summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* libsoup-2.4: fix CVE-2025-32907Changqing Li2025-06-252-0/+40
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428 (From OE-Core rev: e6d9dd16d9b70cc8d3a9ca8b2fc542d547b456b9) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: Fix CVE-2025-4969Hitendra Prajapati2025-06-252-0/+77
| | | | | | | | | Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/07b94e27afafebf31ef3cd868866a1e383750086 (From OE-Core rev: 5a6af5bcbe45184e7ac0535549c25cbe64113ba7) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-4948Changqing Li2025-06-252-0/+98
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449 (From OE-Core rev: 95383d7d95631a4c3b385a073ce1deff744bf725) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-46421Changqing Li2025-06-252-0/+140
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439 (From OE-Core rev: 388453296c32759623ed35a8142c6af2df7f30b0) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-32051Changqing Li2025-06-253-0/+88
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/401 (From OE-Core rev: 4af9a40f53a6a9607999f0f4b28d2ce1eaf325a2) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-32907Changqing Li2025-06-253-0/+270
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/429 (From OE-Core rev: e31c9f12193d040480eca6a4be6a9ec6675b19f8) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: Fix CVE-2025-4969Hitendra Prajapati2025-06-252-0/+77
| | | | | | | | | Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/07b94e27afafebf31ef3cd868866a1e383750086 (From OE-Core rev: ea267b82e1fdc5cc7bf055d3eec1190e19ae79de) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: patch CVE-2025-4476Ashish Sharma2025-06-252-0/+39
| | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c] (From OE-Core rev: 4cd294674ed05e1b72e722b46ac1e2b5f3603460) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bsp-guide: update lonely "4.12" kernel reference to "6.12"Robert P. J. Day2025-06-201-1/+1
| | | | | | | | | | | | | To accompany earlier updating of kernel version, update this lonely reference to be consistent. (From yocto-docs rev: 97cd3ee7f3bf1de8454708d1852ea9cdbd45c39b) Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit e26c2018cd663de91ee08e0cba55eda1a4c30210) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bsp guide: update kernel version example to 6.12Robert P. J. Day2025-06-201-8/+13
| | | | | | | | | | | | | | Change the sample kernel version being used from 4.4 to a more modern 6.12. (From yocto-docs rev: 4894e00cc69cf499d28b90a991d4bac0cecb97e7) Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 1bad12b6ccfe1c0d26918926176a0c743568de26) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: classes: nativesdk: move note to appropriate sectionQuentin Schulz2025-06-201-10/+10
| | | | | | | | | | | | | | | | The nativesdk- prefix to the recipe filename should only be used when using the inherit method as the BBCLASSEXTEND method will do some magic when generating the "implicit" name of the recipe. This matches the instructions for the native class. (From yocto-docs rev: 84ab43b9766e0415e090c6af404ce1c61316f384) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 15fe239e1e62b9add737aa732dd7f5e9948ee03d) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: classes: reword to clarify that native/nativesdk options are ↵Quentin Schulz2025-06-201-2/+4
| | | | | | | | | | | | | | | | | | | | exclusive We explain how to create a native (nativesdk) recipe in two different ways via a bullet list but reading quickly the instructions may mislead one into doing both options whereas they are incompatible. This rewords both the nativesdk and native sections so that the second bullet point starts with an Or and explicit that this applies to target recipes. (From yocto-docs rev: c2e814ba75524225390ecad0d3615e48f866374a) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 6d0d338a5f2686ddeee5eed7b6e05f3db800d33a) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Use all of g1_start and g_signalsSunil Dora2025-06-202-0/+193
| | | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=91bb902f58264a2fd50fbce8f39a9a290dd23706] (From OE-Core rev: e0857503de9f427d177fe85c32cf0d2748d779fb) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl rename __condvar_quiesce_and_switch_g1Sunil Dora2025-06-202-0/+161
| | | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=4b79e27a5073c02f6bff9aa8f4791230a0ab1867] (From OE-Core rev: e7eb16d59c81636c1fdffca307768776d990d732) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Fix indentationSunil Dora2025-06-202-0/+170
| | | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=ee6c14ed59d480720721aaacc5fb03213dc153da] (From OE-Core rev: e4b4cd362cfcb7fd6517165ae59cb218420b9039) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loopSunil Dora2025-06-202-0/+106
| | | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=929a4764ac90382616b6a21f099192b2475da674] (From OE-Core rev: eab44f7a027414ef29f6d07617997cc50fc515cd) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Remove unnecessary quadruple check in pthread_cond_waitSunil Dora2025-06-202-0/+118
| | | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=4f7b051f8ee3feff1b53b27a906f245afaa9cee1] (From OE-Core rev: 761758340002f9dbff8e0668f4883ff623b232a0) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Remove unnecessary catch-all-wake in condvar group switchSunil Dora2025-06-202-0/+78
| | | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=b42cc6af11062c260c7dfa91f1c89891366fed3e] (From OE-Core rev: 02f2ac08edb506ec43cec93a5b09f5e6d7df02ec) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Update comments and indentation for new condvar implementationSunil Dora2025-06-202-0/+145
| | | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=0cc973160c23bb67f895bc887dd6942d29f8fee3] (From OE-Core rev: e5296415e97e4d704c4c8d11ad243061a1e14997) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: pthreads NPTL lost wakeup fix 2Sunil Dora2025-06-202-0/+456
| | | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=1db84775f831a1494993ce9c118deaf9537cc50a] (From OE-Core rev: c05290e51d0faf661bac587066a79626919609e8) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* e2fsprogs: removed 'sed -u' optionAditya Tayade2025-06-201-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In embedded box, sed might be provided another providers like Busybox, hence use generic options whenever possible. /bin/sed -> /etc/alternatives/sed /etc/alternatives/sed -> /bin/busybox.nosuid Here used 'sed -u' option is not necessary, hence removed it. Fixes below error: sed: invalid option -- 'u' Also added 'set -eux' option which halts execution of the script on any failures. (From OE-Core rev: 5b3b290baa0a83f493b7ca25d5ffa5ff279bcc69) (From OE-Core rev: fe7fa1ec7d005d858ccbdd81eb6f7bfab04b7e46) Signed-off-by: Aditya Tayade <Aditya.Tayade@kpit.com> Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 07caee1829d2a61bc018fe0e37ecd482922179ee) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit d2da6b5c5668dbc84b905ba2fe4c9b57b580fd82) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xz: Update LICENSE variable for xz packagesaszh072025-06-201-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Update LICENSE defined for xz packages to match the license information provided in the xz COPYING file. The License information from PACKAGERS file of xz mentions packages with lzma files are in public domain.They ask to use GPLv2+, if only it's not possible to mention "PD and GPLv2+". Include PD license with GPLv2 to packages with lzma content: xz-dev package contains lzma header xz-doc package contains lzma man pages xz packages contains lzma binaries Links: https://github.com/tukaani-project/xz/blob/v5.4.6/COPYING https://github.com/tukaani-project/xz/blob/v5.4.6/PACKAGERS (From OE-Core rev: d511c41dac048fbdd93a54136e93b0623a18a83d) (From OE-Core rev: a9b751f211ccfc1c8d58aba290dc8b4de5383acc) Signed-off-by: Bhabu Bindu <bindu.bhabu@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 4e5b955def5d9f305f5aba2c68b73287c03fd163) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpng: Improve ptestPoonam Jadhav2025-06-203-33/+38
| | | | | | | | | | | Install libpng test-suite to run it as a ptest. As the test-suite takes more than 30 seconds to run, add libpng-ptest to PTESTS_SLOW in ptest-packagelists.inc (From OE-Core rev: 5835b803acc255c227213670588dd01c5168c266) Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* babeltrace/libatomic-ops: correct the SRC_URIGuocai He2025-06-202-3/+3
| | | | | | | | | The old SRC_URIs are not available and need to update. (From OE-Core rev: 94d24ff01573dc1d65078c92150dc252b3e9b145) Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* scripts/install-buildtools: Update to 4.0.27Aleksandar Nikolic2025-06-201-2/+2
| | | | | | | | | Update to the 4.0.27 release of the 4.0.27 series for buildtools (From OE-Core rev: 9277fae3c81a269994faa6ba6f6c9bdfc74e11bd) Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCTaszh072025-06-201-0/+2
| | | | | | | | | | | | | | | | | | | | | Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg". However, there are also vulnerabilities where the product is "libswresample", and "libavcodec" as shown below. https://app.opencve.io/vendors/?vendor=ffmpeg Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities where the product is "libswresample libavcodec" as well. (From OE-Core rev: 9684eba5c543de229108008e29afd1dd021a9799) (From OE-Core rev: 34df694e0cdf4c1e3dfc99502a9e615b8c802cdb) Signed-off-by: aszh07 <mail2szahir@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Naman Jain <namanj1@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-1373Colin Pinnell McAllister2025-06-201-0/+5
| | | | | | | | | | CVE-2025-1373 does not appear to affect ffmpeg 5.0.3. The CVE has been added to the ignore list. (From OE-Core rev: 99cda92e387ca071c4235c14a137510a4fb481c2) Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: Fix CVE-2025-46420Vijay Anusuri2025-06-202-0/+61
| | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e] (From OE-Core rev: cb3a01ba6535b129608fb8d07261069f1fb4b84a) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: Fix CVE-2025-32053Vijay Anusuri2025-06-202-0/+39
| | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a] (From OE-Core rev: de40e2f32af4ec930c80858f8d77a5a1b0967069) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: Fix CVE-2025-32053Vijay Anusuri2025-06-202-0/+39
| | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a] (From OE-Core rev: a563a644fcdb556d904c3c391fbf9435fcd4bdf0) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: Fix CVE-2025-32052Vijay Anusuri2025-06-202-0/+31
| | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652] (From OE-Core rev: f1e94b33fac8a1587aacfee13935587dfc6c147a) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: Fix CVE-2025-32052Vijay Anusuri2025-06-202-0/+31
| | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652] (From OE-Core rev: ab4d381f1cfd8613c23da514a0786a7505579203) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: Fix CVE-2025-32050Vijay Anusuri2025-06-202-0/+29
| | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323] (From OE-Core rev: f4866635b88b24d5891f83e23c9cc3fc21876b52) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: Fix CVE-2025-32050Vijay Anusuri2025-06-202-0/+29
| | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323] (From OE-Core rev: c5afbcf487cb7331f641c4dd2c7a972b4cd3c787) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: Fix CVE-2025-2784Vijay Anusuri2025-06-203-0/+215
| | | | | | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304 & https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d] https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435 (From OE-Core rev: b51135e1f7eaa20c97e54f5c52b98963819127e9) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: Fix CVE-2025-2784Vijay Anusuri2025-06-203-0/+189
| | | | | | | | | | | | | | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304 & https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d] https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435 (From OE-Core rev: 5cea727e87489b144cba9b2aa491d0c90f34f93d) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* net-tools: patch CVE-2025-46836Peter Marko2025-06-203-0/+124
| | | | | | | | | Backport patch for this CVE and also patch for its regression. (From OE-Core rev: 7f2ce7ea6bd3397e4a4f3f7bb6957d14838f66c5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-requests: fix CVE-2024-47081Jiaying Song2025-06-202-0/+38
| | | | | | | | | | | | | | | | | | | | Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-47081 Upstream patch: https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef (From OE-Core rev: 37d746033710509ffabc244e0130d20fd81d9673) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Glibc: Fix for CVE-2025-4802Sunil Dora2025-06-202-0/+250
| | | | | | | | | | | | | elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static [https://sourceware.org/bugzilla/show_bug.cgi?id=32976] Upstream-Status: Backport [ https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0 && https://sourceware.org/cgit/glibc/commit/?id=d8f7a79335b0d861c12c42aec94c04cd5bb181e2 ] (From OE-Core rev: 2d0c574852ed934f339547220364f1d236aad987) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* docs: conf.py: silence SyntaxWarning on js_splitter_codeQuentin Schulz2025-06-131-1/+1
| | | | | | | | | | | | | | | | | | | | | The js_splitter_code string contains backslashes that Python tries to use as escape sequence but doesn't manage to, hence the following SyntaxWarning message: documentation/conf.py:188: SyntaxWarning: invalid escape sequence '\p' .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}-]+/gu) Considering that we want this to be sent verbatim to the JS, let's make this a raw string instead. Fixes: d4a98ee19e0c ("conf.py: tweak SearchEnglish to be hyphen-friendly") (From yocto-docs rev: 92bc958301d0aeab0a19e75b8604f01770358195) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit c1056672ef45b197136eb8815728d426337a5901) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* docs: README: specify how to contribute instead of pointing at another fileQuentin Schulz2025-06-131-2/+19
| | | | | | | | | | | | | | | | | | | This repository is partially included in another repository: poky. However its README isn't making it, so documentation/README pointing at the README at the root of the git repository would lead the contributor nowhere. Instead, let's include the appropriate information directly in documentation/README which does make it to the poky git repo. (From yocto-docs rev: acad3d63501d1ee8bd0759438f456488ca7869bf) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 0298318cea2947e65754eab97255164e64a862de) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: clarify KCONFIG_MODE default behaviourCarlos Sánchez de La Lama2025-06-131-9/+2
| | | | | | | | | | | | | KCONFIG_MODE defaults to 'allnoconfig' when not set, regardless of whether KBUILD_DEFCONFIG points to an in-tree or a meta-layer defconfig. (From yocto-docs rev: 5a35f8bd19cca200c6b271f049fb94543de79f06) Signed-off-by: Carlos Sánchez de La Lama <csanchezdll@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit f374b9c426f6c10710e011a4ad660231ee26efb8) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Clean up explanation of minimum required version numbersRobert P. J. Day2025-06-131-2/+2
| | | | | | | | | | | | | Some simple rendering and grammar fixes. (From yocto-docs rev: f8d77cfb917bfbe3b223ec889c6ed296603402c2) Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 9a9624bfc4c523a6edf6f3f0c336e663cc939e75) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 4.0.27Lee Chee Yang2025-06-132-0/+154
| | | | | | | | | | (From yocto-docs rev: 4248e73928346b14da10bb214de28c767f4641b4) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit c4748f5079e5193f82afc1b754816edd40ce9254) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* brief-yoctoprojectqs/ref-manual: Switch to new CDNRichard Purdie2025-06-132-2/+2
| | | | | | | | | | | | | | | The project is switching the way handle our CDN provision of sstate objects, update the URL accordingly. (cherry picked from commit 406e8a8e30404c0538f5aa46f211540bae2b206b) (From yocto-docs rev: 5c9336284c0664e0d56cf602751a9ffef6303002) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* kernel.bbclass: add original package name to RPROVIDES for -image and -baseMartin Jansa2025-06-131-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * -image and -base change PKG to: PKG:${KERNEL_PACKAGE_NAME}-image = "${KERNEL_PACKAGE_NAME}-image-${@legitimize_package_name(d.getVar(KERNEL_VERSION))}" PKG:${KERNEL_PACKAGE_NAME}-base = "${KERNEL_PACKAGE_NAME}-${@legitimize_package_name(d.getVar(KERNEL_VERSION))}" * but only when debian.bbclass is inheritted they add the original package name into RPROVIDES by: https://git.openembedded.org/openembedded-core/commit/?id=3409c4379559afbb1d1d29045582995147a33bbc * fixes the build if some packagegroup or something RDEPENDS on kernel-image or kernel-base and the DISTRO doesn't inherit debian.bbclass * as shown in pkgdata: linux-raspberrypi $ egrep "^(PKG:)|(RPRO)" 6.6.36+git-*/pkgdata/runtime/kernel-image 6.6.36+git-debian/pkgdata/runtime/kernel-image:RPROVIDES:kernel-image: kernel-image (=6.6.36+git@PRSERV_PV_AUTOINC@+733366844f_769634f344) 6.6.36+git-debian/pkgdata/runtime/kernel-image:PKG:kernel-image: kernel-image-6.6.36-v8 6.6.36+git-without-debian/pkgdata/runtime/kernel-image:PKG:kernel-image: kernel-image-6.6.36-v8 linux-raspberrypi $ egrep "^(PKG:)|(RPRO)" 6.6.36+git-*/pkgdata/runtime/kernel-image-image 6.6.36+git-debian/pkgdata/runtime/kernel-image-image:RPROVIDES:kernel-image-image: kernel-image-image (=6.6.36+git@PRSERV_PV_AUTOINC@+733366844f_769634f344) 6.6.36+git-debian/pkgdata/runtime/kernel-image-image:PKG:kernel-image-image: kernel-image-image-6.6.36-v8 6.6.36+git-without-debian/pkgdata/runtime/kernel-image-image:PKG:kernel-image-image: kernel-image-image-6.6.36-v8 (From OE-Core rev: 05498781657a3f8b38b000f91594ecd78850ce47) (From OE-Core rev: 350513959f6800eef6579153c2ae95960ca24ea7) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9cb954884bc3905defa1ff533e668dea13e17cba) Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: upgrade 3.10.16 -> 3.10.18Peter Marko2025-06-1314-155/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop upstreamed patch and refresh remaining patches. * https://www.python.org/downloads/release/python-31017/ Security content in this release * gh-131809: Upgrade vendored expat to 2.7.1 * gh-80222: Folding of quoted string in display_name violates RFC * gh-121284: Invalid RFC 2047 address header after refolding with email.policy.default * gh-131261: Update libexpat to 2.7.0 * gh-105704: CVE-2025-0938 urlparse does not flag hostname containing [ or ] as incorrect * gh-119511: OOM vulnerability in the imaplib module * https://www.python.org/downloads/release/python-31018/ Security content in this release * gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. * gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler. * gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. gh-133767 got meawhile CVE-2025-4516 assigned. (From OE-Core rev: 838a8b5ca148dfa6c6c2c76f1705d1e358a31648) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* git: Fix CVE-2024-50349 and CVE-2024-52006Vijay Anusuri2025-06-134-0/+589
| | | | | | | | | | | | | Upstream-Status: Backport from https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 & https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 & https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 (From OE-Core rev: ed112b58ad0d40bfa36e53a370e964e6a20d694e) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* screen: fix CVE-2025-46804Divya Chellam2025-06-132-0/+132
| | | | | | | | | | | | | | | | | | | A minor information leak when running Screen with setuid-root privileges allosw unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0. Reference: https://security-tracker.debian.org/tracker/CVE-2025-46804 Upstream-patch: https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30 (From OE-Core rev: fa14b05383a322f5fe751c81e8c6f1a8a1df8c9e) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* screen: fix CVE-2025-46802Divya Chellam2025-06-132-0/+147
| | | | | | | | | | | | | | | | For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. Reference: https://security-tracker.debian.org/tracker/CVE-2025-46802 Upstream-patch: https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a (From OE-Core rev: b4074e06ff0531481dbb3788a5c1bf9e013b6239) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-24 13:40:03 +0000