| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This extends the previous commit, so that download URLs are preserved
in addition to actual artefacts. By default it's all written to a temporary
directory and erased together with artefacts, but users can choose
to preserve both:
$ install-buildtools -D --downloads-directory=.
...
$ ls -1
buildtools_url
checksum_url
x86_64-buildtools-extended-nativesdk-standalone-5.1.2.sh
x86_64-buildtools-extended-nativesdk-standalone-5.1.2.sh.sha256sum
Additionally, rename check_url variable into checksum_url as it's
a better name.
(From OE-Core rev: 76748d27fd5088971259d08fdeae5c86a054452b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default the script puts everything it downloads into a temporary
directory and erases it after unpacking and installing the buildtools.
This isn't great for traceability and reproducibility of builds
(being able to see what was downloaded exactly, and being able
to reproduce setting up a build, especially if the buildtools
download location isn't available for whatever reason).
This commit adds an option to download items into a specified directory
and keep them there. I would particularly like to use it with
bitbake-setup, where an optional feature to install the buildtools
(exact implementation details tbd) would ensure the tarball remains
available on local disk.
(From OE-Core rev: fc8cedd899f7e5d06215a71808dd0827ccdcf849)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- this update is required to work with gobject-introspection >= 1.83.2
Vala 0.56.18
============
* Various improvements and bug fixes:
- vala: Don't allow inheritance of compact class from non-compact class
- vala, libvaladoc: Fix color support detection in log reporting
- girparser: Handle `doc:format` element in root:repository [#1586]
- codegen: Use correct ctype for result variable in methods in more cases
- codegen: Fix conditional expression with only one void side
- valadoc: Sync gir argument handling from valacompiler.vala
- Update links to GNOME Wiki project and refer to new Vala websites
- Add CI for tarball release service
* Bindings:
- gio-2.0: Improve the {Input,Output}Message bindings
- glib-2.0: Fix the binding of `get_console_charset`
- glib-2.0: Add missing CCode.array_null_terminated attributes to IConv.iconv()
- glib-2.0: Make FileStream.*printf() return int [#1547]
- glib-2.0: Update RegexMatchFlags and RegexCompileFlags's binding to 2.74
- glib-2.0: Add Regex.escape_nul in GLib
- gnu: add binding for 'relocate' APIs
- gobject-2.0: Add TypeFlags missing values
- gstreamer-1.0: Skip ParamSpecArray and ParamSpecFraction
- libusb-1.0: Fix the LibUSB.TransferCb declaration
- libusb-1.0: Fix the LibUSB.HotPlugCb declaration
- sdl2: Fix CCode.destroy_function of SDL.RWops and usage of
SDL.RWops.from_file() [#1550]
- sdl2: Fix missing integer type for JoystickID [#1563]
(From OE-Core rev: 6aa3e8e7b701590097ecefc3cf9a193423c5a5ea)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Its not being built by binutils anymore
(From OE-Core rev: b51c98d75437a4497fc727c1201b3f8d124deafa)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
config cache
Changing module files was changing the tash hashes but it was not invalidating
the parse cache, leading to tashhash mismatch errors during builds.
Add information from modulecode_deps to the configuration hash used for
cache invalidation to avoid this and trigger reparses when function library
code changes.
[YOCTO #15795]
(Bitbake rev: a121db3d8d28420c36369237b8bb11c2d0aaf5f7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implements the `gc-mark-stream` command to allow for marking equivalence entries
in batch, by making use of stream mode communication to the server.
The aim of this is to improve efficiency by reducing the impact of latency when
marking a high volume of hash entries.
Example usage of the new `gc-mark-stream` command:
```
$ cat << HASHES | \
./bin/bitbake-hashclient --address "ws://localhost:8688/ws" gc-mark-stream "alive"
unihash f37918cc02eb5a520b1aff86faacbc0a38124646
unihash af36b199320e611fbb16f1f277d3ee1d619ca58b
taskhash a1117c1f5a7c9ab2f5a39cc6fe5e6152169d09c0 method oe.sstatesig.OEOuthashBasic
HASHES
```
(Bitbake rev: c84715f28cd36666ea07a179d91b8c32ea0df8e7)
Signed-off-by: Alexander Marques <c137.marques@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit c0fedbc7 ("linux-firmware: Upgrade to 20241017 and
allow compressing firmware") more firmware files were added and
some subpackages have been split further.
Some of these new subpackages do not use the correct globbing so
when FIRMWARE_COMPRESSION is set, the firmware files end up in
a different subpackage than they were intended.
For example, linux-firmware-amdgpu-aldebaran and others are empty
and everything ends up in linux-firmware-amdgpu-misc.
(From OE-Core rev: 5299816c59ea01905cfb73c72421bb8f11149426)
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Also do a minor white space tweak.
(From OE-Core rev: 0e0e3b9474a88c62810d87268765aadea97714c0)
Signed-off-by: Daniel Ammann <daniel.ammann@bytesatwork.ch>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update declarations to allow building with gcc-15 with C23 std
being default now.
Fixes:
error: conflicting types for 'xdr_opaque_auth
(From OE-Core rev: 567faa5515fc314e2c251c8ee14fe8e4186a3d97)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.0..go1.24.1
339c903a75 (tag: go1.24.1) [release-branch.go1.24] go1.24.1
334de7982f [release-branch.go1.24] all: updated vendored x/net with security fix
5d6920842b [release-branch.go1.24] runtime/cgo: avoid errors from -Wdeclaration-after-statement
949eae84df [release-branch.go1.24] cmd/compile: don't pull constant offsets out of pointer arithmetic
0bfde51e0d [release-branch.go1.24] runtime: document that cleanups can run concurrently with each other
45a52718e3 [release-branch.go1.24] runtime/cgo: avoid errors from -Wdeclaration-after-statement
7f375e2c22 [release-branch.go1.24] reflect: let Value.Seq return the iteration value correct type
4070531920 [release-branch.go1.24] syscall: disable O_DIRECTORY on Windows for js/wasm
5ffdb9c88b [release-branch.go1.24] reflect: correctly handle method values in Seq
becc17ebcd [release-branch.go1.24] runtime: use WCLONE when waiting on pidfd test child
d418e224ae [release-branch.go1.24] syscall: don't send child signal when testing pidfd
456eaf5c29 [release-branch.go1.24] cmd/compile: don't report newLimit discovered when unsat happens multiple times
e4ef83383e [release-branch.go1.24] debug/buildinfo: base64-encode test binaries
4e6d3468cc [release-branch.go1.24] cmd/compile: ensure we don't reuse temporary register
f5c388313f [release-branch.go1.24] internal/godebugs: add fips140 as an opaque godebug setting
af236716b2 [release-branch.go1.24] cmd/compile, runtime: use deferreturn as target PC for recover from deferrangefunc
0f7b7600fb [release-branch.go1.24] doc/godebug: mention GODEBUG=fips140
eb58df7dbf [release-branch.go1.24] cmd/compile: avoid infinite recursion when inlining closures
30f4d9e117 [release-branch.go1.24] syscall: don't truncate newly created files on Windows
bb0e5c2045 [release-branch.go1.24] runtime: fix usleep on s390x/linux
cd0e528d3d [release-branch.go1.24] runtime: add some linknames back for `github.com/bytedance/sonic`
80e2e474b8 [release-branch.go1.24] cmd/go: initialize req.Header when loading git credential
Fixes CVE-2025-22870
[1] https://github.com/golang/go/compare/go1.24.0...go1.24.1
(From OE-Core rev: 55325a3cbc8ade35e811b95b6f4b7a5c2787800d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: 9d0422bfb97c01e4326dcad59a1fe8842d4cec90)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2025-0689
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: 0fa593382a01d1dbeb6c697d422c1a186027f573)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: 4e624e4737510f65a1dbbf31676eb6a4326aca72)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 16739e8eb936ba1ed9f48cffca848691f258bcd5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: e4c372c5078f60a980e8161ea88cee2e3b7f9626)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: c08e2e4e8b04107723702e0e97124642fb82f92f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: f2cd97d9312f233a604d62a662a93a2d7d8ab3f3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 13fafdaa6958bd4cf1ff350caf355c8c41a80e47)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: a9a8ed1b41336913978c6300fac1deed83708ac4)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: a9a28975b3674f027369fbf40a979bc77ea71d23)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 51d7f122bd8154fed3e261003d4accfbd085aad2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 662d705f0f947eef2eab5f72764d421698ca0588)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 1b6bc19cb1fbc909f52296f1d82ab8255535a01c)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: c408aaee0aa6fed6f2b0f14a06f91ef5e91cff9b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: c9caf81174284969d8f71086f9dc1bb3e3910143)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
It is used to fix multiple CVEs.
(From OE-Core rev: 05791100fe67fd36ef24f98323890a4f3d6c3524)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2021-46705 was needed only with 2.06
CVE-2023-4692 and CVE-2023-4693 were fixed in NVD DB meanwhile
(From OE-Core rev: d4a6b7b559465c2af5c016dd39475df6492c719f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add patch fix the error when do_image_btrfs:
ERROR: lzo support not compiled in
(From OE-Core rev: c0cd0079c4f0cdc54843713a6985563a153a3395)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
- Build system:
- PDF book:
- Add support for UNIX V10 sources.
- Makefiles:
- Don't pass an escaped # to grep(1). Use a trick to work with
both new and old systems. This fixes a regressions in the
build system from man-pages-6.11, which was itself introduced
while fixing a regression introduced in man-pages-6.10.
[RP: Tweak version typo in commit message]
(From OE-Core rev: d19fcc6885521d5ec41a32938299b4cc016c0030)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Noteworthy changes in version 2.5.5 (2025-03-07)
------------------------------------------------
* gpg: Fix a verification DoS due to a malicious subkey in the
keyring. [T7527]
* dirmngr: Fix possible hangs due to blocking connection requests.
[T6606, T7434]
* w32: On socket nonce mismatch close the socket. [T7434]
* w32: Print more detailed diagnostics for IPC errors.
* GPGME is not any more distributed with the Windows installer.
Please install gpg4win to get gpgme version.
See-also: gnupg-announce/2025q1/000491.html
Release-info: https://dev.gnupg.org/T7530
https://dev.gnupg.org/source/gnupg/browse/master/NEWS
(From OE-Core rev: e0eaf598193012c6b0ada9e56be9bc0d6b19ec97)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
These are tracked as versionless redhat CVEs in NVD DB.
(From OE-Core rev: 76c7bb2b9c1b5300f957f11e1601816f8f90b501)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This upgrade includes fix for CVE-2025-1390
Changelog:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.ccbrq82zh7n9
(From OE-Core rev: bcc688bd61bea718e4983bd6d786fa73509bdd62)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Fix minor typo in patchtest.README.
(From OE-Core rev: a0531c99b9aa328f28904ffdad8883d5e739436a)
Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a backport patch to address a build issue with pipewire 1.4.0
| /home/flk/poky/build/tmp/work/corei7-64-poky-linux/libsdl2/2.32.2/SDL2-2.32.2/src/audio/pipewire/SDL_pipewire.c:593:37: error: passing argument 1 of 'pw_node_enum_params' from incompatible pointer type [-Wincompatible-pointer-types]
(From OE-Core rev: bacb0c9231176b605d22ad6eb168d041a2c64bd9)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to commit [lib: spdx30_tasks: Handle patched CVEs][1] applied,
duplicated CVE identifier for each CVE which increased +25% build
time (image task: do_create_image_sbom_spdx)
$ bitbake binutils-cross-x86_64
$ jq . tmp/deploy/spdx/3.0.1/x86_64/recipes/recipe-binutils-cross-x86_64.spdx.json | grep CVE-2023-25584
"spdxId": "http://spdx.org/spdxdocs/binutils-cross-x86_64-5de92009-80e6-55c5-8b1f-cc37f04fbe09/962efd5da447b81b017db54d3077be796d2e5b6e770a6b050467b24339c0995f/vulnerability/CVE-2023-25584",
"https://rdf.openembedded.org/spdx/3.0/alias": "http://spdxdocs.org/openembedded-alias/by-doc-hash/594f521fb7a3a4e9a2d3905303ffb04b016c3ce7693a775cca08be5af4d06658/binutils-cross-x86_64/UNIHASH/vulnerability/CVE-2023-25584"
"identifier": "CVE-2023-25584",
"https://cveawg.mitre.org/api/cve/CVE-2023-25584",
"https://www.cve.org/CVERecord?id=CVE-2023-25584"
"spdxId": "http://spdx.org/spdxdocs/binutils-cross-x86_64-5de92009-80e6-55c5-8b1f-cc37f04fbe09/962efd5da447b81b017db54d3077be796d2e5b6e770a6b050467b24339c0995f/vulnerability/CVE-2023-25584",
"https://rdf.openembedded.org/spdx/3.0/alias": "http://spdxdocs.org/openembedded-alias/by-doc-hash/594f521fb7a3a4e9a2d3905303ffb04b016c3ce7693a775cca08be5af4d06658/binutils-cross-x86_64/UNIHASH/vulnerability/CVE-2023-25584"
"identifier": "CVE-2023-25584",
"https://cveawg.mitre.org/api/cve/CVE-2023-25584",
"https://www.cve.org/CVERecord?id=CVE-2023-25584"
Since the commit [cve-check: annotate CVEs during analysis][2] improved
function get_patched_cves to:
- Check each patch file;
- Search for additional patched CVEs from CVE_STATUS;
And return dictionary patched_cve for each cve:
{
"abbrev-status": "xxx",
"status": "xxx",
"justification": "xxx",
"resource": "xxx",
"affected-vendor": "xxx",
"affected-product": "xxx",
}
But while adding CVE in meta/lib/oe/spdx30_tasks.py, the cve_by_status
requires decoded_status
{
"mapping": "xxx",
"detail": "xxx",
"description": "xxx",
}
This commit converts patched_cve to decoded_status
patched_cve["abbrev-status"] --> decoded_status["mapping"]
patched_cve["status"] --> decoded_status["detail"]
patched_cve["justification"] --> decoded_status["description"]
And remove duplicated search for additional patched CVEs from CVE_STATUS
(calling oe.cve_check.decode_cve_status)
After applying this commit
$ bitbake binutils-cross-x86_64
$ jq . tmp/deploy/spdx/3.0.1/x86_64/recipes/recipe-binutils-cross-x86_64.spdx.json | grep CVE-2023-25584
"spdxId": "http://spdx.org/spdxdocs/binutils-cross-x86_64-5de92009-80e6-55c5-8b1f-cc37f04fbe09/381bf593d99c005ecd2c2e0815b86bca2b9ff4cc2db59587aaddd3db95c67470/vulnerability/CVE-2023-25584",
"https://rdf.openembedded.org/spdx/3.0/alias": "http://spdxdocs.org/openembedded-alias/by-doc-hash/594f521fb7a3a4e9a2d3905303ffb04b016c3ce7693a775cca08be5af4d06658/binutils-cross-x86_64/UNIHASH/vulnerability/CVE-2023-25584"
"identifier": "CVE-2023-25584",
"https://cveawg.mitre.org/api/cve/CVE-2023-25584",
"https://www.cve.org/CVERecord?id=CVE-2023-25584"
[1] https://git.openembedded.org/openembedded-core/commit/?id=1ff496546279d8a97df5ec475007cfb095c2a0bc
[2] https://git.openembedded.org/openembedded-core/commit/?id=452e605b55ad61c08f4af7089a5a9c576ca28f7d
(From OE-Core rev: 08595b39b46ef2bf3a928d4528292ee31a990c98)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SPDX library code was being ignored from taskhash calculations due
to accidentally being omitted from BBIMPORTS. This meant that changes in
the code or dependent variables would not cause the task to rebuild
correctly.
In order to add spdx_common, convert the `Dep` object from a named tuple
to a frozen dataclass. These function more or less equivalently, but the
bitbake code parser cannot handle named tuples.
Finally, the vardepsexclude that used to be present on the recipe tasks
needs to be moved to the python code in order for the variables to be
correctly ignored. Several unused exclusions were removed
(From OE-Core rev: eb597bf61cbcb0a4d43149404c93eec0894fb4c7)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes security fix
* CVE-2025-26594
* CVE-2025-26595
* CVE-2025-26596
* CVE-2025-26597
* CVE-2025-26598
* CVE-2025-26599
* CVE-2025-26600
* CVE-2025-26601
Ref: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
https://lists.x.org/archives/xorg-announce/2025-February/003585.html
(From OE-Core rev: b5491688a045e52b2a1a00d04b746ed6af456784)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For reasons we have explicit xorg.conf files for a number of the qemu
machines, but not all of them. These mainly disabled screen blanking
(which is now down with a separate fragment) but also explictly set the
device driver to fbdev which meant they didn't use the modesettings
driver as they should (with the virtio framebuffer from qemu).
This is the root cause of why the xserver 21.1.16 upgrade doesn't work
on a number of machines: the /sys probing changed and the fbdev driver
now refuses to use the PCI framebuffer device as there are better
drivers, but we've explictly told xorg to use the wrong driver.
For more details, see https://gitlab.freedesktop.org/xorg/xserver/-/issues/1798.
(From OE-Core rev: 8c8039bf4c2d011e3d12c970ce45036b184902a9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add a configuration fragment that disables screen blanking, and add it
to all qemu machines.
(From OE-Core rev: 780a5ccaa51d5aed18200883a686387e70847e4b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 34adcb09da9098561c6fb5946c5ff6491c4b9154)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately this has been overlooked, and resulted in
erroneous updates to testing/development releases.
The check will report an 'unknown' latest version until 2.6.0
is released.
(From OE-Core rev: 7e505c1506ea6a079b0291f84e4ec6774064ef20)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 40ca9ee277f8638fde5f8afb2246f79a56ab9a42)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 8514809f0ce06dc146774d753d8eb061620b5bb5)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We're fairly careful in bitbake about how we handle fork() calls and believe our code
to be safe. The upstream deprecation warning is problematic as it can appear in log
output as a WARNING, breaking tests. It also tends to alarm users.
Hide the warning for now to avoids the test failures.
(Bitbake rev: c636bd629896f56e5f3d4030da3d1f130590afc6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Test with only one externally provided ssh key not only with two
keys generated by the kernel-fitimage.bbclass itself.
* Add a test which signs only the configuration but not the image nodes.
There was no test case which covered the probably much more important
use case of setting FIT_SIGN_INDIVIDUAL = "0".
* Cover also the unbundled initramfs use case. Also this use case is
probably much more relevant than the bundled initramnfs use case.
(From OE-Core rev: 0a5b65b83dcd9f8d1d22d074fdfad1f1e472827c)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a comprehensive cleanup of the fitImage related test cases.
The existing test cases were essentially the same code copied and pasted
9 times. All 9 test cases contained the code to parse an its file and to
parse the output of the dumpimage utility in slightly different variants.
Changing the kernel-fitimage.bbclass or the uboot-sign.bbclass would mean
changing 9 test cases individually. This is no longer maintainable.
This cleanup converts the code into reusable functions. The new test
code is more like a reverse implementation of the bbclasses to be tested
than a collection of straightforward test sequences.
This also means that the test code evaluates the same bitbake variables
as the implementation. This makes it much easier to add new test cases,
as a test case is basically just another local.conf file. The code is
not yet complete. But it can now be improved step by step in this
direction.
(From OE-Core rev: 1dfa03a182d9d9e9e38c410847c7dac4ed7e8ce6)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a trivial refactoring.
The goal is to have all tests for kernel-fitimage.bbclass and all tests
for uboot-sign.bbclass together. This refactoring greatly simplifies
the diff of the next commit.
(From OE-Core rev: 638abab58b653a1fb120368bd5e30bc80478757c)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For u-boot test cases (bitbake virtual/bootloader) inheriting the
kernel-fitimage.bbclass is no longer needed. Also setting any variable
which is evaluated by the kernel-fitimage.bbclass but not by
uboot-sign.bbclass is pointless since:
* Commit OE-Core rev: 5e12dc911d0c541f43aa6d0c046fb87e8b7c1f7e
changed the test case from
bitbake virtual/kernel
to
bitbake virtual/bootloader
* Commit OE-Core rev: 259bfa86f384206f0d0a96a5b84887186c5f689e has
finally removed the dependency of uboot-sign.bbclass on the
kernel-fitimage.bbclass completely.
Remove the related lines of code which are now without any effect.
The two test cases test_uboot_fit_image and test_uboot_sign_fit_image
do the exact same test. Both generate a binary equal its file:
/dts-v1/;
/ {
description = "A model description";
#address-cells = <1>;
images {
uboot {
description = "U-Boot image";
data = /incbin/("u-boot-nodtb.bin");
type = "standalone";
os = "u-boot";
arch = "arm";
compression = "none";
load = <0x80080000>;
entry = <0x80080000>;
};
fdt {
description = "U-Boot FDT";
data = /incbin/("u-boot.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
};
};
configurations {
default = "conf";
conf {
description = "Boot with signed U-Boot FIT";
loadables = "uboot";
fdt = "fdt";
};
};
};
The code diff between the two equal test cases looks like:
@@ -1,8 +1,9 @@
- def test_uboot_fit_image(self):
+ def test_uboot_sign_fit_image(self):
"""
Summary: Check if Uboot FIT image and Image Tree Source
(its) are built and the Image Tree Source has the
- correct fields.
+ correct fields, in the scenario where the Kernel
+ is also creating/signing it's fitImage.
Expected: 1. u-boot-fitImage and u-boot-its can be built
2. The type, load address, entrypoint address and
default values of U-boot image are correct in the
@@ -26,16 +27,15 @@
UBOOT_LOADADDRESS = "0x80080000"
UBOOT_ENTRYPOINT = "0x80080000"
UBOOT_FIT_DESC = "A model description"
-
-# Enable creation of Kernel fitImage
KERNEL_IMAGETYPES += " fitImage "
-KERNEL_CLASSES = " kernel-fitimage"
+KERNEL_CLASSES = " kernel-fitimage "
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1"
+UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
"""
self.write_config(config)
Conclusion: The test case test_uboot_sign_fit_image looks redundant.
Contrary to its name, it does not insert any signature nodes into the
its-file and therefore does not test any type of signature.
Code history:
- Commit OE-Core rev: e71e4c617568496ae3bd6bb678f97b4f73cb43d8
introduces both test cases.
- Commit OE-Core rev: 5e12dc911d0c541f43aa6d0c046fb87e8b7c1f7e
changes both test cases like this:
- bitbake("virtual/kernel")
+ bitbake("virtual/bootloader")
It looks like the original implementation of test_uboot_sign_fit_image
was supposed to test the interaction between the kernel-fitimage.bbclass
and uboot-sign.bbclass which does not longer work like that.
When compiling u-boot, the variable that is relevant for creating an its
file with signature nodes is: SPL_SIGN_ENABLE. This is what the test
case test_sign_standalone_uboot_fit_image verifies. Lets just delete the
now obsolete test_uboot_sign_fit_image test case.
(From OE-Core rev: de8bfdff0f997f59a2bd27842a2ffcd365f725f3)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compiling a FIT image with this default values and dump it with
dumpimage shows decimal converted values. For example the default value
20008000 looks like this:
Image 0 (kernel-1)
...
Load Address: 0x01314c40
Entry Point: 0x01314c40
With this change the expected value is printed by dumpimage.
(From OE-Core rev: e6f2ca9135ef7da8f8b5925957532734c06e55cc)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If FIT_SIGN_INDIVIDUAL is set to “1”, a signature section is added
to all screen sections, but not to the setup section. To match the setup
section with all other sections, the signature is also added. This also
helps to implement the associated tests generically.
This change is intended to make the code more consistent. However, it is
not intended to make the FIT_SIGN_INDIVIDUAL function more popular.
Technically, it would be better to remove the signature from all other
image sections and discard the FIT_SIGN_INDIVIDUAL function, the use of
which is no longer recommended anyway.
(From OE-Core rev: 8bf6a9c07cdde8fc8bbd4bb61a4886ccc02a570f)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
