Pulls in fixes to rename/renameat/renameat2:
Changqing Li (1):
renameat2/renameat: only ignore when both old and new path are not in PSEUDO_INCLUDE_PATHS
Mark Hatle (4):
run_tests.sh: Allow the user to specify specific tests to run
tests: Add mv then hardlink testing
rename: only ignore when both old and new path are not in PSEUDO_INCLUDE_PATHS
Makefile.in: Bump version to 1.9.7
(From OE-Core rev: e2864ea1ac022e43af92badc701fa1e2a9571f46)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17567738711d525d9f2b85e54ace2048901e4c34)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Pulls in the changes:
* Makefile.in: Bump version to 1.9.6
* pseudo_util.c: Fix symlink processing for symlinkat and related
* test: Add test symlinkat and related
* ports/unix: realpath: Fix chroot processing
* test: Add test cases for canonicalize functions
* ports/unix: fts_open: Fix chroot behavior
* ports/unix: fts_*: Certain functions were incorrectly returning stat data
* test: Add fts test case
* test: Add test for linkat chroot path stripping
* linkat: Avoid a segmentation fault
* Only copy xattrs on a rename if it's cross-filesystem
(From OE-Core rev: 1414f3513099a9a956ec4f602354aa00008e2aff)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50e769a598e79ed4600f7362d5f40799a48f9273)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This adds a wrapper for the __open_2 function
This was breaking shadow and the real reason for the open() call changes.
Add the missing wrapper to properly fix this.
(From OE-Core rev: 876e6497f3323d74d9ac8ce303ed5165a7fda283)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8ea63d320aba32d3894cace9e71e850bdff1d6b2)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Update to pull in a full openat2 wrapper which works on Fedora 44.
This update includes the commits:
* Makefile.in: Bump version to 1.9.4
* test: Add renameat2 test cases
* test: Add openat2 test cases
* makewrappers/openat2: Add preserve_path option
* openat2: Implement openat2 wrapper
* ports/linux/guts/renameat2.c: Add comment why this isn't implemented
* Add b4 configuration
* pseudo_setupenvp: Handle malloc failure safely
* pseudo_setupenvp: Allocate space for new env vars if needed
(From OE-Core rev: 9075b66e1f9161407056924954b3d5507f6d8384)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b2bd1d114fafe1e797149e02e4c08194d529cfde)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The 2026b release contains the following changes:
Briefly:
British Columbia moved to permanent -07 on 2026-03-09.
Some more overflow bugs have been fixed in zic.
Changes to future timestamps
British Columbia’s 2026-03-08 spring forward was its last
foreseeable clock change, as it moved to permanent -07 thereafter.
(Thanks to Arthur David Olson.) Although the change to permanent
-07 legally took place on 2026-03-09, temporarily model the change
to occur on 2026-11-01 at 02:00 instead. This works around a
limitation in CLDR v48.2 (2026-03-17). This temporary hack is
planned to be removed after CLDR is fixed.
Changes to code
zic no longer mishandles a last transition to a new time type.
zic no longer overflows a buffer when generating a TZ string like
"PST-167:59:58PDT-167:59:59,M11.5.6/-167:59:59,M12.5.6/-167:59:59",
which can occur with adversarial input. (Thanks to Naveed Khan.)
zic no longer generates a longer TZif file than necessary when
an earlier time zone abbreviation is a suffix of a later one.
As a nice side effect, zic no longer overflows a buffer when given
a long series of abbreviations, each a suffix of the next.
(Buffer overflow reported by Arthur Chan.)
zic no longer overflows an int when processing input like ‘Zone
Ouch 2147483648:00:00 - LMT’. The int overflow can lead to buffer
overflow in adversarial cases. (Thanks to Naveed Khan.)
zic now checks for signals more often.
(From OE-Core rev: 37dab321242e06d2940c4221e4a13e68265d696f)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit dda7d55396e0c5258cba58af7e990ab3813bf108)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Regenerated to fix this warning:
WARNING: linux-yocto-6.6.127+git-r0 do_cve_check: Kernel CVE status needs updating: generated for 6.6.123 but kernel is 6.6.127
$ ./meta/recipes-kernel/linux/generate-cve-exclusions.py .../cvelistV5/ 6.6.127 > meta/recipes-kernel/linux/cve-exclusion_6.6.inc
Generated at 2026-05-27 12:02:49.732909+00:00 for kernel version 6.6.127
From cvelistV5 cve_2026-05-27_0900Z
(From OE-Core rev: d0d02d0f45b4c5108ae648fb16d2a2a0dc1ae0e7)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
While working on splitting-out wic from oe-core, on my openSUSE Leap
16.0 machine, the moment I split wic out, 2 oe-selftests always failed
with 100% reproducibility:
- wic.ModifyTests.test_wic_cp_ext
- wic.Wic2.test_expand_mbr_image
In both cases the symptom is the same: the filesystem has inode tables
that are completely zeroed out. Both issues are linked together to the
same underlying fault.
FilemapSeek._get_ranges() is a generator. Due to the nature of finding
each hole/data extent one at a time using the lseek() system call,
it calls os.lseek() on a raw file descriptor, then yields, then the
caller, sparse_copy(), calls file.seek() + file.read() on a Python
BufferedReader wrapping that same fd — then the generator resumes and
calls os.lseek() again. This interleaving of raw os.lseek() and buffered
I/O on the same fd is undefined behaviour from Python's perspective.
The BufferedReader tracks its own idea of the fd's position and buffer
contents; os.lseek() changes the position behind its back. This can
corrupt its internal state and cause read() to return stale/zero data.
This code, however, has existed in wic since it was written, so why
was it not noticed before? It turns out this bug was being masked by a
number of implementation details that changed, especially when wic was
split out for oe-core. These changes conspired together to cause the bug
to be triggered.
One of the root causes of this bug is that Python 3.14 increased the
default buffer size from 8KB to 128KB[1]. With 8 KB buffers, read()s
either go through the direct-read path leaving the buffer empty, or
if it fills in 8KB chunks the buffer is fully drained. Either way,
with a small buffer, read()s do a real raw seek. No fast path. No
corruption. With a 128KB buffer, however, a much larger window exists
where BufferedReader.seek() can take the fast-path after the raw file
descriptor has already been repositioned by os.lseek() in the generator.
With the smaller buffer, this window was too narrow to hit in practice.
This is fixed by opening a second file object in FilemapSeek.__init__()
dedicated to SEEK_DATA/SEEK_HOLE probes, leaving the data-reading handle
(self._f_image) untouched.
This explains why the corruption is deterministic and tied to specific
block boundaries, why it only manifests with the split-out version using
Python 3.14 (on systems that are using Python versions less than 3.14 on
the host), and why using a separate file descriptor for reading bypasses
the issue entirely.
This is not an intermittent bug. For a more detailed explanation
including log files, in-depth analysis, and a standalone Python
reproducer, please see the linked bugzilla entry.
Fixes: [YOCTO #16197]
[1] b1b4f9625c
b1b4f9625c5f ("gh-117151: IO performance improvement, increase io.DEFAULT_BUFFER_SIZE to 128k (GH-118144)")
AI-Generated: codex/claude-opus-4.6 (xhigh)
(From OE-Core rev: 37a45219dd204b07bad40576fefccb2cf85b255c)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 481969844385f2fa40a1230ca50253ec4ff516cd)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Ubuntu 25.10 has changed the default coreutils implementation from GNU
coreutils to uutils/coreutils. Unfortunately this causes build problems:
couldn't allocate absolute path for 'null'.
tail: cannot open 'standard input' for reading: No such file or directory
install: failed to chown '...': Invalid argument (os error 22)
Clear build failures happen in 'install' and 'tail', but there may be
further breakage.
Luckily, Ubuntu also installs GNU coreutils with a binary prefix of
'gnu', so whilst these issues are root-caused and fixed in either pseudo
or uutils we can prefer the gnu-prefixed binaries where they are present.
[ YOCTO #16028 ]
(From OE-Core rev: b797cc729f6e6951baa988e1c04bac9fb8183a1c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 16f2684ebeffa72b5d90525cf9102751b68c298e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Update to the 5.0.18 release of the 5.0 series for buildtools
(From OE-Core rev: 7b2955ae65d4060aaa8f3eda9f3583750606a646)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Drop one patch since change is included in the release.
Upgrade was performed using devtool
Full changelog:
https://github.com/gpg/gnupg/compare/gnupg-2.4.8...gnupg-2.4.9
Noteworthy changes in version 2.4.9 (2025-12-30)
------------------------------------------------
* gpg: Fix possible memory corruption in the armor parser. [T7906]
* gpg: Avoid potential downgrade to SHA1 in 3rd party key
signatures. [rGddb012be7f]
* gpg: Error out on unverified output for non-detached signatures.
[rG9d302f978b]
* gpg: Do not allow compressed key packets on import. [T7014]
* scd: Fix a harmless read buffer over-read in a function used by
PKCS#15 cards. [T7662]
* dirmngr: Do not require a keyserver for "gpg --fetch-key".
[T7693]
* agent: Fix ssh-agent's request_identities for skipped Brainpool
keys. [rG6bf5696c85]
Release-info: https://dev.gnupg.org/T8001
(From OE-Core rev: 5eb2cd21ac86805f5f90ea149da7de6e41342299)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The perl module Compress-Raw-Zlib defaults to using a vendored copy of
the zlib sources which has a number of CVEs. A newer version of perl
updates this to zlib 1.3.2 to resolve them, but we should be linking to
our zlib recipe instead of the vendored code.
This mitigates CVE-2026-4176 so mark it as not appropriate.
(From OE-Core rev: 6e83e5520f415fc6ca9029a8aaa0af31cd832a90)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf515229043685d4f00c965eb3e0236c37b6b403)
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The CVE-2025-62813 is rejected so do not reference it anymore.
So keep the patch but without referencing the CVE identifier.
The CVE database indicates the following reason:
This candidate was withdrawn by its CNA. Further investigation
showed that it was not a security issue.
(From OE-Core rev: 99706716626324605c049a9130f705f2090a9f91)
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c840a69b62a5fdffb3679a44d68dd5630b2916c)
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
These tests tend do take a bit of time, and this is probably why they
have been seen failing a few times in the past months. Rising the
timeout from 5 to 10 minutes appears to help.
Fixes [YOCTO #15999]
(From OE-Core rev: c8a94dfc3a21403e8202a4adddbae9f3bd4a4549)
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 998ebfc77db4c8d7567d82560595e0994a310ae0)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
go has a feature of workspaces [1]. If there is a file called go.work
in your working directory on any of its parent directories that will
be read and used during build. For OE where the builds shall
be sandboxed this is bad as a workspace file outside of the build
environment can be picked up. This commit wil disable that feature
according to the instruction in [1].
This was found and introduced build failures when a file go.work was
in the parent directory outside of OE build directory.
[1] https://go.dev/ref/mod#workspaces
(From OE-Core rev: 9538bcefab6881805d60d9f362e0b70996b5e2f9)
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: c52c5e88626968b08510818f09829f2e1c9f94ae)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
When cgo is enabled, the Go toolchain writes temporary source files
(*.c) under GOTMPDIR and compiles them there. when -trimpath is passed
to go, Go passes options such as
-ffile-prefix-map=$WORK/b387=/tmp/go-build internally to the GCC
instance it invokes. The variable WORK is a temporary directory created
under GOTMPDIR, refer the following log:
[snip of compile log]
WORK=/build/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/build-tmp/go-build377321751
cd $WORK/b387
TERM='dumb' x86_64-wrs-linux-gcc -m64 -march=x86-64-v3 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot -I /tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5/src/github.com/containers/buildah/vendor/github.com/proglottis/gpgme -fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=$WORK/b387=/tmp/go-build -gno-record-gcc-switches -v -D_FILE_OFFSET_BITS=64 -I $WORK/b387/ -O2 -g -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5=/usr/src/debug/buildah/1.41.5 -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/build=/usr/src/debug/buildah/1.41.5 -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot= -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot-native= -pipe -v -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5/src/github.com/containers/buildah/vendor=/_/vendor -frandom-seed=TZkSPVSBUvDMjg4wKjWS -o $WORK/b387/_x004.o -c unset_agent_info.cgo2.c
[snip of compile log]
OE also passes its own DEBUG_PREFIX_MAP to GCC(finally by CGO_CFLAGS),
including -ffile-prefix-map=${B}=${TARGET_DBGSRC_DIR}, where B is
${WORKDIR}/build. Because GOTMPDIR defaults to ${WORKDIR}/build-tmp, the
Go temporary directory looks like ${WORKDIR}/build-tmp/go-buildXYZ. Its
prefix therefore begins with ${WORKDIR}/build, so GCC matches the
DEBUG_PREFIX_MAP entry for ${B} first.
As a result, a path such as ${WORKDIR}/build-tmp/go-buildXYZ is
rewritten to ${TARGET_DBGSRC_DIR}-tmp/go-buildXYZ. This breaks the
-ffile-prefix-map option that Go itself adds, because the original WORK
path no longer matches the value Go expects. Since Go creates
go-buildXYZ directories randomly and internally, this causes the build
non-reproducible.
This patch changes GOTMPDIR from ${WORKDIR}/build-tmp to
${WORKDIR}/tmp-go-build so that the path no longer matches ${B}. This
prevents unintended replacements by OE's DEBUG_PREFIX_MAP and
restores reproducibility.
Note that pure go program like go-helloworld under OE will not have this
issue since it doen't use cgo, it is reproducible without this fix
(From OE-Core rev: 1b08bf9296fb6583234933b22b67b851591610a8)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 0642d2323072f561a4d0eeb9266213387b2997fc)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
It doesn't apply after udev-builtin-path_id.c was also updated by
CVE-2026-40225-01.patch in
https://git.openembedded.org/openembedded-core/commit/?h=scarthgap&id=fc2d33dbb2d5180b77c10865156db342f9d582da
causing do_patch failure for scarthgap builds with musl:
Hunk #1 FAILED at 39.
1 out of 1 hunk FAILED -- rejects in file src/udev/udev-builtin-net_id.c
patching file src/udev/udev-builtin-path_id.c
patching file src/udev/udev-event.c
patching file src/udev/udev-rules.c
Patch 0003-src-basic-missing.h-check-for-missing-strndupa.patch does not apply (enforce with -f)
stderr: ')
ERROR: Logfile of failure stored in: /OE/build/oe-core/tmp-musl/work/core2-64-oe-linux-musl/systemd/255.21/temp/log.do_patch.215528
ERROR: Task (/OE/build/oe-core/openembedded-core/meta/recipes-core/systemd/systemd_255.21.bb:do_patch) failed with exit code '1'
(From OE-Core rev: 0e66eb22a34e17939cfdaf5cdad84361b7f18e6e)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
When unpacking zip files requests uses predictable paths. Backport a fix
to use randomly generated pathnames to mitigate injection attacks.
(From OE-Core rev: b23ec9773d67f8767904731afa86fe5ede08f97f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe846d71b647fb06e6a87cb45a2dd9b0889e2891)
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
(From yocto-docs rev: 76f4b5ded4aa04ca1404510f0232593a968e0f66)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
[AG: add note on large CVE updates for linux-yocto]
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit be424bf52cd3ac9c83a4617d0b06afe8cde055be)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
- font fix
- missing word fix
(From yocto-docs rev: c7e020d278ded715fc24034b000fb93f554b606c)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a9bf37a1166120f8870422aceaf2f3d8cb53788a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Usage of semicolon as separator in ROOTFS/IMAGE_*COMMAND was deprecated
long time ago.
Code was changed to not include it anymore.
Update the example.
(From yocto-docs rev: 0ec798cecaae31e5bba13261d72dc8c5492b6b1f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit fa0b3fc4218e75b88b7811a3f2bfefdb0ca6496e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The current contents of deploy.bbclass is slightly different so update
the code snippet and the subsequent explanation of that snippet.
(From yocto-docs rev: b5cfd275cdd620b5260c5e66e254363be795e798)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit aec2a39ea648694bb5a30da216b721018e8bb670)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
"counterpart" is one word, not two -- this is the only example in all
the docs that needed fixing.
(From yocto-docs rev: 3511578f29e93702931883cd6537c57a5994d5cd)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 555061075725440d3aa6373624082bef6ee6e31f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Ensure the reader understands that patch files can be compressed.
(From yocto-docs rev: 39c5dff022620818bbbfeb4ad10f0f9e5b1e8d35)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a1070100ecdf600ca9468a4115f9f9a1bf94f448)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The section "What Yocto Security Team does when it receives a security
vulnerability" duplicated information already found in the previous
section "Security Team Operations", so merge the sections and tidy up
the flow of the text.
While we're editing this, Mitre is now just one of the places you can go
to get a CVE assigned, many other CVE Numbering Authorities (CNAs) are
available. They also now have a web form for contact and requesting CVE
assignment so let's link directly to that.
Also drop "If an upstream project does not respond quickly" down a
heading level.
(From yocto-docs rev: ca6a21c7cf652fabd0d48fda735a9074f9fe8af7)
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 8efdc7df5c75e92449e74e4d40b763ee1df07adc)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
A layer is not simply a collection of recipes; it can include any
combination of recipe files, machine and distro configuration files,
class file and more, so make that clear. In fact, a layer is not
required to contain any recipe files at all.
(From yocto-docs rev: 4050b1002e1d1273fb3e0908bd42308e4f95e355)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 9d2fe509ff2ab43ea73d6cb7feaa44669ad83f0d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Add a ":term:" reference for the phrase "Openembedded Build System",
to be consistent with the earlier reference for "Poky".
(From yocto-docs rev: 938bcb41cdc5337c9f662b113381ac1ba59fb87c)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 2a8bc4f1b25c818ddc517a6eee6a0c3ba653db6d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Those are defined in BitBake documented, and would be better documented
there. Add a link to the BitBake manual for these variables.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 3210b5375356ad7097ecbf27ffdb50189a0ea6fe)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit cec08390bad4f26b841ff6fc8752f6200acf31d3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Given how Chapter 4 of the Overview Manual introduces so many of the
variables that define a build, briefly introduce the reader to the
"bitbake-getvar" command so they can examine those variables.
(From yocto-docs rev: ccd3b07fb7a24877aeea80d24456e41c93266015)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 33f57d154ad1ec950c59c5aab20e0a0323ef19cc)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Update the section on describing the Beaglebone contents to reflect
the current content in the meta-yocto-bsp layer.
(From yocto-docs rev: 8ebcf1ea8e4add4045f643bde3bb48d5ff560497)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit bd5be9cc9d5aa7cca63877f3a22089c9dc02f135)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
In the intro to the BSP guide, mention that a BSP layer might also
contain content related to the bootloader and device tree files.
(From yocto-docs rev: ba48bdeee06522d7334ccb624053f4f363556a15)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a6eca1e7c67225de8b32638b4ba10aa73efe5030)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Minor rewording in two places.
(From yocto-docs rev: d08a1381231b068461f39de47154e971c71acd52)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 382f2cbea16efc13a1bcf14a3276add8aabeec4e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The Recipe Style Guide makes it clear that you can't have hyphens in
the version part of a recipe file name.
(From yocto-docs rev: 935bdb0d03bdb3f186ffd36faf37d5255a5b9522)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b9c7aa835576f154dff1c565e835bffd298af7c3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Obviously, this sentence should say "colon", not "semi-colon".
(From yocto-docs rev: f87c6ee9a2965b2978b93ccfd76dce0cb853bd9f)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 837e4de00f67b87c60faf21aab2dee913ba813b0)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Even though it's mentioned a little earlier on that same page, when
defining the properties of a "Distro Layer," remind the reader that
"meta-poky" is an example of such a layer.
(From yocto-docs rev: 27a3d7d4c30f2957661d00455c15f830e1281bb9)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 4c57f21b681ca92e89903a79b2404132d5b00f10)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Similar to :yocto_bugs: but directly create a hyperlink to the bug
displayed with its identifier. Use as :yocto_bug:`12345`.
(From yocto-docs rev: a84f0e63550c2c72497c5b563f72fcfa16c3ee8f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 24e227262df909353ef8874335cdeb114b9d4203)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Defines three new bitbake_path, meta_yocto_path, and oecore_path roles
that can be used to quickly reference a file or directory in one of
those repositories and link to our web interface for the path, e.g.
:oecore_path:`meta/conf/bitbake.conf`.
(From yocto-docs rev: cc2bb929002ed29fdb2601cf02f47de315656d27)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 89cf4b98686f6f353811d444f36848410ffd2929)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Use the extlinks extension to create new roles to quickly reference a
commit from openembedded-core, bitbake, or meta-yocto.
For example, use as: :oecore_rev:`437e0419608e`.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 54cd2278e9f72837013831b6ce6d4aff61982899)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 79552b4a764d16282a86c8e017270a258a26240e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
(Bitbake rev: d0bc6eafbefcbc20657028640cd1e17584434ad3)
Signed-off-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 16ef07c851f3438c0e6034b9a2fe2c708b766aa2)
[YC: migrated some more hash values with new_value = sha256(old_value)
matching what was done in the original patch]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
