mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 17:39:31 +00:00
Code Issues Projects Releases Wiki Activity
Files
31ea437bf7785201dd4fb04622ec97feba110c93
poky/meta/recipes-devtools
T
History
Soumya Sambu 31ea437bf7 python3: Fix CVE-2024-8088 
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module. When iterating over names of entries in a zip archive (for example,
methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()",
etc) the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-8088

Upstream-Patch:
https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec

(From OE-Core rev: 2d98276ba70ed6c44afecd42a7352f1b3030438f)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-09-09 06:08:10 -07:00
..
apt
Revert "apt: runtime error: filename too long (tmpdir length)"
2024-07-23 06:05:47 -07:00
autoconf
autoconf: 2.72d -> 2.72e
2024-01-21 12:27:12 +00:00
autoconf-archive
automake
automake: mark new_rt_path_for_test-driver.patch as Inappropriate
2024-08-01 06:08:09 -07:00
binutils
binutils: stable 2.42 branch updates
2024-07-23 06:05:47 -07:00
bison
bootchart2
btrfs-tools
btrfs-tools: upgrade 6.5.3 -> 6.7.1
2024-03-07 17:25:02 +00:00
ccache
ccache: upgrade 4.9 -> 4.9.1
2024-03-01 09:28:51 +00:00
cdrtools
cdrtools-native: fix build with gcc-14
2024-06-20 06:29:44 -07:00
chrpath
cmake
cmake: upgrade 3.27.7 -> 3.28.3
2024-02-08 17:12:54 +00:00
createrepo-c
createrepo-c: upgrade 1.0.3 -> 1.0.4
2024-03-01 09:28:51 +00:00
debugedit
dejagnu
desktop-file-utils
devel-config
diffstat
diffstat: upgrade 1.65 -> 1.66
2024-02-03 22:08:26 +00:00
distcc
dmidecode
dnf
dnf/mesa: Fix missing leading whitespace with ':append'
2024-07-17 05:36:14 -07:00
docbook-xml
dosfstools
dpkg
dpkg: mark patches adding custom non-debian architectures as inappropriate for upstream
2024-08-01 06:08:09 -07:00
dwarfsrcfiles
e2fsprogs
elfutils
elfutils: fix unused variable BUFFER_SIZE
2024-03-20 18:20:38 +00:00
erofs-utils
expect
expect-native: fix do_compile failure with gcc-14
2024-09-03 05:39:12 -07:00
fdisk
gptfdisk: Make the version consistent
2024-01-10 17:01:28 +00:00
file
file: enable additional internal compressor support
2024-02-08 10:59:06 +00:00
flex
bash/flex: Ensure BUILD_FLAGS doesn't leak onto target
2024-03-19 15:25:12 +00:00
gcc
libgfortran.inc: fix nativesdk-libgfortran dependencies
2024-08-26 05:18:44 -07:00
gdb
gdb: Upgrade 14.1 -> 14.2
2024-03-05 12:24:49 +00:00
git
git: upgrade 2.44.0 -> 2.44.1
2024-06-14 05:19:22 -07:00
gnu-config
gnu-config: Update to latest version
2024-02-06 10:32:19 +00:00
go
go: upgrade 1.22.5 -> 1.22.6
2024-08-26 05:18:43 -07:00
help2man
i2c-tools
icecc-create-env
icecc-toolchain
intltool
jquery
json-c
libcomps
libdnf
libdnf: upgrade 0.73.0 -> 0.73.1
2024-05-03 06:12:22 -07:00
libedit
libmodulemd
librepo
librepo: update 1.16.0 -> 1.17.0
2024-03-07 17:25:02 +00:00
libtool
libtool: Update further patch status to backport
2024-01-19 00:16:41 +00:00
llvm
llvm: Enable libllvm for native build
2024-08-26 05:18:44 -07:00
log4cplus
lua
m4
make
makedevs
meson
meson: don't use deprecated pkgconfig variable
2024-07-17 05:36:14 -07:00
mmc
mmc-utils: fix URL
2024-07-26 07:43:46 -07:00
mtd
mtools
nasm
nasm: Upgrade 2.16.01 -> 2.16.03
2024-08-10 06:34:25 -07:00
ninja
opkg
opkg-arch-config: update recipe HOMEPAGE
2024-02-09 13:55:06 +00:00
opkg-utils
opkg-utils: Backport fix to drop --numeric-owner parameter
2024-01-12 11:54:05 +00:00
orc
orc: upgrade 0.4.38 -> 0.4.39
2024-08-10 06:34:25 -07:00
patch
patchelf
perl
perl: submit the rest of determinism.patch upstream
2024-07-17 05:36:14 -07:00
perl-cross
perlcross: update to 1.5.2
2023-12-21 10:38:29 +00:00
pkgconf
pkgconf: upgrade 2.1.0 -> 2.1.1
2024-03-01 09:28:51 +00:00
pkgconfig
pseudo
pseudo: Update to include open symlink handling bugfix
2024-08-06 19:11:18 -07:00
python
python3: Fix CVE-2024-8088
2024-09-09 06:08:10 -07:00
qemu
qemu: fix CVE-2024-7409
2024-09-03 05:39:12 -07:00
quilt
repo
repo: upgrade 2.41 -> 2.42
2024-03-07 17:25:03 +00:00
rpm
rpm: update 4.19.1 -> 4.19.1.1
2024-05-03 06:12:21 -07:00
rsync
ruby
ruby: Backport fix for CVE-2024-27282
2024-08-26 05:18:43 -07:00
run-postinsts
run-postinsts.service: Removed --no-reload to fix reload warning when users execute systemctl in the first boot.
2024-06-14 05:19:22 -07:00
rust
rust: Add new varaible RUST_ENABLE_EXTRA_TOOLS
2024-08-06 19:11:18 -07:00
squashfs-tools
strace
strace: Upgrade to 6.7
2024-02-06 10:32:19 +00:00
subversion
subversion: upgrade 1.14.2 -> 1.14.3
2024-01-07 12:24:57 +00:00
swig
swig: upgrade 4.2.0 -> 4.2.1
2024-03-01 09:28:52 +00:00
syslinux
syslinux: Disable error on implicit-function-declaration
2024-02-05 14:06:10 +00:00
systemd-bootchart
systemd-bootchart: upgrade from 234 to 235
2024-01-07 12:24:57 +00:00
tcf-agent
tcltk
tcl: Forward port skip logic for musl ptests
2024-03-30 22:22:19 +00:00
unfs3
unifdef
vala
vala: fix for gtk4 prior to 4.14
2024-03-18 12:21:45 +00:00
valgrind
valgrind: Backport fixes from 3.22 branch
2024-03-30 22:22:19 +00:00
xmlto