summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* git: upgrade 2.49.0 -> 2.49.1Praveen Kumar2 days1-1/+1
| | | | | | | | | | | | | | | | | | | Git v2.49.1 Release Notes ========================= This release merges up the fixes that appear in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, and v2.48.2 to address the following CVEs: CVE-2025-27613, CVE-2025-27614, CVE-2025-46334, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385, and CVE-2025-48386. See the release notes for v2.43.7 for details. It also contains some updates to various CI bits to work around and/or to adjust to the deprecation of use of Ubuntu 20.04 GitHub Actions CI, updates to to Fedora base image. (From OE-Core rev: e46903948f991eeec49567b585c7c31f3ece742a) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dpkg: fix CVE-2025-6297Hongxu Jia2 days2-0/+131
| | | | | | | | | | | Backport a patch from upstream to fix CVE-2025-6297 [1] [1] https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=98c623c8d6814ae46a3b30ca22e584c77d47d86b (From OE-Core rev: aeb49aa2bab1b6ed633922c8df24aacb6a90dcb6) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust: Fix malformed hunk header in rustix patchYash Shinde8 days1-2/+2
| | | | | | | | | | | | | | | | | | | | | | | The rv32-cargo-rustix-0.38.38-fix.patch file contains a malformed hunk header at line 83 (@ -71,10 +71,10 @@), where a single '@' is used instead of the required '@@'. Due to this, the subsequent hunks are not applied during patching. This causes a compilation error in the rustix crate: error[E0603]: constant import `FICLONE` is private --> vendor/rustix-0.38.37/src/fs/ioctl.rs:82:57 | 82 | const OPCODE: ioctl::Opcode = ioctl::Opcode::old(c::FICLONE as ioctl::RawOpcode); | ^^^^^^^ private constant import Fixing the hunk header ensures the patch is applied correctly and resolves the build issue. (From OE-Core rev: 2e5234204922d08eba18812d297f469779d80c82) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mtools: upgrade 4.0.48 -> 4.0.49Jinfeng Wang8 days1-1/+1
| | | | | | | | | | | | | | | | New version includes check for overlong file names, see [1]. [1] https://lists.gnu.org/archive/html/info-mtools/2025-06/msg00005.html (From OE-Core rev: e4e5738597567b574b18f2ffdf60e2b41951c42a) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (From OE-Core rev: 044c2bceefcc12262cb2421e8f1da5f6c2ed9f72) Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: upgrade 1.24.4 -> 1.24.5Peter Marko8 days7-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to latest 1.24.x release [1]: $ git --no-pager log --oneline go1.24.4..go1.24.5 9d828e80fa (tag: go1.24.5) [release-branch.go1.24] go1.24.5 825eeee3f7 [release-branch.go1.24] cmd/go: disable support for multiple vcs in one module dbf30d88f3 [release-branch.go1.24] cmd/link: permit a larger size BSS reference to a smaller DATA symbol 6b51660c8c [release-branch.go1.24] runtime: set mspan limit field early and eagerly cc604130c8 [release-branch.go1.24] runtime: prevent mutual deadlock between GC stopTheWorld and suspendG 21b488bb60 [release-branch.go1.24] runtime: handle system goroutines later in goroutine profiling e038690847 [release-branch.go1.24] cmd/go/internal/fips140: ignore GOEXPERIMENT on error 1575127ef8 [release-branch.go1.24] runtime: add missing unlock in sysReserveAlignedSbrk 7d08a16fba [release-branch.go1.24] cmd/compile/internal/ssa: fix PPC64 merging of (AND (S[RL]Dconst ...) 5f2cbe1f64 [release-branch.go1.24] cmd/compile: do nil check before calling duff functions, on arm64 and amd64 Fixes CVE-2025-4674 [2]. [1] https://github.com/golang/go/compare/go1.24.4...go1.24.5 [2] https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 (From OE-Core rev: a3cc5038ea10a4857627e6f4de25bdc43023a349) (From OE-Core rev: 631afac9d81346a5d5b2e2a073ad4664c780e9af) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* orc: set CVE_PRODUCTPeter Marko8 days1-0/+3
| | | | | | | | | | | | | | | There are new CVEs reported for this recipe which are not for this componene, but for a component with same name from apache. sqlite> select vendor, product, id, count(*) from products where product like 'orc' group by vendor, product, id; apache|orc|CVE-2018-8015|1 apache|orc|CVE-2025-47436|4 gstreamer|orc|CVE-2024-40897|1 (From OE-Core rev: 4367e4cc527278b7e9edc08752014e71566e0068) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby-ptest : some ptest fixesJiaying Song2025-07-213-2/+37
| | | | | | | | | | | | | | | | | | - Skip the test_rm_r_no_permissions test under the root user, as deletion always succeeds. - Filter out tests under the -ext- directory in run-ptest. Due to the commit [1],the packaging of .so test files under the .ext directory was removed. As a result, adjust the test filtering rules to avoid test failures caused by missing files. - Add installation of rdoc.rb and did_you_mean.rb files in do_install_ptest to ensure complete test dependencies. [1] https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/ruby?id=4d4485442830bb52b152f0419f4ff9f1d581d46a (From OE-Core rev: e2686031a0ee8c6e24898b70059d1a50e956625d) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix CVE-2025-7546Yash Shinde2025-07-212-0/+59
| | | | | | | | | | | | | Report corrupted group section instead of trying to recover. CVE: CVE-2025-7546 Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b] PR 33050 [https://sourceware.org/bugzilla/show_bug.cgi?id=33050] (From OE-Core rev: 2eea0b0132fd4bd4d66551a8cc6549480d8a29eb) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix CVE-2025-7545Deepesh Varatharajan2025-07-212-0/+40
| | | | | | | | | | | | | | objcopy: Don't extend the output section size Since the output section contents are copied from the input, don't extend the output section size beyond the input section size. Backport a patch from upstream to fix CVE-2025-7545 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944] (From OE-Core rev: 9730ddc98bd961d4e2b5b79fa60a2dde1d2a3301) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix CVE-2025-5245Deepesh Varatharajan2025-07-212-0/+39
| | | | | | | | | | | | | PR32829, SEGV on objdump function debug_type_samep u.kenum is always non-NULL, see debug_make_enum_type. Backport a patch from upstream to fix CVE-2025-5245 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a] (From OE-Core rev: ad946d34d1a4536b0431cb74ce29b47a0367b0ae) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: stable 2.44 branch updatesDeepesh Varatharajan2025-07-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Below commits on binutils-2.44 stable branch are updated. b09cf42d51e ld/PE: special-case relocation types only for COFF inputs f0019390d12 s390: Prevent GOT access rewrite for misaligned symbols 452f5511154 x86: Check MODRM for call and jmp in binutils older than 2.45 4058d5a38a1 ld: fix C23 issue in vers7 test Test Results: Before After Diff No. of expected passes 310 310 0 No. of unexpected failures 1 1 0 No. of untested testcases 1 1 0 No. of unsupported tests 9 9 0 Testing was done and there were no regressions found (From OE-Core rev: bf237c02ac3f49b367601063aba28c8d09cd8be8) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby: upgrade 3.4.3 -> 3.4.4Wang Mingyu2025-07-173-7/+7
| | | | | | | | | | | | | | | | 0002-Obey-LDFLAGS-for-the-link-of-libruby.patch 0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch refreshed for 3.4.4 (From OE-Core rev: 33d75adff3c100d4c16a9dc51dd19f48e20cf328) (From OE-Core rev: 76ee6464bf82b5eed525f6cd83132cc8c22a94a8) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: update CVE productPeter Marko2025-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | There are two "new" CVEs reported for python3, their CPEs are: * CVE-2020-1171: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0) * CVE-2020-1192: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0) These are for "Visual Studio Code Python extension". Solve this by addding CVE vendor to python CVE product to avoid confusion with Microsoft as vendor. Examining CVE DB for historical python entries shows: sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython' ...> or product like 'python%3' group by vendor, product; microsoft|python|2 python|python|1054 python_software_foundation|python|2 Note that this already shows that cpython product is not used, so CVE-2023-33595 mentioned in 62598e1138f21a16d8b1cdd1cfe902aeed854c5c was updated. But let's keep it for future in case new CVE starts with that again. (From OE-Core rev: 8659e3537facbf3f5f5a5080137be4d9faf9c970) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tcf-agent: correct the SRC_URIGuocai He2025-07-041-2/+2
| | | | | | | | | The SRC_URI is changed to git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git (From OE-Core rev: f359677709aba80735a38578475a34e1b83d321c) Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: drop old nis module dependenciesGuðni Már Gilbert2025-07-041-2/+0
| | | | | | | | | | | | libnsl2 and libtirpc were build dependencies for the nis module. The nis module was deprecated in Python 3.11 and removed in Python 3.13 (From OE-Core rev: cbc7b1ed7747ef69d8bcbaee27c90560ded713d6) Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-setuptools: fix CVE-2025-47273Praveen Kumar2025-07-043-1/+119
| | | | | | | | | | | | | | | | | | | | | | setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-47273 Upstream-patch: https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b (From OE-Core rev: cfb2d77f841ae21cae0ba7d6263dc3e1e0280400) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-urllib3: fix CVE-2025-50182Yogita Urade2025-07-042-0/+126
| | | | | | | | | | | | | | | | | | | | | | | urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-50182 Upstream patch: https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f (From OE-Core rev: 082b865d9814e7e7aca4466551a035199aa8b563) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-urllib3: fix CVE-2025-50181Yogita Urade2025-07-042-0/+287
| | | | | | | | | | | | | | | | | | | | | urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-50181 Upstream patch: https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 (From OE-Core rev: 819273b5b8b9279c01035cb72377fd8cbb51a198) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cmake: Correctly handle cost data of tests with arbitrary chars in nameMoritz Haase2025-06-263-1/+204
| | | | | | | | | | | | | | | | | | | | | | | ctest automatically optimizes the order of (parallel) test execution based on historic test case runtime via the COST property (see [0]), which can have a significant impact on overall test run times. Sadly this feature is broken in CMake < 4.0.0 for test cases that have spaces in their name (see [1]). This commit backports the upstream fix. As repeated test runs are expected to mainly take place inside the SDK, the patch is only applied to 'nativesdk' builds. [0]: https://cmake.org/cmake/help/latest/prop_test/COST.html [1]: https://gitlab.kitware.com/cmake/cmake/-/issues/26594 Reported-By: John Drouhard <john@drouhard.dev> (From OE-Core rev: ead0d06d6335fb74c1ae0dc7bdcf414c66b3e4ab) Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dcbaf42dd74cc0bda7254856589613718ed3f057) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: set status of CVE-2024-3566Peter Marko2025-06-262-0/+2
| | | | | | | | | | | | | | | | | NVD ([1]) tracks this as: cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* Running on/with cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* Yocto cve-check ignores the "Running on/with", so it needs to be ignored explicitly. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566 (From OE-Core rev: c43a9f7ca85f1c25a72f7b1efa494e30d6cf4906) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-requests: upgrade 2.32.3 -> 2.32.4Jiaying Song2025-06-201-1/+1
| | | | | | | | | | Changelog: https://requests.readthedocs.io/en/latest/community/updates/#release-history (From OE-Core rev: 27a860d7b34250326daede0ade382db47e22c114) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gcc: Upgrade to GCC 14.3Deepesh Varatharajan2025-06-2016-1741/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | GCC 14.3 is a bug-fix release from the GCC 14 branch containing important fixes for regressions and serious bugs in GCC 14.2 with more than 211 bugs fixed since the previous release. https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=14.3 Dropped the below patches: 0026-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch https://github.com/gcc-mirror/gcc/commit/a9f88741a99ba09b29cc0021499c63ca445393f0 0027-gcc-backport-patch-to-fix-data-relocation-to-ENDBR-s.patch https://github.com/gcc-mirror/gcc/commit/aa4cd614456de65ee3417acb83c6cff0640144e9 0028-fix-incorrect-preprocessor-line-numbers.patch https://github.com/gcc-mirror/gcc/commit/8cbe033a8a88fe6437cc5d343ae0ddf8dd3455c8 0001-arm-Fix-LDRD-register-overlap-PR117675.patch https://github.com/gcc-mirror/gcc/commit/9366c328518766d896155388726055624716c0af gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch https://github.com/gcc-mirror/gcc/commit/ab884fffe3fc82a710bea66ad651720d71c938b8 (From OE-Core rev: aa59bbbbedb25d772648c4cb1498b34b43efb0fb) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: upgrade 1.24.3 -> 1.24.4Peter Marko2025-06-207-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to latest 1.24.x release [1]: $ git --no-pager log --oneline go1.24.3..go1.24.4 6796ebb2cb [release-branch.go1.24] go1.24.4 85897ca220 [release-branch.go1.24] net/http: strip sensitive proxy headers from redirect requests 9f9cf28f8f [release-branch.go1.24] os: don't follow symlinks on Windows when O_CREATE|O_EXCL a31c931adf [release-branch.go1.24] cmd/link: allow linkname reference to a TEXT symbol regardless of size 03811ab1b3 [release-branch.go1.24] crypto/x509: decouple key usage and policy validation 04a9473847 [release-branch.go1.24] lib/fips140: set inprocess.txt to v1.0.0 db8f1dc948 [release-branch.go1.24] hash/maphash: hash channels in purego version of maphash.Comparable 664cf832ec [release-branch.go1.24] runtime/debug: document DefaultGODEBUG as a BuildSetting 431f75a0b9 [release-branch.go1.24] os: fix Root.Mkdir permission bits on OpenBSD Fixes CVE-2025-4673, CVE-2025-0913 and CVE-2025-22874 [2]. [1] https://github.com/golang/go/compare/go1.24.3...go1.24.4 [2] https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A (From OE-Core rev: 50fe0b3832f741bc7f9ea0b996a7e99c5696c0ba) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix for CVE-2025-3198Harish Sadineni2025-06-202-0/+29
| | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d] CVE: CVE-2025-3198 (From OE-Core rev: 3516188a077bd27e1de3bb42bd5630dba0b3b07f) Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: upgrade 3.13.3 -> 3.13.4Peter Marko2025-06-139-15/+15
| | | | | | | | | | | | | | | | | | | | | | | Refresh patches. * https://www.python.org/downloads/release/python-3134/ Security content in this release * gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. * gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler. * gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. gh-133767 got meawhile CVE-2025-4516 assigned. (From OE-Core rev: 55a9cd748531c75d46f5d6d53af692a38c6b6716) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: upgrade 3.13.2 -> 3.13.3Trevor Gamblin2025-06-132-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds some security fixes and many new changes to the library. Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-13-3-final Modify 0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch to remove 'test_types' from the pgo-wrapper call, since that fails now under qemu. Reproducibility looks OK. ptest results OK: |== Tests result: SUCCESS == | |29 tests skipped: | test.test_asyncio.test_windows_events | test.test_asyncio.test_windows_utils test.test_gdb.test_backtrace | test.test_gdb.test_cfunction test.test_gdb.test_cfunction_full | test.test_gdb.test_misc test.test_gdb.test_pretty_print | test_android test_apple test_asdl_parser test_clinic test_devpoll | test_free_threading test_generated_cases test_idle test_ioctl | test_kqueue test_launcher test_msvcrt test_startfile test_tcl | test_tkinter test_ttk test_ttk_textonly test_turtle test_winapi | test_winconsoleio test_winreg test_wmi | |9 tests skipped (resource denied): | test_curses test_peg_generator test_pyrepl test_smtpnet | test_socketserver test_urllib2net test_urllibnet test_winsound | test_zipfile64 | |442 tests OK. | |Total duration: 2 min 48 sec |Total tests: run=43,896 skipped=2,268 |Total test files: run=471/480 skipped=29 resource_denied=9 |Result: SUCCESS |DURATION: 169 |END: /usr/lib/python3/ptest |2025-05-12T12:34 |STOP: ptest-runner |TOTAL: 1 FAIL: 0 |root@qemux86-64:~# (From OE-Core rev: 063d5a5fb2f71b523f378b95167553b28804c3ad) (From OE-Core rev: 6587dc1fc62de79c4599761af59ebd385244cb57) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: backport the full fix for importlib scanning invalid distributionsRoss Burton2025-06-133-40/+161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even with our fixes in deterministic_imports.patch the importlib.metadata package scan was still returning Distribution objects for empty directories. This interacts badly with rebuilds when recipes are changing as when a recipe is removed from the sysroot directories are not removed[1]. In particular this breaks python3-meson-python-native rebuilds when Meson upgrades from 1.7 to 1.8: the site-packages directory has an empty meson-1.7.dist-info/ and populated meson-1.8.dist-info/. Whilst it's deterministic to return the empty 1.7 first, this breaks pypa/build as it looks through the distributions in order. We had discussed this with upstream previously and there's a more comprehensive fix upstream (actually in importlib_metadata, not cpython) which ensures that valid distribution objects are listed first. So we can drop our patch and replace it with a backport to fix these rebuilds. [1] oe-core 4f94d929639 ("sstate/staging: Handle directory creation race issue") (From OE-Core rev: 73de8daa6293403f5b92d313af32882c47bce396) (From OE-Core rev: 1c1b651038e15445c495d87c38beeb92f00d9919) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: remove obsolete deletion of non-deterministic .pyc filesRoss Burton2025-06-131-14/+0
| | | | | | | | | | | | | | | | | These .pyc files were non-deterministic because they used frozensets[1], but this has been fixed in 3.11 onwards. [1] https://github.com/python/cpython/issues/81777 [2] https://github.com/python/cpython/commit/51999c960e7fc45feebd629421dec6524a5fc803 (From OE-Core rev: c8c391ed3e0598a3bea7bc0981126d870315063d) (From OE-Core rev: 75758dc92003892edc32cccb3c830926b5c4942a) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix CVE-2025-5244Deepesh Varatharajan2025-06-132-0/+26
| | | | | | | | | | | | | PR32858 ld segfault on fuzzed object We missed one place where it is necessary to check for empty groups. Backport a patch from upstream to fix CVE-2025-5244 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5] (From OE-Core rev: 81e5831ea48e9d1e4b37e4ef6af11d382d7f1df8) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix CVE-2025-1181Deepesh Varatharajan2025-06-133-0/+480
| | | | | | | | | | | | | | PR 32641 [https://sourceware.org/bugzilla/show_bug.cgi?id=32641] PR 32643 [https://sourceware.org/bugzilla/show_bug.cgi?id=32643] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=18cc11a2771d9e40180485da9a4fb660c03efac3 && https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=931494c9a89558acb36a03a340c01726545eef24] (From OE-Core rev: 8b9484767f49a558c442668ad9b8e86d6800819b) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix CVE-2025-1182Harish Sadineni2025-06-052-0/+37
| | | | | | | | | | Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141415.html] CVE: CVE-2025-1182 (From OE-Core rev: 50ee37e89a04a3dd6b652831977171973791f6de) Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3-pygobject: RDEPENDS on gobject-introspectionYi Zhao2025-06-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since 3.51.0, python3-pygobject depends on libgirepository 2.0 provided by glib-2.0 instead of libgirepository 1.0 provided by gobject-introspection[1]. It still needs the typelib files from libgirepository-1.0 package. Add gobject-introspection as a runtime dependency. Fixes: $ python3 Python 3.13.2 (main, Feb 4 2025, 14:51:09) [GCC 14.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import gi >>> from gi.repository import Gtk Traceback (most recent call last): File "/usr/lib64/python3.13/site-packages/gi/importer.py", line 139, in create_module introspection_module = get_introspection_module(namespace) File "/usr/lib64/python3.13/site-packages/gi/module.py", line 243, in get_introspection_module module = IntrospectionModule(namespace, version) File "/usr/lib64/python3.13/site-packages/gi/module.py", line 111, in __init__ repository.require(namespace, version) ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^ gi.RepositoryError: Typelib file for namespace 'xlib', version '2.0' not found The above exception was the direct cause of the following exception: Traceback (most recent call last): File "<python-input-1>", line 1, in <module> from gi.repository import Gtk File "/usr/lib64/python3.13/site-packages/gi/importer.py", line 141, in create_module raise ImportError(e) from e ImportError: Typelib file for namespace 'xlib', version '2.0' not found [1] https://gitlab.gnome.org/GNOME/pygobject/-/merge_requests/320 (From OE-Core rev: 6f9e02292c9305e795f2651c3bb6ef5b671e1c74) (From OE-Core rev: e3fa9ef3239e8bc113e211f5258f84d08284872a) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gcc: fix incorrect preprocessor line numbers in large filesYash Shinde2025-06-022-0/+476
| | | | | | | | | | | | | | | Resolve static assertion failures caused by incorrect line numbers after #include directives, introduced by the backport of PR108900 to GCC. Update line map handling to correctly compute locations in large files, including fixes for both LC_ENTER and LC_LEAVE to ensure accurate line number resolution in rare edge cases. https://gcc.gnu.org/cgit/gcc/commit/?id=edf745dc519ddbfef127e2789bf11bfbacd300b7 (From OE-Core rev: bc868507927fb21637e0ed63bb7ac86d69998d42) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix CVE-2025-1180Harish Sadineni2025-06-022-0/+166
| | | | | | | | | | | | | Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141351.html] CVE: CVE-2025-1180 cherry picked from upstream commit: https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=f9978defb6fab0bd8583942d97c112b0932ac814 (From OE-Core rev: d3c7b8e15a7be8238969f9eb010bde95a2b6c5ca) Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: Fix CVE-2025-1178Deepesh Varatharajan2025-06-022-0/+34
| | | | | | | | | | | | | | | Prevent an abort in the bfd linker when attempting to generate dynamic relocs for a corrupt input file. PR 32638 Backport a patch from upstream to fix CVE-2025-1178 Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0] (From OE-Core rev: 3325b9dfd7a0da2236c96630b67ac2c6d4375840) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: mark CVE-2025-1153 as fixedPeter Marko2025-06-021-0/+2
| | | | | | | | | | | | | | | We had this CVE patched but the patch was removed with last 2.44 branch updates as it is now included. Since there is no new version which could be set in NVD DB, this needs to be explicitly handled. (From OE-Core rev: 32f18145dee54f61203506daef339cd132908287) (From OE-Core rev: b8ed40864e664e1cd50b2015569a406f49a0125e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: drop obsolete CVE_STATUSPeter Marko2025-06-021-2/+0
| | | | | | | | | | | | | NVD has CVE-2023-25584 listed as < 2.40, so we don't need to ignore it for version 2.44 anymore. (From OE-Core rev: eaf80096f96e5bebed53076c1dfe7e35e539f383) (From OE-Core rev: a0ffc4e44ba5e06eccf6d87fb16898454efcb1b2) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gcc: Fix LDRD register overlap in register-indexed modeKhem Raj2025-05-232-0/+149
| | | | | | | | | | | | | Issue is seen with nodejs ending with Illegal instruction on OE Its also in QT5base and perhaps many other packages using 64bit atomics. Thanks to jeroen (oe IRC) to report and help reduce the problem. (From OE-Core rev: bd62158946e214076686e0709d24771acb60665f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby: upgrade 3.4.2 -> 3.4.3Divya Chellam2025-05-231-1/+1
| | | | | | | | | | | | | | | | | This includes CVE-fix for CVE-2025-27219, CVE-2025-27220 and CVE-2025-27221 Changes between 3.4.2 -> 3.4.3 ============================== https://github.com/ruby/ruby/compare/v3_4_2...v3_4_3 (From OE-Core rev: 37747c99ee32153120b67e65a2f3da34c6d58b0f) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d739c52558af986c2ce4c65e1197e8d524d14d22) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: stable 2.44 branch updatesDeepesh Varatharajan2025-05-192-3357/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Below commits on binutils-2.44 stable branch are updated. 33578177adc dwarf: Dump .debug_loclists only for DWARF-5 fe459e33c67 PR 32603, revert message changes in 0b7f992b78fe and 31e9e2e8d109 37d12dd25d8 gdb/compile: add missing entry in bfd_link_callbacks array 31e9e2e8d10 PR 32603, more ld -w misbehaviour 0b7f992b78f PR 32603, ld -w misbehaviour 8cb98edf123 s390: Add support for z17 as CPU name ed70d86b491 x86: Remove AVX10.2 256 bit rounding support e1af7e590a5 elf: Clear the SEC_ALLOC bit for NOLOAD note sections 35db8c6dd2f ld: Pass -Wl,-z,lazy to compiler for i386 lazy binding tests cc7ec316a45 Updated translations for bfd and gold bf088ee09a7 PR 32731 ub sanitizer accessing filenames_reversed 78082591ec7 score-elf gas SEGV d4c7ee9fbc1 gas: fix rs_fill_nop listing a68d096a0ab Open the 2.44 branch for further development Dropped: 0015-CVE-2025-1153.patch Testing was done and there were no regressions found (From OE-Core rev: e06b23897d51d075327012440afbabfe2d5a3de0) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: upgrade 1.24.2 -> 1.24.3Peter Marko2025-05-197-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade to latest 1.24.x release [1]: $ git --no-pager log --oneline go1.24.2..go1.24.3 34c8b14ca9 (release-branch.go1.24) [release-branch.go1.24] go1.24.3 8947f3395e [release-branch.go1.24] os: avoid escape from Root via paths ending in ../ 06fd2f115b [release-branch.go1.24] cmd/compile: remove no-longer-necessary recursive inlining checks f66ab6521c [release-branch.go1.24] cmd/internal/obj/wasm: use i64 for large return addr c1f9c2c7b0 [release-branch.go1.24] cmd/go/internal/load: join incompatible and dirty build specifiers with . 0ab64e2caa [release-branch.go1.24] runtime: cleanup M vgetrandom state before dropping P 56eb99859d [release-branch.go1.24] internal/runtime/maps: pass proper func PC to race.WritePC/race.ReadPC 43130aff52 [release-branch.go1.24] runtime: fix 9-arg syscall on darwin/amd64 b2c005e7b2 [release-branch.go1.24] crypto/tls: fix ECH compatibility a9d9b55709 [release-branch.go1.24] cmd/link: choose one with larger size for duplicated BSS symbols fa7217f74d [release-branch.go1.24] os: avoid panic in Root when symlink references the root Fixes CVE-2025-22873 [1] https://github.com/golang/go/compare/go1.24.2...go1.24.3 (From OE-Core rev: f53e4b16d1b4e4a25f9cd9118d17c52f096fbae2) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: upgrade 1.24.1 -> 1.24.2Archana Polampalli2025-05-197-4/+4
| | | | | | | | | | | Fixes CVE-2025-22871 https://github.com/golang/go/compare/go1.24.1...go1.24.2 (From OE-Core rev: 0507f4709fb379e369f0abd5c37b9cee8de1fcb1) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* perl: upgrade 5.40.0 -> 5.40.2Archana Polampalli2025-05-191-1/+1
| | | | | | | | | | | https://metacpan.org/pod/perldelta This provides a fix for CVE-2024-56406 (From OE-Core rev: 8e91cd8293a13d21eb1df5b9b750d9b498bb3530) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* perlcross: 1.6 -> 1.6.2Archana Polampalli2025-05-191-1/+1
| | | | | | | | | | | Provide support for Perl 5.40.2 https://github.com/arsv/perl-cross/releases/tag/1.6.2 (From OE-Core rev: 9fde5d3657a5842dcdac20eea140077b1e8ae06b) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* syslinux: improve isohybrid to process extra sector count for ISO 9660 imageHongxu Jia2025-05-142-0/+105
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to commit [cdrtools-native: fix booting EFI ISO live failed] applied to improve mkisofs to fix nsectors exceeds 0xffff situation which set selection criteria type = 2 and save extra nsectors to vendor unique selection criteria In following case, add 64MB extra space to bootable image efi.img, and the partition table of EFI is truncated to 32M $ echo 'IMAGE_FSTYPES:pn-core-image-minimal = " live"' >> conf/local.conf $ echo 'MACHINE_FEATURES:append = " efi pcbios"' >> conf/local.conf $ echo '# 64MB extra space to bootable image efi.img' >> conf/local.conf $ echo 'BOOTIMG_EXTRA_SPACE = "65535"' >> conf/local.conf $ bitbake core-image-minimal $ fdisk -l tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso ... Device Boot Start End Sectors Size Id Type tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso1 * 0 376831 376832 184M 0 Empty tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso2 120 65654 65535 32M ef EFI (FAT-12/16/32) After applying this patch to process extra sector count, the partition table of EFI is 90.3M $ fdisk -l tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso ... Device Boot Start End Sectors Size Id Type tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso1 * 0 376831 376832 184M 0 Empty tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso2 120 185151 185032 90.3M ef EFI (FAT-12/16/32) [1]https://pdos.csail.mit.edu/6.828/2017/readings/boot-cdrom.pdf (From OE-Core rev: b4e112ed7e6ba5a6c6df530d696485a588831851) (From OE-Core rev: 741d5ed1b906b8763d9f346481e980e2041c9c2a) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cdrtools-native: fix booting EFI ISO live failedHongxu Jia2025-05-142-0/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In ISO live, if the size of efi.img > 32MB, and copy EFI application (bootx64.efi) to efi.img behind of kernel and initrd, UEFI system could not find EFI application bootx64.efi Using QEMU+OVMF to boot ISO live image, press ESC to enter UEFI shell: ... Shell> ls FS0:\ Directory of: FS0:\ 04/05/2011 23:00 12,985,344 bzImage 04/05/2011 23:00 <DIR> 2,048 EFI 04/05/2011 23:00 20,494,696 initrd 04/05/2011 23:00 26 startup.nsh 3 File(s) 33,480,066 bytes 1 Dir(s) Shell> ls FS0:\EFI Directory of: FS0:\EFI 0 File(s) 0 bytes 0 Dir(s) ... In following case, add 64MB extra space to bootable image efi.img, and the partition table of EFI is truncated to 26.3M $ echo 'IMAGE_FSTYPES:pn-core-image-minimal = " live"' >> conf/local.conf $ echo 'MACHINE_FEATURES:append = " efi pcbios"' >> conf/local.conf $ echo '# 64MB extra space to bootable image efi.img' >> conf/local.conf $ echo 'BOOTIMG_EXTRA_SPACE = "65535"' >> conf/local.conf $ bitbake core-image-minimal $ fdisk -l tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso ... Device Boot Start End Sectors Size Id Type tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso1 * 0 376831 376832 184M 0 Empty tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso2 120 54079 53960 26.3M ef EFI (FAT-12/16/32) According to page 11: `Figure 5 - Section Entry' in El Torito Bootable CD-ROM Format Specification [1]. The sector count takes 2 byte which means max sector count is 0xffff (65535), for 512-byte sector, the size of bootable image is no more than 32MB (65536 * 512 / 1024 / 1024) This commit truncate to 32MB if image size larger than 32MB, and report a warning, then save the extra image sector count to vendor unique selection criteria After apply this commit, the partition table of EFI is truncated to 32M $ fdisk -l tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso ... Device Boot Start End Sectors Size Id Type tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso1 * 0 376831 376832 184M 0 Empty tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso2 120 65654 65535 32M ef EFI (FAT-12/16/32) [1]https://pdos.csail.mit.edu/6.828/2017/readings/boot-cdrom.pdf (From OE-Core rev: 259bb8907d8bfe1217e88a3b6935c160e5a92f8d) (From OE-Core rev: d184f119c26983c2f15b47a25204049d0525c871) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* buildtools-tarball: Make buildtools respects host CA certificatesChangqing Li2025-05-142-6/+28
| | | | | | | | | | | | | | | | | | | | | | | To adapt user network enviroment, buildtools should first try to use the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these envs is not set, then use the auto-detected ca file and ca path, and finally use the CA certificates in buildtools. nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work nativesdk-curl don't set default ca file, need SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO also works nativesdk-python3-requests will use cacert.pem under python module certifi by default, need to set REQUESTS_CA_BUNDLE (From OE-Core rev: 0d5f241eee19c0dff9f9f59949485414935edaa2) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONSChangqing Li2025-05-142-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Here is one testcase: For recipe tensorflow-lite-host-tools_2.18.0.bb, refer [1], do_configure[network] = "1" and it will git clone some repos in CMakeLists.txt When buildtools is used and nativesdk-git is installed into sdk, do_configure failed with error: [1/9] Performing download step (git clone) for 'protobuf-populate' Cloning into 'protobuf'... fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt Fix by adding GIT_SSL_CAINFO in BB_ENV_PASSTHROUGH_ADDITIONS, so that user can export GIT_SSL_CAINFO=${GIT_SSL_CAINFO} in their do_configure:prepend() to fix above do_configure failure CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE is similar envvars, so all add into BB_ENV_PASSTHROUGH_ADDITIONS [1] https://github.com/nxp-imx/meta-imx/blob/styhead-6.12.3-1.0.0/meta-imx-ml/recipes-libraries/tensorflow-lite/tensorflow-lite-host-tools_2.18.0.bb (From OE-Core rev: 5fa8cb40395977722d0d5a2271c8044598fb1f01) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* buildtools-tarball: move setting of envvars to respective envfileChangqing Li2025-05-144-0/+26
| | | | | | | | | | | | * make git,curl,python3-requests align with openssl, move the setting of envvars into respective envfile * for environment.d-openssl.sh, also check if ca-certificates.crt exist before export envvars (From OE-Core rev: 5c915fcada5868bdbb8aa3e28c18a26cfc41914f) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* qemu 8.2.7: ignore CVE-2023-1386Madhu Marri2025-05-141-0/+2
| | | | | | | | | | | | | | | | | | | | | | Upstream Repository: https://gitlab.com/qemu-project/qemu.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1386 Type: Security Advisory CVE: CVE-2023-1386 Score: 3.3 Analysis: - According to redhat[1] this CVE has closed as not a bug. Reference: [1] https://bugzilla.redhat.com/show_bug.cgi?id=2223985 (From OE-Core rev: 962cf064df6db243c182c6b53d06a4fd087cd3f2) Signed-off-by: Madhu Marri <madmarri@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 6a5d9e3821246c39ec57fa483802e1bb74fca724) Signed-off-by: Steve Sakoman <steve@sakoman.com>