poky/recipes-devtools at ba648f3b0bb5b2f8fa03a0a1a995aae7fff2f2c1 - poky

mirror of https://git.yoctoproject.org/poky synced 2026-03-10 01:09:40 +01:00

Files

Narpat Mali 7b65658ede python3-pygments: fix for CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.

The CVE issue is fixed by these 3 different commits in different version:
1. Improve the Smithy metadata matcher (These changes are already available as part
   of current python3-pygments_2.14.0 version):
dd52102c38 (2.14.0)
2. SQL+Jinja: use a simpler regex in analyse_text:
97eb3d5ec7 (2.15.0)
3. Improve Java properties lexer (#2404):
fdf182a7af (2.15.1)

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-40896
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/

(From OE-Core rev: 5a02307af5e593be864423a9f3ab309703d61dbf)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-09-04 04:13:24 -10:00

apt

apt: re-enable version check

2023-03-11 00:08:41 +00:00

autoconf

autoconf: Update K & R stype functions

2022-09-05 08:53:22 +01:00

autoconf-archive

autoconf-archive: upgrade 2022.09.03 -> 2023.02.20

2023-03-06 09:52:16 +00:00

automake

automake: fix buildtest patch

2023-08-15 06:18:49 -10:00

binutils

binutils: stable 2.40 branch updates

2023-08-18 03:57:05 -10:00

bison

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

bootchart2

abi_version/sstate: Handle pkgconfig output changes and bump output versions

2023-03-26 18:50:17 +01:00

btrfs-tools

recipes: Default to https git protocol where possible

2023-05-18 04:29:33 -10:00

ccache

ccache: upgrade 4.7.2 -> 4.7.4

2022-12-06 15:23:18 +00:00

cdrtools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

chrpath

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

cmake

cmake: upgrade 3.25.1 -> 3.25.2

2023-02-09 09:57:24 +00:00

createrepo-c

createrepo-c: Include missing rpm/rpmstring.h

2023-01-15 08:49:08 +00:00

debugedit

debugedit: add recipe

2023-03-27 15:44:02 +01:00

dejagnu

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

desktop-file-utils

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

devel-config

Convert to new override syntax

2021-08-02 15:44:10 +01:00

diffstat

diffstat: upgrade 1.64 -> 1.65

2022-11-07 14:32:42 +00:00

distcc

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

dmidecode

dmidecode: fix CVE-2023-30630

2023-07-20 12:10:40 -10:00

dnf

dnf: only write the log lock to root for native dnf

2023-07-07 04:30:26 -10:00

docbook-xml

docbook-xml: Switch from debian packages to upstream docbook sources

2023-02-26 11:49:00 +00:00

dosfstools

meta: fix version checks in all github recipes using the github-releases class

2022-09-28 08:01:10 +01:00

dpkg

dpkg: upgrade to v1.21.22

2023-06-30 04:07:59 -10:00

dwarfsrcfiles

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

e2fsprogs

meta: depend on autoconf-archive-native, not autoconf-archive

2023-06-14 04:14:25 -10:00

elfutils

elfutils: Backport fix for DW_TAG_unspecified_type handling

2023-02-17 18:01:01 +00:00

erofs-utils

erofs-utils: fix CVE-2023-33551/CVE-2023-33552

2023-07-20 12:10:40 -10:00

expect

expect: Add ptest support

2023-05-31 04:08:11 -10:00

fdisk

gptfdisk: add follow-up patch to fix with current popt

2023-01-24 22:06:51 +00:00

file

file: upgrade 5.44 -> 5.45

2023-08-30 04:52:35 -10:00

flex

meta: fix version checks in all github recipes using the github-releases class

2022-09-28 08:01:10 +01:00

gcc

gcc-testsuite: Fix ppc cpu specification

2023-07-26 05:12:21 -10:00

gdb

gdb: upgrade 13.1 -> 13.2

2023-07-07 04:30:25 -10:00

git

git: upgrade to 2.39.3

2023-06-30 04:07:59 -10:00

glide

go-helloworld/glide: Fix urls

2021-11-03 10:12:42 +00:00

gnu-config

gnu-config: update to latest revision

2023-02-20 15:18:30 +00:00

go: update 1.20.5 -> 1.20.6

2023-08-15 06:18:48 -10:00

help2man

help2man: upgrade 1.49.2 -> 1.49.3

2022-12-22 23:05:50 +00:00

i2c-tools

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

icecc-create-env

meta, meta-selftest: Replace more non-SPDX license identifiers

2022-03-01 23:44:59 +00:00

icecc-toolchain

Convert to new override syntax

2021-08-02 15:44:10 +01:00

intltool

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

jquery

jquery: upgrade 3.6.2 -> 3.6.3

2023-01-06 12:03:47 +00:00

json-c

json-c: Fix function prototypes

2022-08-16 14:57:58 +01:00

libcomps

libcomps: Fix callback function prototype for PyCOMPS_hash

2023-03-06 09:52:16 +00:00

libdnf

libdnf: upgrade 0.70.0 -> 0.70.1

2023-06-24 09:13:07 -10:00

libedit

libedit: upgrade 20210910-3.1 -> 20221030-3.1

2022-11-07 14:32:42 +00:00

libmodulemd

libmodulemd: upgrade 2.13.0 -> 2.14.0

2022-02-10 10:32:08 +00:00

librepo

librepo: upgrade 1.14.5 -> 1.15.1

2023-01-06 12:03:47 +00:00

libtool

libtool: Upgrade 2.4.6 -> 2.4.7

2022-03-23 12:13:49 +00:00

llvm

llvm: remove redundant CMake variables

2023-03-31 23:30:36 +01:00

log4cplus

log4cplus: upgrade 2.0.8 -> 2.1.0

2023-02-20 15:18:30 +00:00

lua

lua: Fix install conflict when enable multilib.

2023-03-08 16:41:55 +00:00

m4: Add missing ptest dependency

2023-03-12 23:39:13 +00:00

make

make: upgrade 4.4 -> 4.4.1

2023-03-11 00:08:41 +00:00

makedevs

makedevs: Don't use COPYING.patch just to add license file into ${S}

2022-05-27 23:50:48 +01:00

meson

meson: remove obsolete RPATH stripping patch

2023-03-11 00:08:40 +00:00

mmc

recipes: Default to https git protocol where possible

2023-05-18 04:29:33 -10:00

mtd

mtd-utils: upgrade 2.1.4 -> 2.1.5

2022-11-08 22:47:16 +00:00

mtools

mtools: upgrade 4.0.42 -> 4.0.43

2023-05-10 04:16:50 -10:00

nasm

nasm: update 2.15.05 -> 2.16.01

2023-01-06 12:03:47 +00:00

ninja

ninja: ignore CVE-2021-4336, wrong ninja

2023-06-24 09:13:07 -10:00

opkg

opkg: upgrade 0.6.1 -> 0.6.2

2023-08-15 06:18:49 -10:00

opkg-utils

opkg-utils: upgrade 0.5.0 -> 0.6.2

2023-08-15 06:18:49 -10:00

orc

orc: upgrade 0.4.32 -> 0.4.33

2022-11-07 14:32:42 +00:00

patch

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

patchelf

patchelf: upgrade 0.17.0 -> 0.17.2

2023-01-16 10:42:07 +00:00

perl

perl: Fix CVE-2023-31484 & CVE-2023-31486

2023-07-07 04:30:25 -10:00

perl-cross

meta: fix version checks in all github recipes using the github-releases class

2022-09-28 08:01:10 +01:00

pkgconf

pkgconf: update SRC_URI

2023-08-01 06:17:28 -10:00

pkgconfig

pkgconfig: use system glib for nativesdk builds

2023-02-19 07:47:53 +00:00

pseudo

pseudo: Fix to work with glibc 2.38

2023-08-30 04:52:35 -10:00

python

python3-pygments: fix for CVE-2022-40896

2023-09-04 04:13:24 -10:00

qemu

qemu: fix CVE-2023-2861

2023-08-18 03:57:05 -10:00

quilt

quilt: Fix merge.test race condition

2023-05-18 04:29:33 -10:00

repo

repo: upgrade 2.31 -> 2.32

2023-03-06 09:52:16 +00:00

rpm

rpm: write macros under libdir

2023-07-07 04:30:26 -10:00

rsync

rsync: Delete pedantic errors re-ordering patch

2022-11-27 23:54:50 +00:00

ruby

ruby: Fix CVE-2023-36617

2023-08-01 06:17:27 -10:00

run-postinsts

run-postinsts: Set dependency for ldconfig to avoid boot issues

2023-03-30 10:49:01 +01:00

rust

rust-common.bbclass: move musl-specific linking fix from rust-source.inc

2023-07-20 12:10:40 -10:00

squashfs-tools

squashfs-tools: build with lzo support

2022-09-05 16:49:01 +01:00

strace

strace: Update patches/tests with upstream fixes

2023-07-07 04:30:25 -10:00

subversion

subversion: upgrade to 1.14.2

2022-04-26 18:25:08 +01:00

swig

swig: upgrade 4.1.0 -> 4.1.1

2022-12-06 15:23:18 +00:00

syslinux

syslinux: mark all pending patches as Inactive-Upstream

2022-09-02 15:58:25 +01:00

systemd-bootchart

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

tcf-agent

tcf-agent: Update to 1.8.0 release

2023-08-18 03:57:05 -10:00

tcltk

tcl: update 8.6.12 -> 8.6.13

2022-12-18 19:48:00 +00:00

unfs3

unfs3: fix symlink time setting issue

2023-05-18 04:29:33 -10:00

unifdef

recipes: Enable nativesdk for gperf, unifdef, gi-docgen and its dependencies

2022-12-21 10:16:31 +00:00

vala

vala: upgrade 0.56.4 -> 0.56.6

2023-05-10 04:16:51 -10:00

valgrind

valgrind: Add missing utf-32 gconv dependency for ptests

2023-03-12 23:39:13 +00:00

xmlto

xmlto: remove redundant patches

2022-09-08 14:59:39 +01:00