curl's websocket code did not update the 32 bit mask pattern
for each new outgoing frame as the specification says. Instead
it used a fixed mask that persisted and was used throughout
the entire connection.
A predictable mask pattern allows for a malicious server to induce
traffic between the two communicating parties that could be
interpreted by an involved proxy (configured or transparent) as
genuine, real, HTTP traffic with content and thereby poison its
cache. That cached poisoned content could then be served to all
users of that proxy.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-10148
Upstream patch:
https://github.com/curl/curl/commit/84db7a9eae8468c0445b15aa806fa
(From OE-Core rev: 3793ee12d8da4f8f90a0ffcad180ef8122251491)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Python 3.14 complains about these:
Traceback (most recent call last):
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 722, in main
termfilter.updateFooter()
~~~~~~~~~~~~~~~~~~~~~~~^^
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 339, in updateFooter
lines = self.getlines(content)
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 370, in getlines
lines = lines + 1 + int(len(line) / (self.columns + 1))
~~~~~~~~~~~~~^~~
TypeError: can only concatenate str (not "int") to str
and
Traceback (most recent call last):
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 722, in main
termfilter.updateFooter()
~~~~~~~~~~~~~~~~~~~~~~~^^
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 341, in updateFooter
for tasknum, task in enumerate(tasks[:(self.rows - 1 - lines)]):
~~~~~~~~~~^~~
TypeError: unsupported operand type(s) for -: 'str' and 'int'
Make sure getting the number of rows and columns from the terminal
via the environment variables LINES and COLUMNS are returned as a
pair of integers. This matches the return value of ioctl_GWINSZ().
(Bitbake rev: 10118785e4a670bce4980e1044c0888a8b6e84af)
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a4e0b6f8077276a0bfb9d05c759bc752a84d1f76)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Python 3.14 enforces stricter type and size checking for fcntl.ioctl()
buffer arguments. The previous code passed a short 4-byte string ('1234')
to TIOCGWINSZ, which worked by accident in older Python versions but causes
a SystemError ("buffer overflow") in 3.14.
TIOCGWINSZ expects an 8-byte (4x 16-bit) buffer corresponding to
(rows, cols, xpix, ypix). Use an 8-byte bytes literal instead and unpack
the first two values.
Tested with Python 3.11, 3.13, and 3.14.
(Bitbake rev: 9127359eb116827a1e0debe69f84e57717436847)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 415e9e329cf8cc0c2caa01cba80c21cfac9e2414)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The example recipe taken above is hello-world on version 1.0 (because
PV equals "1.0+git". Fix this issue.
(From yocto-docs rev: 2d765587de2a2f3383a400d9bdecf64d9b182af9)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 411122812ced4ec32127a823896a73aacf6eb97c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When we don't have a PR server enabled, we don't have leading ".0" to
the PKGR variable, as this is added by the PR server.
(From yocto-docs rev: e5aaccf54494978bc8c24b4920dad7135837edb7)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 7a0324b6a10e64ee250945747db10ca88040b1ce)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The current example of the SRCREV change triggering a gitX bump is
wrong, as both gitX and r0.X get incremented.
Why this is happening is explained in bug 15729, which I copy here:
> +gitX+ is indeed related to changes in the source code.
>
> r0.X is bumped each time the checksum of the do_package task of the
> simple-hello-world-git recipe changes. This happens here:
> https://git.openembedded.org/openembedded-core/tree/meta/classes-global/package.bbclass?id=235e6d49e5888ad04416219e10b6df91a738661a#n306
>
> This line sets the value of PRAUTO and represents the number X found in
> r0.X. It will in the end make it into EXTENDPRAUTO, which itself makes
> to PKGR == r0.X.
>
> This line calls getPR(version, pkgarch, checksum). Between test case 5
> and 6, only the checksum changes. This checksum is the checksum of the
> do_package task (gotten from get_do_package_hash() above).
>
> Now, let's dump what changed with regards to this task between two
> consecutive runs, using the sigdata file in build/tmp/stamps/:
>
> ```
> [...]
> Variable fetcher_hashes_dummyfunc value changed from '2650ad6714c3f3248abfe9d3daf1196f307ed494' to '4af682a50174f5deb0397847da97d7cdba4ad067'
> ```
>
> The last line shows that the value of fetcher_hashes_dummyfunc changed
> from '2650ad6714c3f3248abfe9d3daf1196f307ed494' to
> '4af682a50174f5deb0397847da97d7cdba4ad067'. Those are the commit hashes
> in the git history of the simple-hello-world-git repository.
>
> Now you can see why this 0.X gets bumped, is because of the SRCREV change.
Fix the example, and detail what gets changed and why.
[YOCTO #15729]
Cc: Robert Berger <pokylinux@reliableembeddedsystems.com>
(From yocto-docs rev: 11fe7dbc49a8062cda8062d320dcb2be70a3b6f3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 09f0430bc69024b9854c31ba6783ddd807aa4f19)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The eSDK installer script installs in poky_sdk directory but under the
user's home directory so let's make that explicit.
(From yocto-docs rev: 9811bee2e33002b449d073a3f3be1889e249ee2a)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 52ec12522bad3bbdff937f1c66224aa9b2d299cd)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I'm pretty sure we meant to use the DISTRO poky.yaml.in placeholder
which can only be replaced when surrounding by & and ; characters.
Therefore let's fix this oversight.
Also, the example isn't actually pointing at the snapshot, but the
actual release, so let's reword that as well so it matches the example.
I decided to do that instead of adding +snapshot to the filename because
the example in the next section is actually using that same filename so
for consistency it seemed more appropriate.
(From yocto-docs rev: 27f259434f5bc3914d2c2b74961d744f7bffbcdc)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit ede411d70ffc837e5bea4666da9706e67960b0f2)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It's easier on the eye to use a parsed-literal block for highlighting
things that must be changed than simply stating the word, so this makes
use of a parsed-literal block instead of a simple inline code-block and
also highlight in italic which words are placeholders.
Also make the explanation below the literal-block use the same
highlighting (italic).
(From yocto-docs rev: 648b3c3e80a3916917763e3892a5e8c8d8a72162)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 41ee642c33cc2e7435e6037bf49fe7495ffa6133)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It hasn't been used since the migration to Sphinx so let's remove it.
(From yocto-docs rev: 5ad326e61cf9f1d5fb8718dcf4e5f693bd3c4c28)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit ffaea8391b3d78c2ccf964474e03c50a1c043c6c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This PNG is totally unnecessary and makes accessibility much worse, so
let's simply replace the PNG with a parsed-literal block showing the
same directory layout with the same highlighted placeholders.
While at it, update the layout to match the more recent one (5.0.15) and
have it alphabetically sorted (mixed files and directories).
The placeholders are highlighted the same way inside and outside the
parsed-literal block for consistency.
(From yocto-docs rev: 923a35a87f72af7a678bb942186cef1cc81e1ab9)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 77b24b4a8d437797ab25dfeb37ae5cd911c52d31)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This PNG is totally unnecessary and makes accessibility much worse, so
let's simply replace the PNG with a parsed-literal block showing the
same directory layout with the same highlighted placeholders.
While at it, update the layout to match the more recent one (5.0.15) and
have it alphabetically sorted (mixed files and directories).
The placeholders are highlighted the same way inside and outside the
parsed-literal block for consistency.
(From yocto-docs rev: 56355f9dacc9b5cdfa6ad86d6c07dcb0511bc394)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0c68497ec5f6525483e5a98e15db24f651bf28ba)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
No lexer exists for BitBake right now, so let's simply disable the lexer
entirely by using the "none" lexer.
I'm using "none" instead of "text" to be able to "easily" replace none
code blocks the day a BitBake lexer exists. I "reserve" "text" for
actual text content (e.g. a filename, or the output of a command line
without the command line).
(From yocto-docs rev: 27d3921725b71a3346a6b76c7de4c11ebbced01c)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit d682bce63cdc5aad9c2d3b932a6ba2d27ecfe107)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are some blocks containing C code so highlight them as C with the
"c" lexer.
For autotool'ed files, there's no lexer available so "none" will do just
fine.
Finally, there's one Makefile code block so highlight it with the
"makefile" lexer.
(From yocto-docs rev: 6c3802113231393ff02d8ac96418f59cfc4c0124)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 10d40604cb4affb17dda2253f82a2422d5a9bcf6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
poky-glibc-host_system-image_type-arch-toolchain-ext-release_version.sh
is in a code-block and thus requires to be indented (it is). Sphinx
knows a block has ended when the indentation of the next line is smaller
than in the block, otherwise it's all in the same block.
The explanation of the replaceable parts in the tarball installer script
filename should be text and not part of the block, so let's do that.
While at it, reformat by putting each replaceable part in a bullet list,
highlight the replaceable part or what it can replaced with as well as
putting the replacement on the same line instead of making it a quote by
having them indented in the bullet list.
Finally, replace the literal block (::) with a parsed-literal block so
we can highlight the placeholders appropriately.
(From yocto-docs rev: 0f0ce9012349f4bb18a0c209b77b45a125f2d387)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 04c883216158edafe6a4c4ddfb38f63ffb5d5c24)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When unspecified in conf.py via the highlight_language variable (and
highlight variable for code-blocks), the lexer used for literal blocks
is "default" which tries to highlight the block as Python code.
These blocks aren't Python but simple command lines prefixed by a
prompt so let's use the "console" lexer to properly highlight.
(From yocto-docs rev: cb27e3264bcfdeec20d590dfff5cba99051d825e)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit c6039ce11d638a0b64844480e51d126fcda304b4)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When unspecified in conf.py via the highlight_language variable (and
highlight variable for code-blocks), the lexer used for literal blocks
is "default" which tries to highlight the block as Python code.
These blocks aren't Python but either simply the console output or a
file name (which we should probably just double tick-quote instead), so
let's render those blocks with the "text" lexer.
(From yocto-docs rev: ff5a0859620327e4eada0082b20ad62b032d8d5f)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 72354c27000aba3ae583894ff6112a1a017e33d5)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The pseudo update was causing hangs in builds, pull in the fix.
(From OE-Core rev: a845c75096c381f45c13451b1baedc7774e4eff2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8acdbefd0a148c8b7713f46066ae8489984c5d2d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pulls in the following fixes:
* makewrappers: Enable a new efault option
* ports/linux/openat2: Add dummy wrapper
* test-syscall: Add a syscall test
* ports/linux/pseudo_wrappers: Avoid openat2 usage via syscall
which should fix issues with the tar CVE fix on Centos/Alma/Rocky 9 distros
that uses openat2 as well as the efault issue breaking rust based uutils.
(From OE-Core rev: a872357343b29530d05823368cfc8863a798412d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51f1388dd1679a28ec3ca468cf16aa0ea32bccf9)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Where a task (such as do_package) runs under fakeroot, the corresponding
setscene task (do_package_setscene) will also run under fakeroot when
restoring from sstate. Assuming pseudo is used as the fakeroot
implementation, we need pseudo-native and all its runtime dependencies
to be available in the sysroot before running any setscene tasks under
fakeroot.
We already add a hard dependency from all do_package_setscene tasks to
virtual/fakeroot-native:do_populate_sysroot in base.bbclass, but this
does not cover transitive dependencies. So, extend the dependencies of
pseudo-native:do_populate_sysroot_setscene to ensure that the sqlite3
library is also available in the sysroot before running fakeroot
setscene tasks.
[YOCTO #15963]
(From OE-Core rev: c73e9513f26cd9e073fc2eb0a67378ad7864d677)
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c146ca657440550e00bc5e53d13502ef7aa945b)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patch for CVE-2025-61915 by mistake causes fatal error on unknown
directives in configuration files.
The default configuration already contains unknown directive in
non-systemd setups:
Unknown directive IdleExitTimeout on line 32 of /etc/cups/cupsd.conf
Backport fix for this from 2.4.x branch which reverts this behavior.
(From OE-Core rev: 2f36a12a72cf1f91a2d6ee68bd04292979608eb9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
