CaROS/poky

mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00

Go to file

Yogita Urade 65d58821e0 ofono: fix CVE-2024-7547 oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of user- supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23460. Reference: https://security-tracker.debian.org/tracker/CVE-2024-7547 Upstream patch: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=305df050d02aea8532f7625d6642685aa530f9b0 (From OE-Core rev: 8c32d91b64ae296d7832ddeb42983f4f3c237946) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>		2025-01-18 06:21:02 -08:00
bitbake	bitbake: fetch/wget: Increase timeout to 100s from 30s	2024-12-02 06:23:20 -08:00
contrib	contrib/git-hooks: add a sendemail-validate example hook that adds FROM: lines to outgoing patch emails	2020-12-30 14:01:07 +00:00
documentation	ref-manual: move runtime-testing section to the test-manual	2025-01-09 08:41:04 -08:00
meta	ofono: fix CVE-2024-7547	2025-01-18 06:21:02 -08:00
meta-poky	poky.conf: bump version for 4.0.24	2025-01-09 08:41:04 -08:00
meta-selftest	selftest/license: Exclude from world	2023-07-01 08:37:25 -10:00
meta-skeleton	useradd-example: do not use unsupported clear text password	2024-03-12 04:06:19 -10:00
meta-yocto-bsp	yocto-bsp: update to v5.15.150	2024-03-13 07:39:09 -10:00
scripts	resulttool: Improve repo layout for oeselftest results	2024-12-09 07:54:03 -08:00
.gitignore	bitbake: gitignore: ignore runqueue-tests/bitbake-cookerdaemon.log	2021-03-12 16:47:12 +00:00
.templateconf
LICENSE
LICENSE.GPL-2.0-only
LICENSE.MIT
MAINTAINERS.md	MAINTAINERS: add overlayfs maintainer	2021-08-12 06:26:15 +01:00
Makefile	bitbake: sphinx: rename Makefile.sphinx	2020-10-06 13:54:27 +01:00
MEMORIAM	MEMORIAM: Add recognition for contributors no longer with us	2020-01-30 15:22:35 +00:00
oe-init-build-env	oe-init-build-env: add quotes around variables to prevent word splitting	2022-04-05 22:23:40 +01:00
README.hardware.md	README: Move to using markdown as the format	2021-06-16 16:33:18 +01:00
README.md	Add README link to README.poky	2021-07-19 18:07:21 +01:00
README.OE-Core.md	README.OE-Core.md: update URLs	2021-12-01 22:42:00 +00:00
README.poky.md	README: Move to using markdown as the format	2021-06-16 16:33:18 +01:00
README.qemu.md	README.OE-Core/README.qemu: Move to markdown format	2021-07-20 08:51:06 +01:00
SECURITY.md	SECURITY.md: Add file	2023-10-24 05:28:15 -10:00

README.md

Poky

Poky is an integration of various components to form a pre-packaged build system and development environment which is used as a development and validation tool by the Yocto Project. It features support for building customised embedded style device images and custom containers. There are reference demo images ranging from X11/GTK+ to Weston, commandline and more. The system supports cross-architecture application development using QEMU emulation and a standalone toolchain and SDK suitable for IDE integration.

Additional information on the specifics of hardware that Poky supports is available in README.hardware. Further hardware support can easily be added in the form of BSP layers which extend the systems capabilities in a modular way. Many layers are available and can be found through the layer index.

As an integration layer Poky consists of several upstream projects such as BitBake, OpenEmbedded-Core, Yocto documentation, the 'meta-yocto' layer which has configuration and hardware support components. These components are all part of the Yocto Project and OpenEmbedded ecosystems.

The Yocto Project has extensive documentation about the system including a reference manual which can be found at https://docs.yoctoproject.org/

OpenEmbedded is the build architecture used by Poky and the Yocto project. For information about OpenEmbedded, see the OpenEmbedded website.

Contribution Guidelines

The project works using a mailing list patch submission process. Patches should be sent to the mailing list for the repository the components originate from (see below). Throughout the Yocto Project, the README files in the component in question should detail where to send patches, who the maintainers are and where bugs should be reported.

A guide to submitting patches to OpenEmbedded is available at:

https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded

There is good documentation on how to write/format patches at:

https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines

Where to Send Patches

As Poky is an integration repository (built using a tool called combo-layer), patches against the various components should be sent to their respective upstreams:

OpenEmbedded-Core (files in meta/, meta-selftest/, meta-skeleton/, scripts/):

Git repository: https://git.openembedded.org/openembedded-core/
Mailing list: openembedded-core@lists.openembedded.org

BitBake (files in bitbake/):

Git repository: https://git.openembedded.org/bitbake/
Mailing list: bitbake-devel@lists.openembedded.org

Documentation (files in documentation/):

Git repository: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-docs/
Mailing list: docs@lists.yoctoproject.org

meta-yocto (files in meta-poky/, meta-yocto-bsp/):

Git repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-yocto
Mailing list: poky@lists.yoctoproject.org

If in doubt, check the openembedded-core git repository for the content you intend to modify as most files are from there unless clearly one of the above categories. Before sending, be sure the patches apply cleanly to the current git repository branch in question.