[OE-core] [scarthgap][PATCH] elfutils: Fix multiple CVEs

Backport fixes for: * CVE-2025-1352 - Upstream-Status: Backport from https://sourceware.org/git/?p=elfutils.git;a=commit;h=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 * CVE-2025-1365 - Upstream-Status: Backport from https://sourceware.org/git/?p=elfutils.git;a=commit;h=5e5c0394d82c53e97750fe7b18023

[OE-core] [poky][kirkstone][PATCH] meta: Enable '-o pipefail' for the SDK installer

From: Moritz Haase When testing a Yocto SDK installer on Alpine 3.21, we recently ended up with a broken SDK. One of the commands the relocation script calls in a piped multi-command chain failed (see [0]), but the installer did not realize that - since it doesn't use 'set -o pipefail'. Thus, the

[OE-core] [poky][scarthgap][PATCH] meta: Enable '-o pipefail' for the SDK installer

From: Moritz Haase When testing a Yocto SDK installer on Alpine 3.21, we recently ended up with a broken SDK. One of the commands the relocation script calls in a piped multi-command chain failed (see [0]), but the installer did not realize that - since it doesn't use 'set -o pipefail'. Thus, the

Re: [OE-core] [PATCH] grub-efi-cfg: Add GRUB_TITLE for custom GRUB titles

On 1/15/25 16:55, Simon A. Eugster via lists.openembedded.org wrote: Until now, the default title of a boot entry is its label. The label is a variable which determines the script to run during an early boot stage and is not necessarily human readable. This patch allows to provide a human-readab

[OE-core][PATCH 2/3] python3-sphinx: upgrade 8.1.3 -> 8.2.1

Changelog: https://www.sphinx-doc.org/en/master/changes/8.2.html License-Update: Update copyright year Signed-off-by: Trevor Gamblin --- .../{python3-sphinx_8.1.3.bb => python3-sphinx_8.2.1.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-devtools/python/{

[OE-core][PATCH 3/3] python3-setuptools-scm: upgrade 8.1.0 -> 8.2.0

Patch '0001-respect-GIT_CEILING_DIRECTORIES.patch' is no longer required as it's upstream in 979d79301da6. Changelog (https://github.com/pypa/setuptools-scm/blob/main/CHANGELOG.md): Added - fix #960: add a --force-write-version-files flag for the cli Changed - fix #950: ensure to pass en

[OE-core][PATCH 1/3] python3-flit-core: upgrade 3.10.1 -> 3.11.0

This update is required for latest versions of packages such as sphinx to build with flit, otherwise you encounter errors like: | File "/home/tgamblin/workspace/yocto/poky/build/tmp/work/core2-64-poky-linux/python3-sphinx/8.2.1/recipe-sysroot-native/usr/lib/python3.13/site-packages/flit_core/co

Re: [OE-core] [PATCH] nfs-utils: fix rpc.statd path in initscript

On 2/26/25 01:19, Khem Raj wrote: On Mon, Feb 24, 2025 at 11:04 PM Yi Zhao via lists.openembedded.org wrote: The location

Re: [OE-core] [PATCH] psplash: fix typo in psplash-systemd.service

Hi Mikko, On Thu, 2025-02-20 at 10:25 +0200, Mikko Rapeli via lists.openembedded.org wrote: > systemd ignores the typo and continues but startup fails later due to > missing fifo file. Fixes: > > systemd[1]: /usr/lib/systemd/system/psplash-systemd.service:8: Unknown key > 'ConditionFileExists'

Re: [OE-core] [PATCH] sanity: check variable GO_IMPORT

On Tue, 2025-02-25 at 15:33 -0500, Randy MacLeod via lists.openembedded.org wrote: >  On 2025-02-25 1:09 p.m., Christos Gavros wrote: >  Check if the variable GO_IMPORT is > > assigned with a value. If not generate an error. > > Fixes [YOCTO #15763] > > > > CC: Yoann Congal > > CC: Randy MacLeod

Re: [OE-core] [PATCH] rpm-sequoia-crypto-policy: clean up dependencies

On Mon, 2025-02-24 at 06:08 +0100, Zoltan Boszormenyi via lists.openembedded.org wrote: > Rely on host-provided python3, coreutils and make. > > openssl-native is not needed either, as the build scripts > use crypto functionality via python. > > Signed-off-by: Zoltán Böszörményi > --- >  .../rp

[OE-core][scarthgap 04/10] u-boot: fix CVE-2024-57257

From: Hongxu Jia A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. https://nvd.nist.gov/vuln/detail/CVE-2024-57257 Signed-off-by: Hongxu Jia Signed-off-by: Steve Sakoman --- .../u-boot/files/CVE-2024-57

[OE-core][scarthgap 05/10] u-boot: fix CVE-2024-57258

From: Hongxu Jia Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. https://nvd.nist.gov/vuln/detail/CVE-2024-57258 Signed-off-by: Hongxu Jia Signed-off-by: St

[OE-core][scarthgap 10/10] python3-setuptools-scm: respect GIT_CEILING_DIRECTORIES

From: Etienne Cordonnier Fixes https://bugzilla.yoctoproject.org/show_bug.cgi?id=15740 python3-setuptools-scm was ignoring GIT_CEILING_DIRECTORIES which is set by poky, and it was thus finding a wrong value of "toplevel" in ./src/setuptools_scm/_file_finders/git.py The code is supposed to gene

[OE-core][scarthgap 08/10] libxml2: upgrade 2.12.9 -> 2.12.10

From: Peter Marko https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.10 Security * [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements * [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd * pattern: Fix compilation of explicit child axis Regressions * parser: Fix d

[OE-core][scarthgap 09/10] bind: Upgrade 9.18.28 -> 9.18.33

From: Vijay Anusuri Includes security fixes for CVE-2024-12705 CVE-2024-11187 and other bug fixes Release Notes: https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-33 https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-32 h

[OE-core][scarthgap 00/10] Patch review

Please review this set of changes for scarthgap and have comments back by end of day Thursday, February 27 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1081 The following changes since commit fc46705cc629a151f85717a57f7d789de8fd9b64: icu: re

[OE-core][scarthgap 07/10] libcap: fix CVE-2025-1390

From: Hitendra Prajapati Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libcap/files/CVE-2025-1390.patch | 36

[OE-core][scarthgap 03/10] u-boot: fix CVE-2024-57256

From: Hongxu Jia An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0x, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/

[OE-core][scarthgap 06/10] u-boot: fix CVE-2024-57259

From: Hongxu Jia sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation. https://nvd.nist.gov/vuln/detail/CVE-2024-57259 Signed-off-by: H

[OE-core][scarthgap 01/10] u-boot: fix CVE-2024-57254

From: Hongxu Jia An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. https://nvd.nist.gov/vuln/detail/CVE-2024-57254 Signed-off-by: Hongxu Jia Signed-off-by: Steve Sakoman --- .../u-boot/files/CVE-2

[OE-core][scarthgap 02/10] u-boot: fix CVE-2024-57255

From: Hongxu Jia An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0x, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/detail/CVE-2024-57255 Signed-off-by: H

Re: [OE-core] [PATCH] sanity: check variable GO_IMPORT

hi Randy I did a build and I wrote a comment in the bug15763 that is generating an error! I always built and test as much as I can before sending patches. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#211923): https://lists.openembedded.org/g/ope

Re: [OE-core] [PATCH] sanity: check variable GO_IMPORT

On 2025-02-25 1:09 p.m., Christos Gavros wrote: Check if the variable GO_IMPORT is assigned with a value. If not generate an error. Fixes [YOCTO #15763] CC: Yoann Congal CC: Randy MacLeod CC: Alexander Kanavin Signed-off-by: Christos Gavros --- meta/classes-global/sanity.bbclass | 4 1 f

Re: Patchtest results for [PATCH v2][OE-core][kirkstone] systemd: upgrade 250.5 -> 250.14

On 2025-02-25 12:53, Narpat Mali via lists.openembedded.org wrote: On 2/25/25 21:01, patcht...@automation.yoctoproject.org wrote: Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patch

[OE-core] [PATCH] sanity: check variable GO_IMPORT

Check if the variable GO_IMPORT is assigned with a value. If not generate an error. Fixes [YOCTO #15763] CC: Yoann Congal CC: Randy MacLeod CC: Alexander Kanavin Signed-off-by: Christos Gavros --- meta/classes-global/sanity.bbclass | 4 1 file changed, 4 insertions(+) diff --git a/meta/

[OE-core] [PATCH v3] oeqa/selftest: add a newline in local.conf (newbuilddir)

If the build-st/conf/local.conf does not end with a newline when is generated then add one Fixes [YOCTO #15734] CC: Yoann Congal CC: Randy MacLeod CC: Alexander Kanavin Signed-off-by: Christos Gavros --- v2->v3 * reading the file line by line replaced with f.readlines (it uses more memory but

Re: Patchtest results for [PATCH v2][OE-core][kirkstone] systemd: upgrade 250.5 -> 250.14

On 2/25/25 21:01, patcht...@automation.yoctoproject.org wrote: Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/v2-kirkstone-systemd-upgrade-250.5---250.14.patch

Re: [OE-core] [PATCH] nfs-utils: fix rpc.statd path in initscript

On Mon, Feb 24, 2025 at 11:04 PM Yi Zhao via lists.openembedded.org wrote: > The location of rpc.statd is /usr/sbin instead of /sbin. > > Signed-off-by: Yi Zhao > --- > meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git

[OE-core][kirkstone 08/22] u-boot: fix CVE-2024-57259

From: Hongxu Jia sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation. https://nvd.nist.gov/vuln/detail/CVE-2024-57259 Signed-off-by: H

Re: [OE-core][scarthgap][PATCH] u-boot: kernel-fitimage: Restore FIT_SIGN_INDIVIDUAL="1" behavior

On 2/25/25 4:49 PM, Jose Quaresma wrote: From: Marek Vasut OE FIT_SIGN_INDIVIDUAL is implemented in an unusual manner, where the resulting signed fitImage contains both signed images and signed configurations, possibly using different keys. This kind of signing of images is redundant, but so is

[OE-core] [PATCH 2/2] perf: enable zstd in default PACKAGECONFIG

From: Bruce Ashfield The following upstream commit: commit 44b44ffd5dcef03d273ad070d0b02a65a323f5f6 Author: Leo Yan Date: Sun Dec 15 22:12:22 2024 + perf build: Minor improvement for linking libzstd The zstd library will be automatically linked by detecting the feature

[OE-core] [PATCH 1/2] linux-yocto-dev: bump to v6.14

From: Bruce Ashfield Updating the development kernel to track the v6.14 series. Signed-off-by: Bruce Ashfield --- meta/recipes-kernel/linux/linux-yocto-dev.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-ke

[OE-core] Yocto Project Status 25 Feb. 2025 (WW09)

Current Dev Position: YP 5.2 M3 Next Deadline: YP 5.2 M3 Build date 2025-03-03 - Feature Freeze Next Team Meetings: - Bug Triage meeting Thursday Feb. 27th 7:30 am PST ( https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09) - Weekly Project Engineering Sync Tuesday F

[OE-core][scarthgap][PATCH] u-boot: kernel-fitimage: Restore FIT_SIGN_INDIVIDUAL="1" behavior

From: Marek Vasut OE FIT_SIGN_INDIVIDUAL is implemented in an unusual manner, where the resulting signed fitImage contains both signed images and signed configurations, possibly using different keys. This kind of signing of images is redundant, but so is the behavior of FIT_SIGN_INDIVIDUAL="1" an

Patchtest results for [PATCH v2][OE-core][kirkstone] systemd: upgrade 250.5 -> 250.14

Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/v2-kirkstone-systemd-upgrade-250.5---250.14.patch FAIL: test CVE tag format: Missing or incorrectly formatted CVE t

Re: [PATCH][OE-core][kirkstone] systemd: upgrade 250.5 -> 250.14

On 2/24/25 22:38, Steve Sakoman wrote: Unfortunately I'm seeing compile errors with DISTRO=poky-altcfg See below for details: https://errors.yoctoproject.org/Errors/Details/844917/ Hi Steve, Have sent the v2 patch with the compile error fix. Thanks, Narpat Steve On Fri, Feb 21, 2025 a

[PATCH v2][OE-core][kirkstone] systemd: upgrade 250.5 -> 250.14

Latest stable branch update which includes 396 commits and the full list of changes can be found at: https://github.com/systemd/systemd-stable/compare/v250.5...v250.14 All the patches were refreshed with devtool. Backported this upstreamed patch to resolve the compile error while building systemd

Re: [OE-core] [PATCH v6] systemd: Build the systemctl executable

On 20 Feb 2025, at 15:33, Vyacheslav Yurkov wrote: > Isn't is supposed to be created on first boot? Yes, ish, but our rootfs is read only at this point: [7.639766] systemd[1]: System cannot boot: Missing /etc/machine-id and /etc is mounted read-only. [7.641135] systemd[1]: Booting up i

[OE-core][kirkstone 20/22] ffmpeg: fix CVE-2024-35369

From: Archana Polampalli In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, po

[OE-core] [PATCH 3/4] apr-utils: remove obsolete patch

This patch to change how autotools pulls in macros is no longer needed. Signed-off-by: Ross Burton --- .../apr/apr-util/configure_fixes.patch| 31 --- meta/recipes-support/apr/apr-util_1.6.3.bb| 1 - 2 files changed, 32 deletions(-) delete mode 100644 meta/recipes-s

[OE-core][kirkstone 16/22] ffmpeg: ignore CVE-2024-7272

From: Peter Marko This vulnerability was introduced in 5.1, so 5.0.1 is not affected. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1

[OE-core][kirkstone 21/22] ffmpeg: fix CVE-2025-25473

From: Archana Polampalli FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2025-25473.patch| 36 +++

[OE-core][kirkstone 19/22] ffmpeg: fix CVE-2024-28661

From: Archana Polampalli Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2024-28661.patch| 40 +++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-multimedi

[OE-core][kirkstone 15/22] ffmpeg: ignore 5 CVEs

From: Peter Marko There is no release which is vulnerable to these CVEs. These vulnerabilities are in new features being developed and were fixed before release. NVD most likely does not accept CVE rejection from a non-maintainer and non-reporter, so ignoring this CVE should be acceptable soluti

[OE-core][kirkstone 18/22] ffmpeg: fix CVE-2024-36618

From: Archana Polampalli FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CV

[OE-core][kirkstone 10/22] Revert "ovmf: Fix CVE-2023-45236"

From: Kai Kang This reverts commit a9cd3321558e95f61ed4c5eca0dcf5a3f4704925. The fix for CVE-2023-45237 has been reverted. And the fix for CVE-2023-45236 depends on it. So revert it too. Signed-off-by: Kai Kang Signed-off-by: Steve Sakoman --- .../ovmf/ovmf/CVE-2023-45236.patch|

[OE-core][kirkstone 03/22] u-boot: fix CVE-2024-57254

From: Hongxu Jia An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. https://nvd.nist.gov/vuln/detail/CVE-2024-57254 Signed-off-by: Hongxu Jia Signed-off-by: Steve Sakoman --- .../u-boot/files/CVE-2

[OE-core][kirkstone 12/22] libxml2: patch CVE-2024-56171

From: Peter Marko Pick commit from 2.12 branch. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2024-56171.patch | 42 +++ meta/recipes-core/libxml/libxml2_2.9.14.bb| 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/

[OE-core][kirkstone 09/22] Revert "ovmf: Fix CVE-2023-45237"

From: Kai Kang This reverts commit 6f8bdaad9d22e65108f859a695277ce1b20ef7c6. his reverts commit 4c2d3e37308cac98614dfafed79b7323423af8bc. The fix for CVE-2023-45237 causes ovmf firmware not support pxe boot any more and no boot item in OVMF menu such as UEFI PXEv4 (MAC address) It has not

[OE-core][kirkstone 17/22] gstreamer1.0-rtsp-server: fix CVE-2024-44331

From: Archana Polampalli Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- ...

[OE-core][kirkstone 13/22] libxml2: patch CVE-2025-24928

From: Peter Marko Pick commit fomr 2.12 branch. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2025-24928.patch | 58 +++ meta/recipes-core/libxml/libxml2_2.9.14.bb| 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/

[OE-core][kirkstone 22/22] vim: Upgrade 9.1.0764 -> 9.1.1043

From: Divya Chellam This includes CVE-fix for CVE-2025-22134 and CVE-2025-24014 Changes between 9.1.0764 -> 9.1.1043 https://github.com/vim/vim/compare/v9.1.0764...v9.1.1043 Signed-off-by: Divya Chellam Signed-off-by: Steve Sakoman --- meta/recipes-suppor

[OE-core][kirkstone 02/22] u-boot: fix CVE-2022-2347 and CVE-2022-30790

From: Sakib Sajal Backport appropriate patches to fix CVE-2022-2347 and CVE-2022-30790. Signed-off-by: Sakib Sajal Signed-off-by: Steve Sakoman --- .../u-boot/files/CVE-2022-2347_1.patch| 129 +++ .../u-boot/files/CVE-2022-2347_2.patch| 66 .../u-boot/fil

[OE-core][kirkstone 14/22] libcap: fix CVE-2025-1390

From: Hitendra Prajapati Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libcap/files/CVE-2025-1390.patch | 36

[OE-core][kirkstone 01/22] u-boot: Fix CVE-2022-30767

From: Carlos Dominguez This patch mitigates the vulnerability identified via CVE-2019-14196. The previous patch was bypassed/ineffective, and now the vulnerability is identified via CVE-2022-30767. The patch removes the sanity check introduced to mitigate CVE-2019-14196 since it's ineffective. fi

[OE-core][kirkstone 11/22] libxml2: fix compilation of explicit child axis in pattern

From: Peter Marko This was reported as sucurity fix in https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.10 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...x-compilation-of-explicit-child-axis.patch | 31 ++

[OE-core][kirkstone 04/22] u-boot: fix CVE-2024-57255

From: Hongxu Jia An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0x, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/detail/CVE-2024-57255 Signed-off-by: H

[OE-core][kirkstone 05/22] u-boot: fix CVE-2024-57256

From: Hongxu Jia An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0x, resulting in a malloc of zero and resultant memory overwrite. https://nvd.nist.gov/vuln/

[OE-core][kirkstone 07/22] u-boot: fix CVE-2024-57258

From: Hongxu Jia Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. https://nvd.nist.gov/vuln/detail/CVE-2024-57258 Signed-off-by: Hongxu Jia Signed-off-by: St

[OE-core][kirkstone 06/22] u-boot: fix CVE-2024-57257

From: Hongxu Jia A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. https://nvd.nist.gov/vuln/detail/CVE-2024-57257 Signed-off-by: Hongxu Jia Signed-off-by: Steve Sakoman --- .../u-boot/files/CVE-2024-57

[OE-core][kirkstone 00/22] Patch review

Please review this set of hcanges for kirkstone and have comments back by end of day Thursday, February 27 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1076 The following changes since commit 573f5b2d8fec9f8a4ed17e836ef3feeb6de62e5a: procps:

[OE-core] [PATCH 2/4] recipes/*: remove obsolete use of acpaths

The bulk of these recipes used acpaths to work around argument list limits as we passed the full path to every directory. As this behaviour no longer happens we can remove these workarounds. Signed-off-by: Ross Burton --- meta/recipes-connectivity/inetutils/inetutils_2.5.bb | 2 -- meta/recipe

[OE-core] [PATCH 4/4] freetype: pass missing include paths to autoreconf

Now that autotools isn't searching for every m4 file the configure fails. This is because freetype only uses autoconf and has a manual autogen.sh script that passes -I. itself. As we don't call that script, pass -I . to autoreconf ourselves. Signed-off-by: Ross Burton --- meta/recipes-graphics/

[OE-core] [PATCH 1/4] autotools: don't try and find in-tree macros

autotools has improved a lot since this class was written, and there's now no need to search the source tree for m4 files and add them to the include path. If packages have macros in subdirectories the idiom is to tell aclocal via an assignment in Makefile.am: ACLOCAL_AMFLAGS = -I gl/m4 -I m4

[OE-core][scarthgap][PATCH] bind: Upgrade 9.18.28 -> 9.18.33

From: Vijay Anusuri Includes security fixes for CVE-2024-12705 CVE-2024-11187 and other bug fixes Release Notes: https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-33 https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-32 h

Re: [OE-core] [PATCH v6] systemd: Build the systemctl executable

On Tue, 2025-02-25 at 14:23 +0200, Mikko Rapeli wrote: > Hi, > > On Tue, Feb 25, 2025 at 11:21:59AM +, Richard Purdie via > lists.openembedded.org wrote: > > On Thu, 2025-02-20 at 16:03 +, Alex Kiernan via lists.openembedded.org > > wrote: > > > On Thu, Feb 20, 2025 at 3:52 PM Vyacheslav

Re: [OE-core] [PATCH v6] systemd: Build the systemctl executable

Hi, On Tue, Feb 25, 2025 at 11:21:59AM +, Richard Purdie via lists.openembedded.org wrote: > On Thu, 2025-02-20 at 16:03 +, Alex Kiernan via lists.openembedded.org > wrote: > > On Thu, Feb 20, 2025 at 3:52 PM Vyacheslav Yurkov via > > lists.openembedded.org > > wrote: > > > > > > From

[OE-core] [PATCH] classes/insane: do not leak host uid/gid into package_qa sstate signatures

From: Alexander Kanavin This prevented package_qa sstate from being reusable unless host uid/gid values would match exactly (and they unfortunately do on the yocto autobuilder worker machines which all share a 'pokybuild' user). I noticed this when testing CDN sstate reuse, which otherwise work

[OE-core] [PATCH 4/4] fragments/qemu: add support for enabling sdl in qemu

From: Alexander Kanavin This has been the default in poky's local.conf template for a long time, but it's not enabled directly in poky distro. To allow better sstate reuse and a better user experience on a typical laptop (qemu will pop up a graphical window directly), let's add this fragment and

[OE-core] [PATCH 1/4] meta/conf/templates: add a blank template

From: Alexander Kanavin The default oe-core/poky templates have a number of settings (such as distro and machine) and are thus unsuitable for building up configurations from fragments. This adds a template with an empty local.conf, so that it can be used as the starting point for fragment-driven

[OE-core] [PATCH 3/4] conf/fragments: add a fragment for CDN sstate mirror

From: Alexander Kanavin This will be used in bitbake-setup official configurations and it will be awesome. Signed-off-by: Alexander Kanavin --- meta/conf/fragments/yocto/sstate-mirror-cdn.conf | 12 1 file changed, 12 insertions(+) create mode 100644 meta/conf/fragments/yocto/sst

[OE-core] [PATCH 2/4] conf/fragments: add fragments for qemux86-64 and qemuarm64

From: Alexander Kanavin These will be used by official bitbake-setup configurations, and so let's start with them :) Plenty more fragments can be added over time. Signed-off-by: Alexander Kanavin --- meta/conf/fragments/machines/qemuarm64.conf | 5 + meta/conf/fragments/machines/qemux86-6

Re: [OE-core] [PATCH] u-boot: kernel-fitimage: Restore FIT_SIGN_INDIVIDUAL="1" behavior

Marek Vasut escreveu (domingo, 23/02/2025 à(s) 23:23): > On 2/23/25 11:13 PM, Rogerio Guerra Borin wrote: > > On 2/21/25 21:20, Marek Vasut wrote: > >> This message originated from outside your organization > >> > >> OE FIT_SIGN_INDIVIDUAL is implemented in an unusual manner, > >> where the resul

Re: [OE-core] [PATCH v6] systemd: Build the systemctl executable

On Thu, 2025-02-20 at 16:03 +, Alex Kiernan via lists.openembedded.org wrote: > On Thu, Feb 20, 2025 at 3:52 PM Vyacheslav Yurkov via > lists.openembedded.org > wrote: > > > > From meta/classes-recipe/rootfs-postcommands.bbclass: > > > > # 20:12 < mezcalero> koen: you have three option

Re: [OE-core] [PATCH v2] oeqa/selftest: add a newline in local.conf (newbuilddir)

Hello Chistos, Le mar. 25 févr. 2025 à 10:58, Christos Gavros a écrit : > If the build-st/conf/local.conf does not end with a newline > when is generated then add one > Fixes [YOCTO #15734] > > CC: Randy MacLeod > Reviewed-by: Yoann Congal > FYI, you can't add a Reviewed-by from someone withou

Re: [OE-core] [PATCH v2] oeqa/selftest: add a newline in local.conf (newbuilddir)

On Tue, 25 Feb 2025 at 10:58, Christos Gavros via lists.openembedded.org wrote: > +# if the last line of local.conf in newbuilddir is not empty and > does not end with newline then add one > +localconf_path = newbuilddir + "/conf/local.conf" > +with open(localconf_path, "r

[OE-core] [PATCH v2] oeqa/selftest: add a newline in local.conf (newbuilddir)

If the build-st/conf/local.conf does not end with a newline when is generated then add one Fixes [YOCTO #15734] CC: Randy MacLeod Reviewed-by: Yoann Congal Signed-off-by: Christos Gavros --- v1->v2 * the comment is changed * last_line is initialized to "None" * add a new line by using f.write("

Re: [OE-core] [PATCH] Revert "python3-ctypes: depend on ldconfig only if distro-feature set"

On Mon Feb 24, 2025 at 12:02 PM CET, Mathieu Dubois-Briand via lists.openembedded.org wrote: > On Mon Feb 24, 2025 at 9:20 AM CET, Changqing Li wrote: > > > > On 2/24/25 08:27, Changqing Li via lists.openembedded.org wrote: > > Hi, Mathieu > > > > I cannot reproduce this ptest failure on my host.

Re: [OE-core] Broken python3-grpcio on main branch

I guess the unbundling experiment didn’t work out very well. I’ll send a revert in the evening. Peter From: unit exe Sent: Tuesday, February 25, 2025 2:18 To: Marko, Peter (FT D EU SK BFS1) Cc: openembedded-core@lists.openembedded.org Subject: Re: [OE-core] Broken python3-grpcio on main branch