32d2b233c6
ruby: fix CVE-2025-27221
...
In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained even
after changing the host.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-27221
Upstream-patches:
https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495
https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5
(From OE-Core rev: c77ff1288719d90ef257dfe28cb33b3768fc124a)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
097732e057
glib-2.0: fix CVE-2025-4373
...
A flaw was found in GLib, which is vulnerable to an integer overflow
in the g_string_insert_unichar() function. When the position at which
to insert the character is large, the position will overflow, leading
to a buffer underwrite.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-4373
https://security-tracker.debian.org/tracker/CVE-2025-4373
Upstream-patches:
https://gitlab.gnome.org/GNOME/glib/-/commit/cc647f9e46d55509a93498af19659baf9c80f2e3
https://gitlab.gnome.org/GNOME/glib/-/commit/4d435bb4809793c445846db8fb87e3c9184c4703
(From OE-Core rev: 7a7319745637d4b681935ae71706dcc467df3040)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
ef632f4693
libsoup-2.4: Fix CVE-2025-32914
...
import patch from debian to fix
CVE-2025-32914
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf ]
Reference:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
https://security-tracker.debian.org/tracker/CVE-2025-32914
(From OE-Core rev: 8996e178264cf6bf9b69365172f43a5ee8e9f727)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
cbbea14280
libsoup-2.4: Fix CVE-2025-32912
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f
(From OE-Core rev: e66218f6cda7de046bace6880ea5052900fd6605)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
d8278fd9f9
libsoup-2.4: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
(From OE-Core rev: ff1896b14347c7b4a166716338d3822da97be2e4)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
21bb9c063b
libsoup-2.4: Fix CVE-2025-32910
...
import patch from debian to fix
CVE-2025-32910
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832 ]
Reference:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
https://security-tracker.debian.org/tracker/CVE-2025-32910
(From OE-Core rev: b65e3d3a4dc2375d9bb81c7a91c84139cc667a47)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
0f58759f1b
libsoup-2.4: Fix CVE-2025-46420
...
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e ]
(From OE-Core rev: f0d5d13b0b7b2cf3f60c85b0c135fd948c648256)
Signed-off-by: Ashish Sharma <asharma@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
23a8405509
connman :fix CVE-2025-32366
...
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen)
and memcpy(response+offset,*end,*rdlen) without a check for whether
the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be
larger than the amount of remaining packet data in the current state
of parsing. Values of stack memory locations may be sent over the
network in a response.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32366
Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4
(From OE-Core rev: 1b9156124b4a07e0e3e0ab09e87d654eae6c7b4e)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
7f043fb4bb
iputils: Security fix for CVE-2025-47268
...
CVE-2025-47268
ping in iputils through 20240905 allows a denial of service (application
error or incorrect data collection) via a crafted ICMP Echo Reply
packet, because of a signed 64-bit integer overflow in timestamp
multiplication.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47268
Patch from:
https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40
(From OE-Core rev: a463c8e3950ccf58316d48241c2cd82484f25fda)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
0fa8a4465e
openssh: Fix CVE-2025-32728
...
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367 ]
(From OE-Core rev: 68413e1413eb87254d68f30920574b0e2c766782)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
ab9a994a8c
build-appliance-image: Update to kirkstone head revision
...
(From OE-Core rev: e8be08a624b2d024715a5c8b0c37f2345a02336b)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 09:02:55 -07:00
5dad8173d4
poky.conf: bump version for 4.0.27
...
(From meta-yocto rev: ff73566d1786b524ec8c809bf641b0b74d85b512)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:59:59 -07:00
d6a242831e
perl: enable _GNU_SOURCE define via d_gnulibc
...
This is needed to properly support memmem() and friends under musl
as musl guards the declarations with _GNU_SOURCE define, and if the
declarations are not present, gcc will issue warnings and generate
assembly that assumes the functions return int (instead of e.g.
void*), with catastrophic consequences at runtime.
(From OE-Core rev: 79dc3f42958bfefe03a8240e2a57501c38d2bd3c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de >
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 6422e62fbc5c65a2165a72c97c880cfa9a80e957)
Signed-off-by: Peter Hurley <peter@meraki.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
06b97d608e
module.bbclass: add KBUILD_EXTRA_SYMBOLS to install
...
Symbols are used during install as well, adding KBUILD_EXTRA_SYMBOLS enables
successful installation.
| DEBUG: Executing shell function do_install
| NOTE: make -j 22 KERNEL_SRC=xxx/kernel-source -C xxx/drivers
KDIR=xxx/kernel-source DEPMOD=echo
MODLIB=xxx/image/lib/modules/6.6.75-yocto-standard-00189-g530c419bc9db
INSTALL_FW_PATH=xxx/image/lib/firmware CC=aarch64-poky-linux-gcc
-fuse-ld=bfd -fcanon-prefix-map LD=aarch64-poky-linux-ld.bfd
OBJCOPY=aarch64-poky-linux-objcopy STRIP=aarch64-poky-linux-strip
O=xxx/kernel-build-artifacts modules_install
| make: Entering directory 'xxx/drivers'
| make -C xxx/kernel-source M=xxx/drivers modules
| make[1]: Entering directory 'xxx/kernel-source'
| make[2]: Entering directory 'xxx/kernel-build-artifacts'
| MODPOST xxx/drivers/Module.symvers
| ERROR: modpost: "xxx" [xxx/xxx.ko] undefined!
(From OE-Core rev: 1403ffa42014ad5c88c28da6c360ea5fd1857147)
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com >
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 0ef80eeda967a9e04ff91c3583aabbc35c9868e8)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
ae5264cac3
glibc: stable 2.35 branch updates
...
d2febe7c40 math: Improve layout of exp/exp10 data
20b5d5ce26 AArch64: Use prefer_sve_ifuncs for SVE memset
9569a67a58 AArch64: Add SVE memset
59f67e1b82 math: Improve layout of expf data
904c58e47b AArch64: Remove zva_128 from memset
8042d17638 AArch64: Optimize memset
be451d6053 AArch64: Improve generic strlen
8b3d09dc0d assert: Add test for CVE-2025-0395
29d9b1e59e assert: Reformat Makefile.
Testresults:
Before update |After update |Difference
PASS: 4832 |PASS:4833 |PASS: +1
FAIL: 132 |FAIL:132 |FAIL: 0
XPASS: 6 |XPASS:6 |XPASS: 0
XFAIL: 16 |XFAIL:16 |XFAIL: 0
UNSUPPORTED: 200|UNSUPPORTED:200 |UNSUPPORTED: 0
(From OE-Core rev: 70e9ae425e34221af6a7bdda6b83f2f8e7848278)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
01292aba34
scripts/install-buildtools: Update to 4.0.26
...
Update to the 4.0.26 release of the 4.0 series for buildtools
(From OE-Core rev: 04ff268291598c1e0588cff43df694a714e48746)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
45c3cde26b
libsoup: Fix CVE-2025-32914
...
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf ]
(From OE-Core rev: ce7cda16d823012f71d91c820083b0da93762d9d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
3f1cc96cb9
libsoup: Fix CVE-2025-32912
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f
(From OE-Core rev: 7c709d985c4e732f6fedd56748b3de3e52869282)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
d8c4c5ea04
libsoup: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
(From OE-Core rev: e79585ab2a492a5023bce637cbe519fcd1370e04)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
fe91f67d38
libsoup: Fix CVE-2025-32910
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832
(From OE-Core rev: aeaa106595f173f5646a17adb413a85e0d01887e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
cc7f7f1c29
libsoup: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 491373828c1c66030fb41687f9a42b9e4deb010b)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
dc621121b1
libsoup: Fix CVE-2025-32906
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f
(From OE-Core rev: 17fbb56b3cbea445767cba988f3db5b32fb00b71)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
14f293eecf
libsoup: update fix CVE-2024-52532
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff
(From OE-Core rev: caf0ac894d029aaac7d746fe87db1aa0e8c3c93f)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
e07ed2059c
libsoup-2.4: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: ad1244ee75b4169eab21c2c8744b86342b32dd07)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
6b27d84c2c
libsoup-2.4: Fix CVE-2025-32906
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f
(From OE-Core rev: 2b938dd6beb1badca59804ffbe395deb679bc1b1)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
02c2876c5e
libsoup-2.4: Update fix CVE-2024-52532
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff
(From OE-Core rev: 144d067ed5b98b8ca477a6a0e8c958c0b15e9643)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
b497f2caf7
perl: patch CVE-2024-56406
...
Pick patch mentioned in NVD links for this CVE.
Tested by runniing ptest and CVE reproducer (before&after).
Ptest fails on test dist/threads/t/join, however the same test also
fails without this patch.
(From OE-Core rev: 8e3c821e9ce8f3a9667847a284bc5a6f4973ea13)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
8c0982c306
glibc: Add single-threaded fast path to rand()
...
Backport a patch [1] to improve performance of rand() and __random()[2]
by adding a single-threaded fast path.
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=be0cfd848d9ad7378800d6302bc11467cf2b514f
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=32777
(From OE-Core rev: 00f7a2f60dd6de95a1a47fa642978613ce76dc56)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 06:38:22 -07:00
cdca0c82f7
qemu: ignore CVE-2023-1386
...
Upstream Repository: https://gitlab.com/qemu-project/qemu.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1386
Type: Security Advisory
CVE: CVE-2023-1386
Score: 3.3
Analysis:
- According to redhat[1] this CVE has closed as not a bug.
Reference:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2223985
(From OE-Core rev: 6a5d9e3821246c39ec57fa483802e1bb74fca724)
(From OE-Core rev: f7c8877395d4ec0a91cd5cf54e6c2858495746fb)
Signed-off-by: Madhu Marri <madmarri@cisco.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
(Converted to old CVE_CHECK_IGNORE syntax)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 06:38:22 -07:00
03a2733983
busybox: fix CVE-2023-39810
...
Upstream-Status: Backport from https://git.busybox.net/busybox/commit/?id=9a8796436b9b0641e13480811902ea2ac57881d3
(From OE-Core rev: c0b71ec35716a512915b00808a26f77481db0e0a)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 06:38:22 -07:00
9b99800fe7
connman :fix CVE-2025-32743
...
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
can be NULL or an empty string when the TC (Truncated) bit is set in
a DNS response. This allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code, because those
lookup values lead to incorrect length calculations and incorrect
memcpy operations.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32743
Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f
(From OE-Core rev: ece0fb01bf28fa114f0a6e479491b4b6f565c80c)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 06:38:21 -07:00
73c2187fbc
ghostscript: ignore CVE-2024-29507
...
Fix for this CVE is [3] (per [1] and [2]).
It fixes cidfsubstfont handling which is not present in 9.55.0 yet.
It was introduced (as cidsubstpath) in 9.56.0 via [4] and later modified
to cidfsubstfont in [5].
Since this recipe has version 9.55.0, mark it as not affected yet.
[1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-29507
[3] https://security-tracker.debian.org/tracker/CVE-2024-29507
[4] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=82efed6cae8b0f2a3d10593b21083be1e7b1ab23
[5] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4422012f6b40f0627d3527dba92f3a1ba30017d3
(From OE-Core rev: 5c9f3c244971aadee65a98d83668e3d5d63825a0)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 06:38:21 -07:00
235e74ba09
ghostscript: ignore CVE-2025-27837
...
This CVE only impacts codepaths relevant for Windows builds.
Se [1] from Debian which marks it as not applicable.
[1] https://security-tracker.debian.org/tracker/CVE-2025-27837
(From OE-Core rev: fb5dc4a476bc4054493d6a7eb64a423e3665afb9)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 06:38:21 -07:00
e9e862752d
Fix dead links that use the DISTRO macro
...
After introducing the DISTRO_LATEST_TAG and DISTRO_REL_LATEST_TAG
macros, use them in links that currently use DISTRO/DISTRO_REL_TAG. When
building for the tip of a branch, this will replace the current A.B.999
in links to the latest existing tag.
The links were found across the documentation by running 'grep -r
"http.*5\.2\.999"' inside the _build/html output after building the
docs.
[YOCTO #14802 ]
(From yocto-docs rev: 0d51e553d5f83eea6634e03ddc9c7740bf72fcea)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit 29be069ebbf2c55d72fc51d99ed5a558af37c05e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
dc41858fe3
poky.yaml: introduce DISTRO_LATEST_TAG
...
Introduce the DISTRO_LATEST_TAG macro, which should always point to the
latest existing tag in the documentation, unlike DISTRO which may point
to A.B.999 to represent the tip of a branch.
This variable is needed to fix dead links in the documentation that
currently use the DISTRO macro.
Also, make DISTRO_REL_TAG use the DISTRO macro directly, to avoid
repetition, and add a DISTRO_REL_LATEST_TAG macro that has the same role
as DISTRO_LATEST_TAG but with "yocto-" prepended to it.
In set_versions.py, run the "git describe --abbrev=0 --tags
--match='yocto-*'" command to get the latest existing tag on the
currently checked out commit. Fallback to ourversion in case we didn't
find any.
(From yocto-docs rev: 9fabb08405601646fd9b00326442e03d43f68804)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit a85b0e500c94921f77fa7b7dbb877e4945f96d1e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
8c784f9287
manuals: remove repeated word
...
The word "modern" appears twice, remove the extra one.
(From yocto-docs rev: db02bc7eb59feaece5d2a07b3586fd41c7a73a1e)
Signed-off-by: Andrew Kreimer <algonell@gmail.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
c6b1489d98
ref-manual/variables.rst: document autotools class related variables
...
Document the AUTOTOOLS_SCRIPT_PATH and the CONFIGURE_SCRIPT variables.
(From yocto-docs rev: f7721ff5312b1ebf87dd374db22b254913879ff0)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
0807a80810
Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR"
...
This reverts commit 7adaec468drichard.purdie@linuxfoundation.org >
(cherry picked from commit ebc65fdddd7ce51f0f1008baa30d0ae7918ae0bb)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
7cb984d5ed
systemd: systemd-journald fails to setup LogNamespace
...
A LogNamespace error for systemd v250:
"""
Apr 28 17:44:00 a-rinline2b systemd[467]:
systemd-journald@tester.service: Failed to set up special execution
directory in /var/log: Not a directory
Apr 28 17:44:00 a-rinline2b systemd[467]:
systemd-journald@tester.service: Failed at step LOGS_DIRECTORY spawning
/lib/systemd/systemd-journald: Not a directory
"""
That's because that "/var/log/journal" couldn't be created during
program runtime.
(From OE-Core rev: 8eb185024f9a9e57a9b710c70f09552729558892)
Signed-off-by: Haitao Liu <haitao.liu@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-02 08:12:41 -07:00
9ace4f7ae5
systemd: backport patch to fix journal issue
...
Backport a patch to fix systemd journal issue about
sd_journal_next not behaving correctly after sd_journal_seek_tail.
(From OE-Core rev: ea59aed1ff7dbfb28d1e2cd55adca80dad2502e2)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com >
Signed-off-by: Kai Kang <kai.kang@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
a4ed07274e
tzdata/tzcode-native: upgrade 2025a -> 2025b
...
(From OE-Core rev: 2568f7ce707d63df1f98b3eeec6639d7a5a2d642)
Signed-off-by: Priyal Doshi <pdoshi@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
8208d973b9
python3-setuptools: Fix CVE-2024-6345
...
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1
allows for remote code execution via its download functions. These functions, which
are used to download packages from URLs provided by users or retrieved from package
index servers, are susceptible to code injection. If these functions are exposed to
user-controlled inputs, such as package URLs, they can execute arbitrary commands on
the system. The issue is fixed in version 70.0.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6345
https://ubuntu.com/security/CVE-2024-6345
Upstream patch:
https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
(From OE-Core rev: 238c305ba2c513a070818de4b6ad4316b54050a7)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
520ba611e6
binutils: Fix CVE-2025-1178
...
Prevent an abort in the bfd linker when attempting to
generate dynamic relocs for a corrupt input file.
PR 32638
Backport a patch from upstream to fix CVE-2025-1178
Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0 ]
(From OE-Core rev: e820e5364c4b3ec52796a77842b480fea8bc7967)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
04861f8c29
glib-2.0: patch CVE-2025-3360
...
Backport commits from [1] fixing [2] for 2.82.x.
[1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4499
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/3647x
(From OE-Core rev: 606cc539ab19ae2bceb366eda7d4872c3763400f)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
4c33a6acfb
libxml2: patch CVE-2025-32415
...
Pick commit from 2.13 branch as 2.9 branch is unmaintained now.
(From OE-Core rev: 7777cd6b28988a0981b990d9da9d448dcdfe7b8b)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
2d34048266
libxml2: patch CVE-2025-32414
...
Pick commit from 2.12 branch as 2.9 branch is unmaintained now.
(From OE-Core rev: fbd708438aba0381a6c4f3d6cfbbd743f89a4f97)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
68f82bca13
libarchive: ignore CVE-2024-48615
...
Fix for this CVE [1] is patchong code introduced by [2] in v3.7.5.
So v3.6.2 is not affected yet and the CVE can be safely ignored.
Also Debian tracker [3] contains this statement.
[1] https://github.com/libarchive/libarchive/commit/565b5aea491671ae33df1ca63697c10d54c00165
[2] https://github.com/libarchive/libarchive/commit/2d8a5760c5ec553283a95a1aaca746f6eb472d0f
[3] https://security-tracker.debian.org/tracker/CVE-2024-48615
(From OE-Core rev: 60390a3a28242efba32360426b0a3be6af5fb54b)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
f6bbf5dc3a
ghostscript: ignore CVE-2025-27833
...
Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet
Commit introducing vulnerable feature:
* https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/pdf/pdf_fmap.c?id=0a1d08d91a95746f41e8c1d578a4e4af81ee5949
Commit fixing the vulnerability:
* https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=477e36cfa1faa0037069a22eeeb4fc750733f120
(From OE-Core rev: e1f3d02e80f6bdd942321d9f6718dcc36afe9df8)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
fd6b4fb511
ppp: patch CVE-2024-58250
...
Backport patch to remove vulnerable component.
This is a breaking change, but there will be no other fix for this CVE
as upstream did the deletion without providing a fix first.
If someone really needs this feature, which the commit message describes
as deprecated, bbappend with patch removal is possible.
License-Update: passprompt plugin removed
(From OE-Core rev: d04a2b5f4899845429e1c5893535f5df1221fcbf)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
6cc316c44d
libpam: Update fix for CVE-2024-10041
...
Initially, PAM community fixed CVE-2024-10041 in the version v1.6.0 via commit b3020da.
But not all cases were covered with this fix and issues were reported after the release.
In the v1.6.1 release, PAM community fixed these issues via commit b7b9636.
Backport this commit b7b9636, which
Fixes: b3020da ("pam_unix/passverify: always run the helper to obtain shadow password file entries")
Backport from https://github.com/linux-pam/linux-pam/commit/b7b96362087414e52524d3d9d9b3faa21e1db620
(From OE-Core rev: 71035c8c5907f7103ce40b92490a10bd3dde7226)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
Divya Chellam
Praveen Kumar
Vijay Anusuri
Ashish Sharma
Yi Zhao
Steve Sakoman
Alexander Kanavin
Alon Bar-Lev
Deepesh Varatharajan
Aleksandar Nikolic
Peter Marko
Haixiao Yan
Hitendra Prajapati
Antonin Godard
Andrew Kreimer
Haitao Liu
Chen Qi
Priyal Doshi
Soumya Sambu
Shubham Kulkarni