GCC15 is switching defaults to C23 and gdbm is not yet ready to
compile using C23 std.
For scarthgap also add it in BUILD_CFLAGS.
(From OE-Core rev: 97989d81c5e30434594beadd9449e907e98d3ceb)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The fix to make this work with GCC15/C23 caused problems with older gcc versions.
Add a fix for that.
(From OE-Core rev: 237085506a454fb927389d681f30c8c995bc7b2b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
GCC15 imposes C23 by default and 1.4.19 release has gnulib version which
can not be compiled without errors, while new release of m4 is in progress
we might use C17 until then and use GCC15 to compile it
For scarthgap also add it in BUILD_CFLAGS.
(From OE-Core rev: 94ec72b332dce71a2756560ddf738f864e3c853d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Handles CVE-2025-53905, CVE-2025-53906, CVE-2025-55157, CVE-2025-55158.
Changes between 9.1.1198 -> 9.1.1652
====================================
https://github.com/vim/vim/compare/v9.1.1198...v9.1.1652
Refresh patches.
Disable newly introduced wayland support (in patch version 1485).
To this belongs also adding recursion in delete command for dir auto
which was newly failing as there is wayland directory inside now.
If someone is interested, this can be probably enabled, but without
additional work it results in compilation error due to function
redefinition conflicts.
(From OE-Core rev: e87d427d928234ef0441f9ce1fe8631fbe471094)
(From OE-Core rev: 052fd7e55d2c73f13f63267fbfb5e39fa504baa3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This was already done for all other go recipes.
(From OE-Core rev: 63dfdbf774dc24ea4e736a6d13d6aa8c72ebee4d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This was backported to v8.2.7 and also it is mentioned in commit
upgrading qemu in oe-core.
(From OE-Core rev: d05df779286288d1f8b69159ebcfc45a853bd23b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Newer snapshots of ncurses have the fixes but they are many needed to get
C23 going. Until next release lets stick with C17 even while GCC 15 switches
to C23 defaults.
For scarthgap also add it in BUILD_CFLAGS.
(From OE-Core rev: 2ee706f58a96f30904ac3d292c0ac532739c91ea)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cancelling a query (e.g. by cancelling the context passed to one of
the query methods) during a call to the Scan method of the returned
Rows can result in unexpected results if other queries are being made
in parallel. This can result in a race condition that may overwrite
the expected results with those of another query, causing the call to
Scan to return either unexpected results from the other query or an
error.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47907
Upstream-patch:
https://github.com/golang/go/commit/8a924caaf348fdc366bab906424616b2974ad4e9
(From OE-Core rev: 22d8ac9884208b8f9b2a69ec6a257c62e1f2f8d2)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1.
This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c
of the component AAC Encoder. The manipulation leads to stack-based buffer overflow.
It is possible to initiate the attack remotely. The exploit has been disclosed to the
public and may be used.
(From OE-Core rev: c9a15206bae7f1e85dc3b8812eabb936a7e6d383)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The go command may execute unexpected commands when operating in untrusted VCS repositories.
This occurs when possibly dangerous VCS configuration is present in repositories.
This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata
for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line,
i.e. via "go get", are not affected.
(From OE-Core rev: efdc4920571677c9051d4402eaa801672eeb24e3)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* fixes builds on host with gcc-15:
http://errors.yoctoproject.org/Errors/Details/853016/
../../bash-5.2.37/builtins/mkbuiltins.c:268:29: error: too many arguments to function ‘xmalloc’; expected 0, have 1
268 | error_directory = xmalloc (2 + strlen (argv[arg_index]));
| ^~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(From OE-Core rev: 55c144bd17665f70cd15e36f3405f502a962f039)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
GCC 15 defaults to C23 and bash is not yet ready for that
so keep using C17 like GCC 14 for now
(From OE-Core rev: adf63fe5f76cbd0fd93ce5fa23229a388211e992)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* backports from 1.18.2 used since:
https://git.openembedded.org/openembedded-core/commit/?id=070d79c8adec7e0a8862019cf61910a59b18613a
* fixes build on hosts with gcc-15 (e.g. ubuntu-25.10)
../cairo-1.18.0/test/pdiff/pdiff.h:22:13: error: âboolâ cannot be defined via âtypedefâ
22 | typedef int bool;
| ^~~~
../cairo-1.18.0/test/pdiff/pdiff.h:22:13: note: âboolâ is a keyword with â-std=c23â onwards
../cairo-1.18.0/test/pdiff/pdiff.h:22:1: warning: useless type name in empty declaration
22 | typedef int bool;
| ^~~~~~~
(From OE-Core rev: 6bd49cba1d7e12a6d8a4521a2097ff9f5ddc6368)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The code maintainer disputes the CVE as the issue can only be triggered with
untrusted SGML catalogs and it makes absolutely no sense to use untrusted
catalogs.
The issue triggers a crash if an invalid file is provided.
Source: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"
(From OE-Core rev: 348ce728af1cea4f909de5c3597801b5612719e4)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
According to the NVD entry, it is only applicable when built
for native Windows (MinGW-w64 or MSVC).
(From OE-Core rev: 04ce4704e603cd66f30ffc001541c6497d84050e)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
check_cves may raise the cve_status_not_in_db QA check. Call
exit_if_errors to make sure that the task is marked as failed when the
check is categorized as an error.
cve_status_not_in_db was in the meantime dropped in OE-Core
452e605b55ad61c08f4af7089a5a9c576ca28f7d so this change is only required
on scarthgap.
(From OE-Core rev: b3d12589c26f4e86b153bbdcda774985e4e046bd)
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This class has been in OE-Core for a while but never documented in the
reference manual. Add some description for it and link to the existing
documentation on it.
(From yocto-docs rev: dd665216fa578a1f2f268790d708c6a5d2912ecf)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 362a331255525fc853dab3af4ec905c417fabb0b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This variable is part of uboot-sign but not documented.
(From yocto-docs rev: 999e81f17bf60e187e709368ede3965df19bee59)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 05eb461cb1da76ad9cbaf634da7f47447b3f6765)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update the distributions to match the list of workers on the
Autobuilder. This list was generated with the help of
yocto-autobuilder-helper/scripts/yocto-supported-distros.
Also:
- Sort the lists alphabetically.
- Decrease spacing between entries for readability.
(From yocto-docs rev: e99a9283e30ae2b844018d1ffb88560ab6877ab7)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The example repo doesn't seem to have ever been under MIT to begin with
but rather Apache-2.0. It was then changed to the license used by the
goland projectm that is BSD-3-Clause, 2 years ago in commit 00c7068f9d83
("all: update to Go license").
The license file exists in the sources, so use that one instead of
taking it from the OE-Core license directory.
License-Update: Incorrect license is now proper
(From OE-Core rev: fa45d6d5bec8fe503ff6b9166a3b4af31ea95369)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Starting from CMake version 2.27 support for interactive debugging of CMake
scripts and configurations was added. However, by default the `nativesdk-cmake`
is compiled with debugger support turned off.
This change adds debugger support for cmake
(From OE-Core rev: 8acfca456c3502f0d097ba01a2d08f83fb75ab60)
(From OE-Core rev: 776846eb8aa2f5f8c1ec8842cdbaff6b6bcdfa65)
Signed-off-by: Nikhil R <nikhilr5@kpit.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It was added by original commit for CVE-2025-6020-01.patch
https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e#diff-05f443e6acbe32a148a45648148739bf6f02f13acc5c20c6037bf933223d4d77
but removed here in the rebase, causing:
../../../Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c:326:11: error: call to undeclared function 'dirname'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
326 | parent = dirname(buf);
| ^
../../../Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c:326:9: error: incompatible integer to pointer conversion assigning to 'char*' from 'int' [-Wint-conversion]
326 | parent = dirname(buf);
| ^ ~~~~~~~~~~~~
(From OE-Core rev: 6d88a28ac7b6ff61808eb46e5c85dabd17c77f2e)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The tar packaging format was removed some time ago. Also, add some
minor grammatical tweaking.
(From yocto-docs rev: 0c154c1f431be918c4c9ce3047c12099925a9c53)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 8e9fd1ca232f3c1e8be51cb881a68b4745ee548a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Khem Raj
Martin Jansa
Peter Marko
Praveen Kumar
Archana Polampalli
Hitendra Prajapati
Steve Sakoman
Daniel Turull
Philip Lorenz
Antonin Godard
Erik Lindsten
Quentin Schulz
Nikhil R
Zhang Peng
Robert P. J. Day
Marco Cavallini
Lee Chee Yang