ctest automatically optimizes the order of (parallel) test execution based on
historic test case runtime via the COST property (see [0]), which can have a
significant impact on overall test run times. Sadly this feature is broken in
CMake < 4.0.0 for test cases that have spaces in their name (see [1]).
This commit backports the upstream fix. As repeated test runs are expected to
mainly take place inside the SDK, the patch is only applied to 'nativesdk'
builds.
[0]: https://cmake.org/cmake/help/latest/prop_test/COST.html
[1]: https://gitlab.kitware.com/cmake/cmake/-/issues/26594
Reported-By: John Drouhard <john@drouhard.dev>
(From OE-Core rev: ead0d06d6335fb74c1ae0dc7bdcf414c66b3e4ab)
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dcbaf42dd74cc0bda7254856589613718ed3f057)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Overview of changes in bind 9.20.9
==================================
Security Fixes:
1. Prevent an assertion failure when processing TSIG algorithm.
2. DNS messages that included a Transaction Signature (TSIG) containing
an invalid value in the algorithm field caused named to crash with an
assertion failure. This has been fixed. (CVE-2025-40775) [GL #5300]
For additional feature changes and bug fixes, please see:
https://downloads.isc.org/isc/bind9/9.20.9/doc/arm/html/notes.html#notes-for-bind-9-20-9
(From OE-Core rev: c9d59ba50a102ace907779612e74646dec133271)
(From OE-Core rev: 8131a878c2d3c5e8b48a1b33a70f8eae90d3e5ca)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
NVD ([1]) tracks this as:
cpe:2.3🅰️golang:go:*:*:*:*:*:*:*:*
Running on/with
cpe:2.3⭕microsoft:windows:-:*:*:*:*:*:*:*
Yocto cve-check ignores the "Running on/with", so it needs to be ignored
explicitly.
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566
(From OE-Core rev: c43a9f7ca85f1c25a72f7b1efa494e30d6cf4906)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
To accompany earlier updating of kernel version, update this lonely
reference to be consistent.
(From yocto-docs rev: 87c97308cac2a1e94ad1f006c1226a9072200a5f)
Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit e26c2018cd663de91ee08e0cba55eda1a4c30210)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Change the sample kernel version being used from 4.4 to a more modern
6.12.
(From yocto-docs rev: 1aaf4044ca3610740a38cd6a53dd11f2071f573b)
Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1bad12b6ccfe1c0d26918926176a0c743568de26)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In Sections 4.3.1 and 4.3.2 of the Overview Manual, a bit of tidying
including:
- provide full list of packaging options
- add monospaced rendering where appropriate
- fix broken "ref"
- make capitalization consistent
(From yocto-docs rev: 4b79feb4dfdce35efff05f4316f56445d18e5247)
Signed-off-by: "Robert P. J. Day" <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1cf769e3c8a8442cd05449dc97e91ad482d635f3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The nativesdk- prefix to the recipe filename should only be used when
using the inherit method as the BBCLASSEXTEND method will do some magic
when generating the "implicit" name of the recipe.
This matches the instructions for the native class.
(From yocto-docs rev: 4852b8be918be0d0e73d82fff458822100e2f49b)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 15fe239e1e62b9add737aa732dd7f5e9948ee03d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We explain how to create a native (nativesdk) recipe in two different
ways via a bullet list but reading quickly the instructions may mislead
one into doing both options whereas they are incompatible.
This rewords both the nativesdk and native sections so that the second
bullet point starts with an Or and explicit that this applies to target
recipes.
(From yocto-docs rev: 69ce7f06d3a736c3d8c7a1fffbdee16d14e2dcdf)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 6d0d338a5f2686ddeee5eed7b6e05f3db800d33a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Remove aarch64 for ARM Cortex-R52 processor as it supports only 32-bit
ISA but not 64-bit ISA. Also update ARMPKGARCH for cortexr52hf.
(From OE-Core rev: fd79c20430ad5c540522ddbe72ef235379c628bd)
Signed-off-by: Sandeep Gundlupet Raju <sandeep.gundlupet-raju@amd.com>
Signed-off-by: Sandeep Gundlupet Raju <grsandeep85@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
/etc/os-release is a symlink to /usr/lib.
Symlink is retrieved as a dead link which points to nowhere if also the
original file is not accompanying it.
Fetch the real file in addition to this link.
Alternative could be to use "tar -h" (supported also by busybox tar),
however that could lose some important information if links are relevant
for failure analysis.
(From OE-Core rev: ed43f9ccb3c08845259e24440912631afd780d12)
(From OE-Core rev: 93efeca19f53132fce84d914b7ebf21070370127)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport a commit from util-linux upstream to fix the following error.
agetty: segfault at 0 ip 00007fc65600295c sp 00007fffa8dd67e8 error 4 in libc.so.6
(From OE-Core rev: e9cfc549091b77d08817eb7235076c7a0c20e4fa)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Handles CVE-2025-4598
Rebase patches
(From OE-Core rev: 11d583e4ffb8726c66da8f764d985a37a14b2699)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update to the 5.2.1 release of the 5.2.1 series for buildtools
(From OE-Core rev: 91d430e7a68a0cc819398bd05d020f850364fdf1)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
GCC 14.3 is a bug-fix release from the GCC 14 branch
containing important fixes for regressions and serious bugs in
GCC 14.2 with more than 211 bugs fixed since the previous release.
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=14.3
Dropped the below patches:
0026-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch
a9f88741a9
0027-gcc-backport-patch-to-fix-data-relocation-to-ENDBR-s.patch
aa4cd61445
0028-fix-incorrect-preprocessor-line-numbers.patch
8cbe033a8a
0001-arm-Fix-LDRD-register-overlap-PR117675.patch
9366c32851
gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch
ab884fffe3
(From OE-Core rev: aa59bbbbedb25d772648c4cb1498b34b43efb0fb)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.3..go1.24.4
6796ebb2cb [release-branch.go1.24] go1.24.4
85897ca220 [release-branch.go1.24] net/http: strip sensitive proxy headers from redirect requests
9f9cf28f8f [release-branch.go1.24] os: don't follow symlinks on Windows when O_CREATE|O_EXCL
a31c931adf [release-branch.go1.24] cmd/link: allow linkname reference to a TEXT symbol regardless of size
03811ab1b3 [release-branch.go1.24] crypto/x509: decouple key usage and policy validation
04a9473847 [release-branch.go1.24] lib/fips140: set inprocess.txt to v1.0.0
db8f1dc948 [release-branch.go1.24] hash/maphash: hash channels in purego version of maphash.Comparable
664cf832ec [release-branch.go1.24] runtime/debug: document DefaultGODEBUG as a BuildSetting
431f75a0b9 [release-branch.go1.24] os: fix Root.Mkdir permission bits on OpenBSD
Fixes CVE-2025-4673, CVE-2025-0913 and CVE-2025-22874 [2].
[1] https://github.com/golang/go/compare/go1.24.3...go1.24.4
[2] https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A
(From OE-Core rev: 50fe0b3832f741bc7f9ea0b996a7e99c5696c0ba)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch for this CVE and also patch for its regression.
(From OE-Core rev: 0d880cdb51e47f78387b63063727fe6df1b009e6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The js_splitter_code string contains backslashes that Python tries to
use as escape sequence but doesn't manage to, hence the following
SyntaxWarning message:
documentation/conf.py:188: SyntaxWarning: invalid escape sequence '\p'
.split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}-]+/gu)
Considering that we want this to be sent verbatim to the JS, let's make
this a raw string instead.
Fixes: d4a98ee19e0c ("conf.py: tweak SearchEnglish to be hyphen-friendly")
(From yocto-docs rev: 1fc92ff2af72118ae041183d395d0a0323ecc1a9)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit c1056672ef45b197136eb8815728d426337a5901)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This repository is partially included in another repository: poky.
However its README isn't making it, so documentation/README pointing at
the README at the root of the git repository would lead the contributor
nowhere.
Instead, let's include the appropriate information directly in
documentation/README which does make it to the poky git repo.
(From yocto-docs rev: 1b93a4122624b554243842822e7df209cc884b27)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0298318cea2947e65754eab97255164e64a862de)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
KCONFIG_MODE defaults to 'allnoconfig' when not set, regardless of whether
KBUILD_DEFCONFIG points to an in-tree or a meta-layer defconfig.
(From yocto-docs rev: 77e401de547a67d1654480c3fb8df3693724a69f)
Signed-off-by: Carlos Sánchez de La Lama <csanchezdll@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f374b9c426f6c10710e011a4ad660231ee26efb8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The project is switching the way handle our CDN provision of sstate objects,
update the URL accordingly.
(cherry picked from commit 406e8a8e30404c0538f5aa46f211540bae2b206b)
(From yocto-docs rev: 6372e5c9ed5dc6fd3f93e1059a56a002ff1b5036)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Refresh patches.
* https://www.python.org/downloads/release/python-3134/
Security content in this release
* gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
[CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
tarfile extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
* gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
non-“strict” error handler.
* gh-128840: Short-circuit the processing of long IPv6 addresses early
in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
gh-133767 got meawhile CVE-2025-4516 assigned.
(From OE-Core rev: 55a9cd748531c75d46f5d6d53af692a38c6b6716)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Even with our fixes in deterministic_imports.patch the
importlib.metadata package scan was still returning Distribution objects
for empty directories. This interacts badly with rebuilds when recipes
are changing as when a recipe is removed from the sysroot directories
are not removed[1].
In particular this breaks python3-meson-python-native rebuilds when
Meson upgrades from 1.7 to 1.8: the site-packages directory has an empty
meson-1.7.dist-info/ and populated meson-1.8.dist-info/. Whilst it's
deterministic to return the empty 1.7 first, this breaks pypa/build as
it looks through the distributions in order.
We had discussed this with upstream previously and there's a more
comprehensive fix upstream (actually in importlib_metadata, not cpython)
which ensures that valid distribution objects are listed first. So we
can drop our patch and replace it with a backport to fix these rebuilds.
[1] oe-core 4f94d929639 ("sstate/staging: Handle directory creation race issue")
(From OE-Core rev: 73de8daa6293403f5b92d313af32882c47bce396)
(From OE-Core rev: 1c1b651038e15445c495d87c38beeb92f00d9919)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There was a regression introduced by the change to use
systemd-systemctl-native rather than a python fake implementation,
which caused template units to not be properly enabled when set in
the SYSTEMD_SERVICE variable. Through investigation, it seems that
the best way to re-enable template instances is to handle them
explicitly in the systemd.bbclass and enable them with `preset`, like
most units are handled[1,2].
Per the systemd.preset manpage, the format for template units is
different than for regular units[3]. We need to coalesce all the
template instances onto a single line and emit them as an additional
space-deliminated argument.
Ran this against openbmc's phosphor-ipmi-net recipe and generated
the following preset file:
```
$ cat packages-split/phosphor-ipmi-net/usr/lib/systemd/system-preset/98-phosphor-ipmi-net.preset
enable phosphor-ipmi-net@.service eth0
enable phosphor-ipmi-net@.socket eth0
```
[1]: https://lore.kernel.org/openembedded-core/Z2ch.1747051947055246176.oktf@lists.openembedded.org/
[2]: https://lore.kernel.org/openembedded-core/aDdoTVtCmElpURYD@heinlein/
[3]: https://www.freedesktop.org/software/systemd/man/latest/systemd.preset.html
Fixes: 7a580800db39 ("systemd: Build the systemctl executable")
(From OE-Core rev: f33d9b1f434e40a459614d8dc21ce45e11581008)
(From OE-Core rev: ea207dce1f5f8579d8ddde487ac9852f50bfc792)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changes in libsoup from 3.6.4 to 3.6.5:
* session: Strip authentication credentials on cross-origin redirects [Patrick Griffis]
* build: Use pkg-config instead of krb5-config for the gssapi dependency [Patrick Griffis]
* http1: When using chunked encoding report an error in case of unexpected stream end [Andrzej Surdej]
* http2: When a message has no content still respect its Content-Type [Patrick Griffis]
* http2: Revert manual window size management temporarily, as it could stall [Patrick Griffis]
* sniffer: Fix potential overflows [Patrick Griffis]
* hsts: Fix minor leak [Patrick Griffis]
* headers: Fix a few parsing edge cases that could be an out of bound read [Patrick Griffis]
* connection: Avoid ever calling disconnect twice [Patrick Griffis]
* auth-digest: Fix handling when a nonce isn't present [Patrick Griffis]
* cookies: Limit max size of max-age, path, and domain attributes to 1024 bytes [Patrick Griffis]
* cookies: Limit max size of name and value to 4096 bytes [Patrick Griffis]
* docs: Remove references to old libsoup domain [Simon McVittie]
Refer:
766e175282
(From OE-Core rev: a5585378dd9a2ecd8261958d02c34ecce1be5c0f)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
