poky/recipes-devtools at b2ffc21086fca69eef8e062cc0c03656d04b751a - poky

mirror of https://git.yoctoproject.org/poky synced 2026-02-11 03:03:02 +01:00

Files

Jiaying Song 6653eb6e90 python3-zipp: fix CVE-2024-5569

A Denial of Service (DoS) vulnerability exists in the jaraco/zipp
library, affecting all versions prior to 3.19.1. The vulnerability is
triggered when processing a specially crafted zip file that leads to an
infinite loop. This issue also impacts the zipfile module of CPython, as
features from the third-party zipp library are later merged into
CPython, and the affected code is identical in both projects. The
infinite loop can be initiated through the use of functions affecting
the `Path` module in both zipp and zipfile, such as `joinpath`, the
overloaded division operator, and `iterdir`. Although the infinite loop
is not resource exhaustive, it prevents the application from responding.
The vulnerability was addressed in version 3.19.1 of jaraco/zipp.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-5569

Upstream patches:
79a309fe54
564fcc10cd
58115d2be9
c18417ed29

(From OE-Core rev: ec77cfe12f0790c7e3cf2d9bf00e47b4c653997c)

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-12-06 05:50:24 -08:00

apt

Revert "apt: runtime error: filename too long (tmpdir length)"

2024-07-23 06:05:47 -07:00

autoconf

autoconf: 2.72d -> 2.72e

2024-01-21 12:27:12 +00:00

autoconf-archive

autoconf-archive: upgrade 2022.09.03 -> 2023.02.20

2023-03-06 09:52:16 +00:00

automake

automake: mark new_rt_path_for_test-driver.patch as Inappropriate

2024-08-01 06:08:09 -07:00

binutils

binutils: stable 2.42 branch update

2024-11-26 06:11:30 -08:00

bison

autoconf: Upgrade to 2.72c

2023-07-30 07:54:44 +01:00

bootchart2

recipes: Drop remaining PR values from recipes

2023-09-22 07:45:17 +01:00

btrfs-tools

btrfs-tools: upgrade 6.5.3 -> 6.7.1

2024-03-07 17:25:02 +00:00

ccache

ccache: upgrade 4.9 -> 4.9.1

2024-03-01 09:28:51 +00:00

cdrtools

cdrtools-native: fix build with gcc-14

2024-06-20 06:29:44 -07:00

chrpath

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

cmake

cmake: Fix sporadic issues when determining compiler internals

2024-11-18 06:59:35 -08:00

createrepo-c

createrepo-c: upgrade 1.0.3 -> 1.0.4

2024-03-01 09:28:51 +00:00

debugedit

debugedit: Use musl-legacy-error

2023-09-26 10:35:28 +01:00

dejagnu

dejagnu: Fix LICENSE

2024-09-19 05:11:35 -07:00

desktop-file-utils

pulseaudio, desktop-file-utils: correct freedesktop.org -> www.freedesktop.org SRC_URI

2024-10-02 06:15:15 -07:00

devel-config

recipes: Drop remaining PR values from recipes

2023-09-22 07:45:17 +01:00

diffstat

diffstat: upgrade 1.65 -> 1.66

2024-02-03 22:08:26 +00:00

distcc

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

dmidecode

dmidecode: upgrade to 3.5

2023-05-05 11:07:25 +01:00

dnf

dnf/mesa: Fix missing leading whitespace with ':append'

2024-07-17 05:36:14 -07:00

docbook-xml

docbook-xml: Switch from debian packages to upstream docbook sources

2023-02-26 11:49:00 +00:00

dosfstools

meta: fix version checks in all github recipes using the github-releases class

2022-09-28 08:01:10 +01:00

dpkg

dpkg: mark patches adding custom non-debian architectures as inappropriate for upstream

2024-08-01 06:08:09 -07:00

dwarfsrcfiles

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

e2fsprogs

e2fsprogs: removed 'sed -u' option

2024-11-09 05:53:57 -08:00

elfutils

elfutils: fix unused variable BUFFER_SIZE

2024-03-20 18:20:38 +00:00

erofs-utils

erofs-utils: upgrade 1.6 -> 1.7.1

2023-11-30 08:43:04 +00:00

expect

expect-native: fix do_compile failure with gcc-14

2024-09-03 05:39:12 -07:00

fdisk

gptfdisk: Make the version consistent

2024-01-10 17:01:28 +00:00

file

file: enable additional internal compressor support

2024-02-08 10:59:06 +00:00

flex

bash/flex: Ensure BUILD_FLAGS doesn't leak onto target

2024-03-19 15:25:12 +00:00

gcc

gcc: Fix spurious '/' in GLIBC_DYNAMIC_LINKER on microblaze

2024-09-25 05:07:47 -07:00

gdb

gdb: Upgrade 14.1 -> 14.2

2024-03-05 12:24:49 +00:00

git

git: upgrade 2.44.0 -> 2.44.1

2024-06-14 05:19:22 -07:00

gnu-config

gnu-config: Update to latest version

2024-02-06 10:32:19 +00:00

go: upgrade 1.22.7 -> 1.22.8

2024-11-09 05:53:57 -08:00

help2man

help2man: upgrade 1.49.2 -> 1.49.3

2022-12-22 23:05:50 +00:00

i2c-tools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

icecc-create-env

recipes: Drop remaining PR values from recipes

2023-09-22 07:45:17 +01:00

icecc-toolchain

Convert to new override syntax

2021-08-02 15:44:10 +01:00

intltool

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

jquery

jquery: upgrade 3.7.0 -> 3.7.1

2023-09-26 10:35:27 +01:00

json-c

json-c: fix icecc compilation

2023-12-02 17:18:57 +00:00

libcomps

libcomps: upgrade 0.1.19 -> 0.1.20

2023-10-19 13:38:57 +01:00

libdnf

libdnf: upgrade 0.73.1 -> 0.73.2

2024-09-09 06:08:10 -07:00

libedit

libedit: Make docs generation deterministic

2024-09-19 05:11:35 -07:00

libmodulemd

libmodulemd: upgrade 2.14.0 -> 2.15.0

2023-06-16 15:40:10 +01:00

librepo

librepo: update 1.16.0 -> 1.17.0

2024-03-07 17:25:02 +00:00

libtool

libtool: Update further patch status to backport

2024-01-19 00:16:41 +00:00

llvm

llvm: reduce size of -dbg package

2024-11-26 06:11:30 -08:00

log4cplus

log4cplus: upgrade 2.1.0 -> 2.1.1

2023-11-30 08:43:03 +00:00

lua

lua: update 5.4.4 -> 5.4.6

2023-06-27 16:23:40 +01:00

m4: Do not munge locale in ptests for musl

2023-04-27 14:41:31 +01:00

make

make: upgrade 4.4 -> 4.4.1

2023-03-11 00:08:41 +00:00

makedevs

makedevs: Fix matching uid/gid

2024-10-18 06:04:41 -07:00

meson

meson: don't use deprecated pkgconfig variable

2024-07-17 05:36:14 -07:00

mmc

mmc-utils: fix URL

2024-07-26 07:43:46 -07:00

mtd

mtd-utils: upgrade 2.1.5 -> 2.1.6

2023-09-26 10:35:27 +01:00

mtools

mtools: upgrade 4.0.42 -> 4.0.43

2023-04-13 11:56:07 +01:00

nasm

nasm: Upgrade 2.16.01 -> 2.16.03

2024-08-10 06:34:25 -07:00

ninja

cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS

2023-07-21 11:52:26 +01:00

opkg

opkg-arch-config: update recipe HOMEPAGE

2024-02-09 13:55:06 +00:00

opkg-utils

opkg-utils: Backport fix to drop --numeric-owner parameter

2024-01-12 11:54:05 +00:00

orc

orc: upgrade 0.4.39 -> 0.4.40

2024-11-09 05:53:57 -08:00

patch

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

patchelf

patchelf: add 3 fixes to optimize and fix uninative

2023-08-01 09:51:20 +01:00

perl

libxml-parser-perl: fix do_fetch error

2024-11-18 06:59:35 -08:00

perl-cross

perlcross: update to 1.5.2

2023-12-21 10:38:29 +00:00

pkgconf

pkgconf: upgrade 2.1.0 -> 2.1.1

2024-03-01 09:28:51 +00:00

pkgconfig

recipes/classes/scripts: Drop SRCPV usage in OE-Core

2023-08-24 16:50:24 +01:00

pseudo

pseudo: Fix envp bug and add posix_spawn wrapper

2024-11-18 06:59:35 -08:00

python

python3-zipp: fix CVE-2024-5569

2024-12-06 05:50:24 -08:00

qemu

qemu: back port patches to fix riscv64 build failure

2024-09-25 05:07:47 -07:00

quilt

quilt: Fix merge.test race condition

2023-05-05 11:07:25 +01:00

repo

repo: upgrade 2.41 -> 2.42

2024-03-07 17:25:03 +00:00

rpm

rpm: fix expansion of %_libdir in macros

2024-10-02 06:15:15 -07:00

rsync

cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS

2023-07-21 11:52:26 +01:00

ruby

ruby: upgrade 3.2.2 -> 3.3.5

2024-10-18 06:04:40 -07:00

run-postinsts

run-postinsts.service: Removed --no-reload to fix reload warning when users execute systemctl in the first boot.

2024-06-14 05:19:22 -07:00

rust

rust-llvm: Fix CVE-2024-0151

2024-11-09 05:53:57 -08:00

squashfs-tools

squashfs-tools: upgrade 4.5.1 -> 4.6.1

2023-06-16 15:40:11 +01:00

strace

strace: download release tarballs from GitHub

2024-11-26 06:11:30 -08:00

subversion

subversion: upgrade 1.14.2 -> 1.14.3

2024-01-07 12:24:57 +00:00

swig

swig: upgrade 4.2.0 -> 4.2.1

2024-03-01 09:28:52 +00:00

syslinux

syslinux: Disable error on implicit-function-declaration

2024-02-05 14:06:10 +00:00

systemd-bootchart

systemd-bootchart: upgrade from 234 to 235

2024-01-07 12:24:57 +00:00

tcf-agent

tcf-agent: Disable non-building features on loongarch64

2023-09-07 07:53:51 +01:00

tcltk

tcl: skip io-13.6 test case

2024-11-26 06:11:30 -08:00

unfs3

unfs3: fix symlink time setting issue

2023-05-05 11:07:25 +01:00

unifdef

recipes: Enable nativesdk for gperf, unifdef, gi-docgen and its dependencies

2022-12-21 10:16:31 +00:00

vala

vala: fix for gtk4 prior to 4.14

2024-03-18 12:21:45 +00:00

valgrind

valgrind: Backport fixes from 3.22 branch

2024-03-30 22:22:19 +00:00

xmlto

recipes/classes/scripts: Drop SRCPV usage in OE-Core

2023-08-24 16:50:24 +01:00