v1 of the lldb patchset was accidentally merged, which didn't remove
this package from the clang recipe.
(From OE-Core rev: f389f14983cf87238f9a073b50837583596735ea)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the first major release bump for CMake since 3.0 was released in 2014.
Compatibility with versions of CMake older than 3.5 has been removed. Full
release notes are available at [0].
Obsolete patches have been removed and the few remaining ones have been
refreshed. We can now build cmake without patches, only cmake-native requires
two that are not suitable for upstreaming.
The main license file has been renamed from Copyright.txt to LICENSE.rst in [1].
References to the file have been updated, causing changes to the licensing
header in 'cmake.h' (see [2]).
Additionally, the '1996 - 2024' copyright statement in (cm)curl's COPYING was
updated to '1996 - 2025' in [3].
[0]: https://cmake.org/cmake/help/v4.0/release/4.0.html
[1]: 2d42a5444f
[2]: de273b2e11
[3]: 48b13baebc
License-Update: License file renamed; copyright years updated
(From OE-Core rev: fc7aafb30bc5fe83f8d2ed451cb6b4d68b131fb5)
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
CC: alex.kanavin@gmail.com
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove the shared PERSISTENT_DIR mention introduced by 3954eda78f22
("dev-manual/start.rst: mention that PERSISTENT_DIR should be shared
too"), as it should _not_ be shared.
Instead recommend setting up a hash equivalence server.
(From yocto-docs rev: f9f1c87424d307d2df60024bc448bd6778605cf8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
PERSISTENT_DIR should _not_ be shared, I got that wrong in my previous
commit 741aa29898dc ("ref-manual/structure.rst: update with info on
PERSISTENT_DIR"). Remove these mentions.
(From yocto-docs rev: 4c7fc7a6e9b0b957bcf0deb66adb0a6d9ebead00)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since OE-Core rev: cc83e45484656a6b577ff84817131735023daad4
the STAMP value and STAMPCLEAN glob have been mismatched. The
issue is present since the PR part was removed from the STAMP variable
in that comit.
An example use case that I found was broken due to this:
1. Have recipes foo_A.bb and foo_B.bb
2. Build foo-native with PREFERRED_VERSION_foo-native = "A"
3. ${COMPONENTS_DIR}/x86_64-linux/foo-native has version A
4. Build foo-native with PREFERRED_VERSION_foo-native = "B"
5. ${COMPONENTS_DIR}/x86_64-linux/foo-native has version B
6. Build foo-native with PREFERRED_VERSION_foo-native = "A"
7. ${COMPONENTS_DIR}/x86_64-linux/foo-native still has version B
In my case the PREFERRED_VERSION comes from different machines.
The issue showed itself when a bar-native compiled against foo-native
version A was pulled from sstate-cache and foo-native in version B was
kept in ${COMPONENTS_DIR} after previous build for a different machine.
The two variables should be in sync and this patch corrects that.
[RP: Tweak commit message]
(From OE-Core rev: 932be19f48735d72a72de2771911119433956f4f)
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are two "new" CVEs reported for python3, their CPEs are:
* CVE-2020-1171: cpe:2.3🅰️microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
* CVE-2020-1192: cpe:2.3🅰️microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
These are for "Visual Studio Code Python extension".
Solve this by addding CVE vendor to python CVE product to avoid
confusion with Microsoft as vendor.
Examining CVE DB for historical python entries shows:
sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython'
...> or product like 'python%3' group by vendor, product;
microsoft|python|2
python|python|1054
python_software_foundation|python|2
Note that this already shows that cpython product is not used, so
CVE-2023-33595 mentioned in 62598e1138f21a16d8b1cdd1cfe902aeed854c5c
was updated.
But let's keep it for future in case new CVE starts with that again.
(From OE-Core rev: 446df2e29495e615dd6d95b158dd37363830cd3e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.4..go1.24.5
9d828e80fa (tag: go1.24.5) [release-branch.go1.24] go1.24.5
825eeee3f7 [release-branch.go1.24] cmd/go: disable support for multiple vcs in one module
dbf30d88f3 [release-branch.go1.24] cmd/link: permit a larger size BSS reference to a smaller DATA symbol
6b51660c8c [release-branch.go1.24] runtime: set mspan limit field early and eagerly
cc604130c8 [release-branch.go1.24] runtime: prevent mutual deadlock between GC stopTheWorld and suspendG
21b488bb60 [release-branch.go1.24] runtime: handle system goroutines later in goroutine profiling
e038690847 [release-branch.go1.24] cmd/go/internal/fips140: ignore GOEXPERIMENT on error
1575127ef8 [release-branch.go1.24] runtime: add missing unlock in sysReserveAlignedSbrk
7d08a16fba [release-branch.go1.24] cmd/compile/internal/ssa: fix PPC64 merging of (AND (S[RL]Dconst ...)
5f2cbe1f64 [release-branch.go1.24] cmd/compile: do nil check before calling duff functions, on arm64 and amd64
Fixes CVE-2025-4674 [2].
[1] https://github.com/golang/go/compare/go1.24.4...go1.24.5
[2] https://groups.google.com/g/golang-announce/c/gTNJnDXmn34
(From OE-Core rev: a3cc5038ea10a4857627e6f4de25bdc43023a349)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the libtool patch description with a note about the patch not
being essential now due to .la file handling changes.
(From OE-Core rev: 1294542edf327fe782b5b9c0de3dd3d3c2e38af1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Recent changes mean toolchain variables are initialized via inherit_defer.
It is therefore no longer possible to add to CC using the += operator.
Instead, add to CFLAGS.
(From OE-Core rev: 7435a6317621f90b6f842a0a0f97c31f0d6d2424)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a runtime dependency on libnss-resolve to nss-resolve PACKAGECONFIG in
systemd recipe. libnss-resolve provides nss-resolve which is a plug-in
module for the GNU Name Service Switch (NSS) functionality of the GNU C
Library (glibc) enabling it to resolve hostnames via the systemd-resolved
local network name resolution service.
See https://man7.org/linux/man-pages/man8/nss-resolve.8.html.
Runtime dependencies on other NSS plug-in modules are provided via other
PACKAGECONFIG entries in a similar way (myhostname - libnss-myhostname,
nss - libnss-resolve).
(From OE-Core rev: e3558ccc2e75bcd09d4a02799df9615cfa92fdbb)
Signed-off-by: Weisser, Pascal <pascal.weisser.ext@karlstorz.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Simplify the code by removing the fallback to ifconfig if the ip command
is not available. ip commands are nowadays available on all host
machines. The transition from ifconfig to ip has taken place long time
ago e.g. for the runqemu-gen-tapdevs script.
This also fixes the detection of tap devices if the tap devices are not
named tap0, tap1, etc. but have a different name, e.g. foo0, foo1 which
is the case if the OE_TAP_NAME environment variable is set.
Some examples:
$ ip tuntap show mode tap
$ sudo ./scripts/runqemu-gen-tapdevs 1000 2
Creating 2 tap devices for GID: 1000...
Creating tap0
Creating tap1
...
$ ip tuntap show mode tap
tap0: tap persist group 1000
tap1: tap persist group 1000
$ sudo ./scripts/runqemu-gen-tapdevs 1000 0
Note: Destroying pre-existing tap interface tap0...
Note: Destroying pre-existing tap interface tap1...
$ ip tuntap show mode tap
$ sudo OE_TAP_NAME=foo ./scripts/runqemu-gen-tapdevs 1000 2
Creating 2 tap devices for GID: 1000...
Creating foo0
Creating foo1
...
$ ip tuntap show mode tap
foo0: tap persist group 1000
foo1: tap persist group 1000
$ sudo OE_TAP_NAME=foo ./scripts/runqemu-gen-tapdevs 1000 0
Note: Destroying pre-existing tap interface foo0...
Note: Destroying pre-existing tap interface foo1...
$ ip tuntap show mode tap
(From OE-Core rev: 6459ea7c019bcb7a486d286dd964eeeeab99c37d)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the check for tap devices available as a function which can be used
by other tests as well.
(From OE-Core rev: ad8f3a8d959a245301118cf7b850f1a0ab567f01)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If DISTRO is set to poky, the ptest DISTRO_FEATURE is enable. However,
without meta-poky layer, ptest packages are not compiled and the tests
fail with:
ERROR: Nothing RPROVIDES 'cmake-example-ptest'...
(From OE-Core rev: 7b5b0908a6acf43384a13f2e6801e014a61b8e8f)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Extend the devtool deploy-target test to test with and without the
--strip option. The --strip code path recently broke unnoticed because
of changes in pseudo.
(From OE-Core rev: 4c586320e15d8d8b5b85e2da0b900dcc6a0fff3d)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
LLDB takes a reasonable amount of time to compile, but also isn't an
essential component of the LLVM suite.
Instead of always building it when we build clang, split it out into a
separate recipe.
On my build machine where clang takes 21 minutes to build with lldb, it
takes 19 minutes without lldb.
(From OE-Core rev: 9da4900aa5a37718bd42f277d5a1805ec897b1b4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building the LLVM projects often means using the TableGen tools
(llvm-tblgen etc).
We currently build them as part of clang-native, but I am teasing the
clang recipe into its component parts and having to build llvm-native
or lldb-native simply for one tool isn't ideal.
Instead, add a native recipe that simply builds the tablegen binaries
for llvm, clang, and lldb
(From OE-Core rev: fbf63e03fe09ca74022c9d06442b4f1021b71d57)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's a BPN assignment in common.inc which means all recipes need to
either be called clang, or set BPN themselves.
Move the assignment to the clang recipes. For now I'm leaving the
existing BPN assignments in the other recipes, in case there are complex
multilib-related reasons to retain them.
(From OE-Core rev: fc7e8c3e5c19a1885bec564c8fc07df5a13c8bd4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, clang when used for native builds and uses --rtlib=compiler-rt
does not find the LLVM runtime because its installed in different
directory than where compiler expects it to be. As a result, build fails
for packages using clang in both capacity ( native and cross )
e.g. qtwebengine
Make the build work across native sanitizers as well.
(From OE-Core rev: 4d55698330ce6720cab5dfe9b4e00efeb40ba6e6)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The test behavior did not change visibly though.
"bitbake-selftest bb.tests.runqueue" passes completely, just like before.
(Bitbake rev: 1751aed08f8472f20fcfbadbb09d35f951904952)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The PERSISTENT_DIR directory can also be customized to be shared, so
mention it in the list of configuration variables in local.conf.
(From yocto-docs rev: f3aa0e8f0d15f036b65253c1e0036eb7e1e16088)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we mention that SSTATE_DIR can be shared for multiple builds, also
mention that PERSISTENT_DIR should be shared alongside SSTATE_DIR.
[YOCTO #15921]
(From yocto-docs rev: 741aa29898dc7f34ebd423ff7565334b2c89e18c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The autobuilder also uses a shared Hash Equivalence server, so mention
it here too.
(From yocto-docs rev: a96640f98c91f147e05cf132efab114b1e7dc8eb)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In the light of the recent LLVM addition, and other such heavier
recipes, increase the minimum RAM requirement from 8Gb to 32Gb.
(From yocto-docs rev: 3055affc8a37a40d03206140e47caf3d1437ec35)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For host resource limiting variables, make a reference to the new
"Limiting the Host Resources Usage" document.
(From yocto-docs rev: 161a8549441e8c38791ab7f63001b2a15a39d2f2)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a "Limiting the Host Resources Usage" document to share the
different techniques that can be used to limit the host resources usage.
We do have a document to document how to speed up a build, so this
document comes right after.
[YOCTO #15111]
(From yocto-docs rev: 584b8b30cd884ff6c62efcff9e9b566476a84589)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kernel 6.15+ will be our next reference point, so we bump the libc
headers to match.
(From OE-Core rev: cf89a121f93e404485983b92abc88a46a7f24890)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This includes CVE-fix for CVE-2025-46805, CVE-2025-46804,
CVE-2025-46803, CVE-2025-46802 and CVE-2025-23395.
Changelog:
=========
https://cgit.git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.5.0.1
* Fixes:
- CVE-2025-46805: do NOT send signals with root privileges
- CVE-2025-46804: avoid file existence test information leaks
- CVE-2025-46803: apply safe PTY default mode of 0620
- CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
- CVE-2025-23395: reintroduce lf_secreopen() for logfile
- buffer overflow due bad strncpy()
- uninitialized variables warnings
- typos
- combining char handling that could lead to a segfault
(From OE-Core rev: 9e608022b287bfdb4f547f5e2d418536758bc82f)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set the permissions of /var/run/kea to 750 to fix kea server startup
error:
ERROR [kea-dhcp4.dhcp4/445.140718820303936] DHCP4_INIT_FAIL failed to
initialize Kea server: configuration error using file
'/etc/kea/kea-dhcp4.conf': 'socket-name' is invalid: socket
path:/var/run/kea does not exist or does not have permssions = 750
This permission check was introduced by commit[1] in kea 2.6.3.
[1] 43bba7799f
(From OE-Core rev: 7254a27cdf16a51b5247585d417f2e6afaf84b76)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
(From OE-Core rev: 4ac42eefe6c1b5895a3334d7f90004fdc8a3267f)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add credentials when passing source urls to uv resolver. (#3553)
* Redact credentials in source urls in the log output, and inject credentials into the source url for uv sync command as well. (#3555)
* Fix a bug that extra dependencies of transitive dependencies are not properly installed when USE_UV=true (#3558)
* Improve the terminal output when setting up a script environment. (#3560)
* Skip non-existent library paths in post-install steps when trying to fix the pth files. (#3561)
(From OE-Core rev: 5f203da704bb76d0521e274bea9499db15f62d8d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It introduces new features, improvements, and bug fixes, including
- a new code generation model using recursive functions
- new block types
- improved compile-time performance
It also adds a new warning, -Wdeprecated-eof-rule, and improves
the handling of the end-of-input rule
(From OE-Core rev: 58d930580862af1f8db1e359f02a880695048025)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Without this fix:
devtool deploy-target cmake-example qemu1 --strip
...
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/lib/libcmake-example-lib.so.1.0.0': Operation not permitted
cp: failed to preserve ownership for ...cmake-example/1.0/devtool-deploy-target-stripped/usr/lib/libcmake-example-lib.so.1: Operation not permitted
cp: failed to preserve ownership for ...cmake-example/1.0/devtool-deploy-target-stripped/usr/lib/libcmake-example-lib.so: Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/lib': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/bin/cmake-example': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/bin/test-cmake-example': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/bin': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped': Operation not permitted
tar: ./usr/lib/libcmake-example-lib.so.1.0.0: time stamp 2025-07-06 16:46:06 is 0.527890738 s in the future
tar: ./usr/lib/libcmake-example-lib.so.1: time stamp 2025-07-06 16:46:06 is 0.527462566 s in the future
tar: ./usr/lib/libcmake-example-lib.so: time stamp 2025-07-06 16:46:06 is 0.526732779 s in the future
tar: ./usr/lib: time stamp 2025-07-06 16:46:06 is 0.526415655 s in the future
tar: ./usr/bin/cmake-example: time stamp 2025-07-06 16:46:06 is 0.52568721 s in the future
tar: ./usr/bin/test-cmake-example: time stamp 2025-07-06 16:46:06 is 0.525054415 s in the future
tar: ./usr/bin: time stamp 2025-07-06 16:46:06 is 0.524821739 s in the future
INFO: Successfully deployed .../cmake-example/1.0/devtool-deploy-target-stripped
With this fix:
devtool deploy-target cmake-example qemu1 --strip
...
INFO: Successfully deployed .../cmake-example/1.0/devtool-deploy-target-stripped
This is most probably related to the commit:
2502da81709f25de499277b28d33c915638c45f6
bitbake.conf/pseudo: Switch from exclusion list to inclusion list
(From OE-Core rev: 8b42b698ea13e1951f7bac4ddd89e13c9b0cb3a6)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the first tagged version of the package.
Change log since last version bump:
d8a8358a7207 mmc-utils: Pass key_mac buffer to rpmb_get_key()
a23ad7875b89 mmc-utils: Start to use the generic print_usage function
e769d44ecb77 mmc-utils: Introduce a generic print_usage function
6586fa5535dc mmc-utils: Simplify and streamline print_help function
ec75d4b3b671 mmc-utils: Remove unused adv_help member from struct Command
(From OE-Core rev: 3d4cc4ae897d48c8d8b1338020ea5251347cce59)
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Allow the risc-v TUNE_FEATURES to select specific ISA (kconfig) selections
in the kernel config via config fragments selected by KERNEL_FEATURES.
This allows the following items to be selected dynamically:
CONFIG_ARCH_RV32I
CONFIG_ARCH_RV64I
CONFIG_FPU
CONFIG_RISCV_ISA_C
CONFIG_RISCV_ISA_V
CONFIG_RISCV_ISA_ZBB
CONFIG_RISCV_ISA_ZICBOM
CONFIG_RISCV_ISA_ZICBOZ
CONFIG_TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI
Note: Some ISA options, such as CONFIG_RISCV_ISA_C may be reenabled by other
options such as CONFIG_EFI. This is properly reported by the configuration
tooling.
(From OE-Core rev: 45a1b5aa6abc9007d0d87efc2d740b5564a209dd)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When using the version specified in cve-summary.json, we need to
remove the suffix containing the custom version to match the
versions from the CVEs.
This patch truncates the version from cve-summary.json to use only
the base version of the kernel.
This is only applicable for kernels where the user has added their
own version.
(From OE-Core rev: 3942d40e96989268e8d1030f9d8c3859044d9635)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the user has a CVE_STATUS for their own backported patch,
the backport takes priority over upstream vulnerable versions.
(From OE-Core rev: 0beef05be119ea465ba06553a42edea03dfc9fd3)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bad symbolic link is used for kernel-fit-image. fit-image-its used
instead of fit-image.its.
Fix bad typo.
(From OE-Core rev: 1938864012ed5e9bae274ea1710802d8f4606bb6)
Signed-off-by: Benjamin Missey <benjamin.missey@non.se.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since d1b29222 ("openssl-native(sdk): poision built in paths") the
workaround for host path contamination in native(sdk) openssl is fixed.
But an unfortunate side-effect of forcing the directory variables
(OPENSSLDIR, ENGINESDIR, MODULESDIR) to be invalid is that it renders
the generated native pkg-config file (libcrypto.pc) unusable:
[..]
includedir=${prefix}/include
enginesdir=${libdir}/../../../../../../../../../../../../../../../../not/builtin
modulesdir=${libdir}/../../../../../../../../../../../../../../../../not/builtin
Name: OpenSSL-libcrypto
[..]
This will prevent other native tools (like libp11-native) from
installing their (.so) files into valid OpenSSL directories.
The strange paths are a result of OpenSSL's build system attempting to
resolve the dummy path "/not/builtin" relative to ${libdir} for
libcrypto.pc.in:
| enginesdir=${libdir}/{- $OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR[0] -}
There doesn't appear to be a straightforward way to avoid embedding a
built-in host path while still generating a valid libcrypto.pc file.
This workaround now post-fixes the .pc files for openssl-native by using
two sed calls to replace the invalid paths with the valid ones.
(To prevent bitbake from early expanding the libdir variables, use a
group as a simple hack.)
(From OE-Core rev: 4d4af8d1cb272369eb4ddcc489e90831c9c2c8c7)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
testexport.bbclass only copied files from core layer to
the testexport.tar.gz to run tests. Then it filtered
out tests and files which were not specified in
TEST_SUITES variable.
Remove filtering of files to include parselogs.py
test data files which are machine and/or layer specific.
TEST_SUITES variable is now read from build time exported
data store when running tests so there is no need to remove
files from exported tests in testexport.bbclass.
Adapt oe-test script to find "lib" directories from
the new structure with layer specific paths which are
used to find tests and test data files.
(From OE-Core rev: 5c39fedee1dd0e101e2611b71a895c0251ba968d)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Installing emacs on Ubuntu 24.04 pulls in emacs-gtk which leads to libgcc-14-dev
despite gcc being 13. This breaks libcxx-native and compiler-rt-native builds.
We've tried various ways of addressing this buit they don't work. Instead, detect
this situation and tell the user to either install or remove a package.
(From OE-Core rev: 087b2730bb2446ad5ea98c233e349d2787c17ff1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
