<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/dmidecode, branch kirkstone</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=kirkstone</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=kirkstone'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2023-08-19T15:56:58+00:00</updated>
<entry>
<title>dmidecode: fixup for CVE-2023-30630</title>
<updated>2023-08-19T15:56:58+00:00</updated>
<author>
<name>Adrian Freihofer</name>
<email>adrian.freihofer@gmail.com</email>
</author>
<published>2023-08-16T10:58:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3d4850b3eac151a17bb174f18f8dda4707dc104f'/>
<id>urn:sha1:3d4850b3eac151a17bb174f18f8dda4707dc104f</id>
<content type='text'>
The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:

+    u32 len;
+    u8 *table;
...
-    if (!(opt.flags &amp; FLAG_QUIET))
-        pr_comment("Writing %d bytes to %s.", crafted[0x05],
-                   opt.dumpfile);
-    write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+    dmi_table_dump(crafted, crafted[0x05], table, len);

It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.

(From OE-Core rev: ea069a94a213cc153528aebfc387f30215566cc7)

Signed-off-by: Adrian Freihofer &lt;adrian.freihofer@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>dmidecode: fix CVE-2023-30630</title>
<updated>2023-08-02T14:47:13+00:00</updated>
<author>
<name>Yogita Urade</name>
<email>yogita.urade@windriver.com</email>
</author>
<published>2023-07-28T10:01:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72'/>
<id>urn:sha1:f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72</id>
<content type='text'>
Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
This has security relevance because, for example, execution of
Dmidecode via Sudo is plausible.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-30630
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html

Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone

(From OE-Core rev: 4f83427a0a01e8285c9eb42d2a635d1ff7b23779)

Signed-off-by: Yogita Urade &lt;yogita.urade@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
(cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587)
Signed-off-by: Dhairya Nagodra &lt;dnagodra@cisco.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers</title>
<updated>2022-02-20T16:45:25+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2022-02-18T17:15:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b0130fcf91daee0d905af755302fabe608da141c'/>
<id>urn:sha1:b0130fcf91daee0d905af755302fabe608da141c</id>
<content type='text'>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.

(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION</title>
<updated>2021-02-26T15:21:21+00:00</updated>
<author>
<name>Dorinda</name>
<email>dorindabassey@gmail.com</email>
</author>
<published>2021-02-25T00:39:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8e4567bd5f292d1850b7b9422d8a073ae358350c'/>
<id>urn:sha1:8e4567bd5f292d1850b7b9422d8a073ae358350c</id>
<content type='text'>
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage

[YOCTO #13471]

(From OE-Core rev: bb05814335e7101bfd8df0a11dc18a044e867bed)

Signed-off-by: Dorinda Bassey &lt;dorindabassey@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dmidecode: upgrade 3.2 -&gt; 3.3</title>
<updated>2020-11-03T08:21:11+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2020-11-02T16:48:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e2abc4075679849b96aa5a6f0aec292fbcbc51bc'/>
<id>urn:sha1:e2abc4075679849b96aa5a6f0aec292fbcbc51bc</id>
<content type='text'>
(From OE-Core rev: 528790d8a79f9d7234c877ff07c12f53057b6d20)

Signed-off-by: Alexander Kanavin &lt;alex.kanavin@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dmidecode: fix the Upstream-Status in a custom patch</title>
<updated>2018-11-23T23:35:19+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2018-11-22T16:30:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=584c539eaad6673b5e3e2f055e8fccafd2984503'/>
<id>urn:sha1:584c539eaad6673b5e3e2f055e8fccafd2984503</id>
<content type='text'>
(From OE-Core rev: c2d8081216b03c7f26063ca9f971661e76550464)

Signed-off-by: Alexander Kanavin &lt;alex.kanavin@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dmidecode: update to 3.2</title>
<updated>2018-11-23T23:35:18+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2018-11-22T15:41:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=71c0092d16c97fcd5869dc85714ca56fab173ed2'/>
<id>urn:sha1:71c0092d16c97fcd5869dc85714ca56fab173ed2</id>
<content type='text'>
Also, replace a sed hack with a proper patch.

(From OE-Core rev: bdde940c05490d3128721e4f5eb67d456e7cc323)

Signed-off-by: Alexander Kanavin &lt;alex.kanavin@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dmidecode: correct docdir</title>
<updated>2018-06-27T12:55:21+00:00</updated>
<author>
<name>Christopher Larson</name>
<email>chris_larson@mentor.com</email>
</author>
<published>2018-06-21T21:07:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3cda7c73a9e8e94ca81584e07b58b4d9d2d1a304'/>
<id>urn:sha1:3cda7c73a9e8e94ca81584e07b58b4d9d2d1a304</id>
<content type='text'>
Without this, the package clutters up the root of /usr/share/doc.

(From OE-Core rev: af4f0d44acef328245dfe1bd102bb5e61293ee2d)

Signed-off-by: Christopher Larson &lt;chris_larson@mentor.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dmidecode: update to 3.1</title>
<updated>2017-06-28T14:52:18+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alexander.kanavin@linux.intel.com</email>
</author>
<published>2017-06-16T11:59:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a99dafbfe1c9f46e987b6e58e15163eb0e81544a'/>
<id>urn:sha1:a99dafbfe1c9f46e987b6e58e15163eb0e81544a</id>
<content type='text'>
(From OE-Core rev: dc1110ba6a3a4958da7a16f01343666ce5c75aaf)

Signed-off-by: Alexander Kanavin &lt;alexander.kanavin@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dmidecode: Explicitly set EXTRA_OEMAKE as required</title>
<updated>2016-02-10T16:06:24+00:00</updated>
<author>
<name>Mike Crowe</name>
<email>mac@mcrowe.com</email>
</author>
<published>2016-02-05T18:04:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=59ee2061790b2ec8d03035135064cd3f0e714801'/>
<id>urn:sha1:59ee2061790b2ec8d03035135064cd3f0e714801</id>
<content type='text'>
This recipe currently relies on EXTRA_OEMAKE having been set to
"-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this
explicit so that the default in bitbake.conf can be changed.

(From OE-Core rev: ca35d45a3a208e2c5eaa64c2a19989fca202bbfc)

Signed-off-by: Mike Crowe &lt;mac@mcrowe.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
