| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The JSON report generated by the cve-check class is basically a huge
list of packages. This list of packages is, however, unsorted.
To make things easier for people comparing the JSON, or more
specifically for git when archiving the JSON over time in a git
repository, we can sort the list by package name.
(From OE-Core rev: 1245649fd2725915154648a98584c908da07af18)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9861be0e5020830c2ecc24fd091f4f5b05da036)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7]
(From OE-Core rev: afc30fc07d806c3f0d2192454344995f19e68575)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.
Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.
CVE: CVE-2023-4863
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://security-tracker.debian.org/tracker/CVE-2023-4863
https://bugzilla.redhat.com/show_bug.cgi?id=2238431#c12
(From OE-Core rev: dbef9bf56fec551b6d1428fcefdadb500172940a)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 3fd5701a861aa263ad1d912bfd44d4d5826d11a1)
Signed-off-by: Sanjana <Sanjana.Venkatesh@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Error occured while running bitbake on cephfs:
WARNING: The free inode of path is running low (-0.001K left)
ERROR: Immediately halt since the disk space monitor action is "HALT"!
(Bitbake rev: a7f6c3e67bd9170e93b2b94676e84018faf0df91)
Signed-off-by: Samantha Jalabert <samantha.jalabert@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using multiconfig to target baremetal pieces of the system and building
corresponding toolchains for them results in hundreds and hundreds of
"Deferring %s after %s" and "Deferred task %s now buildable".
To clean up the output and to reduce risk of missing important warnings,
convert these notice messages to debug messages.
(Bitbake rev: 3505d8d8c02b041946670ab6bc5751e54fe292ff)
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64bc00a46d1aacc23fe7e8d9a46a126f3a4bc318)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If Tinfoil is initialized with setup_logging = False and
Tinfoil.prepare() is called with config_only = False, then it fails
because self.localhandlers is only initialized when
setup_logging = True.
This is seen with, e.g., `bitbake-getvar -q -r busybox MACHINE`:
Traceback (most recent call last):
File ".../bitbake/bin/bitbake-getvar", line 41, in <module>
tinfoil.prepare(quiet=2)
File ".../bitbake/lib/bb/tinfoil.py", line 390, in prepare
for handler in self.localhandlers:
AttributeError: 'Tinfoil' object has no attribute 'localhandlers'.
Did you mean: 'oldhandlers'?
(Bitbake rev: e452c6d7ba5bb4f78a1d2bfb742794efdf171dbc)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 616101ddb630e2c9975022068b52a87c4cf647f6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Initializing Tinfoil with setup_logging = False only has an effect when
recipe parsing is not needed. To make it work regardless of if --recipe
is used, manipulate the quiet parameter to Tinfoil.prepare() instead.
(Bitbake rev: 161ab0d5bab74732e12d490cee50e14295be0a9f)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 71ee69a20f21f3d37f4f060a7d8e87d9f1dc6aa1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: 0eb8e67aa6833df0cde29833568a70e65c21d7e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From meta-yocto rev: 10e9c5a4c80fe4ee717b9ff63a08c58a9ac094e2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Now that https://bugzilla.yoctoproject.org/show_bug.cgi?id=14481
is closed.
(From yocto-docs rev: 260b446a1a75d99399a3421cd8d6ba276f508f37)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add the initial version of the section on vulnerability reports,
operations of the Security Team with a
transcription of https://wiki.yoctoproject.org/wiki/Security_private_reporting
(From yocto-docs rev: 13927bd3e2f89f301331583b2c5752b963822976)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: 689f682c175e19664c090852d5c649280ce23fa0)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
This vulnerability was introduced in 2.36, so 2.35 is not vulnerable.
(From OE-Core rev: bf60773c882483f4bfe49e89be8e2f85f78b212b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- The commit [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
fixes CVE-2023-3576
- Hence, renamed the CVE-2023-3618-1.patch to CVE-2023-3576.patch
- Reference: https://security-tracker.debian.org/tracker/CVE-2023-3576
https://security-tracker.debian.org/tracker/CVE-2023-3618
(From OE-Core rev: 63daa00279c0c3a8650d6e08a68cc32a2b98d843)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch for gitlab issue mentioned in NVD CVE report.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
Backport also one of 14 patches for older issue with similar errors
to have clean cherry-pick without patch fuzz.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
The CVE is disputed because the maintainer does not think that
errors after memory allocation failures are not critical enough
to warrant a CVE ID.
This patch will formally fix reported error case, trying to backport
another 13 patches and resolve conflicts would be probably overkill
due to disputed state.
This CVE was ignored on master branch (as diputed).
(From OE-Core rev: d29a89412b37995857269d617e16ada116f14270)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is backport of commit dfb7d2c426b46502784bc9e199a468e6c1 from poky master.
This is in continuation of earlier commit:
3ddddfc14f805fe7572bba129605869fb848fed4
linux-firmware: create separate package for cirrus and cnm firmwares
And creates separate sub packages for firmwares corresponding to following list of
licenses:
LICENSE.amphion_vpu
LICENCE.cw1200
LICENSE.ice_enhanced
LICENCE.mediatek
LICENCE.microchip
LICENCE.moxa
LICENSE.nxp_mc_firmware
LICENCE.OLPC
LICENCE.phanfw
LICENCE.qla2xxx
LICENCE.ti-keystone
LICENCE.wl1251
LICENCE.xc4000
LICENCE.xc5000
LICENCE.xc5000c
(From OE-Core rev: c110e5708465a6becc611acf97f166302a17ebdf)
(From OE-Core rev: 56503e3e80603de3b69acef2f6d32836bc9e5e5d)
Signed-off-by: Fahad Arslan <fahad.arslan@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is cherry-pick of commit 3ddddfc14f805fe7572bba129605869fb848fed4 from
poky master.
Some licenses only allow usage of corresponding firmwares when a specific
hardware is present. This requires split of such firmwares from linux-firmware
package to firmware specific sub package. As this split is based off of
licensing, it makes sense to group firmware blobs having the same license in the
same package. This commit is a first step in this direction, and creates
separate packages for cirrus and cnm firmware.
(From OE-Core rev: 53d9d8789efc701609a5a1e985287344c2209d62)
(From OE-Core rev: 9b556e63ba3e89e83ba6e2647656a1fa6def87a4)
Signed-off-by: Fahad Arslan <fahad.arslan@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd
instead of xz") changed the rpm package compressor from 'xz' to 'zstd'
which results in decompression failure with BusyBox-provided 'rpm2cpio'
applet and 'rpm' applet when given the '-i' (Install package) option:
rpm2cpio: no gzip/bzip2/xz magic
Introduce a variable which makes it possible to use a different
compression mode, making it possible to override the default value for
example like
RPMBUILD_COMPMODE = "${@'w6T%d.xzdio' % int(d.getVar('XZ_THREADS'))}"
to enable rpm decompression without including the full rpm package in
the resulting root filesystem.
(From OE-Core rev: a40d9258148e28cbee2168c93179cd4c1232fb62)
(From OE-Core rev: ad4ea9f225b0dd6396088cc70b34f886c5fa62b4)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-2023
Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
(From OE-Core rev: 5cf9f9426de71a35b06c7b4b9b092f22243676fb)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
A flaw was found in the Curl package. This flaw allows an attacker to insert
cookies into a running program using libcurl if the specific series of conditions are met.
(From OE-Core rev: 9c0c09b81594979aafd74511366316419d23046e)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.
(From OE-Core rev: 44971c945a615d07c91100f514377f7247796334)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: effa2f7a7424e0f25eaf3680326164e859378332)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 63fcc08bbb053262c3292c884ac91f389f1d9d97)
Signed-off-by: Talel BELHAJSALEM <bhstalel@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: d7397a985fa085b4ca97aaebedfec5fcaf4e82de)
Signed-off-by: Talel BELHAJSALEM <bhstalel@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: e4c3fd543cb1b98255dcd3b40819ebcc7ef3a52a)
Signed-off-by: Talel BELHAJSALEM <bhstalel@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove a reference to a web resource which is clearly marked as obsolete.
Replace the unnecessarily verbose note by just links to the mentioned tools.
[YOCTO #15233]
(From yocto-docs rev: b2db385b859faa775f7c92072ba9bbeebb90e713)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Recommended instead of the Yocto Project mirror, because expected
to be faster. Make sure you only set one such mirror.
(From yocto-docs rev: 2c2dae48619f3e2a600fcdba7cd0dcb0bd313b75)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
CC: richard.purdie@linuxfoundation.org
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As discussed before with Richard Purdie, the code supports this but the documentation does not.
Developers in general will not notice this or focus on it because they do not mess with the
layer.conf template file, but in my opinion I think more details can help.
(From yocto-docs rev: c4b94c24ff7e1b1609f9c7f0aebd24fd04d00ae9)
Signed-off-by: Talel BELHAJSALEM <bhstalel@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
COMPATIBLE_MACHINE is used to forbid the use of a recipe or its packages
for a specific set of machines.
In some cases, it may make more sense to have the logic inverted and
have the recipe always forbidden except for hand-picked machines. Such
could be the case for pieces of software that only support some
architectures. In that scenario, it is sometimes a bit easier on the eye
and for maintenance to use the OVERRIDES mechanism but for that, a
default should be set.
COMPATIBLE_MACHINE:aarch64 = "^(aarch64)$"
COMPATIBLE_MACHINE:mips64 = "^(mips64)$"
wouldn't do much because if COMPATIBLE_MACHINE isn't set, the recipe is
assumed compatible and therefore, if no default is provided we enter
that case.
Hence, we need to add
COMPATIBLE_MACHINE = "^$"
as default so that it only matches the empty string, which isn't
possible for MACHINEOVERRIDES.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: d66b53eebe5b2320ce12926b309e48c9e32523f3)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various aesthetic cleanups of section 1 of that manual, including:
* replace 'HOWTO' with manual
* add more examples of sdk-related images
* font fixes
(From yocto-docs rev: 3f271b53f2103c3a7eb76ab17f0c945512493471)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
PACKAGECONFIG's first and second flag value will be added to PACKAGECONFIG_CONFARGS
and then it will be added to the appropriate variable (EXTRA_OECMAKE, or ...)
So we need to only mention PACKAGECONFIG_CONFARGS and it will lead to other variables.
I added a custom example that can help understanding very well PACKAGECONFIG.
(From yocto-docs rev: 94eb37ef56cbb19b5b6e28bef522a7288a1a61f9)
Signed-off-by: Talel BELHAJSALEM <bhstalel@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The INIT_MANAGER variable was added in 3.0 but it seems we didn't get
around to documenting it yet. I have added a variable glossary entry and
made the basic adjustment of the "Using systemd Exclusively" section in
the dev manual, however I think the latter section still needs work.
(From yocto-docs rev: a84adfaeda5a790275d020fc77d721e8560a5728)
Signed-off-by: Paul Eggleton <bluelightning@bluelightning.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add missing parenthesis, and another example of a compressed patch filename.
(From yocto-docs rev: febc0c6b7b5843c70ed01f9b2bda71c02091eae6)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: ab6a260de80e8a73079e1ac5430a3688be025d5d)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Improve text formatting
- Stop mentioning all possible values
- Update examples
- Correct descriptions
(From yocto-docs rev: d44cd995e4abc1bed57a7edbe27fdfd642768d4f)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: 46fdf58f4a26de2989261eb451380905ae0f1a41)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: b5d385f20d22566e12a7938a9894b86429f1dcfb)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 48e5fb383570dc6a067b14cc621e4cb347db900c)
Signed-off-by: Arne Schwerdt <arne.schwerdt@elbbits.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
This includes CVE fix for CVE-2023-5535.
(From OE-Core rev: 7681436190354b5c5b6c3a82b3094badd81113de)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE's Fixed:
CVE-2023-43785: libX11: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786: libX11: stack exhaustion from infinite recursion in PutSubImage()
CVE-2023-43787: libX11: integer overflow in XCreateImage() leading to a heap overflow
(From OE-Core rev: 8175d023c203d524d011d8947f90fbd02786c6db)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: additional firmwares
upgrade include fix for CVE-2023-20569 CVE-2022-40982 CVE-2023-20593
Changelog:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-20569
https://nvd.nist.gov/vuln/detail/CVE-2022-40982
https://nvd.nist.gov/vuln/detail/CVE-2023-20593
(From OE-Core rev: d3f1448246c9711f4f23f2e12c664e0ba3ae3f02)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport commit merged to develop branch from PR linked in NVD report:
* https://nvd.nist.gov/vuln/detail/CVE-2023-45853
* https://github.com/madler/zlib/pull/843
(From OE-Core rev: 6e265e44febbb6fdf85c7926b9a64b731c98d814)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport
[https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches?h=ubuntu/jammy-security
&
https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212]
(From OE-Core rev: 0547b60d3485c2e3853e5a9e0a3e051882b283f3)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: a1256b8fa415002eee78427cc292b866570ee267)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add a SECURITY.md file with hints for security researchers and other
parties who might report potential security vulnerabilities.
(From meta-yocto rev: e3c11a51dc814fdd400998f50b17e572d453e1d2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a SECURITY.md file with hints for security researchers and other
parties who might report potential security vulnerabilities.
(Bitbake rev: 6c1ffa9091d0c53a100e8c8c15122d28642034bd)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
uboot-extlinux-config allows to specify multiple "labels" (entries in a
menu, à-la grub) and each of them have their own values for some fields.
Each "base" variable, e.g. UBOOT_EXTLINUX_FDT can be overridden for each
label. This is done via the OVERRIDES mechanism based on the label name,
e.g. UBOOT_EXTLINUX_FDT:linux if linux is a label.
However, OVERRIDES doesn't contain the label globally because it's only
necessary in one task. Therefore, the OVERRIDES itself is modified
within the task. This means that the sigdata will not be told the
dependency on UBOOT_EXTLINUX_FDT:linux, because it cannot know about it.
For this reason, we need to explicitly specify which variables this task
depends on via vardeps varflag for the task.
This was done in the past, but we missed updating it during the override
syntax migration so the cache wouldn't get invalidated if someone
modifies UBOOT_EXTLINUX_FDT:linux from a configuration file or a
bbappend for example.
Let's fix this by migrating it to the new syntax.
(From OE-Core rev: 5570e49791b770271f176a4deeb5f6f1a028cb4a)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b4dd9d873508128adbbf5ff6cf0a3df3d2ffbcf6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This release fixes the following CVEs:
- CVE-2023-43788
- CVE-2023-43789
(From OE-Core rev: 1475a47239d77a368bcec69f12e5a63f8bebe14f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5]
CVE: CVE-2023-40745
(From OE-Core rev: f1aa2dd493c01e18ee0f534ff00523a1274f9066)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
