Select Git revision
Search by author
- Any Author
- authors
-
Adalberto Fontoura
adalbertofontoura
-
Alfio Rizzo
alfiorizzo
-
Amin Hosseini Nejad
aminhosseini
-
Anders Lindh Olsson
anderslindh1
-
Andre de Oliveira Favoto andrede
-
Andreas Persson andreaspersson
-
André Bengtsson andrebengtsson
-
Antoni Simelio antonisimelio
-
Attila Horvath attilahorvath
-
Balazs Molnar balazsmolnar
-
Caissa Roque
caissaroque
-
Carlos Neto
carlosneto
-
Casper Riess casperriess
-
Christian Amstutz
christianamstutz
-
Dahyeon Kim dahyeonkim
-
Dominik Domagala domagaladominik
-
Douglas Araujo
douglasaraujo
-
Emilio Asensi emilioasensiconejero
-
Evan Foy
evanfoy
-
Faye Chicken
fayechicken
This project is mirrored from https://git.yoctoproject.org/poky.
Pull mirroring updated .
- Sep 16, 2024
-
-
Siddharth Doshi authored
Updated SRC_URI link and format due to change in openssl website. CVE's Fixed by upgrade: CVE-2024-5535: Fixed possible buffer overread in SSL_select_next_proto(). CVE-2024-6119: Fixed possible denial of service in X.509 name checks - Removed backports of CVE-2024-5535 as it is already fixed. Detailed Information: https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md#changes-between-3014-and-3015-3-sep-2024 (From OE-Core rev: 299118bf8e50055de28139b23781f2d34eb6eae0) Signed-off-by:
Siddharth Doshi <sdoshi@mvista.com> Signed-off-by:
Steve Sakoman <steve@sakoman.com>
-
Archana Polampalli authored
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (From OE-Core rev: 5b31e7f46ab05aca48f4fb11c558ff990e772c9e) Signed-off-by:
Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by:
-
Archana Polampalli authored
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (From OE-Core rev: fb5ca8b9dcb00ff579ee70295b68aecdb3084b38) Signed-off-by:
-
Archana Polampalli authored
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Added tests patch and its dependent patch[c803b93e8736e] (From OE-Core rev: 26b6c87fc2c2b4b4860c6c8b1f4892dfd2d3b30e) Signed-off-by:
-
Vijay Anusuri authored
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-4467 Upstream commits: https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1 https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5 https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6 https://gitlab.com/qemu-project/qemu/-/commit/83930780325b144a5908c45b3957b9b6457b3831 https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613 (From OE-Core rev: c23ad8c89c3dd5b6004677cd0b534e22a293134d) Signed-off-by:Vijay Anusuri <vanusuri@mvista.com> Signed-off-by:
-
Hitendra Prajapati authored
Upstream-Status: Backport from https://github.com/python/cpython/commit/2a9273a0e4466e2f057f9ce6fe98cd8ce570331b (From OE-Core rev: 793c22623e8b3da2ca8e28fe662d8428b0f805a7) Signed-off-by:
Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by:
-
Hugo SIMELIERE authored
Upstream-Status: Backport from https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a Upstream-Status: Backport from https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 (From OE-Core rev: 3e5697687c8fb0aa6312773b233442b8df974feb) Signed-off-by:
Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by:
-
- Sep 07, 2024
-
-
Steve Sakoman authored
(From OE-Core rev: c40a3fec49942ac6d25ba33e57e801a550e252c9) Signed-off-by: -
Steve Sakoman authored
(From meta-yocto rev: 10911ca9695f096a6415ac026d6aefe3ea78adea) Signed-off-by: -
Wang Mingyu authored
(From OE-Core rev: f1dc8f8b95aeba1edb92d960074538239d9f643d) Signed-off-by:
Wang Mingyu <wangmy@fujitsu.com> Signed-off-by:
Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by:
Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b460d2d55a35450564ea04255153b0a3bf715530) Signed-off-by:
-
Vijay Anusuri authored
Refreshed patch 0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch Includes security fix CVE-2023-49582 changelog: https://downloads.apache.org/apr/CHANGES-APR-1.7 (From OE-Core rev: 4eb12d8683bd22b6503a64070b81b52f0d2f373a) Signed-off-by:
-
Rohini Sangam authored
CVE fixed: - CVE-2024-8088: python: cpython: denial of service in zipfile Upstream-Status: Backport from https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db (From OE-Core rev: 295addec33c83443423a3ef87905c3a70f44a4e7) Signed-off-by:
Rohini Sangam <rsangam@mvista.com> Signed-off-by:
-
Vrushti Dabhi authored
The patch "0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch" fixes CVE-2022-35737. (From OE-Core rev: 9a875873e566a6673a65a8264fd0868c568e2a2c) Signed-off-by:
Vrushti Dabhi <vrushti.dabhi@einfochips.com> Signed-off-by:
-
Vrushti Dabhi authored
- The commit [https://sqlite.org/src/info/0e4e7a05c4204b47] ("Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.") fixes CVE-2023-7104 instead of CVE-2022-46908. - Hence, corrected the CVE-ID in CVE-2023-7104.patch. - Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-7104 (From OE-Core rev: 9d7f21f3d0ae24d0005076396e9a929bb32d648e) Signed-off-by:
-
Hitendra Prajapati authored
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-7409 Upstream Patches: https://github.com/qemu/qemu/commit/fb1c2aaa981e0a2fa6362c9985f1296b74f055ac https://github.com/qemu/qemu/commit/c8a76dbd90c2f48df89b75bef74917f90a59b623 https://gitlab.com/qemu-project/qemu/-/commit/b9b72cb3ce15b693148bd09cef7e50110566d8a0 https://gitlab.com/qemu-project/qemu/-/commit/3e7ef738c8462c45043a1d39f702a0990406a3b3 (From OE-Core rev: d84ab04dc66cb83638f96fcd2f4c67e67489c410) Signed-off-by:
-
- Sep 04, 2024
-
-
Ming Liu authored
A issue was found when I run "runqemu genericx86-64 ovmf", grub failed to boot, it's a known issue has been fixed in grub upstream, backport the fix. (From OE-Core rev: 6992437d725f9cc88da4261814b69aaadc5ef0f2) Signed-off-by:
Ming Liu <liu.ming50@gmail.com> Signed-off-by:
Chaitanya Vadrevu <chaitanya.vadrevu@ni.com> Signed-off-by:
-
Hugo SIMELIERE authored
Upstream-Status: Backport [https://github.com/cryptodev-linux/cryptodev-linux/commit/157a624d7a892ea5fb2df4bbd4e71c008adbecb7 ] (From OE-Core rev: 047ee2fe7bc9920038213d014a920518a264ef17) Signed-off-by:
-
Divya Chellam authored
Includes security fixes for CVE-2024-4076, CVE-2024-1737, CVE-2024-0760, CVE-2024-1975 and other bug fixes Release Notes: https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html#notes-for-bind-9-18-28 https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html#notes-for-bind-9-18-27 https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html#notes-for-bind-9-18-26 https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html#notes-for-bind-9-18-25 (From OE-Core rev: 1f065d8358ab0fb6c08b2aad2145786c31294721) Signed-off-by:
Divya Chellam <divya.chellam@windriver.com> Signed-off-by:
-
Siddharth Doshi authored
This includes CVE-fix for CVE-2024-41957, CVE-2024-41965 and CVE-2024-43374 Changes between 9.1.0114 -> 9.1.0682 ==================================== https://github.com/vim/vim/compare/v9.1.0114...v9.1.0682 Note: ==== Removed patch "vim-add-knob-whether-elf.h-are-checked.patch" as libelf checks are removed from configure.ac as per commit https://github.com/vim/vim/commit/1acc67ac4412aa9a75d1c58ebf93f2b29585a960 (From OE-Core rev: 3312a57ce631ea6235055b3d4b4ac31d06c8a2ae) Signed-off-by:
-
Hitendra Prajapati authored
https://www.vim.org/vim-9.1-released.php Vim 9.1 is available The Vim project is happy to announce that Vim 9.1 has finally been released. This release is dedicated to Bram Moolenaar, Vim's lead developer for more than 30 years, who passed away half a year ago. The Vim project wouldn't exist without his work! Vim 9.1 is mainly a bug fix release, it contains hundreds of bug fixes, a few new features and there are many minor improvements. Changes: https://github.com/vim/vim/compare/v9.0.2190...v9.1.0114 CVE: CVE-2024-22667 (includes commit https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 ) (From OE-Core rev: d5ae0ec5eca9324cffaa8f95d2cbdd8475979c45) Signed-off-by:
-
Peter Marko authored
This CVE affects google cloud services that utilize libcurl wrongly. (From OE-Core rev: 27ac7879711e7119b4ec8b190b0a9da5b3ede269) Changed CVE ignore syntax (From OE-Core rev: ad703de483258f459acc6a40385ad00a5182eb64) Signed-off-by:
Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by:
Peter Marko <peter.marko@siemens.com> Signed-off-by:
-
Peter Marko authored
This is similar CVE as the previous ones from the same author. https://github.com/yaml/libyaml/issues/303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1) Signed-off-by:
-
- Aug 28, 2024
-
-
Guocai He authored
Backport a patch [1] to fix the below build failure. FAILED: libsoup/libsoup-2.4.so.1.11.0.p/soup-address.c.o In file included from /usr/include/glib-2.0/gio/gnetworking.h:40, from ../libsoup-2.72.0/libsoup/soup-address.c:14: /usr/include/resolv.h:75:15: error: unknown type name ‘u_char’ const u_char **__query, ^~~~~~ [1] https://gitlab.gnome.org/GNOME/libsoup/-/commit/5c3d431bdb094c59997f2a23e31e83f815ab667c (From OE-Core rev: 963085afced737863cf4ff8515a1cf08365d5d87) Signed-off-by:Guocai He <guocai.he.cn@windriver.com> Signed-off-by:
-
Niko Mauno authored
Several conversion commands already make use of 'force' option in the compression, which enables overwriting existing files without prompting. Since occasionally an existing residual destination file from a previously aborted or failed task can prevent the re-execution of the conversion command task, by enabling the 'force' option also for lz4 and lzop compression commands we can avoid following kind of BitBake failures with these compressors: | DEBUG: Executing shell function do_image_cpio | 117685 blocks | 2 blocks | example-image.cpio.lz4 already exists; do you want to overwrite (y/N) ? not overwritten | Error 20 : example-image.cpio : open file error | WARNING: exit code 20 from a shell command. ERROR: Task (.../recipes-core/images/example-image.bb:do_image_cpio) failed with exit code '1' (From OE-Core rev: 623ab22434909f10aaf613cd3032cc2a2c6e3ff9) (From OE-Core rev: 35a92023766b562dab9f8561cc3adb4938b03692) Signed-off-by:
Niko Mauno <niko.mauno@vaisala.com> Signed-off-by:
-
Leon Anavi authored
Backport PACKAGECONFIG[editline] from Scarthgap to Kirkstone because libedit has feature parity with readline but is more permissively licensed (BSD verses GPLv3). This patch provides means of enabling editline in a distribution without GPLv3 and in this case improves Python REPL keyboard support. (From OE-Core rev: 12dc7d2081a1aaec90ffb3ed6718d757ce14b5ab) Signed-off-by:
Leon Anavi <leon.anavi@konsulko.com> Signed-off-by:
-
Siddharth Doshi authored
Upstream-Status: Backport from [https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519 ] CVE's Fixed: ============ CVE-2024-7264 libcurl: ASN.1 date parser overread (From OE-Core rev: cf0b1ed6c4cd9f61e39befb9c9785b1433777988) Signed-off-by:
-
Siddharth Doshi authored
Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e ] CVE's Fixed: CVE-2024-7006 libtiff: NULL pointer dereference in tif_dirinfo.c (From OE-Core rev: bacab52b3d101ee99753f14542a56340dd589425) Signed-off-by:
-
Peter Marko authored
This is the same problem as already ignored CVE-2024-35328. See laso this comment in addition: https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233 (From OE-Core rev: 18e011245dd978985eecc368c503822f61d52f21) Signed-off-by:
-
- Aug 23, 2024
-
-
Lee Chee Yang authored
(From yocto-docs rev: 512025edd9b3b6b8d0938b35bb6188c9f3b7f17d) Signed-off-by:
Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by:
-
Matthias Pritschet authored
1. Changed one letter (s/B/A), so the sentence is correct again. 2. Moved example from SYSROOT_DIRS_IGNORE into SYSROOT_DIRS section. (From yocto-docs rev: 9fcd6d6ef4a87f69b8a00907051c1ece41e75a82) Signed-off-by:
Matthias Pritschet <matthias@pritschet.eu> Signed-off-by:
-
Robert Yang authored
Fixed: - BBMULTICONFIG = "qemux86-64 qemuarm64" and more than 70 layers in BBLAYERS $ bitbake -p -P Check profile.log.processed, the record() cost more than 20 seconds, it is less than 1 second when multiconfig is not enabled, and there would be the following error when more muticonfigs are enabled: Timeout while waiting for a reply from the bitbake server Don't change the type of loginfo['detail'] or re-assign it can make record() back to less than 1 second, this won't affect COW since loginfo is a mutable type. The time mainly affected by two factors: 1) The number of enabled layers, nearly 1 second added per layer when the number is larger than 50. 2) The global var such as USER_CLASSES, about 1 ~ 2 seconds added per layer when the layers number is larger than 50. (Bitbake rev: ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1) Signed-off-by:
Robert Yang <liezhi.yang@windriver.com> Signed-off-by:
-
- Aug 16, 2024
-
-
Ross Burton authored
This package can be built using pep517 classes now. (From OE-Core rev: 6c1000a2bbfe5e618e42bc5be2058332337d4177) Signed-off-by:
Ross Burton <ross.burton@arm.com> Signed-off-by:
-
Vijay Anusuri authored
Include security fix CVE-2024-40897 Ref: https://github.com/GStreamer/orc/blob/0.4.39/RELEASE (From OE-Core rev: 4fc3f804c0963e4421b8066425cc6780a6901ace) Signed-off-by:
-
Soumya Sambu authored
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues." References: https://nvd.nist.gov/vuln/detail/CVE-2024-39689 Upstream-patch: https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 (From OE-Core rev: 96c1e12dc6cb4c321a09a6ddcc4c9f27c30b4564) Signed-off-by:
Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by:
-
Hitendra Prajapati authored
backport upstream fix for CVEs and fix the regression that introduced [1] [1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html (From OE-Core rev: 4bc3dcb0be97f7fecb34950015b4335d6ddc512c) Signed-off-by:
-
Archana Polampalli authored
(From OE-Core rev: f012f6a6e1d3111d6cae74c9c846d8bd0fca5dd5) Signed-off-by:
-
Archana Polampalli authored
(From OE-Core rev: 68a6482244532e61bc467e1ef23661260bac8572) Signed-off-by:
-
Archana Polampalli authored
(From OE-Core rev: 18c55a131b0627b906de29f8c4cbd1526154cd60) Signed-off-by:
-
Yogita Urade authored
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver(). Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-2794 Upstream patches: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1edb588c6a5e2688880b065a39c9 (From OE-Core rev: 5114e9064dbabd5258f512cd97c79fc40f848b98) Signed-off-by:
Yogita Urade <yogita.urade@windriver.com> Signed-off-by:
-
Archana Polampalli authored
(From OE-Core rev: 1710676f80df2ba1ee77d15b4e0e532df10be5a5) Signed-off-by:
-
