Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-5.0.18 2026-05-15T12:26:28+00:00 2026-05-15T12:26:28+00:00 Paul Barker paul@pbarker.dev 2026-05-15T12:25:33+00:00 urn:sha1:44dcf08572ce391d7c0df4f8c7510af5e096baca (From OE-Core rev: ece80784b493c8b7493478fa2ba0dc1d6d80aa79) Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-15T12:22:43+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2026-04-08T06:28:41+00:00 urn:sha1:3a813d72a872c2ab2b7f02035a73ae3def21f565 Two of the tests were still using git protocol to access git services. For the submodule test, the upstream repo has been updated. In the other case, we need to pass the correct command to the manual git commandline, we can't use a recipe url that previously just happened to work. (Bitbake rev: 82abbfcdbda949851a03bb2cb2049ea689564ad6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5d722b5d65e4eef7befe6376983385421e993f86) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-15T12:22:43+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2026-05-13T13:40:18+00:00 urn:sha1:374eec6e05b7158e02df3fe213eb8cd904ab319d We create a temporary directory for holding a clone but we never clean it up. Fix this by using a context manager areound the temporary directory. This resolves a buildup of tmp directories in DL_DIR in builds. (Bitbake rev: 1a62878a790ed9630d5ca2fa099d1604540e153a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-12T20:57:31+00:00 Paul Barker paul@pbarker.dev 2026-05-12T20:55:26+00:00 urn:sha1:db668121d98162b8ad196ba6d8637f8330a1787d (From OE-Core rev: 5cac91ecea8720e38a2384a8c5873da3392aabb2) Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-12T20:48:34+00:00 Paul Barker paul@pbarker.dev 2026-05-12T20:46:49+00:00 urn:sha1:935d78df65feaaec593ed6b39015e698a0a114a5 (From meta-yocto rev: ca5a51aadaf651881d640688dc3e1e123aa30bf6) Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-12T20:31:34+00:00 Ivan Nestlerode ivan.nestlerode@sonos.com 2026-05-04T21:28:43+00:00 urn:sha1:3acfc1acbda8b087034470b372cd5fdb9527e60a Fixes [YOCTO #16265] The glibc recipe is supposed to be building with --enable-stack-protector=strong, but some CACHED_CONFIGVARS values are actually breaking this, causing glibc to be built with no stack protector at all. Remove these CACHED_CONFIGVARS values so that stack protector support is detected properly in do_configure and then enabled properly during do_compile. Full details are here: https://bugzilla.yoctoproject.org/show_bug.cgi?id=16265 (From OE-Core rev: 7952d214393b6c5230ba115f63b6f6d245a728bc) Signed-off-by: Ivan Nestlerode <ivan.nestlerode@sonos.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 43f0602ede37428f3c35cf665bba934b84355240) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-12T20:31:34+00:00 Moritz Haase Moritz.Haase@bmw.de 2026-05-07T05:38:48+00:00 urn:sha1:2b973b7b2e2efcfe78372eedab517faaee325d54 This stops 'devtool modify foo' from failing with an error message like ERROR: Execution of 'git -c user.name=\"OpenEmbedded\" -c user.email=\"oe.patch@oe\" commit -q -m "Initial commit from upstream at version 1.90.0"' failed with exit code 128: error: cannot run ssh-keygen: No such file or directory error: fatal: failed to write commit object when GPG signing is enabled in the git configuration. (cherry picked from commit b5c84b07b87eafb4f68f7662b6cf26d8b73e3247) (From OE-Core rev: bbe0df71933174d8becc52184cd235277f10a141) Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-12T20:31:34+00:00 Hitendra Prajapati hprajapati@mvista.com 2026-05-07T05:29:33+00:00 urn:sha1:f734bc2352972eda8fced66e66eafdfab40a6266 Pick patch from [1] also mentioned at NVD report in [2] [1] https://www.openwall.com/lists/oss-security/2026/03/13/1 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-32772 [3] https://cgit.git.savannah.gnu.org/cgit/inetutils.git/patch/?id=d6b8b83aa51616946fd314bc48087312d13c99f8 [4] https://security-tracker.debian.org/tracker/CVE-2026-32772 (From OE-Core rev: 02b29ddc66956c83af2702bbf0fcd4985c00fa68) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> [YC: NEWS diff in [3] links to [1]] Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-12T20:31:34+00:00 Peter Marko peter.marko@siemens.com 2026-05-05T20:52:01+00:00 urn:sha1:b51cc5936235ca22a0305e368f1fdf587c5be150 This removes rust uutils coreutils CVEs from reports. Comparing sbom-cve-check shows that only CVE-2026-35338..CVE-2026-35381 are removed and all of them contained reference to uutils. (From OE-Core rev: 348391ccf91ac474252f75a5679fc42505faa54d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: 5c39687f62e5864ea783cbed497c2eb5387dcf96) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-05-12T20:31:34+00:00 Hitendra Prajapati hprajapati@mvista.com 2026-05-04T13:11:45+00:00 urn:sha1:9ed096d15fdb79205a9fac5f56bd770da1bbb99f Pick patch from [1] also mentioned at Debian report in [2] [1] https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69 [2] https://security-tracker.debian.org/tracker/CVE-2026-35535 [3] https://nvd.nist.gov/vuln/detail/CVE-2026-35535 (From OE-Core rev: ddf8325a5b791dfcb0fdf129274deea8ad7eb90a) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>