CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
69,200 Commits 38 Branches 615 Tags 255 MiB
7c4bd642e4
Go to file
Divya Chellam 7c4bd642e4 ruby: fix CVE-2024-39908 
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some
DoS vulnerabilities when it parses an XML that has many specific characters
such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be
impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the
patches to fix these vulnerabilities. Users are advised to upgrade. Users
unable to upgrade should avoid parsing untrusted XML strings.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-39908

Upstream-patches:
f1df7d13b3
d146162e9a
b5bf109a59
b8a5f4cd5c
0af55fa49d
c1b64c174e
9f1415a261
c33ea49810
a79ac8b4b4
67efb5951e
1f1e6e9b40
910e5a2b48

(From OE-Core rev: 6e0b70843422cd7cdb25a9e1520dd64bf701fea6)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-01 06:50:49 -08:00
bitbake bitbake: test/fetch: Switch u-boot based test to use our own mirror 2025-07-30 07:47:48 -07:00
contrib contrib/git-hooks: add a sendemail-validate example hook that adds FROM: lines to outgoing patch emails 2020-12-30 14:01:07 +00:00
documentation migration-guides: add release notes for 4.0.31 2025-11-19 08:21:24 -08:00
meta ruby: fix CVE-2024-39908 2025-12-01 06:50:49 -08:00
meta-poky poky.conf: bump version for 4.0.31 2025-10-31 06:29:24 -07:00
meta-selftest pulseaudio: Add audio group explicitly 2025-09-08 08:27:11 -07:00
meta-skeleton useradd-example: do not use unsupported clear text password 2024-03-12 04:06:19 -10:00
meta-yocto-bsp yocto-bsp: update to v5.15.150 2024-03-13 07:39:09 -10:00
scripts oe-build-perf-report: relax metadata matching rules 2025-11-24 06:57:39 -08:00
.gitignore bitbake: gitignore: ignore runqueue-tests/bitbake-cookerdaemon.log 2021-03-12 16:47:12 +00:00
.templateconf
LICENSE meta/lib+scripts: Convert to SPDX license headers 2019-05-09 16:31:55 +01:00
LICENSE.GPL-2.0-only meta/lib+scripts: Convert to SPDX license headers 2019-05-09 16:31:55 +01:00
LICENSE.MIT meta/lib+scripts: Convert to SPDX license headers 2019-05-09 16:31:55 +01:00
MAINTAINERS.md MAINTAINERS: add overlayfs maintainer 2021-08-12 06:26:15 +01:00
Makefile bitbake: sphinx: rename Makefile.sphinx 2020-10-06 13:54:27 +01:00
MEMORIAM MEMORIAM: Add recognition for contributors no longer with us 2020-01-30 15:22:35 +00:00
oe-init-build-env oe-init-build-env: add quotes around variables to prevent word splitting 2022-04-05 22:23:40 +01:00
README.hardware.md README: Move to using markdown as the format 2021-06-16 16:33:18 +01:00
README.md Add README link to README.poky 2021-07-19 18:07:21 +01:00
README.OE-Core.md README.OE-Core.md: update URLs 2021-12-01 22:42:00 +00:00
README.poky.md README: Move to using markdown as the format 2021-06-16 16:33:18 +01:00
README.qemu.md README.OE-Core/README.qemu: Move to markdown format 2021-07-20 08:51:06 +01:00
SECURITY.md SECURITY.md: Add file 2023-10-24 05:28:15 -10:00

README.md

Poky

Poky is an integration of various components to form a pre-packaged build system and development environment which is used as a development and validation tool by the Yocto Project. It features support for building customised embedded style device images and custom containers. There are reference demo images ranging from X11/GTK+ to Weston, commandline and more. The system supports cross-architecture application development using QEMU emulation and a standalone toolchain and SDK suitable for IDE integration.

Additional information on the specifics of hardware that Poky supports is available in README.hardware. Further hardware support can easily be added in the form of BSP layers which extend the systems capabilities in a modular way. Many layers are available and can be found through the layer index.

As an integration layer Poky consists of several upstream projects such as BitBake, OpenEmbedded-Core, Yocto documentation, the 'meta-yocto' layer which has configuration and hardware support components. These components are all part of the Yocto Project and OpenEmbedded ecosystems.

The Yocto Project has extensive documentation about the system including a reference manual which can be found at https://docs.yoctoproject.org/

OpenEmbedded is the build architecture used by Poky and the Yocto project. For information about OpenEmbedded, see the OpenEmbedded website.

Contribution Guidelines

The project works using a mailing list patch submission process. Patches should be sent to the mailing list for the repository the components originate from (see below). Throughout the Yocto Project, the README files in the component in question should detail where to send patches, who the maintainers are and where bugs should be reported.

A guide to submitting patches to OpenEmbedded is available at:

https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded

There is good documentation on how to write/format patches at:

https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines

Where to Send Patches

As Poky is an integration repository (built using a tool called combo-layer), patches against the various components should be sent to their respective upstreams:

OpenEmbedded-Core (files in meta/, meta-selftest/, meta-skeleton/, scripts/):

BitBake (files in bitbake/):

Documentation (files in documentation/):

meta-yocto (files in meta-poky/, meta-yocto-bsp/):

If in doubt, check the openembedded-core git repository for the content you intend to modify as most files are from there unless clearly one of the above categories. Before sending, be sure the patches apply cleanly to the current git repository branch in question.

CII Best Practices