mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-26 18:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
97ee1f80870745bf6c542ee2f184c9e468672714
poky/meta/recipes-devtools
History
Sinan Kaya 97ee1f8087 python3: CVE-2018-1061 
* CVE-2018-1060
Prevent low-grade poplib REDOS:
The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.

Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.

* CVE-2018-1061
Prevent difflib REDOS
The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.
Replace it with an equivalent non-vulnerable regex.

Affects < 3.5.6rc1

CVE: CVE-2018-1060
CVE: CVE-2018-1061
Ref: https://access.redhat.com/security/cve/cve-2018-1060
Ref: https://access.redhat.com/security/cve/cve-2018-1061

(From OE-Core rev: 1461bcc72e6649920ecf4226e006e5667c48a21c)

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-10-18 11:08:53 +01:00
..
apt
apt: refresh patches
2018-03-09 09:17:03 -08:00
autoconf
autoconf: Override config.guess/.sub in source tree
2017-12-18 18:03:57 +00:00
autoconf-archive
autoconf-archive: inherit allarch and fix package splitting
2017-11-21 13:06:12 +00:00
automake
automake: refresh patches
2018-03-09 09:17:03 -08:00
binutils
binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active.
2018-09-27 12:17:45 +01:00
bison
bison: remove pointless gettext-minimal-native DEPENDS
2018-01-11 10:26:06 +00:00
bootchart2
bootchart2: update canonical git URL
2018-04-13 16:58:07 +01:00
btrfs-tools
btrfs-tools: add RECIPE_NO_UPDATE_REASON
2018-03-15 06:27:20 -07:00
build-compare
oe-core: take UPSTREAM_CHECK_COMMITS into use where possible
2017-11-30 10:49:22 +00:00
ccache
ccache: refresh patches
2018-03-07 06:34:51 -08:00
cdrtools
cdrtools-native: fix upstream version check
2017-12-02 11:25:33 +00:00
chrpath
chrpath: Alioth is dead, use DEBIAN_MIRROR
2018-07-19 10:53:52 +01:00
cmake
cmake: put cmake.m4 and toolchain file in PN
2018-10-10 13:26:25 +01:00
createrepo-c
rpm/dnf: fix Upstream-Status to reflect upstream submission status
2017-07-24 09:13:30 +01:00
cve-check-tool
cve-check-tool: correctly exported web proxies
2018-02-24 10:31:46 +00:00
desktop-file-utils
desktop-file-utils-native: update to 0.23
2016-07-20 10:28:46 +01:00
devel-config
Remove $COREBASE/LICENSE from LIC_FILES_CHKSUM
2016-10-28 16:15:18 +01:00
diffstat
diffstat: exclude aclocal
2017-08-09 09:24:15 +01:00
distcc
distcc-doc_3.2: improve reproducibility
2018-06-15 17:56:57 +01:00
dmidecode
dmidecode: update to 3.1
2017-06-28 15:52:18 +01:00
dnf
python: fix RDEPENDS on several recipes, due to non-existent packages
2018-01-20 22:31:56 +00:00
docbook-xml
docbook-xml: correct typo "do_configre"
2017-02-23 12:49:50 -08:00
dosfstools
meta: start to ignore the largefile distro feature
2017-03-08 11:52:56 +00:00
dpkg
dpkg: Backport riscv support
2018-03-20 09:59:32 +00:00
dwarfsrcfiles
package.bbclass: replace rpm/debugedit with dwarfsrcfiles
2018-01-02 17:24:36 +00:00
e2fsprogs
e2fsprogs: refresh patches
2018-03-11 06:27:00 -07:00
elfutils
elfutils: Clean up comments
2018-04-05 14:49:07 +01:00
expect
expect: upgrade 5.45.3 -> 5.45.4
2018-03-06 06:43:10 -08:00
fdisk
gptfdisk: update to 1.0.3
2017-08-13 09:27:38 +01:00
file
file: 5.31 -> 5.32
2017-11-21 13:06:12 +00:00
flex
flex: create separate package for libfl
2018-03-08 10:39:32 -08:00
gcc
gcc-7.3: Backport fixes for std::pair high memory usage
2018-08-01 23:00:28 +01:00
gdb
recipes: Disable lttng for riscv
2018-03-11 06:26:59 -07:00
git
git: CVE-2018-11235
2018-08-29 15:23:51 +01:00
glide
glide: Add 0.13.1 version
2018-02-06 11:06:28 +00:00
gnu-config
oe-core: take UPSTREAM_CHECK_COMMITS into use where possible
2017-11-30 10:49:22 +00:00
go
go: Update 1.10.2 -> 1.10.3
2018-07-19 10:53:52 +01:00
help2man
help2man-native: 1.47.4 -> 1.47.5
2018-02-06 11:06:28 +00:00
i2c-tools
i2c-tools: refresh patches
2018-03-11 06:27:00 -07:00
icecc-create-env
icecc-create-env: Add extra tools option
2018-04-13 16:58:07 +01:00
icecc-toolchain
nativesdk-icecc-toolchain: Fix LIC_FILES_CHKSUM md5
2018-02-24 10:31:46 +00:00
icon-naming-utils
icon-naming-utils: separate B and S
2015-01-16 23:08:27 +00:00
intltool
intltool: refresh patches
2018-03-09 09:17:03 -08:00
json-c
json-c: update to 0.13
2018-02-06 11:06:28 +00:00
libcomps
rpm/dnf: fix Upstream-Status to reflect upstream submission status
2017-07-24 09:13:30 +01:00
libdnf
libdnf: update to 0.11.1
2018-01-02 17:24:37 +00:00
librepo
librepo: disable building of tests and docs
2018-03-25 09:40:42 +01:00
libtool
libtool: remove /absolute/path/to/host references
2017-08-18 23:46:38 +01:00
llvm
llvm: Fix [compile-host-path] QA issue
2018-06-15 17:56:57 +01:00
m4
m4: refresh patches
2018-03-11 06:27:00 -07:00
make
make: add missing Signed-off-by
2018-01-30 12:53:16 +00:00
makedevs
makedevs: don't restrict device node paths to 40 characters
2016-09-16 15:24:02 +01:00
meson
meson: upgrade 0.44.0 -> 0.44.1
2018-03-04 11:35:41 +00:00
mklibs
mklibs-native: refresh patches
2018-03-11 06:27:01 -07:00
mmc
mmc-utils: Fix string overflow error
2018-03-31 09:48:42 +01:00
mtd
mtd-utils: Add mtd-utils-tests package
2018-06-15 17:56:57 +01:00
mtools
mtools: refresh patches
2018-03-07 06:34:51 -08:00
nasm
nasm: fix CVE-2018-8883 & CVE-2018-8882 & CVE-2018-10316
2018-08-29 15:23:51 +01:00
ninja
ninja: Upgrade from 1.7.2 to major release 1.8.2
2018-02-06 11:06:29 +00:00
opkg
opkg: upgrade to version 0.3.6
2018-03-04 11:35:40 +00:00
opkg-utils
meta: add missing Signed-off-by and Upstream-Status tags
2018-04-13 16:58:07 +01:00
orc
orc: upgrade to 0.4.28
2017-12-18 18:03:56 +00:00
ossp-uuid
ossp-uuid, libffi, libgcrypt: Pass --tag=CC option to libtool
2017-08-09 09:24:15 +01:00
packagegroups
packagegroup-core-device-devel: add binutils-symlinks
2016-06-16 11:11:40 +01:00
patch
patch: fix CVE-2018-6952
2018-08-29 15:23:51 +01:00
patchelf
patchelf: fix segfault for binaries linked by gold
2017-07-24 09:13:30 +01:00
pax-utils
pax-utils: update SRC_URI
2018-01-13 10:15:20 +00:00
perl
perl: CVE-2018-12015
2018-08-29 15:23:51 +01:00
pkgconf
pkgconf: revert changes to pkg-config-wrapper
2018-03-04 11:35:40 +00:00
pkgconfig
pkgconfig: allow kernel to be build with esdk
2017-07-21 22:51:37 +01:00
prelink
prelink_git.bb: Update recipe to newest commit
2017-12-18 18:03:57 +00:00
pseudo
pseudo: use latest SRCREV
2018-04-23 17:26:04 +01:00
python
python3: CVE-2018-1061
2018-10-18 11:08:53 +01:00
python-numpy
python-numpy: update to 1.14.2
2018-03-20 09:59:31 +00:00
qemu
qemu: CVE-2018-12617
2018-08-29 15:23:51 +01:00
quilt
quilt: don't patch in an old acinclude.m4, just excude aclocal
2017-12-10 22:45:19 +00:00
rpm
rpm: Avoid leaking temporary scriplet files
2018-07-19 10:53:52 +01:00
rsync
rsync: update to 3.1.3
2018-02-06 11:06:28 +00:00
ruby
ruby: refresh patches
2018-03-11 06:27:00 -07:00
run-postinsts
run-postinsts: Replace pi_dir variable test
2018-04-18 18:57:06 +01:00
squashfs-tools
squashfs-tools: patch for CVE-2015-4645(4646)
2018-09-27 12:17:45 +01:00
strace
strace: use strace.io as the tarball location
2018-03-04 11:35:41 +00:00
subversion
subversion: upgrade 1.9.6 -> 1.9.7
2018-01-18 12:50:36 +00:00
swig
swig: Remove superfluous python dependency
2018-08-29 15:23:51 +01:00
syslinux
syslinux: refresh patches
2018-03-09 09:17:03 -08:00
systemd-bootchart
systemd-bootchart: upgrade to v233; fix build with musl
2018-01-23 23:43:45 +00:00
tcf-agent
tcf-agent: refresh patches
2018-03-11 06:27:00 -07:00
tcltk
tcl: update to 8.6.8
2018-02-06 11:06:29 +00:00
unfs3
unfs3: Fix libtirpc usage for unfs3-native version
2018-03-15 06:27:18 -07:00
unifdef
unifdef: add UPSTREAM_CHECK_REGEX to filter out development snapshots
2017-02-23 12:49:51 -08:00
vala
vala: upgrade 0.38.6 -> 0.38.8
2018-03-04 11:35:41 +00:00
valgrind
valgrind: fix the shared object issue while prelink ptest
2018-04-13 16:58:07 +01:00
xmlto
xmlto: replace fedorahosted.org SRC_URI with pagure.io source
2017-04-05 23:22:12 +01:00
yasm
yasm: Set CCLD_FOR_BUILD to ensure BUILD_CC is used
2017-03-11 16:09:13 +00:00