* [OE-core][kirkstone 00/16] Patch review
@ 2022-09-13 14:17 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2022-09-13 14:17 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4220
The following changes since commit bfce90b1260d07f01a8dc2998c9e63ca36d4ebbe:
npm: use npm_registry to cache package (2022-09-06 07:10:59 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alejandro Hernandez Samaniego (1):
rootfs.py: dont try to list installed packages for baremetal images
Alexandre Belloni (2):
ruby: drop capstone support
runqemu: display host uptime when starting
Joshua Watt (1):
oeqa: qemurunner: Report UNIX Epoch timestamp on login
Khem Raj (2):
autoconf: Fix strict prototype errors in generated tests
autoconf: Update K & R stype functions
Kristian Amlie (1):
externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used.
Martin Jansa (1):
libxml2: Port gentest.py to Python-3
Pavel Zhukov (1):
core-image.bbclass: Exclude openssh complementary packages
Peter Bergin (1):
rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is
writable
Peter Kjellerstedt (1):
cairo: Adapt the license information based on what is being built
Richard Purdie (3):
gcc-multilib-config: Fix i686 toolchain relocation issues
kernel: Always set CC and LD for the kernel build
kernel: Use consistent make flags for menuconfig
wangmy (2):
cracklib: upgrade 2.9.7 -> 2.9.8
vala: upgrade 0.56.2 -> 0.56.3
meta/classes/core-image.bbclass | 4 +
meta/classes/externalsrc.bbclass | 8 +-
meta/classes/kernel.bbclass | 16 +-
meta/classes/rootfs-postcommands.bbclass | 30 +-
meta/lib/oe/rootfs.py | 4 +
meta/lib/oeqa/utils/qemurunner.py | 4 +-
.../0001-Port-gentest.py-to-Python-3.patch | 814 ++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 11 +
...ilers-that-moan-about-K-R-func-decls.patch | 138 +++
.../autoconf/autoconf_2.71.bb | 1 +
.../gcc/gcc-multilib-config.inc | 2 +-
...001-Remove-dependency-on-libcapstone.patch | 36 +
meta/recipes-devtools/ruby/ruby_3.1.2.bb | 2 +-
meta/recipes-devtools/vala/vala_0.56.2.bb | 3 -
meta/recipes-devtools/vala/vala_0.56.3.bb | 3 +
...01-rules-Drop-using-register-keyword.patch | 278 ------
...rrect-parameter-types-to-Debug-calls.patch | 40 -
.../{cracklib_2.9.7.bb => cracklib_2.9.8.bb} | 4 +-
meta/recipes-graphics/cairo/cairo_1.16.0.bb | 6 +-
scripts/runqemu | 6 +
20 files changed, 1058 insertions(+), 352 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch
create mode 100644 meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch
delete mode 100644 meta/recipes-devtools/vala/vala_0.56.2.bb
create mode 100644 meta/recipes-devtools/vala/vala_0.56.3.bb
delete mode 100644 meta/recipes-extended/cracklib/cracklib/0001-rules-Drop-using-register-keyword.patch
delete mode 100644 meta/recipes-extended/cracklib/cracklib/0002-rules-Correct-parameter-types-to-Debug-calls.patch
rename meta/recipes-extended/cracklib/{cracklib_2.9.7.bb => cracklib_2.9.8.bb} (83%)
--
2.25.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2023-08-17 2:49 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-08-17 2:49 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, August 18.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5748
The following changes since commit e1a604db8d2cf8782038b4016cc2e2052467333b:
build-appliance-image: Update to kirkstone head revision (2023-08-07 04:41:22 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Adrian Freihofer (1):
dmidecode: fixup for CVE-2023-30630
Alberto Planas (1):
rpm2cpio.sh: update to the last 4.x version
Alexander Kanavin (1):
libxcrypt: update PV to match SRCREV
Archana Polampalli (2):
ghostscript: fix CVE-2023-38559
qemu: fix CVE-2023-3180
Ashish Sharma (1):
curl: Backport fix CVE-2023-32001
Bruce Ashfield (3):
linux-yocto/5.10: update to v5.10.186
linux-yocto/5.10: update to v5.10.187
linux-yocto/5.10: update to v5.10.188
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Martin Jansa (1):
npm.bbclass: avoid DeprecationWarning with new python
Narpat Mali (1):
python3-certifi: fix CVE-2023-37920
Pavel Zhukov (1):
scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2
Peter Marko (1):
procps: patch CVE-2023-4016
Vivek Kumbhar (1):
qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS
handshake can lead to remote unauthenticated denial of service
Yogita Urade (1):
qemu: fix CVE-2020-14394
meta/classes/npm.bbclass | 2 +-
...ibxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} | 0
.../dmidecode/CVE-2023-30630_1a.patch | 236 ++++++++++++++
...-30630_1.patch => CVE-2023-30630_1b.patch} | 126 +++-----
.../dmidecode/CVE-2023-30630_2.patch | 11 +-
.../dmidecode/CVE-2023-30630_3.patch | 60 ++--
.../dmidecode/CVE-2023-30630_4.patch | 149 ++++-----
.../dmidecode/dmidecode_3.3.bb | 3 +-
.../python3-certifi/CVE-2023-37920.patch | 301 ++++++++++++++++++
.../python/python3-certifi_2021.10.8.bb | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 3 +
.../qemu/qemu/CVE-2020-14394.patch | 79 +++++
.../qemu/qemu/CVE-2023-3180.patch | 50 +++
.../qemu/qemu/CVE-2023-3354.patch | 87 +++++
.../ghostscript/CVE-2023-38559.patch | 32 ++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../procps/procps/CVE-2023-4016.patch | 85 +++++
meta/recipes-extended/procps/procps_3.3.17.bb | 1 +
.../linux-firmware/linux-firmware_20230515.bb | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-
.../curl/curl/CVE-2023-32001.patch | 39 +++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
scripts/rpm2cpio.sh | 30 +-
25 files changed, 1117 insertions(+), 223 deletions(-)
rename meta/recipes-core/libxcrypt/{libxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} (100%)
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
rename meta/recipes-devtools/dmidecode/dmidecode/{CVE-2023-30630_1.patch => CVE-2023-30630_1b.patch} (63%)
create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2023-11-22 2:30 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-11-22 2:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 23
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6227
The following changes since commit 4bb6373e5f4a1330a063d1afe855d6c24d5461e7:
python3-jinja2: Fixed ptest result output as per the standard (2023-11-08 04:10:02 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Chaitanya Vadrevu (1):
go: Fix issue in DNS resolver
Deepthi Hemraj (2):
binutils: Fix CVE-2022-47007
binutils: Fix CVE-2022-48064
Lee Chee Yang (1):
ghostscript: ignore GhostPCL CVE-2023-38560
Meenali Gupta (5):
avahi: fix CVE-2023-38471
avahi: fix CVE-2023-38470
avahi: fix CVE-2023-38469
avahi: fix CVE-2023-38472
avahi: fix CVE-2023-38473
Niranjan Pradhan (1):
qemu 6.2.0: Fix CVE-2023-1544
Peter Marko (2):
go: ignore CVE-2023-45283 and CVE-2023-45284
goarch: Move Go architecture mapping to a library
Soumya Sambu (1):
sudo: upgrade 1.9.13p3 -> 1.9.15p2
Vijay Anusuri (1):
tiff: Backport fix for CVE-2023-41175
Wenlin Kang (1):
libxcrypt: fixed some build error for nativesdk with mingw
Yogita Urade (1):
grub: fix CVE-2023-4692
meta/classes/base.bbclass | 2 +-
meta/classes/goarch.bbclass | 27 +----
meta/lib/oe/go.py | 32 ++++++
.../grub/files/CVE-2023-4692.patch | 97 ++++++++++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
meta/recipes-connectivity/avahi/avahi_0.8.bb | 5 +
.../avahi/files/CVE-2023-38469.patch | 47 ++++++++
.../avahi/files/CVE-2023-38470.patch | 59 ++++++++++
.../avahi/files/CVE-2023-38471.patch | 73 ++++++++++++
.../avahi/files/CVE-2023-38472.patch | 46 ++++++++
.../avahi/files/CVE-2023-38473.patch | 108 ++++++++++++++++++
.../0001-Fix-for-compilation-on-Windows.patch | 37 ++++++
...dom-bytes.c-fixed-conversion-error-w.patch | 47 ++++++++
meta/recipes-core/libxcrypt/libxcrypt.inc | 4 +
.../binutils/binutils-2.38.inc | 2 +
.../binutils/0033-CVE-2022-47007.patch | 34 ++++++
.../binutils/0034-CVE-2022-48064.patch | 57 +++++++++
meta/recipes-devtools/go/go-1.17.13.inc | 5 +-
...Fix-issue-with-DNS-not-being-updated.patch | 51 +++++++++
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-1544.patch | 70 ++++++++++++
.../ghostscript/ghostscript_9.55.0.bb | 3 +
...me.c-correctly-include-header-for-ou.patch | 25 ----
meta/recipes-extended/sudo/sudo.inc | 5 +-
.../{sudo_1.9.13p3.bb => sudo_1.9.15p2.bb} | 3 +-
.../libtiff/tiff/CVE-2023-41175.patch | 69 +++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
27 files changed, 854 insertions(+), 57 deletions(-)
create mode 100644 meta/lib/oe/go.py
create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
create mode 100644 meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch
delete mode 100644 meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch
rename meta/recipes-extended/sudo/{sudo_1.9.13p3.bb => sudo_1.9.15p2.bb} (92%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-41175.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2024-02-27 21:56 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2024-02-27 21:56 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 29
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6616
The following changes since commit 5103ce67741782e43612f495bcc851c6509b734b:
runqemu: direct mesa to use its own drivers, rather than ones provided by host distro (2024-02-25 05:51:38 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Adrian Freihofer (8):
oeqa: replace deprecated assertEquals
oeqa/selftest/recipetool: fix for python 3.12
oeqa/selftest/recipetool: expect meson.bb
oeqa/selftest/oelib/buildhistory: git default branch
feature-microblaze-versions.inc: python 3.12 regex
meta/lib/oeqa: python 3.12 regex
meta/recipes: python 3.12 regex
scripts: python 3.12 regex
Bruce Ashfield (2):
kernel: fix localversion in v6.3+
kernel: make LOCALVERSION consistent between recipes
Chris Laplante (1):
recipetool/create_buildsys_python: use importlib instead of imp
Ming Liu (1):
kernel.bbclass: introduce KERNEL_LOCALVERSION
Ross Burton (3):
populate_sdk_ext: use ConfigParser instead of SafeConfigParser
runqemu: add qmp socket support
oeqa/selftest/recipetool: downgrade meson version to not use
pyproject.toml
Trevor Gamblin (1):
scripts/runqemu: fix regex escape sequences
meta/classes/kernel-arch.bbclass | 1 -
meta/classes/kernel.bbclass | 24 +++++++++++-
meta/classes/kernelsrc.bbclass | 1 +
meta/classes/linux-kernel-base.bbclass | 11 ++++++
meta/classes/module-base.bbclass | 1 +
meta/classes/populate_sdk_ext.bbclass | 2 +-
meta/conf/documentation.conf | 1 +
.../feature-microblaze-versions.inc | 2 +-
meta/lib/oeqa/oetest.py | 2 +-
meta/lib/oeqa/sdk/buildtools-cases/sanity.py | 2 +-
meta/lib/oeqa/selftest/cases/bblayers.py | 2 +-
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
meta/lib/oeqa/selftest/cases/fitimage.py | 6 +--
meta/lib/oeqa/selftest/cases/liboe.py | 2 +-
.../oeqa/selftest/cases/oelib/buildhistory.py | 18 +++++++--
meta/lib/oeqa/selftest/cases/recipetool.py | 19 ++++++----
.../make-mod-scripts/make-mod-scripts_1.0.bb | 3 ++
.../perf/perf/sort-pmuevents.py | 8 ++--
meta/recipes-rt/rt-tests/files/rt_bmark.py | 2 +-
scripts/combo-layer | 2 +-
scripts/contrib/bbvars.py | 6 +--
scripts/contrib/convert-overrides.py | 8 ++--
scripts/lib/checklayer/__init__.py | 4 +-
scripts/lib/recipetool/create.py | 12 +++---
scripts/lib/recipetool/create_buildsys.py | 38 +++++++++----------
.../lib/recipetool/create_buildsys_python.py | 5 +--
scripts/oe-check-sstate | 2 +-
scripts/oe-pkgdata-util | 2 +-
scripts/opkg-query-helper.py | 2 +-
scripts/runqemu | 19 ++++++++--
30 files changed, 134 insertions(+), 75 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2024-10-02 13:12 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2024-10-02 13:12 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, October 4
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7370
The following changes since commit ff720f337e40761c7d4d544c963cf518ad5403ad:
lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex (2024-09-21 06:18:58 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (3):
install-buildtools: remove md5 checksum validation
install-buildtools: fix "test installation" step
scripts/install-buildtools: Update to 4.0.21
Deepthi Hemraj (3):
gcc: upgrade to v11.5
glibc: stable 2.35 branch updates
bintuils: stable 2.38 branch update
Jinfeng Wang (1):
procps: patch CVE-2023-4016
Martin Jansa (1):
populate_sdk_base: inherit nopackages
Mingli Yu (1):
curl: free old conn better on reuse
Paul Eggleton (1):
install-buildtools: support buildtools-make-tarball and update to 4.1
Peter Marko (4):
gnupg: Document CVE-2022-3219 and mark wontfix
wpa-supplicant: Ignore CVE-2024-5290
wpa-supplicant: Patch CVE-2024-3596
wpa-supplicant: Patch security advisory 2024-2
Purushottam Choudhary (1):
kmscube: Add patch to fix -int-conversion build error
Vijay Anusuri (1):
curl: backport Debian patch for CVE-2024-8096
meta/classes/populate_sdk_base.bbclass | 2 +-
meta/conf/distro/include/maintainers.inc | 2 +-
...valid-Rejected-Groups-element-length.patch | 52 +
...valid-Rejected-Groups-element-length.patch | 50 +
...id-Rejected-Groups-element-in-the-pa.patch | 38 +
.../wpa-supplicant/CVE-2024-3596_00.patch | 82 +
.../wpa-supplicant/CVE-2024-3596_01.patch | 165 +
.../wpa-supplicant/CVE-2024-3596_02.patch | 62 +
.../wpa-supplicant/CVE-2024-3596_03.patch | 37 +
.../wpa-supplicant/CVE-2024-3596_04.patch | 52 +
.../wpa-supplicant/CVE-2024-3596_05.patch | 51 +
.../wpa-supplicant/CVE-2024-3596_06.patch | 46 +
.../wpa-supplicant/CVE-2024-3596_07.patch | 67 +
.../wpa-supplicant/CVE-2024-3596_08.patch | 47 +
.../wpa-supplicant/wpa-supplicant_2.10.bb | 15 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../binutils/binutils-2.38.inc | 2 +-
.../gcc/{gcc-11.4.inc => gcc-11.5.inc} | 8 +-
...ian_11.4.bb => gcc-cross-canadian_11.5.bb} | 0
.../{gcc-cross_11.4.bb => gcc-cross_11.5.bb} | 0
...-crosssdk_11.4.bb => gcc-crosssdk_11.5.bb} | 0
...cc-runtime_11.4.bb => gcc-runtime_11.5.bb} | 0
...itizers_11.4.bb => gcc-sanitizers_11.5.bb} | 0
...{gcc-source_11.4.bb => gcc-source_11.5.bb} | 0
...rch64-Update-Neoverse-N2-core-defini.patch | 38 -
.../gcc/gcc/CVE-2023-4039.patch | 2893 -----------------
.../gcc/{gcc_11.4.bb => gcc_11.5.bb} | 0
...initial_11.4.bb => libgcc-initial_11.5.bb} | 0
.../gcc/{libgcc_11.4.bb => libgcc_11.5.bb} | 0
...ibgfortran_11.4.bb => libgfortran_11.5.bb} | 0
.../procps/procps/CVE-2023-4016-2.patch | 60 +
meta/recipes-extended/procps/procps_3.3.17.bb | 3 +-
...001-common-fix-cast-type-in-init_egl.patch | 34 +
meta/recipes-graphics/kmscube/kmscube_git.bb | 6 +-
...01-url-free-old-conn-better-on-reuse.patch | 95 +
.../curl/curl/CVE-2024-8096.patch | 210 ++
meta/recipes-support/curl/curl_7.82.0.bb | 2 +
meta/recipes-support/gnupg/gnupg_2.3.7.bb | 2 +
scripts/install-buildtools | 63 +-
39 files changed, 1219 insertions(+), 2967 deletions(-)
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
rename meta/recipes-devtools/gcc/{gcc-11.4.inc => gcc-11.5.inc} (95%)
rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.4.bb => gcc-cross-canadian_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-cross_11.4.bb => gcc-cross_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.4.bb => gcc-crosssdk_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-runtime_11.4.bb => gcc-runtime_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.4.bb => gcc-sanitizers_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-source_11.4.bb => gcc-source_11.5.bb} (100%)
delete mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
delete mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch
rename meta/recipes-devtools/gcc/{gcc_11.4.bb => gcc_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc-initial_11.4.bb => libgcc-initial_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc_11.4.bb => libgcc_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{libgfortran_11.4.bb => libgfortran_11.5.bb} (100%)
create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016-2.patch
create mode 100644 meta/recipes-graphics/kmscube/kmscube/0001-common-fix-cast-type-in-init_egl.patch
create mode 100644 meta/recipes-support/curl/curl/0001-url-free-old-conn-better-on-reuse.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-8096.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2025-01-20 17:50 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, January 22
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/842
The following changes since commit 8c32d91b64ae296d7832ddeb42983f4f3c237946:
ofono: fix CVE-2024-7547 (2025-01-14 05:49:41 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.23
Alexander Kanavin (1):
rsync: update 3.2.5 -> 3.2.7
Archana Polampalli (6):
rsync: fix CVE-2024-12084
rsync: fix CVE-2024-12085
rsync: fix CVE-2024-12086
rsync: fix CVE-2024-12087
rsync: fix CVE-2024-12088
rsync: fix CVE-2024-12747
Divya Chellam (1):
wget: fix CVE-2024-10524
Khem Raj (1):
rsync: Delete pedantic errors re-ordering patch
Peter Marko (2):
socat: patch CVE-2024-54661
ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542
Ross Burton (2):
classes/nativesdk: also override TUNE_PKGARCH
classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package
architecture
Zhang Peng (2):
avahi: fix CVE-2024-52616
vte: fix CVE-2024-37535
meta/classes/nativesdk.bbclass | 1 +
meta/classes/qemu.bbclass | 8 +-
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2024-52616.patch | 104 +++++++++
...024-7540_CVE-2024-7541_CVE-2024-7542.patch | 52 +++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
.../socat/socat/CVE-2024-54661.patch | 113 ++++++++++
.../socat/socat_1.7.4.4.bb | 4 +-
meta/recipes-devtools/gcc/gcc-testsuite.inc | 6 +-
...-prototypes-to-function-declarations.patch | 28 ++-
...antic-errors-at-the-end-of-configure.patch | 68 ------
.../rsync/files/CVE-2024-12084-0001.patch | 156 ++++++++++++++
.../rsync/files/CVE-2024-12084-0002.patch | 43 ++++
.../rsync/files/CVE-2024-12085.patch | 32 +++
.../rsync/files/CVE-2024-12086-0001.patch | 42 ++++
.../rsync/files/CVE-2024-12086-0002.patch | 108 ++++++++++
.../rsync/files/CVE-2024-12086-0003.patch | 108 ++++++++++
.../rsync/files/CVE-2024-12086-0004.patch | 41 ++++
.../rsync/files/CVE-2024-12087-0001.patch | 49 +++++
.../rsync/files/CVE-2024-12087-0002.patch | 31 +++
.../rsync/files/CVE-2024-12087-0003.patch | 40 ++++
.../rsync/files/CVE-2024-12088.patch | 141 +++++++++++++
.../rsync/files/CVE-2024-12747.patch | 192 +++++++++++++++++
.../rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} | 15 +-
.../wget/wget/CVE-2024-10524.patch | 197 ++++++++++++++++++
meta/recipes-extended/wget/wget_1.21.4.bb | 1 +
.../vte/vte/CVE-2024-37535-0001.patch | 63 ++++++
.../vte/vte/CVE-2024-37535-0002.patch | 85 ++++++++
meta/recipes-support/vte/vte_0.66.2.bb | 9 +-
scripts/install-buildtools | 4 +-
30 files changed, 1645 insertions(+), 98 deletions(-)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
create mode 100644 meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch
delete mode 100644 meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12747.patch
rename meta/recipes-devtools/rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} (81%)
create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-10524.patch
create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch
create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2025-03-05 15:58 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-03-05 15:58 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, March 7
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1121
The following changes since commit 8ea258ad9c83be5d9548a796f7dda4ac820fc435:
elfutils: Fix multiple CVEs (2025-02-28 07:18:33 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Johannes Kauffmann (1):
mesa: Fix missing GLES3 headers in SDK sysroot
Peter Marko (1):
libxml2: mark patch as fixing CVE-2025-27113
Vijay Anusuri (14):
xwayland: Fix CVE-2024-21885
xwayland: Fix CVE-2024-21886
xwayland: Fix CVE-2024-31080
xwayland: Fix CVE-2024-31081
xwayland: Fix CVE-2024-31083
xwayland: Fix CVE-2024-9632
xwayland: Fix CVE-2025-26594
xwayland: Fix CVE-2025-26595
xwayland: Fix CVE-2025-26596
xwayland: Fix CVE-2025-26597
xwayland: Fix CVE-2025-26598
xwayland: Fix CVE-2025-26599
xwayland: Fix CVE-2025-26600
xwayland: Fix CVE-2025-26601
...-child-axis.patch => CVE-2025-27113.patch} | 1 +
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +-
meta/recipes-graphics/mesa/mesa.inc | 5 +
.../xwayland/xwayland/CVE-2024-21885.patch | 113 +++++++++++++++
.../xwayland/xwayland/CVE-2024-21886-1.patch | 74 ++++++++++
.../xwayland/xwayland/CVE-2024-21886-2.patch | 57 ++++++++
.../xwayland/xwayland/CVE-2024-31080.patch | 49 +++++++
.../xwayland/xwayland/CVE-2024-31081.patch | 47 +++++++
.../xwayland/CVE-2024-31083-0001.patch | 118 ++++++++++++++++
.../xwayland/CVE-2024-31083-0002.patch | 77 ++++++++++
.../xwayland/xwayland/CVE-2024-9632.patch | 59 ++++++++
.../xwayland/xwayland/CVE-2025-26594-1.patch | 54 +++++++
.../xwayland/xwayland/CVE-2025-26594-2.patch | 51 +++++++
.../xwayland/xwayland/CVE-2025-26595.patch | 65 +++++++++
.../xwayland/xwayland/CVE-2025-26596.patch | 49 +++++++
.../xwayland/xwayland/CVE-2025-26597.patch | 46 ++++++
.../xwayland/xwayland/CVE-2025-26598.patch | 120 ++++++++++++++++
.../xwayland/xwayland/CVE-2025-26599-1.patch | 66 +++++++++
.../xwayland/xwayland/CVE-2025-26599-2.patch | 129 +++++++++++++++++
.../xwayland/xwayland/CVE-2025-26600.patch | 68 +++++++++
.../xwayland/xwayland/CVE-2025-26601-1.patch | 71 ++++++++++
.../xwayland/xwayland/CVE-2025-26601-2.patch | 85 +++++++++++
.../xwayland/xwayland/CVE-2025-26601-3.patch | 52 +++++++
.../xwayland/xwayland/CVE-2025-26601-4.patch | 132 ++++++++++++++++++
.../xwayland/xwayland_22.1.8.bb | 21 +++
25 files changed, 1610 insertions(+), 1 deletion(-)
rename meta/recipes-core/libxml/libxml2/{0001-pattern-Fix-compilation-of-explicit-child-axis.patch => CVE-2025-27113.patch} (98%)
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21885.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21886-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21886-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31080.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31081.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31083-0001.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31083-0002.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-9632.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26595.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26596.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26598.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26600.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-3.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-4.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2025-07-15 20:36 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 01/16] Revert "coreutils: fix CVE-2025-5278" Steve Sakoman
` (15 more replies)
0 siblings, 16 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, July 17
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2021
The following changes since commit a7cea8a5c91d26ba7c3f72448f0897f5c2f81fd1:
linux-yocto/5.15: update to v5.15.186 (2025-07-08 09:05:09 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (4):
openssl: fix CVE-2024-41996
ofono: fix CVE-2023-4232
ofono: fix CVE-2023-4235
gdk-pixbuf: fix CVE-2025-7345
Chen Qi (2):
coreutils: fix CVE-2025-5278
sudo: upgrade from 1.9.15p2 to 1.9.15p5
Deepesh Varatharajan (1):
bintuils: stable 2.38 branch update
Guocai He (1):
tcf-agent: correct the SRC_URI
Hitendra Prajapati (1):
libxml2: fix CVE-2025-49794 & CVE-2025-49796
Peter Marko (4):
python3: update CVE product
openssl: upgrade 3.0.16 -> 3.0.17
ghostscript: ignore CVE-2025-46646
iputils: patch CVE-2025-48964
Praveen Kumar (1):
sudo: upgrade 1.9.15p5 -> 1.9.17p1
Ross Burton (1):
oeqa/core/decorator: add decorators to skip based on HOST_ARCH
Steve Sakoman (1):
Revert "coreutils: fix CVE-2025-5278"
meta/lib/oeqa/core/decorator/data.py | 24 +++
.../ofono/ofono/CVE-2023-4232.patch | 30 +++
.../ofono/ofono/CVE-2023-4235.patch | 37 ++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 2 +
.../openssl/openssl/CVE-2024-41996.patch | 48 +++++
.../{openssl_3.0.16.bb => openssl_3.0.17.bb} | 3 +-
.../coreutils/coreutils/CVE-2025-5278.patch | 10 +-
.../CVE-2025-49794-CVE-2025-49796.patch | 181 ++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
.../binutils/binutils-2.38.inc | 2 +-
.../python/python3_3.10.18.bb | 2 +-
.../tcf-agent/tcf-agent_git.bb | 2 +-
.../ghostscript/ghostscript_9.55.0.bb | 2 +
.../iputils/iputils/CVE-2025-48964.patch | 99 ++++++++++
.../iputils/iputils_20211215.bb | 1 +
...o.conf.in-fix-conflict-with-multilib.patch | 7 +-
meta/recipes-extended/sudo/sudo.inc | 2 +-
.../{sudo_1.9.15p2.bb => sudo_1.9.17p1.bb} | 54 +++++-
.../gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch | 55 ++++++
.../gdk-pixbuf/gdk-pixbuf_2.42.10.bb | 1 +
20 files changed, 548 insertions(+), 15 deletions(-)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.16.bb => openssl_3.0.17.bb} (98%)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
create mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
rename meta/recipes-extended/sudo/{sudo_1.9.15p2.bb => sudo_1.9.17p1.bb} (52%)
create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 01/16] Revert "coreutils: fix CVE-2025-5278"
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 02/16] coreutils: fix CVE-2025-5278 Steve Sakoman
` (14 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
Failing ptest with valgrind on target
This reverts commit 4e55668ef07d99d8c1141c2f4270f43f5b280159.
---
.../coreutils/coreutils/CVE-2025-5278.patch | 113 ------------------
meta/recipes-core/coreutils/coreutils_9.0.bb | 1 -
2 files changed, 114 deletions(-)
delete mode 100644 meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
diff --git a/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch b/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
deleted file mode 100644
index 34434a65fa..0000000000
--- a/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 84a061ea3d1fad42188493c4e5d8396aff4a0f67 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
-Date: Tue, 20 May 2025 16:03:44 +0100
-Subject: [PATCH] sort: fix buffer under-read (CWE-127)
-
-* src/sort.c (begfield): Check pointer adjustment
-to avoid Out-of-range pointer offset (CWE-823).
-(limfield): Likewise.
-* tests/sort/sort-field-limit.sh: Add a new test,
-which triggers with ASAN or Valgrind.
-* tests/local.mk: Reference the new test.
-* NEWS: Mention bug fix introduced in v7.2 (2009).
-Fixes https://bugs.gnu.org/78507
-
-CVE: CVE-2025-5278
-
-Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
-[Adjusted for 9.0 version]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- src/sort.c | 12 ++++++++++--
- tests/local.mk | 1 +
- tests/misc/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
- 3 files changed, 46 insertions(+), 2 deletions(-)
- create mode 100755 tests/misc/sort-field-limit.sh
-
-diff --git a/src/sort.c b/src/sort.c
-index 5f4c817de..07b96d34b 100644
---- a/src/sort.c
-+++ b/src/sort.c
-@@ -1642,7 +1642,11 @@ begfield (struct line const *line, struct keyfield const *key)
- ++ptr;
-
- /* Advance PTR by SCHAR (if possible), but no further than LIM. */
-- ptr = MIN (lim, ptr + schar);
-+ size_t remaining_bytes = lim - ptr;
-+ if (schar < remaining_bytes)
-+ ptr += schar;
-+ else
-+ ptr = lim;
-
- return ptr;
- }
-@@ -1743,7 +1747,11 @@ limfield (struct line const *line, struct keyfield const *key)
- ++ptr;
-
- /* Advance PTR by ECHAR (if possible), but no further than LIM. */
-- ptr = MIN (lim, ptr + echar);
-+ size_t remaining_bytes = lim - ptr;
-+ if (echar < remaining_bytes)
-+ ptr += echar;
-+ else
-+ ptr = lim;
- }
-
- return ptr;
-diff --git a/tests/local.mk b/tests/local.mk
-index 228d0e368..ced85c44c 100644
---- a/tests/local.mk
-+++ b/tests/local.mk
-@@ -373,6 +373,7 @@ all_tests = \
- tests/misc/sort-debug-keys.sh \
- tests/misc/sort-debug-warn.sh \
- tests/misc/sort-discrim.sh \
-+ tests/misc/sort-field-limit.sh \
- tests/misc/sort-files0-from.pl \
- tests/misc/sort-float.sh \
- tests/misc/sort-h-thousands-sep.sh \
-diff --git a/tests/misc/sort-field-limit.sh b/tests/misc/sort-field-limit.sh
-new file mode 100755
-index 000000000..52d8e1d17
---- /dev/null
-+++ b/tests/misc/sort-field-limit.sh
-@@ -0,0 +1,35 @@
-+#!/bin/sh
-+# From 7.2-9.7, this would trigger an out of bounds mem read
-+
-+# Copyright (C) 2025 Free Software Foundation, Inc.
-+
-+# This program is free software: you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation, either version 3 of the License, or
-+# (at your option) any later version.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+
-+# You should have received a copy of the GNU General Public License
-+# along with this program. If not, see <https://www.gnu.org/licenses/>.
-+
-+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
-+print_ver_ sort
-+getlimits_
-+
-+# This issue triggers with valgrind or ASAN
-+valgrind --error-exitcode=1 sort --version 2>/dev/null &&
-+ VALGRIND='valgrind --error-exitcode=1'
-+
-+{ printf '%s\n' aa bb; } > in || framework_failure_
-+
-+_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out || fail=1
-+compare in out || fail=1
-+
-+_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out || fail=1
-+compare in out || fail=1
-+
-+Exit $fail
---
-2.34.1
-
diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb
index 7c975708f4..1cce9192ec 100644
--- a/meta/recipes-core/coreutils/coreutils_9.0.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@@ -19,7 +19,6 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://0001-uname-report-processor-and-hardware-correctly.patch \
file://0001-local.mk-fix-cross-compiling-problem.patch \
file://e8b56ebd536e82b15542a00c888109471936bfda.patch \
- file://CVE-2025-5278.patch \
file://run-ptest \
file://0001-split-do-not-shrink-hold-buffer.patch \
"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 02/16] coreutils: fix CVE-2025-5278
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 01/16] Revert "coreutils: fix CVE-2025-5278" Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 03/16] libxml2: fix CVE-2025-49794 & CVE-2025-49796 Steve Sakoman
` (13 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
Backport patch to fix CVE-2025-5278.
The patch is adjusted to fit 9.0 version. And the test case is
also adjusted to avoid using valgrind. valgrind in kirkstone is
reporting errors for coreutils' sort utility with/without this patch.
To avoid ptest failure, we disable valgrind explicitly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../coreutils/coreutils/CVE-2025-5278.patch | 113 ++++++++++++++++++
meta/recipes-core/coreutils/coreutils_9.0.bb | 1 +
2 files changed, 114 insertions(+)
create mode 100644 meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
diff --git a/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch b/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
new file mode 100644
index 0000000000..2f262ea0b5
--- /dev/null
+++ b/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
@@ -0,0 +1,113 @@
+From ed9ae6a4a02d322378739a895ae2090ca2bf6cdc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Tue, 20 May 2025 16:03:44 +0100
+Subject: [PATCH] sort: fix buffer under-read (CWE-127)
+
+* src/sort.c (begfield): Check pointer adjustment
+to avoid Out-of-range pointer offset (CWE-823).
+(limfield): Likewise.
+* tests/sort/sort-field-limit.sh: Add a new test,
+which triggers with ASAN or Valgrind.
+* tests/local.mk: Reference the new test.
+* NEWS: Mention bug fix introduced in v7.2 (2009).
+Fixes https://bugs.gnu.org/78507
+
+CVE: CVE-2025-5278
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
+[Adjusted for 9.0 version and adjusted test case to not use valgrind.]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/sort.c | 12 ++++++++++--
+ tests/local.mk | 1 +
+ tests/misc/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
+ 3 files changed, 46 insertions(+), 2 deletions(-)
+ create mode 100755 tests/misc/sort-field-limit.sh
+
+diff --git a/src/sort.c b/src/sort.c
+index 5f4c817de..07b96d34b 100644
+--- a/src/sort.c
++++ b/src/sort.c
+@@ -1642,7 +1642,11 @@ begfield (struct line const *line, struct keyfield const *key)
+ ++ptr;
+
+ /* Advance PTR by SCHAR (if possible), but no further than LIM. */
+- ptr = MIN (lim, ptr + schar);
++ size_t remaining_bytes = lim - ptr;
++ if (schar < remaining_bytes)
++ ptr += schar;
++ else
++ ptr = lim;
+
+ return ptr;
+ }
+@@ -1743,7 +1747,11 @@ limfield (struct line const *line, struct keyfield const *key)
+ ++ptr;
+
+ /* Advance PTR by ECHAR (if possible), but no further than LIM. */
+- ptr = MIN (lim, ptr + echar);
++ size_t remaining_bytes = lim - ptr;
++ if (echar < remaining_bytes)
++ ptr += echar;
++ else
++ ptr = lim;
+ }
+
+ return ptr;
+diff --git a/tests/local.mk b/tests/local.mk
+index 228d0e368..ced85c44c 100644
+--- a/tests/local.mk
++++ b/tests/local.mk
+@@ -373,6 +373,7 @@ all_tests = \
+ tests/misc/sort-debug-keys.sh \
+ tests/misc/sort-debug-warn.sh \
+ tests/misc/sort-discrim.sh \
++ tests/misc/sort-field-limit.sh \
+ tests/misc/sort-files0-from.pl \
+ tests/misc/sort-float.sh \
+ tests/misc/sort-h-thousands-sep.sh \
+diff --git a/tests/misc/sort-field-limit.sh b/tests/misc/sort-field-limit.sh
+new file mode 100755
+index 000000000..dc5b4c964
+--- /dev/null
++++ b/tests/misc/sort-field-limit.sh
+@@ -0,0 +1,35 @@
++#!/bin/sh
++# From 7.2-9.7, this would trigger an out of bounds mem read
++
++# Copyright (C) 2025 Free Software Foundation, Inc.
++
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <https://www.gnu.org/licenses/>.
++
++. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
++print_ver_ sort
++getlimits_
++
++# This issue triggers with valgrind or ASAN
++valgrind --error-exitcode=1 sort --version 2>/dev/null &&
++ VALGRIND='valgrind --error-exitcode=1'
++
++{ printf '%s\n' aa bb; } > in || framework_failure_
++
++_POSIX2_VERSION=200809 sort +0.${SIZE_MAX}R in > out || fail=1
++compare in out || fail=1
++
++_POSIX2_VERSION=200809 sort +1 -1.${SIZE_MAX}R in > out || fail=1
++compare in out || fail=1
++
++Exit $fail
+--
+2.34.1
+
diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb
index 1cce9192ec..7c975708f4 100644
--- a/meta/recipes-core/coreutils/coreutils_9.0.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://0001-uname-report-processor-and-hardware-correctly.patch \
file://0001-local.mk-fix-cross-compiling-problem.patch \
file://e8b56ebd536e82b15542a00c888109471936bfda.patch \
+ file://CVE-2025-5278.patch \
file://run-ptest \
file://0001-split-do-not-shrink-hold-buffer.patch \
"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 03/16] libxml2: fix CVE-2025-49794 & CVE-2025-49796
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 01/16] Revert "coreutils: fix CVE-2025-5278" Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 02/16] coreutils: fix CVE-2025-5278 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 04/16] python3: update CVE product Steve Sakoman
` (12 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../CVE-2025-49794-CVE-2025-49796.patch | 181 ++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
2 files changed, 182 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
new file mode 100644
index 0000000000..3ec8b4173f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
@@ -0,0 +1,181 @@
+From 71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 4 Jul 2025 14:28:26 +0200
+Subject: [PATCH] schematron: Fix memory safety issues in
+ xmlSchematronReportOutput
+
+Fix use-after-free (CVE-2025-49794) and type confusion (CVE-2025-49796)
+in xmlSchematronReportOutput.
+
+Fixes #931.
+Fixes #933.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b]
+CVE: CVE-2025-49794 CVE-2025-49796
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ result/schematron/cve-2025-49794_0.err | 2 ++
+ result/schematron/cve-2025-49796_0.err | 2 ++
+ schematron.c | 37 +++++++++++++++-----------
+ test/schematron/cve-2025-49794.sct | 10 +++++++
+ test/schematron/cve-2025-49794_0.xml | 6 +++++
+ test/schematron/cve-2025-49796.sct | 9 +++++++
+ test/schematron/cve-2025-49796_0.xml | 3 +++
+ 7 files changed, 53 insertions(+), 16 deletions(-)
+ create mode 100644 result/schematron/cve-2025-49794_0.err
+ create mode 100644 result/schematron/cve-2025-49796_0.err
+ create mode 100644 test/schematron/cve-2025-49794.sct
+ create mode 100644 test/schematron/cve-2025-49794_0.xml
+ create mode 100644 test/schematron/cve-2025-49796.sct
+ create mode 100644 test/schematron/cve-2025-49796_0.xml
+
+diff --git a/result/schematron/cve-2025-49794_0.err b/result/schematron/cve-2025-49794_0.err
+new file mode 100644
+index 0000000..5775231
+--- /dev/null
++++ b/result/schematron/cve-2025-49794_0.err
+@@ -0,0 +1,2 @@
++./test/schematron/cve-2025-49794_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2:
++./test/schematron/cve-2025-49794_0.xml fails to validate
+diff --git a/result/schematron/cve-2025-49796_0.err b/result/schematron/cve-2025-49796_0.err
+new file mode 100644
+index 0000000..bf875ee
+--- /dev/null
++++ b/result/schematron/cve-2025-49796_0.err
+@@ -0,0 +1,2 @@
++./test/schematron/cve-2025-49796_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2:
++./test/schematron/cve-2025-49796_0.xml fails to validate
+diff --git a/schematron.c b/schematron.c
+index ddbb069..5ebca64 100644
+--- a/schematron.c
++++ b/schematron.c
+@@ -1239,27 +1239,16 @@ exit:
+ * *
+ ************************************************************************/
+
+-static xmlNodePtr
++static xmlXPathObjectPtr
+ xmlSchematronGetNode(xmlSchematronValidCtxtPtr ctxt,
+ xmlNodePtr cur, const xmlChar *xpath) {
+- xmlNodePtr node = NULL;
+- xmlXPathObjectPtr ret;
+
+ if ((ctxt == NULL) || (cur == NULL) || (xpath == NULL))
+ return(NULL);
+
+ ctxt->xctxt->doc = cur->doc;
+ ctxt->xctxt->node = cur;
+- ret = xmlXPathEval(xpath, ctxt->xctxt);
+- if (ret == NULL)
+- return(NULL);
+-
+- if ((ret->type == XPATH_NODESET) &&
+- (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0))
+- node = ret->nodesetval->nodeTab[0];
+-
+- xmlXPathFreeObject(ret);
+- return(node);
++ return(xmlXPathEval(xpath, ctxt->xctxt));
+ }
+
+ /**
+@@ -1304,18 +1293,26 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+ (child->type == XML_CDATA_SECTION_NODE))
+ ret = xmlStrcat(ret, child->content);
+ else if (IS_SCHEMATRON(child, "name")) {
++ xmlXPathObject *obj = NULL;
+ xmlChar *path;
+
+ path = xmlGetNoNsProp(child, BAD_CAST "path");
+
+ node = cur;
+ if (path != NULL) {
+- node = xmlSchematronGetNode(ctxt, cur, path);
+- if (node == NULL)
+- node = cur;
++ obj = xmlSchematronGetNode(ctxt, cur, path);
++ if ((obj != NULL) &&
++ (obj->type == XPATH_NODESET) &&
++ (obj->nodesetval != NULL) &&
++ (obj->nodesetval->nodeNr > 0))
++ node = obj->nodesetval->nodeTab[0];
+ xmlFree(path);
+ }
+
++ switch (node->type) {
++ case XML_ELEMENT_NODE:
++ case XML_ATTRIBUTE_NODE:
++
+ if ((node->ns == NULL) || (node->ns->prefix == NULL))
+ ret = xmlStrcat(ret, node->name);
+ else {
+@@ -1323,6 +1320,14 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+ ret = xmlStrcat(ret, BAD_CAST ":");
+ ret = xmlStrcat(ret, node->name);
+ }
++ break;
++
++ /* TODO: handle other node types */
++ default:
++ break;
++ }
++
++ xmlXPathFreeObject(obj);
+ } else {
+ child = child->next;
+ continue;
+diff --git a/test/schematron/cve-2025-49794.sct b/test/schematron/cve-2025-49794.sct
+new file mode 100644
+index 0000000..7fc9ee3
+--- /dev/null
++++ b/test/schematron/cve-2025-49794.sct
+@@ -0,0 +1,10 @@
++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
++ <sch:pattern id="">
++ <sch:rule context="boo0">
++ <sch:report test="not(0)">
++ <sch:name path="	e|namespace::*|e"/>
++ </sch:report>
++ <sch:report test="0"></sch:report>
++ </sch:rule>
++ </sch:pattern>
++</sch:schema>
+diff --git a/test/schematron/cve-2025-49794_0.xml b/test/schematron/cve-2025-49794_0.xml
+new file mode 100644
+index 0000000..debc64b
+--- /dev/null
++++ b/test/schematron/cve-2025-49794_0.xml
+@@ -0,0 +1,6 @@
++<librar0>
++ <boo0 t="">
++ <author></author>
++ </boo0>
++ <ins></ins>
++</librar0>
+diff --git a/test/schematron/cve-2025-49796.sct b/test/schematron/cve-2025-49796.sct
+new file mode 100644
+index 0000000..e9702d7
+--- /dev/null
++++ b/test/schematron/cve-2025-49796.sct
+@@ -0,0 +1,9 @@
++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
++ <sch:pattern id="">
++ <sch:rule context="boo0">
++ <sch:report test="not(0)">
++ <sch:name path="/"/>
++ </sch:report>
++ </sch:rule>
++ </sch:pattern>
++</sch:schema>
+diff --git a/test/schematron/cve-2025-49796_0.xml b/test/schematron/cve-2025-49796_0.xml
+new file mode 100644
+index 0000000..be33c4e
+--- /dev/null
++++ b/test/schematron/cve-2025-49796_0.xml
+@@ -0,0 +1,3 @@
++<librar0>
++ <boo0/>
++</librar0>
+--
+2.49.0
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 45424e59ff..baac155270 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -40,6 +40,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
file://CVE-2025-32414.patch \
file://CVE-2025-32415.patch \
file://CVE-2025-6021.patch \
+ file://CVE-2025-49794-CVE-2025-49796.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 04/16] python3: update CVE product
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 03/16] libxml2: fix CVE-2025-49794 & CVE-2025-49796 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 05/16] openssl: upgrade 3.0.16 -> 3.0.17 Steve Sakoman
` (11 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
There are two "new" CVEs reported for python3, their CPEs are:
* CVE-2020-1171: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
* CVE-2020-1192: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
These are for "Visual Studio Code Python extension".
Solve this by addding CVE vendor to python CVE product to avoid
confusion with Microsoft as vendor.
Examining CVE DB for historical python entries shows:
sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython'
...> or product like 'python%3' group by vendor, product;
microsoft|python|2
python|python|1054
python_software_foundation|python|2
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3_3.10.18.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3_3.10.18.bb b/meta/recipes-devtools/python/python3_3.10.18.bb
index 0b57a0ebee..875b52cde9 100644
--- a/meta/recipes-devtools/python/python3_3.10.18.bb
+++ b/meta/recipes-devtools/python/python3_3.10.18.bb
@@ -51,7 +51,7 @@ SRC_URI[sha256sum] = "ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefa
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/"
-CVE_PRODUCT = "python"
+CVE_PRODUCT = "python:python python_software_foundation:python"
# Upstream consider this expected behaviour
CVE_CHECK_IGNORE += "CVE-2007-4559"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 05/16] openssl: upgrade 3.0.16 -> 3.0.17
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 04/16] python3: update CVE product Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 06/16] openssl: fix CVE-2024-41996 Steve Sakoman
` (10 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3016-and-openssl-3017-1-jul-2025
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/{openssl_3.0.16.bb => openssl_3.0.17.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_3.0.16.bb => openssl_3.0.17.bb} (99%)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.16.bb b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.16.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.17.bb
index a9fffd18ba..5bc8801b98 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.16.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86"
+SRC_URI[sha256sum] = "dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 06/16] openssl: fix CVE-2024-41996
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 05/16] openssl: upgrade 3.0.16 -> 3.0.17 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 07/16] ofono: fix CVE-2023-4232 Steve Sakoman
` (9 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol,
when an approved safe prime is used, allows remote attackers (from the client side) to
trigger unnecessarily expensive server-side DHE modular-exponentiation calculations.
The client may cause asymmetric resource consumption. The basic attack scenario is that
the client must claim that it can only communicate with DHE, and the server must be
configured to allow DHE and validate the order of the public key.
Reference:
https://github.com/openssl/openssl/pull/25088
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2024-41996.patch | 48 +++++++++++++++++++
.../openssl/openssl_3.0.17.bb | 1 +
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
new file mode 100644
index 0000000000..49ec9c0130
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
@@ -0,0 +1,48 @@
+From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 5 Aug 2024 17:54:14 +0200
+Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known
+ safe-prime groups
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The partial validation is fully sufficient to check the key validity.
+
+Thanks to Szilárd Pfeiffer for reporting the issue.
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/25088)
+
+CVE: CVE-2024-41996
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e70e34d857d4003199bcb5d3b52ca8102ccc1b98]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+index 795a3f2..3e7a811 100644
+--- a/providers/implementations/keymgmt/dh_kmgmt.c
++++ b/providers/implementations/keymgmt/dh_kmgmt.c
+@@ -387,9 +387,11 @@ static int dh_validate_public(const DH *dh, int checktype)
+ if (pub_key == NULL)
+ return 0;
+
+- /* The partial test is only valid for named group's with q = (p - 1) / 2 */
+- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
+- && ossl_dh_is_named_safe_prime_group(dh))
++ /*
++ * The partial test is only valid for named group's with q = (p - 1) / 2
++ * but for that case it is also fully sufficient to check the key validity.
++ */
++ if (ossl_dh_is_named_safe_prime_group(dh))
+ return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
+
+ return DH_check_pub_key_ex(dh, pub_key);
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
index 5bc8801b98..ee0ab2e498 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2024-41996.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 07/16] ofono: fix CVE-2023-4232
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 06/16] openssl: fix CVE-2024-41996 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 08/16] ofono: fix CVE-2023-4235 Steve Sakoman
` (8 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_status_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_status_report().
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ofono/ofono/CVE-2023-4232.patch | 30 +++++++++++++++++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
2 files changed, 31 insertions(+)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
new file mode 100644
index 0000000000..da714f6a87
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
@@ -0,0 +1,30 @@
+From 2ff2da7ac374a790f8b2a0216bcb4e3126498225 Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Wed, 4 Dec 2024 10:18:52 +0200
+Subject: [PATCH] smsutil: check status report fits in buffer
+
+Fixes CVE-2023-4232
+
+CVE: CVE-2023-4232
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=2ff2da7ac374a790f8b2a0216bcb4e3126498225]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/smsutil.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index ac89f16c..a706e26f 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1088,6 +1088,9 @@ static gboolean decode_status_report(const unsigned char *pdu, int len,
+ if ((len - offset) < expected)
+ return FALSE;
+
++ if (expected > (int)sizeof(out->status_report.ud))
++ return FALSE;
++
+ memcpy(out->status_report.ud, pdu + offset, expected);
+ }
+
+--
+2.30.2
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index 9f11af9236..8a298bfade 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -26,6 +26,7 @@ SRC_URI = "\
file://CVE-2024-7547.patch \
file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
file://CVE-2024-7537.patch \
+ file://CVE-2023-4232.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 08/16] ofono: fix CVE-2023-4235
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 07/16] ofono: fix CVE-2023-4232 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 09/16] ghostscript: ignore CVE-2025-46646 Steve Sakoman
` (7 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_deliver_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_deliver_report().
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ofono/ofono/CVE-2023-4235.patch | 37 +++++++++++++++++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
2 files changed, 38 insertions(+)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
new file mode 100644
index 0000000000..ce03bbd274
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
@@ -0,0 +1,37 @@
+From 02aa0f9bad3d9e47a152fc045d0f51874d901d7e Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Wed, 4 Dec 2024 10:18:51 +0200
+Subject: [PATCH] smsutil: check deliver reports fit in buffer
+
+Fixes CVE-2023-4235
+
+CVE: CVE-2023-4235
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=02aa0f9bad3d9e47a152fc045d0f51874d901d7e]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/smsutil.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 484bfd0b..ac89f16c 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1240,10 +1240,16 @@ static gboolean decode_deliver_report(const unsigned char *pdu, int len,
+ return FALSE;
+
+ if (out->type == SMS_TYPE_DELIVER_REPORT_ERROR) {
++ if (expected > (int) sizeof(out->deliver_err_report.ud))
++ return FALSE;
++
+ out->deliver_err_report.udl = udl;
+ memcpy(out->deliver_err_report.ud,
+ pdu + offset, expected);
+ } else {
++ if (expected > (int) sizeof(out->deliver_ack_report.ud))
++ return FALSE;
++
+ out->deliver_ack_report.udl = udl;
+ memcpy(out->deliver_ack_report.ud,
+ pdu + offset, expected);
+--
+2.30.2
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index 8a298bfade..a3edf4ab5d 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -27,6 +27,7 @@ SRC_URI = "\
file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
file://CVE-2024-7537.patch \
file://CVE-2023-4232.patch \
+ file://CVE-2023-4235.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 09/16] ghostscript: ignore CVE-2025-46646
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 08/16] ofono: fix CVE-2023-4235 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 10/16] iputils: patch CVE-2025-48964 Steve Sakoman
` (6 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
The code patched by [1] which fixes this CVE is not available in 9.55.0.
Also Debian says in [2] that even 10.0.0 is not yet affected.
[1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f14ea81e6c3d2f51593f23cdf13c4679a18f1a3f
[2] https://security-tracker.debian.org/tracker/CVE-2025-46646
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 3b50ac1409..4d696159e0 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -28,6 +28,8 @@ CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
CVE_CHECK_IGNORE += "CVE-2024-29507 CVE-2025-27833"
# Only impacts codepaths relevant for Windows builds
CVE_CHECK_IGNORE += "CVE-2025-27837"
+# Vulnerable code was introduced later, so 9.55.0 is not affected yet
+CVE_CHECK_IGNORE += "CVE-2025-46646"
def gs_verdir(v):
return "".join(v.split("."))
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 10/16] iputils: patch CVE-2025-48964
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (8 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 09/16] ghostscript: ignore CVE-2025-46646 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 11/16] gdk-pixbuf: fix CVE-2025-7345 Steve Sakoman
` (5 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit referencing this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../iputils/iputils/CVE-2025-48964.patch | 99 +++++++++++++++++++
.../iputils/iputils_20211215.bb | 1 +
2 files changed, 100 insertions(+)
create mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
diff --git a/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch b/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
new file mode 100644
index 0000000000..e6fc67bce0
--- /dev/null
+++ b/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
@@ -0,0 +1,99 @@
+From afa36390394a6e0cceba03b52b59b6d41710608c Mon Sep 17 00:00:00 2001
+From: Cyril Hrubis <metan@ucw.cz>
+Date: Fri, 16 May 2025 17:57:10 +0200
+Subject: [PATCH] ping: Fix moving average rtt calculation
+
+The rts->rtt counts an exponential weight moving average in a fixed
+point, that means that even if we limit the triptime to fit into a 32bit
+number the average will overflow because because fixed point needs eight
+more bits.
+
+We also have to limit the triptime to 32bit number because otherwise the
+moving average may stil overflow if we manage to produce a large enough
+triptime.
+
+Fixes: CVE-2025-48964
+Fixes: https://bugzilla.suse.com/show_bug.cgi?id=1243772
+Closes: https://github.com/iputils/iputils-ghsa-25fr-jw29-74f9/pull/1
+Reported-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+Tested-by: Petr Vorel <pvorel@suse.cz>
+Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
+Reviewed-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Signed-off-by: Cyril Hrubis <metan@ucw.cz>
+
+CVE: CVE-2025-48964
+Upstream-Status: Backport [https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ iputils_common.h | 2 +-
+ ping/ping.h | 2 +-
+ ping/ping_common.c | 8 ++++----
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/iputils_common.h b/iputils_common.h
+index 829a749..1296905 100644
+--- a/iputils_common.h
++++ b/iputils_common.h
+@@ -11,7 +11,7 @@
+ __typeof__(&arr[0]))])) * 0)
+
+ /* 1000001 = 1000000 tv_sec + 1 tv_usec */
+-#define TV_SEC_MAX_VAL (LONG_MAX/1000001)
++#define TV_SEC_MAX_VAL (INT32_MAX/1000001)
+
+ #ifdef __GNUC__
+ # define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
+diff --git a/ping/ping.h b/ping/ping.h
+index 4dce538..bc1fab2 100644
+--- a/ping/ping.h
++++ b/ping/ping.h
+@@ -180,7 +180,7 @@ struct ping_rts {
+ long tmax; /* maximum round trip time */
+ double tsum; /* sum of all times, for doing average */
+ double tsum2;
+- int rtt;
++ uint64_t rtt; /* Exponential weight moving average calculated in fixed point */
+ int rtt_addend;
+ uint16_t acked;
+ int pipesize;
+diff --git a/ping/ping_common.c b/ping/ping_common.c
+index 2a3e556..fad5228 100644
+--- a/ping/ping_common.c
++++ b/ping/ping_common.c
+@@ -273,7 +273,7 @@ int __schedule_exit(int next)
+
+ static inline void update_interval(struct ping_rts *rts)
+ {
+- int est = rts->rtt ? rts->rtt / 8 : rts->interval * 1000;
++ int est = rts->rtt ? (int)(rts->rtt / 8) : rts->interval * 1000;
+
+ rts->interval = (est + rts->rtt_addend + 500) / 1000;
+ if (rts->uid && rts->interval < MINUSERINTERVAL)
+@@ -768,7 +768,7 @@ restamp:
+ if (triptime > rts->tmax)
+ rts->tmax = triptime;
+ if (!rts->rtt)
+- rts->rtt = triptime * 8;
++ rts->rtt = ((uint64_t)triptime) * 8;
+ else
+ rts->rtt += triptime - rts->rtt / 8;
+ if (rts->opt_adaptive)
+@@ -935,7 +935,7 @@ int finish(struct ping_rts *rts)
+ int ipg = (1000000 * (long long)tv.tv_sec + tv.tv_nsec / 1000) / (rts->ntransmitted - 1);
+
+ printf(_("%sipg/ewma %d.%03d/%d.%03d ms"),
+- comma, ipg / 1000, ipg % 1000, rts->rtt / 8000, (rts->rtt / 8) % 1000);
++ comma, ipg / 1000, ipg % 1000, (int)(rts->rtt / 8000), (int)((rts->rtt / 8) % 1000));
+ }
+ putchar('\n');
+ return (!rts->nreceived || (rts->deadline && rts->nreceived < rts->npackets));
+@@ -960,7 +960,7 @@ void status(struct ping_rts *rts)
+ fprintf(stderr, _(", min/avg/ewma/max = %ld.%03ld/%lu.%03ld/%d.%03d/%ld.%03ld ms"),
+ (long)rts->tmin / 1000, (long)rts->tmin % 1000,
+ tavg / 1000, tavg % 1000,
+- rts->rtt / 8000, (rts->rtt / 8) % 1000, (long)rts->tmax / 1000, (long)rts->tmax % 1000);
++ (int)(rts->rtt / 8000), (int)((rts->rtt / 8) % 1000), (long)rts->tmax / 1000, (long)rts->tmax % 1000);
+ }
+ fprintf(stderr, "\n");
+ }
diff --git a/meta/recipes-extended/iputils/iputils_20211215.bb b/meta/recipes-extended/iputils/iputils_20211215.bb
index 03dc97dcc8..97fff6fe3a 100644
--- a/meta/recipes-extended/iputils/iputils_20211215.bb
+++ b/meta/recipes-extended/iputils/iputils_20211215.bb
@@ -13,6 +13,7 @@ DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
file://CVE-2025-47268.patch \
+ file://CVE-2025-48964.patch \
"
SRCREV = "1d1e7c43210d8af316a41cb2c53d612a4c16f34d"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 11/16] gdk-pixbuf: fix CVE-2025-7345
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (9 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 10/16] iputils: patch CVE-2025-48964 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 12/16] sudo: upgrade from 1.9.15p2 to 1.9.15p5 Steve Sakoman
` (4 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function
(io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing
maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding,
allowing out-of-bounds reads from heap memory, potentially causing application crashes or
arbitrary code execution.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch | 55 +++++++++++++++++++
.../gdk-pixbuf/gdk-pixbuf_2.42.10.bb | 1 +
2 files changed, 56 insertions(+)
create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
new file mode 100644
index 0000000000..a8f23d3501
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
@@ -0,0 +1,55 @@
+From 4af78023ce7d3b5e3cec422a59bb4f48fa4f5886 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Fri, 11 Jul 2025 11:02:05 -0400
+Subject: [PATCH] jpeg: Be more careful with chunked icc data
+
+We we inadvertendly trusting the sequence numbers not to lie.
+If they do we would report a larger data size than we actually
+allocated, leading to out of bounds memory access in base64
+encoding later on.
+
+This has been assigned CVE-2025-7345.
+
+Fixes: #249
+
+CVE: CVE-2025-7345
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4af78023ce7d3b5e3cec422a59bb4f48fa4f5886]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gdk-pixbuf/io-jpeg.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
+index 3841fc0..9ee1d21 100644
+--- a/gdk-pixbuf/io-jpeg.c
++++ b/gdk-pixbuf/io-jpeg.c
+@@ -356,6 +356,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+ context->icc_profile = g_new (gchar, chunk_size);
+ /* copy the segment data to the profile space */
+ memcpy (context->icc_profile, marker->data + 14, chunk_size);
++ ret = TRUE;
+ goto out;
+ }
+
+@@ -377,12 +378,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+ /* copy the segment data to the profile space */
+ memcpy (context->icc_profile + offset, marker->data + 14, chunk_size);
+
+- /* it's now this big plus the new data we've just copied */
+- context->icc_profile_size += chunk_size;
++ context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size);
+
+ /* success */
+ ret = TRUE;
+ out:
++ if (!ret) {
++ g_free (context->icc_profile);
++ context->icc_profile = NULL;
++ }
+ return ret;
+ }
+
+--
+2.40.0
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
index cca89a9059..471d72d8dd 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://fatal-loader.patch \
file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
+ file://CVE-2025-7345.patch \
"
SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 12/16] sudo: upgrade from 1.9.15p2 to 1.9.15p5
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (10 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 11/16] gdk-pixbuf: fix CVE-2025-7345 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 13/16] sudo: upgrade 1.9.15p5 -> 1.9.17p1 Steve Sakoman
` (3 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
(From OE-Core rev: 4b2eccc0ee3f2906f9b04de194b9df6e24c2cdf4)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 468633036c4b049b137d80740c4380ae1959e645)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb} (96%)
diff --git a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
similarity index 96%
rename from meta/recipes-extended/sudo/sudo_1.9.15p2.bb
rename to meta/recipes-extended/sudo/sudo_1.9.15p5.bb
index 431dfba3c2..8e542015ad 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
@@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "199c0cdbfa7efcfffa9c88684a8e2fb206a62b70a316507e4a91c89c873bbcc8"
+SRC_URI[sha256sum] = "558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 13/16] sudo: upgrade 1.9.15p5 -> 1.9.17p1
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (11 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 12/16] sudo: upgrade from 1.9.15p2 to 1.9.15p5 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 14/16] bintuils: stable 2.38 branch update Steve Sakoman
` (2 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Praveen Kumar <praveen.kumar@windriver.com>
Changelog:
===========
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
License-Update: Copyright updated to 2025
0001-sudo.conf.in-fix-conflict-with-multilib.patch refreshed for 1.9.17
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...o.conf.in-fix-conflict-with-multilib.patch | 7 ++-
meta/recipes-extended/sudo/sudo.inc | 2 +-
.../{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} | 54 ++++++++++++++++++-
3 files changed, 57 insertions(+), 6 deletions(-)
rename meta/recipes-extended/sudo/{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} (52%)
diff --git a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
index 041c717e00..1989c5abd7 100644
--- a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
+++ b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
@@ -1,4 +1,4 @@
-From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001
+From 8c69192754ba73dd6e3273728a21aa73988f4bfb Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Tue, 17 Nov 2020 11:13:40 +0800
Subject: [PATCH] sudo.conf.in: fix conflict with multilib
@@ -15,13 +15,12 @@ Update the comments in sudo.conf.in to avoid the conflict.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Upstream-Status: Inappropriate [OE configuration specific]
-
---
examples/sudo.conf.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in
-index 2187457..0908d24 100644
+index bdd676c..094341c 100644
--- a/examples/sudo.conf.in
+++ b/examples/sudo.conf.in
@@ -4,7 +4,7 @@
@@ -53,7 +52,7 @@ index 2187457..0908d24 100644
# Sudo plugin directory:
@@ -74,7 +74,7 @@
# The default directory to use when searching for plugins that are
- # specified without a fully qualified path name.
+ # specified without a fully-qualified path name.
#
-#Path plugin_dir @plugindir@
+#Path plugin_dir $plugindir
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index d3b6bf1ad8..a8323f8b6d 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws"
BUGTRACKER = "http://www.sudo.ws/bugs/"
SECTION = "admin"
LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib"
-LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=2841c822e587db145364ca95e9be2ffa \
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
diff --git a/meta/recipes-extended/sudo/sudo_1.9.15p5.bb b/meta/recipes-extended/sudo/sudo_1.9.17p1.bb
similarity index 52%
rename from meta/recipes-extended/sudo/sudo_1.9.15p5.bb
rename to meta/recipes-extended/sudo/sudo_1.9.17p1.bb
index 8e542015ad..c5d57da9f0 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.17p1.bb
@@ -1,3 +1,55 @@
+# FIXME: the LIC_FILES_CHKSUM values have been updated by 'devtool upgrade'.
+# The following is the difference between the old and the new license text.
+# Please update the LICENSE value if needed, and summarize the changes in
+# the commit message via 'License-Update:' tag.
+# (example: 'License-Update: copyright years updated.')
+#
+# The changes:
+#
+# --- LICENSE.md
+# +++ LICENSE.md
+# @@ -1,6 +1,6 @@
+# Sudo is distributed under the following license:
+#
+# - Copyright (c) 1994-1996, 1998-2023
+# + Copyright (c) 1994-1996, 1998-2025
+# Todd C. Miller <Todd.Miller@sudo.ws>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -247,9 +247,9 @@
+#
+# The file arc4random.c bears the following license:
+#
+# - Copyright (c) 1996, David Mazieres <dm@uun.org>
+# - Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+# - Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+# + Copyright (c) 1996, David Mazieres <dm@uun.org>
+# + Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+# + Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+# Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -282,7 +282,7 @@
+#
+# The file getentropy.c bears the following license:
+#
+# - Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+# + Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+# Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -299,7 +299,7 @@
+#
+# The embedded copy of zlib bears the following license:
+#
+# - Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+# + Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
+#
+# This software is provided 'as-is', without any express or implied
+# warranty. In no event will the authors be held liable for any damages
+#
+#
+
require sudo.inc
SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
@@ -7,7 +59,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558"
+SRC_URI[sha256sum] = "ff607ea717072197738a78f778692cd6df9a7e3e404565f51de063ca27455d32"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 14/16] bintuils: stable 2.38 branch update
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (12 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 13/16] sudo: upgrade 1.9.15p5 -> 1.9.17p1 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 15/16] oeqa/core/decorator: add decorators to skip based on HOST_ARCH Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 16/16] tcf-agent: correct the SRC_URI Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Below commit on binutils-2.38 stable branch are updated.
9bee8d65d32 x86: Check MODRM for call and jmp in binutils older than 2.45
Before After Diff
No. of expected passes 280 280 0
No. of unexpected failures 2 2 0
No. of untested testcases 1 1 0
No. of unsupported tests 7 7 0
Testing was done and there were no regressions found
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/binutils/binutils-2.38.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index f1c29015bc..e25f52e171 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_38-branch"
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
-SRCREV ?= "4d71e17a9fd8d319359ded891eb3034a2325d4c0"
+SRCREV ?= "9bee8d65d32ac1480997c13ce76ae7991180f1ed"
BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=git"
SRC_URI = "\
${BINUTILS_GIT_URI} \
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 15/16] oeqa/core/decorator: add decorators to skip based on HOST_ARCH
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (13 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 14/16] bintuils: stable 2.38 branch update Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 16/16] tcf-agent: correct the SRC_URI Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
There are already decorators to skip on the value of MACHINE, but for
flexibility it's better to skip based on the target architecture. This
means, for example, the ISO image tests could skip if the architecture
isn't x86.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 0c21ff0a92906b6b4820eb8beddf8762fe70653d)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/core/decorator/data.py | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/meta/lib/oeqa/core/decorator/data.py b/meta/lib/oeqa/core/decorator/data.py
index 3ce10e5499..de881e097a 100644
--- a/meta/lib/oeqa/core/decorator/data.py
+++ b/meta/lib/oeqa/core/decorator/data.py
@@ -194,3 +194,27 @@ class skipIfQemu(OETestDecorator):
self.logger.debug("Checking if qemu MACHINE")
if self.case.td.get('MACHINE', '').startswith('qemu'):
self.case.skipTest('Test only runs on real hardware')
+
+@registerDecorator
+class skipIfArch(OETestDecorator):
+ """
+ Skip test if HOST_ARCH is present in the tuple specified.
+ """
+
+ attrs = ('archs',)
+ def setUpDecorator(self):
+ arch = self.case.td['HOST_ARCH']
+ if arch in self.archs:
+ self.case.skipTest('Test skipped on %s' % arch)
+
+@registerDecorator
+class skipIfNotArch(OETestDecorator):
+ """
+ Skip test if HOST_ARCH is not present in the tuple specified.
+ """
+
+ attrs = ('archs',)
+ def setUpDecorator(self):
+ arch = self.case.td['HOST_ARCH']
+ if arch not in self.archs:
+ self.case.skipTest('Test skipped on %s' % arch)
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 16/16] tcf-agent: correct the SRC_URI
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (14 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 15/16] oeqa/core/decorator: add decorators to skip based on HOST_ARCH Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Guocai He <guocai.he.cn@windriver.com>
The SRC_URI is changed to git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/tcf-agent/tcf-agent_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
index 0d627f4e23..8165d35758 100644
--- a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
+++ b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
@@ -10,7 +10,7 @@ SRCREV = "2735e3d6b7eccb05ab232825c618c837d27a5010"
PV = "1.7.0+git${SRCPV}"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
-SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https;branch=master \
+SRC_URI = "git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git;protocol=https;branch=master \
file://ldflags.patch \
file://tcf-agent.init \
file://tcf-agent.service \
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
end of thread, other threads:[~2025-07-15 20:37 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 01/16] Revert "coreutils: fix CVE-2025-5278" Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 02/16] coreutils: fix CVE-2025-5278 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 03/16] libxml2: fix CVE-2025-49794 & CVE-2025-49796 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 04/16] python3: update CVE product Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 05/16] openssl: upgrade 3.0.16 -> 3.0.17 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 06/16] openssl: fix CVE-2024-41996 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 07/16] ofono: fix CVE-2023-4232 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 08/16] ofono: fix CVE-2023-4235 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 09/16] ghostscript: ignore CVE-2025-46646 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 10/16] iputils: patch CVE-2025-48964 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 11/16] gdk-pixbuf: fix CVE-2025-7345 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 12/16] sudo: upgrade from 1.9.15p2 to 1.9.15p5 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 13/16] sudo: upgrade 1.9.15p5 -> 1.9.17p1 Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 14/16] bintuils: stable 2.38 branch update Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 15/16] oeqa/core/decorator: add decorators to skip based on HOST_ARCH Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 16/16] tcf-agent: correct the SRC_URI Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-03-05 15:58 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-01-20 17:50 Steve Sakoman
2024-10-02 13:12 Steve Sakoman
2024-02-27 21:56 Steve Sakoman
2023-11-22 2:30 Steve Sakoman
2023-08-17 2:49 Steve Sakoman
2022-09-13 14:17 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox