mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-27 11:13:38 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
1401e6e00321bc6e5d2d7dfedd3daabb9fdc54dc
poky/meta/recipes-devtools
History
Sudhir Dumbhare 1401e6e003 python3: Fix CVE-2026-4519 and CVE-2026-4786 
Apply the upstream v3.12 fix [1], aligned with the original v3.11 fix [2],
and follow-up fix [3] to address CVE-2026-4519 by disallowing URLs with
leading dashes when invoking browser commands, as referenced in [5].

CVE-2026-4786 [6] revealed the CVE-2026-4519 fix was incomplete, as %action
in URLs could bypass dash-prefix checks. Apply follow-up fix [4], noted in
[5], to revalidate the URL after %action expansion.

[1] cbba611939
[2] ceac1efc66
[3] 96fc504860
[4] f4654824ae
[5] https://security-tracker.debian.org/tracker/CVE-2026-4519
[6] https://security-tracker.debian.org/tracker/CVE-2026-4786

References:
https://nvd.nist.gov/vuln/detail/CVE-2026-4519
https://nvd.nist.gov/vuln/detail/CVE-2026-4786

(From OE-Core rev: e6d81b3be531e97058366c81056a38c0b6fa7380)

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-06-26 16:55:53 +01:00
..
apt
apt: Add CVE_PRODUCT to support product name
2026-05-12 21:31:34 +01:00
autoconf
autoconf: 2.72d -> 2.72e
2024-01-21 12:27:12 +00:00
autoconf-archive
autoconf-archive: upgrade 2022.09.03 -> 2023.02.20
2023-03-06 09:52:16 +00:00
automake
automake: mark new_rt_path_for_test-driver.patch as Inappropriate
2024-08-01 06:08:09 -07:00
binutils
binutils: Fix CVE-2025-69644
2026-06-26 16:55:53 +01:00
bison
autoconf: Upgrade to 2.72c
2023-07-30 07:54:44 +01:00
bootchart2
recipes: Drop remaining PR values from recipes
2023-09-22 07:45:17 +01:00
btrfs-tools
btrfs-tools: upgrade 6.5.3 -> 6.7.1
2024-03-07 17:25:02 +00:00
ccache
ccache: upgrade 4.9 -> 4.9.1
2024-03-01 09:28:51 +00:00
cdrtools
cdrtools-native: fix build with gcc-14
2024-06-20 06:29:44 -07:00
chrpath
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
cmake
cmake: backport a fix for gcc-16 on host
2026-05-04 13:57:32 +01:00
createrepo-c
createrepo-c: upgrade 1.0.3 -> 1.0.4
2024-03-01 09:28:51 +00:00
debugedit
debugedit: Use musl-legacy-error
2023-09-26 10:35:28 +01:00
dejagnu
dejagnu: Fix LICENSE
2024-09-19 05:11:35 -07:00
desktop-file-utils
pulseaudio, desktop-file-utils: correct freedesktop.org -> www.freedesktop.org SRC_URI
2024-10-02 06:15:15 -07:00
devel-config
recipes: Drop remaining PR values from recipes
2023-09-22 07:45:17 +01:00
diffstat
diffstat: upgrade 1.65 -> 1.66
2024-02-03 22:08:26 +00:00
distcc
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
dmidecode
dmidecode: upgrade to 3.5
2023-05-05 11:07:25 +01:00
dnf
dnf: drop python3-iniparse from DEPENDS and RDEPENDS
2024-12-13 05:21:54 -08:00
docbook-xml
docbook-xml-dtd4: fix the fetching failure
2026-02-16 09:52:35 +00:00
dosfstools
meta: fix version checks in all github recipes using the github-releases class
2022-09-28 08:01:10 +01:00
dpkg
dpkg: patch CVE-2025-6297
2025-09-01 08:30:56 -07:00
dwarfsrcfiles
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
e2fsprogs
e2fsprogs: Fix build failure with gcc 15
2025-08-22 05:59:55 -07:00
elfutils
elfutils: don't add -Werror to avoid discarded-qualifiers
2026-05-04 13:57:32 +01:00
erofs-utils
erofs-utils: upgrade 1.6 -> 1.7.1
2023-11-30 08:43:04 +00:00
expect
expect: fix native build with GCC 15
2025-10-09 12:16:46 -07:00
fdisk
gptfdisk: Make the version consistent
2024-01-10 17:01:28 +00:00
file
file: enable additional internal compressor support
2024-02-08 10:59:06 +00:00
flex
flex: fix build with gcc-15 on host
2025-11-03 07:17:01 -08:00
gcc
gcc: backport a fix for building with gcc-16
2026-05-04 13:57:32 +01:00
gdb
gdb: Upgrade 14.1 -> 14.2
2024-03-05 12:24:49 +00:00
git
buildtools-tarball: fix unbound variable issues under 'set -u'
2025-09-22 13:17:52 -07:00
gnu-config
gnu-config: Update to latest version
2024-02-06 10:32:19 +00:00
go
go: fix CVE-2026-32288
2026-06-26 16:55:53 +01:00
help2man
help2man: upgrade 1.49.2 -> 1.49.3
2022-12-22 23:05:50 +00:00
i2c-tools
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
icecc-create-env
recipes: Drop remaining PR values from recipes
2023-09-22 07:45:17 +01:00
icecc-toolchain
Convert to new override syntax
2021-08-02 15:44:10 +01:00
intltool
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
jquery
jquery: upgrade 3.7.0 -> 3.7.1
2023-09-26 10:35:27 +01:00
json-c
json-c: fix icecc compilation
2023-12-02 17:18:57 +00:00
libcomps
libcomps: upgrade 0.1.19 -> 0.1.20
2023-10-19 13:38:57 +01:00
libdnf
libdnf: upgrade 0.73.1 -> 0.73.2
2024-09-09 06:08:10 -07:00
libedit
libedit: Make docs generation deterministic
2024-09-19 05:11:35 -07:00
libmodulemd
libmodulemd: upgrade 2.14.0 -> 2.15.0
2023-06-16 15:40:10 +01:00
librepo
librepo: update 1.16.0 -> 1.17.0
2024-03-07 17:25:02 +00:00
libtool
nativesdk-libtool: sanitize the script, remove buildpaths
2025-03-26 08:48:51 -07:00
llvm
llvm: fix build with gcc-15
2025-09-30 08:01:59 -07:00
log4cplus
log4cplus: upgrade 2.1.0 -> 2.1.1
2023-11-30 08:43:03 +00:00
lua
lua: update 5.4.4 -> 5.4.6
2023-06-27 16:23:40 +01:00
m4
m4: Stick to C17 standard
2025-09-01 08:30:56 -07:00
make
make: upgrade 4.4 -> 4.4.1
2023-03-11 00:08:41 +00:00
makedevs
makedevs: Fix matching uid/gid
2024-10-18 06:04:41 -07:00
meson
meson: don't use deprecated pkgconfig variable
2024-07-17 05:36:14 -07:00
mmc
mmc-utils: fix URL
2024-07-26 07:43:46 -07:00
mtd
mtd-utils: upgrade 2.1.5 -> 2.1.6
2023-09-26 10:35:27 +01:00
mtools
mtools: upgrade 4.0.48 -> 4.0.49
2025-07-29 07:59:53 -07:00
nasm
nasm: Upgrade 2.16.01 -> 2.16.03
2024-08-10 06:34:25 -07:00
ninja
ninja: fix build with python 3.13
2024-12-06 05:50:25 -08:00
opkg
opkg-arch-config: update recipe HOMEPAGE
2024-02-09 13:55:06 +00:00
opkg-utils
opkg-utils: Backport fix to drop --numeric-owner parameter
2024-01-12 11:54:05 +00:00
orc
orc: set CVE_PRODUCT
2025-07-29 07:59:52 -07:00
patch
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
patchelf
patchelf: add 3 fixes to optimize and fix uninative
2023-08-01 09:51:20 +01:00
perl
libxml-parser-perl: fix for CVE-2006-10003
2026-06-19 12:49:08 +01:00
perl-cross
perlcross: 1.6 -> 1.6.2
2025-05-02 08:20:11 -07:00
pkgconf
pkg-config-native: pick additional search paths from $EXTRA_NATIVE_PKGCONFIG_PATH
2025-02-12 06:25:37 -08:00
pkgconfig
pkgconfig: fix build with gcc-15
2025-09-01 08:30:56 -07:00
pseudo
pseudo: Update to version 1.9.8
2026-06-26 16:55:53 +01:00
python
python3: Fix CVE-2026-4519 and CVE-2026-4786
2026-06-26 16:55:53 +01:00
qemu
qemu: fix for CVE-2025-11234
2026-06-19 12:49:07 +01:00
quilt
quilt: Fix merge.test race condition
2023-05-05 11:07:25 +01:00
repo
repo: upgrade 2.41 -> 2.42
2024-03-07 17:25:03 +00:00
rpm
rpm: keep leading `/' from sed operation
2025-09-09 09:08:09 -07:00
rsync
rsync: fix for CVE-2026-41035
2026-05-12 21:31:33 +01:00
ruby
ruby: Upgrade 3.3.5 -> 3.3.10
2025-12-31 07:49:31 -08:00
run-postinsts
run-postinsts.service: Removed --no-reload to fix reload warning when users execute systemctl in the first boot.
2024-06-14 05:19:22 -07:00
rust
cargo: set CVE_PRODUCT
2026-06-10 14:35:20 +01:00
squashfs-tools
squashfs-tools: upgrade 4.5.1 -> 4.6.1
2023-06-16 15:40:11 +01:00
strace
strace: download release tarballs from GitHub
2024-11-26 06:11:30 -08:00
subversion
subversion: ignore CVE-2024-45720
2025-02-21 06:25:05 -08:00
swig
swig: upgrade 4.2.0 -> 4.2.1
2024-03-01 09:28:52 +00:00
syslinux
syslinux: Disable error on implicit-function-declaration
2024-02-05 14:06:10 +00:00
systemd-bootchart
systemd-bootchart: upgrade from 234 to 235
2024-01-07 12:24:57 +00:00
tcf-agent
tcf-agent: correct the SRC_URI
2025-07-07 07:42:58 -07:00
tcltk
tcl: skip http11 tests
2026-05-04 13:57:31 +01:00
unfs3
unfs3: Fix race issue causing a glibc test hang
2026-05-04 13:57:31 +01:00
unifdef
unifdef: Don't use C23 constexpr keyword
2025-09-01 08:30:56 -07:00
vala
vala: fix for gtk4 prior to 4.14
2024-03-18 12:21:45 +00:00
valgrind
valgrind: Backport fixes from 3.22 branch
2024-03-30 22:22:19 +00:00
xmlto
recipes/classes/scripts: Drop SRCPV usage in OE-Core
2023-08-24 16:50:24 +01:00