summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
Commit message (Collapse)AuthorAgeFilesLines
* build-appliance-image: Update to kirkstone head revisionkirkstonePaul Barker12 days1-1/+1
| | | | | | (From OE-Core rev: 51259c7e933a2ac8ebc01604d6e65607b76b7b56) Signed-off-by: Paul Barker <paul@pbarker.dev>
* recipes: Default to https git protocol for YP/OE reposYoann Congal12 days4-4/+4
| | | | | | | | | | | | | | This corresponds to the master commit 139102a73d41 ("recipes: Default to https git protocol where possible"). But only for the git.yoctoproject.org and git.openembedded.org repos. > The recommendation from server maintainers is that the https protocol > is both faster and more reliable than the dedicated git protocol at this point. > Switch to it where possible. (From OE-Core rev: c1b208babae70244ab062b2e4674b0309fbd65e5) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* ncurses: fix for CVE-2025-69720Hitendra Prajapati12 days2-0/+43
| | | | | | | | | | | | | | | | | | | | Pick relevant part of snapshot commit 20251213, see [1]. That has: add a limit-check in infocmp -i option (report/example by Yixuan Cao). [1] https://invisible-island.net/ncurses/NEWS.html#index-t20251213 References: 1. https://github.com/Cao-Wuhui/CVE-2025-69720 2. https://nvd.nist.gov/vuln/detail/CVE-2025-69720 3. https://access.redhat.com/errata/RHSA-2026:5913 (From OE-Core rev: 4a046b39185314ceafbc7846b9c00fb8984c71ce) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* build-appliance-image: Update to kirkstone head revisionPaul Barker2026-03-201-1/+1
| | | | | | (From OE-Core rev: c4194cadb1180da37514c55cd97827eb0269c8e2) Signed-off-by: Paul Barker <paul@pbarker.dev>
* busybox: patch CVE-2025-60876Peter Marko2026-03-202-0/+39
| | | | | | | | | | | | | | | Although the patch was not merged yet, Debian already took it ([1]). Since busybox CVE handling is slow, follow Debian decision. [1] https://sources.debian.org/src/busybox/1:1.37.0-10.1/debian/patches/wget-disallow-control-chars-in-URLs-CVE-2025-60876.patch (From OE-Core rev: 6274e354680db9521d188309cb32d90996ebb3e5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr> [YC: fixed weird encoding in URL, added "CVE-" to subject] Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* build-appliance-image: Update to kirkstone head revisionPaul Barker2026-02-271-1/+1
| | | | | | (From OE-Core rev: 7b6c9faa301a6d058ca34e230586f6a81ffa3ffb) Signed-off-by: Paul Barker <paul@pbarker.dev>
* glibc: stable 2.35 branch updatesPeter Marko2026-02-272-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git log --oneline 4e50046821f05ada5f14c76803845125ddb3ed7d..bb59339d02faebac534a87eea50c83c948f35b77 bb59339d02 (HEAD -> release/2.35/master, origin/release/2.35/master) posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281 / BZ 33814) 66f0cb057c resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915) 499d1ccafc memalign: reinstate alignment overflow check (CVE-2026-0861) 9e1a305028 nptl: Optimize trylock for high cache contention workloads (BZ #33704) a94467ce05 ppc64le: Power 10 rawmemchr clobbers v20 (bug #33091) Testing Results: Before After Diff PASS 4774 4770 -4 XPASS 6 6 0 FAIL 149 154 +5 XFAIL 16 16 0 UNSUPPORTED 246 246 0 Changes in failed testcases: testcase-name before after malloc/tst-malloc-fork-deadlock-malloc-hugetlb2 FAIL PASS posix/tst-wait4 FAIL PASS malloc/tst-malloc-too-large PASS FAIL malloc/tst-malloc-too-large-malloc-check PASS FAIL malloc/tst-malloc-too-large-malloc-hugetlb1 PASS FAIL malloc/tst-malloc-too-large-malloc-hugetlb2 PASS FAIL malloc/tst-malloc-too-large-mcheck PASS FAIL malloc/tst-mallocfork2 PASS FAIL malloc/tst-mallocfork3 PASS FAIL (From OE-Core rev: 8102d2252d50a52fbf48810226bcff92a925a39e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* glib-2.0: patch CVE-2026-1489Peter Marko2026-02-275-0/+434
| | | | | | | | | | | | | Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3872 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4984 (From OE-Core rev: ad9c57c36f6afa675468426da4ba1263eaeee2c5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* glib-2.0: patch CVE-2026-1485Peter Marko2026-02-272-0/+45
| | | | | | | | | | | | | Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3871 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981 (From OE-Core rev: 1996441fcebaa2e08eecceb3cf00d39fda8cff35) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* glib-2.0: patch CVE-2026-1484Peter Marko2026-02-273-0/+95
| | | | | | | | | | | | | Pick patches from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3870 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4979 (From OE-Core rev: 045f902fd570df65f6ed2534d8885cee26fb6ef1) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* glib-2.0: patch CVE-2026-0988Peter Marko2026-02-272-0/+59
| | | | | | | | | | | | | Pick relevant commit from [2] linked from [1]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3851 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4944 (From OE-Core rev: bb6a6ab6d948ce5a8a86479c68af43f7f86b98a5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* expat: patch CVE-2026-25210Peter Marko2026-02-274-0/+95
| | | | | | | | | | | | Pick patches from [1]. [1] https://github.com/libexpat/libexpat/pull/1075 (From OE-Core rev: 406471f765fd1ce6bc5aab51c724476684e40d21) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* expat: patch CVE-2026-24515Peter Marko2026-02-272-0/+44
| | | | | | | | | | Pick fix commit from PR linked in NVD report. (From OE-Core rev: e3c0ac137e50d35e83e8e4ed2c4e09f2eb9d3bca) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* libxml2: add follow-up patch for CVE-2026-0992Peter Marko2026-02-274-1/+361
| | | | | | | | | | | | References: * https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/377 (From OE-Core rev: 957244b2861f394237b8a3ec4d549d5118627955) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* libxml2: patch CVE-2026-0992Peter Marko2026-02-272-0/+50
| | | | | | | | | | | | | | Pick patch which closed [1]. Adapt for missing xmlCatalogPrintDebug per [2]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 [2] https://gitlab.gnome.org/GNOME/libxml2/-/commit/728869809eb7eee1b1681d558b4b506a8019c151 (From OE-Core rev: efef4d450500eb3a43b9f1f399ca84f9ca837d8b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* libxml2: patch CVE-2026-0990Peter Marko2026-02-272-0/+77
| | | | | | | | | | | | Pick patch which closed [1]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 (From OE-Core rev: 3af64204dec407546bed8f1dc0cb8b4a1501e471) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* zlib: ignore CVE-2026-22184Peter Marko2026-02-271-0/+2
| | | | | | | | | | | | | This is CVE for example tool contrib/untgz. This is not compiled in Yocto zlib recipe. This CVE has controversial CVSS3 score of 9.8. (From OE-Core rev: 1bdcd62d34b0b060b0e1e5142c5f3e7075f21cc2) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
* build-appliance-image: Update to kirkstone head revisionRichard Purdie2026-02-121-1/+1
| | | | | | (From OE-Core rev: e2994ca0076ec99038790e7a40936236a5078135) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to kirkstone head revisionRichard Purdie2026-01-261-1/+1
| | | | | | (From OE-Core rev: 036f76ea35c49a78d612093dcd8eb1fac7ded8d7) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dropbear: patch CVE-2019-6111Peter Marko2026-01-262-0/+158
| | | | | | | | | | | Pick patch mentioning this CVE number. (From OE-Core rev: 3a8effd37b83cab3421ee1fe59da232cdf338743) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glib-2.0: patch CVE-2025-14512Peter Marko2026-01-262-0/+71
| | | | | | | | | | | | | | Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4935 [2] https://gitlab.gnome.org/GNOME/glib/-/issues/3845 (From OE-Core rev: 2fb84f36c77e0d049a71dcfa597a67d297cbfd0a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glib-2.0: patch CVE-2025-14087Peter Marko2026-01-264-0/+462
| | | | | | | | | | | | | | Pick commits from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4933 [2] https://gitlab.gnome.org/GNOME/glib/-/issues/3834 (From OE-Core rev: 6e1ce2de818d647d69f652ab67c0c2d13860e77b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glib-2.0: patch CVE-2025-13601Peter Marko2026-01-263-0/+255
| | | | | | | | | | | | | | Pick commits from [1] per [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-13601 (From OE-Core rev: eb0e4e0fce9378100e4482fc91d6886d84ef7ec2) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* util-linux: patch CVE-2025-14104Peter Marko2026-01-263-0/+63
| | | | | | | | | | | | | Pick patches per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-14104 (From OE-Core rev: 8f7f1562f6cba3b67cc4301702c03ab31551a155) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to kirkstone head revisionyocto-4.0.32kirkstone-4.0.32Steve Sakoman2025-12-121-1/+1
| | | | | | (From OE-Core rev: 2ed3f8b938579dbbb804e04c45a968cc57761db7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: Security fix for CVE-2025-7425Hitendra Prajapati2025-12-122-0/+803
| | | | | | | | | | | | | | CVE-2025-7425 libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption Origin: https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.6 Ref : https://security-tracker.debian.org/tracker/CVE-2025-7425 Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 (From OE-Core rev: cf260bef4495186662b74b8324d01efcfc2121fd) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* musl: patch CVE-2025-26519Gyorgy Sarvari2025-11-243-1/+80
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26519 Pick the patches that are attached to the musl advisory: https://www.openwall.com/lists/musl/2025/02/13/1 (From OE-Core rev: e1c1b4b5100e08b63a2e6e5ff608f79e7b202649) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to kirkstone head revisionyocto-4.0.31kirkstone-4.0.31Steve Sakoman2025-10-311-1/+1
| | | | | | (From OE-Core rev: 99204008786f659ab03538cd2ae2fd23ed4164c5) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glib-networking: fix CVE-2025-60019Rajeshkumar Ramasamy2025-10-242-0/+138
| | | | | | | | | | | | | | | | | glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-60019 Upstream-patch: https://gitlab.gnome.org/GNOME/glib-networking/-/commit/70df675dd4f5e4a593b2f95406c1aac031aa8bc7 (From OE-Core rev: eda5838fcbb8c725e6e39d6e72b63c33f6c44446) Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glib-networking: fix CVE-2025-60018Rajeshkumar Ramasamy2025-10-242-0/+84
| | | | | | | | | | | | | | | | glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-60018 Upstream-patch: https://gitlab.gnome.org/GNOME/glib-networking/-/commit/4dd540505d40babe488404f3174ec39f49a84485 (From OE-Core rev: bd11f18909b5946e4570e0eba9b3cb9b47791dc1) Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: : PTHREAD_COND_INITIALIZER compatibility with pre-2.41 versions (bug ↵Sunil Dora2025-10-172-0/+55
| | | | | | | | | | | | | | 32786) The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=dbc5a50d12eff4cb3f782129029d04b8a76f58e7 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002282.html (From OE-Core rev: 8f1000d9dad5e51f08a40b0f6650204425cc8efb) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Use all of g1_start and g_signalsSunil Dora2025-10-172-0/+194
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=91bb902f58264a2fd50fbce8f39a9a290dd23706 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002283.html (From OE-Core rev: 4593e800b832d740d0b63ddd4b5c948c564116b2) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl rename __condvar_quiesce_and_switch_g1Sunil Dora2025-10-172-0/+162
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=4b79e27a5073c02f6bff9aa8f4791230a0ab1867 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002281.html (From OE-Core rev: 0a9ccd040037c12aa2e7fbc2213ca60b30dafcc4) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Fix indentationSunil Dora2025-10-172-0/+150
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=ee6c14ed59d480720721aaacc5fb03213dc153da [2] https://sourceware.org/pipermail/libc-stable/2025-July/002280.html (From OE-Core rev: f54e082df2f07893f66183089518f98cb792f22e) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loopSunil Dora2025-10-172-0/+104
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=929a4764ac90382616b6a21f099192b2475da674 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002279.html (From OE-Core rev: 75bbc8cb3a94640120d778916abb2edf78b89fd0) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: Remove g_refs from condition variablesSunil Dora2025-10-172-0/+189
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=c36fc50781995e6758cae2b6927839d0157f213c [2] https://sourceware.org/pipermail/libc-stable/2025-July/002278.html (From OE-Core rev: 1972b6776fa8a23b9d373d516ace32e136e9058f) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Remove unnecessary quadruple check in pthread_cond_waitSunil Dora2025-10-172-0/+119
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=4f7b051f8ee3feff1b53b27a906f245afaa9cee1 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002276.html (From OE-Core rev: e6cac5aef751d698327f6ebee966462644c6c6a8) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Remove unnecessary catch-all-wake in condvar group switchSunil Dora2025-10-172-0/+80
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=b42cc6af11062c260c7dfa91f1c89891366fed3e [2] https://sourceware.org/pipermail/libc-stable/2025-July/002274.html (From OE-Core rev: 18b4f22aaae19cd0efb21433f0c23c5580246a2e) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: nptl Update comments and indentation for new condvar implementationSunil Dora2025-10-172-0/+146
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=0cc973160c23bb67f895bc887dd6942d29f8fee3 [2] https://sourceware.org/pipermail/libc-stable/2025-July/002275.html (From OE-Core rev: bf3d91124c2584b9d3000098d1f81d9459d143fc) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: pthreads NPTL lost wakeup fix 2Sunil Dora2025-10-172-0/+456
| | | | | | | | | | | | The following commits have been cherry-picked from Glibc master branch: Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=1db84775f831a1494993ce9c118deaf9537cc50a [2] https://sourceware.org/pipermail/libc-stable/2025-July/002277.html (From OE-Core rev: 4d57f7c82ccb64e2bd2a2371ef18bdc5a4b718e3) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: Remove partial BZ#25847 backport patchesSunil Dora2025-10-179-1427/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To facilitate a clean backport of the full 10-commit series addressing the pthread condition variable lost wakeup issue (BZ#25847) in glibc 2.35, remove the existing 8 patches that were applied as a partial backport. The previous partial backport excluded commit: c36fc50781995e6758cae2b6927839d0157f213c ("nptl: Remove g_refs from condition variables") based on guidance from glibc maintainer Florian Weimer(#comment #74) This exclusion was recommended for stable branches to avoid altering the layout of pthread_cond_t, which could introduce ABI incompatibilities. Additionally, the dependent commit dbc5a50d12eff4cb3f782129029d04b8a76f58e7 was not needed in the partial backport. To align with upstream mainline, per maintainer Carlos O'Donell (comment #75), apply the complete 10-commit series for consistency. By removing these patches first, we ensure the subsequent application of the full 10 commits results in cleaner, more reviewable changes without intermixed conflicts or overlaps. Removed patches and corresponding upstream commits: - 0026-PR25847-1.patch: 1db84775f831a1494993ce9c118deaf9537cc50a - 0026-PR25847-2.patch: 0cc973160c23bb67f895bc887dd6942d29f8fee3 - 0026-PR25847-3.patch: b42cc6af11062c260c7dfa91f1c89891366fed3e - 0026-PR25847-4.patch: 4f7b051f8ee3feff1b53b27a906f245afaa9cee1 - 0026-PR25847-5.patch: 929a4764ac90382616b6a21f099192b2475da674 - 0026-PR25847-6.patch: ee6c14ed59d480720721aaacc5fb03213dc153da - 0026-PR25847-7.patch: 4b79e27a5073c02f6bff9aa8f4791230a0ab1867 - 0026-PR25847-8.patch: 91bb902f58264a2fd50fbce8f39a9a290dd23706 Bug reference: https://sourceware.org/bugzilla/show_bug.cgi?id=25847 This change prepares the branch for the full backport in follow-up commits. (From OE-Core rev: 9881dd70305b87945e9649d744bcbc40a1a7b780) Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* systemd: backport fix for handle USE_NLS from masterAshishKumar Mishra2025-10-141-0/+1
| | | | | | | | | | | | | | | | | | Do not build translations when NLS is disabled. (From OE-Core rev: 83795ef6c3fa12a863cd20b7ec1a2607606987b6) This change corresponds to upstream d848b454e64ffbd642590b4bbc378619e1547ad3 from master . Since the systemd version are different between master & kirkstone applied the patch manually (From OE-Core rev: 4b612ae7cbdc8327765c34d0e64fa8e0564891d4) Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: AshishKumar Mishra <emailaddress.ashish@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: stable 2.35 branch updatesDeepesh Varatharajan2025-10-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git log --oneline a66bc3941ff298e474d5f02d0c3303401951141f..4e50046821f05ada5f14c76803845125ddb3ed7d 4e50046821 (HEAD, origin/release/2.35/master) x86-64: Add GLIBC_ABI_DT_X86_64_PLT [BZ #33212] c97735cfde elf: Handle ld.so with LOAD segment gaps in _dl_find_object (bug 31943) 96cc65a28a elf: Extract rtld_setup_phdr function from dl_main e3f04f64fa elf: Do not add a copy of _dl_find_object to libc.so bfae8bf49c arm: Use _dl_find_object on __gnu_Unwind_Find_exidx (BZ 31405) Testing Results: Before After Diff PASS 4605 4609 +4 XPASS 6 6 0 FAIL 358 356 -2 XFAIL 16 16 0 UNRESOLVED 0 1 +1 UNSUPPORTED 197 197 0 Testcases changes testcase-name before after elf/tst-link-map-contiguous-libc(new) - PASS elf/tst-link-map-contiguous-ldso(new) - FAIL elf/check-dt-x86-64-plt(new) - UNRESOLVED misc/tst-tsearch FAIL PASS posix/bug-regex24 FAIL PASS string/tst-cmp FAIL PASS (From OE-Core rev: 932ee96c0dc24ac3cdb9cee5bf96375568b41df0) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* busybox: patch CVE-2025-46394Peter Marko2025-10-143-0/+91
| | | | | | | | | | Pick commit mentioning this CVE. Additionally fix test broken by the CVE fix. (From OE-Core rev: 137299edbc47e8a57173ef3c22bcb719d48d5302) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libxml2: fix CVE-2025-9714Theo GAIGE2025-10-142-0/+118
| | | | | | | | | Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 (From OE-Core rev: 277692c2472f03ae62401bfbd26e8c4d872113d0) Signed-off-by: Theo GAIGE <tgaige.opensource@witekio.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to kirkstone head revisionyocto-4.0.30kirkstone-4.0.30Steve Sakoman2025-09-191-1/+1
| | | | | | (From OE-Core rev: d381eeb5e70bd0ce9e78032c909e4a23564f4dd7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glib-2.0: patch CVE-2025-7039Peter Marko2025-08-293-0/+85
| | | | | | | | | | | | Pick commit per [1]. Also pick commit which changed the same code before to apply it cleanly. [1] https://security-tracker.debian.org/tracker/CVE-2025-7039 (From OE-Core rev: 79355004da104587b2fb40dcb76053431c6a6182) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glib-2.0: ignore CVE-2025-4056Peter Marko2025-08-221-0/+3
| | | | | | | | | | | | | | | | | | | | NVD report [1] says: A flaw was found in GLib. A denial of service on **Windows platforms** may occur if an application attempts to spawn a program using long command lines. The fix [3] (linked from [2]) also changes only files glib/gspawn-win32-helper.c glib/gspawn-win32.c [1] https://nvd.nist.gov/vuln/detail/CVE-2025-4056 [2] https://gitlab.gnome.org/GNOME/glib/-/issues/3668 [3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4570 (From OE-Core rev: 8c69793deb78cf9718801825477938c22e229eca) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* systemd: Fix manpage build after CVE-2025-4598Dan McGregor2025-08-221-4/+3
| | | | | | | | | | | | The previous fix missed another cherry-pick that fixed building manpages after the coredump patch. The version-info.xml file doesn't exist in 250. It was introduced later, so remove the reference to it. (From OE-Core rev: 0a383ef579ffe5f5c4ef2c78040540f1332e4ea6) Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to kirkstone head revisionyocto-4.0.29kirkstone-4.0.29Steve Sakoman2025-08-081-1/+1
| | | | | | (From OE-Core rev: bd620eb14660075fd0f7476bbbb65d5da6293874) Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 07:06:25 +0000