<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/git, branch yocto-5.0.14</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-5.0.14</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-5.0.14'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-09-22T20:17:52+00:00</updated>
<entry>
<title>buildtools-tarball: fix unbound variable issues under 'set -u'</title>
<updated>2025-09-22T20:17:52+00:00</updated>
<author>
<name>Haixiao Yan</name>
<email>haixiao.yan.cn@windriver.com</email>
</author>
<published>2025-09-16T13:19:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e3ce89324da1e33c17c9180ef846f41d92616254'/>
<id>urn:sha1:e3ce89324da1e33c17c9180ef846f41d92616254</id>
<content type='text'>
When Bash runs with 'set -u' (nounset), accessing an unset variable
directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound variable"
error. As a result, the fallback logic to set SSL_CERT_FILE/SSL_CERT_DIR
is never triggered and the script aborts.

The current code assumes these variables may be unset or empty, but does
not guard against 'set -u'. This breaks builds in stricter shell
environments or when users explicitly enable 'set -u'.

Fix this by using parameter expansion with a default value, e.g.
"${SSL_CERT_FILE:-}", so that unset variables are treated as empty
strings. This preserves the intended logic (respect host env first, then
CAFILE/CAPATH, then buildtools defaults) and makes the script robust
under 'set -u'.

(From OE-Core rev: 4cf131ebd157b79226533b5a5074691dd0e1a4ab)

Signed-off-by: Haixiao Yan &lt;haixiao.yan.cn@windriver.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 4d880c2eccd534133a2a4e6579d955605c0956ec)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: fix build with gcc-15 on host</title>
<updated>2025-09-01T15:30:56+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>martin.jansa@gmail.com</email>
</author>
<published>2025-08-21T10:58:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=38b5ba89e600455018f902edaa4ecfec6c4d68c7'/>
<id>urn:sha1:38b5ba89e600455018f902edaa4ecfec6c4d68c7</id>
<content type='text'>
(From OE-Core rev: a534cf958f9c7d05af795def43ee5ba09fb34ca2)

Signed-off-by: Martin Jansa &lt;martin.jansa@gmail.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: Upgrade 2.44.3 -&gt; 2.44.4</title>
<updated>2025-07-21T16:07:22+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-07-10T13:01:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9302874dda3c9e54b31340eb45e208d8ea5dbc44'/>
<id>urn:sha1:9302874dda3c9e54b31340eb45e208d8ea5dbc44</id>
<content type='text'>
Addresses the security issues - CVE-2025-27613, CVE-2025-27614, CVE-2025-46334,
CVE-2025-46835, CVE-2025-48384, CVE-2025-48385, and CVE-2025-48386.

Release Notes:
https://github.com/git/git/blob/v2.44.4/Documentation/RelNotes/2.44.4.txt

(From OE-Core rev: 3a9fdcb2ea0dd2744f59a62f2722bfa276302324)

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>buildtools-tarball: Make buildtools respects host CA certificates</title>
<updated>2025-05-02T15:20:12+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2025-04-28T05:53:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=18206fc2dba1684bc96efecf95c65450f9577203'/>
<id>urn:sha1:18206fc2dba1684bc96efecf95c65450f9577203</id>
<content type='text'>
To adapt user network enviroment, buildtools should first try to use
the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these
envs is not set, then use the auto-detected ca file and ca path, and
finally use the CA certificates in buildtools.

nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work

nativesdk-curl don't set default ca file, need
SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work

nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO
also works

nativesdk-python3-requests will use cacert.pem under python module certifi by
default, need to set REQUESTS_CA_BUNDLE

(From OE-Core rev: 0653b96bac6d0800dc5154557706a323418808be)

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS</title>
<updated>2025-05-02T15:20:12+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2025-04-28T05:53:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=397d432a62c265f481cf1ac4d9c760504d9eb9f5'/>
<id>urn:sha1:397d432a62c265f481cf1ac4d9c760504d9eb9f5</id>
<content type='text'>
Here is one testcase:
For recipe tensorflow-lite-host-tools_2.18.0.bb, refer [1],
do_configure[network] = "1"
and it will git clone some repos in CMakeLists.txt

When buildtools is used and nativesdk-git is installed into sdk,
do_configure failed with error:
[1/9] Performing download step (git clone) for 'protobuf-populate'
Cloning into 'protobuf'...
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt

Fix by adding GIT_SSL_CAINFO in BB_ENV_PASSTHROUGH_ADDITIONS, so that
user can export GIT_SSL_CAINFO=${GIT_SSL_CAINFO} in their
do_configure:prepend() to fix above do_configure failure

CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE is similar envvars, so all add
into BB_ENV_PASSTHROUGH_ADDITIONS

[1] https://github.com/nxp-imx/meta-imx/blob/styhead-6.12.3-1.0.0/meta-imx-ml/recipes-libraries/tensorflow-lite/tensorflow-lite-host-tools_2.18.0.bb

(From OE-Core rev: 27f018d8e8ace97d0b1cdfb8782a2a7a0a319816)

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>buildtools-tarball: move setting of envvars to respective envfile</title>
<updated>2025-05-02T15:20:12+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2025-04-28T05:53:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2e0b9e9a86f6bd2ba13082e31d7c097b254f30a4'/>
<id>urn:sha1:2e0b9e9a86f6bd2ba13082e31d7c097b254f30a4</id>
<content type='text'>
* make git,curl,python3-requests align with openssl, move the setting of
  envvars into respective envfile
* for environment.d-openssl.sh, also check if ca-certificates.crt exist
  before export envvars

(From OE-Core rev: 5f4fd544d3df7365224599c9efdce4e545f51d5e)

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: Upgrade 2.44.1 -&gt; 2.44.3</title>
<updated>2025-05-02T15:20:11+00:00</updated>
<author>
<name>Soumya Sambu</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2025-04-23T05:02:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=378e5c8dc26a5631f9ba7cd9d0e776a56cd4598a'/>
<id>urn:sha1:378e5c8dc26a5631f9ba7cd9d0e776a56cd4598a</id>
<content type='text'>
Addresses the security issues - CVE-2024-50349 and CVE-2024-52006

Release Notes:
https://github.com/git/git/blob/v2.44.3/Documentation/RelNotes/2.44.3.txt

(From OE-Core rev: f4f7a3af706bd6923362633a56423526a5264c6c)

Signed-off-by: Soumya Sambu &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: upgrade 2.44.0 -&gt; 2.44.1</title>
<updated>2024-06-14T12:19:22+00:00</updated>
<author>
<name>Soumya Sambu</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2024-05-17T07:55:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=463ef7f61803b4902925e146ceed7c6bff057095'/>
<id>urn:sha1:463ef7f61803b4902925e146ceed7c6bff057095</id>
<content type='text'>
Addresses the security issues - CVE-2024-32002, CVE-2024-32004,
CVE-2024-32020,CVE-2024-32021 and CVE-2024-32465

Changelog:
==========
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.1.txt

(From OE-Core rev: 3a7ef46ebaf8d4b470ef5b6803dc3b76c22a97c2)

Signed-off-by: Soumya Sambu &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 767f9515013790c9a6b945fae9de03c9e5b89b80)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: set --with-gitconfig=/etc/gitconfig for -native builds</title>
<updated>2024-06-05T12:57:12+00:00</updated>
<author>
<name>Rasmus Villemoes</name>
<email>rasmus.villemoes@prevas.dk</email>
</author>
<published>2024-05-30T12:34:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ae6cebca5bac9521230c69fed23b375d0de7f5f6'/>
<id>urn:sha1:ae6cebca5bac9521230c69fed23b375d0de7f5f6</id>
<content type='text'>
Commit 6c2ae2346db0 (kern-tools: depend on git-replacement-native)
broke our kernel builds. For saving space and time, we have a DL_DIR
shared between multiple users/buildbots, not all of which run with the
same uid (and with appropriate sticky bits set so that files
downloaded by one user become owned by a common group and are readable
by others). This works fine also for git sources because the docker
images we use all have a /etc/gitconfig with

  [safe]
    directory = *

But with the mentioned commit, the host's git is no longer used for
do_unpack (nor for do_fetch if re-building and sysroot has already
been populated by a previous build), causing spurious "fatal: detected
dubious ownership..." failures.

Currently, the path where the git-native binary searches for system
gitconfig is the sysroot from it was built, which obviously doesn't
contain a /etc/gitconfig. As for the nativesdk variant, respect the
host's /etc/gitconfig if present.

(From OE-Core rev: a3f5ac9f9fee2c8e10fec7c3f758e49513fef724)

Signed-off-by: Rasmus Villemoes &lt;rasmus.villemoes@prevas.dk&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 572f511f7ff02fb559ac42d2d5dbd09fec478d97)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: git-replacement-native: depend on ca-certificate</title>
<updated>2024-03-18T12:21:45+00:00</updated>
<author>
<name>Max Krummenacher</name>
<email>max.krummenacher@toradex.com</email>
</author>
<published>2024-03-11T14:37:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=421083c46c97bf758496b8c58402aea5d74aa097'/>
<id>urn:sha1:421083c46c97bf758496b8c58402aea5d74aa097</id>
<content type='text'>
git is delegating webacces for URLs using TLS to libcurl.
However our native libcurl build does not find a ca-certificate.crt
unless its curl-native work dir still exists and thus git will
fail.
If a recipe uses AUTOREV with a git repo using https as its protocol
parsing of that recipe will fail fetching the latest HEAD.

Fix that by depending on ca-certificate and give its location
to libcurl via git's envrironment variable GIT_SSL_CAINFO.

(From OE-Core rev: 2e99ffda70fd95b5eab3de47048032349cd66f4b)

Signed-off-by: Max Krummenacher &lt;max.krummenacher@toradex.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
