| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not a linux-yocto CVE yet it shows up in the reports as:
linux-yocto-custom CVE-2023-3079 0.0 8.8 Unpatched https://nvd.nist.gov/vuln/detail/CVE-2023-3079
For reference, the CPE says:
Affects cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
So affects all Linux systems,
Running on/with cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
[ YOCTO #15780 ]
(From OE-Core rev: 8c39f6fa4454147e22d5e386046ed9b1076d7a95)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit 22ef4d2d116afb9d603a05fb107dd9da0e74558b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: d4366d4c9ab13da4d03e8893db0efdef9b853e13)
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c695edcc33ecd5bc01b5fc91ce08a87475a9ace9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop shifting first_affected if backport is indicated. This does not
have effect on generated list, but makes the logic cleaner as it will
not shift it to "first affected on our branch" and also make it behave
like in defaultStatus==affected case.
Cc: daniel.turull@ericsson.com
(From OE-Core rev: 1cbb0103bbf5f567ceeb01abb48869d29f74be1d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc1ecb69389dd79354084757ba6b9af0781afcc0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will shift fixed version of many CVEs, it does not change status of
any CVE.
Note that the current format of cvelistV5 does not allow us to determine
real value of "fixed_in" without also checking the hashes, but the
result are still fine.
The reason is that many entries are missing original_commit_for_fix
field and thus we see the final "fixed_in" version to be set to backport
to previous branch (e.g. 6.12.23 instead of 6.13).
(From OE-Core rev: f79e2180be8d6190d8a6721ac758537fbd6b3188)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1697404589e2d3a625f9da2e8906e47af668c1c3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current code takes the first version found as "fixed-version".
That is not correct as it is almost always only the oldest backport.
Fix it by unconditionally shift the assigmnet of variable "fixed" so
that we take last instead of first version.
Cc: daniel.turull@ericsson.com
(From OE-Core rev: 4e2c441b64675933cc5f684d0e19cdc18ceaab18)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68f8e58a249c8adef18e63f0841e8bfea16f354e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is preparation for fix in the script so that next update shows only
entries updated by the script change.
(From OE-Core rev: 9e3bff5413a55675ef0ff9bca0cc8b87668dc255)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 583e9f15c01555863ae467c7f91729ce85aae194)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit 8a7af09feb the CVE_STATUS was copy from the old data
for 6.6 kernel, which had backport information.
Correcting status to when the fix was introduced and adding
references to the fixes.
Fixes: 8a7af09febc28477094de0999ab6321d910811b2
Reported-by: Peter Marko <Peter.Marko@siemens.com>
(From OE-Core rev: cf239892614c0b00feacef6b6e38283832239ad6)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fc3e32bc4cf79ddce0eb9fa409656de4dc0e00ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update CVE exclusions with the update script, as the kernel was updated.
(From OE-Core rev: 6df68265be5ea360987ecbc2abc83c453042287e)
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e9da1183f50a9ec978d867d7a4f515239fde8d2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Execute new script generate-cve-exclusions.py
./generate-cve-exclusions.py ~/cvelistV5/ 6.12.19 > cve-exclusion_6.12.inc
After using the database from CVEproject, some old
CVEs did not have correct metadata, therefore moving missing ones
from old cve-exclusions_6.12.inc into cve-exclusion.inc
Comparing output from cve_check before and after, two CVEs are removed:
CVE-2023-52904 and CVE-2024-38381
(From OE-Core rev: ec9a04c6e86efe9d5351eb7956cfc3e94bcdc09a)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8a7af09febc28477094de0999ab6321d910811b2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old script was relying on linuxkernelcves.com that was archived in
May 2024 when kernel.org became a CNA.
The new script reads CVE json files from the datadir that can be either
from the official kernel.org CNA [1] or CVEProject [2]
[1] https://git.kernel.org/pub/scm/linux/security/vulns.git
[2] https://github.com/CVEProject/cvelistV5
(From OE-Core rev: ab4d2a79188da5b58bf9a4eacc2460a00a5c1d70)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 12612e8680798bdce39fbb79885e661596dbd53c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
The SRC_URI is changed to git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git
(From OE-Core rev: f359677709aba80735a38578475a34e1b83d321c)
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are multiple problems with the sstate creation tests. They currently both execute
twice, once to check one set of files, then another. We can do this together in one
test which makes the code easier to follow.
The common test function also has parameters which were always the same value, so
those can be simplified.
We can use the umask context manager from bb.utils to simplfy the umask code.
The badperms test was actually broken, it was detecting bad permissions, then
ignoring them. This patch fixes that regression too and allows the check to
operate (relying on a separate fix to sstate umask handling).
The result should be an easier to understand couple of test cases which should
also function correctly and be more reliable.
(From OE-Core rev: 4951d08046f66e905e6ab4bdd7af347c7ed14c64)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b9263040013199c5cb480125d5ca349f5d6dc55)
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The NATIVELSBSTRING variable changes value once a BuildStarted event occurs in a build
directory. This meant running some of the tests directly in a fresh build directory
would fail but they'd pass when run as a group of tests. This is clearly suboptimal.
Move the NATIVELSBSTRING handling to a location where the value is consistent
and a comment about the interesting behaviour of the variable so it hopefully doesn't
catch out others in future.
(From OE-Core rev: cb50ca2faac6418ec8f3f3fefa162531177f7460)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e1c46fdb44fed18909d9ff4b43b4e445c5a22d33)
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, files and directories created under ${SSTATE_DIR} when
fetching from an sstate mirror are not created with group write,
unlike when the sstate artifacts are generated locally. That's
inconsistent, and problematic when the local sstate dir is shared
among multiple users.
Wrap the fetching in a bb.utils.umask() context manager, and for simplicity
move the mkdir of SSTATE_DIR inside that.
(From OE-Core rev: e56aa6c62e41667d0eeec5a862b7004d21b4da48)
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6038553aaef3b88b834a09018c524c4fa41e625)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
This was being pulled in through python by accident. It no longer needs
it but exposes this missing dependency.
(From OE-Core rev: cfc49bbb21bade1d6c5ea96759dabf0dac25f79b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
$ bitbake acl
$ ls tmp/work/core2-64-poky-linux/acl/2.3.2/build/acl-2.3.2-build/
This empty directory is created by rpmbuild, just remove it like others above.
Note, master branch doesn't have this problem after upgrade to rpm 4.20.1, but
it's not easy to find which patch(es) fixed the problem, and the issues haven't
been fixed completely, there is still an empty SRPMS directory, so just remove
the build directory as others above.
If we don't fix this, there might be warnings when a recipe uses:
install -m 0644 ${B}/* ${DEPLOYDIR}/boot.bin-extracted/
install: omitting directory '${B}/xilinx-bootbin-1.0-build'
(From OE-Core rev: c4f95abacdb7376f8f299679f3f0b2dd1dc28c27)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libnsl2 and libtirpc were build dependencies for the nis module.
The nis module was deprecated in Python 3.11 and removed in Python 3.13
(From OE-Core rev: cbc7b1ed7747ef69d8bcbaee27c90560ded713d6)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Adds patch to backport fix for CVE-2025-5914.
(From OE-Core rev: ba5c5ca00d31d6440a1d810f7ef19720019845e8)
Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setuptools is a package that allows users to download, build, install,
upgrade, and uninstall Python packages. A path traversal vulnerability
in `PackageIndex` is present in setuptools prior to version 78.1.1. An
attacker would be allowed to write files to arbitrary locations on the
filesystem with the permissions of the process running the Python code,
which could escalate to remote code execution depending on the context.
Version 78.1.1 fixes the issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47273
Upstream-patch:
https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a
https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b
(From OE-Core rev: cfb2d77f841ae21cae0ba7d6263dc3e1e0280400)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
urllib3 is a user-friendly HTTP client library for Python. Prior
to 2.5.0, urllib3 does not control redirects in browsers and
Node.js. urllib3 supports being used in a Pyodide runtime utilizing
the JavaScript Fetch API or falling back on XMLHttpRequest. This
means Python libraries can be used to make HTTP requests from a
browser or Node.js. Additionally, urllib3 provides a mechanism to
control redirects, but the retries and redirect parameters are
ignored with Pyodide; the runtime itself determines redirect
behavior. This issue has been patched in version 2.5.0.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50182
Upstream patch:
https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f
(From OE-Core rev: 082b865d9814e7e7aca4466551a035199aa8b563)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
urllib3 is a user-friendly HTTP client library for Python. Prior to
2.5.0, it is possible to disable redirects for all requests by
instantiating a PoolManager and specifying retries in a way that
disable redirects. By default, requests and botocore users are not
affected. An application attempting to mitigate SSRF or open redirect
vulnerabilities by disabling redirects at the PoolManager level will
remain vulnerable. This issue has been patched in version 2.5.0.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50181
Upstream patch:
https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857
(From OE-Core rev: 819273b5b8b9279c01035cb72377fd8cbb51a198)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ctest automatically optimizes the order of (parallel) test execution based on
historic test case runtime via the COST property (see [0]), which can have a
significant impact on overall test run times. Sadly this feature is broken in
CMake < 4.0.0 for test cases that have spaces in their name (see [1]).
This commit backports the upstream fix. As repeated test runs are expected to
mainly take place inside the SDK, the patch is only applied to 'nativesdk'
builds.
[0]: https://cmake.org/cmake/help/latest/prop_test/COST.html
[1]: https://gitlab.kitware.com/cmake/cmake/-/issues/26594
Reported-By: John Drouhard <john@drouhard.dev>
(From OE-Core rev: ead0d06d6335fb74c1ae0dc7bdcf414c66b3e4ab)
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dcbaf42dd74cc0bda7254856589613718ed3f057)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 01842999c13f5ba5a020e7b5029a3bd059c18f4c)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Overview of changes in bind 9.20.9
==================================
Security Fixes:
1. Prevent an assertion failure when processing TSIG algorithm.
2. DNS messages that included a Transaction Signature (TSIG) containing
an invalid value in the algorithm field caused named to crash with an
assertion failure. This has been fixed. (CVE-2025-40775) [GL #5300]
For additional feature changes and bug fixes, please see:
https://downloads.isc.org/isc/bind9/9.20.9/doc/arm/html/notes.html#notes-for-bind-9-20-9
(From OE-Core rev: c9d59ba50a102ace907779612e74646dec133271)
(From OE-Core rev: 8131a878c2d3c5e8b48a1b33a70f8eae90d3e5ca)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 670cb507b9125c152aa08702520f2d220c207c71)
(From OE-Core rev: 6d89ccb56d8fbc844973166b0534630bfa5204ed)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 47128597fbc62164d614aae816edb47a745a5702)
(From OE-Core rev: c955f66ed134bbb8a7cb5d2120ceb591280733e9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ git log --oneline 5b4c4617016d28569106549dff6f9fec73eed5ce..0c76c951620f9e12df2a89b2c684878b55bb6795
0c76c95162 ppc64le: Revert "powerpc: Optimized strcmp for power10" (CVE-2025-5702)
b48d7ab036 ppc64le: Revert "powerpc : Add optimized memchr for POWER10" (Bug 33059)
55cdcadf73 ppc64le: Revert "powerpc: Fix performance issues of strcmp power10" (CVE-2025-5702)
84bdbf8a6f ppc64le: Revert "powerpc: Optimized strncmp for power10" (CVE-2025-5745)
d952c6efaa sparc: Fix argument passing to __libc_start_main (BZ 32981)
515d4166f4 elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987)
899dd3ab2f x86_64: Fix typo in ifunc-impl-list.c.
624285af3b elf: Test case for bug 32976 (CVE-2025-4802)
2ca34d7627 support: Use const char * argument in support_capture_subprogram_self_sgid
dab44a3b2b elf: Keep using minimal malloc after early DTV resize (bug 32412)
5cf17ebc65 hurd: Fix tst-stack2 test build on Hurd
test results:
Before After Diff
FAIL 140 142 +2
PASS 5846 5846 0
UNSUPPORTED 243 243 0
XFAIL 16 16 0
XPASS 4 4 0
failed test changes:
-elf/tst-audit21
+elf/tst-audit-tlsdesc-dlopen2
+elf/tst-dlopen-sgid
-malloc/tst-free-errno-malloc-hugetlb1
+malloc/tst-free-errno
+malloc/tst-malloc-tcache-leak
-nptl/tst-mutex10
+nptl/tst-mutexpi8-static
(From OE-Core rev: a55f79b46b3a3f9228d2ed69f82bec2e4f2e6880)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NVD ([1]) tracks this as:
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
Running on/with
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Yocto cve-check ignores the "Running on/with", so it needs to be ignored
explicitly.
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566
(From OE-Core rev: c43a9f7ca85f1c25a72f7b1efa494e30d6cf4906)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 0627cfafb9c191763855f5d31c09e88dc5495a87)
Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 5fc7794e9ae326eead16552726d74ea801fe535b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To accompany earlier updating of kernel version, update this lonely
reference to be consistent.
(From yocto-docs rev: 87c97308cac2a1e94ad1f006c1226a9072200a5f)
Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit e26c2018cd663de91ee08e0cba55eda1a4c30210)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the sample kernel version being used from 4.4 to a more modern
6.12.
(From yocto-docs rev: 1aaf4044ca3610740a38cd6a53dd11f2071f573b)
Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1bad12b6ccfe1c0d26918926176a0c743568de26)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Sections 4.3.1 and 4.3.2 of the Overview Manual, a bit of tidying
including:
- provide full list of packaging options
- add monospaced rendering where appropriate
- fix broken "ref"
- make capitalization consistent
(From yocto-docs rev: 4b79feb4dfdce35efff05f4316f56445d18e5247)
Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1cf769e3c8a8442cd05449dc97e91ad482d635f3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The nativesdk- prefix to the recipe filename should only be used when
using the inherit method as the BBCLASSEXTEND method will do some magic
when generating the "implicit" name of the recipe.
This matches the instructions for the native class.
(From yocto-docs rev: 4852b8be918be0d0e73d82fff458822100e2f49b)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 15fe239e1e62b9add737aa732dd7f5e9948ee03d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exclusive
We explain how to create a native (nativesdk) recipe in two different
ways via a bullet list but reading quickly the instructions may mislead
one into doing both options whereas they are incompatible.
This rewords both the nativesdk and native sections so that the second
bullet point starts with an Or and explicit that this applies to target
recipes.
(From yocto-docs rev: 69ce7f06d3a736c3d8c7a1fffbdee16d14e2dcdf)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 6d0d338a5f2686ddeee5eed7b6e05f3db800d33a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 1a28231a78be428bc7adfd6d233b6ebb0cb1d4d4)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 5bc4c98987ff809294541657b20d2e44f70e1d2c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove aarch64 for ARM Cortex-R52 processor as it supports only 32-bit
ISA but not 64-bit ISA. Also update ARMPKGARCH for cortexr52hf.
(From OE-Core rev: fd79c20430ad5c540522ddbe72ef235379c628bd)
Signed-off-by: Sandeep Gundlupet Raju <sandeep.gundlupet-raju@amd.com>
Signed-off-by: Sandeep Gundlupet Raju <grsandeep85@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/etc/os-release is a symlink to /usr/lib.
Symlink is retrieved as a dead link which points to nowhere if also the
original file is not accompanying it.
Fetch the real file in addition to this link.
Alternative could be to use "tar -h" (supported also by busybox tar),
however that could lose some important information if links are relevant
for failure analysis.
(From OE-Core rev: ed43f9ccb3c08845259e24440912631afd780d12)
(From OE-Core rev: 93efeca19f53132fce84d914b7ebf21070370127)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport a commit from util-linux upstream to fix the following error.
agetty: segfault at 0 ip 00007fc65600295c sp 00007fffa8dd67e8 error 4 in libc.so.6
(From OE-Core rev: e9cfc549091b77d08817eb7235076c7a0c20e4fa)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Handles CVE-2025-4598
Rebase patches
(From OE-Core rev: 11d583e4ffb8726c66da8f764d985a37a14b2699)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 05618ac2c6f69e0f41fb95e517382bf1177f0735)
(From OE-Core rev: 16f12e6fa89eb3598b56bec63cb5c55c6a8efc35)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Update to the 5.2.1 release of the 5.2.1 series for buildtools
(From OE-Core rev: 91d430e7a68a0cc819398bd05d020f850364fdf1)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
https://requests.readthedocs.io/en/latest/community/updates/#release-history
(From OE-Core rev: 27a860d7b34250326daede0ade382db47e22c114)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ReleaseNotes:
https://downloads.isc.org/isc/kea/2.6.2/Kea-2.6.2-ReleaseNotes.txt
https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt
Security fixes:
CVE-2025-32801
CVE-2025-32802
CVE-2025-32803
License-Update: Update copyright years
* Drop backport patches.
(From OE-Core rev: 76caa09552d5f7baab40d5259ac1a3eaee37e6bd)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 14.3 is a bug-fix release from the GCC 14 branch
containing important fixes for regressions and serious bugs in
GCC 14.2 with more than 211 bugs fixed since the previous release.
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=14.3
Dropped the below patches:
0026-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch
https://github.com/gcc-mirror/gcc/commit/a9f88741a99ba09b29cc0021499c63ca445393f0
0027-gcc-backport-patch-to-fix-data-relocation-to-ENDBR-s.patch
https://github.com/gcc-mirror/gcc/commit/aa4cd614456de65ee3417acb83c6cff0640144e9
0028-fix-incorrect-preprocessor-line-numbers.patch
https://github.com/gcc-mirror/gcc/commit/8cbe033a8a88fe6437cc5d343ae0ddf8dd3455c8
0001-arm-Fix-LDRD-register-overlap-PR117675.patch
https://github.com/gcc-mirror/gcc/commit/9366c328518766d896155388726055624716c0af
gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch
https://github.com/gcc-mirror/gcc/commit/ab884fffe3fc82a710bea66ad651720d71c938b8
(From OE-Core rev: aa59bbbbedb25d772648c4cb1498b34b43efb0fb)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.3..go1.24.4
6796ebb2cb [release-branch.go1.24] go1.24.4
85897ca220 [release-branch.go1.24] net/http: strip sensitive proxy headers from redirect requests
9f9cf28f8f [release-branch.go1.24] os: don't follow symlinks on Windows when O_CREATE|O_EXCL
a31c931adf [release-branch.go1.24] cmd/link: allow linkname reference to a TEXT symbol regardless of size
03811ab1b3 [release-branch.go1.24] crypto/x509: decouple key usage and policy validation
04a9473847 [release-branch.go1.24] lib/fips140: set inprocess.txt to v1.0.0
db8f1dc948 [release-branch.go1.24] hash/maphash: hash channels in purego version of maphash.Comparable
664cf832ec [release-branch.go1.24] runtime/debug: document DefaultGODEBUG as a BuildSetting
431f75a0b9 [release-branch.go1.24] os: fix Root.Mkdir permission bits on OpenBSD
Fixes CVE-2025-4673, CVE-2025-0913 and CVE-2025-22874 [2].
[1] https://github.com/golang/go/compare/go1.24.3...go1.24.4
[2] https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A
(From OE-Core rev: 50fe0b3832f741bc7f9ea0b996a7e99c5696c0ba)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Backport patch for this CVE and also patch for its regression.
(From OE-Core rev: 0d880cdb51e47f78387b63063727fe6df1b009e6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d]
CVE: CVE-2025-3198
(From OE-Core rev: 3516188a077bd27e1de3bb42bd5630dba0b3b07f)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The js_splitter_code string contains backslashes that Python tries to
use as escape sequence but doesn't manage to, hence the following
SyntaxWarning message:
documentation/conf.py:188: SyntaxWarning: invalid escape sequence '\p'
.split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}-]+/gu)
Considering that we want this to be sent verbatim to the JS, let's make
this a raw string instead.
Fixes: d4a98ee19e0c ("conf.py: tweak SearchEnglish to be hyphen-friendly")
(From yocto-docs rev: 1fc92ff2af72118ae041183d395d0a0323ecc1a9)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit c1056672ef45b197136eb8815728d426337a5901)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This repository is partially included in another repository: poky.
However its README isn't making it, so documentation/README pointing at
the README at the root of the git repository would lead the contributor
nowhere.
Instead, let's include the appropriate information directly in
documentation/README which does make it to the poky git repo.
(From yocto-docs rev: 1b93a4122624b554243842822e7df209cc884b27)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0298318cea2947e65754eab97255164e64a862de)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
KCONFIG_MODE defaults to 'allnoconfig' when not set, regardless of whether
KBUILD_DEFCONFIG points to an in-tree or a meta-layer defconfig.
(From yocto-docs rev: 77e401de547a67d1654480c3fb8df3693724a69f)
Signed-off-by: Carlos Sánchez de La Lama <csanchezdll@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f374b9c426f6c10710e011a4ad660231ee26efb8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
