poky/recipes-devtools at 70b5e37d0df910ba0c0e90d4ae04f6390b8a925d - poky

mirror of https://git.yoctoproject.org/poky synced 2026-03-10 01:09:40 +01:00

Files

Praveen Kumar 212172aa13 go: Fix CVE-2024-45336

The HTTP client drops sensitive headers after following a cross-domain redirect.
For example, a request to a.com/ containing an Authorization header which is redirected to
b.com/ will not send that header to b.com. In the event that the client received a subsequent
same-domain redirect, however, the sensitive headers would be restored. For example, a chain
of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the
Authorization header to b.com/2.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45336

Upstream-patch:
b72d56f98d

(From OE-Core rev: 63e84b64f055ad7c91de67194e6739c96fb95496)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-02-15 06:04:43 -08:00

apt

apt: add missing <cstdint> for uint16_t

2023-10-18 05:13:24 -10:00

autoconf

autoconf: Update K & R stype functions

2022-09-16 17:53:22 +01:00

autoconf-archive

autoconf-archive: upgrade 2021.02.19 -> 2022.02.11

2022-02-16 09:46:29 +00:00

automake

automake: fix buildtest patch

2023-08-26 04:24:02 -10:00

binutils

binutils: internal gdb: Fix CVE-2024-53589

2025-02-05 06:54:35 -08:00

bison

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

bootchart2

bootchart2: Fix usrmerge support

2023-02-15 21:46:56 +00:00

btrfs-tools

btrfs-tools: upgrade 5.16 -> 5.16.2

2022-03-04 17:14:15 +00:00

cargo

rust-common: Drop LLVM_TARGET and simplify

2022-06-07 11:53:26 +01:00

ccache

ccache: fix build with gcc-13

2023-10-05 15:48:49 -10:00

cdrtools

cdrtools-native: fix build with gcc-14

2024-10-12 05:17:58 -07:00

chrpath

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

cmake

cmake: Fix sporadic issues when determining compiler internals

2024-11-15 06:05:32 -08:00

createrepo-c

createrepo-c: upgrade 0.18.0 -> 0.19.0

2022-03-16 10:31:40 +00:00

dejagnu

dejagnu: Fix LICENSE

2024-09-16 06:09:56 -07:00

desktop-file-utils

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

devel-config

Convert to new override syntax

2021-08-02 15:44:10 +01:00

diffstat

diffstat: remove unneeded patch

2021-11-25 21:55:10 +00:00

distcc

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

dmidecode

dmidecode: fixup for CVE-2023-30630

2023-08-19 05:56:58 -10:00

dnf

dnf: upgrade 4.10.0 -> 4.11.1

2022-03-16 10:31:40 +00:00

docbook-xml

docbook-xml: patch is not upstreamable

2021-11-03 11:12:26 +00:00

dosfstools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

dpkg

dpkg: fix CVE-2022-1664

2022-08-01 16:27:29 +01:00

dwarfsrcfiles

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

e2fsprogs

e2fsprogs: fix ptest bug for second running

2023-06-21 04:00:58 -10:00

elfutils

elfutils: Disable stringop-overflow warning for build host

2024-01-04 05:00:13 -10:00

erofs-utils

erofs-utils: Use __SANE_USERSPACE_TYPES__ on ppc64

2022-03-15 08:40:09 +00:00

expect

expect: modify fixline1 script

2022-03-16 13:39:12 +00:00

fdisk

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

file

file: fix CVE-2022-48554

2023-09-08 16:09:41 -10:00

flex

meta/scripts: Automated conversion of OE renamed variables

2022-02-21 23:37:27 +00:00

gcc

classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture

2025-01-24 07:49:28 -08:00

gdb

gdb: Fix CVE-2024-53589

2025-02-05 06:54:35 -08:00

git

git: Fix multiple CVEs

2024-06-01 19:07:52 -07:00

glide

go-helloworld/glide: Fix urls

2021-11-03 10:12:42 +00:00

gnu-config

gnu-config: update SRC_URI

2022-03-24 17:45:29 +00:00

go: Fix CVE-2024-45336

2025-02-15 06:04:43 -08:00

help2man

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

i2c-tools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

icecc-create-env

meta, meta-selftest: Replace more non-SPDX license identifiers

2022-03-01 23:44:59 +00:00

icecc-toolchain

Convert to new override syntax

2021-08-02 15:44:10 +01:00

intltool

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

jquery

meta/scripts: Automated conversion of OE renamed variables

2022-02-21 23:37:27 +00:00

json-c

json-c: define CVE_VERSION

2023-10-05 15:48:49 -10:00

libcomps

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

libdnf

libdnf: resolve cstdint inclusion for newer gcc versions

2023-09-08 16:09:42 -10:00

libedit

libedit: Make docs generation deterministic

2024-09-16 06:09:56 -07:00

libmodulemd

libmodulemd: upgrade 2.13.0 -> 2.14.0

2022-02-10 10:32:08 +00:00

librepo

librepo: upgrade 1.14.2 -> 1.14.3

2022-05-25 22:45:50 +01:00

libtool

libtool: Upgrade 2.4.6 -> 2.4.7

2022-03-23 12:13:49 +00:00

llvm

llvm: reduce size of -dbg package

2024-11-27 06:27:26 -08:00

log4cplus

log4cplus: upgrade 2.0.7 -> 2.0.8

2022-08-04 16:29:15 +01:00

lua

lua: Fix install conflict when enable multilib.

2023-03-20 17:20:44 +00:00

m4: Fix build on musl/ppc

2022-03-11 06:56:01 +00:00

make

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

makedevs

makedevs: Don't use COPYING.patch just to add license file into ${S}

2022-06-11 10:06:13 +01:00

meson

meson: Fix wrapper handling of implicit setup command

2023-03-20 17:20:44 +00:00

mmc

mmc-utils: upgrade to latest revision

2022-05-25 22:45:50 +01:00

mtd

mtd-utils: upgrade 2.1.4 -> 2.1.5

2022-12-01 19:35:05 +00:00

mtools

mtools: upgrade 4.0.37 -> 4.0.38

2022-03-20 00:02:22 +00:00

nasm

nasm: fix CVE-2020-21528

2023-09-08 16:09:41 -10:00

ninja

ninja: fix build with python 3.13

2024-12-02 06:23:20 -08:00

opkg

opkg: Set correct info_dir and status_file in opkg.conf

2022-12-13 15:23:34 +00:00

opkg-utils

opkg-utils: use a git clone, not a dynamic snapshot

2022-11-09 17:42:08 +00:00

orc

orc: upgrade 0.4.39 -> 0.4.40

2024-11-02 06:32:36 -07:00

patch

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

patchelf

patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak

2023-04-11 11:31:52 +01:00

perl

perl: ignore CVE-2023-47100

2024-04-19 04:50:38 -07:00

perl-cross

perl: update 5.34.1 -> 5.34.3

2023-12-22 16:36:55 -10:00

pkgconf

pkgconf: fix CVE-2023-24056

2023-03-23 22:45:33 +00:00

pkgconfig

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

pseudo

pseudo: Fix envp bug and add posix_spawn wrapper

2024-11-15 06:05:32 -08:00

python

python3: upgrade 3.10.15 -> 3.10.16

2025-01-09 08:41:04 -08:00

qemu

qemu: fix CVE-2024-3447

2024-12-09 07:54:03 -08:00

quilt

quilt: Fix merge.test race condition

2023-05-30 04:11:15 -10:00

repo

repo: upgrade 2.21 -> 2.22

2022-03-02 18:43:24 +00:00

rpm

rpm: Remove -Wimplicit-function-declaration warnings

2022-10-11 21:56:13 +01:00

rsync

rsync: fix CVE-2024-12747

2025-01-24 07:49:28 -08:00

ruby

ruby: fix CVE-2024-49761

2025-01-18 06:21:02 -08:00

run-postinsts

run-postinsts: Set dependency for ldconfig to avoid boot issues

2023-05-10 04:19:57 -10:00

rust

rust: ignore CVE-2024-43402

2024-10-12 05:17:57 -07:00

squashfs-tools

squashfs-tools: correct upstream version check

2022-03-20 00:02:22 +00:00

strace

strace: Update patches/tests with upstream fixes

2023-07-12 05:11:38 -10:00

subversion

subversion: fix CVE-2024-46901

2024-12-20 06:01:45 -08:00

swig

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

syslinux

syslinux: Disable error on implicit-function-declaration

2024-10-24 06:31:58 -07:00

systemd-bootchart

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

tcf-agent

tcf-agent: cleanup patches

2021-12-08 20:22:10 +00:00

tcltk

tcl: skip async and event tests in run-ptest

2024-04-19 04:50:39 -07:00

unfs3

unfs3: add missing Upstream-Status tag

2021-11-21 11:05:02 +00:00

unifdef

meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION

2021-02-26 15:21:21 +00:00

vala

vala: add -Wno-error=incompatible-pointer-types work around

2024-11-02 06:32:36 -07:00

valgrind

valgrind: disable avx_estimate_insn.vgtest

2024-10-12 05:17:58 -07:00

xmlto

xmlto: backport a patch to fix build with gcc-14 on host

2024-11-11 06:19:18 -08:00