<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-core, branch walnascar</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=walnascar</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=walnascar'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-09-25T19:29:56+00:00</updated>
<entry>
<title>build-appliance-image: Update to walnascar head revision</title>
<updated>2025-09-25T19:29:56+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2025-09-25T19:27:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d0b46a6624ec9c61c47270745dd0b2d5abbe6ac1'/>
<id>urn:sha1:d0b46a6624ec9c61c47270745dd0b2d5abbe6ac1</id>
<content type='text'>
(From OE-Core rev: ff1c54df4e7b15df2e2c9fced59d9ad3e92ed565)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>expat: upgrade to 2.7.2</title>
<updated>2025-09-25T19:25:51+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2025-09-24T08:26:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a811f299f54b152fe798361ed139c851aab4367e'/>
<id>urn:sha1:a811f299f54b152fe798361ed139c851aab4367e</id>
<content type='text'>
Primarily to fix CVE-2025-59375 (Disallow use of disproportional amounts
of dynamic memory from within an Expat parser) but the full list of
changes are available:

https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes

(From OE-Core rev: fbe5f76ba6af0983cd90a05d4077e453e2ebb475)

(From OE-Core rev: 924d83d081ab69a111961be447c5fe7c55bc23df)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Yogita Urade &lt;yogita.urade@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>systemd-systemctl-native: Install systemd-sysv-install</title>
<updated>2025-09-22T19:21:23+00:00</updated>
<author>
<name>Peter Kjellerstedt</name>
<email>pkj@axis.com</email>
</author>
<published>2025-09-12T15:57:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3d625d826352fd34aca4c6f44f9b7ab73dc1912a'/>
<id>urn:sha1:3d625d826352fd34aca4c6f44f9b7ab73dc1912a</id>
<content type='text'>
It is needed when support for both systemd and sysvinit are enabled.

This also adds a patch for systemctl to call systemd-sysv-install
without a hardcoded path and instead relies on finding it in $PATH. This
is needed when calling systemctl from a recipe sysroot.

(From OE-Core rev: 8d0eb4ff49801aabb73e4fa28ffe12ab10beb32b)

Signed-off-by: Peter Kjellerstedt &lt;peter.kjellerstedt@axis.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>systemd-systemctl-native: Use += instead of :append</title>
<updated>2025-09-22T19:21:23+00:00</updated>
<author>
<name>Peter Kjellerstedt</name>
<email>peter.kjellerstedt@axis.com</email>
</author>
<published>2025-09-12T15:57:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ef043f337c3f97c34690f61b57c4615ce187482d'/>
<id>urn:sha1:ef043f337c3f97c34690f61b57c4615ce187482d</id>
<content type='text'>
There is no reason to use EXTRA_OEMESON:append when += will do.

(From OE-Core rev: d3c754dae42dcd68274711c9da3def3621d55634)

Signed-off-by: Peter Kjellerstedt &lt;peter.kjellerstedt@axis.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>cve-update-db-native: fix fetcher for CVEs missing nodes</title>
<updated>2025-08-29T17:02:59+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-08-24T14:12:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=390a7748544413b9281fbbf645a45d5e44794374'/>
<id>urn:sha1:390a7748544413b9281fbbf645a45d5e44794374</id>
<content type='text'>
As of now, update of CVE DB from FKIE source (which is the defailt)
fails with following error:

File: '&lt;build&gt;/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 393, function: update_db_fkie
     0389:                [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
     0390:
     0391:        for config in elt['configurations']:
     0392:            # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
 *** 0393:            for node in config["nodes"]:
     0394:                parse_node_and_insert(conn, node, cveId, False)
     0395:
     0396:def update_db(d, conn, jsondata):
     0397:    if (d.getVar("NVD_DB_VERSION") == "FKIE"):
Exception: KeyError: 'nodes'

Entry for new CVE-2025-32915 is broken.

(From OE-Core rev: 5bc27449381d2a53588dc7ad1fe2b78783d5c240)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>glib-2.0: patch CVE-2025-6052</title>
<updated>2025-08-26T13:33:14+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-08-18T19:58:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=c00fb3ce449d30ba497e44e6b70a8ff175d1284d'/>
<id>urn:sha1:c00fb3ce449d30ba497e44e6b70a8ff175d1284d</id>
<content type='text'>
Backport commits from [1] which references this CVE.

[1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4681

(From OE-Core rev: a96c84cb861cb550ddcabd2396a74b00f0035ba4)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>glib-2.0: update 2.84.2 -&gt; 2.84.4</title>
<updated>2025-08-26T13:33:14+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-08-18T19:58:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d2cf21799c64d4465711669e1432cf729b1dcc57'/>
<id>urn:sha1:d2cf21799c64d4465711669e1432cf729b1dcc57</id>
<content type='text'>
Overview of changes in GLib 2.84.4, 2025-08-08
==============================================
* Bugs fixed:
  - #3716 (CVE-2025-7039) (#YWH-PGM9867-104) Buffer Under-read on GLib through
    glib/gfileutils.c via get_tmp_file() (Michael Catanzaro)
  - #3721 GFile leak in g_local_file_set_display_name during error handling
    (Philip Withnall, Michael Catanzaro)
  - !4668 Backport !4667 “Incorrect output parameter handling in closure helper
    of g_settings_bind_with_mapping_closures” to glib-2-84
  - !4675 Backport !4674 “gfileutils: fix computation of temporary file name” to
    glib-2-84
  - !4679 Backport !4677 and !4678 “Fix GFile leak in
    g_local_file_set_display_name()” to glib-2-84
  - !4697 Backport !4696 “gthreadpool: Catch pool_spawner creation failure” to
    glib-2-84
  - !4705 Backport !4702 “gio/filenamecompleter: Fix leaks” to glib-2-84
  - !4711 Backport !4708 “gfilenamecompleter: Fix g_object_unref() of undefined
    value” to glib-2-84

Overview of changes in GLib 2.84.3, 2025-06-13
==============================================
* Bugs fixed:
  - !4656 Backport !4655 “gstring: Fix overflow check when expanding the string”
    to glib-2-84

!4656 solves first half of CVE-2025-6052

(From OE-Core rev: 8d5df566ef2c3d342ca0eb2421b4a583b02969da)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>glib-2.0: update 2.84.1 -&gt; 2.84.2</title>
<updated>2025-08-26T13:33:14+00:00</updated>
<author>
<name>Praveen Kumar</name>
<email>praveen.kumar@windriver.com</email>
</author>
<published>2025-08-18T19:58:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=dddd1ac1a4722606cfd6ccde07bda3ac93fcb78d'/>
<id>urn:sha1:dddd1ac1a4722606cfd6ccde07bda3ac93fcb78d</id>
<content type='text'>
Overview of changes in GLib 2.84.2, 2025-05-20
==============================================

* Bugs fixed:
  - !4576 Backport !4575 “gclosure: fix ATOMIC_CHANGE_FIELD to read vint
    atomically” to glib-2-84
  - !4595 Backport !4582 “Windows: fix wrong typelib path” to glib-2-84
  - !4614 Backport "gstring: carefully handle gssize parameters"
  - !4616 Backport !4613 “Update macOS job for new CI runner” to glib-2-84
  - !4623 Backport !4617 “gdate: Call tzset before localtime_r” to glib-2-84
  - !4639 Backport -Wsign-conversion fixes for g_get_locale_variants() from
    !4590 to glib-2-84
  - !4640 Backport !4620 “glocalfile: Disable faccessat()-based query_exists on
    Android” to glib-2-84

(From OE-Core rev: 3deb6b59f3fa91d4fa755f49dad4ac62c3a518fb)

(From OE-Core rev: 45419176357954027607c7f92fd5ad11b5e87a42)

Signed-off-by: Praveen Kumar &lt;praveen.kumar@windriver.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>glib-2.0: update 2.84.0 -&gt; 2.84.1</title>
<updated>2025-08-26T13:33:14+00:00</updated>
<author>
<name>Markus Volk</name>
<email>f_l_k@t-online.de</email>
</author>
<published>2025-08-18T19:58:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=abd47e5eeec8e104aa7e4be30ee5b79c3546256f'/>
<id>urn:sha1:abd47e5eeec8e104aa7e4be30ee5b79c3546256f</id>
<content type='text'>
- remove backport patch

Overview of changes in GLib 2.84.1, 2025-04-03
==============================================

* Fix test failure when building against gobject-introspection ≥1.83.4 (#3634,
  work by Philip Withnall)

* Bugs fixed:
  - #3630 2.84.0 build failure on Linux: ../gio/gnetworkmonitornetlink.c:47:10:
    fatal error: netlink/netlink_route.h: No such file or directory (Philip
    Withnall)
  - #3634 test failure with gobject-introspection 1.83.4: warning: element
    doc:format from state 3 is unknown, ignoring (Philip Withnall)
  - #3636 gio/trash does not handle special characters well
  - #3642 `g_cancellable_connect()` documentation incorrect (Marco Trevisan
    (Treviño))
  - #3643 g_cancellable_connect(): is it safe to unref cancellable from
    callback? (Marco Trevisan (Treviño))
  - #3649 Crash with some registry key values in GWin32AppInfo (Philip Withnall)
  - !4484 Memory sanitizer fixes
  - !4489 gobject: Be consistent in using atomic logic to handle the
    GParamSpecPool
  - !4541 gsettings: Port docs to gi-docgen format, add missing annotations and
    make various improvements
  - !4544 tests: Don't install runner scripts without installed_tests
  - !4545 Update French translation
  - !4547 Update Catalan translation
  - !4548 Update Turkish translation
  - !4551 Updated Danish translation
  - !4552 Update Persian translation
  - !4553 docs: Document GSignalFlags members added after 2.0
  - !4554 Update Indonesian translation
  - !4555 tests: Add a test for g_object_freeze_notify() being called too often
  - !4557 gfileinfo: Slightly expand docs for
    g_file_info_get_attribute_as_string()
  - !4558 gi: Dynamically set doc-format
  - !4561 tests: Various fixes to create temporary files in /tmp rather than the
    build directory
  - !4562 gdbusnameowning: Convert docs to gi-docgen linking syntax
  - !4563 giounix-private: Fix macro for checking for epoll_create1()
  - !4565 Fix LGPL in header
  - !4567 gutils: make documentation of g_set_prgname() clearer
  - !4568 docs: Add some detail
  - !4569 Update Romanian translation
  - !4570 gspawn-win32: Fix potential integer overflows in argv handling
  - !4571 gvarianttype: Improve docs on type validation

* Translation updates:
  - Catalan (Jordi Mas)
  - Danish (Ask Hjorth Larsen)
  - French (Vincent Chatelain)
  - Indonesian (Andika Triwidada)
  - Persian (Danial Behzadi)
  - Romanian (Antonio Marin)
  - Turkish (Sabri Ünal)

(From OE-Core rev: 676b9acbe94f055a351da3bdcfbe457411e1877c)

(From OE-Core rev: d818b5952001bacd4dbb24ea475df33e50bc1b53)

Signed-off-by: Markus Volk &lt;f_l_k@t-online.de&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;

This upgrade fixes CVE-2025-4056

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>build-appliance-image: Update to walnascar head revision</title>
<updated>2025-08-15T16:11:26+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2025-08-15T16:08:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=db04028d9070f05c3b5dee728473fb234bd24f05'/>
<id>urn:sha1:db04028d9070f05c3b5dee728473fb234bd24f05</id>
<content type='text'>
(From OE-Core rev: 347cb0861dde58613541ce692778f907943a60ea)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
</feed>
