We're seeing occasional autobuilder failures with tar issues related to openat2.
It appears there are definitions missing on debian 11 and opensuse 15.5 systems
which mean the openat2 syscall intercept isn't compiled in. This then triggers
on systems using the openat2 syscall, such as alma9 where it is used in a tar
CVE fix.
This updates to include the fix from upstream pseudo (along with a compile warning
fix).
This was tested by taking sstate for pseudo-native from a debian 11 system and using
it in a build of "bitbake nativesdk-git -c install" on a alma9 system where that task
failed. After this fix, it completes.
(From OE-Core rev: 34b74540ee497e2cc89211d7aa2772097b6fa79b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c20c05b324e5d6564c8554381019170839509bb)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pulls in the following changes:
Makefile.in: Bump version to 1.9.3
configure: Minor code quality changes
pseudo: code quality scan - resolved various potential issues
makewrappers: improve error handling and robustness
Update COPYRIGHT files
ports/linux/pseudo_wrappers.c: Call the wrappers where possible
ports/linux/pseudo_wrappers.c: Workaround compile error on Debian 11
ports/linux/pseudo_wrappers.c: Reorder the syscall operations
ports/unix/guts/realpath.c: Fix indents
pseudo_util.c: Skip realpath like expansion for /proc on Linux
test/test-proc-pipe.sh: Add test case for proc pipes
ports/unix/guts/realpath.c: realpath fails if the resolved path doesn't exist
(From OE-Core rev: 7a05347a6418bfb6126e3a601489dc71efb0d2fc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 524f4bbb11f9c7e0126e8bd46af217b452d48f5e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes [YOCTO #16128]
Backport of upstream bug fix from lighttpd-1.4.75. Version 1.4.74 introduced a bug that
would append a trailing slash to files in a directory listing. When the user attempts to
download one of these files, the web browser could not save the file with a trailing
slash. As a consequence, every web browser tested would generate a random character string
for the saved file name.
(From OE-Core rev: 797f15116901328a9a58868edeea44614dc29043)
Signed-off-by: Fred Bacon <bacon@aerodyne.com>
[Yoann: Fixed Upstream-Status: Backport URL]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adding postprocessing script to process data from linux CNA that includes more accurate metadata and it is updated directly by the source.
Example of enhanced CVE from a report from cve-check:
{
"id": "CVE-2024-26710",
"status": "Ignored",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710",
"summary": "In the Linux kernel, the following vulnerability [...]",
"scorev2": "0.0",
"scorev3": "5.5",
"scorev4": "0.0",
"modified": "2025-03-17T15:36:11.620",
"vector": "LOCAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"detail": "not-applicable-config",
"description": "Source code not compiled by config. ['arch/powerpc/include/asm/thread_info.h']"
},
And same from a report generated with vex:
{
"id": "CVE-2024-26710",
"status": "Ignored",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710",
"detail": "not-applicable-config",
"description": "Source code not compiled by config. ['arch/powerpc/include/asm/thread_info.h']"
},
For unpatched CVEs, provide more context in the description:
Tested with 6.12.22 kernel
{
"id": "CVE-2025-39728",
"status": "Unpatched",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2025-39728",
"summary": "In the Linux kernel, the following vulnerability has been [...],
"scorev2": "0.0",
"scorev3": "0.0",
"scorev4": "0.0",
"modified": "2025-04-21T14:23:45.950",
"vector": "UNKNOWN",
"vectorString": "UNKNOWN",
"detail": "version-in-range",
"description": "Needs backporting (fixed from 6.12.23)"
},
CC: Peter Marko <peter.marko@siemens.com>
CC: Marta Rybczynska <rybczynska@gmail.com>
(From OE-Core rev: 7637af0a94764ac0c6c4f02f383992bcb4753af0)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e60b1759c1aea5b8f5317e46608f0a3e782ecf57)
Signed-off-by: Suresh H A <suresh.ha@bmwtechworks.in>
[Yoann: Stable policy exception: This change is clearly a new feature
and thus should be rejected from stables by policy. But, since this is
contrib/ an exception can be made]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Several CVE helper functions (get_patched_cves() and decode_cve_status())
implicitly depend on the CVE_STATUS and CVE_CHECK_STATUSMAP variables, but
these were not declared in the vardeps of their callers.
On Scarthgap, the upstream fix (2cc43c72ff28aa39a417dd8d57cd7c8741c0e541)
cannot be cherry-picked cleanly, as it also requires BitBake changes.
As a workaround, explicitly add CVE_STATUS and CVE_CHECK_STATUSMAP to the
vardeps of all tasks invoking these helpers, ensuring correct task
re-execution when CVE status changes.
This keeps CVE-related metadata generation consistent without requiring
BitBake modifications.
(From OE-Core rev: 111e1f2febade3c34649f33676f7f7e7cc8e0bd0)
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
git log --oneline 58cbbd43fe82910cf8ae9008351b0b0665104500..ce65d944e38a20cb70af2a48a4b8aa5d8fabe1cc
ce65d944e3 (HEAD -> release/2.39/master, origin/release/2.39/master) posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281 / BZ 33814)
831f63b94c resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915)
fb22fd3f5b memalign: reinstate alignment overflow check (CVE-2026-0861)
10c0bcb3d3 support: Exit on consistency check failure in resolv_response_add_name
f47dd22366 support: Fix FILE * leak in check_for_unshare_hints in test-container
4a53354eaf sprof: fix -Wformat warnings on 32-bit hosts
beb8267909 sprof: check pread size and offset for overflow
c07002038f getaddrinfo.c: Avoid uninitialized pointer access [BZ #32465]
ae5fb93559 nptl: Optimize trylock for high cache contention workloads (BZ #33704)
efff7cb659 ppc64le: Power 10 rawmemchr clobbers v20 (bug #33091)
f6becd8ae8 ppc64le: Restore optimized strncmp for power10
0daa4e46b8 ppc64le: Restore optimized strcmp for power10
28c1de6580 AArch64: Fix instability in AdvSIMD tan
03d0393343 AArch64: Optimise SVE scalar callbacks
0d05a895f1 aarch64: fix includes in SME tests
c1dc4412f8 aarch64: fix cfi directives around __libc_arm_za_disable
d60f15dc89 aarch64: tests for SME
d1d0d09e9e aarch64: clear ZA state of SME before clone and clone3 syscalls
dbe1904b7c aarch64: define macro for calling __libc_arm_za_disable
58cf4aa421 aarch64: update tests for SME
1b3bd9a9a6 aarch64: Disable ZA state of SME in setjmp and sigsetjmp
38942a336b linux: Also check pkey_get for ENOSYS on tst-pkey (BZ 31996)
c74d59a656 aarch64: Do not link conform tests with -Wl,-z,force-bti (bug 33601)
323ad087a1 x86: fix wmemset ifunc stray '!' (bug 33542)
Testing Results:
Before After Diff
PASS 4926 4921 -5
XPASS 4 4 0
FAIL 223 229 +6
XFAIL 16 16 0
UNSUPPORTED 224 224 0
Changes in failed testcases:
testcase-name before after
elf/tst-audit21 PASS FAIL
malloc/tst-malloc-too-large PASS FAIL
malloc/tst-malloc-too-large-malloc-check PASS FAIL
malloc/tst-malloc-too-large-malloc-hugetlb1 PASS FAIL
malloc/tst-malloc-too-large-malloc-hugetlb2 PASS FAIL
malloc/tst-malloc-too-large-mcheck PASS FAIL
(From OE-Core rev: a49b898ed6d571391d90cc3ba150a0421642be23)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
[Yoann: When run on the autobuilder, all those new FAIL tests are PASS:
https://valkyrie.yocto.io/pub/non-release/20260209-10/testresults/qemux86-64-tc/testresults.json]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2023-45853: Version is now higher than NVD CPE
This is a partial cherry-pick from 73ee9789183a ("recipes: cleanup
CVE_STATUS which are resolved now").
Cc: Peter Marko <peter.marko@siemens.com>
(From OE-Core rev: 2e05844a70f97399e323f967e926075428cb5233)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To avoid false positives (such as CVE-2023-6992, cloudflare:zlib), add a
CVE_PRODUCT to identify the vendors that have been used.
Removing the present existing CVE_STATUS for CVE-2023-6992.
(From OE-Core rev: 85427d225416b3b12bf05513c9427370309b2127)
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 119b775b36dfd51286493763cffb6e965893b8fd)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
curl's websocket code did not update the 32 bit mask pattern
for each new outgoing frame as the specification says. Instead
it used a fixed mask that persisted and was used throughout
the entire connection.
A predictable mask pattern allows for a malicious server to induce
traffic between the two communicating parties that could be
interpreted by an involved proxy (configured or transparent) as
genuine, real, HTTP traffic with content and thereby poison its
cache. That cached poisoned content could then be served to all
users of that proxy.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-10148
Upstream patch:
https://github.com/curl/curl/commit/84db7a9eae8468c0445b15aa806fa
(From OE-Core rev: 3793ee12d8da4f8f90a0ffcad180ef8122251491)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Python 3.14 complains about these:
Traceback (most recent call last):
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 722, in main
termfilter.updateFooter()
~~~~~~~~~~~~~~~~~~~~~~~^^
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 339, in updateFooter
lines = self.getlines(content)
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 370, in getlines
lines = lines + 1 + int(len(line) / (self.columns + 1))
~~~~~~~~~~~~~^~~
TypeError: can only concatenate str (not "int") to str
and
Traceback (most recent call last):
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 722, in main
termfilter.updateFooter()
~~~~~~~~~~~~~~~~~~~~~~~^^
File "/mnt2/zozo/yocto-5.3/bitbake/lib/bb/ui/knotty.py", line 341, in updateFooter
for tasknum, task in enumerate(tasks[:(self.rows - 1 - lines)]):
~~~~~~~~~~^~~
TypeError: unsupported operand type(s) for -: 'str' and 'int'
Make sure getting the number of rows and columns from the terminal
via the environment variables LINES and COLUMNS are returned as a
pair of integers. This matches the return value of ioctl_GWINSZ().
(Bitbake rev: 10118785e4a670bce4980e1044c0888a8b6e84af)
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a4e0b6f8077276a0bfb9d05c759bc752a84d1f76)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Python 3.14 enforces stricter type and size checking for fcntl.ioctl()
buffer arguments. The previous code passed a short 4-byte string ('1234')
to TIOCGWINSZ, which worked by accident in older Python versions but causes
a SystemError ("buffer overflow") in 3.14.
TIOCGWINSZ expects an 8-byte (4x 16-bit) buffer corresponding to
(rows, cols, xpix, ypix). Use an 8-byte bytes literal instead and unpack
the first two values.
Tested with Python 3.11, 3.13, and 3.14.
(Bitbake rev: 9127359eb116827a1e0debe69f84e57717436847)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 415e9e329cf8cc0c2caa01cba80c21cfac9e2414)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The example recipe taken above is hello-world on version 1.0 (because
PV equals "1.0+git". Fix this issue.
(From yocto-docs rev: 2d765587de2a2f3383a400d9bdecf64d9b182af9)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 411122812ced4ec32127a823896a73aacf6eb97c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When we don't have a PR server enabled, we don't have leading ".0" to
the PKGR variable, as this is added by the PR server.
(From yocto-docs rev: e5aaccf54494978bc8c24b4920dad7135837edb7)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 7a0324b6a10e64ee250945747db10ca88040b1ce)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The current example of the SRCREV change triggering a gitX bump is
wrong, as both gitX and r0.X get incremented.
Why this is happening is explained in bug 15729, which I copy here:
> +gitX+ is indeed related to changes in the source code.
>
> r0.X is bumped each time the checksum of the do_package task of the
> simple-hello-world-git recipe changes. This happens here:
> https://git.openembedded.org/openembedded-core/tree/meta/classes-global/package.bbclass?id=235e6d49e5888ad04416219e10b6df91a738661a#n306
>
> This line sets the value of PRAUTO and represents the number X found in
> r0.X. It will in the end make it into EXTENDPRAUTO, which itself makes
> to PKGR == r0.X.
>
> This line calls getPR(version, pkgarch, checksum). Between test case 5
> and 6, only the checksum changes. This checksum is the checksum of the
> do_package task (gotten from get_do_package_hash() above).
>
> Now, let's dump what changed with regards to this task between two
> consecutive runs, using the sigdata file in build/tmp/stamps/:
>
> ```
> [...]
> Variable fetcher_hashes_dummyfunc value changed from '2650ad6714c3f3248abfe9d3daf1196f307ed494' to '4af682a50174f5deb0397847da97d7cdba4ad067'
> ```
>
> The last line shows that the value of fetcher_hashes_dummyfunc changed
> from '2650ad6714c3f3248abfe9d3daf1196f307ed494' to
> '4af682a50174f5deb0397847da97d7cdba4ad067'. Those are the commit hashes
> in the git history of the simple-hello-world-git repository.
>
> Now you can see why this 0.X gets bumped, is because of the SRCREV change.
Fix the example, and detail what gets changed and why.
[YOCTO #15729]
Cc: Robert Berger <pokylinux@reliableembeddedsystems.com>
(From yocto-docs rev: 11fe7dbc49a8062cda8062d320dcb2be70a3b6f3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 09f0430bc69024b9854c31ba6783ddd807aa4f19)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The eSDK installer script installs in poky_sdk directory but under the
user's home directory so let's make that explicit.
(From yocto-docs rev: 9811bee2e33002b449d073a3f3be1889e249ee2a)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 52ec12522bad3bbdff937f1c66224aa9b2d299cd)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I'm pretty sure we meant to use the DISTRO poky.yaml.in placeholder
which can only be replaced when surrounding by & and ; characters.
Therefore let's fix this oversight.
Also, the example isn't actually pointing at the snapshot, but the
actual release, so let's reword that as well so it matches the example.
I decided to do that instead of adding +snapshot to the filename because
the example in the next section is actually using that same filename so
for consistency it seemed more appropriate.
(From yocto-docs rev: 27f259434f5bc3914d2c2b74961d744f7bffbcdc)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit ede411d70ffc837e5bea4666da9706e67960b0f2)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It's easier on the eye to use a parsed-literal block for highlighting
things that must be changed than simply stating the word, so this makes
use of a parsed-literal block instead of a simple inline code-block and
also highlight in italic which words are placeholders.
Also make the explanation below the literal-block use the same
highlighting (italic).
(From yocto-docs rev: 648b3c3e80a3916917763e3892a5e8c8d8a72162)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 41ee642c33cc2e7435e6037bf49fe7495ffa6133)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It hasn't been used since the migration to Sphinx so let's remove it.
(From yocto-docs rev: 5ad326e61cf9f1d5fb8718dcf4e5f693bd3c4c28)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit ffaea8391b3d78c2ccf964474e03c50a1c043c6c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This PNG is totally unnecessary and makes accessibility much worse, so
let's simply replace the PNG with a parsed-literal block showing the
same directory layout with the same highlighted placeholders.
While at it, update the layout to match the more recent one (5.0.15) and
have it alphabetically sorted (mixed files and directories).
The placeholders are highlighted the same way inside and outside the
parsed-literal block for consistency.
(From yocto-docs rev: 923a35a87f72af7a678bb942186cef1cc81e1ab9)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 77b24b4a8d437797ab25dfeb37ae5cd911c52d31)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This PNG is totally unnecessary and makes accessibility much worse, so
let's simply replace the PNG with a parsed-literal block showing the
same directory layout with the same highlighted placeholders.
While at it, update the layout to match the more recent one (5.0.15) and
have it alphabetically sorted (mixed files and directories).
The placeholders are highlighted the same way inside and outside the
parsed-literal block for consistency.
(From yocto-docs rev: 56355f9dacc9b5cdfa6ad86d6c07dcb0511bc394)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0c68497ec5f6525483e5a98e15db24f651bf28ba)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
No lexer exists for BitBake right now, so let's simply disable the lexer
entirely by using the "none" lexer.
I'm using "none" instead of "text" to be able to "easily" replace none
code blocks the day a BitBake lexer exists. I "reserve" "text" for
actual text content (e.g. a filename, or the output of a command line
without the command line).
(From yocto-docs rev: 27d3921725b71a3346a6b76c7de4c11ebbced01c)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit d682bce63cdc5aad9c2d3b932a6ba2d27ecfe107)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are some blocks containing C code so highlight them as C with the
"c" lexer.
For autotool'ed files, there's no lexer available so "none" will do just
fine.
Finally, there's one Makefile code block so highlight it with the
"makefile" lexer.
(From yocto-docs rev: 6c3802113231393ff02d8ac96418f59cfc4c0124)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 10d40604cb4affb17dda2253f82a2422d5a9bcf6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
poky-glibc-host_system-image_type-arch-toolchain-ext-release_version.sh
is in a code-block and thus requires to be indented (it is). Sphinx
knows a block has ended when the indentation of the next line is smaller
than in the block, otherwise it's all in the same block.
The explanation of the replaceable parts in the tarball installer script
filename should be text and not part of the block, so let's do that.
While at it, reformat by putting each replaceable part in a bullet list,
highlight the replaceable part or what it can replaced with as well as
putting the replacement on the same line instead of making it a quote by
having them indented in the bullet list.
Finally, replace the literal block (::) with a parsed-literal block so
we can highlight the placeholders appropriately.
(From yocto-docs rev: 0f0ce9012349f4bb18a0c209b77b45a125f2d387)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 04c883216158edafe6a4c4ddfb38f63ffb5d5c24)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When unspecified in conf.py via the highlight_language variable (and
highlight variable for code-blocks), the lexer used for literal blocks
is "default" which tries to highlight the block as Python code.
These blocks aren't Python but simple command lines prefixed by a
prompt so let's use the "console" lexer to properly highlight.
(From yocto-docs rev: cb27e3264bcfdeec20d590dfff5cba99051d825e)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit c6039ce11d638a0b64844480e51d126fcda304b4)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When unspecified in conf.py via the highlight_language variable (and
highlight variable for code-blocks), the lexer used for literal blocks
is "default" which tries to highlight the block as Python code.
These blocks aren't Python but either simply the console output or a
file name (which we should probably just double tick-quote instead), so
let's render those blocks with the "text" lexer.
(From yocto-docs rev: ff5a0859620327e4eada0082b20ad62b032d8d5f)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 72354c27000aba3ae583894ff6112a1a017e33d5)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The pseudo update was causing hangs in builds, pull in the fix.
(From OE-Core rev: a845c75096c381f45c13451b1baedc7774e4eff2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8acdbefd0a148c8b7713f46066ae8489984c5d2d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pulls in the following fixes:
* makewrappers: Enable a new efault option
* ports/linux/openat2: Add dummy wrapper
* test-syscall: Add a syscall test
* ports/linux/pseudo_wrappers: Avoid openat2 usage via syscall
which should fix issues with the tar CVE fix on Centos/Alma/Rocky 9 distros
that uses openat2 as well as the efault issue breaking rust based uutils.
(From OE-Core rev: a872357343b29530d05823368cfc8863a798412d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51f1388dd1679a28ec3ca468cf16aa0ea32bccf9)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
