| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxslt/-/commit/adebe45f6ef9f9d036acacd8aec7411d4ea84e25 && https://gitlab.gnome.org/GNOME/libxslt/-/commit/1d9820635c271b35f88431f33ea78dc8be349e5b && https://gitlab.gnome.org/GNOME/libxslt/-/commit/ccec6fa31d11ab0a5299f15ea184c7a457e92940 && https://gitlab.gnome.org/GNOME/libxslt/-/commit/82f6cbf8ca61b1f9e00dc04aa3b15d563e7bbc6d && https://gitlab.gnome.org/GNOME/libxslt/-/commit/452fb4ca9b9803448826008b9573987c615912a1
(From OE-Core rev: b77845d6fed5385de5789f8864fc399f82209ea1)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Pick 2 commits as in scarthgap branch plus one additional precondition
to apply those.
(From OE-Core rev: e43507dad134c5036be1c79a37f73c34f4fb6292)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is problem on Windows platform only.
Per NVD report [1], CPE has "and" clause
Running on/with
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Also linked patch [2] changes Windows files only (and tests).
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-0913
[2] https://go-review.googlesource.com/c/go/+/672396
(From OE-Core rev: 473da932a8f94b7454e0e13912753a7e7545fc17)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Pick commit from 3.12 branch mentioned in NVD report.
https://nvd.nist.gov/vuln/detail/CVE-2025-8194
(From OE-Core rev: 4ae9daf3d05530952a8b002257dd9afda2e077e4)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in LibTIFF up to 4.7.0. It has been
rated as critical. This issue affects the function setrow of the
file tools/thumbnail.c. The manipulation leads to buffer overflow.
An attack has to be approached locally. The patch is named
e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to
apply a patch to fix this issue. This vulnerability only affects
products that are no longer supported by the maintainer.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-8177
Upstream patch:
https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1
(From OE-Core rev: fbf3238630c104c9e17d6e902986358cea5986ff)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in LibTIFF up to 4.7.0. It has
been declared as critical. This vulnerability affects the
function get_histogram of the file tools/tiffmedian.c. The
manipulation leads to use after free. The attack needs to
be approached locally. The exploit has been disclosed to
the public and may be used. The patch is identified as
fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended
to apply a patch to fix this issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-8176
Upstream patches:
https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa
https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda
https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0
(From OE-Core rev: 5dbc4ccce8676b016de8c1393c2f0d0f74eb9337)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: bd620eb14660075fd0f7476bbbb65d5da6293874)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From meta-yocto rev: e916d3bad58f955b73e2c67aba975e63cd191394)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a single commit bump containing only CVE fix
$ git log --oneline d80401002011f470d9c6eb604bf734715e9b3a8c..a66bc3941ff298e474d5f02d0c3303401951141f
a66bc3941f posix: Fix double-free after allocation failure in regcomp (bug 33185)
Test results didn't change except newly added test succeeding.
(tst-regcomp-bracket-free)
Also add CVE-2025-0395 ignore which was already included in previous
hash bumps.
Also drop an unreferenced patch.
(From OE-Core rev: 3921549f6420e44a250d06cdef2c9d423fb6e39f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The vulnerable code was introduced in 3.44.0 via [1].
(See fix commit [2])
Also Debian says "not vulnerabele yet for 3.40.1 in [3]
[1] https://github.com/sqlite/sqlite/commit/e1e67abc5cf67f931aab1e471eda23d73f51d456
[2] https://sqlite.org/src/info/498e3f1cf57f164f
[3] https://security-tracker.debian.org/tracker/CVE-2025-3277
(From OE-Core rev: ebacd5cd2827c1a9a45a92353518f9d976597526)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pick patch [1] listed in [2].
Also pick another patch which is precondition to this one introducing
variable needed for the check.
[1] https://sqlite.org/src/info/12ad822d9b827777
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458
(From OE-Core rev: 4d5093e5103016c08b3a32fd83b1ec9edd87cd5a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52615]
[https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g]
Upstream patches:
[https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]
(From OE-Core rev: 7bd9fee6d654326ea921b51113de99f793e11545)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DiskPart
After compact vsdisk you have to detach it before exiting
otherwise the vdisk remains attached.
DISKPART> select vdisk file="<path_to_VHDX_file>"
DISKPART> attach vdisk readonly
DISKPART> compact vdisk
DISKPART> detach <------------ new missing command
DISKPART> exit
(From yocto-docs rev: bf855ecaf4bec4cef9bbfea2e50caa65a8339828)
Signed-off-by: Marco Cavallini <m.cavallini@koansoftware.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1cc65ddf1a074f61fe5a63d222f3079b7fcb4c1e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/sqlite/sqlite/commit/c52e9d97d485a3eb168e3f8f3674a7bc4b419703
(From OE-Core rev: b4a2f74ba0b40abcdf56c4b58cae5f7ce145d511)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
objcopy: Don't extend the output section size
Since the output section contents are copied from the input, don't
extend the output section size beyond the input section size.
Backport a patch from upstream to fix CVE-2025-7545
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]
(From OE-Core rev: 4f461ed46b7694fc4815c7f0504b9cefe5da8e19)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Pick commit referencing this CVE from 2.13 branch.
(From OE-Core rev: 9418c88c964dffc21abe6a056db72c3c81e25137)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pick relevant commit from 3.8.10 release MR [1].
[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
(From OE-Core rev: 3680d0e2021c609f624c2170b061e6696fd8254c)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pick relevant commit from 3.8.10 release MR [1].
[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
(From OE-Core rev: 33634900586ba8c502c3dd6bb4767da929dfd0d1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pick relevant commit from 3.8.10 release MR [1].
[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
(From OE-Core rev: 3600752d06c14fcfa0bc1b96222cc6a164955bb5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pick relevant commit from 3.8.10 release MR [1].
The MR contains referece to undiscoled issue, so any security relevant
patch should be picked.
Binary test file was added as separate file as binary diffs are not
supported.
[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
(From OE-Core rev: 990bd6fab5c6004b9fbcdb9c76bcb3a96ba5887a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pick relevant commit from 3.8.10 release MR [1].
The ME contains referece to undiscoled issue, so any security relevant
patch should be picked.
Binary test file was added as separate file as binary diffs are not
supported.
[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
(From OE-Core rev: 33181e3e8c7427fc823f750e936732b69e247987)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pick relevant commit from 3.8.10 release MR [1].
Binary test file was added as separate file as binary diffs are not
supported.
[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
(From OE-Core rev: fbe5f828c63071962d571a8787298aa5fd78ebe8)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE patch [1] as mentioned in [2] relies on several patches not yet
available in version 2020.81 we have in kirkstone.
The good folks from Debian did the hard work identifying them as they
have the same version in bullseye release.
The commits were picked from [3] and they have their references to
dropbear upstream commits.
[1] https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b
[2] https://security-tracker.debian.org/tracker/CVE-2025-47203
[3] https://salsa.debian.org/debian/dropbear/-/commit/7f48e75892c40cfc6336137d62581d2c4ca7d84c
(From OE-Core rev: 91eeffaf14917c7c994a8de794b915231e69c5d6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc-14
* many configure tests (which might not fail before) are failing with gcc-14:
# grep implicit build/config.log
conftest.c:47:1: error: return type defaults to 'int' [-Wimplicit-int]
conftest.c:47:1: error: return type defaults to 'int' [-Wimplicit-int]
conftest.c:47:1: error: return type defaults to 'int' [-Wimplicit-int]
conftest.c:47:1: error: return type defaults to 'int' [-Wimplicit-int]
conftest.c:47:1: error: return type defaults to 'int' [-Wimplicit-int]
conftest.c:47:1: error: return type defaults to 'int' [-Wimplicit-int]
conftest.c:50:17: error: implicit declaration of function 'exit' [-Wimplicit-function-declaration]
conftest.c:50:17: warning: incompatible implicit declaration of built-in function 'exit' [-Wbuiltin-declaration-mismatch]
conftest.c:53:9: error: implicit declaration of function 'msem_init' [-Wimplicit-function-declaration]
conftest.c:54:9: error: implicit declaration of function 'msem_lock' [-Wimplicit-function-declaration]
conftest.c:55:9: error: implicit declaration of function 'msem_unlock' [-Wimplicit-function-declaration]
conftest.c:56:9: error: implicit declaration of function 'exit' [-Wimplicit-function-declaration]
conftest.c:56:9: warning: incompatible implicit declaration of built-in function 'exit' [-Wbuiltin-declaration-mismatch]
conftest.c:50:9: error: implicit declaration of function '_spin_lock_try' [-Wimplicit-function-declaration]
conftest.c:51:9: error: implicit declaration of function '_spin_unlock' [-Wimplicit-function-declaration]
* I have noticed this on db-native build on host with gcc-14
where it caused fatal do_configure error:
http://errors.yoctoproject.org/Errors/Details/784164/
checking for mutexes... UNIX/fcntl
configure: error: Support for FCNTL mutexes was removed in BDB 4.8.
the config.log confirms it's because implicit-int:
configure:22798: checking for mutexes
configure:22925: gcc -o conftest -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/db-native/5.3.28/recipe-sysroot-native/usr/include -O2 -pipe -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/db-native/5.3.28/recipe-sysroot-native/usr/include -D_GNU_SOURCE -D_REENTRANT -L/OE/build/oe-core/tmp-glibc/work/x86_64-linux/db-native/5.3.28/recipe-sysroot-native/usr/lib -L/OE/build/oe-core/tmp-glibc/work/x86_64-linux/db-native/5.3.28/recipe-sysroot-native/lib -Wl,--enable-new-dtags -Wl,-rpath-link,/OE/build/oe-core/tmp-glibc/work/x86_64-linux/db-native/5.3.28/recipe-sysroot-native/usr/lib -Wl,-rpath-link,/OE/build/oe-core/tmp-glibc/work/x86_64-linux/db-native/5.3.28/recipe-sysroot-native/lib -Wl,-rpath,/OE/build/oe-core/tmp-glibc/work/x86_64-linux/db-native/5.3.28/recipe-sysroot-native/usr/lib -Wl,-rpath,/OE/build/oe-core/tmp-glibc/work/x86_64-linux/db-native/5.3.28/recipe-sysroot-native/lib -Wl,-O1 conftest.c -lpthread >&5
conftest.c:47:1: error: return type defaults to 'int' [-Wimplicit-int]
47 | main() {
| ^~~~
configure:22925: $? = 1
configure: program exited with status 1
* comparing target db with and without this change shows following diff
in log.do_configure:
db $ diff 5.3.28*/temp/log.do_configure
268c268
< checking for mutexes... POSIX/pthreads/library
---
> checking for mutexes... POSIX/pthreads/library/x86_64/gcc-assembly
271c271
< checking for atomic operations... no
---
> checking for atomic operations... x86/gcc-assembly
(From OE-Core rev: 4d3ce333c10fadf746b6d8b55a88777c97e11ffa)
(From OE-Core rev: 277b5ec3c0212ca8600dd89d0a33f784a060131f)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6108da955e7c553247ff5356cf1c990b3d334edf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Update to the 4.0.28 release of the 4.0 series for buildtools
(From OE-Core rev: 8e59118164d6468443db211d9ade058402f21add)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Below commits on glibc-2.35 stable branch are updated.
git log --oneline d2febe7c407665c18cfea1930c65f41899ab3aa3..80401002011f470d9c6eb604bf734715e9b3a8c2
8040100201 Fix error reporting (false negatives) in SGID tests
c6ec750be5 support: Pick group in support_capture_subprogram_self_sgid if UID == 0
c9e44b6467 support: Don't fail on fchown when spawning sgid processes
621c65ccf1 elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
c7ff2bc297 Revert "elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static"
8624f6431b elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987)
ed10034f00 elf: Test case for bug 32976 (CVE-2025-4802)
08aea7712d support: Add support_record_failure_barrier
901e24b128 support: Use const char * argument in support_capture_subprogram_self_sgid
bff3b0f16c elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
Dropped :
0025-CVE-2025-4802.patch
ed10034f00 elf: Test case for bug 32976 (CVE-2025-4802)
Test results:
Before after diff
PASS 4833 4839 +6
XPASS 6 6 0
FAIL 133 130 -3
XFAIL 16 16 0
UNSUPPORTED 200 197 -3
Following commits improved test results:
8040100201 Fix error reporting (false negatives) in SGID tests
Improved SGID test handling by unifying error reporting and using secure temporary directories.
Replaced non-standard exit codes and fixed premature exits to avoid masking failures.
These changes reduced false negatives, increasing overall test pass rates.
8624f6431b elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987)
Fixed tst-dlopen-sgid false positives by correctly handling subprocess exit status (bug 32987).
Ensured test fails on abnormal or non-zero child exits.
This commit restores reliability in SGID testing and is the first step toward centralized SGID test error handling.
UNSUPPORTED tests changes
-UNSUPPORTED: elf/tst-env-setuid
-UNSUPPORTED: elf/tst-env-setuid-tunables
-UNSUPPORTED: stdlib/tst-secure-getenv
FAILed tests changes
-FAIL: elf/tst-dlopen-sgid
-FAIL: misc/tst-error1
-FAIL: resolv/tst-resolv-aliases
PASSed tests changes
+PASS: elf/tst-env-setuid
+PASS: elf/tst-env-setuid-tunables
+PASS: stdlib/tst-secure-getenv
+PASS: elf/tst-dlopen-sgid
+PASS: misc/tst-error1
+PASS: resolv/tst-resolv-aliases
(From OE-Core rev: 2ea1d2d9bc6d173a8a586542d47a7f8a443d24c1)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pick relevant part of snapshot commit 20250329, see [1].
That has:
add a buffer-limit check in postprocess_termcap (report/testcase by
Yifan Zhang).
[1] https://invisible-island.net/ncurses/NEWS.html#index-t20250329
(From OE-Core rev: 8d09a78a79d7f4b4ae9654bdcdf5f33dab9a8b95)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous fix for CVE-2024-43398 did not include patches
to provide context for the changes it made.
This caused an exception at run-time when ruby parsed
rexml/parsers/baseparser.rb. This was first observed when using
ruby-native to build the sdformat recipe.
With these additional backports, the sdformat build proceeds
successfully. The REXML library was also tested manually on-target
with a script that used REXML::Document.new file to parse an
XML file.
(From OE-Core rev: 6bf00fde2d4043c6b558733a33041ce5694342d3)
Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e && https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1 && https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773
(From OE-Core rev: 4ff5111d2a758bacb803de981177799a8ac7fd0b)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These two CVEs were fixed via the 5.0.3 release, and the
backported patches that fixed them were subsequently left
behind (although not deleted) by dadb16481810 ("ffmpeg:
upgrade 5.0.1 -> 5.0.3")
* CVE-2022-3109: An issue was discovered in the FFmpeg
package, where vp3_decode_frame in libavcodec/vp3.c lacks
check of the return value of av_malloc() and will cause a
null pointer dereference, impacting availability.
* CVE-2022-3341: A null pointer dereference issue was
discovered in 'FFmpeg' in decode_main_header() function of
libavformat/nutdec.c file. The flaw occurs because the
function lacks check of the return value of
avformat_new_stream() and triggers the null pointer
dereference error, causing an application to crash.
`bitbake ffmpeg` reports these two as "Unpatched".
Ignore them for now, until the NVD updates the versions where
these do not affect anymore.
(From OE-Core rev: 78aef4b1002c515aa2c1a64fea5bb013c9bc86a8)
Signed-off-by: Daniel Díaz <daniel.diaz@sonos.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In GnuPG before 2.5.5, if a user chooses to import a certificate
with certain crafted subkey data that lacks a valid backsig or
that has incorrect usage flags, the user loses the ability to
verify signatures made from certain other signing keys, aka a
"verification DoS."
CVE-2025-30258-0002 is the dependent commit while rest
are CVE fixes.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-30258
Upstream patches:
https://dev.gnupg.org/rG25d748c3dfc0102f9e54afea59ff26b3969bd8c1
https://dev.gnupg.org/rG9cd371b12d80cfc5bc85cb6e5f5eebb4decbe94f
https://dev.gnupg.org/rGda0164efc7f32013bc24d97b9afa9f8d67c318bb
https://dev.gnupg.org/rG1e581619bf5315957f2be06b3b1a7f513304c126
https://dev.gnupg.org/rG4be25979a6b3e2a79d7c9667b07db8b09fb046e9
(From OE-Core rev: 467081219407cd30bcc9e575bedcb127b6bcea65)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are new CVEs reported for this recipe which are not for this
componene, but for a component with same name from apache.
sqlite> select vendor, product, id, count(*) from products where product like 'orc' group by vendor, product, id;
apache|orc|CVE-2018-8015|1
apache|orc|CVE-2025-47436|4
gstreamer|orc|CVE-2024-40897|1
(From OE-Core rev: c31dec7b32fe34fafd61dd593a2884eee13084fb)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Report corrupted group section instead of trying to recover.
CVE: CVE-2025-7546
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b]
PR 33050 [https://sourceware.org/bugzilla/show_bug.cgi?id=33050]
(From OE-Core rev: 5860b954681c37ac6685631cce439fd349093689)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
The upstream servers are having issues so switch to our own shadow copy
of the repo.
(Bitbake rev: 8e2d1f8de055549b2101614d85454fcd1d0f94b2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
The SRC_URI is changed to git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git
(From OE-Core rev: d9f424921179a52ffe053411c44f20e44e7deba1)
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are already decorators to skip on the value of MACHINE, but for
flexibility it's better to skip based on the target architecture. This
means, for example, the ISO image tests could skip if the architecture
isn't x86.
(From OE-Core rev: a8381f4b7d7c294d9ad8a9d3f0b1f7c409753716)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 0c21ff0a92906b6b4820eb8beddf8762fe70653d)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Below commit on binutils-2.38 stable branch are updated.
9bee8d65d32 x86: Check MODRM for call and jmp in binutils older than 2.45
Before After Diff
No. of expected passes 280 280 0
No. of unexpected failures 2 2 0
No. of untested testcases 1 1 0
No. of unsupported tests 7 7 0
Testing was done and there were no regressions found
(From OE-Core rev: 7ac807166dfb6723f4e0b53c21f434e21d25563e)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
License-Update: Copyright updated to 2025
0001-sudo.conf.in-fix-conflict-with-multilib.patch refreshed for 1.9.17
(From OE-Core rev: f8343726bca7f884213436cda3f51684c22ad3f1)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 4b2eccc0ee3f2906f9b04de194b9df6e24c2cdf4)
(From OE-Core rev: 9a604a05d4a8158742a2346fc7ebc3c99e58eeb7)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 468633036c4b049b137d80740c4380ae1959e645)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function
(io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing
maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding,
allowing out-of-bounds reads from heap memory, potentially causing application crashes or
arbitrary code execution.
(From OE-Core rev: 1803f965e4990be3fbdcd52544f0080e9c83800d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Pick commit referencing this CVE.
(From OE-Core rev: 49ccf7b56a0598f84dcac2532c462aa2c285f66c)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The code patched by [1] which fixes this CVE is not available in 9.55.0.
Also Debian says in [2] that even 10.0.0 is not yet affected.
[1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f14ea81e6c3d2f51593f23cdf13c4679a18f1a3f
[2] https://security-tracker.debian.org/tracker/CVE-2025-46646
(From OE-Core rev: a3e02ed74db2c234b7c3718b4d6b5332468de226)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_deliver_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_deliver_report().
(From OE-Core rev: 3a3519324ec390044ff9f97c0f32027782699124)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_status_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_status_report().
(From OE-Core rev: 02005c81a55930d9f57d44674cdc5eb6171c8c76)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol,
when an approved safe prime is used, allows remote attackers (from the client side) to
trigger unnecessarily expensive server-side DHE modular-exponentiation calculations.
The client may cause asymmetric resource consumption. The basic attack scenario is that
the client must claim that it can only communicate with DHE, and the server must be
configured to allow DHE and validate the order of the public key.
Reference:
https://github.com/openssl/openssl/pull/25088
(From OE-Core rev: 635fc639a13a6b28cac5c67cff23b7f4477bc41c)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3016-and-openssl-3017-1-jul-2025
(From OE-Core rev: 678f4f98f145c887a220b846babc9648ea6ff974)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two "new" CVEs reported for python3, their CPEs are:
* CVE-2020-1171: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
* CVE-2020-1192: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
These are for "Visual Studio Code Python extension".
Solve this by addding CVE vendor to python CVE product to avoid
confusion with Microsoft as vendor.
Examining CVE DB for historical python entries shows:
sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython'
...> or product like 'python%3' group by vendor, product;
microsoft|python|2
python|python|1054
python_software_foundation|python|2
(From OE-Core rev: 06f615e6939a22bc8f12b30d8dea582ab3ccebe6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b
(From OE-Core rev: 691b74a5d019752428adc81b114fb4458ece1ebe)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2025-5278.
The patch is adjusted to fit 9.0 version. And the test case is
also adjusted to avoid using valgrind. valgrind in kirkstone is
reporting errors for coreutils' sort utility with/without this patch.
To avoid ptest failure, we disable valgrind explicitly.
(From OE-Core rev: bb7dbb195b55d9aaa0180906843f5af2dcf7509f)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
Failing ptest with valgrind on target
This reverts commit 4e55668ef07d99d8c1141c2f4270f43f5b280159.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
