mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 17:39:31 +00:00
Code Issues Projects Releases Wiki Activity
Files
2d08595a93d6d2a0a87c1efeb2a74a0b41c64cac
poky/meta/recipes-support
T
History
Jiaying Song 82902b3d64 diffoscope: fix CVE-2024-25711 
diffoscope before 256 allows directory traversal via an embedded
filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa,
may be disclosed to an attacker. This occurs because the value of the
gpg --use-embedded-filenames option is trusted.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-25711

Upstream patches:
https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476

(From OE-Core rev: da4977e9414361a30eb322d1456a664515b35693)

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-12-09 07:54:03 -08:00
..
apr
apr: upgrade 1.7.2 -> 1.7.5
2024-09-07 05:38:17 -07:00
argp-standalone
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
aspell
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
atk
at-spi2-core: backport a patch to fix build with gcc-14 on host
2024-11-02 06:32:36 -07:00
attr
acl/attr: ptest fixes and improvements
2023-08-26 04:24:02 -10:00
bash-completion
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
bmap-tools
bmap-tools: update HOMEPAGE and SRC_URI
2024-11-02 06:32:36 -07:00
boost
boost: fix install of fiber shared libraries
2022-08-23 15:22:52 +01:00
ca-certificates
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
consolekit
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
curl
curl: patch CVE-2024-9681
2024-11-15 06:05:32 -08:00
db
db: remove obsolete support for renamed libtool
2021-12-12 18:10:22 +00:00
debianutils
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
diffoscope
diffoscope: fix CVE-2024-25711
2024-12-09 07:54:03 -08:00
dos2unix
meta: Add explict branch to git SRC_URIs
2021-10-30 18:56:47 +01:00
enchant
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
fribidi
fribidi: upgrade 1.0.12 -> 1.0.13
2023-07-01 08:37:24 -10:00
gdbm
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
gmp
gmp: add missing COPYINGv3
2022-04-14 09:47:00 +01:00
gnome-desktop-testing
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
gnupg
gnupg: ignore CVE-2022-3515
2024-12-09 07:54:03 -08:00
gnutls
gnutls: fix CVE-2024-28835
2024-05-02 06:21:09 -07:00
gpgme
gpgme: upgrade 1.17.0 -> 1.17.1
2022-03-10 13:07:37 +00:00
icu
icu: fix make_icudata dependencies
2022-01-26 06:27:00 +00:00
iso-codes
iso-codes: upgrade 4.13.0 -> 4.15.0
2023-06-23 04:16:40 -10:00
itstool
itstool: add missing COPYING.GPL3
2022-04-14 09:47:00 +01:00
libassuan
libassuan: upgrade 2.5.5 -> 2.5.6
2023-08-02 04:47:13 -10:00
libatomic-ops
libatomic-ops: upgrade 7.6.12 -> 7.6.14
2022-09-12 08:41:47 +01:00
libbsd
libbsd: Add correct license for all packages
2023-05-10 04:19:57 -10:00
libcap
libcap: fix CVE-2023-2603 Integer Overflow in _libcap_strdup()
2023-07-12 05:11:37 -10:00
libcap-ng
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libcheck
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libcroco
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libdaemon
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libevdev
libevdev: upgrade 1.12.0 -> 1.12.1
2022-03-29 15:59:29 +01:00
libevent
libevent,btrfs-tools: fix Upstream-Status tag
2021-10-23 22:26:48 +01:00
libexif
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libffi
libffi: backport a fix to build libffi-native with gcc-14
2024-11-02 06:32:36 -07:00
libfm
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libgcrypt
meta/scripts: Automated conversion of OE renamed variables
2022-02-21 23:37:27 +00:00
libgit2
libgit2: Fix CVE-2024-24575 and CVE-2024-24577
2024-02-15 03:51:57 -10:00
libgpg-error
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libical
libical: upgrade 3.0.15 -> 3.0.16
2022-12-01 19:35:04 +00:00
libjitterentropy
libjitterentropy: upgrade 3.3.1 -> 3.4.0
2022-03-24 17:45:29 +00:00
libksba
libksba: upgrade 1.6.3 -> 1.6.4
2023-08-02 04:47:13 -10:00
libmd
libmd: upgrade 1.0.3 -> 1.0.4
2021-10-23 17:42:26 +01:00
libmicrohttpd
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
2023-03-20 17:20:44 +00:00
libmpc
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libnl
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libpcre
libpcre2: patch CVE-2022-41409
2023-08-07 04:40:43 -10:00
libproxy
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libpsl
libpsl: Add config knobs for runtime/builtin conversion choices
2021-04-20 13:56:48 +01:00
libseccomp
libseccomp: fix for the ptest result format
2023-03-09 13:19:03 +00:00
libsoup
libsoup-2.4: Backport fix for CVE-2024-52531
2024-12-09 07:54:03 -08:00
libssh2
libssh2: fix CVE-2023-48795
2024-04-21 06:33:34 -07:00
libunistring
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libunwind
libunwind: update 1.6.0 -> 1.6.2
2021-12-08 20:22:11 +00:00
liburcu
liburcu: upgrade 0.13.1 -> 0.13.2
2022-09-12 08:41:47 +01:00
libusb
libusb1: Strip trailing whitespaces
2023-02-04 23:32:20 +00:00
libxslt
libxslt: Mark CVE-2022-29824 as not applying
2022-06-07 11:53:26 +01:00
libyaml
libyaml: Ignore CVE-2024-35325
2024-09-04 05:57:57 -07:00
lz4
lz4: upgrade 1.9.3 -> 1.9.4
2022-09-12 08:41:47 +01:00
lzo
lzo: Add further info to a patch and mark as Inactive-Upstream
2022-06-11 10:06:13 +01:00
lzop
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
mpfr
mpfr: upgrade 4.1.0 -> 4.1.1
2022-12-23 23:05:50 +00:00
nettle
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
nghttp2
nghttp2: Fix CVE-2024-28182
2024-04-21 06:33:34 -07:00
npth
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
nss-myhostname
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
numactl
numactl: skip test case when target platform doesn't have 2 CPU node
2023-02-04 23:32:20 +00:00
p11-kit
p11-kit: add native to BBCLASSEXTEND
2023-05-30 04:11:15 -10:00
pinentry
pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
2022-09-03 13:09:49 +01:00
popt
popt: fix override syntax in RDEPENDS
2022-06-22 23:46:29 +01:00
ptest-runner
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
re2c
re2c: upgrade 2.2 -> 3.0
2022-02-05 17:46:05 +00:00
rng-tools
rng-tools: enable macro JENT_CONF_ENABLE_INTERNAL_TIMER
2022-03-24 17:45:29 +00:00
serf
serf: upgrade 1.3.9 -> 1.3.10
2023-07-21 06:27:34 -10:00
shared-mime-info
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
sqlite
sqlite3: Rename patch for CVE-2022-35737
2024-09-07 05:38:17 -07:00
taglib
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
user-creation
Convert to new override syntax
2021-08-02 15:44:10 +01:00
vim
vim: Upgrade 9.1.0698 -> 9.1.0764
2024-11-02 06:32:36 -07:00
vte
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
xxhash
xxhash: fix build with gcc 12
2022-06-22 23:46:29 +01:00