Changelog for liburcu: 0.14.0 -> 0.14.2
============================================================
2026-01-26 Userspace RCU 0.14.2
* Fix: Only include linux/time_types.h when __NR_futex_time64 is defined
* Use __NR_futex_time64 in futex syscall wrapper
* Cleanup: Remove useless declarations from urcu-qsbr
* src/urcu-bp.c: assert => urcu_posix_assert
2024-08-28 Userspace RCU 0.14.1
* Fix: missing typename in URCU_FORCE_CAST
* Allow building with GCC >= 13.3 on RISC-V
* pointer.h: Fix the rcu_cmpxchg_pointer documentation
* Adjust shell script to allow Bash in other locations
* fix: handle EINTR correctly in get_cpu_mask_from_sysfs
* Relicense src/compat-smp.h to MIT
* ppc.h: use mftb on ppc
* Fix: allow clang to build liburcu on RISC-V
* Fix -Walloc-size
* urcu/uatomic/riscv: Mark RISC-V as broken
* Fix: urcu-bp: misaligned reader accesses
* LoongArch: Document that byte and short atomics are implemented with LL/SC
* Add LoongArch support
* tests/regression/rcutorture: Add wait state
* urcu-wait: Initialize node in URCU_WAIT_NODE_INIT
* Fix: urcu-wait: add missing futex.h include
* Adjust shell scripts to allow Bash in other locations
* Add support for OpenBSD
* Revert compiler.h: Introduce caa_unqual_scalar_typeof
* rculfhash: Use caa_container_of_check_null in cds_lfht_entry
* compiler.h: Introduce caa_container_of_check_null
* compiler.h: Introduce caa_unqual_scalar_typeof
* Avoid calling caa_container_of on NULL pointer in cds_lfht macros
* Fix: revise urcu_read_lock_update() comment
* Fix: uatomic powerpc comment about lwsync
* fix: aarch64: allow RHEL7 gcc 4.8.5-11
* fix: warning 'noreturn' function does return on ppc
* Fix: use __noreturn__ for C11-compatibility
(From OE-Core rev: dc2df90b1d4f71023169d492f3819326e0e6c055)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Changelog for sudo: 1.9.17p1 -> 1.9.17p2
============================================================
Merge sudo 1.9.17p2 from branch 'main' into sudo-1.9
[d1b48c651]
* configure, configure.ac:
Fix check for which man page type to use with nroff
Fixes a bug where configure would use *.man instead of *.mdoc on
systems without mandoc. Bug #1077.
[aa2498e46]
* plugins/sudoers/log_client.c:
client_msg_cb: make warning match the function that failed
[f73162df3]
2025-07-23 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS, configure, configure.ac:
Sudo 1.9.17p2
[f0e1a5ca3]
* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
digest_matches: plug fd leak on snprinf() failure
[26a1a7529]
2025-07-21 Todd C. Miller <Todd.Miller@sudo.ws>
* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp,
scripts/mkpkg:
Add a way to override pp_rpm_arch when building rpms
This will be used to build x86_64_v2 packages for Alma Linux.
[55d3c99c4]
* configure, configure.ac:
Fix check for which man page type to use with nroff
Fixes a bug where configure would use *.man instead of *.mdoc on
systems without mandoc.
[2dc10cfbd]
* plugins/sudoers/timestamp.c:
ts_write: call lseek after fruncate on short write
We need to make sure the file position is reset to the old EOF on
error.
[8e7e0e23f]
2025-07-20 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_ptrace.c:
ptrace_readv_string: quiet sign-compare warning
[fac2a49e7]
* src/exec_ptrace.c:
ptrace_readv_string: properly handle reads of more than one page
When the intercept and intercept_verify options are enabled and
either argv[] or envp[] contains a string larger than the page size
(usually 4096), ptrace_readv_string() would fill the buffer with
mutiple copies of the same string. Fixes GitHub issue #453.
[2e93eabed]
2025-07-14 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_pty.c:
revoke_pty: use killpg() not kill() to send HUP to the process group
Also make sure we never call killpg(-1, SIGHUP), which would send
SIGHUP to process 1 (init). It is possible for cmnd_pid to be -1 in
certain error conditions where sudo killed the command itself. This
may explain GitHub issue #458.
[fb208d383]
2025-07-08 Todd C. Miller <Todd.Miller@sudo.ws>
* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp, scripts/pp:
Don't assume RHEL major version is only a single digit
Fixes handling of RHEL 10 and higher.
[e5d953f33]
* plugins/sudoers/visudo.c:
visudo: create temporary file as mod 0600 not 0700
This was due to a typo in the mode field when the temporary file was
created. Noticed by Bjorn Baron of the sudo-rs project.
[1c254b330]
2025-06-30 Todd C. Miller <Todd.Miller@sudo.ws>
* Makefile.in:
We now build sudo releases from git, not mercurial
[cb4e26734]
2025-06-28 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS, configure, configure.ac:
(From OE-Core rev: 76b98657e3dc9da01a746deb7b9d08cb84ba44b6)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
(cherry picked from commit 12e9ba655153a9cb7c2b79cf52a2300e19634dcf)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
ast.Str was deprecated in Python 3.8 and removed in Python 3.14.
In [1], visit_Str was already removed from the LicenseVisitor
subclasses (FlattenVisitor, ListVisitor) in oe/license.py since
bitbake now requires Python 3.8+.
However, the test-only SeenVisitor class in the selftest was
missed at that time and still uses visit_Str/node.s. On Python
3.14, ast.Str is fully removed so visit_Str is never called,
causing test_single_licenses to return [] instead of the
expected license list.
Replace visit_Str/node.s with visit_Constant/node.value in
SeenVisitor.
[1] https://git.openembedded.org/openembedded-core/commit/meta/lib/oe/license.py?id=6d3da37adbcaf5a7a3dade08f9d052571b195249
Fixes [YOCTO #16220]
(From OE-Core rev: f8ac1b567d7c09ee45cb0d23fc9dd25987a76129)
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8a5b019eec72676893507d018e7609745d2e3f49)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Python 3.14 added security checks around archive extraction, and by
default will refuse to handle symlinks with absolute paths. It's possible
to handle this using 'filter' argument, but it is not always available
in older Python versions on various host distributions we need to support,
so let's extract only the needed files directly using tarfile module.
busybox is itself a symlink to busybox.nosuid, so both are extracted.
[YOCTO #16195]
(From OE-Core rev: 799e2124cdcb27bd924598619da61cbd11730b56)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d52d00a3bb4a1ba93e88f1d24d8bb99d6aa321eb)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Similar to https://git.openembedded.org/bitbake/commit/?id=2f35dac0c821ab231459922ed98e1b2cc599ca9a
there is a problem in this code when copying from an NFS mount.
We currently use cp -p, which is a shortcut for --preserve=mode,ownership,timestamps.
We shouldn't need to preserve mode/ownership, only timestamps. Update the code
in the same way the bitbake fetcher was fixed for consistency.
This fixes build failures on OpenSUSE 16.0.
(From OE-Core rev: 6ffd2c303d23b51a0a11f56e2e89c5a19596d228)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e8313688fa994c82e4c846993ed8da0d1f4db0e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Fixes build with python-3.14 (and hence on Fedora 43)
It was added to bitbake in 62be9113d98fccb347c6aa0a10d5c4ee2857f8b6
and oe-core now requires latest bitbake already, so we can use this.
(From OE-Core rev: 2273e9ba2ffeea57620af576e3cd1e523e4d3fc3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ed1cef082b8ef0fa05684f7a41f0842150811bd)
[YC: bitbake commit was backported as 15d7448e04aa ("Use a "fork" multiprocessing context")
in the 2.8(scarthgap) branch]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
GCC-15 has switched to using C23 by default, we have been selectively
disabling warnings as errors to get by, however with autoconf 2.72 adding
-std=gnu23 it now gets enabled for every compiler and clang-22 is more
obidient and has dropped support for K&R C completely. db5 code has a lot
of K&R C prototypes and it starts to fail vigorously. We can not keep
working around with out uplifting sources to be compliant with newer C
standard like C23.
Therefore pin the cflags to use C99 standard as this package expects.
Drop the code to disable warnings as errors selectively instead add a
fix for addressing implicit int warnings
(From OE-Core rev: ff6d0aa3ce4d39bc6b140c13846b5872ce4a181c)
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit 8615b3388b97a56096b959dea4d7499e03187100)
[YC: switched from CFLAGS += to CFLAGS:append]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
We use QEMU QMP python module to drive qemu in testimage. QMP uses
asyncIO and the method to get the event loop changed.
Backport the patches handling the depreciation to fix the error:
ERROR: core-image-minimal-1.0-r0 do_testimage: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
*** 0002:do_testimage(d)
...
File: '.../openembedded-core/meta/lib/oeqa/utils/qemurunner.py', lineno: 332, function: launch
0331: from qmp.legacy import QEMUMonitorProtocol
*** 0332: self.qmp = QEMUMonitorProtocol(os.path.basename(qmp_port))
File: '.../build-ubuntu2604/tmp-glibc/work/qemux86_64-oe-linux/core-image-minimal/1.0/recipe-sysroot-native/usr/lib/qemu-python/qmp/legacy.py', lineno: 89, function: __init__
*** 0089: self._aloop = asyncio.get_event_loop()
File: '/usr/lib/python3.14/asyncio/events.py', lineno: 715, function: get_event_loop
0711:
0712: Returns an instance of EventLoop or raises an exception.
0713: """
0714: if self._local._loop is None:
*** 0715: raise RuntimeError('There is no current event loop in thread %r.'
0716: % threading.current_thread().name)
0717:
0718: return self._local._loop
Exception: RuntimeError: There is no current event loop in thread 'MainThread'.
Both patches are in Qemu 10.2 (OE Core master version)
(From OE-Core rev: 28bab00b35af8bbe3455c8266e4c792fa2367c5d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
On Ubuntu 26.04 (Gcc 15.2), texinfo-native fails to build.
Note: it is usually ASSUME_PROVIDED via bitbake.conf.
Backport patches (all included in texinfo-7.3, OE-Core's version) to fix
these errors:
| ../../texinfo-7.0.3/system.h:69:14: error: conflicting types for ‘strerror’; have ‘char *(void)’
| 69 | extern char *strerror ();
| | ^~~~~~~~
| In file included from ../gnulib/lib/string.h:41,
| from ../../texinfo-7.0.3/system.h:34:
| /usr/include/string.h:451:14: note: previous declaration of ‘strerror’ with type ‘char *(int)’
| 451 | extern char *strerror (int __errnum) __THROW;
| | ^~~~~~~~
========================================================
| ../../../../../../../workspace/sources/texinfo-native/info/echo-area.c:176:12: error: too many arguments to function ‘cmd’; expected 0, have 2
| 176 | (*cmd) (the_echo_area, count);
| | ~^~~~~ ~~~~~~~~~~~~~
========================================================
| ../../../../../../../workspace/sources/texinfo-native/info/m-x.c:140:8: error: too many arguments to function ‘command->func’; expected 0, have 3
| 140 | (*command->func) (active_window, count, 0);
| | ~^~~~~~~~~~~~~~~ ~~~~~~~~~~~~~
========================================================
(From OE-Core rev: d80f41a4d02b81fdfcb21956f81c9918caab2dad)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Solves some segfaults on relocated qemu-img binaries.
[YOCTO #16003]
(From OE-Core rev: 756f29ce4dcd0dad05e3f5bfccbcfe1ca3a0b112)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YC: removed extra line from commit message
upstream commit b322bc5387f3 ("meta/conf/distro/include/yocto-uninative.inc")]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Update to add a fix for a function definition to work with glibc 2.43.
(From OE-Core rev: 689bd1811c2300263a8a86ba3b46bbc6b1622323)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7d35b0e7929d666af783db835a3a809f8f6ce429)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
git protocol accesses to our infrastructure are currently struggling and this
has highlighted a number of places we're making those obsolete access forms.
Update them to use https instead of the git protocol since it is preferred
and more reliable.
The devtool test needed quoting to handle the ';' in the url. The -f option
to devtool also shows a deprecation warning so remove that.
There were internal references to git protocol urls inside the nested git
submodules test report, which means those repos need updating to use
new git revisions.
(From OE-Core rev: cbb3e323b74d4351c772a9bcd553008c31a220f0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1ceba42623c5187d2f5a100d6a523abcdc75d34e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
(cherry picked from commit 037f83803905fdbdf77ed325466abaa8a501d7ff)
(From OE-Core rev: 296798981c9b8a1185a31146bb660eb0fa016ab2)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
(cherry picked from commit d1fb36b3ddcb033ef472042cffb0dfa68714ba96)
(From OE-Core rev: 1ee811091a4e82c9c79872a86e4e573a45229245)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
Use ";protocol=https" for the parent git submodule and, also, update the
SRCREV to point to a commit where submodules are reference through a
https:// URL instead of a git:// one.
Update the expected output of the archiver test.
(cherry picked from commit 5c78db972f1b97ce67c8c461a2d389b9248793db)
(From OE-Core rev: d839f4908ae6fb54c85bea5b658c23bfa9dc34da)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
(From OE-Core rev: b9de796f797844b035e50e22c4f939fc90e176f8)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74dd04549624b1d3ba6d4febe51fa9ba1c86944c)
Signed-off-by: Paul Barker <paul@pbarker.dev>
Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"),
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
(cherry picked from commit 9bab238d26a3317a6212dc711427f4917eaac50e)
(From OE-Core rev: 6cfdf7fc1a63a3c2ee8093462fedc80d6358c54c)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This new version of cve-exclusion_6.6.inc was generated with oe-core's
latest version of the generate-cve-exclusions.py.
Regarding the database used and how this file was generated:
Generated at 2026-04-03 09:30:32.247568+00:00 for kernel version 6.6.123
From cvelistV5 cve_2026-04-03_0700Z
The backporting of the generate-cve-exclusions.py script from master to
Scarthgap is handled in a different patch.
(From OE-Core rev: 4bdf5345c32c9e294a64d61af49ce2adabdaf1db)
Signed-off-by: João Marcos Costa (Schneider Electric) <joaomarcos.costa@bootlin.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
All pkg_postinst in oe-core where the package name matches the recipe
name use ${PN} already.
We have a bbclass used by some recipes which does:
pkg_postinst:${PN}:append()
which works reasonably well for most of the recipes, except for dbus
where it causes:
WARNING: meta/recipes-core/dbus/dbus_1.16.2.bb:
Variable key pkg_postinst:${PN} (...)
replaces original key pkg_postinst:dbus (...)
(From OE-Core rev: 41a581f420eb69e86e30bbb7dfd1d1ec39d55334)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
(cherry picked from commit efec0447c8e8a6003f00642b33a71ed94fc4ec82)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
kernel-devsrc fails to copy files for v6.12+ as the
following upstream commit has removed the file tools/build/Build:
commit ea974028a049f2cea4bb6be963ee3e3844a03f6d
Author: Brian Norris <briannorris@chromium.org>
Date: Mon Jul 15 13:32:43 2024 -0700
tools build: Avoid circular .fixdep-in.o.cmd issues
We make the failed copy of this file non-fatal to support
all kernel versions.
(From OE-Core rev: 005b57b805228f2793265d6d1d1a2f52342935b3)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13e16e5be25f379211c7329fa1462464174c0f2d)
Suggested-by: Calvin Owens <calvin@wbinvd.org>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Fixes build on host with gcc-16:
StringFuncs.c: In function ‘SplitStringByWhitespace’:
StringFuncs.c:113:15: error: variable ‘Item’ set but not used [-Werror=unused-but-set-variable=]
113 | UINTN Item;
| ^~~~
and
EfiRom.c: In function ‘main’:
EfiRom.c:78:17: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
78 | if ((Ptr0 = strstr ((CONST CHAR8 *) mOptions.FileList->FileName, DEFAULT_OUTPUT_EXTENSION)) != NULL) {
| ^
and one more for older version used in scarthgap
main.c: In function ‘ProcessArgs’:
main.c:163:42: error: too many arguments to function ‘p->process’; expected 0, have 2
163 | (*p->process)( *argv, *(argv+1) );
| ~^~~~~~~~~~~~ ~~~~~
main.c:120:34: note: declared here
120 | WildFunc process;
| ^~~~~~~
main.c:168:42: error: too many arguments to function ‘p->process’; expected 0, have 1
168 | (*p->process)( *argv );
| ~^~~~~~~~~~~~ ~~~~~
main.c:120:34: note: declared here
120 | WildFunc process;
| ^~~~~~~
(From OE-Core rev: 7de54889b3547a94bc7c6015731ec1c099e4d629)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
[YC: upstream commit a1db482ecd2824a4ae67a3c2a8e607b607ab4a43]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Changelog:
* Update Mozilla certificate authority bundle to version 2.82
The following certificate authorities were added (+):
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
+ SwissSign RSA TLS Root CA 2022 - 1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
The following certificate authorities were removed (-):
- GlobalSign Root CA
- Entrust.net Premium 2048 Secure Server CA
- Baltimore CyberTrust Root (closes: #1121936)
- Comodo AAA Services root
- XRamp Global CA Root
- Go Daddy Class 2 CA
- Starfield Class 2 CA
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
* Use dh_usrlocal to create /usr/local/share/ca-certificates
(From OE-Core rev: 219ca927c9cd31a200b2ab4bed17937af4e5afc8)
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 738e08718e31de19c1c8db5e162a4a00e2b0c0e6)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Passing Wno-error via environment flags for target and nativesdk
is intended but is not effective due to command line ordering and
as a result some patches have been added to disable particular kind
of warning as error. Given the scenario, warnings as errors should
be disabled for all builds, this makes it portable across hosts and
across compilers ( gcc, clang ) and glibc versions.
(From OE-Core rev: 2151e4824bb45200173e95e2a08eab9057cea29d)
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 25f26861ddc8d71af5381d1acc883ad948bddace)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
latest glibc has better C23 support and exposes this problem
Fixes following errors seen in nativesdk-libxcrypt
| ../sources/libxcrypt-4.5.2/lib/crypt-sm3-yescrypt.c:139:9: error: initializing 'char *' with an expression of type 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
| 139 | char *hptr = strchr ((const char *) intbuf->retval + 3, '$');
| | ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 6 errors generated.
Compared to wrynose remove lib/crypt-sm3-yescrypt.c change, because
the file doesn't exist in the version used in scarthgap, it was failing
only in lib/crypt-gost-yescrypt.c
(From OE-Core rev: caab28b10a1f45981ab605d36a8707b63212e1f6)
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a666b8e71ecda97db58c90d5af137671f9823f38)
[YC: fixed patch format]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
With the glibc 2.43 upgrade, building nativesdk-libxcrypt triggers a
-Wdiscarded-qualifiers warning in crypt-gost-yescrypt.c and
crypt-sm3-yescrypt.c which becomes a build failure due to -Werror.
(From OE-Core rev: 5538c6c4dd64e1360428a98e4a45beab826eec3c)
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8340d4be03646f0b4b599f768ddc88f502f93615)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a
Denial-of-Service issue has been found that leads to memory exhaustion
from malformed RELATIVE-OID with excessive continuation octets. This
vulnerability is fixed in 0.6.2.
References:
https://nvd.nist.gov/vuln/detail/CVE-2026-23490
(From OE-Core rev: 205d360b49c7bbaa8709cb5a0b2e57457c32ad22)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Release information [1]:
OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this release is Medium.
This release incorporates the following bug fixes and mitigations:
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. (CVE-2026-31790)
* Fixed loss of key agreement group tuple structure when the DEFAULT keyword is used in
the server-side configuration of the key-agreement group list. (CVE-2026-2673)
* Fixed potential use-after-free in DANE client code. (CVE-2026-28387)
* Fixed NULL pointer dereference when processing a delta CRL. (CVE-2026-28388)
* Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. (CVE-2026-28389)
* Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo. (CVE-2026-28390)
* Fixed heap buffer overflow in hexadecimal conversion. (CVE-2026-31789)
[1] https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-355-and-openssl-356-7-apr-2026
(From OE-Core rev: a8cf6e078aa7967dde5f950e3e6f9b212b748dcf)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fc25ce383ddcb1185c193ff2b10f9116741eb316)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The current version of this script in Scarthgap is outdated, since it
still uses data from linux_kernel_cves. This repository was archived in
2024.
To avoid any risks of conflicts, and/or a patch series longer than it
needs to be, I copied the generate-cve-exclusions.py script from
oe-core's master branch (rev. "e954a94b5b528b2430e8da331107d7d58287f89b") as-is.
(From OE-Core rev: 66a13f93403533b95ed27eed24931aa310f8ce79)
Signed-off-by: João Marcos Costa (Schneider Electric) <joaomarcos.costa@bootlin.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Daniel Turull
Sunil Dora
Alexander Kanavin
Richard Purdie
Khem Raj
Yoann Congal
Martin Jansa
Michael Halstead
João Marcos Costa (Schneider Electric)
Bruce Ashfield
Li Wang
Andrej Kozemcak
Hemanth Kumar M D
Mingli Yu
Guocai He
Jiaying Song
Zhang Peng
Peter Marko
Hitendra Prajapati
Vijay Anusuri