poky/recipes-devtools at 31ea437bf7785201dd4fb04622ec97feba110c93 - poky

mirror of https://git.yoctoproject.org/poky synced 2026-05-29 15:52:40 +02:00

Files

Soumya Sambu 31ea437bf7 python3: Fix CVE-2024-8088

There is a HIGH severity vulnerability affecting the CPython "zipfile"
module. When iterating over names of entries in a zip archive (for example,
methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()",
etc) the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-8088

Upstream-Patch:
7ae310c56a

(From OE-Core rev: 2d98276ba70ed6c44afecd42a7352f1b3030438f)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-09-09 06:08:10 -07:00

apt

Revert "apt: runtime error: filename too long (tmpdir length)"

2024-07-23 06:05:47 -07:00

autoconf

autoconf: 2.72d -> 2.72e

2024-01-21 12:27:12 +00:00

autoconf-archive

autoconf-archive: upgrade 2022.09.03 -> 2023.02.20

2023-03-06 09:52:16 +00:00

automake

automake: mark new_rt_path_for_test-driver.patch as Inappropriate

2024-08-01 06:08:09 -07:00

binutils

binutils: stable 2.42 branch updates

2024-07-23 06:05:47 -07:00

bison

autoconf: Upgrade to 2.72c

2023-07-30 07:54:44 +01:00

bootchart2

recipes: Drop remaining PR values from recipes

2023-09-22 07:45:17 +01:00

btrfs-tools

btrfs-tools: upgrade 6.5.3 -> 6.7.1

2024-03-07 17:25:02 +00:00

ccache

ccache: upgrade 4.9 -> 4.9.1

2024-03-01 09:28:51 +00:00

cdrtools

cdrtools-native: fix build with gcc-14

2024-06-20 06:29:44 -07:00

chrpath

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

cmake

cmake: upgrade 3.27.7 -> 3.28.3

2024-02-08 17:12:54 +00:00

createrepo-c

createrepo-c: upgrade 1.0.3 -> 1.0.4

2024-03-01 09:28:51 +00:00

debugedit

debugedit: Use musl-legacy-error

2023-09-26 10:35:28 +01:00

dejagnu

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

desktop-file-utils

desktop-file-utils: upgrade 0.26 -> 0.27

2023-11-30 08:43:04 +00:00

devel-config

recipes: Drop remaining PR values from recipes

2023-09-22 07:45:17 +01:00

diffstat

diffstat: upgrade 1.65 -> 1.66

2024-02-03 22:08:26 +00:00

distcc

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

dmidecode

dmidecode: upgrade to 3.5

2023-05-05 11:07:25 +01:00

dnf

dnf/mesa: Fix missing leading whitespace with ':append'

2024-07-17 05:36:14 -07:00

docbook-xml

docbook-xml: Switch from debian packages to upstream docbook sources

2023-02-26 11:49:00 +00:00

dosfstools

meta: fix version checks in all github recipes using the github-releases class

2022-09-28 08:01:10 +01:00

dpkg

dpkg: mark patches adding custom non-debian architectures as inappropriate for upstream

2024-08-01 06:08:09 -07:00

dwarfsrcfiles

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

e2fsprogs

meta: depend on autoconf-archive-native, not autoconf-archive

2023-05-22 10:53:48 +01:00

elfutils

elfutils: fix unused variable BUFFER_SIZE

2024-03-20 18:20:38 +00:00

erofs-utils

erofs-utils: upgrade 1.6 -> 1.7.1

2023-11-30 08:43:04 +00:00

expect

expect-native: fix do_compile failure with gcc-14

2024-09-03 05:39:12 -07:00

fdisk

gptfdisk: Make the version consistent

2024-01-10 17:01:28 +00:00

file

file: enable additional internal compressor support

2024-02-08 10:59:06 +00:00

flex

bash/flex: Ensure BUILD_FLAGS doesn't leak onto target

2024-03-19 15:25:12 +00:00

gcc

libgfortran.inc: fix nativesdk-libgfortran dependencies

2024-08-26 05:18:44 -07:00

gdb

gdb: Upgrade 14.1 -> 14.2

2024-03-05 12:24:49 +00:00

git

git: upgrade 2.44.0 -> 2.44.1

2024-06-14 05:19:22 -07:00

gnu-config

gnu-config: Update to latest version

2024-02-06 10:32:19 +00:00

go: upgrade 1.22.5 -> 1.22.6

2024-08-26 05:18:43 -07:00

help2man

help2man: upgrade 1.49.2 -> 1.49.3

2022-12-22 23:05:50 +00:00

i2c-tools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

icecc-create-env

recipes: Drop remaining PR values from recipes

2023-09-22 07:45:17 +01:00

icecc-toolchain

Convert to new override syntax

2021-08-02 15:44:10 +01:00

intltool

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

jquery

jquery: upgrade 3.7.0 -> 3.7.1

2023-09-26 10:35:27 +01:00

json-c

json-c: fix icecc compilation

2023-12-02 17:18:57 +00:00

libcomps

libcomps: upgrade 0.1.19 -> 0.1.20

2023-10-19 13:38:57 +01:00

libdnf

libdnf: upgrade 0.73.0 -> 0.73.1

2024-05-03 06:12:22 -07:00

libedit

libedit: upgrade 20221030-3.1 -> 20230828-3.1

2023-09-02 18:23:05 +01:00

libmodulemd

libmodulemd: upgrade 2.14.0 -> 2.15.0

2023-06-16 15:40:10 +01:00

librepo

librepo: update 1.16.0 -> 1.17.0

2024-03-07 17:25:02 +00:00

libtool

libtool: Update further patch status to backport

2024-01-19 00:16:41 +00:00

llvm

llvm: Enable libllvm for native build

2024-08-26 05:18:44 -07:00

log4cplus

log4cplus: upgrade 2.1.0 -> 2.1.1

2023-11-30 08:43:03 +00:00

lua

lua: update 5.4.4 -> 5.4.6

2023-06-27 16:23:40 +01:00

m4: Do not munge locale in ptests for musl

2023-04-27 14:41:31 +01:00

make

make: upgrade 4.4 -> 4.4.1

2023-03-11 00:08:41 +00:00

makedevs

makedevs: Don't use COPYING.patch just to add license file into ${S}

2022-05-27 23:50:48 +01:00

meson

meson: don't use deprecated pkgconfig variable

2024-07-17 05:36:14 -07:00

mmc

mmc-utils: fix URL

2024-07-26 07:43:46 -07:00

mtd

mtd-utils: upgrade 2.1.5 -> 2.1.6

2023-09-26 10:35:27 +01:00

mtools

mtools: upgrade 4.0.42 -> 4.0.43

2023-04-13 11:56:07 +01:00

nasm

nasm: Upgrade 2.16.01 -> 2.16.03

2024-08-10 06:34:25 -07:00

ninja

cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS

2023-07-21 11:52:26 +01:00

opkg

opkg-arch-config: update recipe HOMEPAGE

2024-02-09 13:55:06 +00:00

opkg-utils

opkg-utils: Backport fix to drop --numeric-owner parameter

2024-01-12 11:54:05 +00:00

orc

orc: upgrade 0.4.38 -> 0.4.39

2024-08-10 06:34:25 -07:00

patch

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

patchelf

patchelf: add 3 fixes to optimize and fix uninative

2023-08-01 09:51:20 +01:00

perl

perl: submit the rest of determinism.patch upstream

2024-07-17 05:36:14 -07:00

perl-cross

perlcross: update to 1.5.2

2023-12-21 10:38:29 +00:00

pkgconf

pkgconf: upgrade 2.1.0 -> 2.1.1

2024-03-01 09:28:51 +00:00

pkgconfig

recipes/classes/scripts: Drop SRCPV usage in OE-Core

2023-08-24 16:50:24 +01:00

pseudo

pseudo: Update to include open symlink handling bugfix

2024-08-06 19:11:18 -07:00

python

python3: Fix CVE-2024-8088

2024-09-09 06:08:10 -07:00

qemu

qemu: fix CVE-2024-7409

2024-09-03 05:39:12 -07:00

quilt

quilt: Fix merge.test race condition

2023-05-05 11:07:25 +01:00

repo

repo: upgrade 2.41 -> 2.42

2024-03-07 17:25:03 +00:00

rpm

rpm: update 4.19.1 -> 4.19.1.1

2024-05-03 06:12:21 -07:00

rsync

cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS

2023-07-21 11:52:26 +01:00

ruby

ruby: Backport fix for CVE-2024-27282

2024-08-26 05:18:43 -07:00

run-postinsts

run-postinsts.service: Removed --no-reload to fix reload warning when users execute systemctl in the first boot.

2024-06-14 05:19:22 -07:00

rust

rust: Add new varaible RUST_ENABLE_EXTRA_TOOLS

2024-08-06 19:11:18 -07:00

squashfs-tools

squashfs-tools: upgrade 4.5.1 -> 4.6.1

2023-06-16 15:40:11 +01:00

strace

strace: Upgrade to 6.7

2024-02-06 10:32:19 +00:00

subversion

subversion: upgrade 1.14.2 -> 1.14.3

2024-01-07 12:24:57 +00:00

swig

swig: upgrade 4.2.0 -> 4.2.1

2024-03-01 09:28:52 +00:00

syslinux

syslinux: Disable error on implicit-function-declaration

2024-02-05 14:06:10 +00:00

systemd-bootchart

systemd-bootchart: upgrade from 234 to 235

2024-01-07 12:24:57 +00:00

tcf-agent

tcf-agent: Disable non-building features on loongarch64

2023-09-07 07:53:51 +01:00

tcltk

tcl: Forward port skip logic for musl ptests

2024-03-30 22:22:19 +00:00

unfs3

unfs3: fix symlink time setting issue

2023-05-05 11:07:25 +01:00

unifdef

recipes: Enable nativesdk for gperf, unifdef, gi-docgen and its dependencies

2022-12-21 10:16:31 +00:00

vala

vala: fix for gtk4 prior to 4.14

2024-03-18 12:21:45 +00:00

valgrind

valgrind: Backport fixes from 3.22 branch

2024-03-30 22:22:19 +00:00

xmlto

recipes/classes/scripts: Drop SRCPV usage in OE-Core

2023-08-24 16:50:24 +01:00