summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ffmpeg: fix CVE-2024-36613Archana Polampalli2025-02-142-0/+38
| | | | | | | | | | | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. (From OE-Core rev: 5661bac10db7e20064c10660c47c361b7d2418ee) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-35365Archana Polampalli2025-02-142-0/+63
| | | | | | | | | | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. (From OE-Core rev: 051bc7afc01e72d5ef0fc14683689ab45e4eaab8) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 4.0.24Lee Chee Yang2025-02-122-1/+384
| | | | | | | | | | (From yocto-docs rev: 0e9cc7e9ad5c8bbd7f12a192bff103c118d7f7bb) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 1c848b4104ee0ba9b07cdb424bb829d14f9982d7) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/faq: add q&a on systemd as defaultAntonin Godard2025-02-121-0/+22
| | | | | | | | | | | | | | Originally written by Richard Purdie, but formatted in rst syntax and slight rephrasing. Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> (From yocto-docs rev: 65235b647a855c0ffc8aa71e06b05b78d62ba773) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 110690bee14f7263a5a34145e91e4450ec3bf4e6) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* documentation: Fix typo in standards.mdSimon A. Eugster2025-02-121-1/+1
| | | | | | | | | | (From yocto-docs rev: 103b6955a11d7ece345ac0169317b8a8b8e8a0d9) Signed-off-by: "Simon A. Eugster" <simon.eu@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit e6745669cc26de8f61d5d1ccdd5a95b552eece97) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* selftest/rust: correctly form the PATH environment variableAlexander Kanavin2025-02-121-3/+2
| | | | | | | | | | | | | | | | | | | | There were two issues here: - the path to native python was not included, so the test suite was running with host python, causing failures due to host python being given native libraries: https://autobuilder.yoctoproject.org/typhoon/#/builders/148/builds/1711/steps/12/logs/stdio (rust recipe uses native python throughout) - tmp/hosttools was listead ahead of native-sysroot/usr/bin (From OE-Core rev: 72156282059aa5a013a386eb95f89dc38726326e) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit aec96b5aec8d6b4a5ae8a719ca05bb727a6197cb) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* oeqa/selftest/rust: skip on all MIPS platformsRoss Burton2025-02-121-5/+3
| | | | | | | | | | | | | | | | | | | | | As per "The rustc book"[1], mips*-unknown-linux-* are "tier 3" targets: Tier 3 targets are those which the Rust codebase has support for, but which the Rust project does not build or test automatically, so they may or may not work. We already skip qemumips in this selftest, but we're now also seeing failures with qemumips64 so refactor the test to skip all machines where the architecture is mips or mips64. [1] https://doc.rust-lang.org/nightly/rustc/platform-support.html (From OE-Core rev: 681f5ea8d6a5050aebfb1f656da9ba679433e366) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 177e268811c04260923ac4b16fa047315304add0) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* oeqa/sdk/context: fix for gtk3 test failure during do_testsdkHarish Sadineni2025-02-121-5/+7
| | | | | | | | | | | | | | | | The do_testsdk for lib32-core-image-sato aborts with below error: configure: error: Package requirements (gtk+-3.0) were not met: No package 'gtk+-3.0' found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. This causes due to an absolute path name in 'sdk_env', which is now stripped to have only the environment name. Backport from oe-core master: https://git.openembedded.org/openembedded-core/commit/?id=386e4132a9ced75599d92610cf5c0e8fe907c3b6 (From OE-Core rev: 83c3e40e2361d771a724062e38a1349b87059c75) Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust: remove redundant cargo config fileHarish Sadineni2025-02-121-14/+0
| | | | | | | | | | | | | YOCTO [#15061] The rust target and linker are getting setting from the sdk environment and so the config file is not needed. The redundant config file geneartion is removed. Backport from oe-core master: https://git.openembedded.org/openembedded-core/commit/?id=d5f78816d2ad0f3e43ce883eef199d1683cfcbb4 (From OE-Core rev: 12fd08cf4009d0284ab951cc48a479dcbc74db42) Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust: fix for rust multilib sdk configurationHarish Sadineni2025-02-123-9/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | YOCTO [#15061] The rust sdk installs both 'rust.sh' and 'cargo.sh' for lib32 and lib64 in the same location. This causes below error while installing the lib32 & lib64 binaries: Error: Transaction test error: file /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/environment-setup.d/cargo.sh conflicts between attempted installs of rust-cross-canadian-arm-1.67.1-r0.x86_64_nativesdk and rust-cross-canadian-aarch64-1.67.1-r0.x86_64_nativesdk file /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/environment-setup.d/rust.sh conflicts between attempted installs of rust-cross-canadian-arm-1.67.1-r0.x86_64_nativesdk and rust-cross-canadian-aarch64-1.67.1-r0.x86_64_nativesdk ERROR: Task (virtual:multilib:lib32:/media/build/poky/meta/recipes-sato/images/core-image-sato.bb:do_populate_sdk) failed with exit code '1' The change includes: - Prepending '${RUST_TARGET_SYS}' to 'rust.sh' to differentiate between target systems. - Moving the non-target-specific environment variables to 'nativesdk-cargo' and 'nativesdk-rust', instead of being managed by the cross-canadian recipe. Backport from oe-core master: https://git.openembedded.org/openembedded-core/commit/?id=40eb4bfe2f100ba5301046ca25110fcc55a640bb (From OE-Core rev: 889cda30baccd43e5c82b38752b462aef4ce626c) Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust-common.bbclass: soft assignment for RUSTLIB pathPedro Ferreira2025-02-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | As a user i want to override `RUSTLIB` path on a bbclass, lets call it `XYZ.bbclass`. If a certain recipe inherits `cargo.bbclass` and `XYZ.bbclass` the value of `RUSTLIB` is dependent on the order of the inherit. If `cargo.bbclass` is inherit before `XYZ.bbclass` this will reflect the desired value of `RUSTLIB`, on the oposite, if the `XYZ.bbclass` is inherit before `cargo.bbclass` then the `RUSTLIB` defined on `rust-common.bbclass` will prevail. Changed definition of `RUSTLIB` to soft assignment to make it overridable. (From OE-Core rev: b71da7dd831d768d829c74f6137152f2ca6141b0) Signed-off-by: Pedro Silva Ferreira <Pedro.Silva.Ferreira@criticaltechworks.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> (cherry picked from commit 6eeb832f73ffb48f5f05dc47191f60e4599e640f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pkg-config-native: pick additional search paths from ↵Alexander Kanavin2025-02-122-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | $EXTRA_NATIVE_PKGCONFIG_PATH This was prompted by working on librsvg update: the new meson-driven version wants to query values from .pc files residing in its own build directory, and modifies PKG_CONFIG_PATH accordingly. When using the pkg-config-native wrapper such modifications have no effect, and we have to pass them in manually from the recipe via EXTRA_NATIVE_PKGCONFIG_PATH variable. This variable is already defined (with an empty value) and appended to PKG_CONFIG_PATH export in the native class, so this simply extends its use to the wrapper. (Appending to PKG_CONFIG_PATH in the wrapper, instead of resetting it, is not an option as that can lead to contamination with the cross values). (From OE-Core rev: 2bc050146d47b14d890a1b0db2b55f9057a08b65) (From OE-Core rev: 104737073bd553b9cf93db7ed9575fd50ba6c973) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: File name too long causing failure to open temporary head file in ↵Jiaying Song2025-02-122-0/+209
| | | | | | | | | | | | | | | | | | | | | | | | | dlltool During the execution of the command: i686-w64-mingw32-dlltool --input-def $def_filepath --output-delaylib $filepath --dllname qemu.exe An error occurred: i686-w64-mingw32-dlltool: failed to open temporary head file: ..._w64_mingw32_nativesdk_qemu_8_2_2_build_plugins_libqemu_plugin_api_a_h.s Due to the path length exceeding the Linux system's file name length limit (NAME_MAX=255), the temporary file name generated by the i686-w64-mingw32-dlltool command becomes too long to open. To address this, a new temporary file name prefix is generated using tmp_prefix = prefix_encode ("d", getpid()), ensuring that the file name does not exceed the system's length limit. Allow for "snnnnn.o" suffix when testing against NAME_MAX, and tidy TMP_STUB handling by overwriting a prior nnnnn.o string rather than copying the entire name. (From OE-Core rev: 617df4ee1d6523ded43f156af8206dfca2c0c8ee) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* files: overlayfs-create-dirs: Improve mount unit dependencyEsben Haabendal2025-02-121-2/+1
| | | | | | | | | | | | | | | | | | | | | The RequiresMountsFor configuration option of systemd.unit (added in systemd version 201) not only adds the Requires and After options for the required mount unit, but it adds them for all mount units required to access the specified path. So this change is both a simplification, and an improvement. Not only will all needed mount units be added to Requires and After, but the overlay path does not have to be a mountpoint, but can be at any directory level beneath a mountpoint. (From OE-Core rev: e00920c55a44058e8d2b063bf865df11e59a6185) Signed-off-by: Esben Haabendal <esben@geanix.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> (cherry picked from commit fa2422232a143b21aeea3728abca82100946dbc4) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* files: Amend overlayfs unit descriptions with path informationEsben Haabendal2025-02-122-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having something like Starting Overlayfs directories setup /home... Starting Overlayfs directories setup /root... Finished Overlayfs directories setup /home. Finished Overlayfs directories setup /root. Mounting Overlayfs mount unit /home... Mounting Overlayfs mount unit /root... Mounted Overlayfs mount unit /root. Mounted Overlayfs mount unit /home. is much more informative than Starting Overlayfs directories setup... Starting Overlayfs directories setup... Finished Overlayfs directories setup. Finished Overlayfs directories setup. Mounting Overlayfs mount unit... Mounting Overlayfs mount unit... Mounted Overlayfs mount unit. Mounted Overlayfs mount unit. Especially as the number of overlayfs mount units increase. (From OE-Core rev: 9eb6c41e1c5411193a19e73af81f628171b01407) Signed-off-by: Esben Haabendal <esben@geanix.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 7308b4fc6f51bdf2b8f3b7899ff3758c5968e418) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnupg: upgrade 2.4.4 -> 2.4.5Wang Mingyu2025-02-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== * gpg,gpgv: New option --assert-pubkey-algo. * gpg: Emit status lines for errors in the compression layer. * gpg: Fix invocation with --trusted-keys and --no-options. * gpgsm: Allow for a longer salt in PKCS#12 files. * gpgtar: Make --status-fd=2 work on Windows. * scd: Support for the ACR-122U NFC reader. * scd: Suport D-TRUST ECC cards. * scd: Allow auto detaching of kernel drivers; can be disabled with the new compatibility-flag ccid-no-auto-detach. * scd: Allow setting a PIN length of 6 also with a reset code for openpgp cards. * agent: Allow GET_PASSPHRASE in restricted mode. * dirmngr: Trust system's root CAs for checking CRL issuers. * dirmngr: Fix regression in 2.4.4 in fetching keys via hkps. * gpg-wks-client: Make option --mirror work properly w/o specifying domains. * g13,gpg-wks-client: Allow command style options as in "g13 mount foo". * Allow tilde expansion for the foo-program options. * Make the getswdb.sh tool usable outside the GnuPG tree. (From OE-Core rev: a596d0e3802486dce9eeee2a9cbfdc6372a182d5) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: stable 2.39 branch updatesPeter Marko2025-02-122-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Solves CVE-2025-0395 git log: 662516aca8 stdlib: Test using setenv with updated environ [BZ #32588] 1432850ad8 malloc: obscure calloc use in tst-calloc c1f7bfbe08 Hide all malloc functions from compiler [BZ #32366] 808a84a8b8 Fix underallocation of abort_msg_s struct (CVE-2025-0395) 994b129a35 x86/string: Fixup alignment of main loop in str{n}cmp-evex [BZ #32212] 61daaa7639 x86: Improve large memset perf with non-temporal stores [RHEL-29312] 2c8a7f14fa x86: Avoid integer truncation with large cache sizes (bug 32470) 2c882bf9c1 math: Exclude internal math symbols for tests [BZ #32414] 51da74a97e malloc: add indirection for malloc(-like) functions in tests [BZ #32366] aa8768999e Pass -nostdlib -nostartfiles together with -r [BZ #31753] 350db28393 nptl: initialize cpu_id_start prior to rseq registration 9a0e174a39 nptl: initialize rseq area prior to registration test results: Before After Diff FAIL 208 210 +2 PASS 4906 4905 -1 UNSUPPORTED 230 230 0 XFAIL 16 16 0 XPASS 4 4 0 failed test changes: - nptl/tst-mutexpi8-static - stdlib/tst-qsort4 + malloc/tst-dynarray-fail-mem + malloc/tst-malloc_info + malloc/tst-malloc_info-malloc-check + malloc/tst-malloc_info-malloc-hugetlb2 (From OE-Core rev: 54181d6ca63a720dcebb241892e76e9cdd75260c) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: stable 2.42 branch updateDeepesh Varatharajan2025-02-121-1/+1
| | | | | | | | | | | | | | | Below commits on binutils-2.42 stable branch are updated. 758a2290dbd PR32387 ppc64 TLS optimization bug with -fno-plt code ed489bf1574 s390: Add arch15 Concurrent-Functions Facility insns 64e8e16a906 s390: Add arch15 instruction names Tested on qemux86_64. There were no additional PASS or FAIL after the update (From OE-Core rev: 6ce232df15834cae44f3eda0f786132086afb76e) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual/building: document the initramfs-framework recipeAntonin Godard2025-02-031-1/+83
| | | | | | | | | | | | | | | | | | | [ YOCTO #14747 ] Adding a initramfs is a common task, and the way oe-core offers to do so is by using the initramfs-framework recipe and companion modules. There was already documentation on adding an initramfs but the documentation was lacking details on this framework. Add it before the multiconfig section because it is a bit more important IMO. Reported-by: Alejandro <alejandro@enedino.org> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> (From yocto-docs rev: e1aa69d00e20a5d3c948c430ed10eb01e7baa574) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit caedbca4eced4cf5bc74aaae64e4ad2887c2fc65) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual/ptest: link to common framework ptest classesAntonin Godard2025-02-031-0/+14
| | | | | | | | | | | | | | | We document how to add ptest support for a recipe by inheriting the ptest class. We may as well tell the user to inherit a ptest class for a common framework which does most of the job for you. Suggested-by: Quentin Schulz <quentin.schulz@cherry.de> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> (From yocto-docs rev: 96645900c93abb95419f81e1553d988f3f68dc6a) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 411b18e489a97ea4cde05613cdd4c86deb0cb8cb) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* sdk-manual: extensible.rst: devtool ide-sdk improveAdrian Freihofer2025-02-031-59/+151
| | | | | | | | | | | | | | | | | | | | | | | | The devtool ide-sdk section is reformulated to be independent of the eSDK installer. In fact, ide-sdk does not even support the execution of an installer-based setup. This reformulation is also a preparation for moving the devtool documentation to a dedicated devtool section which is independent from the eSDK documentation. It should be clarified that devtool ide-sdk starts the SDK directly from the bitbake environment. It is therefore an alternative to bitbake -c populate_sdk_ext and installing an SDK installer. A warning is added that explains some workarounds for some nasty behavior of VSCode when running it in a bitbake environment. (From yocto-docs rev: 87b37eabd1db05d9cb3f689cf43f1e6f4d649a97) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Reviewed-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 287817f33688d61f7a71c056bfa5c645edb4fc4e) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* uboot-config: fix devtool modify with kernel-fitimageAdrian Freihofer2025-02-031-7/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | How to reproduce: - UBOOT_CONFIG must be used. With UBOOT_MACHINE it works fine. A simple example based on oe-core is to modify the beaglebone-yocto.conf file like this: -UBOOT_MACHINE = "am335x_evm_defconfig" +UBOOT_CONFIG = "foo" +UBOOT_CONFIG[foo] = "am335x_evm_defconfig" - A build configuration which inherits the kernel-fitimage.bbclass is needed. For example: MACHINE = "beaglebone-yocto" KERNEL_IMAGETYPE = "Image" KERNEL_IMAGETYPES += " fitImage " KERNEL_CLASSES = " kernel-fitimage " devtool modify linux-yocto devtool build linux-yocto ... | cp: cannot stat '.../linux-yocto-6.6.21+git/am335x_evm_defconfig/.config': No such file or directory | WARNING: .../linux-yocto/6.6.21+git/temp/run.do_configure.2081673:172 exit 1 from 'cp .../linux-yocto-6.6.21+git/am335x_evm_defconfig/.config .../build/workspace/sources/linux-yocto/.config.baseline' The reason for this problem is that the uboot-config.bbclass sets the variable KCONFIG_CONFIG_ROOTDIR to a path that makes sense for u-boot, but not for other recipes. However, the kernel-fitimage.bbclasse, for example, inherits the uboot-config.bbclass, which brings the u-boot-specific path into the kernel build context. This change removes the uboot-specific KCONFIG_CONFIG_ROOTDIR path from recipes other than u-boot itself. (From OE-Core rev: 37835788d0772568f3551532eacbf810a4a6e47b) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from b23581a22619c52724c8e078f29e871e2ee74259) Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* devtool: ide-sdk remove the plugin from eSDK installerAdrian Freihofer2025-02-031-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ide-sdk command bootstraps the SDK from the bitbake environment before the IDE configuration is generated. In the case of the eSDK installer, the bootstrapping is performed during the installation of the eSDK installer. Running the ide-sdk plugin from an eSDK installer based setup would require skipping the bootstrapping and probably taking some other differences into account when generating the IDE configurations. This would be possible. But it will probably never be implemented, as running devtool ide-sdk directly from the bitbake environment is much more flexible. Also, some of the recent improvements that have made it into the core have the potential to make the eSDK installer obsolete at some point in the future: - bitbake-layers create-layers-setup replicates the layers - bitbake-config-build replicates the build configuration - The new sstate mirror features replicate the sstate - bblock locks the sstate more flexible than the eSDK installer - devtool ide-sdk bootstraps the SDK directly from the bitbake environment. The same environment-setup... file is provided with --mode=shared. The devtool modify based workflow is supported since always by devtool and also the default --mode of devtool ide-sdk. These functions essentially cover what the eSDK installer does without a need for the current implementation of the eSDK installer and the populate_sdk_ext, which is hard to maintain and takes a lot of time to build. This means that instead of making the ide-sdk plugin compatible with the eSDK installer, we should rather replace the current implementation of the eSDK installer and populate_sdk_ext with an implementation that can replicate a normal bitbake environment in a convenient way where the ide-sdk plugin also just works without additional complexity. (From OE-Core rev: f50306ea3e174b8db46b20b68a7ac4299a69f50d) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* oe-selftest: devtool ide-sdk use modify debug-buildAdrian Freihofer2025-02-031-1/+1
| | | | | | | | (From OE-Core rev: 1528d6aa060811402eaecb1a9fe16bfec0417c98) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* devtool: ide-sdk recommend DEBUG_BUILDAdrian Freihofer2025-02-031-41/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The debug_build_config function was never called. Compiling with debug optimized compiler flags was not working. Even with the --debug-build-config flag set, the build configuration from the recipe was used. The devtool ide-sdk --debug-build-config approach didn't work very well anyway. The problem is that changing the bbappend file doesn't work while bitbake uses the bbappend file. As a workaround, it would be possible to parse the recipe, get DEBUG_BUILD and the path to the append file, exit tinfoil, change the bbappend file, reopen tinfoil and do what ide-sdk is supposed to do. Such an implementation would be complicated and slow. Therefore, the code that was originally supposed to implement this is removed from ide-sdk and the new --debug-build function of devtool modify is used instead. Additionally, a hint should be given on how to manually add DEBUG_BUILD = '1' to bbappend. This is compatible with the VSCode Bitbake plug-in, which does not support this parameter anyway. (From OE-Core rev: 23795962683c792347a17854fb0521734497d4a8) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* devtool: ide-sdk sort cmake presetAdrian Freihofer2025-02-031-2/+2
| | | | | | | | | | | Sort the keys of the generated CMakeUserPreset.json file to make it easier to search and compare. (From OE-Core rev: b12dbde1ea30dd0fc1dd9352de948b8377c347fa) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* devtool: modify support debug-buildsAdrian Freihofer2025-02-031-0/+3
| | | | | | | | | | | | | Add a new option --debug-builds to automatically add DEBUG_BUILD = “1” to the bbappend file of this recipe. This is especially useful when invoking devtool modify before invoking devtool ide-sdk to perform a remote debugging session. (From OE-Core rev: fa30d8dd71393e10aa678c6e938c23d486b336c6) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and ↵Marek Vasut2025-02-033-64/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UBOOT_ENV enabled In case both UBOOT_SIGN_ENABLE and UBOOT_ENV are enabled and kernel-fitimage.bbclass is in use to generate signed kernel fitImage, there is a circular dependency between uboot-sign and kernel-fitimage bbclasses . The loop looks like this: kernel-fitimage.bbclass: - do_populate_sysroot depends on do_assemble_fitimage - do_assemble_fitimage depends on virtual/bootloader:do_populate_sysroot - virtual/bootloader:do_populate_sysroot depends on virtual/bootloader:do_install => The virtual/bootloader:do_install installs and the virtual/bootloader:do_populate_sysroot places into sysroot an U-Boot environment script embedded into kernel fitImage during do_assemble_fitimage run . uboot-sign.bbclass: - DEPENDS on KERNEL_PN, which is really virtual/kernel. More accurately - do_deploy depends on do_uboot_assemble_fitimage - do_install depends on do_uboot_assemble_fitimage - do_uboot_assemble_fitimage depends on virtual/kernel:do_populate_sysroot => do_install depends on virtual/kernel:do_populate_sysroot => virtual/bootloader:do_install depends on virtual/kernel:do_populate_sysroot virtual/kernel:do_populate_sysroot depends on virtual/bootloader:do_install Attempt to resolve the loop. Pull fitimage configuration options into separate new configuration file image-fitimage.conf so these configuration options can be shared by both uboot-sign.bbclass and kernel-fitimage.bbclass, and make use of mkimage -f auto-conf / mkimage -f auto option to insert /signature node key-* subnode into U-Boot control DT without depending on the layout of kernel fitImage itself. This is perfectly valid to do, because the U-Boot /signature node key-* subnodes 'required' property can contain either of two values, 'conf' or 'image' to authenticate either selected configuration or all of images when booting the fitImage. For details of the U-Boot fitImage signing process, see: https://docs.u-boot.org/en/latest/usage/fit/signature.html For details of mkimage -f auto-conf and -f auto, see: https://manpages.debian.org/experimental/u-boot-tools/mkimage.1.en.html#EXAMPLES (From OE-Core rev: 259bfa86f384206f0d0a96a5b84887186c5f689e) Fixes: 5e12dc911d0c ("u-boot: Rework signing to remove interdependencies") Reviewed-by: Adrian Freihofer <adrian.freihofer@siemens.com> (From OE-Core rev: d7bd9c6276611c8c8de0c2a24947783eae5d932a) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: upgrade 1.22.10 -> 1.22.11Peter Marko2025-02-037-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | Upgrade to latest 1.22.x release [1]: $ git --no-pager log --oneline go1.22.10..go1.22.11 f072884354 (tag: go1.22.11) [release-branch.go1.22] go1.22.11 b72d56f98d [release-branch.go1.22] net/http: persist header stripping across repeated redirects 19d2103415 [release-branch.go1.22] crypto/x509: properly check for IPv6 hosts in URIs ae9996f965 [release-branch.go1.22] runtime: hold traceAcquire across casgstatus in injectglist 223260bc63 [release-branch.go1.22] crypto/tls: fix Config.Time in tests using expired certificates Fixes CVE-2024-45336 and CVE-2024-45341 [1] https://github.com/golang/go/compare/go1.22.10...go1.22.11 (From OE-Core rev: 4589986602319f9ed61e381b333bb53b731eb8d8) (From OE-Core rev: 35bf053cd41d53a764ef3a2de3e7cb1e6c81109f) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: upgrade 1.22.9 -> 1.22.10Peter Marko2025-02-037-4/+4
| | | | | | | | | | | | | | | | | | | | | Upgrade to latest 1.22.x release [1]: $ git --no-pager log --oneline go1.22.9..go1.22.10 8f3f22eef8 (tag: go1.22.10) [release-branch.go1.22] go1.22.10 6d7a95abca [release-branch.go1.22] runtime: reserve 4kB for system stack on windows-386 6f05fa7a4f [release-branch.go1.22] syscall: mark SyscallN as noescape 3355db9690 [release-branch.go1.22] time: accept "+01" in TestLoadFixed on OpenBSD [1] https://github.com/golang/go/compare/go1.22.9...go1.22.10 (From OE-Core rev: e357c93b39df938dc36195dbd779a58b2951b8e6) (From OE-Core rev: 4d35279eed634f5e2b25c23dddbfb213c4943c30) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: upgrade 1.22.8 -> 1.22.9Peter Marko2025-02-037-4/+4
| | | | | | | | | | | | | | | | | | | | Upgrade to latest 1.22.x release [1]: $ git --no-pager log --oneline go1.22.8..go1.22.9 8af39d30a4 (tag: go1.22.9) [release-branch.go1.22] go1.22.9 c19e5887f4 [release-branch.go1.22] cmd/cgo/internal/testcarchive: remove 1-minute timeout e3fd4ba7f9 [release-branch.go1.22] cmd/link: generate Mach-O UUID when -B flag is specified 29252e4c5a [release-branch.go1.22] runtime: fix TestGdbAutotmpTypes on gdb version 15 [1] https://github.com/golang/go/compare/go1.22.8...go1.22.9 (From OE-Core rev: 4f2f202506bcefb4d6c46a11738e159e261a4a4b) (From OE-Core rev: a424422df978e267f21938bb290f35035e658d0a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* systemd: upgrade 255.13 -> 255.17Guðni Már Gilbert2025-02-0328-63/+68
| | | | | | | | | | | | | | | The update includes 156 commits. Full list of changes can be found on Github [1] All patches were refreshed with devtool. One patch had to be manually rebased to resolve a merge conflict introduced with 255.14 [2]. [1] https://github.com/systemd/systemd-stable/compare/v255.13...v255.17 [2] 0003-src-basic-missing.h-check-for-missing-strndupa.patch (From OE-Core rev: 57ca5a2c912fcc4836f263ff2b98c9de2130f324) Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssl: patch CVE-2024-13176Peter Marko2025-02-032-0/+127
| | | | | | | | | | | | Picked [1] per link in [2] [1] https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65 [2] https://nvd.nist.gov/vuln/detail/CVE-2024-13176 (From OE-Core rev: 7f9bb49394185fea268397db4fc7d96afae53f28) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to scarthgap head revisionyocto-5.0.7scarthgap-5.0.7Steve Sakoman2025-01-261-1/+1
| | | | | | (From OE-Core rev: 62cb12967391db709315820d48853ffa4c6b4740) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust: correctly link rust-snapshot into build/stage0Alexander Kanavin2025-01-263-42/+2
| | | | | | | | | | | | | | | | | | | | This does not seem to be used in regular builds, but is beneficial in rust selftest, where it allows dropping a custom patch that is unsuitable for upstream (and was rejected by them). Also remove an obsolete comment that seems related to the code but describes something that was resolved long time ago. I have confirmed that the rust selftest continues to pass with just this one commit on top of master (as the following changes do break the selftest). (From OE-Core rev: 9b23f995fbc1886c36f02b0c6e1ccaf2ee0f6daa) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bf5732e2b235ce06fa1f24fe8f0dbcbc068500e3) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust: use rust-snapshot binaries only in rust-nativeAlexander Kanavin2025-01-261-2/+12
| | | | | | | | | | | | | | | | | | | | | | Otherwise, use rust-native and cargo-native binaries as that allows our native tweaks in them to be used for target/nativesdk rust - same as for everything else written in rust. In particular, this allows building target rust with cargo-native that includes important reproducibility tweaks. Unfortunately, this also breaks rust selftest, and that is partially addressed by the following commit. [YOCTO #15185] (From OE-Core rev: d592bc02b0846411796c1d481c09833559d1d29f) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8f2230cb51fe22ef4711a56fecfab4858c04e35b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust: build the default set of toolsAlexander Kanavin2025-01-262-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Setting it explicitly replaces rust's default choice which is rustdoc (needed for example in selftests and otherwise expected to be present in typical rust installations): https://github.com/rust-lang/rust/blob/master/config.example.toml#L320 This addresses some of the rust selftest failures but not all. Help is appreciate to restore the selftest. Unfortunately, this also breaks rust reproducibility (or rather exposes that it was never properly fixed, as explained here: https://lists.openembedded.org/g/openembedded-core/message/199288 ) (From OE-Core rev: 4d739fe248d1023eb2c3c040fc4d33273dd16bc1) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 58eaf2ee6c0809bf0a0d3c1d177e62bda7241651) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Revert "rust: Add new varaible RUST_ENABLE_EXTRA_TOOLS"Steve Sakoman2025-01-261-5/+1
| | | | | | This reverts commit 136a25567499191b23a4d000a06bf83a473224ca. Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to scarthgap head revisionSteve Sakoman2025-01-251-1/+1
| | | | | | (From OE-Core rev: 3c31639dd53e32e57af64d50ad168f5c3911c299) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* poky.conf: bump version for 5.0.7Steve Sakoman2025-01-251-1/+1
| | | | | | (From meta-yocto rev: 03c7935bcdb15fd903d26828085d49c00267b8d9) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* boost: fix do_fetch errorJiaying Song2025-01-251-1/+1
| | | | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: boost-native-1.84.0-r0 do_fetch: Checksum failure encountered with download of https://boostorg.jfrog.io/artifactory/main/release/1.84.0/source/boost_1_84_0.tar.bz2 - will attempt other sources if available (From OE-Core rev: 7ecd0d5584b7692b58ac8039b4107c4e0836d553) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust-target-config: Fix TARGET_C_INT_WIDTH with correct sizeHarish Sadineni2025-01-251-5/+5
| | | | | | | | | | | | | | | | | | [YOCTO #15600] The TARGET_C_INT_WIDTH value was incorrectly set to 64 instead of 32. It is updated for PPC, Mips, and riscv64 architectures. Discussion links for solution: https://lists.openembedded.org/g/openembedded-core/message/207486 https://lists.openembedded.org/g/openembedded-core/message/207496 (From OE-Core rev: 0e02d0feba8bd48a27c41db875dcd33d46e4dc0d) Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b9df8cd8b29064d115dab3bfd1ea14f94a5c0238) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rsync: fix CVE-2024-12747Archana Polampalli2025-01-252-0/+193
| | | | | | | | | | | | | | A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. (From OE-Core rev: e85beb88add5e94567d7221e00cabfb3d5010be7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rsync: fix CVE-2024-12088Archana Polampalli2025-01-252-0/+142
| | | | | | | | | | | | A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. (From OE-Core rev: dad4a83c011310872cce07fc4141e66a98439cb1) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rsync: fix CVE-2024-12087Archana Polampalli2025-01-254-0/+123
| | | | | | | | | | | | | | | | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. (From OE-Core rev: c34cbef572e18c60bb7600fda370d6c46688c7b3) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rsync: fix CVE-2024-12086Archana Polampalli2025-01-255-0/+303
| | | | | | | | | | | | | | | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. (From OE-Core rev: 19f4e7bd965c63f19cc756e6e2bf8f58d9e1dc8d) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rsync: fix CVE-2024-12085Archana Polampalli2025-01-252-0/+33
| | | | | | | | | | | | A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. (From OE-Core rev: fb8439e856d5ea10d12180020a14442c3b101e56) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rsync: fix CVE-2024-12084Archana Polampalli2025-01-253-0/+201
| | | | | | | | | | | | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. (From OE-Core rev: ad0e13912b17ca19ffbd7ea6a366f7c968517fb2) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bitbake: tests/fetch: Fix git shallow test failure with git >= 2.48Richard Purdie2025-01-251-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | >From git 2.48 release notes: """ When "git fetch $remote" notices that refs/remotes/$remote/HEAD is missing and discovers what branch the other side points with its HEAD, refs/remotes/$remote/HEAD is updated to point to it. """ This means with git 2.48 onwards, there is a mystery "HEAD" revision appearing in some of our shallow clone tests. We can avoid this by using the same canonicalization as used for the reference revisions. This resolves autobuilder failures on the Fedora 40 workers. (Bitbake rev: aa0e540fc31a1c26839efd2c7785a751ce24ebfb) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c83444d1210740e27b1744d3aa7c5cad4e28db2f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual/reproducible-builds: fix reproducible linksAntonin Godard2025-01-241-6/+2
| | | | | | | | | | | | | | We don't run reproducible-builds on specific distros anymore, but on a distro at random depending on what is available on the Autobuilder. Fix the link to this builder and remove distro specific ones. Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> (From yocto-docs rev: bb9e018adcc10c642f87d0b95432783b5eb8057b) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 8bd2bc3c00ca80f4c000a2a8d618a9f8ea3aa54b) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>