summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* bitbake: bitbake: fetch: Fix BB_FETCH_PREMIRRORONLY for git mirror tarballsJulian Haller2025-04-101-0/+4
| | | | | | | | | | | | | When invoking the original git fetcher after downloading a mirror tarball, BB_FETCH_PREMIRRORONLY is ignored. This leads to git fetch commands targeting the upstream source being executed silently. Ensure setting BB_NO_NETWORK before invoking the original fetcher. While this was only observed for git, setting this in general for all fetcher types makes sense at this location. (Bitbake rev: 1b1321f2b60c0a66159e3f20c6befcb0b3ccc4c7) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky-bleeding: Drop debug codeRichard Purdie2025-04-101-2/+0
| | | | | | | | Drop some debug code which shouldn't have been merged. (From meta-yocto rev: 18926b88f44e870e64efa7b3cd7e1dc56ce6cbb0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest pokybleeding.py: add test for poky-bleeding.bbclassMikko Rapeli2025-04-101-0/+32
| | | | | | | | | | | The class sets SRCREV to AUTOINC for recipes with single or multiple repositories. Test those cases. (From meta-yocto rev: b7185b27b8acb43eaf9c27787903173ea34a0738) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky-bleeding.bbclass: support recipes with multiple scm SRCREVsMikko Rapeli2025-04-101-0/+5
| | | | | | | | | | | Recipes with multiple repositories in SRC_URI use SRCREV with repo postfix. Set them to AUTOREV too. (From meta-yocto rev: e495ebd7039ff7b0dd9452343f8153698b5f6575) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* barebox-tools: clean up yamltree from dtcHongxu Jia2025-04-102-0/+64
| | | | | | | | | | | | | | | | | | | | | | Refer Linux commit [dt-bindings: kbuild: Use DTB files for validation][1], clean up yamltree from dtc to avoid compile failure while include <yaml.h> in non-standard path | tmp/work/core2-64-wrs-linux/barebox-tools/2025.02.0/barebox-2025.02.0/scripts/ dtc/yamltree.c:9:10: fatal error: yaml.h: No such file or directory | 9 | #include <yaml.h> Since barebox actually doesn't do any dtb binding checks at the moment, just remove the test of /usr/include/yaml.h, hard-code the -DNO_YAML and remove yamltree.c from DTC_SOURCE [1] https://github.com/torvalds/linux/commit/ef8795f3f1ce (From OE-Core rev: 9eed65e4b527ae461b3993c455f129a80d0c2416) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* hwdata: upgrade 0.393 -> 0.394Wang Mingyu2025-04-101-2/+2
| | | | | | | | (From OE-Core rev: c727faa835dfbc792d5008bbcb0ca6c5a81cb029) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sbc: upgrade 2.0 -> 2.1Wang Mingyu2025-04-101-3/+4
| | | | | | | | | License-Update: Using SPDX-License-Identifier: LGPL-2.1-or-later to replace the description of license (From OE-Core rev: 0480ef4471c51e37a4e2279987a2fa30e38e2209) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* llvm: upgrade 20.1.1 -> 20.1.2Wang Mingyu2025-04-101-1/+1
| | | | | | | | (From OE-Core rev: 6360b6ac31059ef2436ea55ffc162eb441ce156d) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cmake: Avoid using undocumented type for CURLOPT_NETRC valuesWang Mingyu2025-04-102-0/+31
| | | | | | | | (From OE-Core rev: 9ac12c84820188f51d02a6c76785b4be8e5737bb) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xserver-xorg: remove sub-package ${PN}-xwaylandKai Kang2025-04-101-3/+0
| | | | | | | | | | | | | | | | | xwayland has been split to a standalone package via commit * 4ee66f574 Drop XWayland DDX https://gitlab.freedesktop.org/xorg/xserver/-/commit/4ee66f574 and there is a recipe for xwayland in oe-core too. So remove sub-package ${PN}-xwayland from xserver-xorg accordingly. (From OE-Core rev: 59e759207e349bece9da8bbcb5216df5923d243b) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Undef _TIME_BITS in sanitizer_procmaps_solaris.cppJiaying Song2025-04-102-0/+63
| | | | | | | | | | | | | | | | | | | | gcc-sanitizers fail to build when both -D_TIME_BITS=64 and -D_FILE_OFFSET_BITS=64 are defined. This is because sanitizer_procmaps_solaris.cpp explicitly undefines _FILE_OFFSET_BITS before including any headers, which causes _TIME_BITS=64 to violate the requirement in glibc: /usr/include/features-time64.h:26:5: error: "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64" Fixes a build failure on 32-bit Linux platforms when using both -D_TIME_BITS=64 and -D_FILE_OFFSET_BITS=64. (From OE-Core rev: 902085def653ca5194b28a4065043c73e54c9204) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: upgrade 1.24.1 -> 1.24.2Peter Marko2025-04-107-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to latest 1.24.x release [1]: $ git --no-pager log --oneline go1.24.0..go1.24.1 339c903a75 (tag: go1.24.1) [release-branch.go1.24] go1.24.1 334de7982f [release-branch.go1.24] all: updated vendored x/net with security fix 5d6920842b [release-branch.go1.24] runtime/cgo: avoid errors from -Wdeclaration-after-statement 949eae84df [release-branch.go1.24] cmd/compile: don't pull constant offsets out of pointer arithmetic 0bfde51e0d [release-branch.go1.24] runtime: document that cleanups can run concurrently with each other 45a52718e3 [release-branch.go1.24] runtime/cgo: avoid errors from -Wdeclaration-after-statement 7f375e2c22 [release-branch.go1.24] reflect: let Value.Seq return the iteration value correct type 4070531920 [release-branch.go1.24] syscall: disable O_DIRECTORY on Windows for js/wasm 5ffdb9c88b [release-branch.go1.24] reflect: correctly handle method values in Seq becc17ebcd [release-branch.go1.24] runtime: use WCLONE when waiting on pidfd test child d418e224ae [release-branch.go1.24] syscall: don't send child signal when testing pidfd 456eaf5c29 [release-branch.go1.24] cmd/compile: don't report newLimit discovered when unsat happens multiple times e4ef83383e [release-branch.go1.24] debug/buildinfo: base64-encode test binaries 4e6d3468cc [release-branch.go1.24] cmd/compile: ensure we don't reuse temporary register f5c388313f [release-branch.go1.24] internal/godebugs: add fips140 as an opaque godebug setting af236716b2 [release-branch.go1.24] cmd/compile, runtime: use deferreturn as target PC for recover from deferrangefunc 0f7b7600fb [release-branch.go1.24] doc/godebug: mention GODEBUG=fips140 eb58df7dbf [release-branch.go1.24] cmd/compile: avoid infinite recursion when inlining closures 30f4d9e117 [release-branch.go1.24] syscall: don't truncate newly created files on Windows bb0e5c2045 [release-branch.go1.24] runtime: fix usleep on s390x/linux cd0e528d3d [release-branch.go1.24] runtime: add some linknames back for `github.com/bytedance/sonic` 80e2e474b8 [release-branch.go1.24] cmd/go: initialize req.Header when loading git credential Fixes CVE-2025-22871 [1] https://github.com/golang/go/compare/go1.24.1...go1.24.2 (From OE-Core rev: c83927d94bc0afe2205324a976e9495d6df00caf) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nativesdk-buildtools-perl-dummy: add more missing packagesDenys Dmytriyenko2025-04-101-0/+5
| | | | | | | | | | | | | | | There could be several more nativesdk perl packages generated based on flags and dependencies that should not be installed into the SDK when "dummy-sdk-package" facility is used. Add them to the exclusion list here. [YOCTO #15552] (From OE-Core rev: 2b1ec442cf8c0d5753376e52bca5f8da5350848c) Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-check-layer: expect success for test_patches_upstream_statusGyorgy Sarvari2025-04-101-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | When the Upstream-Status tag for patches became mandatory, the test verifying the presence of this tag was made to not fail the layer compatibility tests, in order to allow time for the maintainers to adapt to this change. This was two years before this commit. Since then the layer compatibility script shows a cryptic "unexpected success" result for this test, which of course becomes clear once one checks the code and commit history, but it is a nuisance still, which shouldn't be needed to understand the result. This commit removes the the related annotation so the compatibility check will pass or fail with a clear message - in hope that 2 years was enough for active maintainers to adjust their patches. (From OE-Core rev: 64175a41f48fce69a5205000865cc3b8648476f7) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: ignore CVE-2023-1386Madhu Marri2025-04-101-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Upstream Repository: https://gitlab.com/qemu-project/qemu.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1386 Type: Security Advisory CVE: CVE-2023-1386 Score: 3.3 Analysis: - According to redhat[1] this CVE has closed as not a bug. Reference: [1] https://bugzilla.redhat.com/show_bug.cgi?id=2223985 (From OE-Core rev: 6a5d9e3821246c39ec57fa483802e1bb74fca724) (From OE-Core rev: 5aecfb1a236bcef60a4337e7848e2bbc688c5798) Signed-off-by: Madhu Marri <madmarri@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade 3.4.1 -> 3.5.0Peter Marko2025-04-104-12/+12
| | | | | | | | | | | | | | | | | | | | | | This is new openssl LTS release. Release information: * https://openssl-library.org/post/2025-02-20-openssl-3.5-lts/ * https://openssl-library.org/post/2025-04-08-openssl-35-final-release/ * https://github.com/openssl/openssl/releases/tag/openssl-3.5.0 * https://github.com/openssl/openssl/blob/openssl-3.5.0/NEWS.md#openssl-35 packages-split directory does not show any changes relevant for packaging change. There are new config options but they don't seem to be significant enough to need explicit packageconfig options. (From OE-Core rev: 6ff6e86a06ba081eb9afd83e62c128f987cce0ef) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes-recipe: npm: Complain immediately if npm-shrinkwrap.json is too oldMike Crowe2025-04-101-0/+3
| | | | | | | | | | | | | | | | | | | | | | Rather than emitting: Exception: KeyError: 'packages' and a stack trace, let's fail immediately if lockfileVersion implies that the npm-shrinkwrap.json file isn't compatible. The documentation[1] doesn't make it clear which lockfileVersions are guaranteed to contain "packages". I have lockfileVersion 1 files without. Running npm 7.5.2 generates npm-shrinkwrap.json files with lockfileVersion 2 and "packages", so I've set the minimum to be 2. [1] https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json (From OE-Core rev: 4d3cbd11bc9cc0bf5a8571ecd3ce6e5e5c6ef6eb) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* u-boot: upgrade 2025.01 -> 2025.04Fabio Estevam2025-04-103-2/+2
| | | | | | | | | | | | Upgrade to U-Boot 2025.04. While at it, pass the tag parameter in SRC_URI. (From OE-Core rev: 4a1671159ec05e9b013a7fd31f65d50302e657e0) Signed-off-by: Fabio Estevam <festevam@denx.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: upgrade 257.4 -> 257.5Wang Mingyu2025-04-105-2/+2
| | | | | | | | (From OE-Core rev: 05618ac2c6f69e0f41fb95e517382bf1177f0735) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-typing-extensions: upgrade 4.13.0 -> 4.13.1Wang Mingyu2025-04-101-1/+1
| | | | | | | | | | | | | Changelog: ============ - Fix regression in 4.13.0 on Python 3.10.2 causing a TypeError when using Concatenate. - Fix TypeError when using evaluate_forward_ref on Python 3.10.1-2 and 3.9.8-10. (From OE-Core rev: c8f1d63a786702e9dfba70f3c070f4a74356c4be) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-lxml: upgrade 5.3.1 -> 5.3.2Wang Mingyu2025-04-101-1/+1
| | | | | | | | | | | | Changelog: * Binary wheels use libxml2 2.12.10 and libxslt 1.1.42. * Binary wheels for Windows use a patched libxml2 2.11.9 and libxslt 1.1.39. (From OE-Core rev: 9b10654668dc372fa0e57afe113fd82a89ebce15) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-flit-core: upgrade 3.11.0 -> 3.12.0Wang Mingyu2025-04-101-1/+1
| | | | | | | | (From OE-Core rev: 1063bb21317954c30a3dafbf24fad3349e9a2cbd) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-calver: upgrade 2025.04.01 -> 2025.04.02Wang Mingyu2025-04-101-1/+1
| | | | | | | | | | | | | Changelog: ============ - Update build backend - Support running tests from source distribution (From OE-Core rev: 0166cd80a538d3a326ff0593b9c8bebde1cdc561) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meson: upgrade 1.7.1 -> 1.7.2Wang Mingyu2025-04-102-6/+6
| | | | | | | | | | | 0001-Make-CPU-family-warnings-fatal.patch refreshed for 1.7.2 (From OE-Core rev: b8c15494900cdacfdcfa18526b8ad33cb9ce5ee3) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lighttpd: upgrade 1.4.78 -> 1.4.79Wang Mingyu2025-04-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: =========== * [ci] update deps pkg names for lighttpd on Cygwin * [ci] MSYS detection kludge in tests/LightyTest.pm * [autotools] spelling Couldn't => Could not * [mod_openssl] revert SSL_CTX default cert assign * [mod_openssl] spelling in comment * [TLS] issue trace if unable to check/refresh cert * [ci] Cygwin Invoke-WebRequest -MaximumRetryCount 3 * [ci] Cygwin prefer D:\ drive * [ci] Cygwin remove redundant call to setup.exe * [core] set server.max-fds = 4096 if not specified * [core] clear Linux ambient capabilities, if any * [core] rename remove_pid_file() -> server_pid_file_remove() * [core] retry pidfile open on Linux * [doc] systemd lighttpd.service hardening * [doc] move TLS config to separate file tls.conf * [doc] systemd lighttpd.service hardening addition * [doc] systemd lighttpd*.socket activation examples * [core] default listen() backlog to SOMAXCONN * [ci] fix meson build execution selection (From OE-Core rev: 5066f75e7588a158111bedbf1ce9975e2d26c2c7) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* harfbuzz: upgrade 11.0.0 -> 11.0.1Wang Mingyu2025-04-101-1/+1
| | | | | | | | (From OE-Core rev: 6b5880eb73e62f1b4ae4b7ff90f33e14b35c88d4) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gawk: upgrade 5.3.1 -> 5.3.2Wang Mingyu2025-04-103-60/+5
| | | | | | | | | | | | | | 0001-Add-parameter-signatures-for-getenv-and-getopt.patch removed since it's included in 5.3.2 0001-configure.ac-re-enable-disabled-printf-features.patch refreshed for 5.3.2` (From OE-Core rev: a8773ae9d866063e0562589af44b90a89b5cd93c) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ell: upgrade 0.75 -> 0.76Wang Mingyu2025-04-101-1/+1
| | | | | | | | | | | Changelog: Fix issue with random scalar generation. (From OE-Core rev: 62bd49794d7654d3d111bff10bd40e812c05f2ee) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lib: oe: Add cve_check to BBIMPORTSJoshua Watt2025-04-101-1/+2
| | | | | | | | | | | Adds cve_check.py to BBIMPORTS so the functions it exposes will be correctly scanned for dependencies in the dependency scanner (From OE-Core rev: 52ead33c6b6e2532c57b7b28b862ba38b575f9e3) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libjpeg-turbo: fix upstream release checkingRoss Burton2025-04-101-5/+2
| | | | | | | | | | | | | | New releases are no longer made to SourceForge and the GitHub releases are considered official according to https://libjpeg-turbo.org, so inherit github-releases and update the SRC_URI. This now reports that we need to upgrade to 3.1.0. (From OE-Core rev: e7e11ab30a40ba8862e62c4cc1a0af91ff93b6e5) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf: fix CVE-2025-2295Hongxu Jia2025-04-102-0/+57
| | | | | | | | | | | | | | | | | | According to [1], EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. Refer debian [2], backport a patch from edk2 [3] to fix CVE-2025-2295 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2295 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594 [3] https://github.com/tianocore/edk2/commit/17cdc512f02a2dfd1b9e24133da56fdda099abda (From OE-Core rev: 0f59dec939cf0d313b1b01b1e7bf10e059d9d0ac) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-nvd2-native: add workaround for json5 style listPeter Marko2025-04-101-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NVD responses changed to an invalid json between: * April 5, 2025 at 3:03:44 AM GMT+2 * April 5, 2025 at 4:19:48 AM GMT+2 The last response is since then in format { "resultsPerPage": 625, "startIndex": 288000, "totalResults": 288625, "format": "NVD_CVE", "version": "2.0", "timestamp": "2025-04-07T07:17:17.534", "vulnerabilities": [ {...}, ... {...}, ] } Json does not allow trailing , in responses, that is json5 format. So cve-update-nvd2-native do_Fetch task fails with log backtrace ending: ... File: '/builds/ccp/meta-siemens/projects/ccp/../../poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 234, function: update_db_file 0230: if raw_data is None: 0231: # We haven't managed to download data 0232: return False 0233: *** 0234: data = json.loads(raw_data) 0235: 0236: index = data["startIndex"] 0237: total = data["totalResults"] 0238: per_page = data["resultsPerPage"] ... File: '/usr/lib/python3.11/json/decoder.py', lineno: 355, function: raw_decode 0351: """ 0352: try: 0353: obj, end = self.scan_once(s, idx) 0354: except StopIteration as err: *** 0355: raise JSONDecodeError("Expecting value", s, err.value) from None 0356: return obj, end Exception: json.decoder.JSONDecodeError: Expecting value: line 1 column 1442633 (char 1442632) ... There was no announcement about json format of API v2.0 by nvd. Also this happens only if whole database is queried (database update is fine, even when multiple pages as queried). And lastly it's only the cve list, all other lists inside are fine. So this looks like a bug in NVD 2.0 introduced with some update. Patch this with simple character deletion for now and let's monitor the situation and possibly switch to json5 in the future. Note that there is no native json5 support in python, we'd have to use one of external libraries for it. (From OE-Core rev: 6e526327f5c9e739ac7981e4a43a4ce53a908945) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* numactl: mark Fix-the-test-output-format.patch as InappropriateAlexander Kanavin2025-04-101-1/+1
| | | | | | | | (From OE-Core rev: 8df27ff912a25077222a02d2ca9d1252f1f15c26) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* apr: drop libtoolize_check.patchAlexander Kanavin2025-04-102-38/+0
| | | | | | | | | | | | It's not clear what the intent was: libtool executable is present in the native sysroot and can be used to obtain versions during build time. (From OE-Core rev: 9d16c45ed4caea9b0e3fe6e5dad983707dd10c65) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* avahi: mark initscript.patch as InappropriateAlexander Kanavin2025-04-101-1/+5
| | | | | | | | (From OE-Core rev: 1489c424a7a4728834d8253f81711ac0df25db9d) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: mark no-path-adjust.patch as InappropriateAlexander Kanavin2025-04-101-1/+1
| | | | | | | | (From OE-Core rev: ab08938dc2d5658930a92abc5b4cefe4b975e582) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-devtools: submit 0001-connect-has-a-different-signature-on-musl.patch ↵Alexander Kanavin2025-04-101-1/+1
| | | | | | | | | | upstream (From OE-Core rev: 1ca89ea00103523d8877eed5b71eec2ba824510a) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ifupdown: mark defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch as ↵Alexander Kanavin2025-04-101-1/+1
| | | | | | | | | | Inappropriate (From OE-Core rev: 30eefe0adacc6a064a0958fc8f463a3331ad12fa) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mdadm: update 4.3 -> 4.4Alexander Kanavin2025-04-1014-320/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This update has been tested with glibc/musl and gcc/clang in all four combinations. Drop patches: 0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch 0001-fix-gcc-8-format-truncation-warning.patch 0001-util.c-add-limits.h-include-for-NAME_MAX-definition.patch mdadm-3.3.2_x32_abi_time_t.patch (issue fixed upstream) 0001-include-libgen.h-for-basename-API.patch 0001-mdadm.h-Undefine-dprintf-before-redefining.patch (issue no longer occurs) 0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch (service file significantly rewritten, the need for the tweak should be reassessed) debian-no-Werror.patch (replaced with setting CWFLAGS to an empty string in the recipe; we already set correct flags via CC/CFLAGS, and upstream's only get in the way) (From OE-Core rev: 913312b5b544ce804656fe3a297e09bafb5838fc) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mdadm: fetch from gitAlexander Kanavin2025-04-102-6/+10
| | | | | | | | | | | | | | | Upstream has released a new version (4.4) but not the tarball for it. Adjust one of the devtool selftests, as it requires that the recipe under test is using a tarball. Another selftest also needs to be tweaked to correctly clean up its modifications to that same recipe on test completion. (From OE-Core rev: de635a9bc0392689ff36b50e7f91572d3fbaac09) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* apt: remove 0001-Hide-fstatat64-and-prlimit64-defines-on-musl.patchAlexander Kanavin2025-04-102-49/+0
| | | | | | | | | | | | The recipe unconditionally disables seccomp, so the code isn't even compiled. If this needs to come back in the future please submit upstream first. (From OE-Core rev: 9d058504213f79979a7f1f59527172b71df95a71) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xserver-xorg: submit ↵Alexander Kanavin2025-04-101-2/+5
| | | | | | | | | | 0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch upstream (From OE-Core rev: 74da2ba88c6d2b88a68a3ad63b3603b82d7f4e03) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tcl: provide a description for shared library name fixup patchAlexander Kanavin2025-04-101-2/+8
| | | | | | | | (From OE-Core rev: 71bfc7e302ad66d989cb991b75dfcffdfa455987) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vulkan-samples: rewrite and submit reproducubility patch upstreamAlexander Kanavin2025-04-104-51/+32
| | | | | | | | | | | | At some point the problematic define ceased to be used anywhere, and so we can simply patch it out (and remove the associated option setting from the recipe). (From OE-Core rev: 4acbb1b92b9e51d6a741458d6cbd0c48ab55f6ca) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: submit sysroot patch upstream, drop default-sysroot.patchAlexander Kanavin2025-04-105-118/+49
| | | | | | | | | | | | | | | | | | | | ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch was using a non-standard environment variable, and was replaced with a patch that adds a command line option (and then this was submitted upstream). ca-certificates recipe was tweaked accordingly, and nothing else in core or meta-oe is using update-ca-certificates. Drop default-sysroot.patch as the use case is unclear: sysroot is explicitly specified in all known invocations of update-ca-certificate, and if there's a place where it isn't, then update-ca-certificates will error out trying to write to /etc, and should be fixed to explicitly specify the sysroot. (From OE-Core rev: 90d9f0ba674d4fe8e9291f0513c13dff3775c545) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: remove 0001-dso-link-change.patchAlexander Kanavin2025-04-102-50/+0
| | | | | | | | | | The original linking issues seem to be long gone. (From OE-Core rev: 71b56605f95d87f48a25bc42aa7f830c2ef298fc) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: remove 0001-libasm-may-link-with-libbz2-if-found.patchAlexander Kanavin2025-04-102-40/+0
| | | | | | | | | | The original linking issues seem to be long gone. (From OE-Core rev: 16868477597125296c8618177cd4f61baacd878b) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tcl8: mark pending patches as inappropriateAlexander Kanavin2025-04-103-3/+3
| | | | | | | | | | Upstream submission should be done for tcl 9.x patches. (From OE-Core rev: 2671c3183a74617e79f6879b228f2df8055397fb) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl-cross: submit determinism.patch upstreamAlexander Kanavin2025-04-101-1/+1
| | | | | | | | (From OE-Core rev: 514365235743528802e3f854d21f991a1bc01674) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-utils: replace problematic pending patch with upstream submissionAlexander Kanavin2025-04-103-110/+41
| | | | | | | | | | | | | | | | | | | The now-removed patch was added for clang compatibility, but over time started fixing problems that do not exist, and got its description to mismatch the content. The new patch is fixing the only problem with clang that still occurs. I verified that all files that were patched before still build without errors. If you find other issues (this would be with non-default options probably), please fix them similarly. (From OE-Core rev: 6b8bd203180375a6b97345ddaa5fef7f68219ea6) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-12 08:13:06 +0000