Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=master 2025-11-07T13:31:53+00:00 2025-11-07T13:31:53+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2025-11-07T13:31:53+00:00 urn:sha1:8c22ff0d8b70d9b12f0487ef696a7e915b9e3173 You can either: a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs b) use the new bitbake-setup You can find information about either approach in our documentation: https://docs.yoctoproject.org/ Note that "poky" the distro setting is still available in meta-yocto as before and we continue to use and maintain that. Long live Poky! Some further information on the background of this change can be found in: https://lists.openembedded.org/g/openembedded-architecture/message/2179 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-10-30T11:06:28+00:00 Zhang Peng peng.zhang1.cn@windriver.com 2025-10-27T06:09:15+00:00 urn:sha1:78a15a355690eb0eb6943b411c6b21c1e8f6c075 CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52615] [https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g] Upstream patches: [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] (Cherry pick from commit: ec22ec26b3f40ed5e0d84d60c29d8c315cf72e23) (From OE-Core rev: 97d60090dbe96dca423af47c8d55cc53e172fb4c) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-10-30T11:06:28+00:00 Zhang Peng peng.zhang1.cn@windriver.com 2025-10-27T06:09:14+00:00 urn:sha1:280f06735a693244a1d29dbad076fba0af30eb00 CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52616] [https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm] Upstream patches: [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] (Cherry pick from commit 28de3f131b17dc4165df927060ee51f0de3ada90) (From OE-Core rev: 3d36874e2beb64ca2a089a2be942cbbbbe1fff79) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-04-10T10:05:34+00:00 Alexander Kanavin alex@linutronix.de 2025-04-07T09:40:43+00:00 urn:sha1:ef42fff1b12ab74833b8527a9483d7a9ae6f7f9e (From OE-Core rev: 1489c424a7a4728834d8253f81711ac0df25db9d) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-12-21T10:38:30+00:00 Vijay Anusuri vanusuri@mvista.com 2023-12-12T09:05:18+00:00 urn:sha1:198d891baa5dbeaca0e02e1904208d0edd30d495 import patches from ubuntu to fix CVE-2023-1981 CVE-2023-38469-2 CVE-2023-38470-2 CVE-2023-38471-2 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f & https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237 & https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c & https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] Ref: https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/nanbield-nut&id=a9203c46cd64c3ec5e5b00e381bbac85733f85df (From OE-Core rev: 2b0d8a63a212897b33e85cc3694cd9a3d6e09ca8) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-20T15:30:52+00:00 Meenali Gupta meenali.gupta@windriver.com 2023-11-16T11:19:25+00:00 urn:sha1:34f496c2d47f1ab34a8330a0830726f24e7ba6cc A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. (From OE-Core rev: fbe506e7af1ce47f6d04c122cb77573e0527ab91) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-20T15:30:52+00:00 Meenali Gupta meenali.gupta@windriver.com 2023-11-16T11:44:50+00:00 urn:sha1:9580629d5b34aa8a02f88582e15e179a900d9034 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. (From OE-Core rev: 988d115ca18db1872d7a4dab39040029e5c61d6b) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-20T15:30:52+00:00 Meenali Gupta meenali.gupta@windriver.com 2023-11-16T11:18:17+00:00 urn:sha1:fb61e440a59a2612781e74e7e69fad2461a16c55 A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. (From OE-Core rev: 292956cd7b2ea909a0cb39973536ddd007f7e47d) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-20T15:30:52+00:00 Meenali Gupta meenali.gupta@windriver.com 2023-11-16T11:17:44+00:00 urn:sha1:820c282b7de5daed91693e95e2ee9e2988929ad8 A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. (From OE-Core rev: 93b4489c84f5f21e3fbcd66a39d50b5d64001a58) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-20T15:30:52+00:00 Meenali Gupta meenali.gupta@windriver.com 2023-11-16T11:17:12+00:00 urn:sha1:4dd9e54a3b230bd542284a451905cb5203effa84 A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. (From OE-Core rev: 885d64f067b9ddaf890d9bdef7b76898ff90b04e) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>