CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-04 16:10:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
c6234dce63
poky/meta/recipes-devtools
History
Praveen Kumar c6234dce63 python3: fix CVE-2025-6075 
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075

Upstream-patch:
892747b4cf

(From OE-Core rev: 9a7f33d85355ffbe382aa175c04c64541e77b441)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-01 06:50:49 -08:00
..
apt apt: add missing <cstdint> for uint16_t 2023-10-18 05:13:24 -10:00
autoconf autoconf: Update K & R stype functions 2022-09-16 17:53:22 +01:00
autoconf-archive
automake automake: fix buildtest patch 2023-08-26 04:24:02 -10:00
binutils binutils: patch CVE-2025-11413 2025-11-06 07:14:05 -08:00
bison
bootchart2 bootchart2: Fix usrmerge support 2023-02-15 21:46:56 +00:00
btrfs-tools btrfs-tools: upgrade 5.16 -> 5.16.2 2022-03-04 17:14:15 +00:00
cargo rust-common: Drop LLVM_TARGET and simplify 2022-06-07 11:53:26 +01:00
ccache ccache: fix build with gcc-13 2023-10-05 15:48:49 -10:00
cdrtools cdrtools-native: fix build with gcc-14 2024-10-12 05:17:58 -07:00
chrpath
cmake cmake: fix CVE-2025-9301 2025-10-24 06:47:19 -07:00
createrepo-c createrepo-c: upgrade 0.18.0 -> 0.19.0 2022-03-16 10:31:40 +00:00
dejagnu dejagnu: Fix LICENSE 2024-09-16 06:09:56 -07:00
desktop-file-utils
devel-config
diffstat
distcc
dmidecode dmidecode: fixup for CVE-2023-30630 2023-08-19 05:56:58 -10:00
dnf dnf: upgrade 4.10.0 -> 4.11.1 2022-03-16 10:31:40 +00:00
docbook-xml
dosfstools
dpkg dpkg: patch CVE-2025-6297 2025-08-29 08:33:33 -07:00
dwarfsrcfiles
e2fsprogs e2fsprogs: removed 'sed -u' option 2025-06-20 08:06:30 -07:00
elfutils elfutils: Fix CVE-2025-1377 2025-11-24 06:57:39 -08:00
erofs-utils erofs-utils: Use __SANE_USERSPACE_TYPES__ on ppc64 2022-03-15 08:40:09 +00:00
expect expect: modify fixline1 script 2022-03-16 13:39:12 +00:00
fdisk
file file: fix CVE-2022-48554 2023-09-08 16:09:41 -10:00
flex
gcc gcc: AArch64 - Fix strict-align cpymem/setmem 2025-05-28 08:46:32 -07:00
gdb gdb: Fix CVE-2024-53589 2025-02-05 06:54:35 -08:00
git git: fix CVE-2025-48386 2025-10-31 06:23:13 -07:00
glide
gnu-config gnu-config: update SRC_URI 2022-03-24 17:45:29 +00:00
go go: fix CVE-2024-24783 2025-11-06 07:14:05 -08:00
help2man
i2c-tools
icecc-create-env
icecc-toolchain
intltool
jquery
json-c json-c: define CVE_VERSION 2023-10-05 15:48:49 -10:00
libcomps
libdnf libdnf: resolve cstdint inclusion for newer gcc versions 2023-09-08 16:09:42 -10:00
libedit libedit: Make docs generation deterministic 2024-09-16 06:09:56 -07:00
libmodulemd
librepo librepo: upgrade 1.14.2 -> 1.14.3 2022-05-25 22:45:50 +01:00
libtool libtool: Upgrade 2.4.6 -> 2.4.7 2022-03-23 12:13:49 +00:00
llvm llvm: fix typo in CVE-2024-0151.patch 2025-09-12 09:24:24 -07:00
log4cplus log4cplus: upgrade 2.0.7 -> 2.0.8 2022-08-04 16:29:15 +01:00
lua lua: Fix install conflict when enable multilib. 2023-03-20 17:20:44 +00:00
m4 m4: Fix build on musl/ppc 2022-03-11 06:56:01 +00:00
make
makedevs makedevs: Don't use COPYING.patch just to add license file into ${S} 2022-06-11 10:06:13 +01:00
meson meson: Fix wrapper handling of implicit setup command 2023-03-20 17:20:44 +00:00
mmc mmc-utils: upgrade to latest revision 2022-05-25 22:45:50 +01:00
mtd mtd-utils: upgrade 2.1.4 -> 2.1.5 2022-12-01 19:35:05 +00:00
mtools mtools: upgrade 4.0.37 -> 4.0.38 2022-03-20 00:02:22 +00:00
nasm nasm: fix CVE-2020-21528 2023-09-08 16:09:41 -10:00
ninja ninja: fix build with python 3.13 2024-12-02 06:23:20 -08:00
opkg opkg: Set correct info_dir and status_file in opkg.conf 2022-12-13 15:23:34 +00:00
opkg-utils opkg-utils: use a git clone, not a dynamic snapshot 2022-11-09 17:42:08 +00:00
orc orc: set CVE_PRODUCT 2025-07-30 07:47:48 -07:00
patch
patchelf patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak 2023-04-11 11:31:52 +01:00
perl perl: enable _GNU_SOURCE define via d_gnulibc 2025-05-16 08:58:06 -07:00
perl-cross perl: update 5.34.1 -> 5.34.3 2023-12-22 16:36:55 -10:00
pkgconf pkgconf: fix CVE-2023-24056 2023-03-23 22:45:33 +00:00
pkgconfig
pseudo pseudo: Fix envp bug and add posix_spawn wrapper 2024-11-15 06:05:32 -08:00
python python3: fix CVE-2025-6075 2025-12-01 06:50:49 -08:00
qemu qemu: patch CVE-2024-8354 2025-10-17 07:27:23 -07:00
quilt quilt: Fix merge.test race condition 2023-05-30 04:11:15 -10:00
repo
rpm rpm: Remove -Wimplicit-function-declaration warnings 2022-10-11 21:56:13 +01:00
rsync rsync: fix CVE-2024-12747 2025-01-24 07:49:28 -08:00
ruby ruby: fix CVE-2024-41123 2025-12-01 06:50:49 -08:00
run-postinsts run-postinsts: Set dependency for ldconfig to avoid boot issues 2023-05-10 04:19:57 -10:00
rust rust-cross-canadian: Ignore CVE-2024-43402 2025-11-19 08:21:24 -08:00
squashfs-tools squashfs-tools: correct upstream version check 2022-03-20 00:02:22 +00:00
strace strace: Update patches/tests with upstream fixes 2023-07-12 05:11:38 -10:00
subversion subversion: ignore CVE-2024-45720 2025-02-24 07:00:53 -08:00
swig
syslinux syslinux: Disable error on implicit-function-declaration 2024-10-24 06:31:58 -07:00
systemd-bootchart
tcf-agent tcf-agent: correct the SRC_URI 2025-07-18 08:32:26 -07:00
tcltk tcl: skip async and event tests in run-ptest 2024-04-19 04:50:39 -07:00
unfs3
unifdef
vala Don't use ftp.gnome.org 2025-11-06 07:14:05 -08:00
valgrind valgrind: disable avx_estimate_insn.vgtest 2024-10-12 05:17:58 -07:00
xmlto xmlto: backport a patch to fix build with gcc-14 on host 2024-11-11 06:19:18 -08:00