<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools, branch styhead-5.1.3</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=styhead-5.1.3</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=styhead-5.1.3'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-02-14T15:49:10+00:00</updated>
<entry>
<title>go: upgrade 1.22.11 -&gt; 1.22.12</title>
<updated>2025-02-14T15:49:10+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-02-10T18:14:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b17d4e97e76628b21c3083a5531c0188a57323cf'/>
<id>urn:sha1:b17d4e97e76628b21c3083a5531c0188a57323cf</id>
<content type='text'>
Upgrade to latest 1.22.x release [1]:

$ git --no-pager log --oneline go1.22.11..go1.22.12
5817e65094 (tag: go1.22.12) [release-branch.go1.22] go1.22.12
0cc45e7ca6 [release-branch.go1.22] crypto/internal/fips140/nistec: make p256NegCond constant time on ppc64le
c3c6a50095 [release-branch.go1.22] cmd/go/internal/modfetch: do not trust server to send all tags in shallow fetch
e0a01acd04 [release-branch.go1.22] cmd/compile: fix write barrier coalescing

Fixes CVE-2025-22866

[1] https://github.com/golang/go/compare/go1.22.11...go1.22.12

(From OE-Core rev: 423ad5a67768738dac454b1e2aa27746f74511c5)

(From OE-Core rev: ce999920af8c8ac6ce4c3f37edae348919e8a13b)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>python3: upgrade 3.12.8 -&gt; 3.12.9</title>
<updated>2025-02-14T15:49:09+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-02-08T23:23:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=61e2aebcb5efc5daa57a82d76550b4022342a6dd'/>
<id>urn:sha1:61e2aebcb5efc5daa57a82d76550b4022342a6dd</id>
<content type='text'>
Release notes:
https://docs.python.org/release/3.12.9/whatsnew/changelog.html#python-3-12-9

Solves CVE-2025-0938, CVE-2024-12254 and 3 other vulnerabilities without
CVE number assigment.

Add a patch to fix failure of a new test.

(From OE-Core rev: cb0187ed2962e4c140c4f59ce08f94b18b05004c)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>libxml-parser-perl: correct SRC_URI</title>
<updated>2025-02-12T14:29:34+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex@linutronix.de</email>
</author>
<published>2024-11-25T12:01:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d78b78df916d3b46727fc6a21e35a2d3aa60e18b'/>
<id>urn:sha1:d78b78df916d3b46727fc6a21e35a2d3aa60e18b</id>
<content type='text'>
(From OE-Core rev: d2a7186bfc819cc52901b8cf8086d53342586a60)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit b3e44bbf9972968076f06ecac027bd7a2f3fe781)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>go: upgrade 1.22.10 -&gt; 1.22.11</title>
<updated>2025-02-03T14:24:37+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-01-28T18:39:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=281e96aaecffb132f994266ede58cd0dc78a33ad'/>
<id>urn:sha1:281e96aaecffb132f994266ede58cd0dc78a33ad</id>
<content type='text'>
Upgrade to latest 1.22.x release [1]:

$ git --no-pager log --oneline go1.22.10..go1.22.11
f072884354 (tag: go1.22.11) [release-branch.go1.22] go1.22.11
b72d56f98d [release-branch.go1.22] net/http: persist header stripping across repeated redirects
19d2103415 [release-branch.go1.22] crypto/x509: properly check for IPv6 hosts in URIs
ae9996f965 [release-branch.go1.22] runtime: hold traceAcquire across casgstatus in injectglist
223260bc63 [release-branch.go1.22] crypto/tls: fix Config.Time in tests using expired certificates

Fixes CVE-2024-45336 and CVE-2024-45341

[1] https://github.com/golang/go/compare/go1.22.10...go1.22.11

(From OE-Core rev: 4589986602319f9ed61e381b333bb53b731eb8d8)

(From OE-Core rev: 622f866e00c0c3bdc80670df04378cb49381ea9c)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>go: upgrade 1.22.9 -&gt; 1.22.10</title>
<updated>2025-02-03T14:24:37+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-01-28T18:39:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ec14a3ed28bbc10bc9b7378da65f4e9137ee60fb'/>
<id>urn:sha1:ec14a3ed28bbc10bc9b7378da65f4e9137ee60fb</id>
<content type='text'>
Upgrade to latest 1.22.x release [1]:

$ git --no-pager log --oneline go1.22.9..go1.22.10
8f3f22eef8 (tag: go1.22.10) [release-branch.go1.22] go1.22.10
6d7a95abca [release-branch.go1.22] runtime: reserve 4kB for system stack on windows-386
6f05fa7a4f [release-branch.go1.22] syscall: mark SyscallN as noescape
3355db9690 [release-branch.go1.22] time: accept "+01" in TestLoadFixed on OpenBSD

[1] https://github.com/golang/go/compare/go1.22.9...go1.22.10

(From OE-Core rev: e357c93b39df938dc36195dbd779a58b2951b8e6)

(From OE-Core rev: d723fa3573d02cc815ad9706aafd7510eb54eac6)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>go: upgrade 1.22.8 -&gt; 1.22.9</title>
<updated>2025-02-03T14:24:37+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-01-28T18:39:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b0df688b3c4ebaadb523654229909f89a94cbab9'/>
<id>urn:sha1:b0df688b3c4ebaadb523654229909f89a94cbab9</id>
<content type='text'>
Upgrade to latest 1.22.x release [1]:

$ git --no-pager log --oneline go1.22.8..go1.22.9
8af39d30a4 (tag: go1.22.9) [release-branch.go1.22] go1.22.9
c19e5887f4 [release-branch.go1.22] cmd/cgo/internal/testcarchive: remove 1-minute timeout
e3fd4ba7f9 [release-branch.go1.22] cmd/link: generate Mach-O UUID when -B flag is specified
29252e4c5a [release-branch.go1.22] runtime: fix TestGdbAutotmpTypes on gdb version 15

[1] https://github.com/golang/go/compare/go1.22.8...go1.22.9

(From OE-Core rev: 4f2f202506bcefb4d6c46a11738e159e261a4a4b)

(From OE-Core rev: 3425dd4ba1723fb9c660b3941fd92209c3141dd3)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture</title>
<updated>2025-01-29T14:20:43+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2025-01-10T13:01:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=dbb36a45f03af8b78073db1de1da908f8f9397b0'/>
<id>urn:sha1:dbb36a45f03af8b78073db1de1da908f8f9397b0</id>
<content type='text'>
Using the package architecture to select the right qemu options to pass
to qemu-user is incorrect, and fails for recipes that set PACKAGE_ARCH
to MACHINE_ARCH (as the qemuppc workarounds suggest) because there are
not typically any options set for the machine name.

Solve this by using TUNE_PKGARCH instead: for the majority of recipes
this is the same value, but for machine-specific recipes it remains the
same instead of changing to the machine name.

This means we can remove the qemuppc workarounds, as they're obsolete.

Also update the gcc-testsuite recipe which uses the same pattern to use
TUNE_PKGARCH, and generalise the else codepath to avoid needing to
update the list of architectures.

[ YOCTO #15647 ]

(From OE-Core rev: 6db23345fd653aa0b4e483d2635376dfe7bed3cd)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 414b754a6cbb9cc354b1180efd5c3329568a2537)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>binutils: stable 2.43.1 branch update</title>
<updated>2025-01-13T13:49:08+00:00</updated>
<author>
<name>Deepthi Hemraj</name>
<email>Deepthi.Hemraj@windriver.com</email>
</author>
<published>2024-11-12T12:28:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b2cd1dea0459acec76e601987ad4b0661babfcc3'/>
<id>urn:sha1:b2cd1dea0459acec76e601987ad4b0661babfcc3</id>
<content type='text'>
Below commit on binutils-2.43.1 stable branch are updated.
b82e2250574 Automatic date update in version.in
280374309b1 PR32300, --dependency-file: link dependencies are not all collected
263e116833e s390: Add arch15 instructions
645da6d426e s390: Relax risbg[n]z, risb{h|l}gz, {rns|ros|rxs}bgt operand constraints
7f7047a9c6c s390: Simplify (dis)assembly of insn operands with const bits
e7592364504 s390: Align opcodes to lower-case
d6ab1d2efdc s390: Document syntax to omit base register operand
c40337b1784 LoongArch: Add elfNN_loongarch_mkobject to initialize LoongArch tdata
95ed7cf1be2 segv in bfd_elf_get_str_section
0a71d78f6a6 ld: Don't explicitly add .note.gnu.build-id in elf.sc
ad2ce1e6457 x86: Turn PLT32 to PC32 only for PC-relative relocations
238493e7f09 x86-64: Disable PIE on PR gas/32189 test
68d5dbd315d x86-64: Never make R_X86_64_GOT64 section relative
d77d08180d1 x86/APX: Don't promote AVX/AVX2 instructions out of APX spec
f307db3d8b7 bfd: Pass true to ld_plugin_object_p
cd3e2b58f2c PR32109, aborting at bfd/bfd.c:1236 in int _bfd_doprnt
2d37b890e56 lto: Add a test for PR ld/32083
d16a1893c44 ld: Add an LTO test for common symbol override
e4cfe6dab3e Re-enable development changes on the 2_43 branch

Testing was done and there were no regressions found

(From OE-Core rev: dce36f0c4a2c1455ecce56377afc3d436096360a)

Signed-off-by: Deepthi Hemraj &lt;Deepthi.Hemraj@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 4950a2d67a85b3f4a643a46fdc54d348abce5ed6)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>binutils: Fix CVE-2024-53589</title>
<updated>2025-01-09T14:02:48+00:00</updated>
<author>
<name>Yash Shinde</name>
<email>Yash.Shinde@windriver.com</email>
</author>
<published>2024-12-12T14:35:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=44c8d98587e478703dec3de6ed2e929233fab5c8'/>
<id>urn:sha1:44c8d98587e478703dec3de6ed2e929233fab5c8</id>
<content type='text'>
A buffer overflow vulnerability exists in GNU Binutils’ objdump utility
when processing tekhex format files. The vulnerability occurs in the
Binary File Descriptor (BFD) library’s tekhex parser during format identification.
Specifically, the issue manifests when attempting to read 8 bytes at an address
that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read.

Backport a patch from upstream to fix CVE-2024-53589.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]

(From OE-Core rev: 04c6b181bf9b1babd647c642ba8598b837f1263b)

Signed-off-by: Yash Shinde &lt;Yash.Shinde@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>gcc: Fix c++: tweak for Wrange-loop-construct</title>
<updated>2025-01-09T14:02:48+00:00</updated>
<author>
<name>Sunil Dora</name>
<email>sunilkumar.dora@windriver.com</email>
</author>
<published>2024-12-11T18:15:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d0a0b075749c0aa2fa796fdcf856ffac7ecfcb85'/>
<id>urn:sha1:d0a0b075749c0aa2fa796fdcf856ffac7ecfcb85</id>
<content type='text'>
This commit updates the warning to use a check for "trivially constructible" instead of
"trivially copyable." The original check was incorrect, as "trivially copyable" only applies
to types that can be copied trivially, whereas "trivially constructible" is the correct check
for types that can be trivially default-constructed.

This change ensures the warning is more accurate and aligns with the proper type traits.

LLVM accepted a similar fix:
https://github.com/llvm/llvm-project/issues/47355

PR c++/116731 [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116731]

(From OE-Core rev: b8260e5aca93a7000001013f8a950fb040141588)

Signed-off-by: Marek Polacek &lt;polacek@redhat.com&gt;
Signed-off-by: Sunil Dora &lt;sunilkumar.dora@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
</feed>
