| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the kern-tools SRCREV to allow comments after configuration
options.
Without this update of the regex, symbol_why will incorrectly detect
that options are not in the final .config during audit.
(From OE-Core rev: ccfdd07adbfda1e3892a54706c610cdeab83237b)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Mikko Rapeli
Email: mikko.rapeli@linaro.org
Subject: genericarm64: add pmem feature and enable on genericarm64
Date: Fri, 14 Mar 2025 11:48:34 +0200
PMEM enables firmware to provide large memory block devices
to the kernel. The firmware can download e.g. installer
rootfs images to memory which kernel can then boot into.
u-boot support has been added in
https://lore.kernel.org/u-boot/20241203163605.1482152-2-sughosh.ganu@linaro.org/
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: 7dffd225ee2c9169cfe0e1349eb4ca59e8c9fa9f)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrating the following commit(s) to linux-yocto/6.12:
1/1 [
Author: Khem Raj
Email: raj.khem@gmail.com
Subject: mips: Add '-std=gnu11' to vdso CFLAGS
Date: Wed, 26 Mar 2025 20:24:36 -0700
GCC 15 changed the default C standard dialect from gnu17 to gnu23,
which should not have impacted the kernel because it explicitly requests
the gnu11 standard in the main Makefile. However, mips/vdso code uses
its own CFLAGS without a '-std=' value, which break with this dialect
change because of the kernel's own definitions of bool, false, and true
conflicting with the C23 reserved keywords.
include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant
11 | false = 0,
| ^~~~~
include/linux/stddef.h:11:9: note: 'false' is a keyword with '-std=c23' onwards
include/linux/types.h:35:33: error: 'bool' cannot be defined via 'typedef'
35 | typedef _Bool bool;
| ^~~~
include/linux/types.h:35:33: note: 'bool' is a keyword with '-std=c23' onwards
Add '-std=gnu11' to the decompressor and purgatory CFLAGS to eliminate
these errors and make the C standard version of these areas match the
rest of the kernel.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: adf40ca85d4de9257da2667f254b967f391c8a50)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the old Python 2 print statement, replace it by a bb.plain() call
instead. Also replace time by datetime for a slightly simpler example.
[YOCTO #14670]
Reported-by: Robert Berger <pokylinux@reliableembeddedsystems.com>
(Bitbake rev: 874c607f475f3d60677d2720b80a28d0c2e963c6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds bb.parse.vardeps bb.parse.excludevardeps function decorators that
can be used to explicitly add or exclude variables from a python
function parsed by bitbake
(Bitbake rev: 030fb3dee067640a3a50f24a53d200bdb5048376)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct typo Fash -> Fast.
With it also delete some trailing spaces which are unnecessary and
editors are trying to remove when changing anything in the file.
(Bitbake rev: b96040a0a066344527f0bc6ca4d09cda6b9d2f11)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before fast shallow tarballs the shallow tarball with lfs worked only
if the original .../downloads/git2/... directory existed. Once it was
not there, do_unpack on shallow tarball without lfs files failed due to
disabled network.
It was fixed for fast shallow tarballs and this commit fixes the other
scenarios, too.
This can happen when such shallow tarball is put to mirror or if
someone does cleanup to reclaim disk space.
(Bitbake rev: 4e6fb31a88448cdacf4e9f84cf0a8a8035f84d63)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using a shallow clone to simulate an outdated git mirror tarball does
not work in the intended way. A shallow clone already contains the
latest commit which can hide certain fetcher behavior. Simulate an
outdated mirror tarball, as the test titles indicate, by removing the
newer commits from the mirror.
(Bitbake rev: a51ee01f0a586fefd5a4061f4a1ca6cbf81b7046)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When invoking the original git fetcher after downloading a mirror
tarball, BB_FETCH_PREMIRRORONLY is ignored. This leads to git fetch
commands targeting the upstream source being executed silently. Ensure
setting BB_NO_NETWORK before invoking the original fetcher. While this
was only observed for git, setting this in general for all fetcher
types makes sense at this location.
(Bitbake rev: 1b1321f2b60c0a66159e3f20c6befcb0b3ccc4c7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
Drop some debug code which shouldn't have been merged.
(From meta-yocto rev: 18926b88f44e870e64efa7b3cd7e1dc56ce6cbb0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The class sets SRCREV to AUTOINC for recipes with single
or multiple repositories. Test those cases.
(From meta-yocto rev: b7185b27b8acb43eaf9c27787903173ea34a0738)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Recipes with multiple repositories in SRC_URI use SRCREV with
repo postfix. Set them to AUTOREV too.
(From meta-yocto rev: e495ebd7039ff7b0dd9452343f8153698b5f6575)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refer Linux commit [dt-bindings: kbuild: Use DTB files for validation][1],
clean up yamltree from dtc to avoid compile failure while include <yaml.h>
in non-standard path
| tmp/work/core2-64-wrs-linux/barebox-tools/2025.02.0/barebox-2025.02.0/scripts/
dtc/yamltree.c:9:10: fatal error: yaml.h: No such file or directory
| 9 | #include <yaml.h>
Since barebox actually doesn't do any dtb binding checks at the moment, just
remove the test of /usr/include/yaml.h, hard-code the -DNO_YAML and remove
yamltree.c from DTC_SOURCE
[1] https://github.com/torvalds/linux/commit/ef8795f3f1ce
(From OE-Core rev: 9eed65e4b527ae461b3993c455f129a80d0c2416)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: c727faa835dfbc792d5008bbcb0ca6c5a81cb029)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
License-Update: Using SPDX-License-Identifier: LGPL-2.1-or-later to replace the description of license
(From OE-Core rev: 0480ef4471c51e37a4e2279987a2fa30e38e2209)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 6360b6ac31059ef2436ea55ffc162eb441ce156d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9ac12c84820188f51d02a6c76785b4be8e5737bb)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xwayland has been split to a standalone package via commit
* 4ee66f574 Drop XWayland DDX
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4ee66f574
and there is a recipe for xwayland in oe-core too. So remove sub-package
${PN}-xwayland from xserver-xorg accordingly.
(From OE-Core rev: 59e759207e349bece9da8bbcb5216df5923d243b)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc-sanitizers fail to build when both -D_TIME_BITS=64 and
-D_FILE_OFFSET_BITS=64 are defined. This is because
sanitizer_procmaps_solaris.cpp explicitly undefines _FILE_OFFSET_BITS
before including any headers, which causes _TIME_BITS=64 to violate the
requirement in glibc:
/usr/include/features-time64.h:26:5: error: "_TIME_BITS=64 is allowed
only with _FILE_OFFSET_BITS=64"
Fixes a build failure on 32-bit Linux platforms when using both
-D_TIME_BITS=64 and -D_FILE_OFFSET_BITS=64.
(From OE-Core rev: 902085def653ca5194b28a4065043c73e54c9204)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.0..go1.24.1
339c903a75 (tag: go1.24.1) [release-branch.go1.24] go1.24.1
334de7982f [release-branch.go1.24] all: updated vendored x/net with security fix
5d6920842b [release-branch.go1.24] runtime/cgo: avoid errors from -Wdeclaration-after-statement
949eae84df [release-branch.go1.24] cmd/compile: don't pull constant offsets out of pointer arithmetic
0bfde51e0d [release-branch.go1.24] runtime: document that cleanups can run concurrently with each other
45a52718e3 [release-branch.go1.24] runtime/cgo: avoid errors from -Wdeclaration-after-statement
7f375e2c22 [release-branch.go1.24] reflect: let Value.Seq return the iteration value correct type
4070531920 [release-branch.go1.24] syscall: disable O_DIRECTORY on Windows for js/wasm
5ffdb9c88b [release-branch.go1.24] reflect: correctly handle method values in Seq
becc17ebcd [release-branch.go1.24] runtime: use WCLONE when waiting on pidfd test child
d418e224ae [release-branch.go1.24] syscall: don't send child signal when testing pidfd
456eaf5c29 [release-branch.go1.24] cmd/compile: don't report newLimit discovered when unsat happens multiple times
e4ef83383e [release-branch.go1.24] debug/buildinfo: base64-encode test binaries
4e6d3468cc [release-branch.go1.24] cmd/compile: ensure we don't reuse temporary register
f5c388313f [release-branch.go1.24] internal/godebugs: add fips140 as an opaque godebug setting
af236716b2 [release-branch.go1.24] cmd/compile, runtime: use deferreturn as target PC for recover from deferrangefunc
0f7b7600fb [release-branch.go1.24] doc/godebug: mention GODEBUG=fips140
eb58df7dbf [release-branch.go1.24] cmd/compile: avoid infinite recursion when inlining closures
30f4d9e117 [release-branch.go1.24] syscall: don't truncate newly created files on Windows
bb0e5c2045 [release-branch.go1.24] runtime: fix usleep on s390x/linux
cd0e528d3d [release-branch.go1.24] runtime: add some linknames back for `github.com/bytedance/sonic`
80e2e474b8 [release-branch.go1.24] cmd/go: initialize req.Header when loading git credential
Fixes CVE-2025-22871
[1] https://github.com/golang/go/compare/go1.24.1...go1.24.2
(From OE-Core rev: c83927d94bc0afe2205324a976e9495d6df00caf)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There could be several more nativesdk perl packages generated
based on flags and dependencies that should not be installed
into the SDK when "dummy-sdk-package" facility is used. Add
them to the exclusion list here.
[YOCTO #15552]
(From OE-Core rev: 2b1ec442cf8c0d5753376e52bca5f8da5350848c)
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the Upstream-Status tag for patches became mandatory,
the test verifying the presence of this tag was made to not
fail the layer compatibility tests, in order to allow time for
the maintainers to adapt to this change.
This was two years before this commit.
Since then the layer compatibility script shows a cryptic
"unexpected success" result for this test, which of course
becomes clear once one checks the code and commit history,
but it is a nuisance still, which shouldn't be needed to
understand the result.
This commit removes the the related annotation so the
compatibility check will pass or fail with a clear message - in
hope that 2 years was enough for active maintainers to
adjust their patches.
(From OE-Core rev: 64175a41f48fce69a5205000865cc3b8648476f7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream Repository: https://gitlab.com/qemu-project/qemu.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1386
Type: Security Advisory
CVE: CVE-2023-1386
Score: 3.3
Analysis:
- According to redhat[1] this CVE has closed as not a bug.
Reference:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2223985
(From OE-Core rev: 6a5d9e3821246c39ec57fa483802e1bb74fca724)
(From OE-Core rev: 5aecfb1a236bcef60a4337e7848e2bbc688c5798)
Signed-off-by: Madhu Marri <madmarri@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is new openssl LTS release.
Release information:
* https://openssl-library.org/post/2025-02-20-openssl-3.5-lts/
* https://openssl-library.org/post/2025-04-08-openssl-35-final-release/
* https://github.com/openssl/openssl/releases/tag/openssl-3.5.0
* https://github.com/openssl/openssl/blob/openssl-3.5.0/NEWS.md#openssl-35
packages-split directory does not show any changes relevant for
packaging change.
There are new config options but they don't seem to be significant
enough to need explicit packageconfig options.
(From OE-Core rev: 6ff6e86a06ba081eb9afd83e62c128f987cce0ef)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than emitting:
Exception: KeyError: 'packages'
and a stack trace, let's fail immediately if lockfileVersion implies
that the npm-shrinkwrap.json file isn't compatible.
The documentation[1] doesn't make it clear which lockfileVersions are
guaranteed to contain "packages". I have lockfileVersion 1 files
without. Running npm 7.5.2 generates npm-shrinkwrap.json files with
lockfileVersion 2 and "packages", so I've set the minimum to be 2.
[1] https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json
(From OE-Core rev: 4d3cbd11bc9cc0bf5a8571ecd3ce6e5e5c6ef6eb)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to U-Boot 2025.04.
While at it, pass the tag parameter in SRC_URI.
(From OE-Core rev: 4a1671159ec05e9b013a7fd31f65d50302e657e0)
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 05618ac2c6f69e0f41fb95e517382bf1177f0735)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
- Fix regression in 4.13.0 on Python 3.10.2 causing a TypeError when using Concatenate.
- Fix TypeError when using evaluate_forward_ref on Python 3.10.1-2 and 3.9.8-10.
(From OE-Core rev: c8f1d63a786702e9dfba70f3c070f4a74356c4be)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
* Binary wheels use libxml2 2.12.10 and libxslt 1.1.42.
* Binary wheels for Windows use a patched libxml2 2.11.9 and libxslt 1.1.39.
(From OE-Core rev: 9b10654668dc372fa0e57afe113fd82a89ebce15)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1063bb21317954c30a3dafbf24fad3349e9a2cbd)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
- Update build backend
- Support running tests from source distribution
(From OE-Core rev: 0166cd80a538d3a326ff0593b9c8bebde1cdc561)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
0001-Make-CPU-family-warnings-fatal.patch
refreshed for 1.7.2
(From OE-Core rev: b8c15494900cdacfdcfa18526b8ad33cb9ce5ee3)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
* [ci] update deps pkg names for lighttpd on Cygwin
* [ci] MSYS detection kludge in tests/LightyTest.pm
* [autotools] spelling Couldn't => Could not
* [mod_openssl] revert SSL_CTX default cert assign
* [mod_openssl] spelling in comment
* [TLS] issue trace if unable to check/refresh cert
* [ci] Cygwin Invoke-WebRequest -MaximumRetryCount 3
* [ci] Cygwin prefer D:\ drive
* [ci] Cygwin remove redundant call to setup.exe
* [core] set server.max-fds = 4096 if not specified
* [core] clear Linux ambient capabilities, if any
* [core] rename remove_pid_file() -> server_pid_file_remove()
* [core] retry pidfile open on Linux
* [doc] systemd lighttpd.service hardening
* [doc] move TLS config to separate file tls.conf
* [doc] systemd lighttpd.service hardening addition
* [doc] systemd lighttpd*.socket activation examples
* [core] default listen() backlog to SOMAXCONN
* [ci] fix meson build execution selection
(From OE-Core rev: 5066f75e7588a158111bedbf1ce9975e2d26c2c7)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 6b5880eb73e62f1b4ae4b7ff90f33e14b35c88d4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-Add-parameter-signatures-for-getenv-and-getopt.patch
removed since it's included in 5.3.2
0001-configure.ac-re-enable-disabled-printf-features.patch
refreshed for 5.3.2`
(From OE-Core rev: a8773ae9d866063e0562589af44b90a89b5cd93c)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
Fix issue with random scalar generation.
(From OE-Core rev: 62bd49794d7654d3d111bff10bd40e812c05f2ee)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Adds cve_check.py to BBIMPORTS so the functions it exposes will be
correctly scanned for dependencies in the dependency scanner
(From OE-Core rev: 52ead33c6b6e2532c57b7b28b862ba38b575f9e3)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New releases are no longer made to SourceForge and the GitHub releases
are considered official according to https://libjpeg-turbo.org, so
inherit github-releases and update the SRC_URI.
This now reports that we need to upgrade to 3.1.0.
(From OE-Core rev: e7e11ab30a40ba8862e62c4cc1a0af91ff93b6e5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to [1], EDK2 contains a vulnerability in BIOS where a user may
cause an Integer Overflow or Wraparound by network means. A successful
exploitation of this vulnerability may lead to denial of service.
Refer debian [2], backport a patch from edk2 [3] to fix CVE-2025-2295
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-2295
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594
[3] https://github.com/tianocore/edk2/commit/17cdc512f02a2dfd1b9e24133da56fdda099abda
(From OE-Core rev: 0f59dec939cf0d313b1b01b1e7bf10e059d9d0ac)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NVD responses changed to an invalid json between:
* April 5, 2025 at 3:03:44 AM GMT+2
* April 5, 2025 at 4:19:48 AM GMT+2
The last response is since then in format
{
"resultsPerPage": 625,
"startIndex": 288000,
"totalResults": 288625,
"format": "NVD_CVE",
"version": "2.0",
"timestamp": "2025-04-07T07:17:17.534",
"vulnerabilities": [
{...},
...
{...},
]
}
Json does not allow trailing , in responses, that is json5 format.
So cve-update-nvd2-native do_Fetch task fails with log backtrace ending:
...
File: '/builds/ccp/meta-siemens/projects/ccp/../../poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 234, function: update_db_file
0230: if raw_data is None:
0231: # We haven't managed to download data
0232: return False
0233:
*** 0234: data = json.loads(raw_data)
0235:
0236: index = data["startIndex"]
0237: total = data["totalResults"]
0238: per_page = data["resultsPerPage"]
...
File: '/usr/lib/python3.11/json/decoder.py', lineno: 355, function: raw_decode
0351: """
0352: try:
0353: obj, end = self.scan_once(s, idx)
0354: except StopIteration as err:
*** 0355: raise JSONDecodeError("Expecting value", s, err.value) from None
0356: return obj, end
Exception: json.decoder.JSONDecodeError: Expecting value: line 1 column 1442633 (char 1442632)
...
There was no announcement about json format of API v2.0 by nvd.
Also this happens only if whole database is queried (database update is
fine, even when multiple pages as queried).
And lastly it's only the cve list, all other lists inside are fine.
So this looks like a bug in NVD 2.0 introduced with some update.
Patch this with simple character deletion for now and let's monitor the
situation and possibly switch to json5 in the future.
Note that there is no native json5 support in python, we'd have to use
one of external libraries for it.
(From OE-Core rev: 6e526327f5c9e739ac7981e4a43a4ce53a908945)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8df27ff912a25077222a02d2ca9d1252f1f15c26)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not clear what the intent was: libtool executable is present
in the native sysroot and can be used to obtain versions
during build time.
(From OE-Core rev: 9d16c45ed4caea9b0e3fe6e5dad983707dd10c65)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1489c424a7a4728834d8253f81711ac0df25db9d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: ab08938dc2d5658930a92abc5b4cefe4b975e582)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
upstream
(From OE-Core rev: 1ca89ea00103523d8877eed5b71eec2ba824510a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Inappropriate
(From OE-Core rev: 30eefe0adacc6a064a0958fc8f463a3331ad12fa)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update has been tested with glibc/musl and gcc/clang in all four
combinations.
Drop patches:
0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch
0001-fix-gcc-8-format-truncation-warning.patch
0001-util.c-add-limits.h-include-for-NAME_MAX-definition.patch
mdadm-3.3.2_x32_abi_time_t.patch
(issue fixed upstream)
0001-include-libgen.h-for-basename-API.patch
0001-mdadm.h-Undefine-dprintf-before-redefining.patch
(issue no longer occurs)
0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch
(service file significantly rewritten, the need for the tweak
should be reassessed)
debian-no-Werror.patch
(replaced with setting CWFLAGS to an empty string in the recipe;
we already set correct flags via CC/CFLAGS, and upstream's only
get in the way)
(From OE-Core rev: 913312b5b544ce804656fe3a297e09bafb5838fc)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream has released a new version (4.4) but not the tarball for it.
Adjust one of the devtool selftests, as it requires that the recipe
under test is using a tarball. Another selftest also needs to be
tweaked to correctly clean up its modifications to that same recipe on
test completion.
(From OE-Core rev: de635a9bc0392689ff36b50e7f91572d3fbaac09)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipe unconditionally disables seccomp, so the code isn't
even compiled. If this needs to come back in the future please
submit upstream first.
(From OE-Core rev: 9d058504213f79979a7f1f59527172b71df95a71)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch upstream
(From OE-Core rev: 74da2ba88c6d2b88a68a3ad63b3603b82d7f4e03)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|