$ git log --oneline 3463100f2d47f2897a24ba8023a5c7aaf2d26550..06a70769fd0b2e1f2a3085ad50ab620282bd77b3
06a70769fd ppc64le: Revert "powerpc: Optimized strcmp for power10" (CVE-2025-5702)
3875045da5 ppc64le: Revert "powerpc : Add optimized memchr for POWER10" (Bug 33059)
c6240a11f7 ppc64le: Revert "powerpc: Fix performance issues of strcmp power10" (CVE-2025-5702)
2caef2827f elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987)
9e25c0f445 x86_64: Fix typo in ifunc-impl-list.c.
ca99d55315 elf: Test case for bug 32976 (CVE-2025-4802)
71ddb11ccd support: Add support_record_failure_barrier
abdeb4b520 support: Use const char * argument in support_capture_subprogram_self_sgid
147bed0a71 elf: Keep using minimal malloc after early DTV resize (bug 32412)
4e5ee49a43 sysdeps/unix/sysv/linux/x86_64/Makefile: Add the end marker
37b30b6a68 sysdeps/x86_64/Makefile (tests): Add the end marker
9fe51d34bb sort-makefile-lines.py: Allow '_' in name and "^# name"
14ec225d85 libio: Correctly link tst-popen-fork against libpthread
1dcfb9479d libio: Fix a deadlock after fork in popen
e31ac9a639 libio: Sort test variables in Makefile
68f3f1a1d0 Linux: Switch back to assembly syscall wrapper for prctl (bug 29770)
d33d10642f nptl: PTHREAD_COND_INITIALIZER compatibility with pre-2.41 versions (bug 32786)
b1eb369aee nptl: Use all of g1_start and g_signals
ac5da3c0e4 nptl: rename __condvar_quiesce_and_switch_g1
2fdc0afd07 nptl: Fix indentation
582c99b2c0 nptl: Use a single loop in pthread_cond_wait instaed of a nested loop
fc2a25417d nptl: Remove g_refs from condition variables
6f5ba03968 nptl: Remove unnecessary quadruple check in pthread_cond_wait
d0da34ad30 nptl: Remove unnecessary catch-all-wake in condvar group switch
ea13a35e37 nptl: Update comments and indentation for new condvar implementation
2451ef5c4a pthreads NPTL: lost wakeup fix 2
test results:
Before After Diff
FAIL 207 207 0
PASS 4912 4915 +3
UNSUPPORTED 230 230 0
XFAIL 16 16 0
XPASS 4 4 0
(From OE-Core rev: c94b6686a1edcaa1bea1ff5e716df96da8e36b7c)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The recipe was accidentally renamed with a 'v'
prefix in 29e623b2ad00555788412fa520fbb9ffec794cbb.
(From OE-Core rev: db02a4cc542d0e7e563ec46c91bf9a7313a71d02)
Signed-off-by: Savvas Etairidis <setairidis@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
During ptest execution, util-linux adds mount entries in /etc/fstab
and runs `mount -a`, which mounts all available entries from
/etc/fstab. This can cause unintended mounts that are unrelated to
the test, leading to incorrect test behavior.
To avoid this, upstream util-linux introduced a mechanism using
CUSTOM_FSTAB,which isolates test-specific fstab entries. Only entries
listed in CUSTOM_FSTAB are mounted during test execution, ensuring
tests do not interfere with or depend on the system's /etc/fstab.
This commit backports below upstream changes to use CUSTOM_FSTAB.
ed3d33faffb1580bd7606aa8d17b6b
(From OE-Core rev: e7420db0d77611140149ccfefefc8becfad4f34b)
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If extra-utils package is not included in the image, you'll always
see a warning that password agent is missing whenever you start/stop a
service:
Failed to execute /usr/bin/systemd-tty-ask-password-agent: No such file or directory
(From OE-Core rev: 180455ee76a3819933f45ddd6ce9a5610b3ba947)
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This recipe takes longer time >20min when bitbake for package
write stage. When cross-verified for longer time duration, found
that do_check() stage taking 20min while other stages completes
before 6min.
This recipe gives only below two test binaries in the packages to
test (ptest: glibc-y2038-tests):
io/ftwtest
io/ftwtest-time64
The above test binaries are already included for testing in recipe
glibc-testsuite_2.39.bb.
It is by now well established that glibc itself works as it should,
that all affected 32 bit targets are configured to use 64 bit time_t,
and that any lingering y2038 issues are in components other than the c
library, and usually come from C programming mistakes (e.g. storing
timestamps in long). So this recipe seems to be redundant and
can be removed.
Review comments for fixing above longer time duration ended up in
removing this recipe as a proposal is below
https://lists.openembedded.org/g/openembedded-core/topic/112188476#msg214636
Removed lines having reference to glibc-y2038-tests in the files.
For master branch requested for integration and below is the link
https://lists.openembedded.org/g/openembedded-core/message/215655
(From OE-Core rev: b214cc84a922f7a3fb7ebbc501189ce25e8bd2bd)
Signed-off-by: rajmohan r <semc.2042@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
3463100f2d x86: Detect Intel Diamond Rapids
e09436c2cb x86: Handle unknown Intel processor with default tuning
7620d98186 x86: Add ARL/PTL/CWF model detection support
765ff3d0d4 x86: Optimize xstate size calculation
65ae73be01 x86: Use `Avoid_Non_Temporal_Memset` to control non-temporal path
2be36448c4 x86: Tunables may incorrectly set Prefer_PMINUB_for_stringop (bug 32047)
bde201e92c x86: Disable non-temporal memset on Skylake Server
38a7632f2d x86: Fix value for `x86_memset_non_temporal_threshold` when it is undesirable
cc59fa5dbc x86: Enable non-temporal memset tunable for AMD
0da58e8be0 x86: Add seperate non-temporal tunable for memset
837a36c371 x86: Link tst-gnu2-tls2-x86-noxsave{,c,xsavec} with libpthread
87ab0c7f7f x86: Use separate variable for TLSDESC XSAVE/XSAVEC state size (bug 32810)
60cd7123a6 x86: Skip XSAVE state size reset if ISA level requires XSAVE
4cf3f9df54 x86_64: Add atanh with FMA
01ed435e2e x86_64: Add sinh with FMA
0edcc77fe7 x86_64: Add tanh with FMA
7ecf0d3bde x86-64: Exclude FMA4 IFUNC functions for -mapxf
e1fe22368e nptl: clear the whole rseq area before registration
dd8c0c3bbd math: Improve layout of exp/exp10 data
a1b09e59e2 AArch64: Use prefer_sve_ifuncs for SVE memset
d0e2133470 AArch64: Add SVE memset
0cc12d9c47 math: Improve layout of expf data
0cd10047bf AArch64: Remove zva_128 from memset
dd1e63ab58 AArch64: Optimize memset
65a96a6f2b AArch64: Improve generic strlen
4073e4ee2c AArch64: Improve codegen for SVE logs
78abd3ef6e AArch64: Improve codegen in SVE tans
a10183b633 AArch64: Improve codegen of AdvSIMD atan(2)(f)
dcd1229e5b AArch64: Improve codegen of AdvSIMD logf function family
72156cb90b AArch64: Improve codegen in AdvSIMD logs
5e354bf4e2 AArch64: Simplify rounding-multiply pattern in several AdvSIMD routines
80df456112 aarch64: Avoid redundant MOVs in AdvSIMD F32 logs
d591876303 aarch64: Fix AdvSIMD libmvec routines for big-endian
f6d48470ae assert: Add test for CVE-2025-0395
Testresults:
Before update |After update |Difference
PASS: 5068 |PASS: 5072 |PASS: +4
FAIL: 120 |FAIL: 120 |FAIL: 0
XPASS: 4 |XPASS: 4 |XPASS: 0
XFAIL: 16 |XFAIL: 16 |XFAIL: 0
UNSUPPORTED: 157|UNSUPPORTED: 157|UNSUPPORTED: 0
(From OE-Core rev: f14c2e6a6ba72673a0e30cde48ec1d5573be3e01)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This reverts commit 7adaec468d.
It does not seem to fix the issue it was supposed to fix.
Additionally it breaks code which decides in full/partial update,
because it manipulates timestamp that code is relying on.
(From OE-Core rev: 00dd4901e364d16d96cfab864823a9cfdd336eeb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ebc65fdddd7ce51f0f1008baa30d0ae7918ae0bb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
To adapt user network enviroment, buildtools should first try to use
the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these
envs is not set, then use the auto-detected ca file and ca path, and
finally use the CA certificates in buildtools.
nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work
nativesdk-curl don't set default ca file, need
SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work
nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO
also works
nativesdk-python3-requests will use cacert.pem under python module certifi by
default, need to set REQUESTS_CA_BUNDLE
(From OE-Core rev: 0653b96bac6d0800dc5154557706a323418808be)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* make git,curl,python3-requests align with openssl, move the setting of
envvars into respective envfile
* for environment.d-openssl.sh, also check if ca-certificates.crt exist
before export envvars
(From OE-Core rev: 5f4fd544d3df7365224599c9efdce4e545f51d5e)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit from 2.13 branch as 2.12 branch is unmaintained now.
(From OE-Core rev: 2335d4f0d1826647eaee224c469331980fc84ed2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit which has been backported to 2.12 release branch.
(From OE-Core rev: 187052ce4ddd43b46b8335cc955a63ca19ee6994)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The update includes 82 commits. Full list of changes can be found on Github [1]
All patches were refreshed with devtool.
[1] systemd/systemd-stable@v255.17...v255.18
(From OE-Core rev: 121e1fb42c4c909115bc550585b2ebcb3a13e0a5)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
NVD responses changed to an invalid json between:
* April 5, 2025 at 3:03:44 AM GMT+2
* April 5, 2025 at 4:19:48 AM GMT+2
The last response is since then in format
{
"resultsPerPage": 625,
"startIndex": 288000,
"totalResults": 288625,
"format": "NVD_CVE",
"version": "2.0",
"timestamp": "2025-04-07T07:17:17.534",
"vulnerabilities": [
{...},
...
{...},
]
}
Json does not allow trailing , in responses, that is json5 format.
So cve-update-nvd2-native do_Fetch task fails with log backtrace ending:
...
File: '/builds/ccp/meta-siemens/projects/ccp/../../poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 234, function: update_db_file
0230: if raw_data is None:
0231: # We haven't managed to download data
0232: return False
0233:
*** 0234: data = json.loads(raw_data)
0235:
0236: index = data["startIndex"]
0237: total = data["totalResults"]
0238: per_page = data["resultsPerPage"]
...
File: '/usr/lib/python3.11/json/decoder.py', lineno: 355, function: raw_decode
0351: """
0352: try:
0353: obj, end = self.scan_once(s, idx)
0354: except StopIteration as err:
*** 0355: raise JSONDecodeError("Expecting value", s, err.value) from None
0356: return obj, end
Exception: json.decoder.JSONDecodeError: Expecting value: line 1 column 1442633 (char 1442632)
...
There was no announcement about json format of API v2.0 by nvd.
Also this happens only if whole database is queried (database update is
fine, even when multiple pages as queried).
And lastly it's only the cve list, all other lists inside are fine.
So this looks like a bug in NVD 2.0 introduced with some update.
Patch this with simple character deletion for now and let's monitor the
situation and possibly switch to json5 in the future.
Note that there is no native json5 support in python, we'd have to use
one of external libraries for it.
(From OE-Core rev: 4358fdfdd7a8908df98f7c4def2c8c1a6efb7256)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e526327f5c9e739ac7981e4a43a4ce53a908945)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport https://github.com/libexpat/libexpat/pull/973
Patch created by:
git diff 2fc36833334340ff7ddca374d86daa8744c1dfa3..99529768b4a722f46c69b04b874c1d45b3eb819c
Additional backport (containing changes in tests only) was needed to
apply it cleanly.
Additional backport https://github.com/libexpat/libexpat/pull/989
which has fixed regression of the first fix.
Patch created by:
git diff 91ca72e913af94ed44ef2a80a9dd542be3e5766c..308c31ed647f2c6aebe33ca3a4fa9e1436f461e2
(From OE-Core rev: 3ece58813faaf4e5f66c7b52f736e84615ccfef6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is a new CVE which is missing vulnStatus field:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2682
This leads to:
File: '<snip>/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 336, function: update_db
0332:
0333: accessVector = None
0334: vectorString = None
0335: cveId = elt['cve']['id']
*** 0336: if elt['cve']['vulnStatus'] == "Rejected":
0337: c = conn.cursor()
0338: c.execute("delete from PRODUCTS where ID = ?;", [cveId])
0339: c.execute("delete from NVD where ID = ?;", [cveId])
0340: c.close()
Exception: KeyError: 'vulnStatus'
(From OE-Core rev: 2f242f2a269bb18aab703f685e27f9c3ba761db8)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The libpcre2 is now dlopen'ed, so it is not automatically added to the
RDEPENDS anymore. Add it to the RRECOMMENDS list (and not RDEPENDS as
systemd tags the library as "suggested").
This issue is not on master, the systemd v257 recipe uses a tool that
systemd provides to get this kind of dependencies. But this cannot be
backported to scarthgap as systemd v255 does not have this tool yet.
Cc: Yoann Congal <yoann.congal@smile.fr>
(From OE-Core rev: 45fc7048c511c433ecc23840fe6fdd61f6366a47)
Signed-off-by: Alexis Cellier <alexis.cellier@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Remove /bin/sh from bash RPROVIDES as this has a side-effect which
confuses rpm package manager when also busybox provides /bin/sh and
base-files depend on /bin/sh . The problem is broken down below.
First, bash depends on base-files and bash pkg_postinst must run
after base-files was installed, because it requires /etc/shells
provided by base-files to be in place.
Second, base-files depends on /bin/sh, which is provided by either
bash or busybox in this case. This is the actual problem here, if
bash is selected as /bin/sh provider, then there is cyclic dependency
between bash and base-files, and that confuses dnf which may install
the packages in the wrong order, bash first and base-files second .
To make this worse, if busybox is also /bin/sh provider, it can and
does happen that some systems pick busybox as the /bin/sh provider,
while others pick bash as the /bin/sh provider, and that cyclic
dependency does not always appear.
Attempt to break this dependency, remove pre-inst script from the
base-files recipe, which removes its dependency on /bin/sh and
allows it to be installed very early, and always before bash.
(From OE-Core rev: e71b64a9b22c7db316e92e78a4bce8b9f994a4ae)
(From OE-Core rev: 61880aac34ff408a8bc5060c6140bfd086b27524)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The update includes 156 commits. Full list of changes can be found on Github [1]
All patches were refreshed with devtool. One patch had to be manually
rebased to resolve a merge conflict introduced with 255.14 [2].
[1] https://github.com/systemd/systemd-stable/compare/v255.13...v255.17
[2] 0003-src-basic-missing.h-check-for-missing-strndupa.patch
(From OE-Core rev: 57ca5a2c912fcc4836f263ff2b98c9de2130f324)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The custom do_fetch routine is ignoring BB_NO_NETWORK, add a check for this
as the correct behavior for the user is to set:
CVE_DB_UPDATE_INTERVAL = "-1"
If CVE_DB_UPDATE_INTERNAL is set to -1, check that a DB file exists, if not
we need to error so the user can deal with this.
Note, MIRRORs are NOT handled by this code.
(From OE-Core rev: 062c125f41c3fc3fec0938b24f847ed566357c84)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 337c0806d2784d74bee8d6420fb8b4d48795d5fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 2bc4623a910dfa3a22cd054ea1e0f2dd59d74eea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
After much debugging, the corruption issues on the autobuilder appear to
be due to the way sqlite accesses database files. It doesn't change the
file timestamp after making changes, which for reasons unknown, confuses
NFS. As soon as the file is touched, NFS becomes fine again accross the
whole cluster, as if by magic.
We could try and debug further but putting a "touch" call into the code
is easy and harmless. Lets hope this removes this annoying source of
errors.
(From OE-Core rev: b19b1e905d966443c4e4d17dfaeb299ae2526575)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below commits on glibc-2.39 stable branch are updated.
dcaf51b41e elf: Change ldconfig auxcache magic number (bug 32231)
b3c51635ef Make tst-strtod-underflow type-generic
b74be22f65 Add crt1-2.0.o for glibc 2.0 compatibility tests
fcdf98f38c Add tests of more strtod special cases
3edc0f22a6 Add more tests of strtod end pointer
988de94538 Make tst-strtod2 and tst-strtod5 type-generic
a2f7087237 powerpc64le: Build new strtod tests with long double ABI flags (bug 32145)
6624318c89 Do not set errno for overflowing NaN payload in strtod/nan (bug 32045)
63bcc01744 Improve NaN payload testing
86369c9ee4 Make __strtod_internal tests type-generic
a7be595c67 Fix strtod subnormal rounding (bug 30220)
9cfeccf65a More thoroughly test underflow / errno in tst-strtod-round
293e4e3c90 Test errno setting on strtod overflow in tst-strtod-round
d8b4fc3653 Add tests of fread
373aab3e52 stdio-common: Add new test for fdopen
Testresults:
After update |Before update |Difference
PASS: 4889 |PASS: 4885 |PASS: +4
FAIL: 229 |FAIL: 229 |FAIL: 0
XPASS: 4 |XPASS: 4 |XPASS: 0
XFAIL: 16 |XFAIL: 16 |XFAIL: 0
UNSUPPORTED: 227|UNSUPPORTED: 227|UNSUPPORTED: 0
(From OE-Core rev: c658dfd63f2e92cdb4aa59e7deb3771619844b8c)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Udev script network.sh is called when a new ethernet interface is plugged (eg. USB).
Due to some (old) missing files, this script does nothing, instead of configuring the
interfaces with ifup.
I just commented the corresponding lines to allow the script to reach the part where
it calls ifup.
(From OE-Core rev: cf881c1b96bf93a8a36b7d6ac83aa053ee059ba6)
Signed-off-by: Regis Dargent <regis.dargent@gmail.com>
Fixes [YOCTO 15616]
network.sh relies on (long) missing files (eg. /etc/network/options,
/etc/init.d/network) to decide if it should configure the new network
interface (ifup) or put its name in /etc/udev_network_queue for future
initialization by /etc/init.d/network service.
The actual result was that the new hotplugged interface was never
automatically configured.
Removing the obsolete tests allows the script to do its intended job.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160f7139172ffdf510a0d7d4e85f7fbaac7fd000)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When a program is a link to an executable, and this executable is
handled by update-alternatives, renamed to a different name, cmd
`pidof full_path_of_program` will not work.
Eg:
/usr/sbin/httpd -> /usr/sbin/httpd.apache2
`pidof /usr/sbin/httpd` cannot get pid of the process httpd
Backport the patch to fix above issue.
(From OE-Core rev: 60e6fe983c82d8a62fc07d9271d44d0cb072f0fd)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
