Correct "maintainance" typo in recipe-style-guide.rst.
(From yocto-docs rev: f39ba5141cd518f08d491b2255a4acd74442e87b)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit d7376cca64a0784e59d4fd60b9baefb4da2ce289)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
As with "setup" versus "set up", the pedants at grammarist.com explain
that "checkout" is used as a noun or adjective, while the
corresponding verb is two words, "check out."
https://grammarist.com/spelling/checkout-check-out/
(From yocto-docs rev: 85852e0a1e5ddf034cff979329591af786967beb)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1d5f0fea4e150be0ef9b10d5733eeaba06c78e6f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Tweaks:
- Update "Software Overview" link to go to "Technical Overview"
- use proper capitalization for "Git" when referring to the product
- numerous grammar adjustments to basic skills list
(From yocto-docs rev: 9b440c5116828f131a304b77f5da8c98c0d27c62)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit ffd69f11172c2b0d8f52bd967c7983220d133e0d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Tweaks:
- grammer adjustments
- hyphenation
- monospace font for layer and file names
(From yocto-docs rev: 8e98a7264bf9d0d975b5c8fb2062ed907273ff5c)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 801f719458d0d9670debad4ddc379e3ade4d85f9)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Delete inconsistent periods in software versions list so it doesn't
look weird.
(From yocto-docs rev: a106dea889259a872fdbe69215fe4de740bc49f4)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 94ebe744d0e95672456b8157daf0ffba333397bd)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
When referring to buildbot, add a link to its home page.
(From yocto-docs rev: 40b6f86daea61e545d94e92b8eed11c8038573ad)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 7a9247175e1afc74371708d4bad629941477eb57)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
There seems to be be little value in continuing to point readers to
two references, one almost a decade old, the other almost 15 years
old, especially in the middle of a guide that ostensibly is part of
the introductory material.
(From yocto-docs rev: eb92a7cc3fe7772f202e9955974d79b359a257d7)
Signed-off-by: Robert P. J. Day <robday@acresecurity.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 5b4ffc020a9b0c7a877c119058cd43a51f91687f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Fix the title and link so it goes directly to the
Technical Overview.
(From yocto-docs rev: 1ba3a389b47188b6c664ae3a0bee7ca70e462650)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0143b586572e15cac438f0fa6f3c1e7446597020)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Two of the tests were still using git protocol to access git services.
For the submodule test, the upstream repo has been updated.
In the other case, we need to pass the correct command to the manual
git commandline, we can't use a recipe url that previously just happened
to work.
(Bitbake rev: 82abbfcdbda949851a03bb2cb2049ea689564ad6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5d722b5d65e4eef7befe6376983385421e993f86)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
We create a temporary directory for holding a clone but we never clean it
up. Fix this by using a context manager areound the temporary directory.
This resolves a buildup of tmp directories in DL_DIR in builds.
(Bitbake rev: 1a62878a790ed9630d5ca2fa099d1604540e153a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Fixes [YOCTO #16265]
The glibc recipe is supposed to be building with
--enable-stack-protector=strong, but some CACHED_CONFIGVARS values are
actually breaking this, causing glibc to be built with no stack
protector at all.
Remove these CACHED_CONFIGVARS values so that stack protector support is
detected properly in do_configure and then enabled properly during
do_compile.
Full details are here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=16265
(From OE-Core rev: 7952d214393b6c5230ba115f63b6f6d245a728bc)
Signed-off-by: Ivan Nestlerode <ivan.nestlerode@sonos.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 43f0602ede37428f3c35cf665bba934b84355240)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This stops 'devtool modify foo' from failing with an error message like
ERROR: Execution of 'git -c user.name=\"OpenEmbedded\" -c
user.email=\"oe.patch@oe\" commit -q -m "Initial commit from upstream at
version 1.90.0"' failed with exit code 128:
error: cannot run ssh-keygen: No such file or directory
error:
fatal: failed to write commit object
when GPG signing is enabled in the git configuration.
(cherry picked from commit b5c84b07b87eafb4f68f7662b6cf26d8b73e3247)
(From OE-Core rev: bbe0df71933174d8becc52184cd235277f10a141)
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This removes rust uutils coreutils CVEs from reports.
Comparing sbom-cve-check shows that only
CVE-2026-35338..CVE-2026-35381 are removed and all of them contained
reference to uutils.
(From OE-Core rev: 348391ccf91ac474252f75a5679fc42505faa54d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 5c39687f62e5864ea783cbed497c2eb5387dcf96)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
[ Upstream commit 42b530581f7246b3143ee50e3c6f981dcbb1dc74 ]
Grub would report an error message in boot stage as below:
"error: no such device: ((hd0,gpt1)/EFI/BOOT)/EFI/BOOT/grub.cfg"
Consequently, the root variable is not set, and the intended protection
against cross-device configuration loading (the purpose of the original 2014 commit)
is lost.
The most robust fix is to use the --hint parameter.
This separates the search target from the device hint, avoiding
fragile string concatenation and supporting both prefixed and
non-prefixed $cmdpath formats.
Fixes: 5ce73b6055ac ("grub: add cmdpath to grub configuration file")
(From OE-Core rev: 2f509e353e2fc04923fc742312c81ed69b419643)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The code defines a custom 'bool' type (as an 'int'), which is incompatible
with C23 in which bool is a keyword, and trying to use <stdbool.h> fails
because 'int' and 'bool' are used interchangeably in the code.
Add the flag to CC variable, since CFLAGS is used by both c and c++ compilers
and clang++ is less forgiving when C compiler only option is used on its
cmdline so it complains about -std=gnu17 and bails out.
(From OE-Core rev: 0647201fb4729be3b10b3da2b19645c59147b40a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 49657089ef215824f8f79a81deb7baf4f27d0030)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
- Keep both the older deprecated debian:apt alias and the active
debian:advanced_package_tool identity in CVE_PRODUCT.
- This preserves completeness and avoids missing CVEs in case older
aliases are still used in NVD records.
(From OE-Core rev: 28d3ab81b9386bda16e196ed2934967843413186)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c777220ee5740b800f4128da79c24f7e42c7b88)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
[FT: Rebase onto scarthgap-next]
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
According to [1], EDK2 contains a vulnerability in BIOS where an attacker may
cause “ Improper Input Validation” by local access. Successful exploitation of
this vulnerability could alter control flow in unexpected ways, potentially
allowing arbitrary command execution and impacting Confidentiality, Integrity,
and Availability.
Backport patches from upstream [2] to fix CVE-2025-2296
Note: backport 0001-AmdSev-Halt-on-failed-blob-allocation.patch to apply
the CVE patches without confliction
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-2296
[2] https://github.com/tianocore/edk2/pull/10628
(From OE-Core rev: 09be6658833e7ac4143eeb26bdaf67c6c94e260a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
On scarthgap images built without systemd in DISTRO_FEATURES, dbus
still shipped dbus.socket and dbus.service under
${systemd_user_unitdir} (/usr/lib/systemd/user), because the
'user-session' PACKAGECONFIG was always enabled and passed
--enable-user-session --with-systemduserunitdir=... to configure.
In dbus-1.14.10 the user-session autoconf option (configure.ac and
bus/Makefile.am 'if DBUS_ENABLE_USER_SESSION') only installs systemd
user units; it has no non-systemd effect. Enabling it on a sysvinit
image has no benefit and produces the stale unit files.
Make user-session a systemd-gated PACKAGECONFIG by using
bb.utils.contains in the default, so it is enabled when systemd is
in DISTRO_FEATURES and disabled otherwise. No changes to the
PACKAGECONFIG[user-session] or PACKAGECONFIG[systemd] entries are
needed: --disable-user-session is passed on sysvinit builds, which
prevents the configure/Makefile machinery from ever setting up the
user-unit install step.
This is the scarthgap equivalent of master commit a296b0623eb2
("dbus: use the systemd class to handle the unit files"), adapted
to the autotools 1.14.10 recipe. The master fix was broader because
the meson 1.16.2 build handles unit-file install differently, which
let that commit drop the manual do_install unit block, the
systemctl mask postinst, and PACKAGE_WRITE_DEPS. On 1.14.10 those
pieces are still needed; the minimal correct gate here is the
user-session default.
Fixes [YOCTO #15779]
(From OE-Core rev: 5550d6eadb2fea1ecb13e035a04a57450510441f)
Signed-off-by: Jhonata Poma-Hansen <jhonata.poma@gmail.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Changelog for liburcu: 0.14.0 -> 0.14.2
============================================================
2026-01-26 Userspace RCU 0.14.2
* Fix: Only include linux/time_types.h when __NR_futex_time64 is defined
* Use __NR_futex_time64 in futex syscall wrapper
* Cleanup: Remove useless declarations from urcu-qsbr
* src/urcu-bp.c: assert => urcu_posix_assert
2024-08-28 Userspace RCU 0.14.1
* Fix: missing typename in URCU_FORCE_CAST
* Allow building with GCC >= 13.3 on RISC-V
* pointer.h: Fix the rcu_cmpxchg_pointer documentation
* Adjust shell script to allow Bash in other locations
* fix: handle EINTR correctly in get_cpu_mask_from_sysfs
* Relicense src/compat-smp.h to MIT
* ppc.h: use mftb on ppc
* Fix: allow clang to build liburcu on RISC-V
* Fix -Walloc-size
* urcu/uatomic/riscv: Mark RISC-V as broken
* Fix: urcu-bp: misaligned reader accesses
* LoongArch: Document that byte and short atomics are implemented with LL/SC
* Add LoongArch support
* tests/regression/rcutorture: Add wait state
* urcu-wait: Initialize node in URCU_WAIT_NODE_INIT
* Fix: urcu-wait: add missing futex.h include
* Adjust shell scripts to allow Bash in other locations
* Add support for OpenBSD
* Revert compiler.h: Introduce caa_unqual_scalar_typeof
* rculfhash: Use caa_container_of_check_null in cds_lfht_entry
* compiler.h: Introduce caa_container_of_check_null
* compiler.h: Introduce caa_unqual_scalar_typeof
* Avoid calling caa_container_of on NULL pointer in cds_lfht macros
* Fix: revise urcu_read_lock_update() comment
* Fix: uatomic powerpc comment about lwsync
* fix: aarch64: allow RHEL7 gcc 4.8.5-11
* fix: warning 'noreturn' function does return on ppc
* Fix: use __noreturn__ for C11-compatibility
(From OE-Core rev: dc2df90b1d4f71023169d492f3819326e0e6c055)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Changelog for sudo: 1.9.17p1 -> 1.9.17p2
============================================================
Merge sudo 1.9.17p2 from branch 'main' into sudo-1.9
[d1b48c651]
* configure, configure.ac:
Fix check for which man page type to use with nroff
Fixes a bug where configure would use *.man instead of *.mdoc on
systems without mandoc. Bug #1077.
[aa2498e46]
* plugins/sudoers/log_client.c:
client_msg_cb: make warning match the function that failed
[f73162df3]
2025-07-23 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS, configure, configure.ac:
Sudo 1.9.17p2
[f0e1a5ca3]
* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
digest_matches: plug fd leak on snprinf() failure
[26a1a7529]
2025-07-21 Todd C. Miller <Todd.Miller@sudo.ws>
* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp,
scripts/mkpkg:
Add a way to override pp_rpm_arch when building rpms
This will be used to build x86_64_v2 packages for Alma Linux.
[55d3c99c4]
* configure, configure.ac:
Fix check for which man page type to use with nroff
Fixes a bug where configure would use *.man instead of *.mdoc on
systems without mandoc.
[2dc10cfbd]
* plugins/sudoers/timestamp.c:
ts_write: call lseek after fruncate on short write
We need to make sure the file position is reset to the old EOF on
error.
[8e7e0e23f]
2025-07-20 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_ptrace.c:
ptrace_readv_string: quiet sign-compare warning
[fac2a49e7]
* src/exec_ptrace.c:
ptrace_readv_string: properly handle reads of more than one page
When the intercept and intercept_verify options are enabled and
either argv[] or envp[] contains a string larger than the page size
(usually 4096), ptrace_readv_string() would fill the buffer with
mutiple copies of the same string. Fixes GitHub issue #453.
[2e93eabed]
2025-07-14 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_pty.c:
revoke_pty: use killpg() not kill() to send HUP to the process group
Also make sure we never call killpg(-1, SIGHUP), which would send
SIGHUP to process 1 (init). It is possible for cmnd_pid to be -1 in
certain error conditions where sudo killed the command itself. This
may explain GitHub issue #458.
[fb208d383]
2025-07-08 Todd C. Miller <Todd.Miller@sudo.ws>
* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp, scripts/pp:
Don't assume RHEL major version is only a single digit
Fixes handling of RHEL 10 and higher.
[e5d953f33]
* plugins/sudoers/visudo.c:
visudo: create temporary file as mod 0600 not 0700
This was due to a typo in the mode field when the temporary file was
created. Noticed by Bjorn Baron of the sudo-rs project.
[1c254b330]
2025-06-30 Todd C. Miller <Todd.Miller@sudo.ws>
* Makefile.in:
We now build sudo releases from git, not mercurial
[cb4e26734]
2025-06-28 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS, configure, configure.ac:
(From OE-Core rev: 76b98657e3dc9da01a746deb7b9d08cb84ba44b6)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
(cherry picked from commit 12e9ba655153a9cb7c2b79cf52a2300e19634dcf)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Robert P. J. Day
Lee Chee Yang
Paul Barker
Richard Purdie
Ivan Nestlerode
Moritz Haase
Hitendra Prajapati
Peter Marko
Xiangyu Chen
Changqing Li
Martin Jansa
Fabien Thomas
Vijay Anusuri
Himanshu Jadon
Hongxu Jia
Bruce Ashfield
Hugo SIMELIERE
Jhonata Poma-Hansen
Adarsh Jagadish Kamini
Sudhir Dumbhare
Antonin Godard
Daniel Turull