- new features:
* support product-obsoletes() provides in the product autopackage
generation code
(From OE-Core rev: 2f83491f69116c5d606f801a619a5389fc97ea64)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
Added:
- Add online attribute for devhelp index
- Include type data in the field template
Fixed:
- Use normal font size for enumeration values description
(From OE-Core rev: cd0f60afe129d31cdb25343ea7a96509cd14a16a)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For /usr/lib/rpm/macros, Yocto explicitly set OECMAKE_FIND_ROOT_PATH_MODE_PROGRAM
= "ONLY" [1][2] to search tools from CMAKE_FIND_ROOT_PATH [5] which locates in
native recipe sysroot or HOSTTOOLS_DIR. If found in native recipe sysroot or
HOSTTOOLS_DIR, the sed operation removed leading `/'
root@qemux86-64:~# vi /usr/lib/rpm/macros
...
%__xz usr/bin/xz
%__make usr/bin/make
%__zstd usr/bin/zstd
%__quilt usr/bin/quilt
%__patch usr/bin/patch
...
root@qemux86-64:~# rpm --eval "%{__xz} %{__make} %{__zstd} %{__quilt} %{__patch}"
usr/bin/xz usr/bin/make usr/bin/zstd usr/bin/quilt usr/bin/patch
This commit keeps leading `/' from sed operation, and similar reason for
/usr/lib/cmake/rpm/rpm-targets.cmake
After applying this commit:
root@qemux86-64:~# rpm --eval "%{__xz} %{__make} %{__zstd} %{__quilt} %{__patch}"
/usr/bin/xz /usr/bin/make /usr/bin/zstd /usr/bin/quilt /usr/bin/patch
[1] https://git.openembedded.org/openembedded-core/commit/?id=f4ea12f6635125ee793f4dd801c538c0186f9dc3
[2] https://cmake.org/cmake/help/latest/variable/CMAKE_FIND_ROOT_PATH_MODE_PROGRAM.html
(From OE-Core rev: 0d0773879ab9520c475c4a8c930b2e663de0e032)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
v1 of the lldb patchset was accidentally merged, which didn't remove
this package from the clang recipe.
(From OE-Core rev: f389f14983cf87238f9a073b50837583596735ea)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the first major release bump for CMake since 3.0 was released in 2014.
Compatibility with versions of CMake older than 3.5 has been removed. Full
release notes are available at [0].
Obsolete patches have been removed and the few remaining ones have been
refreshed. We can now build cmake without patches, only cmake-native requires
two that are not suitable for upstreaming.
The main license file has been renamed from Copyright.txt to LICENSE.rst in [1].
References to the file have been updated, causing changes to the licensing
header in 'cmake.h' (see [2]).
Additionally, the '1996 - 2024' copyright statement in (cm)curl's COPYING was
updated to '1996 - 2025' in [3].
[0]: https://cmake.org/cmake/help/v4.0/release/4.0.html
[1]: 2d42a5444f
[2]: de273b2e11
[3]: 48b13baebc
License-Update: License file renamed; copyright years updated
(From OE-Core rev: fc7aafb30bc5fe83f8d2ed451cb6b4d68b131fb5)
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
CC: alex.kanavin@gmail.com
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove the shared PERSISTENT_DIR mention introduced by 3954eda78f22
("dev-manual/start.rst: mention that PERSISTENT_DIR should be shared
too"), as it should _not_ be shared.
Instead recommend setting up a hash equivalence server.
(From yocto-docs rev: f9f1c87424d307d2df60024bc448bd6778605cf8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
PERSISTENT_DIR should _not_ be shared, I got that wrong in my previous
commit 741aa29898dc ("ref-manual/structure.rst: update with info on
PERSISTENT_DIR"). Remove these mentions.
(From yocto-docs rev: 4c7fc7a6e9b0b957bcf0deb66adb0a6d9ebead00)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since OE-Core rev: cc83e45484656a6b577ff84817131735023daad4
the STAMP value and STAMPCLEAN glob have been mismatched. The
issue is present since the PR part was removed from the STAMP variable
in that comit.
An example use case that I found was broken due to this:
1. Have recipes foo_A.bb and foo_B.bb
2. Build foo-native with PREFERRED_VERSION_foo-native = "A"
3. ${COMPONENTS_DIR}/x86_64-linux/foo-native has version A
4. Build foo-native with PREFERRED_VERSION_foo-native = "B"
5. ${COMPONENTS_DIR}/x86_64-linux/foo-native has version B
6. Build foo-native with PREFERRED_VERSION_foo-native = "A"
7. ${COMPONENTS_DIR}/x86_64-linux/foo-native still has version B
In my case the PREFERRED_VERSION comes from different machines.
The issue showed itself when a bar-native compiled against foo-native
version A was pulled from sstate-cache and foo-native in version B was
kept in ${COMPONENTS_DIR} after previous build for a different machine.
The two variables should be in sync and this patch corrects that.
[RP: Tweak commit message]
(From OE-Core rev: 932be19f48735d72a72de2771911119433956f4f)
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are two "new" CVEs reported for python3, their CPEs are:
* CVE-2020-1171: cpe:2.3🅰️microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
* CVE-2020-1192: cpe:2.3🅰️microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
These are for "Visual Studio Code Python extension".
Solve this by addding CVE vendor to python CVE product to avoid
confusion with Microsoft as vendor.
Examining CVE DB for historical python entries shows:
sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython'
...> or product like 'python%3' group by vendor, product;
microsoft|python|2
python|python|1054
python_software_foundation|python|2
Note that this already shows that cpython product is not used, so
CVE-2023-33595 mentioned in 62598e1138f21a16d8b1cdd1cfe902aeed854c5c
was updated.
But let's keep it for future in case new CVE starts with that again.
(From OE-Core rev: 446df2e29495e615dd6d95b158dd37363830cd3e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.4..go1.24.5
9d828e80fa (tag: go1.24.5) [release-branch.go1.24] go1.24.5
825eeee3f7 [release-branch.go1.24] cmd/go: disable support for multiple vcs in one module
dbf30d88f3 [release-branch.go1.24] cmd/link: permit a larger size BSS reference to a smaller DATA symbol
6b51660c8c [release-branch.go1.24] runtime: set mspan limit field early and eagerly
cc604130c8 [release-branch.go1.24] runtime: prevent mutual deadlock between GC stopTheWorld and suspendG
21b488bb60 [release-branch.go1.24] runtime: handle system goroutines later in goroutine profiling
e038690847 [release-branch.go1.24] cmd/go/internal/fips140: ignore GOEXPERIMENT on error
1575127ef8 [release-branch.go1.24] runtime: add missing unlock in sysReserveAlignedSbrk
7d08a16fba [release-branch.go1.24] cmd/compile/internal/ssa: fix PPC64 merging of (AND (S[RL]Dconst ...)
5f2cbe1f64 [release-branch.go1.24] cmd/compile: do nil check before calling duff functions, on arm64 and amd64
Fixes CVE-2025-4674 [2].
[1] https://github.com/golang/go/compare/go1.24.4...go1.24.5
[2] https://groups.google.com/g/golang-announce/c/gTNJnDXmn34
(From OE-Core rev: a3cc5038ea10a4857627e6f4de25bdc43023a349)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the libtool patch description with a note about the patch not
being essential now due to .la file handling changes.
(From OE-Core rev: 1294542edf327fe782b5b9c0de3dd3d3c2e38af1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Recent changes mean toolchain variables are initialized via inherit_defer.
It is therefore no longer possible to add to CC using the += operator.
Instead, add to CFLAGS.
(From OE-Core rev: 7435a6317621f90b6f842a0a0f97c31f0d6d2424)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a runtime dependency on libnss-resolve to nss-resolve PACKAGECONFIG in
systemd recipe. libnss-resolve provides nss-resolve which is a plug-in
module for the GNU Name Service Switch (NSS) functionality of the GNU C
Library (glibc) enabling it to resolve hostnames via the systemd-resolved
local network name resolution service.
See https://man7.org/linux/man-pages/man8/nss-resolve.8.html.
Runtime dependencies on other NSS plug-in modules are provided via other
PACKAGECONFIG entries in a similar way (myhostname - libnss-myhostname,
nss - libnss-resolve).
(From OE-Core rev: e3558ccc2e75bcd09d4a02799df9615cfa92fdbb)
Signed-off-by: Weisser, Pascal <pascal.weisser.ext@karlstorz.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Simplify the code by removing the fallback to ifconfig if the ip command
is not available. ip commands are nowadays available on all host
machines. The transition from ifconfig to ip has taken place long time
ago e.g. for the runqemu-gen-tapdevs script.
This also fixes the detection of tap devices if the tap devices are not
named tap0, tap1, etc. but have a different name, e.g. foo0, foo1 which
is the case if the OE_TAP_NAME environment variable is set.
Some examples:
$ ip tuntap show mode tap
$ sudo ./scripts/runqemu-gen-tapdevs 1000 2
Creating 2 tap devices for GID: 1000...
Creating tap0
Creating tap1
...
$ ip tuntap show mode tap
tap0: tap persist group 1000
tap1: tap persist group 1000
$ sudo ./scripts/runqemu-gen-tapdevs 1000 0
Note: Destroying pre-existing tap interface tap0...
Note: Destroying pre-existing tap interface tap1...
$ ip tuntap show mode tap
$ sudo OE_TAP_NAME=foo ./scripts/runqemu-gen-tapdevs 1000 2
Creating 2 tap devices for GID: 1000...
Creating foo0
Creating foo1
...
$ ip tuntap show mode tap
foo0: tap persist group 1000
foo1: tap persist group 1000
$ sudo OE_TAP_NAME=foo ./scripts/runqemu-gen-tapdevs 1000 0
Note: Destroying pre-existing tap interface foo0...
Note: Destroying pre-existing tap interface foo1...
$ ip tuntap show mode tap
(From OE-Core rev: 6459ea7c019bcb7a486d286dd964eeeeab99c37d)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the check for tap devices available as a function which can be used
by other tests as well.
(From OE-Core rev: ad8f3a8d959a245301118cf7b850f1a0ab567f01)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If DISTRO is set to poky, the ptest DISTRO_FEATURE is enable. However,
without meta-poky layer, ptest packages are not compiled and the tests
fail with:
ERROR: Nothing RPROVIDES 'cmake-example-ptest'...
(From OE-Core rev: 7b5b0908a6acf43384a13f2e6801e014a61b8e8f)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Extend the devtool deploy-target test to test with and without the
--strip option. The --strip code path recently broke unnoticed because
of changes in pseudo.
(From OE-Core rev: 4c586320e15d8d8b5b85e2da0b900dcc6a0fff3d)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
LLDB takes a reasonable amount of time to compile, but also isn't an
essential component of the LLVM suite.
Instead of always building it when we build clang, split it out into a
separate recipe.
On my build machine where clang takes 21 minutes to build with lldb, it
takes 19 minutes without lldb.
(From OE-Core rev: 9da4900aa5a37718bd42f277d5a1805ec897b1b4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building the LLVM projects often means using the TableGen tools
(llvm-tblgen etc).
We currently build them as part of clang-native, but I am teasing the
clang recipe into its component parts and having to build llvm-native
or lldb-native simply for one tool isn't ideal.
Instead, add a native recipe that simply builds the tablegen binaries
for llvm, clang, and lldb
(From OE-Core rev: fbf63e03fe09ca74022c9d06442b4f1021b71d57)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's a BPN assignment in common.inc which means all recipes need to
either be called clang, or set BPN themselves.
Move the assignment to the clang recipes. For now I'm leaving the
existing BPN assignments in the other recipes, in case there are complex
multilib-related reasons to retain them.
(From OE-Core rev: fc7e8c3e5c19a1885bec564c8fc07df5a13c8bd4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, clang when used for native builds and uses --rtlib=compiler-rt
does not find the LLVM runtime because its installed in different
directory than where compiler expects it to be. As a result, build fails
for packages using clang in both capacity ( native and cross )
e.g. qtwebengine
Make the build work across native sanitizers as well.
(From OE-Core rev: 4d55698330ce6720cab5dfe9b4e00efeb40ba6e6)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The test behavior did not change visibly though.
"bitbake-selftest bb.tests.runqueue" passes completely, just like before.
(Bitbake rev: 1751aed08f8472f20fcfbadbb09d35f951904952)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The PERSISTENT_DIR directory can also be customized to be shared, so
mention it in the list of configuration variables in local.conf.
(From yocto-docs rev: f3aa0e8f0d15f036b65253c1e0036eb7e1e16088)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we mention that SSTATE_DIR can be shared for multiple builds, also
mention that PERSISTENT_DIR should be shared alongside SSTATE_DIR.
[YOCTO #15921]
(From yocto-docs rev: 741aa29898dc7f34ebd423ff7565334b2c89e18c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The autobuilder also uses a shared Hash Equivalence server, so mention
it here too.
(From yocto-docs rev: a96640f98c91f147e05cf132efab114b1e7dc8eb)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In the light of the recent LLVM addition, and other such heavier
recipes, increase the minimum RAM requirement from 8Gb to 32Gb.
(From yocto-docs rev: 3055affc8a37a40d03206140e47caf3d1437ec35)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For host resource limiting variables, make a reference to the new
"Limiting the Host Resources Usage" document.
(From yocto-docs rev: 161a8549441e8c38791ab7f63001b2a15a39d2f2)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a "Limiting the Host Resources Usage" document to share the
different techniques that can be used to limit the host resources usage.
We do have a document to document how to speed up a build, so this
document comes right after.
[YOCTO #15111]
(From yocto-docs rev: 584b8b30cd884ff6c62efcff9e9b566476a84589)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kernel 6.15+ will be our next reference point, so we bump the libc
headers to match.
(From OE-Core rev: cf89a121f93e404485983b92abc88a46a7f24890)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This includes CVE-fix for CVE-2025-46805, CVE-2025-46804,
CVE-2025-46803, CVE-2025-46802 and CVE-2025-23395.
Changelog:
=========
https://cgit.git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.5.0.1
* Fixes:
- CVE-2025-46805: do NOT send signals with root privileges
- CVE-2025-46804: avoid file existence test information leaks
- CVE-2025-46803: apply safe PTY default mode of 0620
- CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
- CVE-2025-23395: reintroduce lf_secreopen() for logfile
- buffer overflow due bad strncpy()
- uninitialized variables warnings
- typos
- combining char handling that could lead to a segfault
(From OE-Core rev: 9e608022b287bfdb4f547f5e2d418536758bc82f)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set the permissions of /var/run/kea to 750 to fix kea server startup
error:
ERROR [kea-dhcp4.dhcp4/445.140718820303936] DHCP4_INIT_FAIL failed to
initialize Kea server: configuration error using file
'/etc/kea/kea-dhcp4.conf': 'socket-name' is invalid: socket
path:/var/run/kea does not exist or does not have permssions = 750
This permission check was introduced by commit[1] in kea 2.6.3.
[1] 43bba7799f
(From OE-Core rev: 7254a27cdf16a51b5247585d417f2e6afaf84b76)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
(From OE-Core rev: 4ac42eefe6c1b5895a3334d7f90004fdc8a3267f)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add credentials when passing source urls to uv resolver. (#3553)
* Redact credentials in source urls in the log output, and inject credentials into the source url for uv sync command as well. (#3555)
* Fix a bug that extra dependencies of transitive dependencies are not properly installed when USE_UV=true (#3558)
* Improve the terminal output when setting up a script environment. (#3560)
* Skip non-existent library paths in post-install steps when trying to fix the pth files. (#3561)
(From OE-Core rev: 5f203da704bb76d0521e274bea9499db15f62d8d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
