| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
(From OE-Core rev: d5342ffc570d47a723b18297d75bd2f63c2088db)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From meta-yocto rev: 70e3095506c9d8f37dc8963158d4c7d146852dea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the task dependency:
do_uboot_assemble_fitimage -> virtual/kernel:do_kernel_generate_rsa_keys
to ensure the kernel FIT image signing keys are available when creating
the U-Boot DTB. This is done only if the signing of the kernel FIT image
is enabled (UBOOT_SIGN_ENABLE="1").
The lack of the dependency causes build errors when executing a build
with no kernel FIT keys initially present in the keys directory. In such
cases one would see an output like this in the Bitbake logs:
Log data follows:
| DEBUG: Executing shell function do_uboot_assemble_fitimage
| Couldn't open RSA private key: '/workdir/build/keys/fit/dev.key': No such file or directory
| Failed to sign 'signature' signature node in 'conf-1' conf node
| FIT description: Kernel Image image with one or more FDT blobs
| ...
This issue was introduced by commit 259bfa86f384 where the dependency
between U-Boot and the kernel was removed (for good reasons). Before
that commit the dependency was set via DEPENDS so that, in terms of
tasks, one had:
u-boot:do_configure -> virtual/kernel:do_populate_sysroot
and the chain leading to the key generation was:
virtual/kernel:do_populate_sysroot -> virtual/kernel:do_install
virtual/kernel:do_install -> virtual/kernel:do_assemble_fitimage
virtual/kernel:do_assemble_fitimage -> virtual/kernel:do_kernel_generate_rsa_keys
With the removal of the first dependency, no more guarantees exist that
the keys would be present when assembling the U-Boot FIT image. That's
the situation we are solving with the present commit.
(From OE-Core rev: 036f20156b3c7d0a8b912e90aa29a9b986106d5a)
Fixes: d7bd9c627661 ("u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled")
(From OE-Core rev: 56431a98ac661eaa42803e83a9ede6eae0b72b67)
Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During ptest execution, util-linux adds mount entries in /etc/fstab
and runs `mount -a`, which mounts all available entries from
/etc/fstab. This can cause unintended mounts that are unrelated to
the test, leading to incorrect test behavior.
To avoid this, upstream util-linux introduced a mechanism using
CUSTOM_FSTAB,which isolates test-specific fstab entries. Only entries
listed in CUSTOM_FSTAB are mounted during test execution, ensuring
tests do not interfere with or depend on the system's /etc/fstab.
This commit backports below upstream changes to use CUSTOM_FSTAB.
https://github.com/util-linux/util-linux/commit/ed3d33faff17fb702a3acfca2f9f24e69f4920de
https://github.com/util-linux/util-linux/commit/b1580bd760519a2cf052f023057846e54de47484
https://github.com/util-linux/util-linux/commit/6aa8d17b6b53b86a46c5da68c02a893113130496
(From OE-Core rev: e7420db0d77611140149ccfefefc8becfad4f34b)
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ffmpeg_6.1.2 is the newest available stable release for 6.1.
It introduces quite a few bug and CVE fixes, which should help all.
CVEs that are fixed in the upgrade:
CVE-2024-32230
CVE-2024-35366
CVE-2024-36613
CVE-2024-36616
CVE-2024-36617
CVE-2024-36619
CVE-2024-7055
During upgrade it was noticed that the CVE scan doesn't pick up the CVEs as unpatched
(CVE-2025-0518, CVE-2025-22919, CVE-2025-22921, CVE-2025-25473,
CVE-2024-36618, CVE-2024-35369, CVE-2024-35368, CVE-2024-35367,
CVE-2024-35365, CVE-2024-28661, CVE-2023-50007, CVE-2023-49528,
CVE-2023-49501), due to improper versioning in NVD,
they are affecting 6.1.2 and hence we are leaving the patches in.
check the changelog mention below for information about fixes.
changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n6.1.2
This upgrade fixes CVE's hence remove those patches.
Refresh vulkan_av1_stable_API.patch as per new codebase.
(From OE-Core rev: 57e25585abf34677451c68d581374245e5b4b418)
Signed-off-by: Divyanshu Rathore <divyanshurathore2022@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2025-1180 is fixed with patch from CVE-2025-1176.
More details about CVE is here: https://nvd.nist.gov/vuln/detail/CVE-2025-1179
(From OE-Core rev: 9c63f1c73426532a94f01fbbe26c9f52a3c4fdf7)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c]
(From OE-Core rev: 91231813d04680f93a08cb29540073bb4749e22f)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained even
after changing the host.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-27221
Upstream-patches:
https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495
https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5
(From OE-Core rev: 421d7011269f4750f5942b815d68f77fa4559d69)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2025-1179-pre.patch is dependency patch for CVE-2025-1179.patch
Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141322.html &&
https://sourceware.org/pipermail/binutils/2025-May/141321.html]
CVE: CVE-2025-1179
cherry picked from upstream commit:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=67e30b15212adc1502b898a1ca224fdf65dc110d
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1d68a49ac5d71b648304f69af978fce0f4413800
(From OE-Core rev: 8f54548f784ef60eaf7fb6b3f539d48b0f7192a3)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
import patch from debian to fix
CVE-2025-32914
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf]
Reference:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
https://security-tracker.debian.org/tracker/CVE-2025-32914
(From OE-Core rev: 8eba970123aca651cbce13e52d43ddaddd76a7cc)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f
(From OE-Core rev: c45c8ad64aafd1f8a447f4fce6a2e7c0f22ef5f0)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
(From OE-Core rev: 7bdeb2217253a86c941edb7c4c28ba57d855c606)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
import patch from debian to fix
CVE-2025-32910
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832]
Reference:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
https://security-tracker.debian.org/tracker/CVE-2025-32910
(From OE-Core rev: 0fc936f23e6f70021acf4e711ef49d3a5cc966fe)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix [YOCTO #15753]
(From yocto-docs rev: 3996388e337377bedc113d072a51fe9d68dd40c6)
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 5f5a406d4acdfcbf655ac014d0d2807056f95291)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 40045299491087d3f7d269b696ae48d513dae435)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 3982720668aafa18c9ed27304d09f896740b1653)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix [YOCTO #15755]
(From yocto-docs rev: 2eb345ffa74d58d209a6a8deb27b228c37628034)
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit fd143a04bab38f6aeec23ec229657b16fcaecdf1)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This modifies the default indexer split() and js splitQuery()
methods to support searching for words with hyphens.
While this might not be an ideal, rock solid, and fully future-proof
solution, it allows at least to search for strings inlcuding hyphens,
such as 'bitbake-layers', 'send-error-report', or 'oe-core'.
Below is a bit more detailed explanation of the two modifications done:
1) The default split regex in the sphinx-doc SearchLanguage base class
is:
| _word_re = re.compile(r'\w+')
which we simply extend to include hyphens '-'.
This will result in a searchindex.js that contains words with hyphens,
too.
2) The 'searchtool.js' code notes for its splitQuery() implementation:
| /**
| * Default splitQuery function. Can be overridden in ``sphinx.search`` with a
| * custom function per language.
| *
| * The regular expression works by splitting the string on consecutive characters
| * that are not Unicode letters, numbers, underscores, or emoji characters.
| * This is the same as ``\W+`` in Python, preserving the surrogate pair area.
| */
| if (typeof splitQuery === "undefined") {
| var splitQuery = (query) => query
| .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}]+/gu)
| .filter(term => term) // remove remaining empty strings
| }
The hook for this is documented in the sphinx-docs 'SearchLanguage'
base class.
| .. attribute:: js_splitter_code
|
| Return splitter function of JavaScript version. The function should be
| named as ``splitQuery``. And it should take a string and return list of
| strings.
|
| .. versionadded:: 3.0
We use this to define a simplified splitQuery() function with a split
argument that splits on empty spaces only.
We extend SearchEnglish (which extends SearchLanguage) here to retain
the stemmer code and stopwords for English.
[YOCTO #14534]
(From yocto-docs rev: ce18901b1059746069a0dea8893ba4a357772b51)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit d4a98ee19e0cbd6be96923dc72faee143a6b294b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This variable specifies the maximum allowed size
of the initramfs image in Kbytes.
Fixes [YOCTO #15797]
CC: Yoann Congal <yoann.congal@smile.fr>
CC: Randy MacLeod <randy.macleod@windriver.com>
CC: Antonin Godard <antonin.godard@bootlin.com>
(From yocto-docs rev: 123d1ec8e532751ac416c21e3eaa92fd904e2171)
Signed-off-by: Christos Gavros <gavrosc@yahoo.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 07bcdddaf71c76cdec186cf0ddd97a47eec54972)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This variable specifies the maximum allowed size
of the generated image in kilobytes.
CC: Yoann Congal <yoann.congal@smile.fr>
CC: Randy MacLeod <randy.macleod@windriver.com>
CC: Antonin Godard <antonin.godard@bootlin.com>
CC: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: d45174d03e1ccd422b9210e3ba1f648d2f6b5173)
Signed-off-by: Christos Gavros <gavrosc@yahoo.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f3ddc92081363aa7ef7d4fc2c3b918f32f7bda05)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix as many instances of unbalanced-inline-literals-delimiters as reported by
'make sphinx-lint' as possible. Sphinx and/or its linter seem to get tripped
up randomly when references contain links to heading which contain literals
enclosed in double-back-tics, and not all of them can be "fixed" to pass both
building and linting.
(From yocto-docs rev: 0ba5429953dfa0cdc983ed13ddd06351116031c7)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix all instances of missing-space-after-literal as reported by 'make
sphinx-lint'.
(From yocto-docs rev: b562ea5563adc744703b10e0c9a530ed7476d51a)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix all instances of trailing-whitespace as reported by 'make sphinx-lint'.
(From yocto-docs rev: d754df8f2084ad45305cfd9c1cf35da727240aa4)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
libatomic-ops moves to new repo https://github.com/ivmai/libatomic_ops
according to topic: https://github.com/bdwgc/libatomic_ops/issues/66
(From OE-Core rev: 29d920f4c2249df7a69f00100924b4525e03c0d9)
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If extra-utils package is not included in the image, you'll always
see a warning that password agent is missing whenever you start/stop a
service:
Failed to execute /usr/bin/systemd-tty-ask-password-agent: No such file or directory
(From OE-Core rev: 180455ee76a3819933f45ddd6ce9a5610b3ba947)
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
PR 32603 [https://sourceware.org/bugzilla/show_bug.cgi?id=32603]
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0b7f992b78fe0984fc7d84cc748d0794e4a400e3
&& https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=31e9e2e8d1090da0c1da97a70005d8841fff8ddd
&& https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fe459e33c676883b5f28cc96c00e242973d906a9]
(From OE-Core rev: c8cb463ccee514935fe14544173c85001d66e60b)
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e]
(From OE-Core rev: 7c963f68cb8dfdea3e1664078037303ea3f29e65)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in GLib, which is vulnerable to an integer overflow
in the g_string_insert_unichar() function. When the position at which
to insert the character is large, the position will overflow, leading
to a buffer underwrite.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-4373
https://security-tracker.debian.org/tracker/CVE-2025-4373
Upstream-patches:
https://gitlab.gnome.org/GNOME/glib/-/commit/cc647f9e46d55509a93498af19659baf9c80f2e3
https://gitlab.gnome.org/GNOME/glib/-/commit/4d435bb4809793c445846db8fb87e3c9184c4703
(From OE-Core rev: 02e2f5211962394ec3d66882daab240cb465ef85)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen)
and memcpy(response+offset,*end,*rdlen) without a check for whether
the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be
larger than the amount of remaining packet data in the current state
of parsing. Values of stack memory locations may be sent over the
network in a response.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32366
Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4
(From OE-Core rev: 02e046149b1cc5eca5188eec7b4e1a9970b97faf)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport
[https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367]
(From OE-Core rev: 6565ae2b01d6eb1e3a83ed387a5e3b765f85b8cf)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes [YOCTO #15509]
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 38706f0e743447da9a39a6369620fa039ab6df3b)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f1cdecb6da91dbfac59359c83038cb4a4c36ad0a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a section after the 'git format-patch' information encouraging developers
to add patch version changelogs to their patch updates.
(From yocto-docs rev: 78fd3b3f1ec797dfe3648509a1945241b50640d5)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 2e3a37c4607b296956993e557d1786c4876e5722)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 5b91bfc02ad35fa7b391e39b9559c65dca808d1e)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0d070439259d72f66a71c148f6c7926f6f233b6d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Since scarthgap [1], the default will be overridden when using
'systemd' as INIT_MANAGER. Reflect this in the documentation.
* The distro configuration is probably the better place for
customization, thus at least mention this together with the
local.conf.
* While at it, drop the probably redundant description on how to
override weak default variables.
The example on how to set "/root" is still given indirectly, anyway.
[1] ebafe463 ("systemd: upgrade to 255.1")
(From yocto-docs rev: f1f92f0a5a881c45ffecf9cf9bd070c992aff35a)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 50e92009d309fc4ae406174feb8f6578142748cc)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kernel-fitimage.bbclass uses the UBOOT_* variables. The SPL_*
variables are handled by uboot-sign.bbclass.
(From yocto-docs rev: 0d4cda12f2c3f89f64043c30cc0830dfa632e76e)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 8ceffee908a039deb1021361faa7637e83ef26f3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 4bbf915547adcd667247df22a1ff2e7e5f223c3e)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 656dc03101705bba718517b7017f71ce00541b72)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Add the future "Whinlatter" (5.3) and "Wrynose" (6.0) releases.
- Make the "Walnascar" release a current release.
- Update the month in Current.
(From yocto-docs rev: 0c08c88aad0a2acf04d2da0f2935f29bc6a6eb99)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit adb8573b54626e033921a9f4e3db259312b79207)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The version has changed now (3.10.12 as of writing). Avoid having to
maintain this information by removing the version info from the intro.
Also fix a typo ("uses now uses") and give a link to yocto-autobuilder2.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: a7000370ca9c1c623cd9272738f1a252e6556951)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1ed64dbdf4a60b000305cdc2c67dc24f4bc97ef7)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This document was written with SPDX 3.0 in mind (create-spdx-3.0 class)
on OE-Core's master, but Scarthgap only supports SPDX 2.2
(create-spdx-2.2).
The create-spdx-2.2 class only generate a tar.zst output, so remove the
other outputs listed here.
Also, ancillary outputs are not only deployed in tmp/deploy/spdx/MACHINE
but tmp/deploy/spdx in general.
(From yocto-docs rev: deedc7395f565e9820d914de9ffc3b14f8b143eb)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This recipe takes longer time >20min when bitbake for package
write stage. When cross-verified for longer time duration, found
that do_check() stage taking 20min while other stages completes
before 6min.
This recipe gives only below two test binaries in the packages to
test (ptest: glibc-y2038-tests):
io/ftwtest
io/ftwtest-time64
The above test binaries are already included for testing in recipe
glibc-testsuite_2.39.bb.
It is by now well established that glibc itself works as it should,
that all affected 32 bit targets are configured to use 64 bit time_t,
and that any lingering y2038 issues are in components other than the c
library, and usually come from C programming mistakes (e.g. storing
timestamps in long). So this recipe seems to be redundant and
can be removed.
Review comments for fixing above longer time duration ended up in
removing this recipe as a proposal is below
https://lists.openembedded.org/g/openembedded-core/topic/112188476#msg214636
Removed lines having reference to glibc-y2038-tests in the files.
For master branch requested for integration and below is the link
https://lists.openembedded.org/g/openembedded-core/message/215655
(From OE-Core rev: b214cc84a922f7a3fb7ebbc501189ce25e8bd2bd)
Signed-off-by: rajmohan r <semc.2042@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While backporting commit 7543e4e24a8b ("cve-check.bbclass: Mitigate
symlink related error") I failed to address the fact that in Scarthgap
this bbclass still generates also the text CVE file, in addition to the
JSON file.
In order to avoid the error that occurred with JSON files from
occurring now with CVE files:
ERROR: core-image-base-1.0-r0 do_image_complete: Recipe core-image-base is trying to install files into a shared area when those files already exist. The files and the manifests listing them are:
/home/poky/build/tmp/deploy/images/qemux86-64/.cve
(matched in manifest-qemux86_64-core-image-minimal.image_complete)
Please adjust the recipes so only one recipe provides a given file.
update the symlink handling for the text file variant too.
(From OE-Core rev: 81e702c85c62782dbedd5ca2a5e6569e6339dd60)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Symbols are used during install as well, adding KBUILD_EXTRA_SYMBOLS enables
successful installation.
| DEBUG: Executing shell function do_install
| NOTE: make -j 22 KERNEL_SRC=xxx/kernel-source -C xxx/drivers
KDIR=xxx/kernel-source DEPMOD=echo
MODLIB=xxx/image/lib/modules/6.6.75-yocto-standard-00189-g530c419bc9db
INSTALL_FW_PATH=xxx/image/lib/firmware CC=aarch64-poky-linux-gcc
-fuse-ld=bfd -fcanon-prefix-map LD=aarch64-poky-linux-ld.bfd
OBJCOPY=aarch64-poky-linux-objcopy STRIP=aarch64-poky-linux-strip
O=xxx/kernel-build-artifacts modules_install
| make: Entering directory 'xxx/drivers'
| make -C xxx/kernel-source M=xxx/drivers modules
| make[1]: Entering directory 'xxx/kernel-source'
| make[2]: Entering directory 'xxx/kernel-build-artifacts'
| MODPOST xxx/drivers/Module.symvers
| ERROR: modpost: "xxx" [xxx/xxx.ko] undefined!
(From OE-Core rev: e8b90907f9c12808ac7137779f16edb62763e1c3)
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0ef80eeda967a9e04ff91c3583aabbc35c9868e8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Update to the 5.0.9 release of the 5.0 series for buildtools
(From OE-Core rev: 653b2ce8e7b19f668f337cab8726674f595a8dbe)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2025-47268
ping in iputils through 20240905 allows a denial of service (application
error or incorrect data collection) via a crafted ICMP Echo Reply
packet, because of a signed 64-bit integer overflow in timestamp
multiplication.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47268
Patch from:
https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40
(From OE-Core rev: 6b0dd564249754ab8ec20ce69b137466e051501e)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch [1] to improve performance of rand() and __random()[2]
by adding a single-threaded fast path.
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=be0cfd848d9ad7378800d6302bc11467cf2b514f
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=32777
(From OE-Core rev: 68ee8d16fa5419acba9111d3aca285be92bd93d3)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf]
(From OE-Core rev: 6dd125b619974c8102b3050900781c22c2db4b10)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
can be NULL or an empty string when the TC (Truncated) bit is set in
a DNS response. This allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code, because those
lookup values lead to incorrect length calculations and incorrect
memcpy operations.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32743
Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f
(From OE-Core rev: 9558ec2091964556b47b0909c5d243aee5bafb6f)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 90359036300731b6c26b646afbf3d66127b72fa2)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f
(From OE-Core rev: 6e373ec360151b212ae6eedc4c663fb9e760ae75)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff
(From OE-Core rev: dfde13ecffad3426846bd4b366d1e0cdb77b1be0)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
import patch from ubuntu to fix
CVE-2024-52531
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
https://gitlab.gnome.org/GNOME/libsoup/-/commit/a35222dd0bfab2ac97c10e86b95f762456628283
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/825fda3425546847b42ad5270544e9388ff349fe]
Reference:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/
https://ubuntu.com/security/CVE-2024-52531
(From OE-Core rev: c7ab8b45b1f533ca1b27b07c30f44b7b64a3cfde)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
