There's a (second) overhead factor applied in images generated with Wic,
and this is already documented in the .wks reference. However, the
IMAGE_OVERHEAD_FACTOR entry does not mention it, and by looking at the
partition sizes (e.g. with parted) one may find it confusing that they
don't match with the expected rootfs size (e.g. in a scenario where the
extra space is "0" and IMAGE_OVERHEAD_FACTOR="1.0").
This second overhead is already documented, though:
https://docs.yoctoproject.org/ref-manual/kickstart.html#command-part-or-partition
Mention the '--overhead-factor' option in the glossary entry and add a
reference to the wks documentation.
(From yocto-docs rev: 987929b349a927d6b243d351aebebfd160d1b097)
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b9040e20b015e9b02683ec3014e4ade5eb59d41a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The filename is outdated as its version was already bumped and there are
also different files for different feed choices.
Use glob to match any available file.
Also the directory changed to CVE_CHECK2 meanwhile, so Update it, too.
(From yocto-docs rev: 1b4d559ad5489a34cec26f9aad2687d2cb3ecc0a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a2f18cb23183401d9d8e2fd4499d164ef8d86e44)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Python 3.14 changes the default multiprocessing context from "fork" to
"forkserver"; however bitbake heavily relies on "fork" to efficiently
pass data to the child processes. As such, make "fork" context in the bb
namespace and use it in place of the normal multiprocessing module.
Note that multiprocessing contexts were added in Python 3.4, so this
should be safe to use even before Python 3.14
[YOCTO #15858]
(Bitbake rev: 0d9d8d0863e82e986c33c08064ce9a99224a06d5)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The "has-elf-tls" option was removed by the commit
8e1614a906086fb46c5dd7b7f2dffab91194165c. However is should have been
renamed to "has-thread-local", since it was renamed and not removed in
rust by this commit.
391332c5d9
(From OE-Core rev: 575a4316f661392eb73d1d97300511e2bca24ada)
Signed-off-by: Per x Johansson <perxjoh@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Since pulseaudio-server requires the audio group, we explicitly add it.
When use useradd-staticids or do not use the default group in
base-passwd, an error will occur because the audio group is not defined.
NOTE: pulseaudio: Performing useradd with [--root
TOPDIR/tmp/work/cortexa72-poky-linux/pulseaudio/17.0/recipe-sysroot
--home-dir /var/run/pulse --gid 998 --groups audio,pulse
--no-create-home --system --shell /bin/false --uid 998 pulse]
useradd: group 'audio' does not exist
ERROR: pulseaudio: useradd command did not succeed.
(From OE-Core rev: 4fc918da4667eebbbdae3def8c38209a3d650f97)
Signed-off-by: Kyungjik Min <dpmin7@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The default CONNECTIVITY_CHECK_URIS uses "https://yoctoproject.org/connectivity.html"
which redirect to "https://www.yoctoproject.org/connectivity.html".
Some network configurations with proxies or restricted internet access
don't handle HTTP redirects properly during the sanity check phase,
causing build failures with:
ERROR: OE-core's config sanity checker detected a potential misconfiguration.
Either fix the cause of this error or at your own risk disable the checker (see sanity.conf).
Following is the list of potential problems / advisories:
Fetcher failure for URL: 'https://yoctoproject.org/connectivity.html'. URL doesn't work.
Updated the default URL to use the final destination directly to avoid
redirect-related connectivity check failures.
Also updated SDK test cases in https.py to use the corrected URL for
consistency.
(From OE-Core rev: 894648f4173a8a0e489e720e2b543cd22e39a878)
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 60cdf960a3560f391babd559737f1afb31fb2c5c)
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability classified as problematic was found in libtiff
4.6.0. This vulnerability affects the function PS_Lvl2page of
the file tools/tiff2ps.c of the component tiff2ps. The
manipulation leads to null pointer dereference. It is possible
to launch the attack on the local host. The complexity of an
attack is rather high. The exploitation appears to be difficult.
The exploit has been disclosed to the public and may be used.
The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b.
It is recommended to apply a patch to fix this issue. One of the
maintainers explains, that "[t]his error only occurs if
DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD")
option is used."
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-8534
Upstream patch:
6ba36f159f
(From OE-Core rev: 6db99609f8aeca660fa01fc9e32008a2e37aae03)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit [1] mentioned in [2].
[1] e51fdff7d2
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-8225
Testsuite did not show any changes in results:
=== binutils Summary ===
# of expected passes 310
# of unexpected failures 1
# of untested testcases 1
# of unsupported tests 9
(From OE-Core rev: 3d79514f90a6f731a5333417641500b8e52e410a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This reverts commit 9296d038106aebfb66e3a76c4444597e2e1a2263.
Since this patch, it looks like qemuriscv64 doesn't boot in Walnascar.
(From OE-Core rev: 49f47169953b807d430461ca33f3a2b076119712)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below list of CVEs are addressed in this release
CVE-2025-47183
CVE-2025-47219
CVE-2025-47806
CVE-2025-47807
CVE-2025-47808
(From OE-Core rev: 340b182d5fc972175f1d2a89127f807073c10255)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Handles CVE-2025-53905, CVE-2025-53906, CVE-2025-55157, CVE-2025-55158.
Changes between 9.1.1198 -> 9.1.1652
====================================
https://github.com/vim/vim/compare/v9.1.1198...v9.1.1652
Refresh patches.
Disable newly introduced wayland support (in patch version 1485).
To this belongs also adding recursion in delete command for dir auto
which was newly failing as there is wayland directory inside now.
If someone is interested, this can be probably enabled, but without
additional work it results in compilation error due to function
redefinition conflicts.
(From OE-Core rev: e87d427d928234ef0441f9ce1fe8631fbe471094)
(From OE-Core rev: 99e24ba524157ed70ad05b0b1a14fcca8df52246)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As of now, update of CVE DB from FKIE source (which is the defailt)
fails with following error:
File: '<build>/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 393, function: update_db_fkie
0389: [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
0390:
0391: for config in elt['configurations']:
0392: # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
*** 0393: for node in config["nodes"]:
0394: parse_node_and_insert(conn, node, cveId, False)
0395:
0396:def update_db(d, conn, jsondata):
0397: if (d.getVar("NVD_DB_VERSION") == "FKIE"):
Exception: KeyError: 'nodes'
Entry for new CVE-2025-32915 is broken.
(From OE-Core rev: 5bc27449381d2a53588dc7ad1fe2b78783d5c240)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Commit mentioned in CVE report is already included in current hash.
Can be verified by trying to cherry-pick.
(From OE-Core rev: c7297f46efa410a9204d3d386d307deada967bb6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
linux-firmware-rtl8723 and linux-firmware-adsp-sst
contain symlinks to files that were previously
packaged only in the main linux-firmware package.
This caused both subpackages to inherit an unintended
RDEPENDS on the full package. This change resolves the
issue by ensuring all required files are correctly
included in their respective subpackages.
Thanks to Peter Kjellerstedt for figuring out the rootcause.
(From OE-Core rev: cf27c7d040e7a5f1bbc60fb36c98686704bd7dc5)
(From OE-Core rev: 4b785d2d416944a78bf4c09e85a508ae80e35ca4)
Signed-off-by: Patryk Seregiet <patryk.seregiet@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(master rev: cf27c7d040e7a5f1bbc60fb36c98686704bd7dc5)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* fixes builds on host with gcc-15:
http://errors.yoctoproject.org/Errors/Details/853016/
../../bash-5.2.37/builtins/mkbuiltins.c:268:29: error: too many arguments to function ‘xmalloc’; expected 0, have 1
268 | error_directory = xmalloc (2 + strlen (argv[arg_index]));
| ^~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(From OE-Core rev: 0c09f4a449fc03e6f5dfb6e5961c0a0471a7816d)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* on hosts with gcc-15 or whenever glib PACKAGECONFIG isn't enabled
and pkgconfig uses own old bundled glib
* fixes:
http://errors.yoctoproject.org/Errors/Details/853015/
../../../git/glib/glib/goption.c:169:14: error: two or more data types in declaration specifiers
169 | gboolean bool;
| ^~~~
../../../git/glib/glib/goption.c:169:18: warning: declaration does not declare anything
169 | gboolean bool;
| ^
(From OE-Core rev: 092ee1703d81b8aaed452189dd329320483087d3)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In binutils 2.44, application names were changed from the gp- prefix
(e.g., gp-display-text, gp-archive) to the gprofng- prefix
(e.g., gprofng-display-text, gprofng-archive). Temporary gp-*
symlinks were added to maintain compatibility with the older
gprofng-gui.
However, these compatibility symlinks did not support cross-platform
toolchain prefixes, which resulted in broken gp-* symbolic links.
Support for cross-platform prefixes are added upstream in binutils 2.45,
so this change backports that fix to resolve broken symlinks issue.
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90803ffdcc4d8c3d17566bf8dccadbad312f07a9]
(From OE-Core rev: 55684a63904365d8a6ab2a8ce9e091f29b0b7df5)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.5..go1.24.6
7f36edc26d [release-branch.go1.24] go1.24.6
83b4a5db24 [release-branch.go1.24] database/sql: avoid closing Rows while scan is in progress
0f5133b742 [release-branch.go1.24] os/exec: fix incorrect expansion of "", "." and ".." in LookPath
6e1c4529e4 [release-branch.go1.24] cmd/compile: for arm64 epilog, do SP increment with a single instruction
731de13dc3 [release-branch.go1.24] os/user: user random name for the test user account
390ffce7d6 [release-branch.go1.24] runtime: prevent unnecessary zeroing of large objects with pointers
b454859a8a [release-branch.go1.24] runtime: stash allpSnapshot on the M
Fixes CVE-2025-47906 and CVE-2025-47907 [2].
[1] https://github.com/golang/go/compare/go1.24.5...go1.24.6
[2] https://groups.google.com/g/golang-announce/c/x5MKroML2yM
(From OE-Core rev: a348c04d449c0ba36b2ef278bea08919f0e6d19f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit f3072c210ac0a1e4d8046d920c3ebc29f9916b72)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
- remove backport patch
Overview of changes in GLib 2.84.1, 2025-04-03
==============================================
* Fix test failure when building against gobject-introspection ≥1.83.4 (#3634,
work by Philip Withnall)
* Bugs fixed:
- #3630 2.84.0 build failure on Linux: ../gio/gnetworkmonitornetlink.c:47:10:
fatal error: netlink/netlink_route.h: No such file or directory (Philip
Withnall)
- #3634 test failure with gobject-introspection 1.83.4: warning: element
doc:format from state 3 is unknown, ignoring (Philip Withnall)
- #3636 gio/trash does not handle special characters well
- #3642 `g_cancellable_connect()` documentation incorrect (Marco Trevisan
(Treviño))
- #3643 g_cancellable_connect(): is it safe to unref cancellable from
callback? (Marco Trevisan (Treviño))
- #3649 Crash with some registry key values in GWin32AppInfo (Philip Withnall)
- !4484 Memory sanitizer fixes
- !4489 gobject: Be consistent in using atomic logic to handle the
GParamSpecPool
- !4541 gsettings: Port docs to gi-docgen format, add missing annotations and
make various improvements
- !4544 tests: Don't install runner scripts without installed_tests
- !4545 Update French translation
- !4547 Update Catalan translation
- !4548 Update Turkish translation
- !4551 Updated Danish translation
- !4552 Update Persian translation
- !4553 docs: Document GSignalFlags members added after 2.0
- !4554 Update Indonesian translation
- !4555 tests: Add a test for g_object_freeze_notify() being called too often
- !4557 gfileinfo: Slightly expand docs for
g_file_info_get_attribute_as_string()
- !4558 gi: Dynamically set doc-format
- !4561 tests: Various fixes to create temporary files in /tmp rather than the
build directory
- !4562 gdbusnameowning: Convert docs to gi-docgen linking syntax
- !4563 giounix-private: Fix macro for checking for epoll_create1()
- !4565 Fix LGPL in header
- !4567 gutils: make documentation of g_set_prgname() clearer
- !4568 docs: Add some detail
- !4569 Update Romanian translation
- !4570 gspawn-win32: Fix potential integer overflows in argv handling
- !4571 gvarianttype: Improve docs on type validation
* Translation updates:
- Catalan (Jordi Mas)
- Danish (Ask Hjorth Larsen)
- French (Vincent Chatelain)
- Indonesian (Andika Triwidada)
- Persian (Danial Behzadi)
- Romanian (Antonio Marin)
- Turkish (Sabri Ünal)
(From OE-Core rev: 676b9acbe94f055a351da3bdcfbe457411e1877c)
(From OE-Core rev: d818b5952001bacd4dbb24ea475df33e50bc1b53)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This upgrade fixes CVE-2025-4056
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability classified as problematic was found in GNU elfutils 0.192.
This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c
of the component eu-strip. The manipulation leads to denial of service. It is possible
to launch the attack on the local host. The complexity of an attack is rather high. The
exploitation appears to be difficult. The exploit has been disclosed to the public and
may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is
recommended to apply a patch to fix this issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1376https://ubuntu.com/security/CVE-2025-1376
Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b16f441cca0a4841050e3215a9f120a6d8aea918
(From OE-Core rev: 603881e34e3bbb7435f0ae91553036eef7f1cb06)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability has been found in GNU elfutils 0.192 and classified as critical.
This vulnerability affects the function __libdw_thread_tail in the library
libdw_alloc.c of the component eu-readelf. The manipulation of the argument w
leads to memory corruption. The attack can be initiated remotely. The complexity
of an attack is rather high. The exploitation appears to be difficult. The exploit
has been disclosed to the public and may be used. The name of the patch is
2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to
fix this issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1352https://ubuntu.com/security/CVE-2025-1352
Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753
(From OE-Core rev: 9f104c2005975c1dce6e67b23e34ab5a2e8f85ab)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
