Jiaying Song [Wed, 9 Apr 2025 02:51:10 +0000 (10:51 +0800)]
gcc: Undef _TIME_BITS in sanitizer_procmaps_solaris.cpp
gcc-sanitizers fail to build when both -D_TIME_BITS=64 and
-D_FILE_OFFSET_BITS=64 are defined. This is because
sanitizer_procmaps_solaris.cpp explicitly undefines _FILE_OFFSET_BITS
before including any headers, which causes _TIME_BITS=64 to violate the
requirement in glibc:
/usr/include/features-time64.h:26:5: error: "_TIME_BITS=64 is allowed
only with _FILE_OFFSET_BITS=64"
Fixes a build failure on 32-bit Linux platforms when using both
-D_TIME_BITS=64 and -D_FILE_OFFSET_BITS=64.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 8 Apr 2025 19:15:08 +0000 (21:15 +0200)]
go: upgrade 1.24.1 -> 1.24.2
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.0..go1.24.1 339c903a75 (tag: go1.24.1) [release-branch.go1.24] go1.24.1 334de7982f [release-branch.go1.24] all: updated vendored x/net with security fix 5d6920842b [release-branch.go1.24] runtime/cgo: avoid errors from -Wdeclaration-after-statement 949eae84df [release-branch.go1.24] cmd/compile: don't pull constant offsets out of pointer arithmetic 0bfde51e0d [release-branch.go1.24] runtime: document that cleanups can run concurrently with each other 45a52718e3 [release-branch.go1.24] runtime/cgo: avoid errors from -Wdeclaration-after-statement 7f375e2c22 [release-branch.go1.24] reflect: let Value.Seq return the iteration value correct type 4070531920 [release-branch.go1.24] syscall: disable O_DIRECTORY on Windows for js/wasm 5ffdb9c88b [release-branch.go1.24] reflect: correctly handle method values in Seq becc17ebcd [release-branch.go1.24] runtime: use WCLONE when waiting on pidfd test child d418e224ae [release-branch.go1.24] syscall: don't send child signal when testing pidfd 456eaf5c29 [release-branch.go1.24] cmd/compile: don't report newLimit discovered when unsat happens multiple times e4ef83383e [release-branch.go1.24] debug/buildinfo: base64-encode test binaries 4e6d3468cc [release-branch.go1.24] cmd/compile: ensure we don't reuse temporary register f5c388313f [release-branch.go1.24] internal/godebugs: add fips140 as an opaque godebug setting af236716b2 [release-branch.go1.24] cmd/compile, runtime: use deferreturn as target PC for recover from deferrangefunc 0f7b7600fb [release-branch.go1.24] doc/godebug: mention GODEBUG=fips140 eb58df7dbf [release-branch.go1.24] cmd/compile: avoid infinite recursion when inlining closures 30f4d9e117 [release-branch.go1.24] syscall: don't truncate newly created files on Windows bb0e5c2045 [release-branch.go1.24] runtime: fix usleep on s390x/linux cd0e528d3d [release-branch.go1.24] runtime: add some linknames back for `github.com/bytedance/sonic` 80e2e474b8 [release-branch.go1.24] cmd/go: initialize req.Header when loading git credential
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nativesdk-buildtools-perl-dummy: add more missing packages
There could be several more nativesdk perl packages generated
based on flags and dependencies that should not be installed
into the SDK when "dummy-sdk-package" facility is used. Add
them to the exclusion list here.
yocto-check-layer: expect success for test_patches_upstream_status
When the Upstream-Status tag for patches became mandatory,
the test verifying the presence of this tag was made to not
fail the layer compatibility tests, in order to allow time for
the maintainers to adapt to this change.
This was two years before this commit.
Since then the layer compatibility script shows a cryptic
"unexpected success" result for this test, which of course
becomes clear once one checks the code and commit history,
but it is a nuisance still, which shouldn't be needed to
understand the result.
This commit removes the the related annotation so the
compatibility check will pass or fail with a clear message - in
hope that 2 years was enough for active maintainers to
adjust their patches.
Signed-off-by: Madhu Marri <madmarri@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
packages-split directory does not show any changes relevant for
packaging change.
There are new config options but they don't seem to be significant
enough to need explicit packageconfig options.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mike Crowe [Tue, 8 Apr 2025 13:41:18 +0000 (14:41 +0100)]
classes-recipe: npm: Complain immediately if npm-shrinkwrap.json is too old
Rather than emitting:
Exception: KeyError: 'packages'
and a stack trace, let's fail immediately if lockfileVersion implies
that the npm-shrinkwrap.json file isn't compatible.
The documentation[1] doesn't make it clear which lockfileVersions are
guaranteed to contain "packages". I have lockfileVersion 1 files
without. Running npm 7.5.2 generates npm-shrinkwrap.json files with
lockfileVersion 2 and "packages", so I've set the minimum to be 2.
Changelog:
============
- Fix regression in 4.13.0 on Python 3.10.2 causing a TypeError when using Concatenate.
- Fix TypeError when using evaluate_forward_ref on Python 3.10.1-2 and 3.9.8-10.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 7 Apr 2025 17:12:17 +0000 (18:12 +0100)]
libjpeg-turbo: fix upstream release checking
New releases are no longer made to SourceForge and the GitHub releases
are considered official according to https://libjpeg-turbo.org, so
inherit github-releases and update the SRC_URI.
This now reports that we need to upgrade to 3.1.0.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
According to [1], EDK2 contains a vulnerability in BIOS where a user may
cause an Integer Overflow or Wraparound by network means. A successful
exploitation of this vulnerability may lead to denial of service.
Refer debian [2], backport a patch from edk2 [3] to fix CVE-2025-2295
Peter Marko [Mon, 7 Apr 2025 09:35:57 +0000 (11:35 +0200)]
cve-update-nvd2-native: add workaround for json5 style list
NVD responses changed to an invalid json between:
* April 5, 2025 at 3:03:44 AM GMT+2
* April 5, 2025 at 4:19:48 AM GMT+2
The last response is since then in format
{
"resultsPerPage": 625,
"startIndex": 288000,
"totalResults": 288625,
"format": "NVD_CVE",
"version": "2.0",
"timestamp": "2025-04-07T07:17:17.534",
"vulnerabilities": [
{...},
...
{...},
]
}
Json does not allow trailing , in responses, that is json5 format.
So cve-update-nvd2-native do_Fetch task fails with log backtrace ending:
...
File: '/builds/ccp/meta-siemens/projects/ccp/../../poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 234, function: update_db_file
0230: if raw_data is None:
0231: # We haven't managed to download data
0232: return False
0233:
*** 0234: data = json.loads(raw_data)
0235:
0236: index = data["startIndex"]
0237: total = data["totalResults"]
0238: per_page = data["resultsPerPage"]
...
File: '/usr/lib/python3.11/json/decoder.py', lineno: 355, function: raw_decode
0351: """
0352: try:
0353: obj, end = self.scan_once(s, idx)
0354: except StopIteration as err:
*** 0355: raise JSONDecodeError("Expecting value", s, err.value) from None
0356: return obj, end
Exception: json.decoder.JSONDecodeError: Expecting value: line 1 column 1442633 (char 1442632)
...
There was no announcement about json format of API v2.0 by nvd.
Also this happens only if whole database is queried (database update is
fine, even when multiple pages as queried).
And lastly it's only the cve list, all other lists inside are fine.
So this looks like a bug in NVD 2.0 introduced with some update.
Patch this with simple character deletion for now and let's monitor the
situation and possibly switch to json5 in the future.
Note that there is no native json5 support in python, we'd have to use
one of external libraries for it.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This update has been tested with glibc/musl and gcc/clang in all four
combinations.
Drop patches:
0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch
0001-fix-gcc-8-format-truncation-warning.patch
0001-util.c-add-limits.h-include-for-NAME_MAX-definition.patch
mdadm-3.3.2_x32_abi_time_t.patch
(issue fixed upstream)
0001-include-libgen.h-for-basename-API.patch
0001-mdadm.h-Undefine-dprintf-before-redefining.patch
(issue no longer occurs)
0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch
(service file significantly rewritten, the need for the tweak
should be reassessed)
debian-no-Werror.patch
(replaced with setting CWFLAGS to an empty string in the recipe;
we already set correct flags via CC/CFLAGS, and upstream's only
get in the way)
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream has released a new version (4.4) but not the tarball for it.
Adjust one of the devtool selftests, as it requires that the recipe
under test is using a tarball. Another selftest also needs to be
tweaked to correctly clean up its modifications to that same recipe on
test completion.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vulkan-samples: rewrite and submit reproducubility patch upstream
At some point the problematic define ceased to be used anywhere,
and so we can simply patch it out (and remove the associated
option setting from the recipe).
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ca-certificates: submit sysroot patch upstream, drop default-sysroot.patch
ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
was using a non-standard environment variable, and was replaced
with a patch that adds a command line option (and then this
was submitted upstream). ca-certificates recipe was tweaked accordingly,
and nothing else in core or meta-oe is using update-ca-certificates.
Drop default-sysroot.patch as the use case is unclear: sysroot
is explicitly specified in all known invocations of update-ca-certificate,
and if there's a place where it isn't, then update-ca-certificates
will error out trying to write to /etc, and should be fixed to
explicitly specify the sysroot.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nfs-utils: replace problematic pending patch with upstream submission
The now-removed patch was added for clang compatibility, but over time
started fixing problems that do not exist, and got its description
to mismatch the content.
The new patch is fixing the only problem with clang that still
occurs. I verified that all files that were patched before still
build without errors.
If you find other issues (this would be with non-default
options probably), please fix them similarly.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Li Wang [Fri, 4 Apr 2025 05:21:06 +0000 (13:21 +0800)]
xinetd: use monotonic time
When using xinet.d to limit rsync connections, it can't handle changes
in system time. When time is set back, the connection limit is reached
very quickly and rsync gets deactivated, if time is changed again, rsync
is never reactivated.
The current timer of xinet.d is based on the time() and is affected by
the system time. Use clock_gettime() with CLOCK_MONOTONIC as the new
timer because CLOCK_MONOTONIC clock is not affected by discontinuous
jumps in the system time.
Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix issue with handling BAP state transitions.
Fix issue with handling D-Bus interface removal.
Fix issue with handling MAP and supported features.
Fix issue with handling SDP record for Phonebook Access Client.
Fix issue with handling AVRCP PDU parameters length mismatch.
Fix issue with handling AVRCP PDU for SetAbsoluteVolume.
Fix issue with handling AVDTP bad media transport format.
Fix issue with handling support for LL Privacy setting.
Full Changelog: https://github.com/bluez/bluez/compare/5.80...5.82
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changqing Li [Thu, 3 Apr 2025 08:53:05 +0000 (16:53 +0800)]
initscripts: add function log_success_msg/log_failure_msg/log_warning_msg
* add function log_success_msg/log_failure_msg/log_warning_msg, some
packages still use these functions, like mariadb, refer [1], without
these function, with sysV init manager, mariadb will report error:
root@qemux86-64:~# /etc/init.d/mysqld status
/etc/init.d/mysqld: line 383: log_success_msg: command not found
* remove RCONFLICTS with lsbinitscripts, LSB support already remove in
[2]
When this status type is used, build fails with e.g.
ERROR: openssl-3.4.1-r0 do_create_spdx: Unknown CVE-2025-0001 status 'Unknown'
Since this is now a valid status, it needs to be handled.
It cannot be mapped to any VEX status (see below), so just skip it.
Possible VEX statuses are: NOT AFFECTED, AFFECTED, FIXED, and UNDER INVESTIGATION.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
cc: Marta Rybczynska <rybczynska@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Fri, 28 Mar 2025 05:17:15 +0000 (22:17 -0700)]
time: fix runtime version from UNKNOWN to 1.9
The runtime version of time is determined by:
build-aux/git-version-gen .tarball-version
But there's no .tarball-version in the tarball. So we add this file
manually with ${PV} as the content if it does not exist.
Note that there's a patch for upstream:
https://lists.gnu.org/archive/html/bug-time/2021-01/msg00000.html
So it's possible that when this time recipe is upgraded to a new
version, we won't need such adjust any more.
Before the fix, time --version:
time (GNU Time) UNKNOWN
After the fix, time --version:
time (GNU Time) 1.9
Yi Zhao [Fri, 28 Mar 2025 04:56:13 +0000 (12:56 +0800)]
base-files: add gshadow entry in nsswitch.conf
We encountered a newgrp regression in shadow 4.17.3:
root@qemux86-64:~# groupadd g1
root@qemux86-64:~# useradd t1
root@qemux86-64:~# gpasswd g1
Changing the password for group g1
New Password:
Re-enter new password:
root@qemux86-64:~# sudo -u t1 newgrp g1
Password:
Invalid password.
root@qemux86-64:~#
In versions prior to shadow 4.17.3, shadow used an internal
implementation to support shadow group because it could not correctly
detect whether glibc supports shadow group in a cross-compilation
environment. In 4.17.3, it can correctly check whether glibc supports
shadow group even in a cross-compilation environment[1]. If supported,
shadow will use it instead of its own internal implementation.
Shadow group support in glibc requires adding a gshadow entry in
nsswitch.conf.
After the patch:
root@qemux86-64:~# groupadd g1
root@qemux86-64:~# useradd t1
root@qemux86-64:~# gpasswd g1
Changing the password for group g1
New Password:
Re-enter new password:
root@qemux86-64:~# sudo -u t1 newgrp g1
Password:
t1@qemux86-64:/home/root$
- enable analytics since gstreamer1.0-python depend on it now
- explicitly diable options that new added in meson_options.txt
- lcevcdecoder
- lcevcencoder
- tensordecoders
- nvcomp
- nvdswrapper
- svtjpegxs
- webview2
- aja
- cuda-nvmm
- d3d12
- add backport patch to fix undefined reference to `__atomic_fetch_add_8' issue
This patch is part of upstream commit
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8637/commits?commit_id=f2b5c0b6020b50f5173e449b45a6f 7a7be31c48f
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- add backport patch to fix undefined reference to `__atomic_fetch_add_8' issue
This patch is part of upstream commit
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8637/commits?commit_id=f2b5c0b6020b50f5173e449b45a6f7a7be31c48f
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- add backport patch to fix undefined reference to `__atomic_fetch_add_8' issue
This patch is part of upstream commit, only pick subprojects/gstreamer/meson.build part that affect us
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8637/commits?commit_id=f2b5c0b6020b50f5173e449b45a6f7a7be31c48f
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changqing Li [Wed, 2 Apr 2025 06:29:01 +0000 (14:29 +0800)]
patch.py: set commituser and commitemail for addNote
When PATCHTOOL is set to 'git', and user don't setup
user.name and user.email for git, do_patch fail with
the following error, fix by passing -c options.
CmdError("git notes --ref refs/notes/devtool append -m 'original patch: 0001-PATCH-increase-to-cpp17-version.patch' HEAD", 0, 'stdout:
stderr: Author identity unknown
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Support for Sunxi SoCs added.
* Support for running on a Pine64+ as a generic barebox-dt-2nd.img image.
* MMCs are now much faster to erase, reportedly up to 60x faster.
* Fixed partition handling adapted to be Linux compatible
(barebox,fixed-partitions)
* i.MX HAB support now supports revoking keys and burning the field
return fuse.
* K3: support for eMMC boot partition booting and USB DFU bootstrapping.
* Support for replacing single artifacts when booting bootspec entries.
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
