summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build-appliance-image: Update to scarthgap head revisionyocto-5.0.12scarthgap-5.0.12Steve Sakoman2025-08-221-1/+1
| | | | | | (From OE-Core rev: 93c7489d843a0e46fe4fc685b356d0ae885300d7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* poky.conf: bump version for 5.0.12Steve Sakoman2025-08-221-1/+1
| | | | | | (From meta-yocto rev: 82602cda1a89644d1acbe230a81c93e3fb5031c8) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bash: use -std=gnu17 also for native CFLAGSMartin Jansa2025-08-221-0/+3
| | | | | | | | | | | | | | | * fixes builds on host with gcc-15: http://errors.yoctoproject.org/Errors/Details/853016/ ../../bash-5.2.37/builtins/mkbuiltins.c:268:29: error: too many arguments to function ‘xmalloc’; expected 0, have 1 268 | error_directory = xmalloc (2 + strlen (argv[arg_index])); | ^~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (From OE-Core rev: 55c144bd17665f70cd15e36f3405f502a962f039) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bash: Stick to C17 stdKhem Raj2025-08-221-0/+2
| | | | | | | | | | | GCC 15 defaults to C23 and bash is not yet ready for that so keep using C17 like GCC 14 for now (From OE-Core rev: adf63fe5f76cbd0fd93ce5fa23229a388211e992) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cairo: fix build with gcc-15 on hostMartin Jansa2025-08-223-0/+51
| | | | | | | | | | | | | | | | | | | | * backports from 1.18.2 used since: https://git.openembedded.org/openembedded-core/commit/?id=070d79c8adec7e0a8862019cf61910a59b18613a * fixes build on hosts with gcc-15 (e.g. ubuntu-25.10) ../cairo-1.18.0/test/pdiff/pdiff.h:22:13: error: ‘bool’ cannot be defined via ‘typedef’ 22 | typedef int bool; | ^~~~ ../cairo-1.18.0/test/pdiff/pdiff.h:22:13: note: ‘bool’ is a keyword with ‘-std=c23’ onwards ../cairo-1.18.0/test/pdiff/pdiff.h:22:1: warning: useless type name in empty declaration 22 | typedef int bool; | ^~~~~~~ (From OE-Core rev: 6bd49cba1d7e12a6d8a4521a2097ff9f5ddc6368) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* parted: Fix build with GCC 15Khem Raj2025-08-222-0/+41
| | | | | | | | | (From OE-Core rev: 67c47f0ed5ba852930e0815691ee7ec06dec1d0e) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* e2fsprogs: Fix build failure with gcc 15Khem Raj2025-08-222-0/+43
| | | | | | | | | | | Backport a needed fix (From OE-Core rev: f5a7d9aa471e05d7cdb3127eaec3dba1b15bf72d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: ignore CVE-2025-8732Daniel Turull2025-08-221-0/+4
| | | | | | | | | | | | | | The code maintainer disputes the CVE as the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided. Source: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958" (From OE-Core rev: 348ce728af1cea4f909de5c3597801b5612719e4) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glib-2.0: ignore CVE-2025-4056Peter Marko2025-08-221-0/+2
| | | | | | | | | | | | | | | | | | | | NVD report [1] says: A flaw was found in GLib. A denial of service on **Windows platforms** may occur if an application attempts to spawn a program using long command lines. The fix [3] (linked from [2]) also changes only files glib/gspawn-win32-helper.c glib/gspawn-win32.c [1] https://nvd.nist.gov/vuln/detail/CVE-2025-4056 [2] https://gitlab.gnome.org/GNOME/glib/-/issues/3668 [3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4570 (From OE-Core rev: 5858567a9222d9fff6f0a282cf7c7bda4e19af57) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xz: ignore CVE-2024-47611Daniel Turull2025-08-221-0/+2
| | | | | | | | | | According to the NVD entry, it is only applicable when built for native Windows (MinGW-w64 or MSVC). (From OE-Core rev: 04ce4704e603cd66f30ffc001541c6497d84050e) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dropbear: patch CVE-2025-47203Peter Marko2025-08-226-0/+572
| | | | | | | | | | | | Based on Debian patch for this CVE, pick the same commits as mentioned in kirkstone for this CVE except those already included in 2022.83. https://salsa.debian.org/debian/dropbear/-/commit/7f48e75892c40cfc6336137d62581d2c4ca7d84c (From OE-Core rev: 6d287785611c344aa0c97048c3bfc280b1787ff5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-check: Add missing call to exit_if_errorsPhilip Lorenz2025-08-221-0/+1
| | | | | | | | | | | | | | | check_cves may raise the cve_status_not_in_db QA check. Call exit_if_errors to make sure that the task is marked as failed when the check is categorized as an error. cve_status_not_in_db was in the meantime dropped in OE-Core 452e605b55ad61c08f4af7089a5a9c576ca28f7d so this change is only required on scarthgap. (From OE-Core rev: b3d12589c26f4e86b153bbdcda774985e4e046bd) Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/classes.rst: document the testexport classAntonin Godard2025-08-201-0/+16
| | | | | | | | | | | | | This class has been in OE-Core for a while but never documented in the reference manual. Add some description for it and link to the existing documentation on it. (From yocto-docs rev: dd665216fa578a1f2f268790d708c6a5d2912ecf) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 362a331255525fc853dab3af4ec905c417fabb0b) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/variables.rst: document SPL_DTB_BINARYAntonin Godard2025-08-202-0/+8
| | | | | | | | | | | This variable is part of uboot-sign but not documented. (From yocto-docs rev: 999e81f17bf60e187e709368ede3965df19bee59) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 05eb461cb1da76ad9cbaf634da7f47447b3f6765) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/variables.rst: document the FIT_CONF_PREFIX variableAntonin Godard2025-08-201-0/+4
| | | | | | | | | | | | Added by commit 7892ee3dc37d ("kernel-fitimage: allow overriding FIT configuration prefix") in OE-Core, but never documented. (From yocto-docs rev: 47a0181cc471667d78f7810aa1ef55027a761a82) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 860891492b96eb127af5e7bab6348fca12167c68) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* overview-manual/yp-intro.rst: fix broken link to articleErik Lindsten2025-08-201-1/+1
| | | | | | | | | | (From yocto-docs rev: 1f7bad17b9457c9e74273bceb962c53eb60fdfe3) Signed-off-by: Erik Lindsten <erik@awto.se> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit b9680ad83ad3fc5e2b87594f7c62c057134d198b) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/system-requirements.rst: update supported distributionsAntonin Godard2025-08-201-23/+30
| | | | | | | | | | | | | | | | Update the distributions to match the list of workers on the Autobuilder. This list was generated with the help of yocto-autobuilder-helper/scripts/yocto-supported-distros. Also: - Sort the lists alphabetically. - Decrease spacing between entries for readability. (From yocto-docs rev: e99a9283e30ae2b844018d1ffb88560ab6877ab7) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go-helloworld: fix licenseQuentin Schulz2025-08-201-2/+2
| | | | | | | | | | | | | | | | | The example repo doesn't seem to have ever been under MIT to begin with but rather Apache-2.0. It was then changed to the license used by the goland projectm that is BSD-3-Clause, 2 years ago in commit 00c7068f9d83 ("all: update to Go license"). The license file exists in the sources, so use that one instead of taking it from the OE-Core license directory. License-Update: Incorrect license is now proper (From OE-Core rev: fa45d6d5bec8fe503ff6b9166a3b4af31ea95369) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cmake: Add PACKAGECONFIG option for debugger supportNikhil R2025-08-201-1/+3
| | | | | | | | | | | | | | | | | Starting from CMake version 2.27 support for interactive debugging of CMake scripts and configurations was added. However, by default the `nativesdk-cmake` is compiled with debugger support turned off. This change adds debugger support for cmake (From OE-Core rev: 8acfca456c3502f0d097ba01a2d08f83fb75ab60) (From OE-Core rev: 776846eb8aa2f5f8c1ec8842cdbaff6b6bcdfa65) Signed-off-by: Nikhil R <nikhilr5@kpit.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpam: re-add missing libgen includeMartin Jansa2025-08-201-2/+2
| | | | | | | | | | | | | | | | | | It was added by original commit for CVE-2025-6020-01.patch https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e#diff-05f443e6acbe32a148a45648148739bf6f02f13acc5c20c6037bf933223d4d77 but removed here in the rebase, causing: ../../../Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c:326:11: error: call to undeclared function 'dirname'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] 326 | parent = dirname(buf); | ^ ../../../Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c:326:9: error: incompatible integer to pointer conversion assigning to 'char*' from 'int' [-Wint-conversion] 326 | parent = dirname(buf); | ^ ~~~~~~~~~~~~ (From OE-Core rev: 6d88a28ac7b6ff61808eb46e5c85dabd17c77f2e) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: fix multiple CVEsHitendra Prajapati2025-08-204-0/+274
| | | | | | | | | | * CVE-2025-47183 - Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c4d0f4bbd9a8e97f119a4528b9f4662a6b80922c && https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d76cae74dad89994bfcdad83da6ef1ad69074332 * CVE-2025-47219 - Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b80803943388050cb870c95934fc52feeffb94ac (From OE-Core rev: 3e82483c777d0a59a9d93e7c41f8fe88a9d75b22) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: fix CVE-2025-47806Hitendra Prajapati2025-08-202-0/+51
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da4380c4df0e00f8d0bad569927bfc7ea35ec37d (From OE-Core rev: fbe8dd2aa6160530b84d3a174f3f8fc14f9fbab5) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: fix CVE-2025-47808Hitendra Prajapati2025-08-202-0/+37
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6b19f117518a765a25c99d1c4b09f2838a8ed0c9 (From OE-Core rev: 2611a16cad53d2bf0cda2946678e7d31e3ffa007) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: ignore CVE-2025-0913Peter Marko2025-08-201-0/+2
| | | | | | | | | | | | | | | | | | This is problem on Windows platform only. Per NVD report [1], CPE has "and" clause Running on/with cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* Also linked patch [2] changes Windows files only (and tests). [1] https://nvd.nist.gov/vuln/detail/CVE-2025-0913 [2] https://go-review.googlesource.com/c/go/+/672396 (From OE-Core rev: ec1c6ab989b298773e8df8a6a4532f88b93617ff) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: patch CVE-2025-8194Peter Marko2025-08-202-4/+224
| | | | | | | | | | Pick commit from 3.12 branch mentioned in NVD report. https://nvd.nist.gov/vuln/detail/CVE-2025-8194 (From OE-Core rev: 34f1b4877a0601d2057453c159c76a54754f229a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* avahi: fix CVE-2024-52615Zhang Peng2025-08-202-0/+229
| | | | | | | | | | | | | | | | | | CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52615] [https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g] Upstream patches: [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] (From OE-Core rev: ec22ec26b3f40ed5e0d84d60c29d8c315cf72e23) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* variables.rst: remove references to obsolete tar packagingRobert P. J. Day2025-08-041-10/+4
| | | | | | | | | | | | | The tar packaging format was removed some time ago. Also, add some minor grammatical tweaking. (From yocto-docs rev: 0c154c1f431be918c4c9ce3047c12099925a9c53) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 8e9fd1ca232f3c1e8be51cb881a68b4745ee548a) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual/start.rst: added missing command in Optimize your VHDX file using ↵Marco Cavallini2025-08-041-0/+1
| | | | | | | | | | | | | | | | | | | | | DiskPart After compact vsdisk you have to detach it before exiting otherwise the vdisk remains attached. DISKPART> select vdisk file="<path_to_VHDX_file>" DISKPART> attach vdisk readonly DISKPART> compact vdisk DISKPART> detach <------------ new missing command DISKPART> exit (From yocto-docs rev: a1dc91850e0353866dc9b461fce8c08724e49dae) Signed-off-by: Marco Cavallini <m.cavallini@koansoftware.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 1cc65ddf1a074f61fe5a63d222f3079b7fcb4c1e) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 5.0.11Lee Chee Yang2025-08-042-0/+220
| | | | | | | | | | (From yocto-docs rev: 736b0b06d8fb48cbf72386464df919745bcce90e) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit b5f6113cd95107132aac74b8f0e6e4895b7b0e90) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* linux-libc-headers: Fix invalid conversion in cn_proc.hFabio Berton2025-08-042-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | Backport 'connector: Fix invalid conversion in cn_proc.h' commit to fix error: / |/usr/include/linux/cn_proc.h: In function 'proc_cn_event | valid_event(proc_cn_event)': |/usr/include/linux/cn_proc.h:72:17: error: invalid conversion from | 'unsigned int' to 'proc_cn_event' [-fpermissive] | 72 | ev_type &= PROC_EVENT_ALL; | | ^ | | | | | unsigned int \ Change is already merged in kernel branch linux-6.6.y [1]. 1 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.6.y&id=06e785aeb9ea8a43d0a3967c1ba6e69d758e82d4 (From OE-Core rev: f023779af6c0e5c838bdacbd6d9765d1c6740575) Signed-off-by: Fabio Berton <fbberton@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* scripts/install-buildtools: Update to 5.0.11Aleksandar Nikolic2025-08-041-2/+2
| | | | | | | | | Update to the 5.0.11 release of the 5.0 series for buildtools (From OE-Core rev: 3b3a672ae6c024096cc263a669b1131e3f653b79) Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: fix CVE-2025-8058Peter Marko2025-08-042-2/+2
| | | | | | | | | | | | | | This is a single commit bump containing only CVE fix $ git log --oneline cff1042cceec3502269947e96cf7023451af22f3..b027d5b145f1b2908f370bdb96dfe40180d0fcb6 b027d5b145 posix: Fix double-free after allocation failure in regcomp (bug 33185) Test results didn't change except newly added test succeeding. (tst-regcomp-bracket-free) (From OE-Core rev: c2b63f171719e2b1c12ba049cbe776adf9e0244b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: patch CVE-2025-6170Peter Marko2025-08-042-0/+104
| | | | | | | | | Pick commit referencing this CVE from 2.13 branch. (From OE-Core rev: 061610dfca8a72b71e1baca3ad4aa2c9fb64449b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ncurses: patch CVE-2025-6141Peter Marko2025-08-042-0/+26
| | | | | | | | | | | | | | | Pick relevant part of snapshot commit 20250329, see [1]. That has: add a buffer-limit check in postprocess_termcap (report/testcase by Yifan Zhang). [1] https://invisible-island.net/ncurses/NEWS.html#index-t20250329 (From OE-Core rev: 79b080eb93918431c97edbbc80de5f70a2b09a4a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: patch CVE-2025-6395Peter Marko2025-08-042-0/+300
| | | | | | | | | | | Pick relevant commit from 3.8.10 release MR [1]. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 (From OE-Core rev: 14fbbdc51f7d02bc10b8078c0ba1de17f1563d73) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: patch CVE-2025-32990Peter Marko2025-08-042-0/+2110
| | | | | | | | | | | Pick relevant commit from 3.8.10 release MR [1]. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 (From OE-Core rev: 823cdb5574c15a595dfeab413421304007899aa2) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: patch CVE-2025-32988Peter Marko2025-08-042-0/+59
| | | | | | | | | | | Pick relevant commit from 3.8.10 release MR [1]. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 (From OE-Core rev: 2838dae57a1236d4f6eb97e32eb500892ba67184) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: patch reject zero-length version in certificate requestPeter Marko2025-08-043-1/+41
| | | | | | | | | | | | | | | | Pick relevant commit from 3.8.10 release MR [1]. The MR contains referece to undiscoled issue, so any security relevant patch should be picked. Binary test file was added as separate file as binary diffs are not supported. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 (From OE-Core rev: d1aaef9bbaa240c83cc7d485b55570449203da0b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: patch read buffer overrun in the "pre_shared_key" extensionPeter Marko2025-08-043-1/+38
| | | | | | | | | | | | | | | | Pick relevant commit from 3.8.10 release MR [1]. The ME contains referece to undiscoled issue, so any security relevant patch should be picked. Binary test file was added as separate file as binary diffs are not supported. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 (From OE-Core rev: 8f825e7f4ca36d7ac62062e452cea256f3c058aa) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnutls: patch CVE-2025-32989Peter Marko2025-08-043-0/+56
| | | | | | | | | | | | | | Pick relevant commit from 3.8.10 release MR [1]. Binary test file was added as separate file as binary diffs are not supported. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 (From OE-Core rev: 9d9ce14e2edceb211c3193cef88715d9c67fd3e0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bitbake: utils: Optimise signal/sigmask performanceRichard Purdie2025-08-041-4/+13
| | | | | | | | | | | | | | | | Running "time bitbake -pP idle" with a valid cache shows around 800,000 calls to enum creation from python's signal.py. We don't care about this overhead and it adversely affects cache load time quite badly. Try and use _signal directly, falling back to signal, which avoids this overhead we don't need and makes cache loading much faster. (Bitbake rev: 982645110a19ebb94d519926a4e14c8a2a205cfd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ee5fce67ce35b025c68aa61e2e758903269ee346) Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bitbake: bitbake: runqueue: Verify mcdepends are validMark Hatle2025-08-044-1/+14
| | | | | | | | | | | | | | | | | In order to avoid a potentially confusing backtrace, check that the mcdepend is valid when we add it. Add a test case to ensure invalid configurations are caught and trigger an error. [RP: Reworked test case to simplify and improve code] (Bitbake rev: 9f6f049870e0ec829e171fe91ec8f7a092ddd2ab) Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mtools: upgrade 4.0.48 -> 4.0.49Jinfeng Wang2025-07-291-1/+1
| | | | | | | | | | | | | | | | New version includes check for overlong file names, see [1]. [1] https://lists.gnu.org/archive/html/info-mtools/2025-06/msg00005.html (From OE-Core rev: c374e6cfcdd2c8ba17d82ffcfdeb97d21144e2bf) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (From OE-Core rev: 044c2bceefcc12262cb2421e8f1da5f6c2ed9f72) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mtools: upgrade 4.0.47 -> 4.0.48Wang Mingyu2025-07-293-7/+7
| | | | | | | | | | | | | | | | | clang_UNUSED.patch disable-hardcoded-configs.patch refreshed for 4.0.48 (From OE-Core rev: d2c56de7c9d403c3432213bc20e04c2ed5f1db16) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: 1d5aee7e67cd614073a15b47b832375428865260) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mtools: upgrade 4.0.46 -> 4.0.47Richard Purdie2025-07-294-7/+7
| | | | | | | | | | | (From OE-Core rev: cf705382534d8f5af6880511221f701a733d84d7) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: 14ef270cc003646e6ca97ff3405507f2b9e92736) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mtools: upgrade 4.0.45 -> 4.0.46Wang Mingyu2025-07-293-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | clang_UNUSED.patch mtools-makeinfo.patch refreshed for 4.0.46 Changelog: ============= - iconv buffer overflow fixes - removed references to mread and mwrite (obsolete subcommands from mcopy) - documented mdoctorfat, and addressed 2 bugs/oversights - removed references to obsolete mread and mwrite - portability fixes (dietlibc and MacOS X) & simplification (From OE-Core rev: daab05bc863611c83223a383dd83ff2134cae6f8) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: f5a5b2372669d8be4ae3f19ed6892264ea3999d0) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mtools: upgrade 4.0.44 -> 4.0.45Wang Mingyu2025-07-291-1/+1
| | | | | | | | | | | | | | | | | Changelog: ============ - Fixed iconv descriptor leak - Fixed size of error message buffer (From OE-Core rev: 77340d2bb1f31e305394df5d589fc0d3a0c5cd9a) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: cc1975888ffdc58655e80d3d14450cf68ee0f719) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mtools: upgrade 4.0.43 -> 4.0.44Alexander Kanavin2025-07-294-17/+22
| | | | | | | | | | | | (From OE-Core rev: b09b06ed6351685e5351f8bf80a88d2f42093ca4) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: dd8c333576d7ebb8abab3a62b3451439519a0caa) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* xserver-xorg: upgrade 21.1.6 -> 21.1.18Vijay Anusuri2025-07-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | xorg-server 21.1.17 This release contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2025-June/062055.html * CVE-2025-49175 * CVE-2025-49176 * CVE-2025-49177 * CVE-2025-49178 * CVE-2025-49179 * CVE-2025-49180 Additionally, this release includes a fix for CVE-2022-49737 which was issued after the fix was merged back in 2022 and several other various fixes. Ref: https://lists.x.org/archives/xorg-announce/2025-June/003609.html xorg-server 21.1.18 This release contains an additional fix for CVE-2025-49176 from June 17 security advisory: https://lists.x.org/archives/xorg/2025-June/062055.html Ref: https://lists.x.org/archives/xorg-announce/2025-June/003612.html (From OE-Core rev: 2ab7c45631f78ac8f6d19889fa8526d062329992) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a59b385184fb3a548dc27310fd04d64351d8dfba) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: stable 2.39 branch updatesDeepesh Varatharajan2025-07-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | $ git log --oneline 06a70769fd0b2e1f2a3085ad50ab620282bd77b3..cff1042cceec3502269947e96cf7023451af22f3 cff1042cce Fix error reporting (false negatives) in SGID tests 1924d341c0 support: Pick group in support_capture_subprogram_self_sgid if UID == 0 Testing Results: Before After Diff PASS 5074 5082 +8 XPASS 4 4 0 FAIL 121 116 -5 XFAIL 16 16 0 UNSUPPORTED 157 154 -3 cff1042cce Fix error reporting (false negatives) in SGID tests Improved SGID test handling by unifying error reporting and using secure temporary directories. Replaced non-standard exit codes and fixed premature exits to avoid masking failures. These changes reduced false negatives, increasing overall test pass rates UNSUPPORTED tests changes -UNSUPPORTED: stdlib/tst-secure-getenv -UNSUPPORTED: elf/tst-env-setuid-static -UNSUPPORTED: elf/tst-env-setuid-tunables FAILed tests changes -FAIL: malloc/tst-aligned-alloc-random-thread-cross-malloc-check -FAIL: malloc/tst-aligned-alloc-random-thread-malloc-check -FAIL: malloc/tst-dynarray -FAIL: malloc/tst-dynarray-mem -FAIL: resolv/tst-resolv-aliases PASSed tests changes +PASS: stdlib/tst-secure-getenv +PASS: elf/tst-env-setuid-static +PASS: elf/tst-env-setuid-tunables +PASS: malloc/tst-aligned-alloc-random-thread-cross-malloc-check +PASS: malloc/tst-aligned-alloc-random-thread-malloc-check +PASS: malloc/tst-dynarray +PASS: malloc/tst-dynarray-mem +PASS: resolv/tst-resolv-aliases (From OE-Core rev: c40b9c33061c4019ed7790ccb799bb3491998b3d) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-09-13 23:46:46 +0000