NVD ([1]) tracks this as:
cpe:2.3🅰️golang:go:*:*:*:*:*:*:*:*
Running on/with
cpe:2.3⭕microsoft:windows:-:*:*:*:*:*:*:*
Yocto cve-check ignores the "Running on/with", so it needs to be ignored
explicitly.
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-3566
(From OE-Core rev: b8841097eaf7545abf56eb52a122e113b54ba2a7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Drop upstreamed patch and refresh remaining patches.
* https://www.python.org/downloads/release/python-31210/
Python 3.12.10 is the latest maintenance release of Python 3.12, and
the last full maintenance release. Subsequent releases of 3.12 will be
security-fixes only.
* https://www.python.org/downloads/release/python-31211/
Security content in this release
* gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
[CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
tarfile extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
* gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
non-“strict” error handler.
* gh-128840: Short-circuit the processing of long IPv6 addresses early
in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
gh-133767 got meawhile CVE-2025-4516 assigned.
(From OE-Core rev: 6cca08b2857efd5481e837ecd6bb295cb8a99ee1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below commit on binutils-2.42 stable branch is updated.
6558f9f5f0c s390: Add support for z17 as CPU name
Testing was done and there were no regressions found
(From OE-Core rev: 08d6ca500e6dd571f5882f82f6ad804bd2eec8c8)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
To adapt user network enviroment, buildtools should first try to use
the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these
envs is not set, then use the auto-detected ca file and ca path, and
finally use the CA certificates in buildtools.
nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work
nativesdk-curl don't set default ca file, need
SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work
nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO
also works
nativesdk-python3-requests will use cacert.pem under python module certifi by
default, need to set REQUESTS_CA_BUNDLE
(From OE-Core rev: 0653b96bac6d0800dc5154557706a323418808be)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Here is one testcase:
For recipe tensorflow-lite-host-tools_2.18.0.bb, refer [1],
do_configure[network] = "1"
and it will git clone some repos in CMakeLists.txt
When buildtools is used and nativesdk-git is installed into sdk,
do_configure failed with error:
[1/9] Performing download step (git clone) for 'protobuf-populate'
Cloning into 'protobuf'...
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt
Fix by adding GIT_SSL_CAINFO in BB_ENV_PASSTHROUGH_ADDITIONS, so that
user can export GIT_SSL_CAINFO=${GIT_SSL_CAINFO} in their
do_configure:prepend() to fix above do_configure failure
CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE is similar envvars, so all add
into BB_ENV_PASSTHROUGH_ADDITIONS
[1] https://github.com/nxp-imx/meta-imx/blob/styhead-6.12.3-1.0.0/meta-imx-ml/recipes-libraries/tensorflow-lite/tensorflow-lite-host-tools_2.18.0.bb
(From OE-Core rev: 27f018d8e8ace97d0b1cdfb8782a2a7a0a319816)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* make git,curl,python3-requests align with openssl, move the setting of
envvars into respective envfile
* for environment.d-openssl.sh, also check if ca-certificates.crt exist
before export envvars
(From OE-Core rev: 5f4fd544d3df7365224599c9efdce4e545f51d5e)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID
as a hostname component. For example, when the NO_PROXY environment variable
is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly
match and not be proxied.
(From OE-Core rev: 88e79f915137edc5a37a110abdc79f5800404e45)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Use the same sed command to sanitize libtool script for target recipe
and nativesdk one. Otherwise fails with buildpaths QA error:
ERROR: nativesdk-libtool-2.5.0-r0 do_package_qa: QA Issue: File /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/usr/bin/libtool in package nativesdk-libtool contains reference to TMPDIR [buildpaths]
(From OE-Core rev: f08df9adf290fb6cbebff24df6bbbbe8e5ce95e0)
Upstream-Status: Backport[https://git.yoctoproject.org/poky/commit/?id=89e184da6c9d95a99fd34334df5ac6c5ae87f13a]
(From OE-Core rev: a720df7ad77af1f8b1c00a211c88537e5f23edbc)
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 89e184da6c)
Signed-off-by: Nikhil R <nikhilr5@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Since target and cross variants were already doing similar cleanup
of include-fixed headers, as those aren't used, unify the code and
also apply the same to cross-canadian variant.
Some of those header files get processed with a tool that leaves
absolute buildpaths inside the file's commented section, causing
QA errors. Since those aren't used, let's remove them.
This may be a temporary solution until the tool itself gets fixed
to not embed absolute buildpaths in the header files:
https://lists.openembedded.org/g/openembedded-core/topic/107268307
(From OE-Core rev: 621e0ac9308cc163fb767a27d63fff6570896b92)
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This patch is causing build failures where pthread.h does not exist:
sed: can't read
No such file or directory
This reverts commit d3c294ee0afe4d2eb46320945d41064ebfb5cbff.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Replace the hardcoded path with /not/exist as used for other
options[--with-sysroot] to ensure pthread.h does not contain
hardocded references to TMPDIR:
ERROR: gcc-cross-canadian-x86-64-13.3.0-r0 do_package_qa: QA Issue:
File /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/
usr/lib/x86_64-poky-linux/gcc/x86_64-poky-linux/13.3.0/include-fixed/
pthread.h in package gcc-cross-canadian-x86-64 contains reference to
TMPDIR [buildpaths]
(From OE-Core rev: d3c294ee0afe4d2eb46320945d41064ebfb5cbff)
Signed-off-by: Sana Kazi <sanakazi720@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Apply fixes from gcc-cross (84a78f46d594 and 0ead8cbdfb96) to gcc-cross-canadian.
This will improve (but not fix) reproducibility of gcc-cross-canadian.
Also move this code to functions to avoid code duplication.
[RP: Tweak patch to make the function parameters clear and fix quoting issues
ensuring the code exactly matches the original replacements with an additional
parameter.]
(From OE-Core rev: 350ff7d53f7506de2bc01f0efc569b8294b9afea)
(From OE-Core rev: b1aa13b9f656666458189d4dae0c25564abe2f25)
Signed-off-by: Oleksandr Hnatiuk <ohnatiuk@cisco.com>
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1ad5be433)
Signed-off-by: Sana Kazi <sanakazi720@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes https://bugzilla.yoctoproject.org/show_bug.cgi?id=15740
python3-setuptools-scm was ignoring GIT_CEILING_DIRECTORIES which is set by poky,
and it was thus finding a wrong value of "toplevel" in ./src/setuptools_scm/_file_finders/git.py
The code is supposed to generate the list of files contained in python3-setuptools-scm, but it was
instead running "git archive" on whatever git repository was above the build directory, because the
tarball containing the sources of python3-setuptools-scm does not contain a .git directory.
This is barely noticeable when building as a subdirectory of poky which is only 48MB, but this was
causing serious slowdowns of python3-setuptools-scm:do_compile when building
inside a big git repository with files tracked using git-lfs (50 minutes in my use-case).
Reported upstream as https://github.com/pypa/setuptools-scm/issues/1103
(From OE-Core rev: 4ebe72477484cf68165b6f736ce10373e97d0e6d)
(From OE-Core rev: 369eebad4f38c3641be73dbc0490c87636e0912d)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* backporting, because it's also needed also for qemu-native builds
on hosts with glibc >= 2.41
(From OE-Core rev: d34b38ecc2571fae0d58a34db1358dff2505148d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
YOCTO [#15061]
The rust sdk installs both 'rust.sh' and 'cargo.sh' for lib32 and lib64 in the same location.
This causes below error while installing the lib32 & lib64 binaries:
Error: Transaction test error:
file /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/environment-setup.d/cargo.sh
conflicts between attempted installs of rust-cross-canadian-arm-1.67.1-r0.x86_64_nativesdk and
rust-cross-canadian-aarch64-1.67.1-r0.x86_64_nativesdk
file /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/environment-setup.d/rust.sh
conflicts between attempted installs of rust-cross-canadian-arm-1.67.1-r0.x86_64_nativesdk and
rust-cross-canadian-aarch64-1.67.1-r0.x86_64_nativesdk
ERROR: Task (virtual:multilib:lib32:/media/build/poky/meta/recipes-sato/images/core-image-sato.bb:do_populate_sdk)
failed with exit code '1'
The change includes:
- Prepending '${RUST_TARGET_SYS}' to 'rust.sh' to differentiate between target systems.
- Moving the non-target-specific environment variables to 'nativesdk-cargo' and 'nativesdk-rust',
instead of being managed by the cross-canadian recipe.
Backport from oe-core master: https://git.openembedded.org/openembedded-core/commit/?id=40eb4bfe2f100ba5301046ca25110fcc55a640bb
(From OE-Core rev: 889cda30baccd43e5c82b38752b462aef4ce626c)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This was prompted by working on librsvg update: the new meson-driven
version wants to query values from .pc files residing in its own
build directory, and modifies PKG_CONFIG_PATH accordingly.
When using the pkg-config-native wrapper such modifications
have no effect, and we have to pass them in manually
from the recipe via EXTRA_NATIVE_PKGCONFIG_PATH variable.
This variable is already defined (with an empty value) and
appended to PKG_CONFIG_PATH export in the native class, so this
simply extends its use to the wrapper.
(Appending to PKG_CONFIG_PATH in the wrapper, instead of resetting it,
is not an option as that can lead to contamination with the cross values).
(From OE-Core rev: 2bc050146d47b14d890a1b0db2b55f9057a08b65)
(From OE-Core rev: 104737073bd553b9cf93db7ed9575fd50ba6c973)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
During the execution of the command: i686-w64-mingw32-dlltool
--input-def $def_filepath --output-delaylib $filepath --dllname qemu.exe
An error occurred:
i686-w64-mingw32-dlltool: failed to open temporary head file: ..._w64_mingw32_nativesdk_qemu_8_2_2_build_plugins_libqemu_plugin_api_a_h.s
Due to the path length exceeding the Linux system's file name length
limit (NAME_MAX=255), the temporary file name generated by the
i686-w64-mingw32-dlltool command becomes too long to open. To address
this, a new temporary file name prefix is generated using tmp_prefix =
prefix_encode ("d", getpid()), ensuring that the file name does not
exceed the system's length limit.
Allow for "snnnnn.o" suffix when testing against NAME_MAX, and tidy
TMP_STUB handling by overwriting a prior nnnnn.o string rather than
copying the entire name.
(From OE-Core rev: 617df4ee1d6523ded43f156af8206dfca2c0c8ee)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below commits on binutils-2.42 stable branch are updated.
758a2290dbd PR32387 ppc64 TLS optimization bug with -fno-plt code
ed489bf1574 s390: Add arch15 Concurrent-Functions Facility insns
64e8e16a906 s390: Add arch15 instruction names
Tested on qemux86_64.
There were no additional PASS or FAIL after the update
(From OE-Core rev: 6ce232df15834cae44f3eda0f786132086afb76e)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
