<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-extended, branch yocto-5.0.8</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-5.0.8</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-5.0.8'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-03-10T19:30:52+00:00</updated>
<entry>
<title>tzcode-native: Fix compiler setting from 2023d version</title>
<updated>2025-03-10T19:30:52+00:00</updated>
<author>
<name>Alessio Cascone</name>
<email>alessio.cascone@vimar.com</email>
</author>
<published>2025-01-29T07:31:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=103af48c363e91cf9398f1a4bea1bd1852efc1ea'/>
<id>urn:sha1:103af48c363e91cf9398f1a4bea1bd1852efc1ea</id>
<content type='text'>
Starting from 2023d version, tzcode makefile does not use anymore "cc"
variable for C compiler, due to Makefile refactoring.
Replacing "cc" with "CC" fixes the issue.

(From OE-Core rev: c297d2cd8d28463adca5158c9895f1492754d569)

Signed-off-by: Alessio Cascone &lt;alessio.cascone@vimar.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit b3cdfca5ef84ed2054faef9abddef3aeed930e17)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>tzdata/tzcode-native: upgrade 2024b -&gt; 2025a</title>
<updated>2025-03-10T19:30:52+00:00</updated>
<author>
<name>Priyal Doshi</name>
<email>pdoshi@mvista.com</email>
</author>
<published>2025-01-27T10:40:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=14a67aa5b47a93474603f0c3a57f9fc209bd17ad'/>
<id>urn:sha1:14a67aa5b47a93474603f0c3a57f9fc209bd17ad</id>
<content type='text'>
(From OE-Core rev: 34b0f99ffd9beab4d400b05f259fc26f3da0386b)

Signed-off-by: Priyal Doshi &lt;pdoshi@mvista.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit a15c4e6793c55c8084a61298ef3695e1db2f60cd)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>wget: fix CVE-2024-10524</title>
<updated>2025-01-24T15:59:38+00:00</updated>
<author>
<name>Divya Chellam</name>
<email>divya.chellam@windriver.com</email>
</author>
<published>2025-01-15T01:52:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b84adcd9471bef77fc1c33564092e1f9fc4bf9c3'/>
<id>urn:sha1:b84adcd9471bef77fc1c33564092e1f9fc4bf9c3</id>
<content type='text'>
Applications that use Wget to access a remote resource using
shorthand URLs and pass arbitrary user credentials in the URL
are vulnerable. In these cases attackers can enter crafted
credentials which will cause Wget to access an arbitrary host.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-10524

Upstream-patch:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778

(From OE-Core rev: 425c3f55bd316a563597ff6ff95f8104848e2f10)

Signed-off-by: Divya Chellam &lt;divya.chellam@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>groff: Fix race issues for parallel build</title>
<updated>2025-01-18T14:26:45+00:00</updated>
<author>
<name>Robert Yang</name>
<email>liezhi.yang@windriver.com</email>
</author>
<published>2024-11-11T14:32:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=54b2e90c01001cebb5f5947fbd6c4e50d701df69'/>
<id>urn:sha1:54b2e90c01001cebb5f5947fbd6c4e50d701df69</id>
<content type='text'>
Fixed race issues for parallel build:
groff: error: couldn't exec soelim: Permission

And:
groff: error: couldn't exec grn: Permission denied

(From OE-Core rev: 44b625a820a22c99f4fa1d4ed6b6de98c5d75884)

Signed-off-by: Robert Yang &lt;liezhi.yang@windriver.com&gt;
(cherry picked from commit b9ee7ea9ab05a1887c863dc9fccc65cb9e6850df)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>libarchive: Fix CVE-2024-20696</title>
<updated>2025-01-09T14:25:36+00:00</updated>
<author>
<name>aszh07</name>
<email>mail2szahir@gmail.com</email>
</author>
<published>2025-01-02T07:53:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e5c348378f46bf10d1331fbc09fcdb7e26fa3589'/>
<id>urn:sha1:e5c348378f46bf10d1331fbc09fcdb7e26fa3589</id>
<content type='text'>
Add Patch file to fix CVE-2024-20696

CVE: CVE-2024-20696

(From OE-Core rev: a3b0a4a53e99e4faa42a6e7be5713b12acc63dba)

Signed-off-by: Nitin Wankhade &lt;nitin.wankhade@kpit.com&gt;
Signed-off-by: Nikhil R &lt;nikhilr5@kpit.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>libpam: fix CVE-2024-10041</title>
<updated>2024-12-13T13:21:54+00:00</updated>
<author>
<name>Divya Chellam</name>
<email>divya.chellam@windriver.com</email>
</author>
<published>2024-12-09T13:18:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a5e0237596b3d4b7026bba75c6cc6e5f44bc8197'/>
<id>urn:sha1:a5e0237596b3d4b7026bba75c6cc6e5f44bc8197</id>
<content type='text'>
A vulnerability was found in PAM. The secret information is
stored in memory, where the attacker can trigger the victim
program to execute by sending characters to its standard
input (stdin). As this occurs, the attacker can train the
branch predictor to execute an ROP chain speculatively.
This flaw could result in leaked passwords, such as those
found in /etc/shadow while performing authentications.

References:
https://security-tracker.debian.org/tracker/CVE-2024-10041

Upstream patches:
https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be

(From OE-Core rev: 0e76d9bf150ac3bf96081cc1bda07e03e16fe994)

Signed-off-by: Divya Chellam &lt;divya.chellam@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>tzdata&amp;tzcode-native: upgrade 2024a -&gt; 2024b</title>
<updated>2024-12-06T13:50:25+00:00</updated>
<author>
<name>Jinfeng Wang</name>
<email>jinfeng.wang.cn@windriver.com</email>
</author>
<published>2024-11-18T07:07:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d80d8de55630d601a995593f19dc33f559d9caa4'/>
<id>urn:sha1:d80d8de55630d601a995593f19dc33f559d9caa4</id>
<content type='text'>
(From OE-Core rev: 76fcb907f4db9ec64669d81e5e9c6baffac71973)

Signed-off-by: Jinfeng Wang &lt;jinfeng.wang.cn@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
(cherry picked from commit c8d3edb2562ea4d980186e78b4abb5a94b1d7b22)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>acpica: fix CVE-2024-24856</title>
<updated>2024-12-06T13:50:24+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2024-11-25T04:55:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1cb4e6a502e25d526f780100eb09507b5b6b75eb'/>
<id>urn:sha1:1cb4e6a502e25d526f780100eb09507b5b6b75eb</id>
<content type='text'>
The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a
successful allocation, but the subsequent code directly dereferences the
pointer that receives it, which may lead to null pointer dereference. To
fix this issue, a null pointer check should be added. If it is null,
return exception code AE_NO_MEMORY.

Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-24856

(From OE-Core rev: 5c590ccd1973d343f47e7b7171691400490dfc1a)

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>groff: fix rare build race in hdtbl</title>
<updated>2024-11-26T14:11:30+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2024-10-14T12:24:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ef6f0cc60b5c23d1371d8dad0ff64ae1b79fc0f0'/>
<id>urn:sha1:ef6f0cc60b5c23d1371d8dad0ff64ae1b79fc0f0</id>
<content type='text'>
It's possible to build the hdtbl examples before grn has been build:

groff: error: couldn't exec grn: No such file or directory

Backport a dependency fix from upstream.

[ YOCTO #15610 ]

(From OE-Core rev: 40003e1f1444f6202b068dcde632571be208594e)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit d590a32423d05cefc4e7282f971f633b3fa0b941)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>libpam: drop cracklib from DEPENDS</title>
<updated>2024-11-26T14:11:30+00:00</updated>
<author>
<name>Guðni Már Gilbert</name>
<email>gudni.m.g@gmail.com</email>
</author>
<published>2024-11-19T17:56:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ca10bad4db99afddaa86ef43b66f74ffe8d94b26'/>
<id>urn:sha1:ca10bad4db99afddaa86ef43b66f74ffe8d94b26</id>
<content type='text'>
cracklib was dropped as a dependency in libpam v1.5.0
See the following commit as reference:
https://github.com/linux-pam/linux-pam/commit/d702ff714c309069111899fd07c09e31c414c166

(From OE-Core rev: 7d0c32584846f6cd12e5bda046fb7ad8f8821de4)

Signed-off-by: Guðni Már Gilbert &lt;gudni.m.g@gmail.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
</feed>
