mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-21 08:59:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9f2ecf7157ed7f56d9f1870a99e527f90e78b708
poky/meta/recipes-support
History
Yogita Urade 022d6ec767 curl: fix CVE-2025-0167 
When asked to use a `.netrc` file for credentials *and* to
follow HTTP redirects, curl could leak the password used
for the first host to the followed-to host under certain
circumstances.

This flaw only manifests itself if the netrc file has a
`default` entry that omits both login and password. A
rare circumstance.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-0167

Upstream patch:
0e120c5b92

(From OE-Core rev: 7c5aee3066e4c8056d994cd50b26c18a16316c96)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-14 08:37:40 -07:00
..
apr
apr: upgrade 1.7.2 -> 1.7.5
2024-09-07 05:38:17 -07:00
argp-standalone
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
aspell
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
atk
at-spi2-core: backport a patch to fix build with gcc-14 on host
2024-11-02 06:32:36 -07:00
attr
acl/attr: ptest fixes and improvements
2023-08-26 04:24:02 -10:00
bash-completion
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
bmap-tools
bmap-tools: update HOMEPAGE and SRC_URI
2024-11-02 06:32:36 -07:00
boost
boost: fix do_fetch error
2025-03-04 08:46:02 -08:00
ca-certificates
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
consolekit
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
curl
curl: fix CVE-2025-0167
2025-07-14 08:37:40 -07:00
db
db: remove obsolete support for renamed libtool
2021-12-12 18:10:22 +00:00
debianutils
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
diffoscope
diffoscope: fix CVE-2024-25711
2024-12-09 07:54:03 -08:00
dos2unix
meta: Add explict branch to git SRC_URIs
2021-10-30 18:56:47 +01:00
enchant
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
fribidi
fribidi: upgrade 1.0.12 -> 1.0.13
2023-07-01 08:37:24 -10:00
gdbm
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
gmp
gmp: add missing COPYINGv3
2022-04-14 09:47:00 +01:00
gnome-desktop-testing
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
gnupg
gnupg: ignore CVE-2022-3515
2024-12-09 07:54:03 -08:00
gnutls
libtasn1: upgrade 4.19.0 -> 4.20.0
2025-03-13 08:50:03 -07:00
gpgme
gpgme: upgrade 1.17.0 -> 1.17.1
2022-03-10 13:07:37 +00:00
icu
icu: fix CVE-2025-5222
2025-06-13 08:42:34 -07:00
iso-codes
iso-codes: upgrade 4.13.0 -> 4.15.0
2023-06-23 04:16:40 -10:00
itstool
itstool: add missing COPYING.GPL3
2022-04-14 09:47:00 +01:00
libassuan
libassuan: upgrade 2.5.5 -> 2.5.6
2023-08-02 04:47:13 -10:00
libatomic-ops
babeltrace/libatomic-ops: correct the SRC_URI
2025-06-20 08:06:30 -07:00
libbsd
libbsd: Add correct license for all packages
2023-05-10 04:19:57 -10:00
libcap
libcap: fix CVE-2025-1390
2025-02-28 06:51:35 -08:00
libcap-ng
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libcheck
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libcroco
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libdaemon
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libevdev
libevdev: upgrade 1.12.0 -> 1.12.1
2022-03-29 15:59:29 +01:00
libevent
libevent,btrfs-tools: fix Upstream-Status tag
2021-10-23 22:26:48 +01:00
libexif
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libffi
libffi: backport a fix to build libffi-native with gcc-14
2024-11-02 06:32:36 -07:00
libfm
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libgcrypt
meta/scripts: Automated conversion of OE renamed variables
2022-02-21 23:37:27 +00:00
libgit2
libgit2: Fix CVE-2024-24575 and CVE-2024-24577
2024-02-15 03:51:57 -10:00
libgpg-error
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libical
libical: upgrade 3.0.15 -> 3.0.16
2022-12-01 19:35:04 +00:00
libjitterentropy
libjitterentropy: upgrade 3.3.1 -> 3.4.0
2022-03-24 17:45:29 +00:00
libksba
libksba: upgrade 1.6.3 -> 1.6.4
2023-08-02 04:47:13 -10:00
libmd
libmd: upgrade 1.0.3 -> 1.0.4
2021-10-23 17:42:26 +01:00
libmicrohttpd
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
2023-03-20 17:20:44 +00:00
libmpc
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libnl
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libpcre
libpcre2: ignore CVE-2022-1586
2025-02-24 07:00:53 -08:00
libproxy
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libpsl
libpsl: Add config knobs for runtime/builtin conversion choices
2021-04-20 13:56:48 +01:00
libseccomp
libseccomp: fix for the ptest result format
2023-03-09 13:19:03 +00:00
libsoup
libsoup: fix CVE-2025-4945
2025-07-14 08:37:40 -07:00
libssh2
libssh2: fix CVE-2023-48795
2024-04-21 06:33:34 -07:00
libunistring
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libunwind
libunwind: update 1.6.0 -> 1.6.2
2021-12-08 20:22:11 +00:00
liburcu
liburcu: upgrade 0.13.1 -> 0.13.2
2022-09-12 08:41:47 +01:00
libusb
libusb1: Strip trailing whitespaces
2023-02-04 23:32:20 +00:00
libxslt
libxslt: Fix for CVE-2025-24855
2025-03-27 08:16:30 -07:00
libyaml
libyaml: Ignore CVE-2024-35325
2024-09-04 05:57:57 -07:00
lz4
lz4: upgrade 1.9.3 -> 1.9.4
2022-09-12 08:41:47 +01:00
lzo
lzo: Add further info to a patch and mark as Inactive-Upstream
2022-06-11 10:06:13 +01:00
lzop
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
mpfr
mpfr: upgrade 4.1.0 -> 4.1.1
2022-12-23 23:05:50 +00:00
nettle
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
nghttp2
nghttp2: Fix CVE-2024-28182
2024-04-21 06:33:34 -07:00
npth
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
nss-myhostname
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
numactl
numactl: skip test case when target platform doesn't have 2 CPU node
2023-02-04 23:32:20 +00:00
p11-kit
p11-kit: add native to BBCLASSEXTEND
2023-05-30 04:11:15 -10:00
pinentry
pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
2022-09-03 13:09:49 +01:00
popt
popt: fix override syntax in RDEPENDS
2022-06-22 23:46:29 +01:00
ptest-runner
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
re2c
re2c: upgrade 2.2 -> 3.0
2022-02-05 17:46:05 +00:00
rng-tools
rng-tools: enable macro JENT_CONF_ENABLE_INTERNAL_TIMER
2022-03-24 17:45:29 +00:00
serf
serf: upgrade 1.3.9 -> 1.3.10
2023-07-21 06:27:34 -10:00
shared-mime-info
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
sqlite
sqlite3: patch CVE-2025-29088
2025-05-02 08:12:41 -07:00
taglib
taglib: fix CVE-2023-47466
2025-06-13 08:42:35 -07:00
user-creation
Convert to new override syntax
2021-08-02 15:44:10 +01:00
vim
vim: Upgrade 9.1.1115 -> 9.1.1198
2025-04-01 09:02:41 -07:00
vte
vte: fix CVE-2024-37535
2025-01-24 07:49:28 -08:00
xxhash
xxhash: fix build with gcc 12
2022-06-22 23:46:29 +01:00