summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* xserver-xorg: Fix for CVE-2025-26599Vijay Anusuri2025-03-043-0/+197
| | | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8 (From OE-Core rev: c013fec3e5dd86544366308f53a031b080b140c6) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26598Vijay Anusuri2025-03-042-0/+121
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a (From OE-Core rev: 645ad1bcf8675873a7ab4778ffd2dd59dbb7b037) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26597Vijay Anusuri2025-03-042-0/+47
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949 (From OE-Core rev: 9d095e34da2adde63358a878cfac45ea28727bdf) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26596Vijay Anusuri2025-03-042-0/+50
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01 (From OE-Core rev: d510d87d9bb3e3489a4482dd0ce66e4bc7622ca0) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26595Vijay Anusuri2025-03-042-0/+66
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87 (From OE-Core rev: 78d718f0a683f9fb81aa24b39f148d2acf2e1fc6) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: Fix for CVE-2025-26594Vijay Anusuri2025-03-043-0/+107
| | | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6 (From OE-Core rev: f45b068860b1be1b3dadd58f8f787953a2951405) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* vulnerabilities/classes: remove references to cve-check text formatMarta Rybczynska2025-02-282-29/+69
| | | | | | | | | | | | | The text format has been removed, so also remove references and examples using this format. Replace with examples with the JSON format. (From yocto-docs rev: 9798689e4f4b74163c2e8594f3d1ce082d295aa1) Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit a52cd7bcadccc53e982f90d6e170d00798322597) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* vim: Upgrade 9.1.0764 -> 9.1.1043Divya Chellam2025-02-281-2/+2
| | | | | | | | | | | | | This includes CVE-fix for CVE-2025-22134 and CVE-2025-24014 Changes between 9.1.0764 -> 9.1.1043 ==================================== https://github.com/vim/vim/compare/v9.1.0764...v9.1.1043 (From OE-Core rev: 73b5570a16708d1e749b1ec525299d10557cbf56) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-25473Archana Polampalli2025-02-282-0/+37
| | | | | | | | | | FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. (From OE-Core rev: 599ee3f195bc66d57797c121fa0b73a901d6edfa) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-35369Archana Polampalli2025-02-282-0/+39
| | | | | | | | | | | | | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. (From OE-Core rev: 3efef582892a5a9286041837098b80aa59d1b688) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-28661Archana Polampalli2025-02-282-0/+41
| | | | | | | (From OE-Core rev: cbe8929662f8ea873a3686517516bc5754a3cd18) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36618Archana Polampalli2025-02-282-0/+37
| | | | | | | | | | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. (From OE-Core rev: 46680bed23ef6f529c7e554b5611a7c098fce8a9) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-rtsp-server: fix CVE-2024-44331Archana Polampalli2025-02-282-1/+47
| | | | | | | | | | | Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. (From OE-Core rev: ce328462a12eeaa59994e2236071aa17a083c263) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: ignore CVE-2024-7272Peter Marko2025-02-281-0/+5
| | | | | | | | | This vulnerability was introduced in 5.1, so 5.0.1 is not affected. (From OE-Core rev: ea6e581067cafd5f367c68871bc312d3ba11b4da) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: ignore 5 CVEsPeter Marko2025-02-281-0/+18
| | | | | | | | | | | | | | There is no release which is vulnerable to these CVEs. These vulnerabilities are in new features being developed and were fixed before release. NVD most likely does not accept CVE rejection from a non-maintainer and non-reporter, so ignoring this CVE should be acceptable solution. (From OE-Core rev: 220a05e27913bf838881c3f22a17d0409c5154a9) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libcap: fix CVE-2025-1390Hitendra Prajapati2025-02-282-0/+37
| | | | | | | | | Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878 (From OE-Core rev: 142715b83fb2c5f4dfeeab2c6e7feccecd1ca46f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: patch CVE-2025-24928Peter Marko2025-02-282-0/+59
| | | | | | | | | Pick commit fomr 2.12 branch. (From OE-Core rev: 3ccd936adb928612c9721768708534350aeee351) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: patch CVE-2024-56171Peter Marko2025-02-282-0/+43
| | | | | | | | | Pick commit from 2.12 branch. (From OE-Core rev: ab804cd27ecf7ee65a9feea477140502ecbc0d73) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: fix compilation of explicit child axis in patternPeter Marko2025-02-282-0/+32
| | | | | | | | | | | This was reported as sucurity fix in https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.10 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6 (From OE-Core rev: 0dc99e25c16a1e74aa80ca20132609990bb9dff7) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Revert "ovmf: Fix CVE-2023-45236"Kai Kang2025-02-282-830/+0
| | | | | | | | | | | | This reverts commit a9cd3321558e95f61ed4c5eca0dcf5a3f4704925. The fix for CVE-2023-45237 has been reverted. And the fix for CVE-2023-45236 depends on it. So revert it too. (From OE-Core rev: c61e31f192837b05bc309a05aef95c3be5b44997) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Revert "ovmf: Fix CVE-2023-45237"Kai Kang2025-02-283-1368/+0
| | | | | | | | | | | | | | | | | | | | | | This reverts commit 6f8bdaad9d22e65108f859a695277ce1b20ef7c6. his reverts commit 4c2d3e37308cac98614dfafed79b7323423af8bc. The fix for CVE-2023-45237 causes ovmf firmware not support pxe boot any more and no boot item in OVMF menu such as UEFI PXEv4 (MAC address) It has not been fixed by ovmf upstream and an issue has been created on https://github.com/tianocore/tianocore.github.io/issues/82 Revert the fixes for now. (From OE-Core rev: d3f399f54042efc6f4ca2092dd11819ae1f7c51f) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: fix CVE-2024-57259Hongxu Jia2025-02-282-0/+42
| | | | | | | | | | | | | sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation. https://nvd.nist.gov/vuln/detail/CVE-2024-57259 (From OE-Core rev: e4b713ff07695487cc9307ffc3576a11775cde4d) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: fix CVE-2024-57258Hongxu Jia2025-02-284-0/+133
| | | | | | | | | | | | | Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. https://nvd.nist.gov/vuln/detail/CVE-2024-57258 (From OE-Core rev: b4bf3ba66052db7a311ac696563a8a0f9c585600) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: fix CVE-2024-57257Hongxu Jia2025-02-282-0/+229
| | | | | | | | | | | | A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. https://nvd.nist.gov/vuln/detail/CVE-2024-57257 (From OE-Core rev: 5ed8ad78bcce836aa8894de7a1d7fdf719e5bbca) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: fix CVE-2024-57256Hongxu Jia2025-02-282-0/+52
| | | | | | | | | | | | | | An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/detail/CVE-2024-57256 (From OE-Core rev: 534aa63726f31241e3a9d4aa70d4005fa0300133) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: fix CVE-2024-57255Hongxu Jia2025-02-282-0/+54
| | | | | | | | | | | | | An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/detail/CVE-2024-57255 (From OE-Core rev: 687b6e0a166d7dc999b7d226a9bd68155f59a03a) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: fix CVE-2024-57254Hongxu Jia2025-02-282-0/+48
| | | | | | | | | | | | | An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. https://nvd.nist.gov/vuln/detail/CVE-2024-57254 (From OE-Core rev: 956836ab347e9112be0f8892b1b82c4bcb17990c) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: fix CVE-2022-2347 and CVE-2022-30790Sakib Sajal2025-02-284-0/+347
| | | | | | | | | Backport appropriate patches to fix CVE-2022-2347 and CVE-2022-30790. (From OE-Core rev: 7a5220a4877cd4d3766728e8a3525c157b6167fb) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: Fix CVE-2022-30767Carlos Dominguez2025-02-282-0/+45
| | | | | | | | | | | | | | | | | This patch mitigates the vulnerability identified via CVE-2019-14196. The previous patch was bypassed/ineffective, and now the vulnerability is identified via CVE-2022-30767. The patch removes the sanity check introduced to mitigate CVE-2019-14196 since it's ineffective. filefh3_length is changed to unsigned type integer, preventing negative numbers from being used during comparison with positive values during size sanity checks. (From OE-Core rev: b7072637ba110718714745a01d67e1b6b0096165) Signed-off-by: Carlos Dominguez <carlos.dominguez@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Add favicon for the documentation htmlAntonin Godard2025-02-242-0/+1
| | | | | | | | | | | | | Import the favicon from https://www.yoctoproject.org/, convert it to 16x16 (as per the Sphinx documentation) to make a 1291B image of the Yocto logo. (From yocto-docs rev: 73119a723b48a4038479591f0443c5acb3d21337) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit e3ee43e6d70685a2404aae2d60557a42879b0bb1) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* contributor-guide/submit-changes: add policy on AI generated codeAntonin Godard2025-02-241-0/+49
| | | | | | | | | | | | | | Based on message by Richard Purdie on the yocto-docs list: https://lists.yoctoproject.org/g/docs/message/6300 Re-formatted for the Yocto Project documentation syntax. (From yocto-docs rev: 50eae3ab433ada5c3863d880f11e2b2bcbd46b94) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit a72dd13e6841b621c9e8f904dfaa440c186d2959) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* procps: replaced one use of fputs(3) with a write(2) callMingli Yu2025-02-243-0/+110
| | | | | | | | | | | | | | | | | | | | | | | | | This patch is ported from a merge request shown below, and the following represents the original commit text. ------------------------------------------------------ top: In the bye_bye function, replace fputs with the write interface. When top calls malloc, if a signal is received, it will call sig_endpgm to process the signal. In the bye_bye function, if the -b option is enable, the Batch variable is set, the fputs function will calls malloc at the same time. The malloc function is not reentrant, so it will cause the program to crash. (From OE-Core rev: 573f5b2d8fec9f8a4ed17e836ef3feeb6de62e5a) Signed-off-by: Shaohua Zhan <shaohua.zhan@windriver.com> ------------------------------------------------------ Reference(s): https://gitlab.com/procps-ng/procps/-/merge_requests/127 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* scritps/runqemu: Ensure we only have two serial portsRichard Purdie2025-02-241-4/+13
| | | | | | | | | | | | | | | | | | | | | | I have a theory that some of the console boot issues we're seeing are due to starting images with three serial ports yet only starting gettys on two of them. This means that occasionally, depending on the port numbering we may not get a login prompt on the console we expect it on. To fix this, change the runqemu code so that if serial ports are passed in on the commandline (as is the case in automated testing), we don't add any other GUI serial consoles. We do need to make sure we do have at least two serial ports since we don't want getty timeout warnings. (From OE-Core rev: 44e1279970d306b0da4fcc11f9e780915f481819) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1b0348535dce3b776efbcf26406b94730a51eb85) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* scripts/install-buildtools: Update to 4.0.24Aleksandar Nikolic2025-02-241-2/+2
| | | | | | | | | Update to the 4.0.24 release of the 4.0 series for buildtools. (From OE-Core rev: 93b1e2cbee96bd8731a5d5d0fe5462c2518fe8a7) Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36617Archana Polampalli2025-02-242-0/+39
| | | | | | | | | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. (From OE-Core rev: aec2ad743893d72d46c79701a0dac982931e3171) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36616Archana Polampalli2025-02-242-0/+38
| | | | | | | | | | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. (From OE-Core rev: 93a1e2fd2bb42977339510ef7d71288a88a34ab8) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36613Archana Polampalli2025-02-242-0/+39
| | | | | | | | | | | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. (From OE-Core rev: 1af53c8dd20662e720ac4dad31833a9d776b795a) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: CVE-2025-0518Archana Polampalli2025-02-242-0/+35
| | | | | | | | | | | | | | | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman (From OE-Core rev: 52cbeaa086d2cc0c0aae46deb4193ccb5427ecdc) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: fix CVE-2024-12243Archana Polampalli2025-02-242-0/+1161
| | | | | | | | | | | | | A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition. (From OE-Core rev: 5fbe46de6d2e3862316cf486503f18e616c3c0a7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby: fix CVE-2024-41946Divya Chellam2025-02-242-0/+118
| | | | | | | | | | | | | | | | | | REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41946 Upstream-patch: https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368 (From OE-Core rev: b0e74fd8922bba8e954a223ec46de5c33d2ff743) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: Fix for CVE-2022-49043Vijay Anusuri2025-02-242-0/+39
| | | | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b] Reference: https://access.redhat.com/security/cve/cve-2022-49043 (From OE-Core rev: 82b6c943bb6435171d1924cbebe794b901eb3705) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpcre2: ignore CVE-2022-1586Peter Marko2025-02-241-0/+4
| | | | | | | | | | | | | This CVE is fixed in 10.40 NVD wrongly changed <10.40 to =10.40 when adding debian_linux=10.0 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-1586#VulnChangeHistorySection (From OE-Core rev: 63cbfcd0262d65c66762aa6a8b17b8e8b809737f) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* subversion: ignore CVE-2024-45720Peter Marko2025-02-241-0/+3
| | | | | | | | | | | | | Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720 This CVE is relevant only for subversion running on Windows. (From OE-Core rev: 52cbf6b96952896b16dad34d9eb215fcab88ded2) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Reviewed-by: Sofiane Hamam <sofiane.hamam@smile.fr> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to kirkstone head revisionyocto-4.0.25kirkstone-4.0.25Steve Sakoman2025-02-151-1/+1
| | | | | | (From OE-Core rev: 5a794fd244f7fdeb426bd5e3def6b4effc0e8c62) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* poky.conf: bump version for 4.0.25Steve Sakoman2025-02-151-1/+1
| | | | | | (From meta-yocto rev: 2999fecd926976a1ea517c14e5dee996649dc80a) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 4.0.24Lee Chee Yang2025-02-152-1/+384
| | | | | | | | | | (From yocto-docs rev: c6dce0c77481dee7b0a0fcdc803f755ceccef234) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 1c848b4104ee0ba9b07cdb424bb829d14f9982d7) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* documentation: Fix typo in standards.mdSimon A. Eugster2025-02-151-1/+1
| | | | | | | | | | (From yocto-docs rev: cdcc30d9afad319c1a073a3bdffd439b6cd999c7) Signed-off-by: "Simon A. Eugster" <simon.eu@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit e6745669cc26de8f61d5d1ccdd5a95b552eece97) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* classes-global/insane: Look up all runtime providers for file-rdepsJoshua Watt2025-02-151-18/+12
| | | | | | | | | | | | | | | Uses the new foreach_runtime_provider_pkgdata() API to look up all possible runtime providers of a given dependency when resolving file-rdeps. This allows the check to correctly handle RPROVIDES for non-virtual dependencies (From OE-Core rev: 018fa1b7cb5e6a362ebb45b93e52b0909a782ac9) (From OE-Core rev: 0ff31972b60dda5d8bada2ffb428cc54bb49e8cf) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* lib/packagedata.py: Add API to iterate over rprovidesJoshua Watt2025-02-151-0/+15
| | | | | | | | | | | | | Adds an API that makes it easier to iterate over the package data for a all providers of a runtime dependency. (From OE-Core rev: 68bdc219a4a819e83217f5b54c463624af8d3b9e) (From OE-Core rev: 579717212ba2892e32315788ccd65320556d32a3) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssl: upgrade 3.0.15 -> 3.0.16Peter Marko2025-02-153-330/+1
| | | | | | | | | | | | | | Release information: https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3015-and-openssl-3016-11-feb-2025 All CVEs were already patched, so this upgrade fixes only minor bugs. Remove CVE patches included in the new version. (From OE-Core rev: 68c01710e3522af317f8fe09465b56e6aca01615) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-09-21 22:34:46 +0000