poky/recipes-devtools at 6313a595f9b5e0764701db134e91e2f1d7b72fa5 - poky

mirror of https://git.yoctoproject.org/poky synced 2026-02-22 01:19:41 +01:00

Files

Soumya Sambu 7506cbff40 go: Fix CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files
differs from the behavior of most zip implementations. This misalignment
could be exploited to create an zip file with contents that vary depending
on the implementation reading the file. The archive/zip package now rejects
files containing these errors.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-24789

Upstream-patch:
c8e40338cf

(From OE-Core rev: f198fdc392c6e3b99431383ab6577749e83f1cb3)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-08-08 09:03:45 -07:00

apt

apt: add missing <cstdint> for uint16_t

2023-10-18 05:13:24 -10:00

autoconf

autoconf: Update K & R stype functions

2022-09-16 17:53:22 +01:00

autoconf-archive

autoconf-archive: upgrade 2021.02.19 -> 2022.02.11

2022-02-16 09:46:29 +00:00

automake

automake: fix buildtest patch

2023-08-26 04:24:02 -10:00

binutils

binutils: Rename CVE-2022-38126 patch to CVE-2022-35205

2024-05-29 05:24:08 -07:00

bison

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

bootchart2

bootchart2: Fix usrmerge support

2023-02-15 21:46:56 +00:00

btrfs-tools

btrfs-tools: upgrade 5.16 -> 5.16.2

2022-03-04 17:14:15 +00:00

cargo

rust-common: Drop LLVM_TARGET and simplify

2022-06-07 11:53:26 +01:00

ccache

ccache: fix build with gcc-13

2023-10-05 15:48:49 -10:00

cdrtools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

chrpath

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

cmake

cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

2024-02-28 03:32:09 -10:00

createrepo-c

createrepo-c: upgrade 0.18.0 -> 0.19.0

2022-03-16 10:31:40 +00:00

dejagnu

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

desktop-file-utils

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

devel-config

Convert to new override syntax

2021-08-02 15:44:10 +01:00

diffstat

diffstat: remove unneeded patch

2021-11-25 21:55:10 +00:00

distcc

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

dmidecode

dmidecode: fixup for CVE-2023-30630

2023-08-19 05:56:58 -10:00

dnf

dnf: upgrade 4.10.0 -> 4.11.1

2022-03-16 10:31:40 +00:00

docbook-xml

docbook-xml: patch is not upstreamable

2021-11-03 11:12:26 +00:00

dosfstools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

dpkg

dpkg: fix CVE-2022-1664

2022-08-01 16:27:29 +01:00

dwarfsrcfiles

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

e2fsprogs

e2fsprogs: fix ptest bug for second running

2023-06-21 04:00:58 -10:00

elfutils

elfutils: Disable stringop-overflow warning for build host

2024-01-04 05:00:13 -10:00

erofs-utils

erofs-utils: Use __SANE_USERSPACE_TYPES__ on ppc64

2022-03-15 08:40:09 +00:00

expect

expect: modify fixline1 script

2022-03-16 13:39:12 +00:00

fdisk

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

file

file: fix CVE-2022-48554

2023-09-08 16:09:41 -10:00

flex

meta/scripts: Automated conversion of OE renamed variables

2022-02-21 23:37:27 +00:00

gcc

gcc-runtime: remove bashism

2024-08-05 06:02:01 -07:00

gdb

gdb: Fix CVE-2023-39130

2024-02-09 03:46:50 -10:00

git

git: Fix multiple CVEs

2024-06-01 19:07:52 -07:00

glide

go-helloworld/glide: Fix urls

2021-11-03 10:12:42 +00:00

gnu-config

gnu-config: update SRC_URI

2022-03-24 17:45:29 +00:00

go: Fix CVE-2024-24789

2024-08-08 09:03:45 -07:00

help2man

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

i2c-tools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

icecc-create-env

meta, meta-selftest: Replace more non-SPDX license identifiers

2022-03-01 23:44:59 +00:00

icecc-toolchain

Convert to new override syntax

2021-08-02 15:44:10 +01:00

intltool

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

jquery

meta/scripts: Automated conversion of OE renamed variables

2022-02-21 23:37:27 +00:00

json-c

json-c: define CVE_VERSION

2023-10-05 15:48:49 -10:00

libcomps

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libdnf

libdnf: resolve cstdint inclusion for newer gcc versions

2023-09-08 16:09:42 -10:00

libedit

libedit: upgrade 20210714-3.1 -> 20210910-3.1

2021-10-23 17:42:25 +01:00

libmodulemd

libmodulemd: upgrade 2.13.0 -> 2.14.0

2022-02-10 10:32:08 +00:00

librepo

librepo: upgrade 1.14.2 -> 1.14.3

2022-05-25 22:45:50 +01:00

libtool

libtool: Upgrade 2.4.6 -> 2.4.7

2022-03-23 12:13:49 +00:00

llvm

llvm: Fix CVE-2024-31852

2024-08-05 06:02:01 -07:00

log4cplus

log4cplus: upgrade 2.0.7 -> 2.0.8

2022-08-04 16:29:15 +01:00

lua

lua: Fix install conflict when enable multilib.

2023-03-20 17:20:44 +00:00

m4: Fix build on musl/ppc

2022-03-11 06:56:01 +00:00

make

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

makedevs

makedevs: Don't use COPYING.patch just to add license file into ${S}

2022-06-11 10:06:13 +01:00

meson

meson: Fix wrapper handling of implicit setup command

2023-03-20 17:20:44 +00:00

mmc

mmc-utils: upgrade to latest revision

2022-05-25 22:45:50 +01:00

mtd

mtd-utils: upgrade 2.1.4 -> 2.1.5

2022-12-01 19:35:05 +00:00

mtools

mtools: upgrade 4.0.37 -> 4.0.38

2022-03-20 00:02:22 +00:00

nasm

nasm: fix CVE-2020-21528

2023-09-08 16:09:41 -10:00

ninja

ninja: ignore CVE-2021-4336, wrong ninja

2023-07-01 08:37:24 -10:00

opkg

opkg: Set correct info_dir and status_file in opkg.conf

2022-12-13 15:23:34 +00:00

opkg-utils

opkg-utils: use a git clone, not a dynamic snapshot

2022-11-09 17:42:08 +00:00

orc

Convert to new override syntax

2021-08-02 15:44:10 +01:00

patch

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

patchelf

patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak

2023-04-11 11:31:52 +01:00

perl

perl: ignore CVE-2023-47100

2024-04-19 04:50:38 -07:00

perl-cross

perl: update 5.34.1 -> 5.34.3

2023-12-22 16:36:55 -10:00

pkgconf

pkgconf: fix CVE-2023-24056

2023-03-23 22:45:33 +00:00

pkgconfig

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

pseudo

pseudo: Fix to work with glibc 2.38

2023-09-23 05:26:15 -10:00

python

python3-jinja2: Upgrade 3.1.3 -> 3.1.4

2024-07-24 07:51:58 -07:00

qemu

qemu: Fix for CVE-2023-6683

2024-04-05 07:23:59 -07:00

quilt

quilt: Fix merge.test race condition

2023-05-30 04:11:15 -10:00

repo

repo: upgrade 2.21 -> 2.22

2022-03-02 18:43:24 +00:00

rpm

rpm: Remove -Wimplicit-function-declaration warnings

2022-10-11 21:56:13 +01:00

rsync

rsync: Turn on -pedantic-errors at the end of 'configure'

2023-04-11 11:31:52 +01:00

ruby

ruby: backport fix for CVE-2024-27282

2024-07-24 07:51:58 -07:00

run-postinsts

run-postinsts: Set dependency for ldconfig to avoid boot issues

2023-05-10 04:19:57 -10:00

rust

rust: add CVE_CHECK_IGNORE for CVE-2024-24576

2024-04-21 06:33:34 -07:00

squashfs-tools

squashfs-tools: correct upstream version check

2022-03-20 00:02:22 +00:00

strace

strace: Update patches/tests with upstream fixes

2023-07-12 05:11:38 -10:00

subversion

subversion: upgrade to 1.14.2

2022-05-04 13:07:33 +01:00

swig

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

syslinux

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

systemd-bootchart

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

tcf-agent

tcf-agent: cleanup patches

2021-12-08 20:22:10 +00:00

tcltk

tcl: skip async and event tests in run-ptest

2024-04-19 04:50:39 -07:00

unfs3

unfs3: add missing Upstream-Status tag

2021-11-21 11:05:02 +00:00

unifdef

meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION

2021-02-26 15:21:21 +00:00

vala

vala: Fix install conflict when enable multilib.

2023-03-20 17:20:44 +00:00

valgrind

valgrind: skip intermittently failing ptest

2024-04-21 06:33:35 -07:00

xmlto

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00