[ Upstream commit 42b530581f7246b3143ee50e3c6f981dcbb1dc74 ]
Grub would report an error message in boot stage as below:
"error: no such device: ((hd0,gpt1)/EFI/BOOT)/EFI/BOOT/grub.cfg"
Consequently, the root variable is not set, and the intended protection
against cross-device configuration loading (the purpose of the original 2014 commit)
is lost.
The most robust fix is to use the --hint parameter.
This separates the search target from the device hint, avoiding
fragile string concatenation and supporting both prefixed and
non-prefixed $cmdpath formats.
Fixes: 5ce73b6055ac ("grub: add cmdpath to grub configuration file")
(From OE-Core rev: 2f509e353e2fc04923fc742312c81ed69b419643)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The code defines a custom 'bool' type (as an 'int'), which is incompatible
with C23 in which bool is a keyword, and trying to use <stdbool.h> fails
because 'int' and 'bool' are used interchangeably in the code.
Add the flag to CC variable, since CFLAGS is used by both c and c++ compilers
and clang++ is less forgiving when C compiler only option is used on its
cmdline so it complains about -std=gnu17 and bails out.
(From OE-Core rev: 0647201fb4729be3b10b3da2b19645c59147b40a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 49657089ef215824f8f79a81deb7baf4f27d0030)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
- Keep both the older deprecated debian:apt alias and the active
debian:advanced_package_tool identity in CVE_PRODUCT.
- This preserves completeness and avoids missing CVEs in case older
aliases are still used in NVD records.
(From OE-Core rev: 28d3ab81b9386bda16e196ed2934967843413186)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c777220ee5740b800f4128da79c24f7e42c7b88)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
[FT: Rebase onto scarthgap-next]
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
According to [1], EDK2 contains a vulnerability in BIOS where an attacker may
cause “ Improper Input Validation” by local access. Successful exploitation of
this vulnerability could alter control flow in unexpected ways, potentially
allowing arbitrary command execution and impacting Confidentiality, Integrity,
and Availability.
Backport patches from upstream [2] to fix CVE-2025-2296
Note: backport 0001-AmdSev-Halt-on-failed-blob-allocation.patch to apply
the CVE patches without confliction
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-2296
[2] https://github.com/tianocore/edk2/pull/10628
(From OE-Core rev: 09be6658833e7ac4143eeb26bdaf67c6c94e260a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
On scarthgap images built without systemd in DISTRO_FEATURES, dbus
still shipped dbus.socket and dbus.service under
${systemd_user_unitdir} (/usr/lib/systemd/user), because the
'user-session' PACKAGECONFIG was always enabled and passed
--enable-user-session --with-systemduserunitdir=... to configure.
In dbus-1.14.10 the user-session autoconf option (configure.ac and
bus/Makefile.am 'if DBUS_ENABLE_USER_SESSION') only installs systemd
user units; it has no non-systemd effect. Enabling it on a sysvinit
image has no benefit and produces the stale unit files.
Make user-session a systemd-gated PACKAGECONFIG by using
bb.utils.contains in the default, so it is enabled when systemd is
in DISTRO_FEATURES and disabled otherwise. No changes to the
PACKAGECONFIG[user-session] or PACKAGECONFIG[systemd] entries are
needed: --disable-user-session is passed on sysvinit builds, which
prevents the configure/Makefile machinery from ever setting up the
user-unit install step.
This is the scarthgap equivalent of master commit a296b0623eb2
("dbus: use the systemd class to handle the unit files"), adapted
to the autotools 1.14.10 recipe. The master fix was broader because
the meson 1.16.2 build handles unit-file install differently, which
let that commit drop the manual do_install unit block, the
systemctl mask postinst, and PACKAGE_WRITE_DEPS. On 1.14.10 those
pieces are still needed; the minimal correct gate here is the
user-session default.
Fixes [YOCTO #15779]
(From OE-Core rev: 5550d6eadb2fea1ecb13e035a04a57450510441f)
Signed-off-by: Jhonata Poma-Hansen <jhonata.poma@gmail.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Changelog for liburcu: 0.14.0 -> 0.14.2
============================================================
2026-01-26 Userspace RCU 0.14.2
* Fix: Only include linux/time_types.h when __NR_futex_time64 is defined
* Use __NR_futex_time64 in futex syscall wrapper
* Cleanup: Remove useless declarations from urcu-qsbr
* src/urcu-bp.c: assert => urcu_posix_assert
2024-08-28 Userspace RCU 0.14.1
* Fix: missing typename in URCU_FORCE_CAST
* Allow building with GCC >= 13.3 on RISC-V
* pointer.h: Fix the rcu_cmpxchg_pointer documentation
* Adjust shell script to allow Bash in other locations
* fix: handle EINTR correctly in get_cpu_mask_from_sysfs
* Relicense src/compat-smp.h to MIT
* ppc.h: use mftb on ppc
* Fix: allow clang to build liburcu on RISC-V
* Fix -Walloc-size
* urcu/uatomic/riscv: Mark RISC-V as broken
* Fix: urcu-bp: misaligned reader accesses
* LoongArch: Document that byte and short atomics are implemented with LL/SC
* Add LoongArch support
* tests/regression/rcutorture: Add wait state
* urcu-wait: Initialize node in URCU_WAIT_NODE_INIT
* Fix: urcu-wait: add missing futex.h include
* Adjust shell scripts to allow Bash in other locations
* Add support for OpenBSD
* Revert compiler.h: Introduce caa_unqual_scalar_typeof
* rculfhash: Use caa_container_of_check_null in cds_lfht_entry
* compiler.h: Introduce caa_container_of_check_null
* compiler.h: Introduce caa_unqual_scalar_typeof
* Avoid calling caa_container_of on NULL pointer in cds_lfht macros
* Fix: revise urcu_read_lock_update() comment
* Fix: uatomic powerpc comment about lwsync
* fix: aarch64: allow RHEL7 gcc 4.8.5-11
* fix: warning 'noreturn' function does return on ppc
* Fix: use __noreturn__ for C11-compatibility
(From OE-Core rev: dc2df90b1d4f71023169d492f3819326e0e6c055)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Changelog for sudo: 1.9.17p1 -> 1.9.17p2
============================================================
Merge sudo 1.9.17p2 from branch 'main' into sudo-1.9
[d1b48c651]
* configure, configure.ac:
Fix check for which man page type to use with nroff
Fixes a bug where configure would use *.man instead of *.mdoc on
systems without mandoc. Bug #1077.
[aa2498e46]
* plugins/sudoers/log_client.c:
client_msg_cb: make warning match the function that failed
[f73162df3]
2025-07-23 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS, configure, configure.ac:
Sudo 1.9.17p2
[f0e1a5ca3]
* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
digest_matches: plug fd leak on snprinf() failure
[26a1a7529]
2025-07-21 Todd C. Miller <Todd.Miller@sudo.ws>
* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp,
scripts/mkpkg:
Add a way to override pp_rpm_arch when building rpms
This will be used to build x86_64_v2 packages for Alma Linux.
[55d3c99c4]
* configure, configure.ac:
Fix check for which man page type to use with nroff
Fixes a bug where configure would use *.man instead of *.mdoc on
systems without mandoc.
[2dc10cfbd]
* plugins/sudoers/timestamp.c:
ts_write: call lseek after fruncate on short write
We need to make sure the file position is reset to the old EOF on
error.
[8e7e0e23f]
2025-07-20 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_ptrace.c:
ptrace_readv_string: quiet sign-compare warning
[fac2a49e7]
* src/exec_ptrace.c:
ptrace_readv_string: properly handle reads of more than one page
When the intercept and intercept_verify options are enabled and
either argv[] or envp[] contains a string larger than the page size
(usually 4096), ptrace_readv_string() would fill the buffer with
mutiple copies of the same string. Fixes GitHub issue #453.
[2e93eabed]
2025-07-14 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_pty.c:
revoke_pty: use killpg() not kill() to send HUP to the process group
Also make sure we never call killpg(-1, SIGHUP), which would send
SIGHUP to process 1 (init). It is possible for cmnd_pid to be -1 in
certain error conditions where sudo killed the command itself. This
may explain GitHub issue #458.
[fb208d383]
2025-07-08 Todd C. Miller <Todd.Miller@sudo.ws>
* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp, scripts/pp:
Don't assume RHEL major version is only a single digit
Fixes handling of RHEL 10 and higher.
[e5d953f33]
* plugins/sudoers/visudo.c:
visudo: create temporary file as mod 0600 not 0700
This was due to a typo in the mode field when the temporary file was
created. Noticed by Bjorn Baron of the sudo-rs project.
[1c254b330]
2025-06-30 Todd C. Miller <Todd.Miller@sudo.ws>
* Makefile.in:
We now build sudo releases from git, not mercurial
[cb4e26734]
2025-06-28 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS, configure, configure.ac:
(From OE-Core rev: 76b98657e3dc9da01a746deb7b9d08cb84ba44b6)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
(cherry picked from commit 12e9ba655153a9cb7c2b79cf52a2300e19634dcf)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
ast.Str was deprecated in Python 3.8 and removed in Python 3.14.
In [1], visit_Str was already removed from the LicenseVisitor
subclasses (FlattenVisitor, ListVisitor) in oe/license.py since
bitbake now requires Python 3.8+.
However, the test-only SeenVisitor class in the selftest was
missed at that time and still uses visit_Str/node.s. On Python
3.14, ast.Str is fully removed so visit_Str is never called,
causing test_single_licenses to return [] instead of the
expected license list.
Replace visit_Str/node.s with visit_Constant/node.value in
SeenVisitor.
[1] https://git.openembedded.org/openembedded-core/commit/meta/lib/oe/license.py?id=6d3da37adbcaf5a7a3dade08f9d052571b195249
Fixes [YOCTO #16220]
(From OE-Core rev: f8ac1b567d7c09ee45cb0d23fc9dd25987a76129)
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8a5b019eec72676893507d018e7609745d2e3f49)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Python 3.14 added security checks around archive extraction, and by
default will refuse to handle symlinks with absolute paths. It's possible
to handle this using 'filter' argument, but it is not always available
in older Python versions on various host distributions we need to support,
so let's extract only the needed files directly using tarfile module.
busybox is itself a symlink to busybox.nosuid, so both are extracted.
[YOCTO #16195]
(From OE-Core rev: 799e2124cdcb27bd924598619da61cbd11730b56)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d52d00a3bb4a1ba93e88f1d24d8bb99d6aa321eb)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Similar to https://git.openembedded.org/bitbake/commit/?id=2f35dac0c821ab231459922ed98e1b2cc599ca9a
there is a problem in this code when copying from an NFS mount.
We currently use cp -p, which is a shortcut for --preserve=mode,ownership,timestamps.
We shouldn't need to preserve mode/ownership, only timestamps. Update the code
in the same way the bitbake fetcher was fixed for consistency.
This fixes build failures on OpenSUSE 16.0.
(From OE-Core rev: 6ffd2c303d23b51a0a11f56e2e89c5a19596d228)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e8313688fa994c82e4c846993ed8da0d1f4db0e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Fixes build with python-3.14 (and hence on Fedora 43)
It was added to bitbake in 62be9113d98fccb347c6aa0a10d5c4ee2857f8b6
and oe-core now requires latest bitbake already, so we can use this.
(From OE-Core rev: 2273e9ba2ffeea57620af576e3cd1e523e4d3fc3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ed1cef082b8ef0fa05684f7a41f0842150811bd)
[YC: bitbake commit was backported as 15d7448e04aa ("Use a "fork" multiprocessing context")
in the 2.8(scarthgap) branch]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
GCC-15 has switched to using C23 by default, we have been selectively
disabling warnings as errors to get by, however with autoconf 2.72 adding
-std=gnu23 it now gets enabled for every compiler and clang-22 is more
obidient and has dropped support for K&R C completely. db5 code has a lot
of K&R C prototypes and it starts to fail vigorously. We can not keep
working around with out uplifting sources to be compliant with newer C
standard like C23.
Therefore pin the cflags to use C99 standard as this package expects.
Drop the code to disable warnings as errors selectively instead add a
fix for addressing implicit int warnings
(From OE-Core rev: ff6d0aa3ce4d39bc6b140c13846b5872ce4a181c)
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit 8615b3388b97a56096b959dea4d7499e03187100)
[YC: switched from CFLAGS += to CFLAGS:append]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
We use QEMU QMP python module to drive qemu in testimage. QMP uses
asyncIO and the method to get the event loop changed.
Backport the patches handling the depreciation to fix the error:
ERROR: core-image-minimal-1.0-r0 do_testimage: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
*** 0002:do_testimage(d)
...
File: '.../openembedded-core/meta/lib/oeqa/utils/qemurunner.py', lineno: 332, function: launch
0331: from qmp.legacy import QEMUMonitorProtocol
*** 0332: self.qmp = QEMUMonitorProtocol(os.path.basename(qmp_port))
File: '.../build-ubuntu2604/tmp-glibc/work/qemux86_64-oe-linux/core-image-minimal/1.0/recipe-sysroot-native/usr/lib/qemu-python/qmp/legacy.py', lineno: 89, function: __init__
*** 0089: self._aloop = asyncio.get_event_loop()
File: '/usr/lib/python3.14/asyncio/events.py', lineno: 715, function: get_event_loop
0711:
0712: Returns an instance of EventLoop or raises an exception.
0713: """
0714: if self._local._loop is None:
*** 0715: raise RuntimeError('There is no current event loop in thread %r.'
0716: % threading.current_thread().name)
0717:
0718: return self._local._loop
Exception: RuntimeError: There is no current event loop in thread 'MainThread'.
Both patches are in Qemu 10.2 (OE Core master version)
(From OE-Core rev: 28bab00b35af8bbe3455c8266e4c792fa2367c5d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
On Ubuntu 26.04 (Gcc 15.2), texinfo-native fails to build.
Note: it is usually ASSUME_PROVIDED via bitbake.conf.
Backport patches (all included in texinfo-7.3, OE-Core's version) to fix
these errors:
| ../../texinfo-7.0.3/system.h:69:14: error: conflicting types for ‘strerror’; have ‘char *(void)’
| 69 | extern char *strerror ();
| | ^~~~~~~~
| In file included from ../gnulib/lib/string.h:41,
| from ../../texinfo-7.0.3/system.h:34:
| /usr/include/string.h:451:14: note: previous declaration of ‘strerror’ with type ‘char *(int)’
| 451 | extern char *strerror (int __errnum) __THROW;
| | ^~~~~~~~
========================================================
| ../../../../../../../workspace/sources/texinfo-native/info/echo-area.c:176:12: error: too many arguments to function ‘cmd’; expected 0, have 2
| 176 | (*cmd) (the_echo_area, count);
| | ~^~~~~ ~~~~~~~~~~~~~
========================================================
| ../../../../../../../workspace/sources/texinfo-native/info/m-x.c:140:8: error: too many arguments to function ‘command->func’; expected 0, have 3
| 140 | (*command->func) (active_window, count, 0);
| | ~^~~~~~~~~~~~~~~ ~~~~~~~~~~~~~
========================================================
(From OE-Core rev: d80f41a4d02b81fdfcb21956f81c9918caab2dad)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Solves some segfaults on relocated qemu-img binaries.
[YOCTO #16003]
(From OE-Core rev: 756f29ce4dcd0dad05e3f5bfccbcfe1ca3a0b112)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YC: removed extra line from commit message
upstream commit b322bc5387f3 ("meta/conf/distro/include/yocto-uninative.inc")]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Update to add a fix for a function definition to work with glibc 2.43.
(From OE-Core rev: 689bd1811c2300263a8a86ba3b46bbc6b1622323)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7d35b0e7929d666af783db835a3a809f8f6ce429)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
git protocol accesses to our infrastructure are currently struggling and this
has highlighted a number of places we're making those obsolete access forms.
Update them to use https instead of the git protocol since it is preferred
and more reliable.
The devtool test needed quoting to handle the ';' in the url. The -f option
to devtool also shows a deprecation warning so remove that.
There were internal references to git protocol urls inside the nested git
submodules test report, which means those repos need updating to use
new git revisions.
(From OE-Core rev: cbb3e323b74d4351c772a9bcd553008c31a220f0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1ceba42623c5187d2f5a100d6a523abcdc75d34e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
(cherry picked from commit 037f83803905fdbdf77ed325466abaa8a501d7ff)
(From OE-Core rev: 296798981c9b8a1185a31146bb660eb0fa016ab2)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
(cherry picked from commit d1fb36b3ddcb033ef472042cffb0dfa68714ba96)
(From OE-Core rev: 1ee811091a4e82c9c79872a86e4e573a45229245)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Hitendra Prajapati
Xiangyu Chen
Changqing Li
Martin Jansa
Fabien Thomas
Vijay Anusuri
Himanshu Jadon
Hongxu Jia
Bruce Ashfield
Hugo SIMELIERE
Jhonata Poma-Hansen
Adarsh Jagadish Kamini
Sudhir Dumbhare
Antonin Godard
Daniel Turull
Sunil Dora
Alexander Kanavin
Richard Purdie
Khem Raj
Yoann Congal
Michael Halstead