mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-11 19:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
481b2600a934965246311afd5bdb86a299beb310
poky/meta/recipes-devtools
History
Divya Chellam 61c55b9e30 ruby: fix CVE-2024-49761 
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS
vulnerability when it parses an XML that has many digits between &# and x...;
in a hex numeric character reference (&#x.... This does not happen with
Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby.
The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

CVE-2024-49761-0009.patch is the CVE fix and rest are dependent commits.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-49761

Upstream-patch:
810d228523
83ca5c4b0f
51217dbcc6
7e4049f6a6
fc6cad570b
7712855547
370666e314
a579730f25
ce59f2eb1a

(From OE-Core rev: 5b453400e9dd878b81b1447d14b3f518809de17e)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-01-18 06:21:02 -08:00
..
apt
apt: add missing <cstdint> for uint16_t
2023-10-18 05:13:24 -10:00
autoconf
autoconf: Update K & R stype functions
2022-09-16 17:53:22 +01:00
autoconf-archive
autoconf-archive: upgrade 2021.02.19 -> 2022.02.11
2022-02-16 09:46:29 +00:00
automake
automake: fix buildtest patch
2023-08-26 04:24:02 -10:00
binutils
bintuils: stable 2.38 branch update
2024-10-07 05:43:22 -07:00
bison
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
bootchart2
bootchart2: Fix usrmerge support
2023-02-15 21:46:56 +00:00
btrfs-tools
btrfs-tools: upgrade 5.16 -> 5.16.2
2022-03-04 17:14:15 +00:00
cargo
rust-common: Drop LLVM_TARGET and simplify
2022-06-07 11:53:26 +01:00
ccache
ccache: fix build with gcc-13
2023-10-05 15:48:49 -10:00
cdrtools
cdrtools-native: fix build with gcc-14
2024-10-12 05:17:58 -07:00
chrpath
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
cmake
cmake: Fix sporadic issues when determining compiler internals
2024-11-15 06:05:32 -08:00
createrepo-c
createrepo-c: upgrade 0.18.0 -> 0.19.0
2022-03-16 10:31:40 +00:00
dejagnu
dejagnu: Fix LICENSE
2024-09-16 06:09:56 -07:00
desktop-file-utils
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
devel-config
Convert to new override syntax
2021-08-02 15:44:10 +01:00
diffstat
diffstat: remove unneeded patch
2021-11-25 21:55:10 +00:00
distcc
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
dmidecode
dmidecode: fixup for CVE-2023-30630
2023-08-19 05:56:58 -10:00
dnf
dnf: upgrade 4.10.0 -> 4.11.1
2022-03-16 10:31:40 +00:00
docbook-xml
docbook-xml: patch is not upstreamable
2021-11-03 11:12:26 +00:00
dosfstools
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
dpkg
dpkg: fix CVE-2022-1664
2022-08-01 16:27:29 +01:00
dwarfsrcfiles
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
e2fsprogs
e2fsprogs: fix ptest bug for second running
2023-06-21 04:00:58 -10:00
elfutils
elfutils: Disable stringop-overflow warning for build host
2024-01-04 05:00:13 -10:00
erofs-utils
erofs-utils: Use __SANE_USERSPACE_TYPES__ on ppc64
2022-03-15 08:40:09 +00:00
expect
expect: modify fixline1 script
2022-03-16 13:39:12 +00:00
fdisk
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
file
file: fix CVE-2022-48554
2023-09-08 16:09:41 -10:00
flex
meta/scripts: Automated conversion of OE renamed variables
2022-02-21 23:37:27 +00:00
gcc
gcc: restore a patch for Neoverse N2 core
2024-11-11 06:19:18 -08:00
gdb
gdb: Fix CVE-2023-39130
2024-02-09 03:46:50 -10:00
git
git: Fix multiple CVEs
2024-06-01 19:07:52 -07:00
glide
go-helloworld/glide: Fix urls
2021-11-03 10:12:42 +00:00
gnu-config
gnu-config: update SRC_URI
2022-03-24 17:45:29 +00:00
go
go: Fix CVE-2024-34158
2025-01-18 06:21:02 -08:00
help2man
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
i2c-tools
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
icecc-create-env
meta, meta-selftest: Replace more non-SPDX license identifiers
2022-03-01 23:44:59 +00:00
icecc-toolchain
Convert to new override syntax
2021-08-02 15:44:10 +01:00
intltool
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
jquery
meta/scripts: Automated conversion of OE renamed variables
2022-02-21 23:37:27 +00:00
json-c
json-c: define CVE_VERSION
2023-10-05 15:48:49 -10:00
libcomps
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libdnf
libdnf: resolve cstdint inclusion for newer gcc versions
2023-09-08 16:09:42 -10:00
libedit
libedit: Make docs generation deterministic
2024-09-16 06:09:56 -07:00
libmodulemd
libmodulemd: upgrade 2.13.0 -> 2.14.0
2022-02-10 10:32:08 +00:00
librepo
librepo: upgrade 1.14.2 -> 1.14.3
2022-05-25 22:45:50 +01:00
libtool
libtool: Upgrade 2.4.6 -> 2.4.7
2022-03-23 12:13:49 +00:00
llvm
llvm: reduce size of -dbg package
2024-11-27 06:27:26 -08:00
log4cplus
log4cplus: upgrade 2.0.7 -> 2.0.8
2022-08-04 16:29:15 +01:00
lua
lua: Fix install conflict when enable multilib.
2023-03-20 17:20:44 +00:00
m4
m4: Fix build on musl/ppc
2022-03-11 06:56:01 +00:00
make
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
makedevs
makedevs: Don't use COPYING.patch just to add license file into ${S}
2022-06-11 10:06:13 +01:00
meson
meson: Fix wrapper handling of implicit setup command
2023-03-20 17:20:44 +00:00
mmc
mmc-utils: upgrade to latest revision
2022-05-25 22:45:50 +01:00
mtd
mtd-utils: upgrade 2.1.4 -> 2.1.5
2022-12-01 19:35:05 +00:00
mtools
mtools: upgrade 4.0.37 -> 4.0.38
2022-03-20 00:02:22 +00:00
nasm
nasm: fix CVE-2020-21528
2023-09-08 16:09:41 -10:00
ninja
ninja: fix build with python 3.13
2024-12-02 06:23:20 -08:00
opkg
opkg: Set correct info_dir and status_file in opkg.conf
2022-12-13 15:23:34 +00:00
opkg-utils
opkg-utils: use a git clone, not a dynamic snapshot
2022-11-09 17:42:08 +00:00
orc
orc: upgrade 0.4.39 -> 0.4.40
2024-11-02 06:32:36 -07:00
patch
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
patchelf
patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak
2023-04-11 11:31:52 +01:00
perl
perl: ignore CVE-2023-47100
2024-04-19 04:50:38 -07:00
perl-cross
perl: update 5.34.1 -> 5.34.3
2023-12-22 16:36:55 -10:00
pkgconf
pkgconf: fix CVE-2023-24056
2023-03-23 22:45:33 +00:00
pkgconfig
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
pseudo
pseudo: Fix envp bug and add posix_spawn wrapper
2024-11-15 06:05:32 -08:00
python
python3: upgrade 3.10.15 -> 3.10.16
2025-01-09 08:41:04 -08:00
qemu
qemu: fix CVE-2024-3447
2024-12-09 07:54:03 -08:00
quilt
quilt: Fix merge.test race condition
2023-05-30 04:11:15 -10:00
repo
repo: upgrade 2.21 -> 2.22
2022-03-02 18:43:24 +00:00
rpm
rpm: Remove -Wimplicit-function-declaration warnings
2022-10-11 21:56:13 +01:00
rsync
rsync: Turn on -pedantic-errors at the end of 'configure'
2023-04-11 11:31:52 +01:00
ruby
ruby: fix CVE-2024-49761
2025-01-18 06:21:02 -08:00
run-postinsts
run-postinsts: Set dependency for ldconfig to avoid boot issues
2023-05-10 04:19:57 -10:00
rust
rust: ignore CVE-2024-43402
2024-10-12 05:17:57 -07:00
squashfs-tools
squashfs-tools: correct upstream version check
2022-03-20 00:02:22 +00:00
strace
strace: Update patches/tests with upstream fixes
2023-07-12 05:11:38 -10:00
subversion
subversion: fix CVE-2024-46901
2024-12-20 06:01:45 -08:00
swig
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
syslinux
syslinux: Disable error on implicit-function-declaration
2024-10-24 06:31:58 -07:00
systemd-bootchart
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
tcf-agent
tcf-agent: cleanup patches
2021-12-08 20:22:10 +00:00
tcltk
tcl: skip async and event tests in run-ptest
2024-04-19 04:50:39 -07:00
unfs3
unfs3: add missing Upstream-Status tag
2021-11-21 11:05:02 +00:00
unifdef
meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION
2021-02-26 15:21:21 +00:00
vala
vala: add -Wno-error=incompatible-pointer-types work around
2024-11-02 06:32:36 -07:00
valgrind
valgrind: disable avx_estimate_insn.vgtest
2024-10-12 05:17:58 -07:00
xmlto
xmlto: backport a patch to fix build with gcc-14 on host
2024-11-11 06:19:18 -08:00