The text format has been removed, so also remove references and examples
using this format. Replace with examples with the JSON format.
(From yocto-docs rev: 9798689e4f4b74163c2e8594f3d1ce082d295aa1)
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a52cd7bcadccc53e982f90d6e170d00798322597)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer
dereference via the component libavformat/mov.c.
(From OE-Core rev: 599ee3f195bc66d57797c121fa0b73a901d6edfa)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module,
a potential security vulnerability exists due to insufficient validation of
certain parameters when parsing Speex codec extradata. This vulnerability
could lead to integer overflow conditions, potentially resulting in undefined
behavior or crashes during the decoding process.
(From OE-Core rev: 3efef582892a5a9286041837098b80aa59d1b688)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library
which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
(From OE-Core rev: 46680bed23ef6f529c7e554b5611a7c098fce8a9)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c
allows remote attackers to cause a denial of service via a series of specially crafted
hexstream requests.
(From OE-Core rev: ce328462a12eeaa59994e2236071aa17a083c263)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This vulnerability was introduced in 5.1, so 5.0.1 is not affected.
(From OE-Core rev: ea6e581067cafd5f367c68871bc312d3ba11b4da)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is no release which is vulnerable to these CVEs.
These vulnerabilities are in new features being developed and were fixed
before release.
NVD most likely does not accept CVE rejection from a non-maintainer and
non-reporter, so ignoring this CVE should be acceptable solution.
(From OE-Core rev: 220a05e27913bf838881c3f22a17d0409c5154a9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit from 2.12 branch.
(From OE-Core rev: ab804cd27ecf7ee65a9feea477140502ecbc0d73)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This reverts commit a9cd3321558e95f61ed4c5eca0dcf5a3f4704925.
The fix for CVE-2023-45237 has been reverted. And the fix for
CVE-2023-45236 depends on it. So revert it too.
(From OE-Core rev: c61e31f192837b05bc309a05aef95c3be5b44997)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This reverts commit 6f8bdaad9d22e65108f859a695277ce1b20ef7c6.
his reverts commit 4c2d3e3730.
The fix for CVE-2023-45237 causes ovmf firmware not support pxe boot
any more and no boot item in OVMF menu such as
UEFI PXEv4 (MAC address)
It has not been fixed by ovmf upstream and an issue has been created on
https://github.com/tianocore/tianocore.github.io/issues/82
Revert the fixes for now.
(From OE-Core rev: d3f399f54042efc6f4ca2092dd11819ae1f7c51f)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error
and resultant heap memory corruption for squashfs directory listing because the
path separator is not considered in a size calculation.
https://nvd.nist.gov/vuln/detail/CVE-2024-57259
(From OE-Core rev: e4b713ff07695487cc9307ffc3576a11775cde4d)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1
occur for a crafted squashfs filesystem via sbrk, via request2size,
or because ptrdiff_t is mishandled on x86_64.
https://nvd.nist.gov/vuln/detail/CVE-2024-57258
(From OE-Core rev: b4bf3ba66052db7a311ac696563a8a0f9c585600)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1
occurs for zalloc (adding one to an le32 variable) via a crafted ext4
filesystem with an inode size of 0xffffffff, resulting in a malloc of
zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57256
(From OE-Core rev: 534aa63726f31241e3a9d4aa70d4005fa0300133)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1
occurs via a crafted squashfs filesystem with an inode size of 0xffffffff,
resulting in a malloc of zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57255
(From OE-Core rev: 687b6e0a166d7dc999b7d226a9bd68155f59a03a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_inode_size in Das U-Boot before
2025.01-rc1 occurs in the symlink size calculation via a
crafted squashfs filesystem.
https://nvd.nist.gov/vuln/detail/CVE-2024-57254
(From OE-Core rev: 956836ab347e9112be0f8892b1b82c4bcb17990c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This patch mitigates the vulnerability identified via CVE-2019-14196.
The previous patch was bypassed/ineffective, and now the vulnerability
is identified via CVE-2022-30767. The patch removes the sanity check
introduced to mitigate CVE-2019-14196 since it's ineffective.
filefh3_length is changed to unsigned type integer, preventing negative
numbers from being used during comparison with positive values during
size sanity checks.
(From OE-Core rev: b7072637ba110718714745a01d67e1b6b0096165)
Signed-off-by: Carlos Dominguez <carlos.dominguez@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Import the favicon from https://www.yoctoproject.org/, convert it to
16x16 (as per the Sphinx documentation) to make a 1291B image of the
Yocto logo.
(From yocto-docs rev: 73119a723b48a4038479591f0443c5acb3d21337)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit e3ee43e6d70685a2404aae2d60557a42879b0bb1)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This patch is ported from a merge request shown below,
and the following represents the original commit text.
------------------------------------------------------
top: In the bye_bye function, replace fputs with the write interface.
When top calls malloc, if a signal is received, it will
call sig_endpgm to process the signal. In the bye_bye function, if the
-b option is enable, the Batch variable is set, the fputs function
will calls malloc at the same time. The malloc function is not reentrant, so
it will cause the program to crash.
(From OE-Core rev: 573f5b2d8fec9f8a4ed17e836ef3feeb6de62e5a)
Signed-off-by: Shaohua Zhan <shaohua.zhan@windriver.com>
------------------------------------------------------
Reference(s):
https://gitlab.com/procps-ng/procps/-/merge_requests/127
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
I have a theory that some of the console boot issues we're seeing are due to
starting images with three serial ports yet only starting gettys on two of them.
This means that occasionally, depending on the port numbering we may not get
a login prompt on the console we expect it on.
To fix this, change the runqemu code so that if serial ports are passed in on
the commandline (as is the case in automated testing), we don't add any other
GUI serial consoles.
We do need to make sure we do have at least two serial ports since we don't want
getty timeout warnings.
(From OE-Core rev: 44e1279970d306b0da4fcc11f9e780915f481819)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b0348535dce3b776efbcf26406b94730a51eb85)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update to the 4.0.24 release of the 4.0 series for buildtools.
(From OE-Core rev: 93b1e2cbee96bd8731a5d5d0fe5462c2518fe8a7)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
(From OE-Core rev: aec2ad743893d72d46c79701a0dac982931e3171)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1
allows attackers to cause a denial of service in the application via a crafted VQA file.
(From OE-Core rev: 93a1e2fd2bb42977339510ef7d71288a88a34ab8)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library
allowing for an integer overflow, potentially resulting in a denial-of-service (DoS)
condition or other undefined behavior.
(From OE-Core rev: 1af53c8dd20662e720ac4dad31833a9d776b795a)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing.
Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate
data can take excessive time, leading to increased resource consumption.
This flaw allows a remote attacker to send a specially crafted certificate, causing
GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
(From OE-Core rev: 5fbe46de6d2e3862316cf486503f18e616c3c0a7)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS
vulnerability when it parses an XML that has many entity expansions
with SAX2 or pull parser API. The REXML gem 3.3.3 or later include
the patch to fix the vulnerability.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41946
Upstream-patch:
033d1909a8
(From OE-Core rev: b0e74fd8922bba8e954a223ec46de5c33d2ff743)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Uses the new foreach_runtime_provider_pkgdata() API to look up all
possible runtime providers of a given dependency when resolving
file-rdeps. This allows the check to correctly handle RPROVIDES for
non-virtual dependencies
(From OE-Core rev: 018fa1b7cb5e6a362ebb45b93e52b0909a782ac9)
(From OE-Core rev: 0ff31972b60dda5d8bada2ffb428cc54bb49e8cf)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Adds an API that makes it easier to iterate over the package data for a
all providers of a runtime dependency.
(From OE-Core rev: 68bdc219a4a819e83217f5b54c463624af8d3b9e)
(From OE-Core rev: 579717212ba2892e32315788ccd65320556d32a3)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
