summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* glib-networking: fix CVE-2025-60018Rajeshkumar Ramasamy2025-10-242-0/+84
| | | | | | | | | | | | | | | | glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-60018 Upstream-patch: https://gitlab.gnome.org/GNOME/glib-networking/-/commit/4dd540505d40babe488404f3174ec39f49a84485 (From OE-Core rev: bd11f18909b5946e4570e0eba9b3cb9b47791dc1) Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: : PTHREAD_COND_INITIALIZER compatibility with pre-2.41 versions (bug ↵Sunil Dora2025-10-172-0/+55
| | | | | | | | | | | | | | 32786) The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=dbc5a50d12eff4cb3f782129029d04b8a76f58e7 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002282.html (From OE-Core rev: 8f1000d9dad5e51f08a40b0f6650204425cc8efb) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Use all of g1_start and g_signalsSunil Dora2025-10-172-0/+194
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=91bb902f58264a2fd50fbce8f39a9a290dd23706 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002283.html (From OE-Core rev: 4593e800b832d740d0b63ddd4b5c948c564116b2) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl rename __condvar_quiesce_and_switch_g1Sunil Dora2025-10-172-0/+162
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=4b79e27a5073c02f6bff9aa8f4791230a0ab1867 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002281.html (From OE-Core rev: 0a9ccd040037c12aa2e7fbc2213ca60b30dafcc4) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Fix indentationSunil Dora2025-10-172-0/+150
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=ee6c14ed59d480720721aaacc5fb03213dc153da [2] https://sourceware.org/pipermail/libc-stable/2025-July/002280.html (From OE-Core rev: f54e082df2f07893f66183089518f98cb792f22e) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loopSunil Dora2025-10-172-0/+104
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=929a4764ac90382616b6a21f099192b2475da674 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002279.html (From OE-Core rev: 75bbc8cb3a94640120d778916abb2edf78b89fd0) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: Remove g_refs from condition variablesSunil Dora2025-10-172-0/+189
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=c36fc50781995e6758cae2b6927839d0157f213c [2] https://sourceware.org/pipermail/libc-stable/2025-July/002278.html (From OE-Core rev: 1972b6776fa8a23b9d373d516ace32e136e9058f) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Remove unnecessary quadruple check in pthread_cond_waitSunil Dora2025-10-172-0/+119
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=4f7b051f8ee3feff1b53b27a906f245afaa9cee1 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002276.html (From OE-Core rev: e6cac5aef751d698327f6ebee966462644c6c6a8) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Remove unnecessary catch-all-wake in condvar group switchSunil Dora2025-10-172-0/+80
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=b42cc6af11062c260c7dfa91f1c89891366fed3e [2] https://sourceware.org/pipermail/libc-stable/2025-July/002274.html (From OE-Core rev: 18b4f22aaae19cd0efb21433f0c23c5580246a2e) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Update comments and indentation for new condvar implementationSunil Dora2025-10-172-0/+146
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=0cc973160c23bb67f895bc887dd6942d29f8fee3 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002275.html (From OE-Core rev: bf3d91124c2584b9d3000098d1f81d9459d143fc) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: pthreads NPTL lost wakeup fix 2Sunil Dora2025-10-172-0/+456
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=1db84775f831a1494993ce9c118deaf9537cc50a [2] https://sourceware.org/pipermail/libc-stable/2025-July/002277.html (From OE-Core rev: 4d57f7c82ccb64e2bd2a2371ef18bdc5a4b718e3) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: Remove partial BZ#25847 backport patchesSunil Dora2025-10-179-1427/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To facilitate a clean backport of the full 10-commit series addressing the pthread condition variable lost wakeup issue (BZ#25847) in glibc 2.35, remove the existing 8 patches that were applied as a partial backport. The previous partial backport excluded commit: c36fc50781995e6758cae2b6927839d0157f213c ("nptl: Remove g_refs from condition variables") based on guidance from glibc maintainer Florian Weimer(#comment #74) This exclusion was recommended for stable branches to avoid altering the layout of pthread_cond_t, which could introduce ABI incompatibilities. Additionally, the dependent commit dbc5a50d12eff4cb3f782129029d04b8a76f58e7 was not needed in the partial backport. To align with upstream mainline, per maintainer Carlos O'Donell (comment #75), apply the complete 10-commit series for consistency. By removing these patches first, we ensure the subsequent application of the full 10 commits results in cleaner, more reviewable changes without intermixed conflicts or overlaps. Removed patches and corresponding upstream commits: - 0026-PR25847-1.patch: 1db84775f831a1494993ce9c118deaf9537cc50a - 0026-PR25847-2.patch: 0cc973160c23bb67f895bc887dd6942d29f8fee3 - 0026-PR25847-3.patch: b42cc6af11062c260c7dfa91f1c89891366fed3e - 0026-PR25847-4.patch: 4f7b051f8ee3feff1b53b27a906f245afaa9cee1 - 0026-PR25847-5.patch: 929a4764ac90382616b6a21f099192b2475da674 - 0026-PR25847-6.patch: ee6c14ed59d480720721aaacc5fb03213dc153da - 0026-PR25847-7.patch: 4b79e27a5073c02f6bff9aa8f4791230a0ab1867 - 0026-PR25847-8.patch: 91bb902f58264a2fd50fbce8f39a9a290dd23706 Bug reference: https://sourceware.org/bugzilla/show_bug.cgi?id=25847 This change prepares the branch for the full backport in follow-up commits. (From OE-Core rev: 9881dd70305b87945e9649d744bcbc40a1a7b780) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: patch CVE-2025-11083Peter Marko2025-10-172-0/+78
| | | | | | | | | | Pick patch per link in NVD report. (From OE-Core rev: 99879f41af7272e597c9a8c4c0260d1b690f9051) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* binutils: patch CVE-2025-11082Peter Marko2025-10-172-0/+47
| | | | | | | | | | Pick patch per link in NVD report. (From OE-Core rev: cdc458b5dd21614058aac56de68a272201283141) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* qemu: patch CVE-2024-8354Peter Marko2025-10-172-0/+76
| | | | | | | | | Pick commit per [1]. (From OE-Core rev: bebd1b24473e3480ae6c4ae2897fbfdf4942ea11) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* vulnerabilities: update nvdcve file namePeter Marko2025-10-141-1/+1
| | | | | | | | | | | | The filename is outdated as its version was already bumped and there are also different files for different feed choices. Use glob to match any available file. (From yocto-docs rev: fca48e1239950ccf10f6b1b805c5734104144ded) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* migration-guides: add release notes for 4.0.30Lee Chee Yang2025-10-142-0/+171
| | | | | | | | | | (From yocto-docs rev: 2999dd8be2534d3d5b2cfa28be703d07fffa795c) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit e89c95b167c24cfb9c1d5d548a26872393ca2fee) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main serverSteve Sakoman2025-10-141-1/+1
| | | | | | | | | | | | | | | ftp.gnu.org is the main server of the GNU project, however download speed can vary greatly based on one's location. Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror, which should result sometimes in significantly faster download speed, depending on one's location. This should also distribute the traffic more across the mirrors. This information was sourced from https://www.gnu.org/prep/ftp.html (From OE-Core rev: 0d11c9103f072841baf39166efc133f2a20fc4dc) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* selftest/cases/meta_ide.py: use use gnu mirror instead of main serverSteve Sakoman2025-10-141-1/+1
| | | | | | | | | | | | | | | ftp.gnu.org is the main server of the GNU project, however download speed can vary greatly based on one's location. Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror, which should result sometimes in significantly faster download speed, depending on one's location. This should also distribute the traffic more across the mirrors. This information was sourced from https://www.gnu.org/prep/ftp.html (From OE-Core rev: 97939775d2b81af392a2f98c922165763ff0ae5f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* conf/bitbake.conf: use gnu mirror instead of main serverGyorgy Sarvari2025-10-141-1/+1
| | | | | | | | | | | | | | | | | | | ftp.gnu.org is the main server of the GNU project, however download speed can vary greatly based on one's location. Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror, which should result sometimes in significantly faster download speed, depending on one's location. This should also distribute the traffic more across the mirrors. This information was sourced from https://www.gnu.org/prep/ftp.html . (From OE-Core rev: 8418289277056d582d88916b524b920a2e005c75) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d8c6f01d7467e018aa0ed27a87850d9e4434a47a) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* p11-kit: backport fix for handle USE_NLS from masterAshishKumar Mishra2025-10-141-0/+1
| | | | | | | | | | | | | | | | | | | Disable NLS in the build when USE_NLS is off. (From OE-Core rev: b94798ecd535956ef4565663710ea9a701ff21ed) This change corresponds to upstream eeb3974472429a99a724f324dc8a63e435741f68 from master . Since the p11-kit version are different between master & kirkstone applied the patch manually (From OE-Core rev: c621612a12cdbf5c89279b69e28d0e3a0b5d0a86) Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: AshishKumar Mishra <emailaddress.ashish@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* systemd: backport fix for handle USE_NLS from masterAshishKumar Mishra2025-10-141-0/+1
| | | | | | | | | | | | | | | | | | Do not build translations when NLS is disabled. (From OE-Core rev: 83795ef6c3fa12a863cd20b7ec1a2607606987b6) This change corresponds to upstream d848b454e64ffbd642590b4bbc378619e1547ad3 from master . Since the systemd version are different between master & kirkstone applied the patch manually (From OE-Core rev: 4b612ae7cbdc8327765c34d0e64fa8e0564891d4) Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: AshishKumar Mishra <emailaddress.ashish@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: stable 2.35 branch updatesDeepesh Varatharajan2025-10-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git log --oneline a66bc3941ff298e474d5f02d0c3303401951141f..4e50046821f05ada5f14c76803845125ddb3ed7d 4e50046821 (HEAD, origin/release/2.35/master) x86-64: Add GLIBC_ABI_DT_X86_64_PLT [BZ #33212] c97735cfde elf: Handle ld.so with LOAD segment gaps in _dl_find_object (bug 31943) 96cc65a28a elf: Extract rtld_setup_phdr function from dl_main e3f04f64fa elf: Do not add a copy of _dl_find_object to libc.so bfae8bf49c arm: Use _dl_find_object on __gnu_Unwind_Find_exidx (BZ 31405) Testing Results: Before After Diff PASS 4605 4609 +4 XPASS 6 6 0 FAIL 358 356 -2 XFAIL 16 16 0 UNRESOLVED 0 1 +1 UNSUPPORTED 197 197 0 Testcases changes testcase-name before after elf/tst-link-map-contiguous-libc(new) - PASS elf/tst-link-map-contiguous-ldso(new) - FAIL elf/check-dt-x86-64-plt(new) - UNRESOLVED misc/tst-tsearch FAIL PASS posix/bug-regex24 FAIL PASS string/tst-cmp FAIL PASS (From OE-Core rev: 932ee96c0dc24ac3cdb9cee5bf96375568b41df0) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssl: upgrade 3.0.17 -> 3.0.18Archana Polampalli2025-10-141-1/+1
| | | | | | | | | | | | | | This release incorporates the following bug fixes and mitigations: Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) Changelog: https://github.com/openssl/openssl/blob/openssl-3.0.18/NEWS.md#openssl-30 (From OE-Core rev: 0a0d640436258269ffaaf23116d41f9a79db5ab7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* scripts/install-buildtools: Update to 4.0.30Aleksandar Nikolic2025-10-141-2/+2
| | | | | | | | | Update to the 4.0.30 release of the 4.0 series for buildtools (From OE-Core rev: 237452d023dfc895cd8183e30e781da6f60b2ec5) Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: fix CVE-2025-47906Archana Polampalli2025-10-142-0/+172
| | | | | | | | | | | | If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned. (From OE-Core rev: c4d81e32ee3fb7d05db2cfbfaaa8081841bc16ce) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: mark CVE-2023-6601 as patchedPeter Marko2025-10-141-1/+1
| | | | | | | | | | | Per [1] this CVE is fixed by the same commits as the other 3 CVEs. [1] https://security-tracker.debian.org/tracker/CVE-2023-6601 (From OE-Core rev: b0542ad422ac1ba05dd5b8003429b8719619d892) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: ignore CVE-2023-6603Peter Marko2025-10-141-0/+4
| | | | | | | | | | | | | Per [1] this CVE is fixed by [2] which is available in version 5.0, so version 5.0.3 is not vulnerable anymore. [1] https://security-tracker.debian.org/tracker/CVE-2023-6603 [2] https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841d3d1fa7f3 (From OE-Core rev: dcfd5672474f7a9bf7913c0f0e35f7c40bb685c4) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pulseaudio: ignore CVE-2024-11586Peter Marko2025-10-141-0/+3
| | | | | | | | | | | | | | | | | | | As per the linked ticket, this issue is related to an Ubuntu-specific patch that we don't have. (From OE-Core rev: dc81fdc6bdf8ab39b7f2fd994d50256430c36558) (From OE-Core rev: 72e63e44a0c6ad5a408c4dc59a24288c36463439) Rewritten CVE_STATUS to CVE_CHECK_IGNORE. (From OE-Core rev: 66e45229a9614d33f64167f0259ae1d719839d83) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ghostscript: patch CVE-2025-59800Peter Marko2025-10-142-0/+37
| | | | | | | | | Pick commit mentioned in the NVD report. (From OE-Core rev: 5109fd6675b6782f10f86f774fe54b6ccecee415) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ghostscript: patch CVE-2025-59799Peter Marko2025-10-142-0/+42
| | | | | | | | | Pick commit mentioned in the NVD report. (From OE-Core rev: 10a51275bb0f62b018a6182953352ecf7aa3d220) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ghostscript: patch CVE-2025-59798Peter Marko2025-10-142-0/+135
| | | | | | | | | Pick commit mentioned in the NVD report. (From OE-Core rev: dc65da274b26c1e7f4143154cd7639a93cc658be) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* grub: ignore CVE-2024-2312Peter Marko2025-10-141-0/+2
| | | | | | | | | | | This CVE is specific to Ubuntu [1]. [1] https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 (From OE-Core rev: dc10bf2f9dd91cbd34af43162b61736fc26aa314) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0: ignore CVE-2025-2759Peter Marko2025-10-141-0/+3
| | | | | | | | | | | | | | | | | | Copy statement from [1] that it is problem of installers (non-Linux). Also [2] linked in NVD says "Fixed in 1.25.1 Gstreamer Installer". Since Yocto builds from sources into our own packages, ignore it. [1] https://security-tracker.debian.org/tracker/CVE-2025-2759 [2] https://www.zerodayinitiative.com/advisories/ZDI-25-268/ (From OE-Core rev: 99ee1df6bde2ffd4fa2ddea44c0a9b94d9d77bae) Reworked to CVE_CHECK_IGNORE format. (From OE-Core rev: 2162bc3b305a0b088018e251baad54c356f7855f) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0: ignore CVEs fixed in pluginsPeter Marko2025-10-141-3/+9
| | | | | | | | | All these CVEs were fixed in recent commits. (From OE-Core rev: 86f48cdb1b26b6e234dde10b1e636e54e8a7e71f) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tiff: Fix CVE-2025-9165Vijay Anusuri2025-10-142-0/+33
| | | | | | | | | Upstream-Commit: https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0 (From OE-Core rev: 08823f96a400055e5924bae3af0d2dfaf488148b) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tiff: Fix CVE-2025-8961Vijay Anusuri2025-10-142-0/+75
| | | | | | | | | Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/0ac97aa7a5bffddd88f7cdbe517264e9db3f5bd5 (From OE-Core rev: 8d956d80f0eae39f9de68c0cd5a361c69b47cda4) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxslt: Patch for CVE-2025-7424Vijay Anusuri2025-10-142-0/+106
| | | | | | | | | | | | | | This patch is taken from the upstream bug, and is used by Apple in their build of WebKit. Origin: https://gitlab.gnome.org/-/project/1762/uploads/627ae84cb0643d9adf6e5c86947f6be6/gnome-libxslt-bug-139-apple-fix.diff Ref: https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 (From OE-Core rev: 2e2fa1ae7f24dadae9cb8371174aa7744aa42028) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* busybox: patch CVE-2025-46394Peter Marko2025-10-143-0/+91
| | | | | | | | | | Pick commit mentioning this CVE. Additionally fix test broken by the CVE fix. (From OE-Core rev: 137299edbc47e8a57173ef3c22bcb719d48d5302) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-bad: Fix CVE-2025-3887Vijay Anusuri2025-10-143-0/+145
| | | | | | | | | | | Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5463f0e09768ca90aa8c58357c1f4c645db580db & https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bcaab3609805ea10fb3d9ac0c9d947b4c3563948 (From OE-Core rev: a35bdbdb4d1dd77de7b85ab19d7354be6a11e8b2) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: fix CVE-2025-9714Theo GAIGE2025-10-142-0/+118
| | | | | | | | | Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 (From OE-Core rev: 277692c2472f03ae62401bfbd26e8c4d872113d0) Signed-off-by: Theo GAIGE <tgaige.opensource@witekio.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/variables.rst: fix the description of STAGING_DIRAdam Blank2025-10-031-1/+1
| | | | | | | | | | | | | There is no single "recipe-sysroots" directory, but rather many "recipe-sysroot*" directories. (From yocto-docs rev: eca2cb23eb1fd4186d1f5cadc3280d73e8f52631) Signed-off-by: Adam Blank <adam.blank.g@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit f2d6e228409cb1dd1dbf339c405699ac6d3900be) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/structure: document the auto.conf fileAntonin Godard2025-10-031-0/+9
| | | | | | | | | | | | Add documentation for auto.conf, which is used by external tools for automatically setting variables. (From yocto-docs rev: 707b29352838792c635b39c8b5c20c519b10b832) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 134e54a75e0144c4629f702c6f43e92ed1f12dce) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dev-manual/building.rst: add note about externalsrc variables absolute pathsTalel BELHAJ SALEM2025-10-031-0/+5
| | | | | | | | | | (From yocto-docs rev: a0ffc6296e7349367fa6e6e615b74e2017a1a67e) Signed-off-by: Talel BELHAJ SALEM <bhstalel@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 33166d70b6ad093bd95ffccafc0b07820682f656) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual/variables.rst: fix the description of KBUILD_DEFCONFIGAdam Blank2025-10-031-2/+1
| | | | | | | | | | | | Remove some leftover confusing mention of KMACHINE. (From yocto-docs rev: 972f61f12f2b33fc518cf8c3e3da5bf71e1b1cb9) Signed-off-by: Adam Blank <adam.blank.g@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit 582ee9e0b4930aea03255542b3d3913df19af8b0) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* kernel-dev/common.rst: fix the in-tree defconfig descriptionAdam Blank2025-10-031-7/+3
| | | | | | | | | | | | | | | The description of the relation between KBUILD_DEFCONFIG and SRC_URI is reversed. In fact it is the SRC_URI provided defconfig which will be dropped by the kernel-yocto class if both are provided. (From yocto-docs rev: 6efc3ca5491722072fd394bae92d827791ef6bc3) Signed-off-by: Adam Blank <adam.blank.g@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit a808420655a0976ba08f013f468cf80f379b1d89) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* test-manual/yocto-project-compatible.rst: fix a typoAntonin Godard2025-10-031-1/+1
| | | | | | | | | | | | Fix a typo in yocto-project-compatible.rst. Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de> (From yocto-docs rev: 95f31030628d0f7681401b1de6fb8e7a362963c1) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit a84c234acfedfa714419006c743405e2f9acaedc) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* contributor-guide: submit-changes: make "Crediting contributors" part of ↵Quentin Schulz2025-10-031-25/+29
| | | | | | | | | | | | | | | | | | | | | | | "Commit your changes" There's no need to differentiate crediting contributors from committing your changes, so let's simply make it the last step of "Commit your changes" section. This simply indents the text so it's now part of "Commit your changes" list instead of the main list in the "Implement and commit changes" section. Because of this reorganisation, the instruction to use "git commit --amend" to add the contributors is moved to a note, and the first few sentences are reworded to better match the wording of other items in the "Commit your changes" list of instructions. (From yocto-docs rev: 5ce7ae8f655f45dec80e68398911f117920f5eb2) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit eff4d14e28d323ebfdaeb0c5c805b5f1e2ad153d) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* contributor-guide: submit-changes: number instruction list in commit your ↵Quentin Schulz2025-10-031-76/+76
| | | | | | | | | | | | | | | changes ... so that it's clear that you need to read and follow each and every instruction in this list. (From yocto-docs rev: 4799ffa5170a5f9e12350634bcdfca6f531ea937) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit c628a489f081925fabaabb5acac6752251150269) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* contributor-guide: submit-changes: reword commit message instructionsQuentin Schulz2025-10-031-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should hopefully make it clearer what is expected from the contributor. This follows my understanding of git-commit(1)[1] where the following is a git commit message: """ git commit title git commit description """ I'm putting the "Fixes [YOCTO" line in "body of the commit message" so it's understood as being different from the git commit description so that the note admonition allowing us to have an empty commit description doesn't apply to the "Fixes [YOCTO" line. [1] https://www.man7.org/linux/man-pages/man1/git-commit.1.html#DISCUSSION (From yocto-docs rev: f817ef5542adc2ce830e22dd04424b9d5d5ed5c5) Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> (cherry picked from commit b84903a760350bd118c56ea9ce4e98039edf6e55) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 12:44:24 +0000