This is not a linux-yocto CVE yet it shows up in the reports as:
linux-yocto-custom CVE-2023-3079 0.0 8.8 Unpatched https://nvd.nist.gov/vuln/detail/CVE-2023-3079
For reference, the CPE says:
Affects cpe:2.3⭕linux:linux_kernel:-:*:*:*:*:*:*:*
So affects all Linux systems,
Running on/with cpe:2.3🅰️google:chrome:*:*:*:*:*:*:*:*
[ YOCTO #15780 ]
(From OE-Core rev: 22ef4d2d116afb9d603a05fb107dd9da0e74558b)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstream Makefile now supports installing the headers directly[1],
so use the target instead of calling install manually.
[1] e3962fea4e
(From OE-Core rev: 749de43ccc13488c0ec74e4a4257cc25cbf89370)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When using clang pass LLVM=y to makefile so it can select needed bits
using clang
(From OE-Core rev: 9f95660886db562669d064f380d963353eef524c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2025-47268
ping in iputils through 20240905 allows a denial of service (application
error or incorrect data collection) via a crafted ICMP Echo Reply
packet, because of a signed 64-bit integer overflow in timestamp
multiplication.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-47268
Patch from:
070cfacd73
(From OE-Core rev: a4a58d3f6cd49a54a8c271abaad8098958d4f27f)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen)
and memcpy(response+offset,*end,*rdlen) without a check for whether
the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be
larger than the amount of remaining packet data in the current state
of parsing. Values of stack memory locations may be sent over the
network in a response.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32366
Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4
(From OE-Core rev: 548eddd84f23c6cb0352b9a692144050da8ba37a)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to the version of patch that landed upstream
(From OE-Core rev: 916dceb531d4bf5a852864af30913c972ea31cf0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was added by me in below commit [1] to overcome a RISCV build failure
with gcc 13, the issue is gone with gcc-15
[1] https://git.yoctoproject.org/poky/commit/?id=4f09a93611134351381415d69228317d8a779014
(From OE-Core rev: 46a6fedf368c77a06d9a18d7c84a3f2e079c8f49)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Styhead is now EoL, let's remove it from the active releases.
(From yocto-docs rev: f2e3cf2637ce3ed3475faa472b134a29f019681b)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Generating SPDX is enabled by default in poky but
it can take a lot of build time resources so document
how to disable it.
(From yocto-docs rev: bcd58b7a9455fbb0ea5944089d663e327f0eb38f)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a section after the 'git format-patch' information encouraging developers
to add patch version changelogs to their patch updates.
(From yocto-docs rev: 2e3a37c4607b296956993e557d1786c4876e5722)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Since scarthgap [1], the default will be overridden when using
'systemd' as INIT_MANAGER. Reflect this in the documentation.
* The distro configuration is probably the better place for
customization, thus at least mention this together with the
local.conf.
* While at it, drop the probably redundant description on how to
override weak default variables.
The example on how to set "/root" is still given indirectly, anyway.
[1] ebafe463 ("systemd: upgrade to 255.1")
(From yocto-docs rev: 50e92009d309fc4ae406174feb8f6578142748cc)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The kernel-fitimage.bbclass uses the UBOOT_* variables. The SPL_*
variables are handled by uboot-sign.bbclass.
(From yocto-docs rev: 8ceffee908a039deb1021361faa7637e83ef26f3)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add placeholder files to be populated for the next 5.3 release.
Relevant section names from the previous 5.2 release migration
guide/release note have been left with their content empty.
(From yocto-docs rev: 2822bf71ee7cd2fa48f2f802eaab236538112d85)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Add the future "Whinlatter" (5.3) and "Wrynose" (6.0) releases.
- Make the "Walnascar" release a current release.
- Update the month in Current.
(From yocto-docs rev: 6d471e8483cc8d797eff7916120f91fab44487d1)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix links to files in git by adding a leading / to the path.
(From yocto-docs rev: 270cd833f7d680c6def21376c7ece488479023ed)
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The version has changed now (3.10.12 as of writing). Avoid having to
maintain this information by removing the version info from the intro.
Also fix a typo ("uses now uses") and give a link to yocto-autobuilder2.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 9a854a684623c449d8a9f4ac92516284818fba1a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
By switching from print() to bb.plain() to print failing task logs, we
allow them to be saved in BB_CONSOLELOG.
Fixes [YOCTO #15798]: This allows AB reproducibility test to save the
full log of the failing tasks and helps debugging.
(Bitbake rev: d3b3ad32da7c7ebf61814fc807f8667a37aa149b)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the fixtures generator table and update the fixtures removing
styhead and adding whinlatter.
(Bitbake rev: 72b1dee84df641cb24bc726f2dfe8f1cf1555247)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add failing tests to the list of broken tests for riscv64 so we can
then start running the working tests and spot regressions.
We can them aim to remove these over time as they start working.
(From OE-Core rev: 22736c5281892dcd6b2134c62f33ae13ed14650c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was one failure occurring in rust testing for qemuriscv64. Exclude
that test so we can enable in automated testing.
(From OE-Core rev: a7f6ea5b20aa91e4a1b00dbea7a6447effb9220d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
RISC-V multilib currently doesn't work at all. We could disable multilib for
the riscv platform but that would then behave differently to all our others.
Instead, copy the non-multilib config over the multilib config for now for
riscv, meaning we can keep the platforms similar.
This isn't quite enough as the triplet specific c++ headers are in the wrong
place leading to compiler issues and testimage failures. Work around that too
until someone adds full multilib support for the platform (if desired).
(From OE-Core rev: 3081f62c18fcee642ab43efa717c8f71d51ae587)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Handles CVE-2025-47203
SHA1 algorithms were removed by default, so patch for disabling it was
removed together with its package option. Doing it with conditional
patch was anyway a bad design. If someone still needs it, it should be
done via sed command on the config file.
Refreshed remaining patches.
Added patch to fix regression of the CVE fix.
(From OE-Core rev: c01205e7a4816d78e99d01f86a396ab23d9bde34)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Main download page is currently unavailable, switch to mirror listed in
README file of the dropbear repository and release tarballs.
(From OE-Core rev: 49e1947dfcb24afe6ffca129ce38602d3d6a6a64)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently there are two .map files being copied to $kerneldir/build.
One of the files is System.map and the other is
System.map-<kernel version>. Each .map file takes up about 5MB and
have identical sha256sum hashes. This change will make it so only
System.map-<kernel version> is copied in order to save disk space.
It also recreates System.map as a symlink to that .map file.
(From OE-Core rev: cc971fffb134aa6af9edeabb7a5f4143dee2151e)
Signed-off-by: Erick Shepherd <erick.shepherd@ni.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'mutter' requires the 'cvt' binary at compile time to build the native backend
For this it depends on xserver-xorg-cvt-native, which is currently broken and
also deprecated.
[https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/637]
This commit would allow to use libxcvt-native to provide the needed binary
instead.
(From OE-Core rev: 4b06a88a2c1cc704dad1aacfecc9bab662f3dc7d)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch is used for fixing:
| Makefile:3418: *** Recursive variable 'INSTALL' references itself (eventually). Stop.
Now the code and check and set that correctly:
if CROSS_COMPILING
cu_install_program = @INSTALL@
else
cu_install_program = src/ginstall
endif
So just drop the patch.
And also remove the ginstall hack to fix ptest case failure when single-binary
is enabled, I can't find the reason on why it was needed from git log.
Fixed:
install: missing file operand
Try 'install --help' for more information.
* Reproducer:
DISTRO_FEATURES:append = " ptest"
EXTRA_IMAGE_FEATURES:append = " ptest-pkgs"
IMAGE_INSTALL:append = " coreutils"
PACKAGECONFIG:append:pn-coreutils = " single-binary"
$ bitbake core-image-sato
$ runqemu tmp/deploy/images/qemux86-64/ nographic kvm
On target:
$ cd /usr/lib/coreutils/ptest
$ ./run-ptest
============================================================================
Testsuite summary for GNU coreutils 9.6
============================================================================
TOTAL: 655
PASS: 529
SKIP: 126
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0
============================================================================
make[1]: Leaving directory '/usr/lib/coreutils/ptest'
(From OE-Core rev: 8728815f74f73723e86ba25b56a66b3fb46d6596)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
/etc/os-release is a symlink to /usr/lib.
Symlink is retrieved as a dead link which points to nowhere if also the
original file is not accompanying it.
Fetch the real file in addition to this link.
Alternative could be to use "tar -h" (supported also by busybox tar),
however that could lose some important information if links are relevant
for failure analysis.
(From OE-Core rev: ed43f9ccb3c08845259e24440912631afd780d12)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some unit tests were previously marked as ignored due to failures in earlier
versions of Rust. With the upgrade to Rust 1.85.1, these tests are now passing
consistently. They've been re-enabled and verified to run successfully on the
latest version.
(From OE-Core rev: 56149c8c2108973666251e21609a7210a91984cf)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix sshd by ensuring the agent daemon is included.
Internally, this release is versioned as 10.0p2 but upstream don't plan to
change this or re-release.
(From OE-Core rev: 2a4dd93e98ca9e61644213aa00c1cb837fb27316)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The last user in OE-Core was gst-examples. This has been upgraded and the dependency
dropped, all other users can use libsoup3 instead. Therefore remove the obsolete and
deprecated version.
(From OE-Core rev: 94ebc5b798aed6eea642c5e2a4df24b386520636)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to the version from the gstreamer monorepo, bringing it back
into line with the other gstreamer revisions.
Drop the libsoup-2.4 dependency which disables the webrtc code, we
weren't building that anyway as it needs libnice enabled in
gstreamer-plugins-bad.
(From OE-Core rev: 446fadaa147be6656e37c612de772fa04607130f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the task dependency:
do_uboot_assemble_fitimage -> virtual/kernel:do_kernel_generate_rsa_keys
to ensure the kernel FIT image signing keys are available when creating
the U-Boot DTB. This is done only if the signing of the kernel FIT image
is enabled (UBOOT_SIGN_ENABLE="1").
The lack of the dependency causes build errors when executing a build
with no kernel FIT keys initially present in the keys directory. In such
cases one would see an output like this in the Bitbake logs:
Log data follows:
| DEBUG: Executing shell function do_uboot_assemble_fitimage
| Couldn't open RSA private key: '/workdir/build/keys/fit/dev.key': No such file or directory
| Failed to sign 'signature' signature node in 'conf-1' conf node
| FIT description: Kernel Image image with one or more FDT blobs
| ...
This issue was introduced by commit 259bfa86f384 where the dependency
between U-Boot and the kernel was removed (for good reasons). Before
that commit the dependency was set via DEPENDS so that, in terms of
tasks, one had:
u-boot:do_configure -> virtual/kernel:do_populate_sysroot
and the chain leading to the key generation was:
virtual/kernel:do_populate_sysroot -> virtual/kernel:do_install
virtual/kernel:do_install -> virtual/kernel:do_assemble_fitimage
virtual/kernel:do_assemble_fitimage -> virtual/kernel:do_kernel_generate_rsa_keys
With the removal of the first dependency, no more guarantees exist that
the keys would be present when assembling the U-Boot FIT image. That's
the situation we are solving with the present commit.
Fixes: 259bfa86f384 ("u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled")
(From OE-Core rev: 036f20156b3c7d0a8b912e90aa29a9b986106d5a)
Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Sean Anderson <sean.anderson@seco.com>
Cc: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In rpm-sequoia, some default paths in test code (OUT_DIR,
CARGO_MANIFEST_DIR) are invalid at runtime and cause test failures.
To fix this, patch the test code (symbols.rs) to support overriding these
paths via optional environment variables: FORCE_RUNTIME_PATH_LIB and
FORCE_RUNTIME_PATH_SRC.
Also make -ptest package RDEPEND on -dev package.
Tests take less than a second so this is added to PTEST_FAST.
ptest result:
|root@qemux86-64:~# ptest-runner rpm-sequoia
|START: ptest-runner
|2025-05-02T15:57
|BEGIN: /usr/lib/rpm-sequoia/ptest
|
|running 1 test
|test symbols ... ok
|
|test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
|
|running 2 tests
|test tests::merge_certs_mismatch ... ok
|test tests::merge_certs ... ok
|
|test result: ok. 2 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.01s
|
|DURATION: 0
|END: /usr/lib/rpm-sequoia/ptest
|2025-05-02T15:57
|STOP: ptest-runner
|TOTAL: 1 FAIL: 0
(From OE-Core rev: 16499cf903718e6bf022a13baa09df610cd43d62)
Signed-off-by: Ines KCHELFI <ines.kchelfi@smile.fr>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In testimage, the ptest-runner output parser expects test results to follow
a specific format,with lines beginning with PASS:, FAIL:, or SKIP:. ptest-cargo,
currently, does not emit any of those lines and the parser treats the test
section as having no results, causing a test failure with :
AssertionError:
ptests which had no test results:
['<package>']
This patch ensures that the recipes using ptest-cargo class explicitly emits
PASS: or FAIL: lines, making the results compatible with the test parser and
preventing test failures.
(From OE-Core rev: 6a9356346f13556a06d4a99bd7924992c7e29d66)
Signed-off-by: Ines KCHELFI <ines.kchelfi@smile.fr>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Many changes are included with this release, including support for
freethreading builds of CPython 3.13, cleanup of legacy code, and many
other features and bug fixes.
Changelog: https://github.com/cython/cython/blob/master/CHANGES.rst
Patch '0001-Output-import-relative-paths-in-generated-C-code.-GH.patch'
is included in 3.1.0, so we no longer need the backport:
|tgamblin@megalith ~/workspace/git/pythonsrc/cython (master)$ git tag --contains 20bceea6b19ffc2f65b9fba2e4f737f09e5a2b20
|3.1.0
|3.1.0-1
|3.1.0a1
|3.1.0b1
|3.1.0rc1
|3.1.0rc2
Reproducibility looks OK.
(From OE-Core rev: 26a73392524f648015d55bf421a9b1bf5ac0d955)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add logic to deduce compiler-rt target architecture based on tune
features
Cleanup the cmake options for native/nativesdk/target recipes
(From OE-Core rev: 579d4d85574624e39140fb74f6d37dcd7bf363a6)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Using target triple confuses the native system compiler to find
libgcc and C runtime during compiler-rt-native build
Fixes
| /home/khem/yoe/build/tmp/hosttools/ld: cannot find crtbeginS.o: No such file or directory
| /home/khem/yoe/build/tmp/hosttools/ld: cannot find -lgcc: No such file or directory
| /home/khem/yoe/build/tmp/hosttools/ld: cannot find -lgcc_s: No such file or directory
| clang: error: linker command failed with exit code 1 (use -v to see invocation)
| ninja: build stopped: subcommand failed.
(From OE-Core rev: 1d4676d6b7c0fe40ab4f808dda436dc2f2915fd8)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
arm architecture < v6 does not have the dmb support, therefore do
not add the sync primitives to compiler-rt builtins build
(From OE-Core rev: e1b143860b221600f7dab5c08e5b187aefb851dd)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
COMPILER_RT_DEFAULT_TARGET_ARCH is not 1 to 1 match with HOST_ARCH
especially for armv5/arm4
(From OE-Core rev: 71f7db2e5d264bc6ed50fae48567ae674af9a700)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
