linux/meta-openembedded.git, branch kirkstone-next

poco: Fix ptests

2025-07-13T18:41:35+00:00

testrunners file was coming out to be empty after anon python was turned into a prepend to populate_packages which is executed during do_package and hence POCO_TESTRUNNERS was not populated when it was used during do_ptest_install now. Therefore alter the logic to collect the list of tests to run into testrunners file. Also package the ignore file which is platform specific, here the lnx version is packaged and specified using -ignore cmd to tests Signed-off-by: Khem Raj Signed-off-by: Peter Marko Signed-off-by: Armin Kuster

poco: Remove pushd/popd from run-ptest

2025-07-13T18:41:31+00:00

This could be worked out without needing to add bash dependency Signed-off-by: Khem Raj Signed-off-by: Peter Marko Signed-off-by: Armin Kuster

poco: patch CVE-2025-6375

2025-07-13T18:41:28+00:00

Pick commit mentioned in [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375 Signed-off-by: Peter Marko Signed-off-by: Armin Kuster

spdlog: patch CVE-2025-6140

2025-07-13T18:41:25+00:00

Pick commit [1] mentioned in [2] as listed in [3]. [1] https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094 [2] https://github.com/gabime/spdlog/issues/3360 [3] https://nvd.nist.gov/vuln/detail/CVE-2025-6140 Signed-off-by: Peter Marko Signed-off-by: Armin Kuster

tcpreplay: fix CVE-2024-22654

2025-07-13T18:41:22+00:00

tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c. Signed-off-by: Archana Polampalli Signed-off-by: Armin Kuster

open-vm-tools: fix CVE-2025-22247

2025-07-13T18:41:17+00:00

Upstream-Status: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1100-1225-VGAuth-updates.patch Signed-off-by: Hitendra Prajapati Signed-off-by: Armin Kuster

jq: Fix CVEs

2025-07-13T18:36:35+00:00

Adds backported patches to fix CVE-2024-23339, CVE-2024-53427, and CVE-2025-48060. Signed-off-by: Colin Pinnell McAllister Change-Id: Ibc2db956b7fd5d0388dbed1a81ddf9aa58431fb1 Signed-off-by: Armin Kuster

imagemagick: Fix CVE vulnerablities

2025-07-13T18:35:54+00:00

Fix following CVEs for imagemagick: CVE-2023-5341, CVE-2022-1114, CVE-2023-1289 and CVE-2023-34474 Signed-off-by: Sana Kazi Signed-off-by: Armin Kuster

udisks2: Hardening measure of CVE-2025-6019

2025-07-13T18:35:51+00:00

Refer [1], CVE-2025-6019 is strongly related to udisk daemon, and this is a hardening measure related to this. [1] https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt [2] https://security-tracker.debian.org/tracker/CVE-2025-6019 [3] https://ubuntu.com/blog/udisks-libblockdev-lpe-vulnerability-fixes-available Signed-off-by: Changqing Li Signed-off-by: Armin Kuster

libblockdev: fix CVE-2025-6019

2025-07-13T18:35:44+00:00

CVE-2025-6019: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system. Refer: https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt Signed-off-by: Changqing Li Signed-off-by: Armin Kuster