mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-28 06:32:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2d0d967bea12ddc705653d52561dd5cd0ee56fc3
poky/meta/recipes-support
History
Changqing Li 51dbc10084 libsoup: fix CVE-2024-52530, CVE-2024-52531 
CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
Input received over the network cannot trigger this.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52531

CVE-2024-52530:
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
configurations because '\0' characters at the end of header names are
ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the
same as a "Transfer-Encoding: chunked" header.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52530

(From OE-Core rev: 0af9ac076cdbab70f526520acbbb0c38d237c407)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-12-06 05:50:25 -08:00
..
appstream
appstream: upgrade 1.0.2 -> 1.0.3
2024-06-20 06:29:43 -07:00
apr
apr: upgrade 1.7.4 -> 1.7.5
2024-09-09 06:08:10 -07:00
argp-standalone
argp-standalone: replace with a maintained fork
2022-11-01 17:34:59 +00:00
aspell
aspell: upgrade 0.60.8 -> 0.60.8.1
2024-01-01 23:11:42 +00:00
atk
at-spi2-core: upgrade 2.50.0 -> 2.50.1
2024-02-03 22:08:25 +00:00
attr
acl: upgrade 2.3.1 -> 2.3.2
2024-03-07 17:25:02 +00:00
bash-completion
bash-completion: upgrade 2.11 -> 2.12.0
2024-03-01 09:28:51 +00:00
bmaptool
bmaptool: update to latest
2024-03-23 10:18:20 +00:00
boost
boost: upgrade 1.83.0 -> 1.84.0
2024-03-07 17:25:02 +00:00
ca-certificates
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
consolekit
consolekit: Disable incompatible-pointer-types warning as error
2024-06-20 06:29:43 -07:00
curl
curl: patch CVE-2024-9681
2024-11-18 06:59:35 -08:00
db
db: ignore implicit-int and implicit-function-declaration issues fatal with gcc-14
2024-06-20 06:29:44 -07:00
debianutils
debianutils: upgrade 5.15 -> 5.16
2024-01-21 12:27:12 +00:00
diffoscope
diffoscope: upgrade 253 -> 259
2024-03-07 17:25:02 +00:00
dos2unix
dos2unix: upgrade 7.5.1 -> 7.5.2
2024-02-03 22:08:26 +00:00
enchant
enchant2: fix do_fetch error
2024-11-18 06:59:35 -08:00
fribidi
fribidi: upgrade 1.0.13 -> 1.0.14
2024-07-17 05:36:13 -07:00
gdbm
gdbm: improve run-ptest
2023-05-25 10:29:08 +01:00
gmp
gmp: improve reproducibility
2024-04-04 14:05:03 +01:00
gnome-desktop-testing
recipes: Default to https git protocol where possible
2023-05-05 11:07:25 +01:00
gnupg
gnupg: Document CVE-2022-3219 and mark wontfix
2024-10-11 05:47:37 -07:00
gnutls
gnutls: upgrade 3.8.3 -> 3.8.4
2024-04-04 14:05:03 +01:00
gpgme
gpgme: move gpgme-tool to own sub-package
2024-08-06 19:11:18 -07:00
icu
icu: update patch Upstream-Status
2024-10-30 08:30:00 -07:00
iso-codes
iso-codes: upgrade 4.15.0 -> 4.16.0
2024-02-03 22:08:25 +00:00
itstool
itstool: add missing COPYING.GPL3
2022-04-14 09:47:00 +01:00
libassuan
libassuan: upgrade 2.5.5 -> 2.5.6
2023-06-28 07:56:33 +01:00
libatomic-ops
libatomic-ops: upgrade 7.8.0 -> 7.8.2
2023-12-23 08:46:00 +00:00
libbsd
libbsd: upgrade 0.11.8 -> 0.12.1
2024-03-07 17:25:02 +00:00
libcap
libcap: upgrade 2.68 -> 2.69
2023-06-02 15:16:35 +01:00
libcap-ng
libcap-ng: update SRC_URI
2024-09-03 05:39:12 -07:00
libcheck
libcheck: add ghetto automake output
2023-05-25 10:29:08 +01:00
libdaemon
recipes: remove unused AUTHOR variable
2023-08-10 09:18:53 +01:00
libevdev
libevdev: upgrade 1.13.0 -> 1.13.1
2023-05-22 10:53:49 +01:00
libevent
libevent: fix patch Upstream-Status
2023-09-20 23:51:11 +01:00
libexif
libexif: remove unused version_underscore
2024-02-29 10:26:13 +00:00
libffi
libffi: upgrade 3.4.5 -> 3.4.6
2024-03-01 09:28:51 +00:00
libfm
lrzsz connman-gnome libfm: ignore various issues fatal with gcc-14
2024-06-20 06:29:43 -07:00
libgcrypt
meta: Remove some not needed CVE_STATUS
2024-02-24 16:10:23 +00:00
libgit2
libgit2: update 1.7.1 -> 1.7.2
2024-02-18 22:02:40 +00:00
libgpg-error
libgpg-error: upgrade 1.47 -> 1.48
2024-03-01 09:28:51 +00:00
libical
libical: upgrade 3.0.16 -> 3.0.17
2023-11-05 11:28:39 +00:00
libjitterentropy
abi_version/sstate: Handle pkgconfig output changes and bump output versions
2023-03-26 18:50:17 +01:00
libksba
libksba: upgrade 1.6.5 -> 1.6.6
2024-03-01 09:28:51 +00:00
libmd
libmd: upgrade 1.0.4 -> 1.1.0
2023-06-28 07:56:33 +01:00
libmicrohttpd
libmicrohttpd: upgrade 0.9.77 -> 1.0.1
2024-03-01 09:28:51 +00:00
libmpc
libmpc: upgrade 1.2.1 -> 1.3.1
2022-12-22 23:05:50 +00:00
libnl
libnl: change HOMEPAGE
2024-07-26 07:43:46 -07:00
libpcre
libpcre2: Update base uri PhilipHazel -> PCRE2Project
2024-10-18 06:04:40 -07:00
libproxy
libproxy: upgrade 0.5.3 -> 0.5.4
2024-02-17 18:19:19 +00:00
libpsl
libpsl: upgrade 0.21.2 -> 0.21.5
2024-01-24 15:46:19 +00:00
libseccomp
libseccomp: Fix build when python packageconfig is enabled
2024-04-12 17:27:53 +01:00
libsoup
libsoup: fix CVE-2024-52530, CVE-2024-52531
2024-12-06 05:50:25 -08:00
libssh2
libssh2: backport fix for CVE-2023-48795
2024-01-24 15:46:19 +00:00
libunistring
libunistring: upgrade 1.1 -> 1.2
2024-03-01 09:28:51 +00:00
libunwind
libunwind: ignore various issues now fatal with gcc-14
2024-06-20 06:29:43 -07:00
liburcu
liburcu: upgrade 0.13.2 -> 0.14.0
2023-02-19 07:47:53 +00:00
libusb
libusb1: Set CVE_PRODUCT
2024-06-05 05:57:12 -07:00
libxslt
libxslt: upgrade 1.1.38 -> 1.1.39
2023-11-30 08:43:03 +00:00
libyaml
libyaml: Ignore CVE-2024-35325
2024-09-03 05:39:12 -07:00
lz4
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
2023-07-21 11:52:26 +01:00
lzo
lzo: Add further info to a patch and mark as Inactive-Upstream
2022-05-27 23:50:48 +01:00
lzop
Revert "lzop: remove recipe from oe-core"
2024-02-09 16:18:05 +00:00
mpfr
mpfr: upgrade 4.2.0 -> 4.2.1
2023-09-02 18:23:05 +01:00
nettle
nettle: avoid neon on unsupported machines
2023-09-04 20:14:14 +01:00
nghttp2
nghttp2: Upgrade 1.60.1 -> 1.61.0
2024-04-08 23:33:32 +01:00
npth
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
nss-myhostname
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
numactl
numactl: Upgrade 2.0.17 -> 2.0.18
2024-02-21 22:20:10 +00:00
p11-kit
p11-kit: ignore various issues fatal with gcc-14 (for 32bit MACHINEs)
2024-06-20 06:29:43 -07:00
pinentry
pinentry: update 1.2.0 -> 1.2.1
2022-10-29 16:28:35 +01:00
popt
popt: update 1.18 -> 1.19
2022-11-22 12:26:46 +00:00
ptest-runner
ptest-runner: Update 2.4.4 -> 2.4.5
2024-10-18 06:04:40 -07:00
re2c
re2c: upgrade 3.0 -> 3.1
2023-08-14 12:51:21 +01:00
rng-tools
rng-tools: ignore incompatible-pointer-types errors for now
2024-07-09 06:02:55 -07:00
serf
serf: mark patch as inappropriate for upstream submission
2024-06-19 08:34:58 -07:00
shared-mime-info
shared-mime-info: drop itstool-native from DEPENDS
2024-11-26 06:11:30 -08:00
sqlite
sqlite3: upgrade 3.45.1 -> 3.45.3
2024-10-30 08:30:00 -07:00
taglib
taglib: upgrade 2.0 -> 2.0.1
2024-06-19 08:34:57 -07:00
user-creation
Convert to new override syntax
2021-08-02 15:44:10 +01:00
utfcpp
taglib: upgrade 1.13.1 -> 2.0 and add utfcpp recipe to support that
2024-03-07 17:25:03 +00:00
vim
vim: Upgrade 9.1.0698 -> 9.1.0764
2024-10-30 08:30:00 -07:00
vte
vte: fix CVE-2024-37535
2024-07-23 06:05:47 -07:00
xxhash
xxhash: upgrade 0.8.1 -> 0.8.2
2023-08-14 12:51:21 +01:00