mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-02 18:32:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0d8b19752ddd401065c873beff61d2c738e37460
poky/meta/recipes-extended
History
Divya Chellam 37be814fb2 libarchive: fix CVE-2025-5918 
A vulnerability has been identified in the libarchive library. This flaw can be triggered whe
n file streams are piped into bsdtar, potentially allowing for reading past the end of the fi
le. This out-of-bounds read can lead to unintended consequences, including unpredictable prog
ram behavior, memory corruption, or a denial-of-service condition.

CVE-2025-5918-0001 is the dependent commit and CVE-2025-5918-0002 is the actual CVE fix.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5918

Upstream-patches:
89b8c35ff4
dcbf1e0ede

(From OE-Core rev: 369c164a163b2c7f15ee5fc41130be9feaf7245e)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-09 08:43:32 -07:00
..
acpica
acpica: fix CVE-2024-24856
2024-12-06 05:50:24 -08:00
asciidoc
asciidoc: upgrade 10.1.4 -> 10.2.0
2022-05-31 15:24:18 +01:00
at
at: Change when files are copied
2023-01-12 23:08:59 +00:00
baremetal-example
baremetal-helloworld: Pull in fix for race condition on x86-64
2023-11-05 08:44:06 +00:00
bash
bash: fix configure checks that fail with GCC 14.1
2024-07-03 06:28:37 -07:00
bc
bc: Fix ptest test output naming
2023-03-12 23:39:13 +00:00
blktool
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
bzip2
recipes: Default to https git protocol where possible
2023-05-05 11:07:25 +01:00
cpio
cpio: mark CVE-2023-7216 as disputed
2024-07-17 05:36:13 -07:00
cracklib
cracklib: Modify patch to compile with GCC 14
2024-06-19 08:34:58 -07:00
cronie
cronie: upgrade 1.7.1 -> 1.7.2
2024-06-19 08:34:57 -07:00
cups
cups: Backport fix for CVE-2024-47175
2024-10-18 06:04:40 -07:00
cwautomacros
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
diffutils
diffutils: update 3.9 -> 3.10
2023-06-27 16:23:40 +01:00
ed
ed: upgrade 1.20.1 -> 1.20.2
2024-07-17 05:36:13 -07:00
ethtool
ethtool: upgrade 6.6 -> 6.7
2024-02-03 22:08:25 +00:00
findutils
autoconf: Upgrade to 2.72c
2023-07-30 07:54:44 +01:00
gawk
gawk: Remove References to /usr/local/bin/gawk
2024-08-01 06:08:09 -07:00
ghostscript
ghostscript: upgrade 10.05.0 -> 10.05.1
2025-06-05 08:41:15 -07:00
go-examples
go-helloworld: update to latest revision
2023-09-18 08:53:10 +01:00
gperf
gperf: Make the code C++17 compliant
2023-01-16 10:42:07 +00:00
grep
grep: upgrade 3.10 -> 3.11
2023-05-22 10:53:48 +01:00
groff
groff: Fix race issues for parallel build
2025-01-18 06:26:45 -08:00
gzip
nativesdk-gzip: fix reproducibility issues
2024-04-12 17:27:53 +01:00
hdparm
hdparm: update 9.64 -> 9.65
2022-10-29 16:28:35 +01:00
images
core-image-full-cmdline: add package-management
2024-03-03 16:25:20 +00:00
iptables
iptables: fix memory corruption when parsing nft rules
2024-08-06 19:11:18 -07:00
iputils
iputils: Security fix for CVE-2025-47268
2025-05-19 08:32:48 -07:00
less
less: fix CVE-2024-32487
2024-07-23 06:05:47 -07:00
libaio
libaio: upgrade 0.3.112 -> 0.3.113
2022-04-19 14:14:12 +01:00
libarchive
libarchive: fix CVE-2025-5918
2025-07-09 08:43:32 -07:00
libidn
libidn2: upgrade 2.3.4 -> 2.3.7
2024-02-03 22:08:26 +00:00
libmnl
libmnl: explicitly disable doxygen
2024-08-10 06:34:25 -07:00
libnsl
libnsl2: upgrade 2.0.0 -> 2.0.1
2023-11-05 11:28:40 +00:00
libnss-nis
libnss-nis: upgrade 3.1 -> 3.2
2023-07-17 15:30:04 +01:00
libpipeline
autoconf: Upgrade to 2.72c
2023-07-30 07:54:44 +01:00
libsolv
libsolv: upgrade 0.7.27 -> 0.7.28
2024-02-03 22:08:26 +00:00
libtirpc
libtirpc: drop redundant PACKAGECONFIG
2024-03-18 12:21:45 +00:00
lighttpd
lighttpd: upgrade 1.4.73 -> 1.4.74
2024-03-01 09:28:51 +00:00
logrotate
oeqa/selftest/cve_check: rework test to new cve status handling
2023-07-19 23:25:01 +01:00
lsb
lsb-release: fix Distro Codename shell escaping
2024-10-30 08:30:00 -07:00
lsof
lsof: upgrade 4.98.0 -> 4.99.3
2024-03-07 17:25:02 +00:00
ltp
ltp: backport patch to fix compilation error for x86_64
2025-07-07 07:42:58 -07:00
lzip
lzlib: add a recipe
2024-02-08 10:59:06 +00:00
man-db
man-db: 2.11.2 -> 2.12.0
2023-12-08 16:58:34 +00:00
man-pages
man-pages: use env from coreutils-native
2024-03-18 12:21:45 +00:00
mc
mc: set ac_cv_path_ZIP to avoid buildpaths QA issues
2025-04-07 06:34:44 -07:00
mdadm
mdadm: Disable 10ddf-fail-spare and 10ddf-fail-stop-readd testcases
2024-01-15 21:42:15 +00:00
mingetty
recipes: Drop remaining PR values from recipes
2023-09-22 07:45:17 +01:00
minicom
minicom: upgrade 2.8 -> 2.9
2024-03-07 17:25:02 +00:00
msmtp
msmtp: upgrade 1.8.24 -> 1.8.25
2023-11-05 11:28:40 +00:00
net-tools
net-tools: patch CVE-2025-46836
2025-06-20 08:38:12 -07:00
newt
libnewt: upgrade 0.52.23 -> 0.52.24
2023-11-05 11:28:39 +00:00
packagegroups
mc: upgrade 4.8.30 -> 4.8.31
2024-03-07 17:25:02 +00:00
pam
libpam: Update fix for CVE-2024-10041
2025-05-02 08:20:11 -07:00
parted
autoconf: Upgrade to 2.72c
2023-07-30 07:54:44 +01:00
pbzip2
Convert to new override syntax
2021-08-02 15:44:10 +01:00
perl
libconvert-asn1-perl: upgrade 0.33 -> 0.34
2023-09-02 18:23:05 +01:00
pigz
pigz: upgrade 2.7 -> 2.8
2023-09-02 18:23:06 +01:00
procps
procps: fix build with new glibc but old kernel headers
2024-06-19 08:34:58 -07:00
psmisc
psmisc: Set ALTERNATIVE for pstree to resolve conflict with busybox
2023-05-25 10:29:09 +01:00
quota
quota: update 4.06 -> 4.09
2022-11-22 12:26:46 +00:00
rpcbind
rpcbind: Specify state directory under /run
2023-12-20 07:47:00 +00:00
rpcsvc-proto
rpcsvc-proto: Upgrade to 1.4.4
2023-06-19 13:18:56 +01:00
screen
screen: fix CVE-2025-46804
2025-06-11 08:17:34 -07:00
sed
sed: update 4.8 -> 4.9
2022-11-14 16:19:43 +00:00
shadow
shadow: don't install libattr.so.* when xattr not in DISTRO_FEATURES
2024-03-23 10:18:20 +00:00
slang
slang: update 2.3.2 -> 2.3.3
2022-08-21 22:51:42 +01:00
stress-ng
stress-ng: upgrade 0.17.04 -> 0.17.05
2024-02-17 18:19:19 +00:00
sudo
sudo: upgrade from 1.9.15p2 to 1.9.15p5
2024-01-07 12:24:57 +00:00
sysklogd
sysklogd: upgrade 2.5.0 -> 2.5.2
2023-09-02 18:23:06 +01:00
sysstat
sysstat: upgrade 12.7.4 -> 12.7.5
2023-12-23 08:46:00 +00:00
tar
tar: add ptest support
2023-09-28 12:37:46 +01:00
tcp-wrappers
tcp-wrappers: mark all patches as inactive-upstream
2024-08-01 06:08:09 -07:00
texinfo
texinfo: upgrade 7.0.2 -> 7.0.3
2023-04-13 11:56:07 +01:00
texinfo-dummy-native
meta/recipes-extended: Add HOMEPAGE / DESCRIPTION
2021-03-06 22:39:04 +00:00
time
time: Add missing include for memset
2022-08-17 19:57:32 +01:00
timezone
tzdata/tzcode-native: upgrade 2025a -> 2025b
2025-05-02 08:20:12 -07:00
unzip
unzip: Fix LICENSE
2024-09-19 05:11:35 -07:00
watchdog
watchdog: Set watchdog_module in default config
2024-08-06 19:11:18 -07:00
wget
wget: fix CVE-2024-10524
2025-01-24 07:59:38 -08:00
which
recipes: Drop remaining PR values from recipes
2023-09-22 07:45:17 +01:00
xdg-utils
xdg-utils: Fix CVE number
2023-04-05 08:39:43 +01:00
xinetd
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
2023-07-21 11:52:26 +01:00
xz
xz: patch CVE-2025-31115
2025-04-16 06:41:24 -07:00
zip
zip: Fix LICENSE
2024-09-19 05:11:35 -07:00
zstd
zstd: fix LICENSE statement
2023-12-08 16:58:34 +00:00