This corresponds to the master
commit 139102a73d41 ("recipes: Default to https git protocol where possible").
But only for the git.yoctoproject.org and git.openembedded.org repos.
> The recommendation from server maintainers is that the https protocol
> is both faster and more reliable than the dedicated git protocol at this point.
> Switch to it where possible.
(From OE-Core rev: c1b208babae70244ab062b2e4674b0309fbd65e5)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
CVE patch [1] aplies only on main branch which is base for 1.2.x.
Branch 1.1 has a different initial commit and does not contain
vulnerable code where the CVE patch applies.
Also Debian [2] marked 1.1 as not vulnerable.
[1] 5665f86b8f
[2] https://security-tracker.debian.org/tracker/CVE-2024-56431
(From OE-Core rev: b9d75be7bc2eaa88a280d52ee0fff322e56d52e2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Picked from scarthgap commit 07f35d022b88ab4d297d0252f9909e252b7e4cfe
Reworked from CVE_STATUS to CVE_CHECK_IGNORE
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The current README points to an old Wiki page. Update this to the
Yocto documentation.
Additionally, add a helper command for git-send-email that includes
the 'kirkstone' subject prefix to ensure patches are correctly
identified by the maintainers and CI.
Suggested-by: Yoann Congal <yoann.congal@smile.fr>
(From OE-Core rev: 2e04debcb02caa9121a8f933c59fd69666a44fd8)
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The cover email mangling in create-pull-request was cutting off the
actual commit hash to be pulled, making it difficult to verify that the
changes a maintainer merges exactly match those intended by the pull
request author.
The extra lines we want to include are, for example from a recent
whinlatter stable branch PR:
for you to fetch changes up to 6c4c6d39ea3202d756acc13f8ce81b114a468541:
cups: upgrade from 2.4.14 to 2.4.15 (2025-12-29 09:49:31 -0800)
(From OE-Core rev: 58138d386f1c221e87d2217bddc7e31d02cab58c)
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c78f5ae4a5ba3675b78cc226feb7b9fbbfd8da19)
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
e45d5d41c1343 Linux 5.15.200
7ca5540ba6239 riscv: Replace function-like macro by static inline function
cbae610ca9e27 nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
6a04dc650cef8 spi: tegra: Fix a memory leak in tegra_slink_probe()
c7a02a814dc51 spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer
9fa4262a80f75 spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
55dfe2687a496 spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one
eebd79beb268c spi: tegra210-quad: Move curr_xfer read inside spinlock
4f9e7de7a6b8f spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer
b34289505180a iommu: disable SVA when CONFIG_X86 is set
1ecf6dc2676ea Bluetooth: hci_event: call disconnect callback before deleting conn
214b85b9b7187 gve: Correct ethtool rx_dropped calculation
9d93332397405 gve: Fix stats report corruption on queue count change
8aa1b0bc65967 tracing: Fix ftrace event field alignments
c3c5cfa3170c0 gfs2: Fix NULL pointer dereference in gfs2_log_flush
343fe375a8dd6 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
be6d98766ac95 riscv: uprobes: Add missing fence.i after building the XOL buffer
d7ead65126504 ASoC: amd: fix memory leak in acp3x pdm dma ops
42afe8ed8ad2d nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
4c09184f08ce6 nvmet-tcp: don't map pages which can't come from HIGHMEM
15e329ce1a957 nvmet-tcp: fix regression in data_digest calculation
1a5c3c99efa11 nvmet-tcp: fix memory leak when performing a controller reset
367fd132df419 nvmet-tcp: add an helper to free the cmd buffers
8c760ba4e36c7 netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()
166f29d4af575 hwmon: (occ) Mark occ_init_attribute() as __printf
3f531122a5801 tipc: use kfree_sensitive() for session key material
5dae6b36a7cb7 macvlan: fix error recovery in macvlan_common_newlink()
77611cab5bdff dpaa2-switch: add bounds check for if_id in IRQ handler
01fbca1e93ec3 net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
d86c58eb005eb net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
c81a8515fb8c8 net: liquidio: Initialize netdev pointer before queue setup
2fcccca88456b dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero
c01cc6fe06cf2 platform/x86: intel_telemetry: Fix PSS event register mask
5bce10f0f9435 platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
193f087207ad8 wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice
8518f072fc929 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
fd8b090017330 scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
c85c9de39cd5d wifi: cfg80211: Fix bitrate calculation overflow for HE rates
15e9607df7925 ASoC: tlv320adcx140: Propagate error codes during probe
1525f1068295f ASoC: davinci-evm: Fix reference leak in davinci_evm_probe
536238ba39829 wifi: mac80211: collect station statistics earlier when disconnect
6e4cc9e399952 ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free
16c2ca35257ed HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101)
04485e691d8ca HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
67e06e8a77c1a netfilter: replace -EEXIST with -EBUSY
e9aefab3b7eb4 ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
2d8af4db1f209 HID: playstation: Center initial joystick axes to prevent spurious events
d21497331b967 HID: intel-ish-hid: Reset enum_devices_done before enumeration
d5cce2ec0e985 HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
a2c68e256fb7a smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()
e5dd6a58a52d5 block,bfq: fix aux stat accumulation destination
64240689acff8 net: usb: sr9700: support devices with virtual driver CD
cd89a4656c03f wifi: wlcore: ensure skb headroom before skb_push
b04c75366a547 wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
9a6cdfd7b6aaa binderfs: fix ida_alloc_max() upper bound
ba43ac025c431 timers: Fix NULL function pointer race in timer_shutdown_sync()
f24f9ea7d69ef Bluetooth: hci_qca: Fix the teardown problem for real
e7f1ca8ea41ab timers: Update the documentation to reflect on the new timer_shutdown() API
36bdfa51a1ad7 timers: Provide timer_shutdown[_sync]()
debbcf812d735 timers: Add shutdown mechanism to the internal functions
21ca3ee3f6faa timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
a7035e7d720f8 timers: Silently ignore timers with a NULL function
e45a52685b335 Documentation: Replace del_timer/del_timer_sync()
29d5751350cdf timers: Rename del_timer() to timer_delete()
a431c4c27ee05 timers: Replace BUG_ON()s
d2736470196f2 timers: Get rid of del_singleshot_timer_sync()
9b78a3b948bb6 clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function
a97b47fed39d9 clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function
b03eb334c42ea ARM: spear: Do not use timer namespace for timer_shutdown() function
7bcf91585f3b1 Documentation: Remove bogus claim about del_timer_sync()
4abccfb61f422 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
d6ae339f18099 mm/kfence: randomize the freelist on initialization
2284bc168b148 KVM: Don't clobber irqfd routing type when deassigning irqfd
a550cc2564cab ARM: 9468/1: fix memset64() on big-endian
5928ca551e361 rbd: check for EOD after exclusive lock is ensured to be held
446d7283cffa5 platform/x86: intel_telemetry: Fix swapped arrays in PSS output
674ebe2d6fe59 x86/kfence: fix booting on 32bit non-PAE systems
(From OE-Core rev: 0ebdf9563aa64a1b9d8c6ae6fbd701de8178fa8b)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
A test was still using git protocol to access git services.
For the submodule test, the upstream repo has been updated.
(Bitbake rev: 7fd0197fd5fedd23cc885b5e7e816d86a392fdf9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5d722b5d65e4eef7befe6376983385421e993f86)
[YC: Backport: only kept the part that applied]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This version of libcomps does wrong pointer assignment, and on GCC14
hosts (e.g. Fedora 41), this fails to build with:
| build/tmp-glibc/work/x86_64-linux/libcomps-native/0.1.18-r0/git/libcomps/tests/check_parse.c:588:11: error: assignment to ‘COMPS_DocGroup *’ from incompatible pointer type ‘COMPS_DocCategory *’ [-Wincompatible-pointer-types]
| 588 | g = (COMPS_DocCategory*)it->comps_obj;
Backport a patch making the assignment correct.
(From OE-Core rev: 1853a4b2e22aaa1e8e7929bb13eaddbdd4542c71)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Update to the 4.0.33 release of the 4.0 series for buildtools
(From OE-Core rev: a082e65235520a888c1413d33f08c9966f3e0e43)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic22@pm.me>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
In gentoo the file looks like this:
NAME='Gentoo'
ID='gentoo'
PRETTY_NAME='Gentoo Linux'
VERSION='2.18'
VERSION_ID='2.18'
HOME_URL='https://www.gentoo.org/'
SUPPORT_URL='https://www.gentoo.org/support/'
BUG_REPORT_URL='https://bugs.gentoo.org/'
ANSI_COLOR='1;32'
' were added with:
2f590e35c9
before that the os-release file looked like this:
NAME=Gentoo
ID=gentoo
PRETTY_NAME="Gentoo Linux"
ANSI_COLOR="1;32"
HOME_URL="https://www.gentoo.org/"
SUPPORT_URL="https://www.gentoo.org/support/"
BUG_REPORT_URL="https://bugs.gentoo.org/"
VERSION_ID="2.18"
The ' is stripped from the ID later in distro_identifier with:
# Filter out any non-alphanumerics and convert to lowercase
distro_id = re.sub(r'\W', '', distro_id).lower()
but not from version which results in a weird NATIVELSBSTRING like:
NATIVELSBSTRING = "gentoo-'2.18'"
And similarly the directory name in sstate-cache:
oe-core $ ls -d sstate-cache/gentoo-*
"sstate-cache/gentoo-'2.18'" sstate-cache/gentoo-2.18
(From OE-Core rev: 5786749670fc1fa17e32b9eed286630739ddbc16)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
It was added by original commit for CVE-2025-6020-01.patch
475bd60c55 (diff-05f443e6acbe32a148a45648148739bf6f02f13acc5c20c6037bf933223d4d77)
but removed here in the rebase, causing:
../../../Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c:326:11: error: call to undeclared function 'dirname'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
326 | parent = dirname(buf);
| ^
../../../Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c:326:9: error: incompatible integer to pointer conversion assigning to 'char*' from 'int' [-Wint-conversion]
326 | parent = dirname(buf);
| ^ ~~~~~~~~~~~~
Backport 6d88a28ac7b6ff61808eb46e5c85dabd17c77f2e from scarthgap.
It's reproducible with clang-18 from kirkstone-clang18 branch of
meta-clang.
(From OE-Core rev: 6888cb09ad069cd937ac4498640fdd5bed2e7a51)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Pick up "Mitigated by" patch from Debian security tracker.
[0]: https://security-tracker.debian.org/tracker/CVE-2024-10963
patch[1] which fixes this vulnerability as mentioned in Debian report.
[1] 940747f88c
(From OE-Core rev: 5a9c3998d4924360e0c6a967adfc4b7628a6fa4e)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
[YC: Debian security tracker: "The vulnerable code was introduced in
1.5.3" but the vulnerable code was backported in commit 399d4986a7
(libpam: fix CVE-2022-28321, 2022-10-28)]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Backport 2 patchs to fix incompatible-pointer-types error when building
gtk+3-native on Fedora 41 host:
tests/testinput.c:197:79: error: passing argument 1 of ‘gdk_event_get_source_device’ from incompatible pointer type [-Wincompatible-pointer-types]
gtk/gtklabel.c:4235:32: error: passing argument 1 of ‘gtk_widget_queue_resize’ from incompatible pointer type [-Wincompatible-pointer-types]
On autobuilder: fedora41-vk-1:~$ gcc --version
gcc (GCC) 14.3.1 20251022 (Red Hat 14.3.1-4)
GCC 14 notoriously restricted how pointer types are converted:
https://gcc.gnu.org/gcc-14/porting_to.html#incompatible-pointer-types
Suggested-by: Fabien Thomas <fabien.thomas@smile.fr>
(From OE-Core rev: 99c8e2def939f0801a67fb8384c57d08732dd020)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Gitlab issues for these two CVEs mentioned in NVD inks lead to the same
merge request.
(From OE-Core rev: 5c1ca090597aefa55f23ce714409137461dd7dab)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Backport the fix for CVE-2025-6199
Add below patch to fix
CVE-2025-6199.patch
Reference: In Ubuntu and debian, fixed patch is given -> [c4986342b2]
(From OE-Core rev: 214b7bc0d2325ab1f8a5c567abd2851c07f45942)
Signed-off-by: Shaik Moin <moins@kpit.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
[YC: removed the extra ".patch" in patches Backport URL]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Pick patch mentioned in NVD report.
It also includes CVE ID in commit message.
Use older SNDERR funtion as new one is not yet available.
This was copied from Debian patch.
(From OE-Core rev: 2bcdcd8471d9769eaf9304809d9b8e0893cae8e0)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
We have a new SVG figure for the Yocto Project workflow figure, which
was updated with d2aaf54bee49 ("overview-manual: convert
YP-flow-diagram.png to SVG"). The one in the "What I wish I’d known
about Yocto Project" is the same. Remove the PNG and make a reference to
the new one.
(From yocto-docs rev: 7c348dd67cfd169b1a56bf969606b03dccb76c56)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 4023c47cb6628971b0a142067c4a910420408bb9)
[Antonin Godard: fix conflicts]
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Some distros were removed from the autobuilder 5 months ago:
* 070e6bf (config.py: Drop ubuntu2004 workers, 2025-10-01)
* 8238327 (config.py: ubuntu24010 was replaced with ubuntu2504, 2025-10-01)
Update their status in the supported distros list.
(From yocto-docs rev: cca4e1c6127f06d63124c67a14a8921dbb3a5409)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 2c9de0d74659fef6d7b0054dfd76905fba6ef81d)
[AG: fix cherry-pick conflicts]
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Commit f5b980ad added CVE-2024-42040.patch to the base U-Boot
SRC_URI in u-boot-common.inc as opposed to adding it in the
u-boot recipe where all the other patch additions are. This
breaks at least one downstream BSP that reuses u-boot-common.inc
(meta-sifive), so move that patch addition to the recipe file
with all the others.
(From OE-Core rev: 5db1bffe13ec881b7fa4ebf4ed30493e8714d7f2)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
