CaROS/poky

mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00

Go to file

Yogita Urade 4543508143 curl: fix CVE-2025-9086 1, A cookie is set using the secure keyword for https://target 2, curl is redirected to or otherwise made to speak with http://target (same hostname, but using clear text HTTP) using the same cookie set 3, The same cookie name is set - but with just a slash as path (path="/"). Since this site is not secure, the cookie should just be ignored. 4, A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-9086 Upstream patch: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 (From OE-Core rev: b0cc7001a628deaa96d1aebb5ded52797898a0be) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>		2025-09-30 08:01:59 -07:00
bitbake	bitbake: bitbake: Bump version to 2.8.1	2025-09-17 15:36:44 -07:00
contrib	contrib/git-hooks: add a sendemail-validate example hook that adds FROM: lines to outgoing patch emails	2020-12-30 14:01:07 +00:00
documentation	migration-guides: add release notes for 5.0.12	2025-09-17 15:36:45 -07:00
meta	curl: fix CVE-2025-9086	2025-09-30 08:01:59 -07:00
meta-poky	poky.conf: bump version for 5.0.12	2025-08-22 06:01:57 -07:00
meta-selftest	pulseaudio: Add audio group explicitly	2025-09-09 09:08:09 -07:00
meta-skeleton	linux-yocto-custom: Fix comment override syntax	2024-07-03 06:28:36 -07:00
meta-yocto-bsp	yocto-bsp/genericarm64: add virtio-gpu	2024-04-08 23:33:53 +01:00
scripts	runqemu: fix special characters bug	2025-09-22 13:17:52 -07:00
.gitignore	vscode: drop .vscode folder	2024-02-19 11:34:33 +00:00
.templateconf	meta-poky/conf: move default templates to conf/templates/default/	2022-09-01 10:07:02 +01:00
LICENSE	meta/lib+scripts: Convert to SPDX license headers	2019-05-09 16:31:55 +01:00
LICENSE.GPL-2.0-only	meta/lib+scripts: Convert to SPDX license headers	2019-05-09 16:31:55 +01:00
LICENSE.MIT	meta/lib+scripts: Convert to SPDX license headers	2019-05-09 16:31:55 +01:00
MAINTAINERS.md	MAINTAINERS.md: no more need for a prelink-cross maintainer	2022-05-07 22:31:21 +01:00
MEMORIAM	MEMORIAM: Add recognition for contributors no longer with us	2020-01-30 15:22:35 +00:00
oe-init-build-env	oe-init-build-env: generate .vscode from template	2024-02-19 11:34:33 +00:00
README.hardware.md	README: Move to using markdown as the format	2021-06-16 16:33:18 +01:00
README.md	Add README link to README.poky	2021-07-19 18:07:21 +01:00
README.OE-Core.md	README: fix mail address in git example command	2023-09-04 10:27:46 +01:00
README.poky.md	README: Move to using markdown as the format	2021-06-16 16:33:18 +01:00
README.qemu.md	README.OE-Core/README.qemu: Move to markdown format	2021-07-20 08:51:06 +01:00
SECURITY.md	SECURITY.md: add file	2023-10-19 11:31:13 +01:00

README.md

Poky

Poky is an integration of various components to form a pre-packaged build system and development environment which is used as a development and validation tool by the Yocto Project. It features support for building customised embedded style device images and custom containers. There are reference demo images ranging from X11/GTK+ to Weston, commandline and more. The system supports cross-architecture application development using QEMU emulation and a standalone toolchain and SDK suitable for IDE integration.

Additional information on the specifics of hardware that Poky supports is available in README.hardware. Further hardware support can easily be added in the form of BSP layers which extend the systems capabilities in a modular way. Many layers are available and can be found through the layer index.

As an integration layer Poky consists of several upstream projects such as BitBake, OpenEmbedded-Core, Yocto documentation, the 'meta-yocto' layer which has configuration and hardware support components. These components are all part of the Yocto Project and OpenEmbedded ecosystems.

The Yocto Project has extensive documentation about the system including a reference manual which can be found at https://docs.yoctoproject.org/

OpenEmbedded is the build architecture used by Poky and the Yocto project. For information about OpenEmbedded, see the OpenEmbedded website.

Contribution Guidelines

Please refer to our contributor guide here: https://docs.yoctoproject.org/dev/contributor-guide/ for full details on how to submit changes.

Where to Send Patches

As Poky is an integration repository (built using a tool called combo-layer), patches against the various components should be sent to their respective upstreams:

OpenEmbedded-Core (files in meta/, meta-selftest/, meta-skeleton/, scripts/):

Git repository: https://git.openembedded.org/openembedded-core/
Mailing list: openembedded-core@lists.openembedded.org

BitBake (files in bitbake/):

Git repository: https://git.openembedded.org/bitbake/
Mailing list: bitbake-devel@lists.openembedded.org

Documentation (files in documentation/):

Git repository: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-docs/
Mailing list: docs@lists.yoctoproject.org

meta-yocto (files in meta-poky/, meta-yocto-bsp/):

Git repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-yocto
Mailing list: poky@lists.yoctoproject.org

If in doubt, check the openembedded-core git repository for the content you intend to modify as most files are from there unless clearly one of the above categories. Before sending, be sure the patches apply cleanly to the current git repository branch in question.