Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap 2026-05-04T12:57:32+00:00 2026-05-04T12:57:32+00:00 Yoann Congal yoann.congal@smile.fr 2026-04-16T21:03:57+00:00 urn:sha1:7f959927fbaf53ead897e734b7d69cfc8390962f Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"), > The recommendation from server maintainers is that the https protocol > is both faster and more reliable than the dedicated git protocol at this point. > Switch to it where possible. (From OE-Core rev: b9de796f797844b035e50e22c4f939fc90e176f8) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 74dd04549624b1d3ba6d4febe51fa9ba1c86944c) Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-03-25T17:34:13+00:00 Daniel Turull daniel.turull@ericsson.com 2026-03-09T09:18:11+00:00 urn:sha1:61197c7a92509e3badd6234dbb45b4f15602f9bb Adding option to be able to import debugsources.zstd directly. The linux-yocto-debugsources.zstd is generated in every build and does not require any additional configuration. In contrast, SPDX_INCLUDE_COMPILED_SOURCES needs to be explicitly added and increases build time. (From OE-Core rev: e8e61a97bf0e88c45a323353e865a5654a500966) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> (cherry picked from commit c84a8958f30bbb982656ddcbe7476f6f81e1a6fb) Signed-off-by: Himanshu Jadon <hjadon@cisco.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-03-25T17:34:13+00:00 Daniel Turull daniel.turull@ericsson.com 2026-03-09T09:17:37+00:00 urn:sha1:8131e57579b01ff482f091848fe2f7167c3cbd1b When using the version specified in cve-summary.json, we need to remove the suffix containing the custom version to match the versions from the CVEs. This patch truncates the version from cve-summary.json to use only the base version of the kernel. This is only applicable for kernels where the user has added their own version. (From OE-Core rev: 66968d81d55de7afdf139eac56a460d04c383a6c) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3942d40e96989268e8d1030f9d8c3859044d9635) Signed-off-by: Himanshu Jadon <hjadon@cisco.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-03-25T17:34:13+00:00 Daniel Turull daniel.turull@ericsson.com 2026-03-09T09:16:21+00:00 urn:sha1:eb31e34477ce1a6b074c178b7ea64249fdd671b0 If the user has a CVE_STATUS for their own backported patch, the backport takes priority over upstream vulnerable versions. (From OE-Core rev: d317e2a52bd29a772de9bcd751f5b0e03277bd77) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0beef05be119ea465ba06553a42edea03dfc9fd3) Signed-off-by: Himanshu Jadon <hjadon@cisco.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> 2026-02-16T09:52:35+00:00 Daniel Turull daniel.turull@ericsson.com 2026-01-19T13:31:03+00:00 urn:sha1:7ba5e4b416116402e4bc7cd93644703ab00055e2 Adding postprocessing script to process data from linux CNA that includes more accurate metadata and it is updated directly by the source. Example of enhanced CVE from a report from cve-check: { "id": "CVE-2024-26710", "status": "Ignored", "link": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710", "summary": "In the Linux kernel, the following vulnerability [...]", "scorev2": "0.0", "scorev3": "5.5", "scorev4": "0.0", "modified": "2025-03-17T15:36:11.620", "vector": "LOCAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "detail": "not-applicable-config", "description": "Source code not compiled by config. ['arch/powerpc/include/asm/thread_info.h']" }, And same from a report generated with vex: { "id": "CVE-2024-26710", "status": "Ignored", "link": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710", "detail": "not-applicable-config", "description": "Source code not compiled by config. ['arch/powerpc/include/asm/thread_info.h']" }, For unpatched CVEs, provide more context in the description: Tested with 6.12.22 kernel { "id": "CVE-2025-39728", "status": "Unpatched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-39728", "summary": "In the Linux kernel, the following vulnerability has been [...], "scorev2": "0.0", "scorev3": "0.0", "scorev4": "0.0", "modified": "2025-04-21T14:23:45.950", "vector": "UNKNOWN", "vectorString": "UNKNOWN", "detail": "version-in-range", "description": "Needs backporting (fixed from 6.12.23)" }, CC: Peter Marko <peter.marko@siemens.com> CC: Marta Rybczynska <rybczynska@gmail.com> (From OE-Core rev: 7637af0a94764ac0c6c4f02f383992bcb4753af0) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e60b1759c1aea5b8f5317e46608f0a3e782ecf57) Signed-off-by: Suresh H A <suresh.ha@bmwtechworks.in> [Yoann: Stable policy exception: This change is clearly a new feature and thus should be rejected from stables by policy. But, since this is contrib/ an exception can be made] Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-02-13T13:51:41+00:00 Adrian Freihofer adrian.freihofer@gmail.com 2024-02-10T13:15:54+00:00 urn:sha1:605ef6f5a292fe169b1469b0a8996f3d5ae53daf All the regexes throw a warning like this: WARNING: scripts/lib/recipetool/create_buildsys.py:140: SyntaxWarning: invalid escape sequence '\s' proj_re = re.compile('project\s*\(([^)]*)\)', re.IGNORECASE) Python 3 interprets string literals as Unicode strings, and therefore \s is treated as an escaped Unicode character which is not correct. Declaring the RegEx pattern as a raw string instead of unicode is required for Python 3. (From OE-Core rev: 24b0ba00d4f0b4d9834f7693ecb6032dfc534a80) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-10-30T11:53:20+00:00 Ross Burton ross.burton@arm.com 2023-10-30T11:48:38+00:00 urn:sha1:28324600cb143775abe56af024ee10930236727d git show-ref looks at the _remote_ ref called HEAD, which is fine when it matches the local HEAD but problematic when you're iterating a series of commits. Use rev-parse to resolve the local name to a proper hash. (From OE-Core rev: 3c04747b681cf6090ba9c77752f6c2f304dbbe17) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-10-27T16:48:11+00:00 Ross Burton ross.burton@arm.com 2023-10-27T15:29:41+00:00 urn:sha1:2cbbe428dbb2fb7d64ad5eb9206f9dea1594ab74 Move most imports to the top of the file. (From OE-Core rev: d2c287db0739b249604cd1beaa03ec38512ba718) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-10-27T16:48:11+00:00 Ross Burton ross.burton@arm.com 2023-10-27T15:29:40+00:00 urn:sha1:62c80e3a79beaf521cb6e3e5e036e7aa40358a7c The autobuilder scripts post-process the generated JSON to inject recipe and commit counts into the data. We can do this easily in patchreview instead. (From OE-Core rev: 77c96e43090cbf485aec612cc2315b85e5635dda) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-10-27T16:48:11+00:00 Ross Burton ross.burton@arm.com 2023-10-27T15:29:39+00:00 urn:sha1:116c0442128b27a33ef0b5b88f974d6ad78651bc A previous patch[1] added the ability to allow the search pattern for patches to be changed, so that patchreview can be used across the entire meta-oe repository by changing the patterns. However, this means the caller needs to write long patterns when calling patchreview. Instead, we can see if the specified directory contains a layer by checking if conf/layer.conf exists. If it does, then search for patches inside this directory. If it doesn't, assume that the specified directory is a repository that contains sublayers (such as meta-openembedded) and look through each of the directories that match the pattern meta-*. This means patchreview can both scan either a single layer (eg .../poky/meta) or a repository of sublayers (eg .../meta-openembedded). [1] oe-core 599046ea9302af0cf856d3fcd827f6a2be75b7e1 (From OE-Core rev: a3a868519beab1b9cac94fefd7dbeffb09d047e9) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>