6fceeca067
binutils: fix CVE-2025-1180
...
Backporting the fix from PR 32636 to fix PR 32642 (ld SEGV (illegal read access)
in _bfd_elf_write_section_eh_frame (bfd/elf-eh-frame.c:2234:29) with
--gc-sections --gc-keep-exported option)
https://nvd.nist.gov/vuln/detail/CVE-2025-1180 is associated with
PR32642 which will get fixed with commit from PR 32636.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=f9978defb6fab0bd8583942d97c112b0932ac814 ]
CVE: CVE-2025-1180
(From OE-Core rev: 8178f44f18777b2c8acc0afb9fd43921a9a8e76e)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-04 09:06:31 -07:00
14d260ab25
screen: Fix CVE-2025-46805
...
Upstream-Status: Backport from https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4
(From OE-Core rev: b25b0f785e0b7650e31a45a92be196be6b76ea78)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-04 09:06:31 -07:00
94dea33c75
binutils: Fix CVE-2025-1182
...
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad ]
CVE: CVE-2025-1182
(From OE-Core rev: bbfdd5c44a5629b9158b418b5335ec4f1567b3f9)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-04 09:06:31 -07:00
3810d71ad8
ref-manual/variables.rst: document INHIBIT_UPDATERCD_BBCLASS
...
Fix [YOCTO #15753 ]
(From yocto-docs rev: 76a4dd5ce041b38f4cab714017a38b035d9530a3)
Signed-off-by: Alper Ak <alperyasinak1@gmail.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit 5f5a406d4acdfcbf655ac014d0d2807056f95291)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
14ad855916
ref-manual/variables.rst: document SSTATE_SKIP_CREATION
...
(From yocto-docs rev: 3ff58cc9f3dd200054d241284e183d531502eca4)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit 3982720668aafa18c9ed27304d09f896740b1653)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
c90ab351eb
ref-manual/variables.rst: document INHIBIT_DEFAULT_RUST_DEPS
...
Fix [YOCTO #15755 ]
(From yocto-docs rev: 064472cef81212d9731b10161b8118de314191e1)
Signed-off-by: Alper Ak <alperyasinak1@gmail.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit fd143a04bab38f6aeec23ec229657b16fcaecdf1)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
c5b17456e6
conf.py: tweak SearchEnglish to be hyphen-friendly
...
This modifies the default indexer split() and js splitQuery()
methods to support searching for words with hyphens.
While this might not be an ideal, rock solid, and fully future-proof
solution, it allows at least to search for strings inlcuding hyphens,
such as 'bitbake-layers', 'send-error-report', or 'oe-core'.
Below is a bit more detailed explanation of the two modifications done:
1) The default split regex in the sphinx-doc SearchLanguage base class
is:
| _word_re = re.compile(r'\w+')
which we simply extend to include hyphens '-'.
This will result in a searchindex.js that contains words with hyphens,
too.
2) The 'searchtool.js' code notes for its splitQuery() implementation:
| /**
| * Default splitQuery function. Can be overridden in ``sphinx.search`` with a
| * custom function per language.
| *
| * The regular expression works by splitting the string on consecutive characters
| * that are not Unicode letters, numbers, underscores, or emoji characters.
| * This is the same as ``\W+`` in Python, preserving the surrogate pair area.
| */
| if (typeof splitQuery === "undefined") {
| var splitQuery = (query) => query
| .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}]+/gu)
| .filter(term => term) // remove remaining empty strings
| }
The hook for this is documented in the sphinx-docs 'SearchLanguage'
base class.
| .. attribute:: js_splitter_code
|
| Return splitter function of JavaScript version. The function should be
| named as ``splitQuery``. And it should take a string and return list of
| strings.
|
| .. versionadded:: 3.0
We use this to define a simplified splitQuery() function with a split
argument that splits on empty spaces only.
We extend SearchEnglish (which extends SearchLanguage) here to retain
the stemmer code and stopwords for English.
[YOCTO #14534 ]
(From yocto-docs rev: 72e70a6af6eb3d4ca41f9e64069d8d3f61b420a3)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit d4a98ee19e0cbd6be96923dc72faee143a6b294b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
9fe29f2369
ref-manual/variables.rst: document the INITRAMFS_MAXSIZE variable
...
This variable specifies the maximum allowed size
of the initramfs image in Kbytes.
Fixes [YOCTO #15797 ]
CC: Yoann Congal <yoann.congal@smile.fr >
CC: Randy MacLeod <randy.macleod@windriver.com >
CC: Antonin Godard <antonin.godard@bootlin.com >
(From yocto-docs rev: 215796836549ae31ef8a9f4f2421316d20d4e3c3)
Signed-off-by: Christos Gavros <gavrosc@yahoo.com >
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit 07bcdddaf71c76cdec186cf0ddd97a47eec54972)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
304b1b285b
ref-manual/variables.rst: document the IMAGE_ROOTFS_MAXSIZE variable
...
This variable specifies the maximum allowed size
of the generated image in kilobytes.
CC: Yoann Congal <yoann.congal@smile.fr >
CC: Randy MacLeod <randy.macleod@windriver.com >
CC: Antonin Godard <antonin.godard@bootlin.com >
CC: Quentin Schulz <quentin.schulz@cherry.de >
(From yocto-docs rev: ca56f1002f8d198c0626e87412f33906e13a2761)
Signed-off-by: Christos Gavros <gavrosc@yahoo.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit f3ddc92081363aa7ef7d4fc2c3b918f32f7bda05)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
7dfd7de941
sphinx-lint: unbalanced inline literal markup
...
Fix as many instances of unbalanced-inline-literals-delimiters as reported
by 'make sphinx-lint' as possible. Sphinx and/or its linter seem to get
tripped up randomly when references contain links to heading which contain
literals enclosed in double-back-tics, and not all of them can be "fixed"
to pass both building and linting.
(From yocto-docs rev: 2c1e5b080ad5e62d8283d332cbc473fd2d59c6e6)
Signed-off-by: Trevor Woerner <twoerner@gmail.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
d2de20a4b6
sphinx-lint: role missing opening tag colon
...
Fix all instances missing-space-before-role as reported by 'make sphinx-lint'.
(From yocto-docs rev: 255bfc8c195bbc84a78a4985cf2775c87e525794)
Signed-off-by: Trevor Woerner <twoerner@gmail.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
32712b2a6b
sphinx-lint: trailing whitespace
...
Fix all instances of trailing-whitespace as reported by 'make sphinx-lint'.
(From yocto-docs rev: 7776550a190060221a8cc913e470edf5349b6829)
Signed-off-by: Trevor Woerner <twoerner@gmail.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
38e33dedee
ref-manual/variables.rst: document WIC_CREATE_EXTRA_ARGS
...
Fixes [YOCTO #15509 ]
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de >
(From yocto-docs rev: 8e893cc8cabba4b4f21556561d1ca9656ca1ff9f)
Signed-off-by: Trevor Woerner <twoerner@gmail.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit f1cdecb6da91dbfac59359c83038cb4a4c36ad0a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
40232dc020
contributor-guide/submit-changes: encourage patch version changelogs
...
Add a section after the 'git format-patch' information encouraging developers
to add patch version changelogs to their patch updates.
(From yocto-docs rev: a9f9d53fa4a29e3cf846868567190425ffed8bf0)
Signed-off-by: Trevor Woerner <twoerner@gmail.com >
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit 2e3a37c4607b296956993e557d1786c4876e5722)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
7888d6459e
ref-manual: kernel-fitimage.bbclass does not use SPL_SIGN_KEYNAME
...
The kernel-fitimage.bbclass uses the UBOOT_* variables. The SPL_*
variables are handled by uboot-sign.bbclass.
(From yocto-docs rev: 1383a1fac59b9aa02bde2a0c63a6f480807492e1)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com >
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit 8ceffee908a039deb1021361faa7637e83ef26f3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
ac7af3f00b
migration-guides: add release notes for 4.0.26
...
(From yocto-docs rev: 12ef53ea657c3d36c3c59d492c20123e36001628)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com >
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit 656dc03101705bba718517b7017f71ce00541b72)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
36432822b1
ref-manual/release-process: update releases.svg
...
- Add the future "Whinlatter" (5.3) and "Wrynose" (6.0) releases.
- Make the "Walnascar" release a current release.
- Update the month in Current.
(From yocto-docs rev: b60476dd7b056d7b5dd48ac7fce943b4e3542277)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit adb8573b54626e033921a9f4e3db259312b79207)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
72c9483d9d
test-manual/intro: remove Buildbot version used
...
The version has changed now (3.10.12 as of writing). Avoid having to
maintain this information by removing the version info from the intro.
Also fix a typo ("uses now uses") and give a link to yocto-autobuilder2.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de >
(From yocto-docs rev: c404868285bfeb64600e70650483c664a8eb9574)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
(cherry picked from commit 1ed64dbdf4a60b000305cdc2c67dc24f4bc97ef7)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
ce1cefc347
dev-manual/sbom.rst: fix wrong build outputs
...
This document was written with SPDX 3.0 in mind (create-spdx-3.0 class)
on OE-Core's master, but Kirkstone only supports SPDX 2.2 (named simply
create-spdx).
The create-spdx class only generate a tar.zst output, so remove the
other outputs listed here.
Also, ancillary outputs are not only deployed in tmp/deploy/spdx/MACHINE
but tmp/deploy/spdx in general.
(From yocto-docs rev: 25b5ec4c71c97228f8386f5b6c4fbe272c207ed6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
c6cd61f1a2
gcc: AArch64 - Fix strict-align cpymem/setmem
...
The cpymemdi/setmemdi implementation doesn't fully support strict alignment.
Block the expansion if the alignment is less than 16 with STRICT_ALIGNMENT.
Clean up the condition when to use MOPS. (PR103100)
The original patch for GCC 12 removed MOPS & SIMD conditionals for setmem and
cpymem expansions in aarch64.md file. However, this version for GCC 11 does not
backport the SIMD & MOPS-related changes and retains the conditions in aarch64.md
file to preserve correctness and compatibility with the GCC 11 backend.
All changes and outputs have been verified by the author.
Upstream-Status: Backport [https://gcc.gnu.org/cgit/gcc/commit/?id=b9d16d8361a9e3a82a2f21e759e760d235d43322 ]
(From OE-Core rev: a99a65632116955dc69809a14bf536b22582de72)
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
aee1d45a83
util-linux: Add fix to isolate test fstab entries using CUSTOM_FSTAB
...
During ptest execution, util-linux adds mount entries in /etc/fstab
and runs `mount -a`, which mounts all available entries from
/etc/fstab. This can cause unintended mounts that are unrelated to
the test, leading to incorrect test behavior.
To avoid this, upstream util-linux introduced a mechanism using
CUSTOM_FSTAB,which isolates test-specific fstab entries. Only entries
listed in CUSTOM_FSTAB are mounted during test execution, ensuring
tests do not interfere with or depend on the system's /etc/fstab.
This commit backports below upstream changes to use CUSTOM_FSTAB.
https://github.com/util-linux/util-linux/commit/ed3d33faff17fb702a3acfca2f9f24e69f4920de
https://github.com/util-linux/util-linux/commit/b1580bd760519a2cf052f023057846e54de47484
https://github.com/util-linux/util-linux/commit/6aa8d17b6b53b86a46c5da68c02a893113130496
(From OE-Core rev: 94747fb63518bf907eb7c09fc2e146e39e235a7d)
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
32d2b233c6
ruby: fix CVE-2025-27221
...
In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained even
after changing the host.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-27221
Upstream-patches:
https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495
https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5
(From OE-Core rev: c77ff1288719d90ef257dfe28cb33b3768fc124a)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
097732e057
glib-2.0: fix CVE-2025-4373
...
A flaw was found in GLib, which is vulnerable to an integer overflow
in the g_string_insert_unichar() function. When the position at which
to insert the character is large, the position will overflow, leading
to a buffer underwrite.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-4373
https://security-tracker.debian.org/tracker/CVE-2025-4373
Upstream-patches:
https://gitlab.gnome.org/GNOME/glib/-/commit/cc647f9e46d55509a93498af19659baf9c80f2e3
https://gitlab.gnome.org/GNOME/glib/-/commit/4d435bb4809793c445846db8fb87e3c9184c4703
(From OE-Core rev: 7a7319745637d4b681935ae71706dcc467df3040)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
ef632f4693
libsoup-2.4: Fix CVE-2025-32914
...
import patch from debian to fix
CVE-2025-32914
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf ]
Reference:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
https://security-tracker.debian.org/tracker/CVE-2025-32914
(From OE-Core rev: 8996e178264cf6bf9b69365172f43a5ee8e9f727)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
cbbea14280
libsoup-2.4: Fix CVE-2025-32912
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f
(From OE-Core rev: e66218f6cda7de046bace6880ea5052900fd6605)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
d8278fd9f9
libsoup-2.4: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
(From OE-Core rev: ff1896b14347c7b4a166716338d3822da97be2e4)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
21bb9c063b
libsoup-2.4: Fix CVE-2025-32910
...
import patch from debian to fix
CVE-2025-32910
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832 ]
Reference:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
https://security-tracker.debian.org/tracker/CVE-2025-32910
(From OE-Core rev: b65e3d3a4dc2375d9bb81c7a91c84139cc667a47)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
0f58759f1b
libsoup-2.4: Fix CVE-2025-46420
...
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e ]
(From OE-Core rev: f0d5d13b0b7b2cf3f60c85b0c135fd948c648256)
Signed-off-by: Ashish Sharma <asharma@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
23a8405509
connman :fix CVE-2025-32366
...
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen)
and memcpy(response+offset,*end,*rdlen) without a check for whether
the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be
larger than the amount of remaining packet data in the current state
of parsing. Values of stack memory locations may be sent over the
network in a response.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32366
Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4
(From OE-Core rev: 1b9156124b4a07e0e3e0ab09e87d654eae6c7b4e)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
7f043fb4bb
iputils: Security fix for CVE-2025-47268
...
CVE-2025-47268
ping in iputils through 20240905 allows a denial of service (application
error or incorrect data collection) via a crafted ICMP Echo Reply
packet, because of a signed 64-bit integer overflow in timestamp
multiplication.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47268
Patch from:
https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40
(From OE-Core rev: a463c8e3950ccf58316d48241c2cd82484f25fda)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
0fa8a4465e
openssh: Fix CVE-2025-32728
...
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367 ]
(From OE-Core rev: 68413e1413eb87254d68f30920574b0e2c766782)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
ab9a994a8c
build-appliance-image: Update to kirkstone head revision
...
(From OE-Core rev: e8be08a624b2d024715a5c8b0c37f2345a02336b)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 09:02:55 -07:00
5dad8173d4
poky.conf: bump version for 4.0.27
...
(From meta-yocto rev: ff73566d1786b524ec8c809bf641b0b74d85b512)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:59:59 -07:00
d6a242831e
perl: enable _GNU_SOURCE define via d_gnulibc
...
This is needed to properly support memmem() and friends under musl
as musl guards the declarations with _GNU_SOURCE define, and if the
declarations are not present, gcc will issue warnings and generate
assembly that assumes the functions return int (instead of e.g.
void*), with catastrophic consequences at runtime.
(From OE-Core rev: 79dc3f42958bfefe03a8240e2a57501c38d2bd3c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de >
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 6422e62fbc5c65a2165a72c97c880cfa9a80e957)
Signed-off-by: Peter Hurley <peter@meraki.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
06b97d608e
module.bbclass: add KBUILD_EXTRA_SYMBOLS to install
...
Symbols are used during install as well, adding KBUILD_EXTRA_SYMBOLS enables
successful installation.
| DEBUG: Executing shell function do_install
| NOTE: make -j 22 KERNEL_SRC=xxx/kernel-source -C xxx/drivers
KDIR=xxx/kernel-source DEPMOD=echo
MODLIB=xxx/image/lib/modules/6.6.75-yocto-standard-00189-g530c419bc9db
INSTALL_FW_PATH=xxx/image/lib/firmware CC=aarch64-poky-linux-gcc
-fuse-ld=bfd -fcanon-prefix-map LD=aarch64-poky-linux-ld.bfd
OBJCOPY=aarch64-poky-linux-objcopy STRIP=aarch64-poky-linux-strip
O=xxx/kernel-build-artifacts modules_install
| make: Entering directory 'xxx/drivers'
| make -C xxx/kernel-source M=xxx/drivers modules
| make[1]: Entering directory 'xxx/kernel-source'
| make[2]: Entering directory 'xxx/kernel-build-artifacts'
| MODPOST xxx/drivers/Module.symvers
| ERROR: modpost: "xxx" [xxx/xxx.ko] undefined!
(From OE-Core rev: 1403ffa42014ad5c88c28da6c360ea5fd1857147)
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com >
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 0ef80eeda967a9e04ff91c3583aabbc35c9868e8)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
ae5264cac3
glibc: stable 2.35 branch updates
...
d2febe7c40 math: Improve layout of exp/exp10 data
20b5d5ce26 AArch64: Use prefer_sve_ifuncs for SVE memset
9569a67a58 AArch64: Add SVE memset
59f67e1b82 math: Improve layout of expf data
904c58e47b AArch64: Remove zva_128 from memset
8042d17638 AArch64: Optimize memset
be451d6053 AArch64: Improve generic strlen
8b3d09dc0d assert: Add test for CVE-2025-0395
29d9b1e59e assert: Reformat Makefile.
Testresults:
Before update |After update |Difference
PASS: 4832 |PASS:4833 |PASS: +1
FAIL: 132 |FAIL:132 |FAIL: 0
XPASS: 6 |XPASS:6 |XPASS: 0
XFAIL: 16 |XFAIL:16 |XFAIL: 0
UNSUPPORTED: 200|UNSUPPORTED:200 |UNSUPPORTED: 0
(From OE-Core rev: 70e9ae425e34221af6a7bdda6b83f2f8e7848278)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
01292aba34
scripts/install-buildtools: Update to 4.0.26
...
Update to the 4.0.26 release of the 4.0 series for buildtools
(From OE-Core rev: 04ff268291598c1e0588cff43df694a714e48746)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
45c3cde26b
libsoup: Fix CVE-2025-32914
...
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf ]
(From OE-Core rev: ce7cda16d823012f71d91c820083b0da93762d9d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
3f1cc96cb9
libsoup: Fix CVE-2025-32912
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f
(From OE-Core rev: 7c709d985c4e732f6fedd56748b3de3e52869282)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
d8c4c5ea04
libsoup: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
(From OE-Core rev: e79585ab2a492a5023bce637cbe519fcd1370e04)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
fe91f67d38
libsoup: Fix CVE-2025-32910
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832
(From OE-Core rev: aeaa106595f173f5646a17adb413a85e0d01887e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
cc7f7f1c29
libsoup: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 491373828c1c66030fb41687f9a42b9e4deb010b)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
dc621121b1
libsoup: Fix CVE-2025-32906
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f
(From OE-Core rev: 17fbb56b3cbea445767cba988f3db5b32fb00b71)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
14f293eecf
libsoup: update fix CVE-2024-52532
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff
(From OE-Core rev: caf0ac894d029aaac7d746fe87db1aa0e8c3c93f)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
e07ed2059c
libsoup-2.4: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: ad1244ee75b4169eab21c2c8744b86342b32dd07)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
6b27d84c2c
libsoup-2.4: Fix CVE-2025-32906
...
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f
(From OE-Core rev: 2b938dd6beb1badca59804ffbe395deb679bc1b1)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
02c2876c5e
libsoup-2.4: Update fix CVE-2024-52532
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff
(From OE-Core rev: 144d067ed5b98b8ca477a6a0e8c958c0b15e9643)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
b497f2caf7
perl: patch CVE-2024-56406
...
Pick patch mentioned in NVD links for this CVE.
Tested by runniing ptest and CVE reproducer (before&after).
Ptest fails on test dist/threads/t/join, however the same test also
fails without this patch.
(From OE-Core rev: 8e3c821e9ce8f3a9667847a284bc5a6f4973ea13)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
8c0982c306
glibc: Add single-threaded fast path to rand()
...
Backport a patch [1] to improve performance of rand() and __random()[2]
by adding a single-threaded fast path.
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=be0cfd848d9ad7378800d6302bc11467cf2b514f
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=32777
(From OE-Core rev: 00f7a2f60dd6de95a1a47fa642978613ce76dc56)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 06:38:22 -07:00
cdca0c82f7
qemu: ignore CVE-2023-1386
...
Upstream Repository: https://gitlab.com/qemu-project/qemu.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1386
Type: Security Advisory
CVE: CVE-2023-1386
Score: 3.3
Analysis:
- According to redhat[1] this CVE has closed as not a bug.
Reference:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2223985
(From OE-Core rev: 6a5d9e3821246c39ec57fa483802e1bb74fca724)
(From OE-Core rev: f7c8877395d4ec0a91cd5cf54e6c2858495746fb)
Signed-off-by: Madhu Marri <madmarri@cisco.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
(Converted to old CVE_CHECK_IGNORE syntax)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 06:38:22 -07:00
Harish Sadineni
Hitendra Prajapati
Alper Ak
Etienne Cordonnier
Enrico Jörns
Christos Gavros
Trevor Woerner
Adrian Freihofer
Lee Chee Yang
Antonin Godard
Sundeep KOKKONDA
Virendra Thakur
Divya Chellam
Praveen Kumar
Vijay Anusuri
Ashish Sharma
Yi Zhao
Steve Sakoman
Alexander Kanavin
Alon Bar-Lev
Deepesh Varatharajan
Aleksandar Nikolic
Peter Marko
Haixiao Yan