mirror of
https://git.yoctoproject.org/poky
synced 2026-04-13 14:02:21 +02:00
33d7811e07
curl v7.79.0 contained fixes for three CVEs: The description of CVE-2021-22945[1] contains: > This flaw was introduced in commit 2522903b79 but since MQTT support > was marked 'experimental' then and not enabled in the build by default > until curl 7.73.0 (October 14, 2020) we count that as the first flawed > version. which I believe means that curl v7.69.1 is not vulnerable. curl v7.69.1 is vulnerable to both CVE-2021-22946[2] and CVE-22947[3]. These patches are from Ubuntu 20.04's curl 7.68.0 package. The patches applied without conflicts, but I used devtool to regenerate them to avoid fuzz warnings. [1] https://curl.se/docs/CVE-2021-22945.html [2] https://curl.se/docs/CVE-2021-22946.html [3] https://curl.se/docs/CVE-2021-22947.html (From OE-Core rev: b9b343704afc28a6182f699ef17943afacd482a8) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
QEMU Emulation Targets ====================== To simplify development, the build system supports building images to work with the QEMU emulator in system emulation mode. Several architectures are currently supported in 32 and 64 bit variants: * ARM (qemuarm + qemuarm64) * x86 (qemux86 + qemux86-64) * PowerPC (qemuppc only) * MIPS (qemumips + qemumips64) Use of the QEMU images is covered in the Yocto Project Reference Manual. The appropriate MACHINE variable value corresponding to the target is given in brackets.