clang is fussy and this package is old. It should perhaps
be removed but this keeps it going so let it be.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Hardcoded path works only when target is x86_64, but fails for other
architectures, loosen the search path regexp
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a security update.
There are fixes for memory leaks, segfaults and CVEs.
CVE-2025-1735
CVE-2025-1220
CVE-2025-6491
Changelog: https://www.php.net/ChangeLog-8.php#8.4.10
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commits have been merged upstream, but there hasn't been a release
containing them yet (last upstream release was years ago). Pulling them in
unblocks builds with CMake 4+ in the context of a patch series bumping CMake to
4.0.3 in openembedded-core (see [0]).
[0]: https://lists.openembedded.org/g/openembedded-core/topic/113946576
CC: antonin.godard@bootlin.com
CC: alex.kanavin@gmail.com
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The systemd target `usb-gadget.target` is triggered by udev when a UDC
first comes up. It can happen that by the time gadget-start runs, this
UDC has been removed from the system again.
Have the gadget-start script exit with status 1 when `ls /sys/class/udc`
returns nothing.
Causing a service failure when no UDC is detected and no default was
given, allows the service to be restarted by a udev rule calling the
service (and not the target since those are not reentrant) directly. On
its own this patch will not do much.
For example, we saw such a situation using the DWC3 USB controller and
usb-conn-gpio kernel modules as loadables. By the time of the DWC3 init,
udev was active, and during init DWC3 started the USB OTG port in device
mode. If a pen drive was plugged in at boot, it would quickly switch to
host mode right after initialisation, emitting another udev event for
the removal of the UDC. The systemd target as thus reached, but by the
time gadget-start ran, the UDC was gone.
dwc3 init usb-conn-gpio role switch
│ │
▼ ▼
udev: add UDC─┐ udev: del UDC─────►/sys/class/udc empty
│ │
│ x
│ │
│ ▼
└────────────►usb-gadget.target─────►gadget-start
Signed-off-by: Ernest Van Hoecke <ernest.vanhoecke@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Ensure that wayland-scanner is added to dependencies
Create protocols directory as well where the .c files generated
during build are emitted into.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openssl-native is compiled with a engine path /not/builtin
and the config file provides the actual path.
The configure script looks up this not working path.
To make it work, provide the runtime path via configure argument.
Signed-off-by: Denis OSTERLAND-HEIM <denis.osterland@diehl.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 2.12.1
--------------
* Add hwloc-calc's --default-nodes option to hwloc-bind and hwloc-info.
* Improve the --best-memattr "default" fallback, try to use "default"
memory nodes, and add verbose messages and warnings if some
performance info are incomplete or missing.
Thanks to Antoine Morvan for the report.
* Fix CPU and memory binding on different locations,
thanks to Antoine Morvan for the report.
* Add HWLOC_LOCAL_NUMANODE_FLAG_INTERSECT_LOCALITY and enable it by
default in hwloc-calc --local-memory for finding local NUMA nodes
that do not exactly match input locations.
Thanks to Antoine Morvan for the report.
* Fix a possible crash in the x86 backend when Qemu is configured to
expose multicore/thread CPUs that are actually single-core/thread.
Thanks to Georg Pfuetzenreuter.
Version 2.12.0
--------------
* Add hwloc_topology_get_default_nodeset() for the set of default
NUMA nodes.
- hwloc-calc now has --default-nodes option.
* Rework oneAPI LevelZero support to use zesInit() and avoid the need
to set ZES_ENABLE_SYSMAN=1 in the environment.
- zesDriverGetDeviceByUuidExp() is now required in the L0 runtime.
- ZES/Sysman variants were added in hwloc/levelzero.h to specifically
handle ZES/Sysman device handles.
* Fix the locality of AMD GPU partitions, thanks to Edgar Leon for
reporting and debugging the issue.
* Better detect Cray Slingshot NICs, thanks to Edgar Leon.
* Add support for Die objects and Module groups on Windows.
* Only filter-out Dies that are identical to their Packages
when it applies to all Dies.
* Improve hwloc-calc to handle CPU-less NUMA nodes or platforms with
heterogeneous memory without requiring --nodeset-output.
* hwloc-calc now accepts counting/listing cpukinds and memory tiers
with -N and -I cpukind/memorytier.
* The systemd-dbus-api output of hwloc-calc has changed, and
--nodeset-output-format was added, to support NUMA node outputs.
Thanks to Pierre Neyron.
* Update NVLink bandwidth and CUDA capabilities up to NVIDIA Blackwell.
* Fix some NUMA syscalls on Linux for platforms with old libc headers.
* Some minor fixes in distances.
Version 2.11.2
--------------
* Add missing CPU info attrs on aarch64 on Linux.
* Use ACPI CPPC on Linux to get better information about cpukinds,
at least on AMD CPUs.
* Fix crash when manipulating cpukinds after topology
duplication, thanks to Hadrien Grasland for the report.
* Fix missing input target checks in memattr functions,
thanks to Hadrien Grasland for the report.
* Fix a memory leak when ignoring NUMA distances on FreeBSD.
* Fix build failure on old Linux distributions without accessat().
* Fix non-Windows importing of XML topologies and CPUID dumps exported
on Windows.
* hwloc-calc --cpuset-output-format systemd-dbus-api now allows
to generate AllowedCPUs information for systemd slices.
See the hwloc-calc manpage for examples. Thanks to Pierre Neyron.
* Some fixes in manpage EXAMPLES and split them into subsections.
Version 2.11.1
--------------
* Fix bash completions, thanks Tavis Rudd.
Version 2.11.0
--------------
* API
+ Add HWLOC_MEMBIND_WEIGHTED_INTERLEAVE memory binding policy on
Linux 6.9+. Thanks to Honggyu Kim for the patch.
- weighted_interleave_membind is added to membind support bits.
- The "weighted" policy is added to the hwloc-bind tool.
+ Add hwloc_obj_set_subtype(). Thanks to Hadrien Grasland for the report.
* GPU support
+ Don't hide the GPU NUMA node on NVIDIA Grace Hopper.
+ Get Intel GPU OpenCL device locality.
+ Add bandwidths between subdevices in the LevelZero XeLinkBandwidth
matrix.
+ Fix PCI Gen4+ link speed of NVIDIA GPU obtained from NVML,
thanks to Akram Sbaih for the report.
* Windows support
+ Fix Windows support when UNICODE is enabled, several hwloc features
were missing, thanks to Martin for the report.
+ Fix the enabling of CUDA in Windows CMake build,
Thanks to Moritz Kreutzer for the patch.
+ Fix CUDA/OpenCL test source path in Windows CMake.
* Tools
+ Option --best-memattr may now return multiple nodes. Additional
configuration flags may be given to tweak its behavior.
+ hwloc-info has a new --get-attr option to get a single attribute.
+ hwloc-info now supports "levels", "support" and "topology"
special keywords for backward compatibility for hwloc 3.0.
+ The --taskset command-line option is superseded by the new
--cpuset-output-format which also allows to export as list.
+ hwloc-calc may now import bitmasks described as a list of bits
with the new "--cpuset-input-format list".
* Misc
+ The MemoryTiersNr info attribute in the root object now says how many
memory tiers were built. Thanks to Antoine Morvan for the report.
+ Fix the management of infinite cpusets in the bitmap printf/sscanf
API as well as in command-line tools.
+ Add section "Compiling software on top of hwloc's C API" in the
documentation with examples for GNU Make and CMake,
thanks to Florent Pruvost for the help.
Version 2.10.0
--------------
* Heterogeneous Memory core improvements
+ Better heuristics to identify the subtype of memory such as HBM,
DRAM, NVM, CXL-DRAM, etc.
+ Build memory tiers, i.e. sets of NUMA nodes with the same subtype
and similar performance.
- NUMA node tier ranks are exposed in the new MemoryTier info
attribute (starts from 0 for highest bandwidth tier)..
+ See the new Heterogeneous Memory section in the documentation.
* API
+ Add hwloc_topology_free_group_object() to discard a Group created
by hwloc_topology_alloc_group_object().
* Linux backend
+ Fix cpukinds on NVIDIA Grace to report identical cores even if they
actually have very small frequency differences.
Thanks to John C. Linford for the report.
+ Add CXLDevice attributes to CXL DAX objects and NUMA nodes to show
which PCI device implements which window.
+ Ignore buggy memory-side caches and memory attributes when fake NUMA
emulation is enabled on the Linux kernel command-line.
+ Add more info attributes in MemoryModule Misc objects,
thanks to Zubiao Xiong for the patch.
+ Get CPUModel and CPUFamily info attributes on LoongArch platforms.
* x86 backend
+ Add support for new AMD CPUID leaf 0x80000026 for better detection
of Core Complex and Die on Zen4 processors.
+ Improve Zhaoxin CPU topology detection.
* Tools
+ Input locations and many command-line options (e.g. hwloc-calc -I -N -H,
lstopo --only) now accept filters such as "NUMA[HBM]" so that only
objects are that type and subtype are considered.
- NUMA[tier=1] is also accepted for selecting NUMA nodes depending
on their MemoryTier info attribute.
+ Add --object-output to hwloc-calc to report the type as a prefix to
object indexes, e.g. Core:2 instead of 2 in the output of -I.
+ hwloc-info --ancestor and --descendants now accepts kinds of objects
instead of single types.
- The new --first option only shows the first matching object.
+ Add --children-of-pid to hwloc-ps to show a hierarchy of processes.
Thanks to Antoine Morvan for the suggestion.
+ Add --misc-from to lstopo to add Misc objects described in a file.
- To be combined with the new hwloc-ps --lstopo-misc for a customizable
lstopo --top replacement.
* Misc
+ lstopo may now configure the layout of memory object placed above,
for instance with --children-order memory:above:vert.
+ Fix XML import from memory or stdin when using libxml2 2.12.
+ Fix installation failures when configuring with --target,
thanks to Clement Foyer for the patch.
+ Fix support for 128bit pointer architectures.
+ Remove Netloc.
Changelog: https://github.com/open-mpi/hwloc/blob/v2.12/NEWS
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With https://github.com/OpenSC/OpenSC/pull/3174 which is part of 0.26.0,
OpenSC does not support reading the (DER-converted) object data from
stdin anymore.
However, OpenSC/pkcs11-tool also supports reading PEM files directly.
This we can use for simply replacing and simplifying the stdin piping in
signing_import_cert_from_pem().
Only for password-protected files we still have to use OpenSSL for
conversion, since OpenSC/pkcs11-tool currently doesn't have a mechanism
for providing passwords.
For these cases, we store the converted PEM into a simple temporary
file. This handling is sufficient, since SoftHSM import should be used
for example keys only and SoftHSM also doesn't protect the keys in any
way. Keys which actually need to be protected are stored in HSMs and
accessed via their PKCS#11 URIs.
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
GPicView is a simple and fast GTK+ image viewer for X which is
lightweight, desktop independent and has minimal lib dependency.
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Plenty of other recipes inherit qemu unconditionally, including
some pretty foundational ones like python3, and they do not need
this fix. I think something else is going on here, and that issue
needs to be properly investigated.
There's a request to provide steps to observe the issue, but the original
patch author so far hasn't been able to reproduce it on demand:
https://lists.openembedded.org/g/openembedded-devel/topic/113861973
This reverts commit b2a950a75b.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2.1.5:
- Changed: Improved printing for variables of type str.
- Fixed issues that affected the output of multiline strings and
strings containing special characters such as escaped newlines
and tabs.
- Strings are now printed exactly as they are, faithfully
representing their actual value.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.4.3:
- minor updates to documentation
C-level:
- simplify and speedup `extend_unicode01()`
- customize `resize_lite()` - avoid unused code
- use `PyTypeObject` for bitarray type object in `_util.c` to be
consistent with `_bitarray.c`
- add and improve comments to implementation of sparse bitarray
compression
- simplify `sc_count()`
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2.6.2:
- Added explicit support for free-threaded versions of Python,
starting with version 3.14
- Restored code to set a parser's prog value in the with_argparser
decorator. This is to preserve backward compatibility in the cmd2
2.0 family. This functionality will be removed in cmd2 3.0.0.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The generated svn_version.h contains the hostname which makes it
non-reproducible. Fix this by removing the hostname from the file.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the now available set|get|has_ca functions to establish a CA link
between roles during their import, the
signing_import_cert_chain_from_pem can now be removed. As it had the
shortcoming of dynamically creating roles, which are harder to handle
then the manually/specifically setup CA roles.
This effectively reverts:
a825b85363 signing.bbclass: add certificate ca-chain handling
Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add extract-cert wrapping helper functions, to easily extract
certificates again that had been previously imported into the softhsm.
Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a method that returns a list of intermediary CA roles.
When using a complex PKI structure with for example "openssl cms",
these roles can then be iterated over adding in turn a '-certificate'.
Pseudo-code example:
for intermediate in $(signing_get_intermediate_certs 'FooBaa'); do
signing_extract_cert_pem $intermediate $intermediate.pem
CMD+=" --certificate=$intermediate.pem"
done
The typical use-case would be adding these intermediate certificates
to the CMS structure so that the relying party can build the chain
from the signing leaf certificate to the locally stored trusted CA
certificate.
Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a helper method to retrieve the root CA certificate for a given
role, by walking the chain that has been setup with
signing_import_set_ca up to the last element - which is the root.
Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a mechanism to establish a (metadata) link between roles and signer
certificates, in the form of a new 'ca' variable. It must point from one
role or cert to the signer certificate to preserve the leaf->intermediary->
root certificate relation.
With this additional mechanism, it would be now possible to import a
complex PKI tree of certificates and then later during usage of one
role, reconstruct the certificate chain from the leaf, through
multiple intermediary, and up to the root certificate.
Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refactor the two methods to import certificates from PEM/DER to be
usable independently from keymaterial that is linked to a role.
By having the import_cert_from methods create a storage location (aka
role) in the softhsm dynamically. This way certificates can - but
don't have to - be linked to a key, or can stand on their own if chain
of certificates from a PKI has to be managed.
Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The recipe unconditionally inherits the qemu class, because it executes
some target binaries when it is cross-compiled and the bit-width of the
build host and the target host are different.
Since it is unconditional, it also means that it is inherited for native
and nativesdk builds also. The qemu class uses some qemu options that are
always derived from the target machine's configuration, even when the
recipe is built for class-native. This means that some of the variables
used by the recipe changes (e.g. QEMU_OPTIONS), and the shared state cache
is invalidated when the target machine changes, even when nodejs-native is
being built - and it triggers a full rebuild of nodejs-native unnecessarily.
To avoid this, inherit the qemu class conditionally, only in case it is
used (when the target and build arch's bit-widths are different).
Also, inherit qemu-native based on the same condition, and move around the
qemu-dependent code a bit, so it will be only executed when the qemu class
is inherited.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- The project uses CCFLAGS instead of CXXFLAGS to add C++ compiler flags.
Assign the value of CXXFLAGS to the CCFLAGS variable and export CCFLAGS for use in the build environment.
It fixes the contains reference TMPDIR because DEBUG_PREFIX_MAP is already included in CXXFLAGS (poky/meta/conf/bitbake.conf)
- Fix typo -Wnodeprecated-declarations -> -Wno-deprecated-declarations
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_Compression.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_ETCL_Parser.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_ETCL.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_Monitor_Control.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libACE_RLECompression.so.8.0.2 in package ace-dbg contains reference to TMPDIR [buildpaths]
ERROR: ace-8.0.2-r0 do_package_qa: Fatal QA errors were found, failing task.
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Suggested-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It was related to latest UNPACKDIR changes -> https://git.openembedded.org/openembedded-core/commit/?id=46480a5e66747a673041fe4452a0ab14a1736d5e
ERROR: ace-8.0.2-r0 do_install: oe_runmake failed
ERROR: ace-8.0.2-r0 do_install: Execution of '/srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/ace/8.0.2/temp/run.do_install.14265' failed with exit code 1
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
protobuf was upgraded from 5.29.5 to 6.31.1. Upgrade python3-protobuf
to match, otherwise a fatal mismatch error occurs.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-can 4.4.y requires msgpack~=1.0.0, but openembedded-core
versions newer than scarthgap provide msgpack 1.1.0 [1], causing
"pip check" to fail with the following error:
python-can 4.4.2 has requirement msgpack~=1.0.0; platform_system != "Windows", but you have msgpack 1.1.0.
This patch resolves the issue by updating python3-can to 4.5.0.
[1] https://layers.openembedded.org/layerindex/recipe/66997/
Signed-off-by: Richard Leitner <dev@g0hl1n.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-moteus <= 0.3.87 requires numpy<2 [1], but openembedded-core
versions newer than styhead provide numpy 2.x [2], causing "pip check" to
fail with the following error:
moteus 0.3.87 has requirement numpy<2, but you have numpy 2.3.0.
This patch resolves the issue by updating python3-moteus to 0.3.88.
[1] https://github.com/mjbots/moteus/issues/89
[2] https://layers.openembedded.org/layerindex/recipe/51338/
Signed-off-by: Richard Leitner <dev@g0hl1n.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 7.0.0.20250601:
- Add missing __dir__ method to psutil.Popen
- Replace Incomplete | None = None in third party stubs
- Update psutil to 7.0.*
License-Update: Use LICENSE file
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 6.5.1:
- Fixed a bug in C implementation when multidict is resized and it
has deleted slots.
- A pair of code formatters for Python and C have been configured
in the pre-commit tool.
- Shorted fixture parametrization ids.
- The :file:reusable-cibuildwheel.yml workflow has been refactored
to be more generic and :file:ci-cd.yml now holds all the
configuration toggles
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
