ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.
Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.
This information was sourced from https://www.gnu.org/prep/ftp.html
(From OE-Core rev: b0ce480eca6397fab71082ed202c3cf9dd02456f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.
Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.
This information was sourced from https://www.gnu.org/prep/ftp.html
(From OE-Core rev: aa7ff5a115f55c092f8ca5badad63734c8f4f5b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.
Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.
This information was sourced from https://www.gnu.org/prep/ftp.html .
(From OE-Core rev: ef14bcae0f3f27acdd4e591fac69515aa912f194)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8c6f01d7467e018aa0ed27a87850d9e4434a47a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
3.2.6 has fixed 3.2.5 regression which broke python3 ptests so we can
upgrade now. We can also drop CVE-2025-27587 patch which was taken
instead of 3.2.5 upgrade under:
https://github.com/openssl/openssl/pull/28198
Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3017-and-openssl-3018-30-sep-2025
OpenSSL 3.2.6 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)
* Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)
Release information:
https://github.com/openssl/openssl/blob/openssl-3.2/NEWS.md#major-changes-between-openssl-324-and-openssl-325-1-jul-2025
OpenSSL 3.2.5 is a bug fix release.
This release incorporates the following bug fixes and mitigations:
* Miscellaneous minor bug fixes.
(From OE-Core rev: ef6bbf39c10ff7bd8ad36d5d2f59ddd0756e0141)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update to the 5.0.12 release of the 5.0 series for buildtools
(From OE-Core rev: 2f69dceeebbb67ce06ceda8782a60a71a0ed7f22)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If the PATH environment variable contains paths which are executables
(rather than just directories), passing certain strings to LookPath
("", ".", and ".."), can result in the binaries listed in the PATH
being unexpectedly returned.
(From OE-Core rev: ed6df1883225ec08e637a0d7a15a6a5da4665d8d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Following are mentioned in commit upgrading the recipe to 6.1.3:
* CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31578 CVE-2024-31582
Following are fixed via mentioned commits already in 6.1.1:
* CVE-2023-50009: 162b4c60c8
* CVE-2023-50010: e809c23786
* CVE-2024-31585: 3061bf668f
(From OE-Core rev: 8286570b3baf275ff48c45ca0864348a8d3faa01)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These CVEs are for tools which were removed in v4.6.0 via [1] and
re-introduced again in v4.7.0 via [2].
[1] eab89a627f
[2] 9ab54a8580
(From OE-Core rev: faf1e12ae0f9de56402830460315e5be0d13f4a5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As per the linked ticket, this issue is related to an Ubuntu-specific
patch that we don't have.
(From OE-Core rev: dc81fdc6bdf8ab39b7f2fd994d50256430c36558)
(From OE-Core rev: 72e63e44a0c6ad5a408c4dc59a24288c36463439)
(From OE-Core rev: 4cdcb27238be40e815ce5a0b67ce419331079801)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit mentioned in the NVD report.
(From OE-Core rev: a63bb2ccc8294c8a97f5957f1ca9f0a4880713ac)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit mentioned in the NVD report.
(From OE-Core rev: 2f1d5b9ad1af6d2b28e9e7b46aadd879a67b8fc6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit mentioned in the NVD report.
(From OE-Core rev: 4a2f47d9541d7a13da7a9ce16bd5088870c45ec4)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Copy statement from [1] that it is problem of installers (non-Linux).
Also [2] linked in NVD says "Fixed in 1.25.1 Gstreamer Installer".
Since Yocto builds from sources into our own packages, ignore it.
[1] https://security-tracker.debian.org/tracker/CVE-2025-2759
[2] https://www.zerodayinitiative.com/advisories/ZDI-25-268/
(From OE-Core rev: 99ee1df6bde2ffd4fa2ddea44c0a9b94d9d77bae)
(From OE-Core rev: 7937625a30f6046ba483a000497b15169659f5eb)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
All these CVEs were fixed in recent commits.
(From OE-Core rev: c5a68886247d4417de4ecaa8460e25e84ab93b0d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This issue is specific to the peimage module that Ubuntu add, and is not
an upstream issue.
(From OE-Core rev: 8d2fe3f403e6435e1ffe122a6776381090752d8a)
(From OE-Core rev: d005eda88dad37f31bdc59e45e20b209f3771a26)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit mentioning this CVE.
Additionally fix test broken by the CVE fix.
(From OE-Core rev: e348e10f35cc082ebfe22c890c5f64c4a06dcea3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is no single "recipe-sysroots" directory, but rather many
"recipe-sysroot*" directories.
(From yocto-docs rev: 6f086fd3d9dbbb0c80f6c3e89b8df4fed422e79a)
Signed-off-by: Adam Blank <adam.blank.g@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f2d6e228409cb1dd1dbf339c405699ac6d3900be)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add documentation for auto.conf, which is used by external tools for
automatically setting variables.
(From yocto-docs rev: c16beccd7fa836a6bc77bb0a9d3274508bd3c6ff)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 134e54a75e0144c4629f702c6f43e92ed1f12dce)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The description of the relation between KBUILD_DEFCONFIG and
SRC_URI is reversed. In fact it is the SRC_URI provided
defconfig which will be dropped by the kernel-yocto class
if both are provided.
(From yocto-docs rev: 3dc8212748d014f0b2cd1bb6777404bafe6d5a58)
Signed-off-by: Adam Blank <adam.blank.g@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a808420655a0976ba08f013f468cf80f379b1d89)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This does not work for native builds:
CFLAGS += "-std=gnu17"
The line from native.bbclass gets priority:
CFLAGS = "${BUILD_CFLAGS}"
From bitbake-getvar -r expect-native CFLAGS
...
append ...poky/meta/recipes-devtools/expect/expect_5.45.4.bb:44
"-std=gnu17"
set ...poky/meta/classes-recipe/native.bbclass:44
"${BUILD_CFLAGS}"
...
(From OE-Core rev: 2696c50af9946f425ccaf7d0e7e0eb3fd87c36bb)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Stick to C17 standard as GCC 15 switches to C23
(From OE-Core rev: a1ac756f2f55c4f27a95cb8b1e63ee2db06dd327)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Clean up the do_install append, and remove a long-standing unused
variable that appears to be intending to not install the scripts but
would have never actually done that as the relevant override since 2008
has been task-install. As we've been installing the scripts, keep
instaling them.
(From OE-Core rev: 10a501b3bfe8f73ce2eb15673900df71e547b54d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
expect has a hand-maintained aclocal.m4 so don't run aclocal, which has the
side effect of not deleting the aclocal.m4 file which pulls in macros.
The build works without this change more through luck and a combination
of behaviours than design.
(From OE-Core rev: 61dbfd66210b090ec8abfbf1f4688e5691299d68)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Tcl 8.4.0 changed the channel implementation, take a patch submitted
upstream to update the code for the new interface and remove the silencing
of the incompatible assignment error which was due to this issue.
(From OE-Core rev: 20cadf7b66f30e8a3b409b4a96eced614ac21013)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In the meantime there is a cleaner fix on the master branch and we also
need to back-port more patches to support gcc-15 as well.
This reverts commit 8bfdb53247 which is
not in the master branch as a preparation for cherry-picking the newer
fixes from there.
(From OE-Core rev: 4ea89ba363228aa5e16412f85644608f4c645d5f)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in Libtiff. This vulnerability is a "write-what-where"
condition, triggered when the library processes a specially crafted TIFF
image file.[EOL][EOL]By providing an abnormally large image height value
in the file's metadata, an attacker can trick the library into writing
attacker-controlled color data to an arbitrary memory location. This
memory corruption can be exploited to cause a denial of service (application
crash) or to achieve arbitrary code execution with the permissions of the user.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9900
Upstream patch:
3e0dcf0ec6
(From OE-Core rev: c1303b8eb4e85a031a175867361876a256bfb763)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There's no need to differentiate crediting contributors from committing
your changes, so let's simply make it the last step of "Commit your
changes" section.
This simply indents the text so it's now part of "Commit your changes"
list instead of the main list in the "Implement and commit changes"
section. Because of this reorganisation, the instruction to use "git
commit --amend" to add the contributors is moved to a note, and the
first few sentences are reworded to better match the wording of other
items in the "Commit your changes" list of instructions.
(From yocto-docs rev: 6ba61d7bc3e641b3d4194f2d99a276f3b29f82b8)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit eff4d14e28d323ebfdaeb0c5c805b5f1e2ad153d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
... so that it's clear that you need to read and follow each and every
instruction in this list.
(From yocto-docs rev: 6dfef402b2785675870d513f4afeed6b7e7a4df1)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit c628a489f081925fabaabb5acac6752251150269)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This should hopefully make it clearer what is expected from the
contributor.
This follows my understanding of git-commit(1)[1] where the following is
a git commit message:
"""
git commit title
git commit description
"""
I'm putting the "Fixes [YOCTO" line in "body of the commit message" so
it's understood as being different from the git commit description so
that the note admonition allowing us to have an empty commit description
doesn't apply to the "Fixes [YOCTO" line.
[1] https://www.man7.org/linux/man-pages/man1/git-commit.1.html#DISCUSSION
(From yocto-docs rev: f0f9d40a04cba684a476caaa053b6f24ade9fb99)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b84903a760350bd118c56ea9ce4e98039edf6e55)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The kernel docs specifies[1] a Cc: tag and not CC: tag, so let's align
with that.
[1] https://www.kernel.org/doc/html/latest/process/submitting-patches.html#when-to-use-acked-by-cc-and-co-developed-by
(From yocto-docs rev: 49934860119ccd0844b0c600ea6be0a776b11a12)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f800fef4e9e2c1d3584ac49be8324638d2923b17)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The other tag descriptions have the double colon outside of the
highlight, and start the sentence with a lowercase word, so let's align
the CC tag with those.
(From yocto-docs rev: 4dba30a040fd64e4e547bc485878b90e691c1373)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f116e93fb335e9d0f85891c4cb501bcf55b18ccf)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The example could be understood as the content of the commit message
once the editor (git config core.editor) opens, where the first
line is the actual commit title and not the commit description.
This example would make the Fixes line the commit title, which is not
what we want.
In short, according to my understanding of git-commit(1):
The following is a git commit message:
"""
git commit title
git commit description
"""
Reported-by: Barne Carstensen <barne.carstensen@danfoss.com>
(From yocto-docs rev: 5244b934db878a5bdb73118f1629cf20e391faa7)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a5862406bf3230befe9db9f2539bbbc86c02015d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
I don't know what was the initial intent but this doesn't seem right, so
let's remove the bold formatting.
Fixes: 4abe87cb20d3 ("contributor-guide: submit-changes: detail commit and patch creation")
Cc: Michael Opdenacker <michael.opdenacker@rootcommit.com>
(From yocto-docs rev: 80be07404bd8215b198f5fb0936e3786072559b6)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 6c499b3796a578a0fe4c319c9547b4321b0d41df)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This has changed since commit ed4238487c81 ("testexport: Fix to work as
an image class") in OE-Core.
[Antonin Godard: mention oecore commit in commit body]
(From yocto-docs rev: fd16d625089eab377ad3061f6aa21f94c251deb9)
Signed-off-by: Barne Carstensen <barne.carstensen@danfoss.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 2caa8e581feaf3640bea68108f9a02583b17b21b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This change already exists on master, but it was made as part of the
larger migration to ${UNPACKDIR} and is not cherry-pickable.
See: d73595df696 (recipes: Update WORKDIR references to UNPACKDIR)
(From OE-Core rev: 378f87f087651bacdb6efc6b98168bc6ba865070)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This example no longer works on more recent kernels:
genl-family-get
error: Invalid argument
dmesg says:
netlink: 'genl-family-get': attribute type 1 has an invalid length.
Fix this and also zero out the reserved field in the genl header,
while not validated yet for dumps this could change.
Upstream-Status: Backport [https://git.netfilter.org/libmnl/patch/?id=54dea548d796653534645c6e3c8577eaf7d77411]
Reported-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
(From OE-Core rev: bae5ecea1c40847ffc3760173192f85e28ed9d7b)
Signed-off-by: Florian Westphal <fw@strlen.de>
(cherry picked from commit 54dea548d796653534645c6e3c8577eaf7d77411)
Signed-off-by: Divyanshu Rathore <divyanshu.rathore@bmwtechworks.in>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Disable NLS in the build when USE_NLS is off.
(From OE-Core rev: b94798ecd535956ef4565663710ea9a701ff21ed)
This change corresponds to upstream eeb3974472
from master .
Since the p11-kit version are different between master & scarthgap
applied the patch manually
(From OE-Core rev: 96602ea67463170c4cadf748525f5615ce9bbd91)
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: AshishKumar Mishra <emailaddress.ashish@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Do not build translations when NLS is disabled.
(From OE-Core rev: 83795ef6c3fa12a863cd20b7ec1a2607606987b6)
This change corresponds to upstream d848b454e6
from master .
Since the systemd version are different between master & scarthgap
applied the patch manually
(From OE-Core rev: 780b902a0fd124420f00ee5e55f4fd362d2d8913)
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: AshishKumar Mishra <emailaddress.ashish@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes build with python-3.14
It was added to bitbake in 62be9113d98fccb347c6aa0a10d5c4ee2857f8b6
and oe-core now requires latest bitbake already, so we can use this.
[YOCTO #15858]
(From OE-Core rev: 92369c8acf0b4d6c2ced88abbda5f5defd276ba2)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Needed for multiprocessing module in bb used in the next commit.
It was added to bitbake in 62be9113d98fccb347c6aa0a10d5c4ee2857f8b6
which was backported to 2.8 branch and tagged as 2.8.1
(From OE-Core rev: 95888aa944847cf6dbfac501997a3e2980344b66)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick 3 patches from meta-clang's scartsgap branch to fix build with
gcc-15. These patches are already in upstream llvm but not in
18.1.8 release.
Note: the patch 0039-Fix-build-with-GCC-15.patch from meta-clang
is not needed as it targets lldb which we do not build.
(From OE-Core rev: a2c5e1d6ec6c905bbf31f017a010b0496b39b211)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
