz4

lz4: upgrade 1.9.3 -> 1.9.4

2022-09-12 08:41:47 +01:00

lzo

lzo: Add further info to a patch and mark as Inactive-Upstream

2022-06-11 10:06:13 +01:00

lzop

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

mpfr

mpfr: upgrade 4.1.0 -> 4.1.1

2022-12-23 23:05:50 +00:00

nettle

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

nghttp2

nghttp2: Fix CVE-2024-28182

2024-04-21 06:33:34 -07:00

npth

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

nss-myhostname

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

numactl

numactl: skip test case when target platform doesn't have 2 CPU node

2023-02-04 23:32:20 +00:00

p11-kit

p11-kit: add native to BBCLASSEXTEND

2023-05-30 04:11:15 -10:00

pinentry

pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses

2022-09-03 13:09:49 +01:00

popt

popt: fix override syntax in RDEPENDS

2022-06-22 23:46:29 +01:00

ptest-runner

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

re2c

re2c: upgrade 2.2 -> 3.0

2022-02-05 17:46:05 +00:00

rng-tools

rng-tools: enable macro JENT_CONF_ENABLE_INTERNAL_TIMER

2022-03-24 17:45:29 +00:00

serf

serf: upgrade 1.3.9 -> 1.3.10

2023-07-21 06:27:34 -10:00

shared-mime-info

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

sqlite

sqlite3: Rename patch for CVE-2022-35737

2024-09-07 05:38:17 -07:00

taglib

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

user-creation

Convert to new override syntax

2021-08-02 15:44:10 +01:00

vim

vim: Upgrade 9.1.0698 -> 9.1.0764

2024-11-02 06:32:36 -07:00

vte

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

xxhash

xxhash: fix build with gcc 12

2022-06-22 23:46:29 +01:00