summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* tcf-agent: correct the SRC_URIGuocai He2025-07-071-2/+2
| | | | | | | | | The SRC_URI is changed to git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git (From OE-Core rev: 175cd54fd57266d7dea07121861a4f15be00a882) Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* uboot: Allow for customizing installed/deployed file namesRyan Eatmon2025-07-072-45/+50
| | | | | | | | | | | | | | | | | | | | | | | | Backport from master: https://git.openembedded.org/openembedded-core/commit/?id=debc691853e2954bd325bad395b8829939afaa08 When assembling all of the various filenames that are installed/deployed from u-boot, we have been including the PV and PR in the filenames. This change introduces a single variable to replace these two in the filenames. This change should not be disruptive since the default value for the new UBOOT_VERSION variable is "${PV}-${PR}". In one case (UBOOT_EXTLINUX_SYMLINK [1]), PR was used without PV, this patch assumes this was a mistake and corrects it as PR would not be of much use alone. [1] https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=33df3a65f3e8e136811da715d0cc247ce66ae0ea (From OE-Core rev: 58ad450e84db35d5b38dab65edbbc33bc6fef750) Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* spdx: add option to include only compiled sourcesDaniel Turull2025-07-072-0/+54
| | | | | | | | | | | | | | | | | | | | | | | | | When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the source code files that are used during compilation. It uses debugsource information generated during do_package. This enables an external tool to use the SPDX information to disregard vulnerabilities that are not compiled. As example, when used with the default config with linux-yocto, the spdx size is reduced from 156MB to 61MB. Tested with bitbake world on oe-core. (From OE-Core rev: c6a2f1fca76fae4c3ea471a0c63d0b453beea968) Adapted to existing files for create-spdx-2.2 CC: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> CC: Joshua Watt <JPEWhacker@gmail.com> (From OE-Core rev: a2866934e58fb377a73e87576c8594988a63ad1b) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* package: export debugsources in PKGDESTWORK as jsonDaniel Turull2025-07-072-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | The source information used during packaging can be use from other tasks to have more detailed information on the files used during the compilation and improve SPDX accuracy. Source files used during compilation are store as compressed zstd json in pkgdata/debugsources/$PN-debugsources.json.zstd Format: { binary1: [src1, src2, ...], binary2: [src1, src2, ...] } I checked the sstate size, and it slightly increases using core-image-full-cmdline: without patch: 2456792 KB sstate-cache/ with patch: 2460028 KB sstate-cache/ (4236 KB or 0.17%) (From OE-Core rev: c507dcb8a8780a42bfe68b1ebaff0909b4236e6b) Adaptations to match spdx in scarthgap: change BP to PF CC: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> CC: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: cba53212f5debf897752453364b9756a05c197de) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ltp: backport patch to fix compilation error for x86_64Preeti Sachan2025-07-072-0/+43
| | | | | | | | | | | | | | When the input compiler enables AVX, stack realignment requirements causes gcc to fail to omit %rbp use, due to which the test fails to clobber %rbp in inline asm. Disable AVX to build the test on x86_64 so that the test continues working. Fix compilation with gcc v13.4+. Cherry picked from oe-core, master branch. (From OE-Core rev: 54d6fa7bc9f4ae6bdb98862488e8d09200d3bc14) Signed-off-by: Preeti Sachan <preeti.sachan@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gnupg: update 2.4.5 -> 2.4.8Roland Kovacs2025-07-071-9/+2
| | | | | | | | | | | | | | | | This release includes fix for CVE-2025-30258. Support for --enable-gpg-is-gpg2 config option has been partially removed in version 2.4.6. Changelog: https://dev.gnupg.org/T7428 CVE: CVE-2025-30258 (From OE-Core rev: 41ef33ebf3e1a922aa44da8d75b240163d7954b1) Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* busybox: fix CVE-2022-48174Victor Giraud2025-07-072-0/+81
| | | | | | | | | | | | | shell: avoid segfault on ${0::0/0~09J}. Closes 15216 CVE: CVE-2022-48174 Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/busybox/commit/?id=ca2afcbf42017d998ce3d6726f5ff5072a3fa853] (From OE-Core rev: a81aff7d810800ce3265422cddde26d11366d514) Signed-off-by: Victor Giraud <vgiraud.opensource@witekio.com> Signed-off-by: Bruno Vernay <bruno.vernay@se.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: fix CVE-2025-4673Praveen Kumar2025-07-072-0/+69
| | | | | | | | | | | | | | | | Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-4673 Upstream-patch: https://github.com/golang/go/commit/b897e97c36cb62629a458bc681723ca733404e32 (From OE-Core rev: 72279bbc1ff2d85563c5245195435f078c5d1a68) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cmake: Correctly handle cost data of tests with arbitrary chars in nameMoritz Haase2025-06-253-1/+207
| | | | | | | | | | | | | | | | | | | | | | | ctest automatically optimizes the order of (parallel) test execution based on historic test case runtime via the COST property (see [0]), which can have a significant impact on overall test run times. Sadly this feature is broken in CMake < 4.0.0 for test cases that have spaces in their name (see [1]). This commit is a backport of f24178f3 (which itself backports the upstream fix). The patch was adapted slightly to apply cleanly to the older CMake version in scarthgap. As repeated test runs are expected to mainly take place inside the SDK, the patch is only applied to 'nativesdk' builds. [0]: https://cmake.org/cmake/help/latest/prop_test/COST.html [1]: https://gitlab.kitware.com/cmake/cmake/-/issues/26594 Reported-By: John Drouhard <john@drouhard.dev> (From OE-Core rev: cfa97a50e06fb0fcc7cbc0ada54ce7ad5ba29ebe) Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: stable 2.39 branch updatesPeter Marko2025-06-255-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | $ git log --oneline 3463100f2d47f2897a24ba8023a5c7aaf2d26550..06a70769fd0b2e1f2a3085ad50ab620282bd77b3 06a70769fd ppc64le: Revert "powerpc: Optimized strcmp for power10" (CVE-2025-5702) 3875045da5 ppc64le: Revert "powerpc : Add optimized memchr for POWER10" (Bug 33059) c6240a11f7 ppc64le: Revert "powerpc: Fix performance issues of strcmp power10" (CVE-2025-5702) 2caef2827f elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987) 9e25c0f445 x86_64: Fix typo in ifunc-impl-list.c. ca99d55315 elf: Test case for bug 32976 (CVE-2025-4802) 71ddb11ccd support: Add support_record_failure_barrier abdeb4b520 support: Use const char * argument in support_capture_subprogram_self_sgid 147bed0a71 elf: Keep using minimal malloc after early DTV resize (bug 32412) 4e5ee49a43 sysdeps/unix/sysv/linux/x86_64/Makefile: Add the end marker 37b30b6a68 sysdeps/x86_64/Makefile (tests): Add the end marker 9fe51d34bb sort-makefile-lines.py: Allow '_' in name and "^# name" 14ec225d85 libio: Correctly link tst-popen-fork against libpthread 1dcfb9479d libio: Fix a deadlock after fork in popen e31ac9a639 libio: Sort test variables in Makefile 68f3f1a1d0 Linux: Switch back to assembly syscall wrapper for prctl (bug 29770) d33d10642f nptl: PTHREAD_COND_INITIALIZER compatibility with pre-2.41 versions (bug 32786) b1eb369aee nptl: Use all of g1_start and g_signals ac5da3c0e4 nptl: rename __condvar_quiesce_and_switch_g1 2fdc0afd07 nptl: Fix indentation 582c99b2c0 nptl: Use a single loop in pthread_cond_wait instaed of a nested loop fc2a25417d nptl: Remove g_refs from condition variables 6f5ba03968 nptl: Remove unnecessary quadruple check in pthread_cond_wait d0da34ad30 nptl: Remove unnecessary catch-all-wake in condvar group switch ea13a35e37 nptl: Update comments and indentation for new condvar implementation 2451ef5c4a pthreads NPTL: lost wakeup fix 2 test results: Before After Diff FAIL 207 207 0 PASS 4912 4915 +3 UNSUPPORTED 230 230 0 XFAIL 16 16 0 XPASS 4 4 0 (From OE-Core rev: c94b6686a1edcaa1bea1ff5e716df96da8e36b7c) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* coreutils: fix CVE-2025-5278Chen Qi2025-06-252-0/+113
| | | | | | | | | Backport patch to fix CVE-2025-5278. (From OE-Core rev: 7af711c0a31359b57903503ab37bad53aad89c22) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: set status of CVE-2024-3566Peter Marko2025-06-252-0/+2
| | | | | | | | | | | | | | | | | NVD ([1]) tracks this as: cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* Running on/with cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* Yocto cve-check ignores the "Running on/with", so it needs to be ignored explicitly. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566 (From OE-Core rev: b8841097eaf7545abf56eb52a122e113b54ba2a7) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bsp-guide: update all of section 1.8.2 to reflect current beaglebone conf fileRobert P. J. Day2025-06-201-18/+9
| | | | | | | | | | (From yocto-docs rev: 731bb4a7d58f16e7920b4798409a4db1b57a0344) Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 5fc7794e9ae326eead16552726d74ea801fe535b) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bsp-guide: update lonely "4.12" kernel reference to "6.12"Robert P. J. Day2025-06-201-1/+1
| | | | | | | | | | | | | To accompany earlier updating of kernel version, update this lonely reference to be consistent. (From yocto-docs rev: 0493f6e0ff9f52ec74adde584a04a121f5ad76aa) Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit e26c2018cd663de91ee08e0cba55eda1a4c30210) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bsp guide: update kernel version example to 6.12Robert P. J. Day2025-06-201-8/+13
| | | | | | | | | | | | | | Change the sample kernel version being used from 4.4 to a more modern 6.12. (From yocto-docs rev: 13235b2c604ccff8737bfb9ee2add626e0ea0503) Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 1bad12b6ccfe1c0d26918926176a0c743568de26) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* overview-manual: small number of pedantic cleanupsRobert P. J. Day2025-06-201-13/+12
| | | | | | | | | | | | | | | | | | In Sections 4.3.1 and 4.3.2 of the Overview Manual, a bit of tidying including: - provide full list of packaging options - add monospaced rendering where appropriate - fix broken "ref" - make capitalization consistent (From yocto-docs rev: 7abe7dde0cbb34a56af30452104355688775ef2b) Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 1cf769e3c8a8442cd05449dc97e91ad482d635f3) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: classes: nativesdk: move note to appropriate sectionQuentin Schulz2025-06-201-10/+10
| | | | | | | | | | | | | | | | The nativesdk- prefix to the recipe filename should only be used when using the inherit method as the BBCLASSEXTEND method will do some magic when generating the "implicit" name of the recipe. This matches the instructions for the native class. (From yocto-docs rev: c44d05d11833de4645d72fb8f987123e693494f4) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 15fe239e1e62b9add737aa732dd7f5e9948ee03d) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: classes: reword to clarify that native/nativesdk options are ↵Quentin Schulz2025-06-201-2/+4
| | | | | | | | | | | | | | | | | | | | exclusive We explain how to create a native (nativesdk) recipe in two different ways via a bullet list but reading quickly the instructions may mislead one into doing both options whereas they are incompatible. This rewords both the nativesdk and native sections so that the second bullet point starts with an Or and explicit that this applies to target recipes. (From yocto-docs rev: 70194ee42c946e1a2122ac143612e334fcbc5241) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 6d0d338a5f2686ddeee5eed7b6e05f3db800d33a) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guide: add release notes for 5.0.10Lee Chee Yang2025-06-202-0/+209
| | | | | | | | | | (From yocto-docs rev: 32344c65b167cc19431902eba628bb321690a166) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 5bc4c98987ff809294541657b20d2e44f70e1d2c) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* systemd: Rename systemd_v255.21 to systemd_255.21Savvas Etairidis2025-06-201-0/+0
| | | | | | | | | | The recipe was accidentally renamed with a 'v' prefix in 29e623b2ad00555788412fa520fbb9ffec794cbb. (From OE-Core rev: db02a4cc542d0e7e563ec46c91bf9a7313a71d02) Signed-off-by: Savvas Etairidis <setairidis@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpng: Add ptestPoonam Jadhav2025-06-203-2/+48
| | | | | | | | | | | Install libpng test-suite to run it as a ptest. As the test-suite takes more than 30 seconds to run, add libpng-ptest to PTESTS_SLOW in ptest-packagelists.inc (From OE-Core rev: 1b52b7ebe5f8fb490088622181cdb95e6b7f5a29) Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tune-cortexr52: Remove aarch64 for ARM Cortex-R52Sandeep Gundlupet Raju2025-06-201-3/+2
| | | | | | | | | | | Remove aarch64 for ARM Cortex-R52 processor as it supports only 32-bit ISA but not 64-bit ISA. Also update ARMPKGARCH for cortexr52hf. (From OE-Core rev: 8ee21ec40e9f25ee97ec077b93751fea14b66e32) Signed-off-by: Sandeep Gundlupet Raju <sandeep.gundlupet-raju@amd.com> Signed-off-by: Sandeep Gundlupet Raju <grsandeep85@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gcc: Upgrade to GCC 13.4Deepesh Varatharajan2025-06-2014-668/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a bugfix release in GCC13 release series 100+ bugfixes https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=13.4 Dropped the following patches: 0028-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch https://github.com/gcc-mirror/gcc/commit/179dc0f0fe01012675c1b430591b9891ce96c26e gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch https://github.com/gcc-mirror/gcc/commit/5ceea2ac106d6dd1aa8175670b15a801316cf1c9 #GCC 13.3 #GCC 13.4 #Diff No. of expected passes            148863 149440 +577 No. of unexpected failures        14 14 0 No. of expected failures          1415 1414 -1 No. of unresolved testcases       25384 25660 +276 No. of unsupported tests          2692 2689 -3 (From OE-Core rev: 7af83314fea5948937403b5d59ba5df6fecdd81a) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* scripts/install-buildtools: Update to 5.0.10Aleksandar Nikolic2025-06-201-2/+2
| | | | | | | | | Update to the 5.0.10 release of the 5.0.10 series for buildtools (From OE-Core rev: 6c3344ba51a42252e347db2f6013c49d35413ea0) Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-requests: upgrade 2.32.3 -> 2.32.4Jiaying Song2025-06-201-1/+1
| | | | | | | | | | Changelog: https://requests.readthedocs.io/en/latest/community/updates/#release-history (From OE-Core rev: 0f0a06ccef45792f65b823ecc0ef10525d94084f) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-1373Colin Pinnell McAllister2025-06-201-0/+4
| | | | | | | | | | CVE-2025-1373 does not appear to affect ffmpeg 5.0.3. The CVE has been marked as "fixed-version". (From OE-Core rev: 0ffe159d9a4ee434b4c995e1ca9a85b01e0a5d05) Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* net-tools: patch CVE-2025-46836Peter Marko2025-06-203-0/+124
| | | | | | | | | Backport patch for this CVE and also patch for its regression. (From OE-Core rev: 352525443b1844cdfd28355dfc1444046bbb76e8) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* testimage: get real os-release filePeter Marko2025-06-131-1/+3
| | | | | | | | | | | | | | | | | | | /etc/os-release is a symlink to /usr/lib. Symlink is retrieved as a dead link which points to nowhere if also the original file is not accompanying it. Fetch the real file in addition to this link. Alternative could be to use "tar -h" (supported also by busybox tar), however that could lose some important information if links are relevant for failure analysis. (From OE-Core rev: ed43f9ccb3c08845259e24440912631afd780d12) (From OE-Core rev: f7ee6db8ca5dc72b7a468531e31403b60e6a0020) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gtk+: add missing libdrm dependencyAndrew Fernandes2025-06-131-0/+1
| | | | | | | | | | | | | | Fixes [YOCTO #15513] When built without the wayland feature, gtk4 does not build due to a missing explicit dependency on libdrm. (From OE-Core rev: 46c7f1a8d6b39256479abd8a7bb7be1ccf221267) Signed-off-by: Andrew Fernandes <andrew@fernandes.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b32290d9bbcfccc9b85fa5acbeaee5d32d9a9091) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: upgrade 3.12.9 -> 3.12.11Peter Marko2025-06-139-64/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop upstreamed patch and refresh remaining patches. * https://www.python.org/downloads/release/python-31210/ Python 3.12.10 is the latest maintenance release of Python 3.12, and the last full maintenance release. Subsequent releases of 3.12 will be security-fixes only. * https://www.python.org/downloads/release/python-31211/ Security content in this release * gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. * gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler. * gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. gh-133767 got meawhile CVE-2025-4516 assigned. (From OE-Core rev: 6cca08b2857efd5481e837ecd6bb295cb8a99ee1) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* kea: upgrade 2.4.1 -> 2.4.2Vijay Anusuri2025-06-131-2/+2
| | | | | | | | | | | | | | Changelog https://downloads.isc.org/isc/kea/2.4.2/Kea-2.4.2-ReleaseNotes.txt License-Update: Update copyright year Includes security fixes for CVE-2025-32801, CVE-2025-32802 and CVE-2025-32803 (From OE-Core rev: 2f3d2a2848472bdf87fbce00967bc780fc859e05) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-2784Changqing Li2025-06-132-0/+138
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 (From OE-Core rev: 504d92b01ac9a227e8e57b677f016fdfeccd5666) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: fix CVE-2025-2784Changqing Li2025-06-132-0/+57
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 (From OE-Core rev: 9c014c1b96f4ebeb0f6f504b6c7c0d8063b6a6b7) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: fix CVE-2025-4476Changqing Li2025-06-132-0/+39
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/440 (From OE-Core rev: ebb87904c97f4b27a023b2347622519c702d4d2d) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-4948Changqing Li2025-06-132-0/+98
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449 (From OE-Core rev: 737d50288a37f51f17cf3fef0422e27dbd115cce) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: fix CVE-2025-4948Changqing Li2025-06-132-0/+39
| | | | | | | | | | Refer: http://gitlab.gnome.org/GNOME/libsoup/-/issues/449 (From OE-Core rev: b4fb5cd0d3385989842ad5a84d34cf451679c59a) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-46421Changqing Li2025-06-132-0/+140
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439 (From OE-Core rev: f1450eea34202a9cc46294e3d8244c829556c369) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: fix CVE-2025-46421Changqing Li2025-06-132-0/+48
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439 (From OE-Core rev: 9e32f4fd761b591ea2f5ce26381135e9a8db94ce) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-32050Changqing Li2025-06-132-0/+30
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/424 (From OE-Core rev: 563a34faae35e4587fe2740c26c4bc149555a5de) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: fix CVE-2025-32050Changqing Li2025-06-132-0/+30
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/424 (From OE-Core rev: d16627901125854f5346711e96d635c704438705) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-32051Changqing Li2025-06-133-0/+88
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/401 (From OE-Core rev: dd92cad39759b7ad105d8bcd42672847a273bccc) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup: fix CVE-2025-32052Changqing Li2025-06-132-0/+32
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/425 (From OE-Core rev: 9a8a5072969a326e296d840296cb475fb3c0e2ff) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsoup-2.4: fix CVE-2025-32052Changqing Li2025-06-132-0/+33
| | | | | | | | | | Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/425 (From OE-Core rev: f3890f25cc036fd184578d7b85e6410ee97dc3ad) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* docs: conf.py: silence SyntaxWarning on js_splitter_codeQuentin Schulz2025-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | | The js_splitter_code string contains backslashes that Python tries to use as escape sequence but doesn't manage to, hence the following SyntaxWarning message: documentation/conf.py:188: SyntaxWarning: invalid escape sequence '\p' .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}-]+/gu) Considering that we want this to be sent verbatim to the JS, let's make this a raw string instead. Fixes: d4a98ee19e0c ("conf.py: tweak SearchEnglish to be hyphen-friendly") (From yocto-docs rev: 6f424ed4ce749a135be3145a2e9d04030fdbda39) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit c1056672ef45b197136eb8815728d426337a5901) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* docs: README: specify how to contribute instead of pointing at another fileQuentin Schulz2025-06-111-2/+19
| | | | | | | | | | | | | | | | | | | This repository is partially included in another repository: poky. However its README isn't making it, so documentation/README pointing at the README at the root of the git repository would lead the contributor nowhere. Instead, let's include the appropriate information directly in documentation/README which does make it to the poky git repo. (From yocto-docs rev: 01f1595d87dfb759071198d64c9a62fb00a48545) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 0298318cea2947e65754eab97255164e64a862de) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: clarify KCONFIG_MODE default behaviourCarlos Sánchez de La Lama2025-06-111-9/+2
| | | | | | | | | | | | | KCONFIG_MODE defaults to 'allnoconfig' when not set, regardless of whether KBUILD_DEFCONFIG points to an in-tree or a meta-layer defconfig. (From yocto-docs rev: c9bceea147c807b942ce6bcf085a31d9388ecc79) Signed-off-by: Carlos Sánchez de La Lama <csanchezdll@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit f374b9c426f6c10710e011a4ad660231ee26efb8) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Clean up explanation of minimum required version numbersRobert P. J. Day2025-06-111-2/+2
| | | | | | | | | | | | | Some simple rendering and grammar fixes. (From yocto-docs rev: 649a440c4f4ed9f2020622c10603489e7b9b27b6) Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 9a9624bfc4c523a6edf6f3f0c336e663cc939e75) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 4.0.27Lee Chee Yang2025-06-112-0/+154
| | | | | | | | | | (From yocto-docs rev: 223504ea6dca3fde55b14d95832bc3935229225c) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit c4748f5079e5193f82afc1b754816edd40ce9254) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* brief-yoctoprojectqs/ref-manual: Switch to new CDNRichard Purdie2025-06-112-2/+2
| | | | | | | | | | | | | | | The project is switching the way handle our CDN provision of sstate objects, update the URL accordingly. (cherry picked from commit 406e8a8e30404c0538f5aa46f211540bae2b206b) (From yocto-docs rev: bede97cfde51823e262e300aa346902d23530490) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* systemd: upgrade 255.18 -> 255.21Guðni Már Gilbert2025-06-1128-33/+33
| | | | | | | | | | | | | | The update includes 79 commits. Full list of changes can be found on Github [1] All patches were refreshed with devtool. [1] https://github.com/systemd/systemd-stable/compare/v255.18...v255.21 (From OE-Core rev: 29e623b2ad00555788412fa520fbb9ffec794cbb) Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-09-14 03:22:32 +0000