mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-24 18:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9f2ecf7157ed7f56d9f1870a99e527f90e78b708
poky/meta/recipes-extended
History
Divya Chellam 85c0d7d0aa libarchive: fix CVE-2025-5917 
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-
one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-
byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lea
ding to unpredictable program behavior, crashes, or in specific circumstances, could be lever
aged as a building block for more sophisticated exploitation.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5917

Upstream-patch:
7c02cde37a

(From OE-Core rev: 2b2a2fce345c9bfcad44cc8ef3419f43dd07b022)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-14 08:37:40 -07:00
..
acpica
acpica: fix CVE-2024-24856
2024-06-26 05:04:39 -07:00
asciidoc
meta: remove obsolete PIP_INSTALL_PACKAGE
2022-03-12 09:20:03 +00:00
at
at: Change when files are copied
2023-01-26 23:37:05 +00:00
bash
bash: changes to SIGINT handler while waiting for a child
2023-12-12 04:20:34 -10:00
bc
bc: extend to nativesdk
2022-12-23 23:05:50 +00:00
blktool
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
bzip2
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
cpio
cpio: ignore CVE-2023-7216
2024-12-09 07:54:03 -08:00
cracklib
cracklib: Modify patch to compile with GCC 14
2024-11-02 06:32:36 -07:00
cronie
cronie: upgrade 1.6.0 -> 1.6.1
2022-05-20 10:08:06 +01:00
cups
cups: Backport fix for CVE-2024-47175
2024-10-12 05:17:57 -07:00
cwautomacros
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
diffutils
diffutils: update 3.9 -> 3.10
2023-08-02 04:47:13 -10:00
ed
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
ethtool
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
findutils
meta, meta-selftest: Replace more non-SPDX license identifiers
2022-03-01 23:44:59 +00:00
gawk
gawk: backport Debian patch to fix CVE-2023-4156
2023-10-25 04:45:50 -10:00
ghostscript
ghostscript: fix CVE-2025-48708
2025-06-13 08:42:34 -07:00
go-examples
go-helloworld: remove unused GO_WORKDIR
2022-05-12 16:44:05 +01:00
gperf
gperf: Switch to upstream patch
2022-07-25 15:11:46 +01:00
grep
grep: Fix build on ppc/musl
2022-03-29 15:59:28 +01:00
groff
groff: submit patches upstream
2022-11-24 15:30:01 +00:00
gzip
gzip: upgrade 1.11 -> 1.12
2022-04-10 08:31:17 +01:00
hdparm
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
images
core-image-testmaster: Rename to core-image-testcontroller
2022-02-20 16:45:25 +00:00
iptables
iptables: use nft backend with libnftnl PACKAGECONFIG
2022-03-18 23:32:46 +00:00
iputils
iputils: Security fix for CVE-2025-47268
2025-05-28 08:46:32 -07:00
less
less: backport Debian patch for CVE-2024-32487
2024-05-15 09:44:14 -07:00
libaio
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libarchive
libarchive: fix CVE-2025-5917
2025-07-14 08:37:40 -07:00
libidn
libidn2: add Unicode-DFS-2016 license
2022-04-14 09:47:00 +01:00
libmnl
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libnsl
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libnss-nis
libnss-nis: upgrade 3.1 -> 3.2
2023-08-26 04:24:02 -10:00
libpipeline
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libsolv
libsolv: upgrade 0.7.21 -> 0.7.22
2022-03-23 12:13:50 +00:00
libtirpc
libtirpc: Check if file exists before operating on it
2023-02-04 23:32:20 +00:00
lighttpd
lighttpd: upgrade 1.4.66 -> 1.4.67
2022-11-10 14:39:24 +00:00
logrotate
logrotate: Do not create logrotate.status file
2023-07-21 06:27:34 -10:00
lsb
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
lsof
lsof: fix old override syntax
2023-02-15 21:46:56 +00:00
ltp
ltp: backport clock_gettime04 fix from upstream
2022-11-09 17:42:08 +00:00
lzip
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
man-db
man-db: upgrade 2.10.1 -> 2.10.2
2022-03-23 12:13:50 +00:00
man-pages
man-pages: remove conflict pages
2024-06-26 05:04:39 -07:00
mc
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
mdadm
mdadm: add util-linux-blockdev ptest dependency
2023-08-26 04:24:02 -10:00
mingetty
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
minicom
minicom: remove unused patch files
2023-07-01 08:37:24 -10:00
msmtp
msmtp: upgrade 1.8.19 -> 1.8.20
2022-03-29 15:59:29 +01:00
net-tools
net-tools: patch CVE-2025-46836
2025-06-20 08:06:29 -07:00
newt
libnewt: update 0.52.21 -> 0.52.23
2023-01-06 17:33:23 +00:00
packagegroups
packagegroup-core-full-cmdline: Drop compatibility mappings
2021-11-13 16:11:27 +00:00
pam
libpam: Update fix for CVE-2024-10041
2025-05-02 08:12:41 -07:00
parted
udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist
2022-07-25 15:11:46 +01:00
pbzip2
Convert to new override syntax
2021-08-02 15:44:10 +01:00
perl
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
pigz
pigz: upgrade 2.6 -> 2.7
2022-01-20 11:57:29 +00:00
procps
procps: replaced one use of fputs(3) with a write(2) call
2025-02-24 07:00:54 -08:00
psmisc
psmisc: Set ALTERNATIVE for pstree to resolve conflict with busybox
2023-07-01 08:37:24 -10:00
quota
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
rpcbind
rpcbind: install rpcbind.conf
2021-11-13 16:11:28 +00:00
rpcsvc-proto
rpcsvc-proto: upgrade 1.4.2 -> 1.4.3
2022-01-20 11:57:29 +00:00
screen
screen: fix CVE-2025-46804
2025-06-13 08:42:35 -07:00
sed
sed: Specify shell for "nobody" user in run-ptest
2022-05-20 10:08:06 +01:00
shadow
shadow: Fix CVE-2023-4641
2023-09-30 09:43:59 -10:00
slang
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
stress-ng
stress-ng: avoid calling sync during do_compile
2024-03-25 04:11:26 -10:00
sudo
sudo: upgrade 1.9.13p3 -> 1.9.15p2
2023-11-28 05:00:32 -10:00
sysklogd
sysklogd: fix integration with systemd-journald
2023-09-08 16:09:42 -10:00
sysstat
sysstat: correct the SRC_URI
2025-06-04 09:06:31 -07:00
tar
tar: upgrade 1.34 -> 1.35
2023-09-23 05:26:15 -10:00
tcp-wrappers
tcp-wrappers: Fix implicit-function-declaration warnings
2022-08-28 07:51:30 +01:00
texinfo
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
texinfo-dummy-native
meta/recipes-extended: Add HOMEPAGE / DESCRIPTION
2021-03-06 22:39:04 +00:00
time
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
timezone
tzdata/tzcode-native: upgrade 2025a -> 2025b
2025-05-02 08:12:41 -07:00
unzip
unzip: Fix configure tests to use modern C
2024-12-16 05:58:03 -08:00
watchdog
watchdog: Include needed system header for function decls
2022-09-03 13:09:49 +01:00
wget
wget: fix CVE-2024-10524
2025-01-24 07:49:28 -08:00
which
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
xdg-utils
xdg-utils: Fix CVE-2022-4055
2023-10-18 05:13:24 -10:00
xinetd
xinetd: Pass missing -D_GNU_SOURCE
2022-09-03 13:09:49 +01:00
xz
xz: Update LICENSE variable for xz packages
2025-06-20 08:06:30 -07:00
zip
zip: Fix build with gcc-14
2024-11-02 06:32:36 -07:00
zstd
zstd: patch CVE-2022-4899
2024-11-11 06:19:18 -08:00