Add the instance specifier to the ptp4l dependency for the phc2sys
service, so the corresponding service is automatically started
correctly. This fixes the following error messages, when starting the
phc2sys@... service:
Failed to restart phc2sys@eth0.service: Unit ptp4l.service not found.
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 31f0b9d3d5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This recipe is a Scarthgap backport of kernel-hardening-checker_0.6.10.2.bb
in the master branch as of August 19, 2025.
Tested on qemux86-64 and on beaglebone-yocto
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
There were a some accidenal typos in the CVE-2025-52886-0001.patch file
that introduced a number of syntactical errors in the qt5/src/poppler-annotation.cc
file, which failed the compilation, in case qt5 PACKAGECONFIG is enabled.
This change fixes these typos. Since qt6 is not enabled in the recipe,
only the qt5 related parts were verified.
While reworking the backport, unfortunately some line number differences
were introduced, which inflate the size of this patch - just scroll
past those.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Backport a patch from upstream that allows vulkan-cts to work with
Vulkan version greater than 1.3. Previously any unknown Vulkan versions
will return 0 when we attempt to locate the minimum version with
minVulkanAPIVersion.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
which avoids the following QA issue during builds on 32-bit systems:
WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'
* Undefine _TIME_BITS to fix the build error:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
These tests are failing and thus preventing verification of new patches.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Earlier both libdrm[1] and kmsxx[2] projects used to provide a binary
program called kmstest. To avoid the clash, the kmsxx recipe was
updated to rename this binary to kmsxxtest during installation. However
libdrm project has now removed kmstest[3] and hence there is no clash
in naming anymore, so revert back to original name of binary i.e.
kmstest.
[1]: https://gitlab.freedesktop.org/mesa/libdrm.git
[2]: https://github.com/tomba/kmsxx
[3]: https://gitlab.freedesktop.org/mesa/libdrm.git
commit: 2b997bb4bb688be00620887c8646ff24ccb9396b
Signed-off-by: Swamil Jain <s-jain1@ti.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE: CVE-2024-23337
CVE: CVE-2024-53427
CVE: CVE-2025-48060
Patches CVE-2024-23337.patch and CVE-2024-53427.patch are backported from
jq-1.8.0, and CVE-2025-48060.patch is backported from jq-1.8.1.
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
0001-Add-recursion-check-when-parsing-unknown-fields-in-J.patch is
dropped because it has been in new version.
This upgrade also fixes CVE-2025-4565. The fix commit is as below:
d31100c91 Manually backport recursion limit enforcement to 25.x
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
When PACKAGECONFIG options like 'cxx' 'webp' and 'xml' are disabled,
certain files such as Magick++-config.im7, configure.xml, or
delegates.xml are not installed. Unconditionally running sed
on these files results in errors during do_install
Error:
sed: can't read .../image/usr/bin/Magick++-config.im7: No such file or directory
Signed-off-by: Nikhil R <nikhilr5@kpit.com>
Signed-off-by: Sana Kazi <sanakazi720@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ChangeLog:
https://github.com/redis/redis/releases/tag/7.2.8
Update urgency: SECURITY: There are security fixes in the release.
Security fixes
==================
* (CVE-2025-21605) An unauthenticated client can cause an unlimited growth of output buffers
Bug fixes
=================
* #12817, #12905 Fix race condition issues between the main thread and module threads
* #13863 RANDOMKEY - infinite loop during client pause
* #13877 ShardID inconsistency when both primary and replica support it
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Yi Zhao
Zhang Peng
Martin Jansa
Divya Chellam
Deepak Rathore
Martin Schwan
Michael Opdenacker
Gyorgy Sarvari
Hitendra Prajapati
Alexandre Truong
Yogita Urade
Randolph Sapp
Changqing Li
Roland Kovacs
Praveen Kumar
Jiaying Song
Peter Marko
Guocai He
Swamil Jain
Chen Qi
Sana Kazi
Bastian Krause
Vijay Anusuri