summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* migration-guides: add release notes for 5.0.12Lee Chee Yang2025-09-172-0/+185
| | | | | | | | | | (From yocto-docs rev: 79b37fe79fee03a46a4d791fd9f50e23d4e24797) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit e77139b5c616e6e5ad436eb91416fd804389425f) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/variables.rst: expand IMAGE_OVERHEAD_FACTOR glossary entryJoao Marcos Costa2025-09-171-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | There's a (second) overhead factor applied in images generated with Wic, and this is already documented in the .wks reference. However, the IMAGE_OVERHEAD_FACTOR entry does not mention it, and by looking at the partition sizes (e.g. with parted) one may find it confusing that they don't match with the expected rootfs size (e.g. in a scenario where the extra space is "0" and IMAGE_OVERHEAD_FACTOR="1.0"). This second overhead is already documented, though: https://docs.yoctoproject.org/ref-manual/kickstart.html#command-part-or-partition Mention the '--overhead-factor' option in the glossary entry and add a reference to the wks documentation. (From yocto-docs rev: 18a0dcefd4e688d60e57e8531b0ac283764e4e89) Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit b9040e20b015e9b02683ec3014e4ade5eb59d41a) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual/security-subjects.rst: update mailing listsAntonin Godard2025-09-171-9/+14
| | | | | | | | | | | | | | Update mailing lists following changes by Michael Halstead (https://lists.yoctoproject.org/g/yocto-security/message/1478). Also fix formatting/spacing. (From yocto-docs rev: c5c104ea79a42d630e33f4f002aeec0bb9cbb3b3) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 8066aa92a1acae6c99fbee92d24ee1feea65d974) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* sdk: The main in the C example should return an intJan Vermaete2025-09-171-1/+2
| | | | | | | | | | | | see C17 (ISO/IEC 9899:2018) (From yocto-docs rev: 260b386dd2184f9d32547e08d1ed578c45d86cc9) Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 1ebaed299f7ef80a49b68608f45bf25884900d13) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 4.0.29Lee Chee Yang2025-09-172-0/+179
| | | | | | | | | | (From yocto-docs rev: 1c219c46556e59757073f3ca7b94f9ef14d2a8ba) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit d3bbfed9cad4cda0960ee0623c728ea2a18e1b29) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bitbake: bitbake: Bump version to 2.8.1Martin Jansa2025-09-172-2/+2
| | | | | | | | | | | | To indicate compatibility with python 3.14 [YOCTO #15858] (Bitbake rev: 1c9ec1ffde75809de34c10d3ec2b40d84d258cb4) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bitbake: Use a "fork" multiprocessing contextJoshua Watt2025-09-177-9/+35
| | | | | | | | | | | | | | | | | | | | Python 3.14 changes the default multiprocessing context from "fork" to "forkserver"; however bitbake heavily relies on "fork" to efficiently pass data to the child processes. As such, make "fork" context in the bb namespace and use it in place of the normal multiprocessing module. Note that multiprocessing contexts were added in Python 3.4, so this should be safe to use even before Python 3.14 [YOCTO #15858] (Bitbake rev: 15d7448e04aa78c827d2cef9eb1a62bd6e0dd119) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pulseaudio: Add audio group explicitlyKyungjik Min2025-09-092-1/+2
| | | | | | | | | | | | | | | | | | | Since pulseaudio-server requires the audio group, we explicitly add it. When use useradd-staticids or do not use the default group in base-passwd, an error will occur because the audio group is not defined. NOTE: pulseaudio: Performing useradd with [--root TOPDIR/tmp/work/cortexa72-poky-linux/pulseaudio/17.0/recipe-sysroot --home-dir /var/run/pulse --gid 998 --groups audio,pulse --no-create-home --system --shell /bin/false --uid 998 pulse] useradd: group 'audio' does not exist ERROR: pulseaudio: useradd command did not succeed. (From OE-Core rev: baa5e7ea5f37f54c2a00080798ad7fb4c0664f69) Signed-off-by: Kyungjik Min <dpmin7@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* default-distrovars.inc: Fix CONNECTIVITY_CHECK_URIS redirect issueDeepak Rathore2025-09-092-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The default CONNECTIVITY_CHECK_URIS uses "https://yoctoproject.org/connectivity.html" which redirect to "https://www.yoctoproject.org/connectivity.html". Some network configurations with proxies or restricted internet access don't handle HTTP redirects properly during the sanity check phase, causing build failures with: ERROR: OE-core's config sanity checker detected a potential misconfiguration. Either fix the cause of this error or at your own risk disable the checker (see sanity.conf). Following is the list of potential problems / advisories: Fetcher failure for URL: 'https://yoctoproject.org/connectivity.html'. URL doesn't work. Updated the default URL to use the final destination directly to avoid redirect-related connectivity check failures. Also updated SDK test cases in https.py to use the corrected URL for consistency. (From OE-Core rev: bd624ebbcf4e6d7a24c4ab232ca2e138b1ac3433) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 60cdf960a3560f391babd559737f1afb31fb2c5c) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rpm: keep leading `/' from sed operationHongxu Jia2025-09-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For /usr/lib/rpm/macros, Yocto explicitly set OECMAKE_FIND_ROOT_PATH_MODE_PROGRAM = "ONLY" [1][2] to search tools from CMAKE_FIND_ROOT_PATH [5] which locates in native recipe sysroot or HOSTTOOLS_DIR. If found in native recipe sysroot or HOSTTOOLS_DIR, the sed operation removed leading `/' root@qemux86-64:~# vi /usr/lib/rpm/macros ... %__xz usr/bin/xz %__make usr/bin/make %__zstd usr/bin/zstd %__quilt usr/bin/quilt %__patch usr/bin/patch ... root@qemux86-64:~# rpm --eval "%{__xz} %{__make} %{__zstd} %{__quilt} %{__patch}" usr/bin/xz usr/bin/make usr/bin/zstd usr/bin/quilt usr/bin/patch This commit keeps leading `/' from sed operation, and similar reason for /usr/lib/cmake/rpm/rpm-targets.cmake After applying this commit: root@qemux86-64:~# rpm --eval "%{__xz} %{__make} %{__zstd} %{__quilt} %{__patch}" /usr/bin/xz /usr/bin/make /usr/bin/zstd /usr/bin/quilt /usr/bin/patch [1] https://git.openembedded.org/openembedded-core/commit/?id=f4ea12f6635125ee793f4dd801c538c0186f9dc3 [2] https://cmake.org/cmake/help/latest/variable/CMAKE_FIND_ROOT_PATH_MODE_PROGRAM.html (From OE-Core rev: cab720b5508411f9a63025e2765d4d46914a1404) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0d0773879ab9520c475c4a8c930b2e663de0e032) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpam: fix CVE-2024-10963Stanislav Vovk2025-09-092-0/+266
| | | | | | | | | Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/940747f88c16e029b69a74e80a2e94f65cb3e628 (From OE-Core rev: 2be498fd0872d7ccbf0e9b2eb0a1d4879823c968) Signed-off-by: Stanislav Vovk <stanislav.vovk@est.tech> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* curl: update CVE_STATUS for CVE-2025-5025Vrushti Dabhi2025-09-091-1/+1
| | | | | | | | | | | | This CVE applies only when curl is built with wolfSSL support. Revised CVE_STATUS description to align with CVE details. Reference: https://github.com/openembedded/openembedded-core/commit/93ae0758ef35 (From OE-Core rev: fddc4dcc89a9491abdf8f5d0ea4df9a6526b1538) Signed-off-by: Vrushti Dabhi <vdabhi@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* sudo: remove devtool FIXME commentPeter Marko2025-09-011-52/+0
| | | | | | | | | | This comment should not have been merged. It shows that the license did not change. (From OE-Core rev: a19afb7db1b9995ce433f8bfeb5406c9fd1fdc19) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby-ptest : some ptest fixesJiaying Song2025-09-013-3/+36
| | | | | | | | | | | | | | | | | - Skip the test_rm_r_no_permissions test under the root user, as deletion always succeeds. - Filter out tests under the -ext- directory in run-ptest. Due to the commit [1],the packaging of .so test files under the .ext directory was removed. As a result, adjust the test filtering rules to avoid test failures caused by missing files. - Add installation of rdoc.rb and did_you_mean.rb files in do_install_ptest to ensure complete test dependencies. - Add init.rb file to PTEST installation path. (From OE-Core rev: fbbfbfd59fe74c6f742af29d32fae1327068b9ff) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cpio: Pin to use C17 stdKhem Raj2025-09-011-0/+3
| | | | | | | | | | | | | Fixes build with GCC-15 which is defaulting to C23 For scarthgap also add it in BUILD_CFLAGS. (From OE-Core rev: 874701c4fd96134e18f73eba4bd5c8b513ad251b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* yocto-uninative: Update to 4.9 for glibc 2.42Michael Halstead2025-09-011-5/+5
| | | | | | | | (From OE-Core rev: 9f0cc5fe65f71cf1d28b7a34272f29db03dc6778) Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* yocto-uninative: Update to 4.8 for GCC 15.1Michael Halstead2025-09-011-4/+4
| | | | | | | | (From OE-Core rev: 02b285fb0258587e9b78ee4b1b4b2eea0e0a4b3e) Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dbus-glib: fix build with gcc-15Martin Jansa2025-09-012-0/+38
| | | | | | | (From OE-Core rev: 6c546567adc84667fc76d777b02fc78e9c472f51) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: fix build with gcc-15Martin Jansa2025-09-015-0/+1662
| | | | | | | (From OE-Core rev: f7d791585632b7db5f80090c92b5389eacd60fab) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* elfutils: fix build with gcc-15Martin Jansa2025-09-012-0/+73
| | | | | | | (From OE-Core rev: ece06774fd1c261c333f61779579614e0b40b927) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libtirpc: Fix build with gcc-15/C23Khem Raj2025-09-013-0/+126
| | | | | | | | | | | | | | | | Update declarations to allow building with gcc-15 with C23 std being default now. Fixes: error: conflicting types for 'xdr_opaque_auth (From OE-Core rev: 65036ab0a519c14338fb26ac8162d159d965da2b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* rust-llvm: fix build with gcc-15Martin Jansa2025-09-014-2/+89
| | | | | | | | | | As in meta-clang for clang-native: https://github.com/kraj/meta-clang/commit/f915bbfc71f7b58c38607b8407718bd8b5cefa44 (From OE-Core rev: 818750db213dc2c0daac4757d078092be6de3fe6) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libgpg-error: fix build with gcc-15Martin Jansa2025-09-012-0/+53
| | | | | | | | | Backport a fix for native build with gcc-15 on host (From OE-Core rev: cef0a6c3245a2556614f7e009c2e00e1eb16e08e) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pkgconfig: fix build with gcc-15Martin Jansa2025-09-012-0/+37
| | | | | | | | | | | | | | | | | | | | | * on hosts with gcc-15 or whenever glib PACKAGECONFIG isn't enabled and pkgconfig uses own old bundled glib * fixes: http://errors.yoctoproject.org/Errors/Details/853015/ ../../../git/glib/glib/goption.c:169:14: error: two or more data types in declaration specifiers 169 | gboolean bool; | ^~~~ ../../../git/glib/glib/goption.c:169:18: warning: declaration does not declare anything 169 | gboolean bool; | ^ (From OE-Core rev: 948e0170d83949e2d5a676afb81edc44f07c5ba4) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* unifdef: Don't use C23 constexpr keywordKhem Raj2025-09-012-1/+59
| | | | | | | | | | | Fixes build with GCC-15 (From OE-Core rev: 3085783dd5585a85a3853858215689c362429c64) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gdbm: Use C11 standardKhem Raj2025-09-011-0/+4
| | | | | | | | | | | | | | GCC15 is switching defaults to C23 and gdbm is not yet ready to compile using C23 std. For scarthgap also add it in BUILD_CFLAGS. (From OE-Core rev: 97989d81c5e30434594beadd9449e907e98d3ceb) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gmp: Fix build with older gcc versionsKhem Raj2025-09-012-0/+51
| | | | | | | | | | | | The fix to make this work with GCC15/C23 caused problems with older gcc versions. Add a fix for that. (From OE-Core rev: 237085506a454fb927389d681f30c8c995bc7b2b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gmp: Fix build with GCC15/C23Khem Raj2025-09-012-0/+26
| | | | | | | | | (From OE-Core rev: 5114bea0e9fe3cc15cb4f4d264a932d5b9897296) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* m4: Stick to C17 standardKhem Raj2025-09-011-0/+3
| | | | | | | | | | | | | | GCC15 imposes C23 by default and 1.4.19 release has gnulib version which can not be compiled without errors, while new release of m4 is in progress we might use C17 until then and use GCC15 to compile it For scarthgap also add it in BUILD_CFLAGS. (From OE-Core rev: 94ec72b332dce71a2756560ddf738f864e3c853d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* unzip: Fix build with GCC-15Khem Raj2025-09-012-0/+19
| | | | | | | | | | | | Add a patch to remove redundant declarations (From OE-Core rev: b84d6ceb89277462d7069defaeb9ecfed9c30d56) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* git: fix build with gcc-15 on hostMartin Jansa2025-09-013-0/+109
| | | | | | | (From OE-Core rev: a534cf958f9c7d05af795def43ee5ba09fb34ca2) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cmake: fix build with gcc-15 on hostMartin Jansa2025-09-012-0/+31
| | | | | | | (From OE-Core rev: bdfccaa382c1669bff8788e09953c3a770243fab) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* vim: upgrade 9.1.1198 -> 9.1.1652Peter Marko2025-09-014-15/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | Handles CVE-2025-53905, CVE-2025-53906, CVE-2025-55157, CVE-2025-55158. Changes between 9.1.1198 -> 9.1.1652 ==================================== https://github.com/vim/vim/compare/v9.1.1198...v9.1.1652 Refresh patches. Disable newly introduced wayland support (in patch version 1485). To this belongs also adding recursion in delete command for dir auto which was newly failing as there is wayland directory inside now. If someone is interested, this can be probably enabled, but without additional work it results in compilation error due to function redefinition conflicts. (From OE-Core rev: e87d427d928234ef0441f9ce1fe8631fbe471094) (From OE-Core rev: 052fd7e55d2c73f13f63267fbfb5e39fa504baa3) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libarchive: patch regression of patch for CVE-2025-5918Peter Marko2025-09-012-0/+52
| | | | | | | | | | | Picked commit per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-5918 (From OE-Core rev: d2b8d2f7d579779a9effcff677960dbc576b1cc8) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dpkg: patch CVE-2025-6297Peter Marko2025-09-012-0/+126
| | | | | | | | | | | Pick commit per [1] from 1.22.x branch. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6297 (From OE-Core rev: 859e5a47744a91b40d5d12c46ff4d8657ef5cf6e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glib-2.0: patch CVE-2025-6052Peter Marko2025-09-014-0/+204
| | | | | | | | | | | | | | Pick commit per [1]. Also pick commits from [2] which is referencing this CVE as the original fix was not complete. [1] https://security-tracker.debian.org/tracker/CVE-2025-6052 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4681 (From OE-Core rev: 8e85effc1a79e78f34b0b17341dd223bb80b25e4) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glib-2.0: patch CVE-2025-7039Peter Marko2025-09-012-0/+44
| | | | | | | | | | | Pick commit per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-7039 (From OE-Core rev: 36402f219bc6fc03970e5277d449f2717199cf44) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go-binary-native: ignore CVE-2025-0913Peter Marko2025-09-011-0/+1
| | | | | | | | | This was already done for all other go recipes. (From OE-Core rev: 63dfdbf774dc24ea4e736a6d13d6aa8c72ebee4d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* qemu: set status of CVE-2024-7730 to fixedPeter Marko2025-09-011-0/+2
| | | | | | | | | | This was backported to v8.2.7 and also it is mentioned in commit upgrading qemu in oe-core. (From OE-Core rev: d05df779286288d1f8b69159ebcfc45a853bd23b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ncurses: Pin to C17 standardKhem Raj2025-09-011-0/+4
| | | | | | | | | | | | | | | Newer snapshots of ncurses have the fixes but they are many needed to get C23 going. Until next release lets stick with C17 even while GCC 15 switches to C23 defaults. For scarthgap also add it in BUILD_CFLAGS. (From OE-Core rev: 2ee706f58a96f30904ac3d292c0ac532739c91ea) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: fix CVE-2025-47907Praveen Kumar2025-09-013-0/+563
| | | | | | | | | | | | | | | | | | | | | Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-47907 Upstream-patch: https://github.com/golang/go/commit/8a924caaf348fdc366bab906424616b2974ad4e9 (From OE-Core rev: 22d8ac9884208b8f9b2a69ec6a257c62e1f2f8d2) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-1594Archana Polampalli2025-09-012-0/+106
| | | | | | | | | | | | | A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. (From OE-Core rev: c9a15206bae7f1e85dc3b8812eabb936a7e6d383) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: upgrade 6.1.2 -> 6.1.3Archana Polampalli2025-09-0111-499/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2023-6604 CVE-2023-6602 CVE-2025-7700 Changelog: https://github.com/FFmpeg/FFmpeg/blob/n6.1.3/Changelog Removed the CVE patches which are already fixed with this upgrade ref: https://github.com/FFmpeg/FFmpeg/commit/c104119c6b5e00496c5ff14071c85f95c98b7ae5 https://github.com/FFmpeg/FFmpeg/commit/7d79d0a43b5533ff584249332bc1db7fedbab1d2 https://github.com/FFmpeg/FFmpeg/commit/a4b6e37ad5f50454974fa22cc8f19d83cdaff0eb https://github.com/FFmpeg/FFmpeg/commit/efedc1d1b6aef2481cf613a11992b1dce6320055 https://github.com/FFmpeg/FFmpeg/commit/dcf34f13f516aa0e214384f3185aff306feba01d https://github.com/FFmpeg/FFmpeg/commit/bed04417b4d38af7a1b477b24ea6e26547e32373 https://github.com/FFmpeg/FFmpeg/commit/b43a12363c1fef0efa7eac15b6b830417656db15 https://github.com/FFmpeg/FFmpeg/commit/e2b20632b8c71a4e174511f8ff6e8342e0c63bd3 https://github.com/FFmpeg/FFmpeg/commit/43f64690ad9df72976bcbd6ea9e41b2542db2464 (From OE-Core rev: 901304a22413030b9744006ae18b587146b71953) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: fix CVE-2025-47807Hitendra Prajapati2025-09-012-0/+50
| | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2 (From OE-Core rev: 19eca5d7373667dbacd02a2c1dd8c9de8101cd34) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: fix CVE-2025-4674Archana Polampalli2025-09-012-0/+333
| | | | | | | | | | | | | The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected. (From OE-Core rev: efdc4920571677c9051d4402eaa801672eeb24e3) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to scarthgap head revisionyocto-5.0.12scarthgap-5.0.12Steve Sakoman2025-08-221-1/+1
| | | | | | (From OE-Core rev: 93c7489d843a0e46fe4fc685b356d0ae885300d7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* poky.conf: bump version for 5.0.12Steve Sakoman2025-08-221-1/+1
| | | | | | (From meta-yocto rev: 82602cda1a89644d1acbe230a81c93e3fb5031c8) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bash: use -std=gnu17 also for native CFLAGSMartin Jansa2025-08-221-0/+3
| | | | | | | | | | | | | | | * fixes builds on host with gcc-15: http://errors.yoctoproject.org/Errors/Details/853016/ ../../bash-5.2.37/builtins/mkbuiltins.c:268:29: error: too many arguments to function ‘xmalloc’; expected 0, have 1 268 | error_directory = xmalloc (2 + strlen (argv[arg_index])); | ^~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (From OE-Core rev: 55c144bd17665f70cd15e36f3405f502a962f039) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* bash: Stick to C17 stdKhem Raj2025-08-221-0/+2
| | | | | | | | | | | GCC 15 defaults to C23 and bash is not yet ready for that so keep using C17 like GCC 14 for now (From OE-Core rev: adf63fe5f76cbd0fd93ce5fa23229a388211e992) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cairo: fix build with gcc-15 on hostMartin Jansa2025-08-223-0/+51
| | | | | | | | | | | | | | | | | | | | * backports from 1.18.2 used since: https://git.openembedded.org/openembedded-core/commit/?id=070d79c8adec7e0a8862019cf61910a59b18613a * fixes build on hosts with gcc-15 (e.g. ubuntu-25.10) ../cairo-1.18.0/test/pdiff/pdiff.h:22:13: error: ‘bool’ cannot be defined via ‘typedef’ 22 | typedef int bool; | ^~~~ ../cairo-1.18.0/test/pdiff/pdiff.h:22:13: note: ‘bool’ is a keyword with ‘-std=c23’ onwards ../cairo-1.18.0/test/pdiff/pdiff.h:22:1: warning: useless type name in empty declaration 22 | typedef int bool; | ^~~~~~~ (From OE-Core rev: 6bd49cba1d7e12a6d8a4521a2097ff9f5ddc6368) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-02 22:16:42 +0000