mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-11 03:03:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fdcaaeebb61ae061cd7b705f556564c2a376db41
poky/meta/recipes-devtools
History
Narpat Mali 07213601fd python3-git: fix for CVE-2022-24439 
All versions of package gitpython are vulnerable to Remote Code Execution
(RCE) due to improper user input validation, which makes it possible to
inject a maliciously crafted remote URL into the clone command. Exploiting
this vulnerability is possible because the library makes external calls to
git without sufficient sanitization of input arguments.

CVE: CVE-2022-24439

Upstream-Status: Backport

Reference:
https://github.com/gitpython-developers/GitPython/discussions/1529
https://github.com/gitpython-developers/GitPython/pull/1518
https://github.com/gitpython-developers/GitPython/pull/1521

(From OE-Core rev: 55f93e3786290dfa5ac72b5969bb2793f6a98bde)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-26 23:37:05 +00:00
..
apt
apt: fix nativesdk-apt build failure during the second time build
2022-08-28 07:51:30 +01:00
autoconf
autoconf: Update K & R stype functions
2022-09-16 17:53:22 +01:00
autoconf-archive
autoconf-archive: upgrade 2021.02.19 -> 2022.02.11
2022-02-16 09:46:29 +00:00
automake
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
binutils
binutils : Fix CVE-2022-4285
2023-01-06 17:33:23 +00:00
bison
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
bootchart2
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
btrfs-tools
btrfs-tools: upgrade 5.16 -> 5.16.2
2022-03-04 17:14:15 +00:00
cargo
rust-common: Drop LLVM_TARGET and simplify
2022-06-07 11:53:26 +01:00
ccache
ccache: upgrade 4.5.1 -> 4.6
2022-03-02 18:43:24 +00:00
cdrtools
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
chrpath
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
cmake
cmake-native: Fix host tool contamination (Bug: 14951)
2022-11-09 17:42:08 +00:00
createrepo-c
createrepo-c: upgrade 0.18.0 -> 0.19.0
2022-03-16 10:31:40 +00:00
dejagnu
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
desktop-file-utils
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
devel-config
Convert to new override syntax
2021-08-02 15:44:10 +01:00
diffstat
diffstat: remove unneeded patch
2021-11-25 21:55:10 +00:00
distcc
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
dmidecode
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
dnf
dnf: upgrade 4.10.0 -> 4.11.1
2022-03-16 10:31:40 +00:00
docbook-xml
docbook-xml: patch is not upstreamable
2021-11-03 11:12:26 +00:00
dosfstools
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
dpkg
dpkg: fix CVE-2022-1664
2022-08-01 16:27:29 +01:00
dwarfsrcfiles
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
e2fsprogs
e2fsprogs: add alternatives handling of lsattr as well
2022-06-22 23:46:29 +01:00
elfutils
meta, meta-selftest: Replace more non-SPDX license identifiers
2022-03-01 23:44:59 +00:00
erofs-utils
erofs-utils: Use __SANE_USERSPACE_TYPES__ on ppc64
2022-03-15 08:40:09 +00:00
expect
expect: modify fixline1 script
2022-03-16 13:39:12 +00:00
fdisk
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
file
recipes: Update github.com urls to use https
2021-11-03 10:12:42 +00:00
flex
meta/scripts: Automated conversion of OE renamed variables
2022-02-21 23:37:27 +00:00
gcc
gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
2022-11-24 15:30:01 +00:00
gdb
meta/scripts: Automated conversion of OE renamed variables
2022-02-21 23:37:27 +00:00
git
git: upgrade 2.35.4 -> 2.35.5
2022-10-29 16:32:24 +01:00
glide
go-helloworld/glide: Fix urls
2021-11-03 10:12:42 +00:00
gnu-config
gnu-config: update SRC_URI
2022-03-24 17:45:29 +00:00
go
go-crosssdk: avoid host contamination by GOCACHE
2023-01-06 17:33:23 +00:00
help2man
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
i2c-tools
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
icecc-create-env
meta, meta-selftest: Replace more non-SPDX license identifiers
2022-03-01 23:44:59 +00:00
icecc-toolchain
Convert to new override syntax
2021-08-02 15:44:10 +01:00
intltool
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
jquery
meta/scripts: Automated conversion of OE renamed variables
2022-02-21 23:37:27 +00:00
json-c
json-c: correct upstream version check
2021-10-28 14:16:31 +01:00
libcomps
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libdnf
libdnf: Add a dependency on util-linux
2022-03-29 15:59:28 +01:00
libedit
libedit: upgrade 20210714-3.1 -> 20210910-3.1
2021-10-23 17:42:25 +01:00
libmodulemd
libmodulemd: upgrade 2.13.0 -> 2.14.0
2022-02-10 10:32:08 +00:00
librepo
librepo: upgrade 1.14.2 -> 1.14.3
2022-05-25 22:45:50 +01:00
libtool
libtool: Upgrade 2.4.6 -> 2.4.7
2022-03-23 12:13:49 +00:00
llvm
llvm: update 12.0.1 -> 13.0.1
2022-02-08 14:20:18 +00:00
log4cplus
log4cplus: upgrade 2.0.7 -> 2.0.8
2022-08-04 16:29:15 +01:00
lua
lua: Backport fix for CVE-2022-33099
2022-08-01 16:27:29 +01:00
m4
m4: Fix build on musl/ppc
2022-03-11 06:56:01 +00:00
make
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
makedevs
makedevs: Don't use COPYING.patch just to add license file into ${S}
2022-06-11 10:06:13 +01:00
meson
meson: make wrapper options sub-command specific
2022-11-09 17:42:08 +00:00
mmc
mmc-utils: upgrade to latest revision
2022-05-25 22:45:50 +01:00
mtd
mtd-utils: upgrade 2.1.4 -> 2.1.5
2022-12-01 19:35:05 +00:00
mtools
mtools: upgrade 4.0.37 -> 4.0.38
2022-03-20 00:02:22 +00:00
nasm
Convert to new override syntax
2021-08-02 15:44:10 +01:00
ninja
recipes: Update github.com urls to use https
2021-11-03 10:12:42 +00:00
opkg
opkg: Set correct info_dir and status_file in opkg.conf
2022-12-13 15:23:34 +00:00
opkg-utils
opkg-utils: use a git clone, not a dynamic snapshot
2022-11-09 17:42:08 +00:00
orc
Convert to new override syntax
2021-08-02 15:44:10 +01:00
patch
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
patchelf
patchelf: upgrade 0.14.3 -> 0.14.5
2022-02-25 12:41:23 +00:00
perl
perl: don't install Makefile.old into perl-ptest
2022-07-25 15:11:46 +01:00
perl-cross
perl-cross: update 1.3.6 -> 1.3.7
2022-03-20 00:02:22 +00:00
pkgconf
meta: use ln -rs instead of lnr
2021-11-10 19:27:29 +00:00
pkgconfig
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
pseudo
pseudo: Update to include recent upstream minor fixes
2022-09-12 08:41:48 +01:00
python
python3-git: fix for CVE-2022-24439
2023-01-26 23:37:05 +00:00
qemu
qemu: Fix CVE-2022-4144
2023-01-26 23:37:05 +00:00
quilt
quilt: backport a patch to address grep 3.8 failures
2022-11-20 08:19:17 +00:00
repo
repo: upgrade 2.21 -> 2.22
2022-03-02 18:43:24 +00:00
rpm
rpm: Remove -Wimplicit-function-declaration warnings
2022-10-11 21:56:13 +01:00
rsync
rsync: update 3.2.4 -> 3.2.5
2022-10-11 21:56:13 +01:00
ruby
ruby: update 3.1.2 -> 3.1.3
2023-01-06 17:33:23 +00:00
run-postinsts
systemd: '${systemd_unitdir}/system' => '${systemd_system_unitdir}'
2021-09-07 21:54:11 +01:00
rust
rust: fix issue building cross-canadian tools for aarch64 on x86_64
2022-07-08 08:27:16 +01:00
squashfs-tools
squashfs-tools: correct upstream version check
2022-03-20 00:02:22 +00:00
strace
strace: set COMPATIBLE_HOST for riscv32
2022-08-08 16:23:37 +01:00
subversion
subversion: upgrade to 1.14.2
2022-05-04 13:07:33 +01:00
swig
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
syslinux
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
systemd-bootchart
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
tcf-agent
tcf-agent: cleanup patches
2021-12-08 20:22:10 +00:00
tcltk
tcl: correct patch status
2022-11-24 15:30:01 +00:00
unfs3
unfs3: add missing Upstream-Status tag
2021-11-21 11:05:02 +00:00
unifdef
meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION
2021-02-26 15:21:21 +00:00
vala
vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
2022-12-01 19:35:05 +00:00
valgrind
valgrind: skip the boost_thread test on arm
2023-01-06 17:33:23 +00:00
xmlto
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00