This was removed in 2019, so swap it for poky-altcfg.
(From yocto-docs rev: f0348f44008b6f89ed1119497fe2dcd230691625)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 7f7f6570befdda280c174a5f9776b20f53f3ea0d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
core-image-lsb was removed in 2019[1], so remove all of the incredibly
obsolete references in the documentation.
[1] oe-core fb064356af615d67d85b65942103bf943d84d290
(From yocto-docs rev: 05029257d0c5f090d5c0a96c6244bfaf40615178)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 062445a49919eff117b5478c1fb18d125c1f895c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The libpcre2 is now dlopen'ed, so it is not automatically added to the
RDEPENDS anymore. Add it to the RRECOMMENDS list (and not RDEPENDS as
systemd tags the library as "suggested").
This issue is not on master, the systemd v257 recipe uses a tool that
systemd provides to get this kind of dependencies. But this cannot be
backported to scarthgap as systemd v255 does not have this tool yet.
Cc: Yoann Congal <yoann.congal@smile.fr>
(From OE-Core rev: 45fc7048c511c433ecc23840fe6fdd61f6366a47)
Signed-off-by: Alexis Cellier <alexis.cellier@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows
attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
(From OE-Core rev: bf0ad79c46d8a01aafc91620ddf415749aa8849a)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation
violation via the component /libavcodec/jpeg2000dec.c.
(From OE-Core rev: bc9cdf3701b937d40964903a3489898a69525d17)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer
dereference via the component libavformat/mov.c.
(From OE-Core rev: a8331b11d5d7aa8f1997eaa189b74aaab7cc44da)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer
dereference via the component libavformat/mov.c.
(From OE-Core rev: abc6b3180b87c665ff04204b7163d1f074d99747)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2025-0725 can only trigger for curl when using a runtime
zlib version 1.2.0.3 or older and scarthgap supports
zlib 1.3.1 version, hence ignore cve for scarthgap
https://curl.se/docs/CVE-2025-0725.html
(From OE-Core rev: 8c3b4a604b40260e7ca9575715dd8017e17d35c0)
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2_MSG_PING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Upstream-Status: Backport [6ce00f0c2e]
(From OE-Core rev: 7360f3998939e202f9611644a8bed0c3fe0c782a)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
At the end of this function, self.overrides is cleared, which means we'll
construct a new self.overrides after this call. And a new self.overrides
will give out different expand_cache, so the old expand_cache should also
be cleared to avoid any wrong value.
Currently, there's a problem revealed by recent recipe specific virtual
provider patch. If we enable multilib and set "OVERRIDES:prepend" in local.conf,
things don't work.
Here's the error message:
ERROR: Nothing PROVIDES 'lib32-gcc-cross-x86_64'
Below are reproduce steps:
1. Add in local.conf the following lines:
MACHINE ?= "qemux86-64"
require conf/multilib.conf
MULTILIBS ?= "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 ?= "core2-32"
OVERRIDES:prepend = "some-override:"
(Note that using :append and :remove also reproduces the issue.)
2. bitbake -n lib32-sysstat
(bitbake -n core-image-minimal also reproduces the issue)
The expandWithRefs calls getVar, which fills expand_cache. So when setting
OVERRIDES:prepend, this will fill the expand_cache. When overridevars are updated,
if we don't clear expand_cache, we'll retrieve wrong values.
Previously, things happened to work because there's a call to expand
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}gcc, which in turn expands
TARGET_VENDOR. Now what we expand is PREFERRED_PROVIDER_ virtual/cross-cc,
so the problem is revealed.
(Bitbake rev: 7375d32e8c1af20c51abec4eb3b072b4ca58b239)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When var matches __setvar_regexp__, which has the value as below,
__setvar_regexp__ = re.compile(r'(?P<base>.*?)(?P<keyword>:append|:prepend|:remove)(:(?P<add>[^A-Z]*))?$')
the keyword will not be __doc__ or __module__ and var will always
contain ":".
(Bitbake rev: 9cac695951d0fd587063b250bfc8ef0f87acad18)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The non-greedy modifier suffix ? is not necessary here because } is
not in the character set [a-zA-Z0-9\-_+./~:].
(Bitbake rev: aae570b7f051fc5deee7a1712a02ed92498a4461)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes the following error when calling 'bitbake-dumpsig' or
'bitbake-diffsigs' when having only a single sigfile available:
| Traceback (most recent call last):
| File "[..]/poky/bitbake/bin/bitbake-dumpsig", line 171, in <module>
| files = find_siginfo_task(tinfoil, options.taskargs[0], options.taskargs[1])
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "[..]/poky/bitbake/bin/bitbake-dumpsig", line 83, in find_siginfo_task
| sig2 = latestsigs[1]
| ~~~~~~~~~~^^^
| IndexError: list index out of range
Handle this by adding (and returning) the path for the second sigfile
only if one is found. This way it will work for both diffsigs and
dumpsig use case.
The calling argparse code already deals with find_siginfo_task()
returning only a single file.
For 'bitbake-dumpsig' it will just dump the single sigfile, for
'bitbake-diffsigs' it will emit a proper error message again:
| ERROR: Only one matching sigdata file found for the specified task (systemd configure)
(cherry picked from commit 25057d33e9131f3214a06bbb316c916c744f8f03)
(Bitbake rev: 4e443aeab9096b41c9e5ba41cd21027ecaa20285)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When multiple recipes are built in parallel, Ccache sometimes refuses to
lookup some objects in cache, leading to undesired cache misses. The
root cause of this is an interaction between the way how bitbake
constructs a recipe sysroot and Ccache's `include_file_ctime` check.
Whenever bitbake creates a recipe's sysroot it hardlinks the files
provided by a recipes dependencies. Adding a hardlink to a file changes
it's ctime which in turn leads Ccache to believe that the file was
modified thus aborting the cache lookup.
To avoid this situation, add `include_file_ctime` to the list of checks
that should be ignored using the Ccache sloppiness configuration option
[1].
Example of a log entry that Ccache ignores a file:
/
|recipe-sysroot/usr/include/bits/pthread_stack_min.h had status change
|near or after invocation (ctime 1739822508.107677255, invocation time
|1739822507.970071107)
\
1 - https://ccache.dev/manual/4.10.2.html#config_sloppiness
(From OE-Core rev: c74a6d6afc52606825e583cae1162e13a5369498)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4899698297c7783e02aba5388e0469cc83bd2f70)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When testing a Yocto SDK installer on Alpine 3.21, we recently ended up with a
broken SDK. One of the commands the relocation script calls in a piped
multi-command chain failed (see [0]), but the installer did not realize that -
since it doesn't use 'set -o pipefail'. Thus, the error was never reported to
the user and the installer claimed to have set up the SDK correctly - which
wasn't the case.
Given that the SDK installer is a POSIX-compliant shell script and that the
'pipefail' option used to be missing from the standard, it's not surprising that
it isn't used. Thankfully however, in June of 2024, a new version of POSIX
(POSIX.1-2024) was released - and that one finally includes the 'pipefail'
option (see [1]). A number of shells already support it, so let's enable it if
available to make the SDK installer more robust.
The change has been tested locally using SDK installers for internal projects,
based on both Kirkstone and Scarthgap.
[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/16797
[1]: https://pubs.opengroup.org/onlinepubs/9799919799.2024edition/utilities/V3_chap02.html#set
(From OE-Core rev: 1cb4b41c7faf77fcc347b1276d86d4288968c926)
(From OE-Core rev: 940159f060e9a851cc9ff5a9e1c590ed8de4b38e)
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 10dce263f0)
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
OE FIT_SIGN_INDIVIDUAL is implemented in an unusual manner,
where the resulting signed fitImage contains both signed
images and signed configurations, possibly using different
keys. This kind of signing of images is redundant, but so is
the behavior of FIT_SIGN_INDIVIDUAL="1" and that is here to
stay.
Adjust the process of public key insertion into u-boot.dtb
such that if FIT_SIGN_INDIVIDUAL==1, the image signing key
is inserted into u-boot.dtb first, and in any case the
configuration signing key is inserted into u-boot.dtb last.
The verification of the keys inserted into u-boot.dtb against
unused.itb is performed only for FIT_SIGN_INDIVIDUAL!=1 due to
mkimage limitation, which does not allow mkimage -f auto-conf
to update the generated unused.itb, and instead rewrites it.
Fixes: 259bfa86f384 ("u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled")
(From OE-Core rev: 699822a163a4efa32735f75d21fde4ffa195c0e0)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0106e5efab99c8016836a2ab71e2327ce58a9a9d)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The text format has been removed, so also remove references and examples
using this format. Replace with examples with the JSON format.
(From yocto-docs rev: 3757ace0581e6279aa7c065b21cee56edfe985dd)
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a52cd7bcadccc53e982f90d6e170d00798322597)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes https://bugzilla.yoctoproject.org/show_bug.cgi?id=15740
python3-setuptools-scm was ignoring GIT_CEILING_DIRECTORIES which is set by poky,
and it was thus finding a wrong value of "toplevel" in ./src/setuptools_scm/_file_finders/git.py
The code is supposed to generate the list of files contained in python3-setuptools-scm, but it was
instead running "git archive" on whatever git repository was above the build directory, because the
tarball containing the sources of python3-setuptools-scm does not contain a .git directory.
This is barely noticeable when building as a subdirectory of poky which is only 48MB, but this was
causing serious slowdowns of python3-setuptools-scm:do_compile when building
inside a big git repository with files tracked using git-lfs (50 minutes in my use-case).
Reported upstream as https://github.com/pypa/setuptools-scm/issues/1103
(From OE-Core rev: 4ebe72477484cf68165b6f736ce10373e97d0e6d)
(From OE-Core rev: 369eebad4f38c3641be73dbc0490c87636e0912d)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error
and resultant heap memory corruption for squashfs directory listing because the
path separator is not considered in a size calculation.
https://nvd.nist.gov/vuln/detail/CVE-2024-57259
(From OE-Core rev: 8fad176e6258a44d1ba1eed224cd27745b6a57cf)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1
occur for a crafted squashfs filesystem via sbrk, via request2size,
or because ptrdiff_t is mishandled on x86_64.
https://nvd.nist.gov/vuln/detail/CVE-2024-57258
(From OE-Core rev: 12e1d55ae2427b6aaca6a1f7d8f947f0d6bbd28d)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1
occurs for zalloc (adding one to an le32 variable) via a crafted ext4
filesystem with an inode size of 0xffffffff, resulting in a malloc of
zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57256
(From OE-Core rev: 21e6ac6e53112b9dddc5a84f27be5851469b9c46)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1
occurs via a crafted squashfs filesystem with an inode size of 0xffffffff,
resulting in a malloc of zero and resultant memory overwrite.
https://nvd.nist.gov/vuln/detail/CVE-2024-57255
(From OE-Core rev: c3784c108f003c6663ca969585414e4a90f06606)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An integer overflow in sqfs_inode_size in Das U-Boot before
2025.01-rc1 occurs in the symlink size calculation via a
crafted squashfs filesystem.
https://nvd.nist.gov/vuln/detail/CVE-2024-57254
(From OE-Core rev: eea9fee59bc7576bef94f0da466887e4daff0356)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Import the favicon from https://www.yoctoproject.org/, convert it to
16x16 (as per the Sphinx documentation) to make a 1291B image of the
Yocto logo.
(From yocto-docs rev: 14de49a1ec6d725764e2a968edd3386252e826fe)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit e3ee43e6d70685a2404aae2d60557a42879b0bb1)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
ppp version 2.5.0 fails to run properly if an expected /run/pppd/lock
directory does not exist, which is not usually created in a yocto
built OS.
Backport the patch from upstream version 2.5.1 that fixes the issue by
reverting back to /var/lock.
The related github issue upstream was:
"lock directory moved in ppp-2.5.0 #419" [1]
Link: https://github.com/ppp-project/ppp/issues/419
(From OE-Core rev: 0869eb50e39c567cc1d50db4eb287f02866196cf)
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update to the 5.0.7 release of the 5.0 series for buildtools.
(From OE-Core rev: 793d3203db41efa4df1d615db832a771015b7b50)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
