a4d31bb032
Solves CVE-2024-12243 Refreshed patches License-Update: multiple changes *a8727cdb07COPYING.LESSER updated wording to latest FSF version *75f5ea8073LICENSE file merged to README.md COPYING and COPYING.LESSERv2 moved to top-level directory Release notes: https://gitlab.com/gnutls/gnutls/-/blob/3.8.9/NEWS?ref_type=tags * Version 3.8.9 (released 2025-02-07) ** libgnutls: leancrypto was added as an interim option for PQC The library can now be built with leancrypto instead of liboqs for post-quantum cryptography (PQC), when configured with --with-leancrypto option instead of --with-liboqs. ** libgnutls: Experimental support for ML-DSA signature algorithm The library and certtool now support ML-DSA signature algorithm as defined in FIPS 204 and based on draft-ietf-lamps-dilithium-certificates-04. This feature is currently marked as experimental and can only be enabled when compiled with --with-leancrypto or --with-liboqs. Contributed by David Dudas. ** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism The support for ML-KEM post-quantum key encapsulation mechanisms has been extended to cover ML-KEM-1024, in addition to ML-KEM-768. MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per draft-kwiatkowski-tls-ecdhe-mlkem-03. ** libgnutls: Fix potential DoS in handling certificates with numerous name constraints, as a follow-up of CVE-2024-12133 in libtasn1. The bundled copy of libtasn1 has also been updated to the latest 4.20.0 release to complete the fix. Reported by Bing Shi (#1553). [GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243] ** API and ABI modifications: GNUTLS_PK_MLDSA44: New enum member of gnutls_pk_algorithm_t GNUTLS_PK_MLDSA65: New enum member of gnutls_pk_algorithm_t GNUTLS_PK_MLDSA87: New enum member of gnutls_pk_algorithm_t GNUTLS_SIGN_MLDSA44: New enum member of gnutls_sign_algorithm_t GNUTLS_SIGN_MLDSA65: New enum member of gnutls_sign_algorithm_t GNUTLS_SIGN_MLDSA87: New enum member of gnutls_sign_algorithm_t (From OE-Core rev: 4313d931673dd86aaf590c68f7b1fa364d752740) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Poky
Poky is an integration of various components to form a pre-packaged build system and development environment which is used as a development and validation tool by the Yocto Project. It features support for building customised embedded style device images and custom containers. There are reference demo images ranging from X11/GTK+ to Weston, commandline and more. The system supports cross-architecture application development using QEMU emulation and a standalone toolchain and SDK suitable for IDE integration.
Additional information on the specifics of hardware that Poky supports is available in README.hardware. Further hardware support can easily be added in the form of BSP layers which extend the systems capabilities in a modular way. Many layers are available and can be found through the layer index.
As an integration layer Poky consists of several upstream projects such as BitBake, OpenEmbedded-Core, Yocto documentation, the 'meta-yocto' layer which has configuration and hardware support components. These components are all part of the Yocto Project and OpenEmbedded ecosystems.
The Yocto Project has extensive documentation about the system including a reference manual which can be found at https://docs.yoctoproject.org/
OpenEmbedded is the build architecture used by Poky and the Yocto project. For information about OpenEmbedded, see the OpenEmbedded website.
Contribution Guidelines
Please refer to our contributor guide here: https://docs.yoctoproject.org/dev/contributor-guide/ for full details on how to submit changes.
Where to Send Patches
As Poky is an integration repository (built using a tool called combo-layer), patches against the various components should be sent to their respective upstreams:
OpenEmbedded-Core (files in meta/, meta-selftest/, meta-skeleton/, scripts/):
- Git repository: https://git.openembedded.org/openembedded-core/
- Mailing list: openembedded-core@lists.openembedded.org
BitBake (files in bitbake/):
- Git repository: https://git.openembedded.org/bitbake/
- Mailing list: bitbake-devel@lists.openembedded.org
Documentation (files in documentation/):
- Git repository: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-docs/
- Mailing list: docs@lists.yoctoproject.org
meta-yocto (files in meta-poky/, meta-yocto-bsp/):
- Git repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-yocto
- Mailing list: poky@lists.yoctoproject.org
If in doubt, check the openembedded-core git repository for the content you intend to modify as most files are from there unless clearly one of the above categories. Before sending, be sure the patches apply cleanly to the current git repository branch in question.