Peter Marko [Tue, 11 Mar 2025 18:09:53 +0000 (19:09 +0100)]
grub: patch CVE-2025-0622
Cherry-pick patch mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:52 +0000 (19:09 +0100)]
grub: patch CVE-2024-45775
Cherry-pick patch mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:51 +0000 (19:09 +0100)]
grub: patch CVE-2024-45774
Cherry-pick patch mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:50 +0000 (19:09 +0100)]
grub: patch CVE-2025-0624
Cherry-pick patch mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:49 +0000 (19:09 +0100)]
grub: patch CVE-2024-45783
Cherry-pick patch mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:48 +0000 (19:09 +0100)]
grub: patch CVE-2024-45780
Cherry-pick patch mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:47 +0000 (19:09 +0100)]
grub: patch CVE-2024-45782 and CVE-2024-56737
Cherry-pick patch mentioning these CVEs.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:46 +0000 (19:09 +0100)]
grup: patch CVE-2024-45781
Cherry-pick patch mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:45 +0000 (19:09 +0100)]
grub: backport strlcpy function
It is used to fix multiple CVEs.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 11 Mar 2025 18:09:44 +0000 (19:09 +0100)]
grub: drop obsolete CVE statuses
CVE-2021-46705 was needed only with 2.06
CVE-2023-4692 and CVE-2023-4693 were fixed in NVD DB meanwhile
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Hongxu Jia [Tue, 11 Mar 2025 04:59:11 +0000 (12:59 +0800)]
man-pages: 6.12 -> 6.13
Changelog:
============
- Build system:
- PDF book:
- Add support for UNIX V10 sources.
- Makefiles:
- Don't pass an escaped # to grep(1). Use a trick to work with
both new and old systems. This fixes a regressions in the
build system from man-pages-6.11, which was itself introduced
while fixing a regression introduced in man-pages-6.10.
[RP: Tweak version typo in commit message] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 10 Mar 2025 12:49:49 +0000 (13:49 +0100)]
xwayland: mark CVEs fixed in 24.1.6 as fixed
These are tracked as versionless redhat CVEs in NVD DB.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Volk [Sun, 9 Mar 2025 06:56:27 +0000 (07:56 +0100)]
libsdl2: fix build with pipewire 1.4.0
This commit adds a backport patch to address a build issue with pipewire 1.4.0
| /home/flk/poky/build/tmp/work/corei7-64-poky-linux/libsdl2/2.32.2/SDL2-2.32.2/src/audio/pipewire/SDL_pipewire.c:593:37: error: passing argument 1 of 'pw_node_enum_params' from incompatible pointer type [-Wincompatible-pointer-types]
Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Hongxu Jia [Wed, 12 Mar 2025 05:58:03 +0000 (13:58 +0800)]
lib: spdx30_tasks: remove duplicated patched CVEs
Due to commit [lib: spdx30_tasks: Handle patched CVEs][1] applied,
duplicated CVE identifier for each CVE which increased +25% build
time (image task: do_create_image_sbom_spdx)
Since the commit [cve-check: annotate CVEs during analysis][2] improved
function get_patched_cves to:
- Check each patch file;
- Search for additional patched CVEs from CVE_STATUS;
And return dictionary patched_cve for each cve:
{
"abbrev-status": "xxx",
"status": "xxx",
"justification": "xxx",
"resource": "xxx",
"affected-vendor": "xxx",
"affected-product": "xxx",
}
But while adding CVE in meta/lib/oe/spdx30_tasks.py, the cve_by_status
requires decoded_status
{
"mapping": "xxx",
"detail": "xxx",
"description": "xxx",
}
This commit converts patched_cve to decoded_status
Joshua Watt [Tue, 11 Mar 2025 14:03:02 +0000 (08:03 -0600)]
lib: Fix dependencies on SPDX code
The SPDX library code was being ignored from taskhash calculations due
to accidentally being omitted from BBIMPORTS. This meant that changes in
the code or dependent variables would not cause the task to rebuild
correctly.
In order to add spdx_common, convert the `Dep` object from a named tuple
to a frozen dataclass. These function more or less equivalently, but the
bitbake code parser cannot handle named tuples.
Finally, the vardepsexclude that used to be present on the recipe tasks
needs to be moved to the python code in order for the variables to be
correctly ignored. Several unused exclusions were removed
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For reasons we have explicit xorg.conf files for a number of the qemu
machines, but not all of them. These mainly disabled screen blanking
(which is now down with a separate fragment) but also explictly set the
device driver to fbdev which meant they didn't use the modesettings
driver as they should (with the virtio framebuffer from qemu).
This is the root cause of why the xserver 21.1.16 upgrade doesn't work
on a number of machines: the /sys probing changed and the fbdev driver
now refuses to use the PCI framebuffer device as there are better
drivers, but we've explictly told xorg to use the wrong driver.
For more details, see https://gitlab.freedesktop.org/xorg/xserver/-/issues/1798.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 10 Mar 2025 09:35:49 +0000 (10:35 +0100)]
oe-selftest: fitimage add more kernel tests
* Test with only one externally provided ssh key not only with two
keys generated by the kernel-fitimage.bbclass itself.
* Add a test which signs only the configuration but not the image nodes.
There was no test case which covered the probably much more important
use case of setting FIT_SIGN_INDIVIDUAL = "0".
* Cover also the unbundled initramfs use case. Also this use case is
probably much more relevant than the bundled initramnfs use case.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 10 Mar 2025 09:35:48 +0000 (10:35 +0100)]
oe-selftest: fitimage cleanup
This is a comprehensive cleanup of the fitImage related test cases.
The existing test cases were essentially the same code copied and pasted
9 times. All 9 test cases contained the code to parse an its file and to
parse the output of the dumpimage utility in slightly different variants.
Changing the kernel-fitimage.bbclass or the uboot-sign.bbclass would mean
changing 9 test cases individually. This is no longer maintainable.
This cleanup converts the code into reusable functions. The new test
code is more like a reverse implementation of the bbclasses to be tested
than a collection of straightforward test sequences.
This also means that the test code evaluates the same bitbake variables
as the implementation. This makes it much easier to add new test cases,
as a test case is basically just another local.conf file. The code is
not yet complete. But it can now be improved step by step in this
direction.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 10 Mar 2025 09:35:47 +0000 (10:35 +0100)]
oe-selftest: fitimage sort tests
This is a trivial refactoring.
The goal is to have all tests for kernel-fitimage.bbclass and all tests
for uboot-sign.bbclass together. This refactoring greatly simplifies
the diff of the next commit.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 10 Mar 2025 09:35:46 +0000 (10:35 +0100)]
oe-selftest: adapt u-boot tests to latest changes
For u-boot test cases (bitbake virtual/bootloader) inheriting the
kernel-fitimage.bbclass is no longer needed. Also setting any variable
which is evaluated by the kernel-fitimage.bbclass but not by
uboot-sign.bbclass is pointless since:
* Commit OE-Core rev: 259bfa86f384206f0d0a96a5b84887186c5f689e has
finally removed the dependency of uboot-sign.bbclass on the
kernel-fitimage.bbclass completely.
Remove the related lines of code which are now without any effect.
The two test cases test_uboot_fit_image and test_uboot_sign_fit_image
do the exact same test. Both generate a binary equal its file:
/dts-v1/;
/ {
description = "A model description";
#address-cells = <1>;
images {
uboot {
description = "U-Boot image";
data = /incbin/("u-boot-nodtb.bin");
type = "standalone";
os = "u-boot";
arch = "arm";
compression = "none";
load = <0x80080000>;
entry = <0x80080000>;
};
fdt {
description = "U-Boot FDT";
data = /incbin/("u-boot.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
};
};
The code diff between the two equal test cases looks like:
@@ -1,8 +1,9 @@
- def test_uboot_fit_image(self):
+ def test_uboot_sign_fit_image(self):
"""
Summary: Check if Uboot FIT image and Image Tree Source
(its) are built and the Image Tree Source has the
- correct fields.
+ correct fields, in the scenario where the Kernel
+ is also creating/signing it's fitImage.
Expected: 1. u-boot-fitImage and u-boot-its can be built
2. The type, load address, entrypoint address and
default values of U-boot image are correct in the
@@ -26,16 +27,15 @@
UBOOT_LOADADDRESS = "0x80080000"
UBOOT_ENTRYPOINT = "0x80080000"
UBOOT_FIT_DESC = "A model description"
-
-# Enable creation of Kernel fitImage
KERNEL_IMAGETYPES += " fitImage "
-KERNEL_CLASSES = " kernel-fitimage"
+KERNEL_CLASSES = " kernel-fitimage "
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1"
+UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
"""
self.write_config(config)
Conclusion: The test case test_uboot_sign_fit_image looks redundant.
Contrary to its name, it does not insert any signature nodes into the
its-file and therefore does not test any type of signature.
It looks like the original implementation of test_uboot_sign_fit_image
was supposed to test the interaction between the kernel-fitimage.bbclass
and uboot-sign.bbclass which does not longer work like that.
When compiling u-boot, the variable that is relevant for creating an its
file with signature nodes is: SPL_SIGN_ENABLE. This is what the test
case test_sign_standalone_uboot_fit_image verifies. Lets just delete the
now obsolete test_uboot_sign_fit_image test case.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 10 Mar 2025 09:35:45 +0000 (10:35 +0100)]
uboot, kernel: use hex address for UBOOT_ENTRYPOINT
Compiling a FIT image with this default values and dump it with
dumpimage shows decimal converted values. For example the default value 20008000 looks like this:
Adrian Freihofer [Mon, 10 Mar 2025 09:35:44 +0000 (10:35 +0100)]
linux-fitimage: sign setup sections
If FIT_SIGN_INDIVIDUAL is set to “1”, a signature section is added
to all screen sections, but not to the setup section. To match the setup
section with all other sections, the signature is also added. This also
helps to implement the associated tests generically.
This change is intended to make the code more consistent. However, it is
not intended to make the FIT_SIGN_INDIVIDUAL function more popular.
Technically, it would be better to remove the signature from all other
image sections and discard the FIT_SIGN_INDIVIDUAL function, the use of
which is no longer recommended anyway.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Whenever Systemd is used as an init manager, it requires a machine-id
file to be present / initialized / or have the RW rootfs. This change
does not introduce a new functionality, but rather merges everything we
do with machine-id in one place.
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of the python re-implementation build the actual systemctl from
the systemd source tree. The python script was used when systemd didn't
provide an option to build individual executables. It is possible in the
meantime, so instead of always adapting the script when there's a new
functionality, we simply use upstream implementation.
License-Update: Base recipe is used
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building external modules, macros can include absolute names of
kernel headers. The macro-prefix-map for the STAGING_KERNEL_DIR is
currently missing. Add it in the same way as its done in bitbake.conf.
This fixes reproducible builds and following build error:
ERROR: cryptodev-module-1.14-r0 do_package_qa: QA Issue: File <..>
cryptodev.ko <..> contains reference to TMPDIR [buildpaths]
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Thu, 6 Mar 2025 21:20:07 +0000 (14:20 -0700)]
lib: spdx30_tasks: Handle patched CVEs
The code to iterate over patched CVEs (e.g. those patched by a .patch
file in SRC_URI) was accidentally omitted when writing the SPDX 3
handling. Add it in now
[YOCTO #15789]
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pavel Zhukov [Fri, 7 Mar 2025 09:52:57 +0000 (10:52 +0100)]
ovmf: Add PACKAGECONFIG[debug]
In release mode, OVMF does not output any debug information to the QEMU port, making it extremely difficult to debug boot issues.
This commit introduces packageconfig debug flag to enable it
Markus Volk [Wed, 5 Mar 2025 15:19:06 +0000 (16:19 +0100)]
fastfloat: add recipe
A header-only library for fast number parsing
An older version of this recipe is included in meta-oe, since fastfloat
is also used by libplacebo. If the recipe is accepted, I will send a patch for
removal there.
The reason why this is needed in oe-core is the upcoming vte release,
which uses fastfloat but pulls it as a wrap-based subproject by default.
Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 5 Mar 2025 21:00:30 +0000 (14:00 -0700)]
lib: sbom30: Add action statement for affected VEX statements
VEX Affected relationships have a mandatory action statement that
indicates the mitigation for a vulnerability. Since we don't track this
add a statement indicating that no mitigation is known.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove 0001-lavc-h264dsp-move-RISC-V-fn-pointers-to-.data.rel.ro.patch as it merged to 7.1.1
https://github.com/FFmpeg/FFmpeg/commit/4ea558152f05e41f15a548e2aab8e5d40546af5f
Wang Mingyu [Wed, 5 Mar 2025 03:49:12 +0000 (11:49 +0800)]
gi-docgen: upgrade 2024.1 -> 2025.3
Changelog:
=========
Added
------
Add layout for tablet portrait mode
Support static virtual methods
Changed
-------
Don't generate classes hierarchy if not needed
Improve copy buttons on narrow layouts
Fixed
-------
Only consider dot data processing fail if dot returns non-zero
Show non-standard instance parameters
Fix C declaration of structure fields
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building this recipe may fail on hosts with an old GnuTLS version,
like Ubuntu 20.04.6 LTS.
Add OLD_GNUTLS=1 to disable validation for this policy variant
that isn't needed anyway.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> Tested-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Tue, 4 Mar 2025 09:09:03 +0000 (17:09 +0800)]
python3-bcrypt: upgrade 4.2.1 -> 4.3.0
Changelog:
============
- Dropped support for Python 3.7.
- We now support free-threaded Python 3.13.
- We now support PyPy 3.11.
- We now publish wheels for free-threaded Python 3.13, for PyPy 3.11 on manylinux, and for ARMv7l on manylinux.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Tue, 4 Mar 2025 09:08:48 +0000 (17:08 +0800)]
fmt: upgrade 11.1.3 -> 11.1.4
Changelog:
===========
- Fixed ABI compatibility with earlier 11.x versions on Windows
- Improved the logic of switching between fixed and exponential format for float
- Moved is_compiled_string to the public API
- Simplified implementation of operator""_cf
- Fixed __builtin_strlen detection
- Fixed handling of BMI paths with the Ninja generator
- Fixed gcc 8.3 compile errors
- Fixed a bogus MSVC warning
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Tue, 4 Mar 2025 09:08:47 +0000 (17:08 +0800)]
dbus: upgrade 1.16.0 -> 1.16.2
Changelog:
===========
- The branch used for development releases has been renamed to 'main'.
- On Linux, fix build regression with libselinux >= 3.8 and verbose mode
enabled
- Documentation updates
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Tue, 4 Mar 2025 09:08:46 +0000 (17:08 +0800)]
bind: upgrade 9.20.5 -> 9.20.6
Changelog:
===========
New Features
--------------
- Adds support for EDE code 1 and 2.
- Add a rndc command to toggle jemalloc profiling.
- Add support for multiple extended DNS errors.
- Print the expiration time of the stale records.
Feature Changes
---------------
- Refactor reference counting in both QPDB and RBTDB.
- Shutdown the fetch context after canceling the last fetch.
Bug Fixes
----------
- Fix possible truncation in dns_keymgr_status()
- Recently expired records could be returned with timestamp in future.
- Yaml string not terminated in negative response in delv.
- Fix a bug in dnssec-signzone related to keys being offline.
- Apply the memory limit only to ADB database items.
- Avoid unnecessary locking in the zone/cache database.
- Fix EDE 22 time out detection.
- Split and simplify the use of EDE list implementation.
- Fix the cache findzonecut() implementation.
- DNSSEC EDE system tests on FIPS platform.
- Reduce the false sharing the dns_qpcache and dns_qpzone.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dan McGregor [Fri, 28 Feb 2025 20:32:06 +0000 (14:32 -0600)]
openssl-native(sdk): poision built in paths
Long ago, in the OpenSSL 1.1 days changing CFLAGS worked to override
hard-coded paths in the OpenSSL libraries. Even as far back as
kirkstone this was no longer working.
Override make variables instead to poision the paths that get built
into the native (and nativesdk) libraries so they become relocatable
again.
While here, remove the -isystem<foo> compiler argument from the compiler
command line stored in the library, just like we already remove the
prefix-map and sysroot arguments.
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Vijay Anusuri [Mon, 24 Feb 2025 06:30:37 +0000 (12:00 +0530)]
libtasn1: upgrade 4.19.0 -> 4.20.0
* Noteworthy changes in release 4.20.0 (2025-02-01) [stable]
- The release tarball is now reproducible.
- We publish a minimal source-only tarball generated by 'git archive'.
- Update gnulib files and various build/maintenance fixes.
- Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET
OF elements
License-Update: file COPYING.LESSER renamed to COPYING.LESSERv2 & Copyright year updated to 2025
Ross Burton [Mon, 3 Mar 2025 16:15:27 +0000 (16:15 +0000)]
systemd-serialgetty: use existing unit files in systemd
Now that systemd isn't deleting the serial-getty@.service unit template
files, we can simply symlink to the files provided by systemd instead of
shipping a copy of them in this recipe.
This ensures that the getty units triggered by the systemd are identical,
be them via SERIAL_CONSOLES or the generator.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 27 Feb 2025 15:35:34 +0000 (15:35 +0000)]
ltp: don't use host objcopy
The kernel/kvm test uses the host objcopy when building a payload, but
the host objcopy might not know how to deal with target binaries:
CC testcases/kernel/kvm/lib_host.o
objcopy: Unable to recognise the format of the input file `kvm_svm03-payload.elf'
make[3]: *** [ltp/testcases/kernel/kvm/Makefile:67: kvm_svm03-payload.o] Error 1
Solve this by using the host-prefixed objcopy binary.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Previously, download-ci-llvm was set to false. However, with the following commit:
https://github.com/rust-lang/rust/commit/7d579046c80d3de3143dcb8b2db5640f95b5383c ,
which has been present from rust_1.83, it was changed to true. As a result, after
updating to rust_1.83, we encountered the following error during the build:
-------------------------------------------------------------------------------
| thread 'main' panicked at src/core/config/config.rs:2047:13:
| setting build-target.llvm-config is incompatible with download-ci-llvm.
| note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
-------------------------------------------------------------------------------
To resolve this issue, we are setting download-ci-llvm back to false.
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rust stable version updated to 1.83.0.
https://blog.rust-lang.org/2024/11/28/Rust-1.83.0.html
Renamed and modified the below patch to adapt the new version.
rv32-cargo-rustix-0.38.34-fix.patch->rv32-cargo-rustix-0.38.37-fix.patch
Modified the below patches to adapt the new version.
repro-issue-fix-with-cc-crate-hashmap.patch
revert-link-std-statically-in-rustc_driver-feature.patch
Because of the following commit ,
https://github.com/rust-lang/rust/commit/68034f837a39387e49fc7d7c5b088f5372a1127e
when we enable lib32, getting build failure because there is a check for target
support for "-Zdual-proc-macros" flag not functioning properly when lib32 is
enabled in the build environment. So for now reverting this commit and bring
back the previous behavior, where the "-Zdual-proc-macros" flag is always
added for building proc macros, regardless of the target architecture's support.
This would bypass the check introduced in the patch, allowing the build to
proceed without error, even when building for a 64-bit architecture with lib32 enabled.
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 7 Jan 2025 14:18:12 +0000 (14:18 +0000)]
bitbake.conf: Start to separate out gcc related variable definitions
To be able to switch toolchains, we need to separate out the gcc definitions
into seperate include files. This patch starts that process. Whilst the
include is still hardcoded for now, it allows developers to start experimenting
with this locally more easily and stops people reinventing this patch. A
sample clang configuruation is also included which I was using for experimentation.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
