The original tarball URL is no longer valid, as it has been moved to an
archive location. This update points to the new location.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
PHP has removed the --with-zlib-dir configure option since that is now
taken over by pkg-config, this breaks building PHP on Walnascar when zip
is enabled via PACKAGECONFIG.
So remove it.
Signed-off-by: Gijs Peskens <gijs.peskens@munisense.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 90fa225b86)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Update python3-moteus to the latest release.
Since no formal changelog is available, here's the git shortlog of the
moteus python library [1] for the corresponding release:
Josh Pieper (2):
Add some more register definitions
Add --version options to moteus_tool and tview
[1] https://github.com/mjbots/moteus/commits/main/lib/python
Signed-off-by: Richard Leitner <dev@g0hl1n.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0285799f54)
Signed-off-by: Richard Leitner <dev@g0hl1n.net>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
which avoids the following QA issue during builds on 32-bit systems:
WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'
* Undefine _TIME_BITS to fix the build error:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Remove unsupported '-mcpu=octeontx2+crypto' from BINDGEN_EXTRA_CLANG_ARGS
as clang does not recognize 'octeontx2' as a valid target CPU, causing
bindgen to fail when generating Rust bindings.
Since bindgen only parses headers using Clang, CPU-specific options
like -mcpu are generally unnecessary.
Fixes build failure:
| error: unsupported argument 'octeontx2+crypto' to option '-mcpu='
| error: unknown target CPU 'octeontx2'
Signed-off-by: Bo Sun <bo.sun.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and
Python. Prior to version 3.12.14, the Python parser is vulnerable to a
request smuggling vulnerability due to not parsing trailer sections of
an HTTP request. If a pure Python version of aiohttp is installed (i.e.
without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled,
then an attacker may be able to execute a request smuggling attack to
bypass certain firewalls or proxy protections. Version 3.12.14 contains
a patch for this issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-53643
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
pycares is a Python module which provides an interface to c-ares. c-ares
is a C library that performs DNS requests and name resolutions
asynchronously. Prior to version 4.9.0, pycares is vulnerable to a
use-after-free condition that occurs when a Channel object is garbage
collected while DNS queries are still pending. This results in a fatal
Python error and interpreter crash. The vulnerability has been fixed in
pycares 4.9.0 by implementing a safe channel destruction mechanism.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-48945
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add a submitted patch to support the reproducible generation of
intermediate file ecodes.c, then, use it to fix the buildpaths errors.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Commit 01ebfecf1c ("python3-evdev: switch to PEP-517 build backend")
did not update the way build arguments are passed to the build making
them unused. In python3-evdev case that meant that the build used host
kernel headers instead of Yocto's.
When host's and Yocto's headers were different (currently the case on
Debian 12 as seen on AB[0]), that triggered:
| src/evdev/ecodes.c:542:29: error: 'KEY_LINK_PHONE' undeclared (first use in this function); did you mean 'KEY_PICKUP_PHONE'?
| 542 | PyModule_AddIntMacro(m, KEY_LINK_PHONE);
| | ^~~~~~~~~~~~~~
[...]
ERROR: Task (.../../../layers/meta-openembedded/meta-python/recipes-devtools/python/python3-evdev_1.9.1.bb:do_compile) failed with exit code '1'
To fix this, use PEP517_BUILD_OPTS with the working (but weird looking) escaping.
Now that correct headers are used, their paths end up in the ecode.c
file which lead to a buildpaths error, skip the check for this patch.
This will be fixed in a following patch.
[0]: https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/40/steps/40/logs/stdio
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
python3-can 4.4.y requires msgpack~=1.0.0, but openembedded-core
versions newer than scarthgap provide msgpack 1.1.0 [1], causing
"pip check" to fail with the following error:
python-can 4.4.2 has requirement msgpack~=1.0.0; platform_system != "Windows", but you have msgpack 1.1.0.
This patch resolves the issue by updating python3-can to 4.5.0.
[1] https://layers.openembedded.org/layerindex/recipe/66997/
(cherry picked from commit f048d118f2)
Cc: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Leitner <dev@g0hl1n.net>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix do_package_qa error by removing ${RECIPE_SYSROOT} from the installed xmlsec1-gnutls.pc file.
This ensures the generated .pc file does not leak build-time paths, complying with QA checks.
Fixes QA error:
ERROR: xmlsec1-1.3.7-r0.wr2500 do_package_qa: QA Issue: File /usr/lib/pkgconfig/xmlsec1-gnutls.pc in package xmlsec1-dev contains reference to TMPDIR [buildpaths]
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix HOMEPAGE
License Update: COPYING.GPL - whitespace changes and change of address of the
Free Software Foundation. COPYING.LGPL - whitespace changes and change of
address of the Free Software Foundation.
| checking for itstool... no
| configure: error: itstool not found
add itstool-native to DEPENDS to address configure failure.
| ERROR: glade-3.36.0-r0 do_configure: QA Issue: AM_GNU_GETTEXT used but no inherit gettext [configure-gettext]
inherit gettext to address QA error.
The code of gladeui/glade-command.c has changed from using
G_OBJECT (prop) to GLADE_PROPERTY (prop)
G_OBJECT (widget) to GLADE_WIDGET (widget)
thus resolving the incompatible pointer types seen in glade 3.22.2.
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(master: ecca54d930)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ChangeLog:
https://github.com/valkey-io/valkey/releases/tag/8.1.1
Security fixes
(CVE-2025-21605) Limit output buffer for unauthenticated clients
Bug fixes
Fix the build on less common platforms in zmalloc.c
Fix: add samples to stream object consumer trees
Fix crash during TLS handshake with I/O threads
Fix cluster slot stats assertion during promotion of replica
Fix panic in primary when blocking shutdown after previous block with
timeout
Ignore stale gossip packets that arrive out of order
Fix incorrect lag reported in XINFO GROUPS
Fix engine crash on module client blocking during keyspace events
Avoid shard id update of replica if not matching with primary shard id
Only enable defrag for vendored jemalloc
Allow scripts to support null characters again
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.5
Security:
CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-6hxc-62jh-p29v
Changes:
Restore Windows XP support. PR #958
Bugfixes:
A missing mutex initialization would make busy polling for configuration changes (platforms other than Windows, Linux, MacOS) eat too much CPU PR #974
Pkgconfig may be generated wrong for static builds in relation to -pthread PR #965
Localhost resolution can fail if only one address family is in /etc/hosts PR #947
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.4
Changes:
QNX Port: Port to QNX 8, add primary config reading support, add CI build. PR #934, PR #937, PR #938
Bugfixes:
Empty TXT records were not being preserved. PR #922
docs: update deprecation notices for ares_create_query() and ares_mkquery(). PR #910
license: some files weren't properly updated. PR #920
Fix bind local device regression from 1.34.0. PR #929, PR #931, PR #935
CMake: set policy version to prevent deprecation warnings. PR #932
CMake: shared and static library names should be the same on unix platforms like autotools uses. PR #933
Update to latest autoconf archive macros for enhanced system compatibility. PR #936
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
https://github.com/jqlang/jq/releases/tag/jq-1.8.0
Security fixes
* CVE-2024-23337: Fix signed integer overflow in jvp_array_write and jvp_object_rehash. @itchyny de21386
The fix for this issue now limits the maximum size of arrays and objects to 536870912 (2^29) elements.
* CVE-2024-53427: Reject NaN with payload while parsing JSON. @itchyny a09a4df
The fix for this issue now drops support for NaN with payload in JSON (like NaN123).
Other JSON extensions like NaN and Infinity are still supported.
* CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt. @itchyny c6e0416
* Fix use of uninitialized value in check_literal. @itchyny #3324
* Fix segmentation fault on strftime/1, strflocaltime/1. @itchyny #3271
* Fix unhandled overflow in @base64d. @emanuele6 #3080
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The oe-core master has qemu.bbclass refactoring, but walnascar does
not. So we will need to copy all the needed functions and settings
from qemu.bbclass here to make things work.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ChangeLog:
https://github.com/redis/redis/releases/tag/7.2.8
Update urgency: SECURITY: There are security fixes in the release.
Security fixes
==================
* (CVE-2025-21605) An unauthenticated client can cause an unlimited growth of output buffers
Bug fixes
=================
* #12817, #12905 Fix race condition issues between the main thread and module threads
* #13863 RANDOMKEY - infinite loop during client pause
* #13877 ShardID inconsistency when both primary and replica support it
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
https://goodies.xfce.org/ states "Starting this month (November 2019), a project is starting
to migrate the goodies.xfce.org documentation to https://docs.xfce.org/start. The goal is to
remove deprecated projects and, eventually, de-commission the goodies.xfce.org URLs. Additional
information will be posted on https://wiki.xfce.org/projects/goodies-decomm/start as the project
proceeds."
This patch updates the URLs being used in the HOMEPAGEs to reflect where the address is actually
resolving.
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This fixes an issue where running the test_machine_signatures
yocto-layer-check tst case fails when using a BSP layer that depends on
meta-oe.
e.g.
bitbake-diffsigs -t kernel-hardening-checker do_create_package_spdx -s 6397093de4edf0eb568d56526704b178944f788bf0d0bdc8f6ce1b181ee00baa 8adadf9e2c0461de5c377b9a0590f6c05b03ff8c1b8eb89fff94e5c3235a0c9a
Hash for task dependency linux-cip:do_create_spdx changed from 4db4e1b424d7969ba80c8e03450ec70e88bab266b1e43054381ab1c572cf580a to bfebcc3195aa0106630e2d3cf7fc8335df8768ad059143d54f715b399eea8b69
Hash for task dependency linux-cip:do_collect_spdx_deps changed from ae22171bab2f456b4743fb0ca05de91a16b65fe6bbddd4cb97d2ed04e5d4f651 to e43ed3f2cee8198d91535ce38057d996cdb8e72c10d7509c2542e6676782ebdc
Hash for task dependency linux-cip:do_unpack changed from 6cf2e7fd1e1d67578f6bed761378953f91a8a58df0107698cc259c1989674da1 to 5d98fa31606f06f0e4416f9df82f97fdc6f63799b65486912dc4a3fc7f871f3c
basehash changed from 556fad4e4426a9390de6ccdcc631aeb35d391ccc9676f6a4810237e2f501cf85 to 72beced62420cc92f276f8a31cd4de3d6f9e3877b14fff9d82ff7d863855b7da
Variable MACHINE value changed from 'hihope-rzg2h' to 'hihope-rzg2m'
Link: https://lists.openembedded.org/g/openembedded-devel/topic/issue_meta_oe_walnascar/113168928
Signed-off-by: Chris Paterson <chris.paterson2@renesas.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Jiaying Song
Gijs Peskens
Jason Schonberg
Jeroen Hofstee
Richard Leitner
Zhang Peng
Bo Sun
Wang Mingyu
Yi Zhao
Yi Zhao
Yogita Urade
gudni
Praveen Kumar
Peter Marko
Martin Jansa
Changqing Li
Jinfeng Wang
Yoann Congal
Bastian Krause
Vijay Anusuri
Chen Qi
Clayton Casciato
Chris Paterson