mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-03-10 17:29:40 +01:00

Commit Graph

Author	SHA1	Message	Date
Peter Marko	3f6144ca20	go-binary-native: ignore CVE-2025-0913 This was already done for all other go recipes. (From OE-Core rev: 63dfdbf774dc24ea4e736a6d13d6aa8c72ebee4d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-09-01 08:30:56 -07:00
Peter Marko	e8a99c83b3	go: set status of CVE-2024-3566 NVD ([1]) tracks this as: cpe:2.3🅰️golang:go:::::::: Running on/with cpe:2.3⭕microsoft:windows:-:::::::* Yocto cve-check ignores the "Running on/with", so it needs to be ignored explicitly. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566 (From OE-Core rev: b8841097eaf7545abf56eb52a122e113b54ba2a7) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-06-25 08:35:09 -07:00
Peter Marko	ccb6625fee	go: upgrade 1.22.11 -> 1.22.12 Upgrade to latest 1.22.x release [1]: $ git --no-pager log --oneline go1.22.11..go1.22.12 5817e65094 (tag: go1.22.12) [release-branch.go1.22] go1.22.12 0cc45e7ca6 [release-branch.go1.22] crypto/internal/fips140/nistec: make p256NegCond constant time on ppc64le c3c6a50095 [release-branch.go1.22] cmd/go/internal/modfetch: do not trust server to send all tags in shallow fetch e0a01acd04 [release-branch.go1.22] cmd/compile: fix write barrier coalescing Fixes CVE-2025-22866 [1] https://github.com/golang/go/compare/go1.22.11...go1.22.12 (From OE-Core rev: 423ad5a67768738dac454b1e2aa27746f74511c5) (From OE-Core rev: 9862cb44ad0f85eebbd9c7f6bcbf22df9cc10d0f) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-02-14 06:38:54 -08:00

Author

SHA1

Message

Date

Peter Marko

3f6144ca20

go-binary-native: ignore CVE-2025-0913

This was already done for all other go recipes.

(From OE-Core rev: 63dfdbf774dc24ea4e736a6d13d6aa8c72ebee4d)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-09-01 08:30:56 -07:00

Peter Marko

e8a99c83b3

go: set status of CVE-2024-3566

NVD ([1]) tracks this as:
cpe:2.3🅰️golang:go:*:*:*:*:*:*:*:*
Running on/with
  cpe:2.3⭕microsoft:windows:-:*:*:*:*:*:*:*

Yocto cve-check ignores the "Running on/with", so it needs to be ignored
explicitly.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566

(From OE-Core rev: b8841097eaf7545abf56eb52a122e113b54ba2a7)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-06-25 08:35:09 -07:00

Peter Marko

ccb6625fee

go: upgrade 1.22.11 -> 1.22.12

Upgrade to latest 1.22.x release [1]:

$ git --no-pager log --oneline go1.22.11..go1.22.12
5817e65094 (tag: go1.22.12) [release-branch.go1.22] go1.22.12
0cc45e7ca6 [release-branch.go1.22] crypto/internal/fips140/nistec: make p256NegCond constant time on ppc64le
c3c6a50095 [release-branch.go1.22] cmd/go/internal/modfetch: do not trust server to send all tags in shallow fetch
e0a01acd04 [release-branch.go1.22] cmd/compile: fix write barrier coalescing

Fixes CVE-2025-22866

[1] https://github.com/golang/go/compare/go1.22.11...go1.22.12

(From OE-Core rev: 423ad5a67768738dac454b1e2aa27746f74511c5)

(From OE-Core rev: 9862cb44ad0f85eebbd9c7f6bcbf22df9cc10d0f)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-02-14 06:38:54 -08:00

3 Commits