* [OE-core][scarthgap 00/12] Patch review
@ 2024-07-18 13:45 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2024-07-18 13:45 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Monday, July 21
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7150
The following changes since commit bf3fe8c01c5cc00ada22049f4f0abb485e2a626f:
webkitgtk: fix do_compile errors on beaglebone-yocto (2024-07-13 07:07:10 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Archana Polampalli (1):
less: fix CVE-2024-32487
Changqing Li (4):
vulkan-samples: fix do_compile error when -Og enabled
multilib.conf: remove appending to PKG_CONFIG_PATH
gettext: fix a parallel build issue
pixman: fixing inline failure with -Og
Deepthi Hemraj (1):
binutils: stable 2.42 branch updates
Hitendra Prajapati (1):
vte: fix CVE-2024-37535
Jose Quaresma (1):
go: upgrade 1.22.4 -> 1.22.5
Peter Marko (2):
busybox: Patch CVE-2021-42380
busybox: Patch CVE-2023-42363
Steve Sakoman (1):
Revert "apt: runtime error: filename too long (tmpdir length)"
Vijay Anusuri (1):
openssh: fix CVE-2024-39894
meta/conf/multilib.conf | 9 --
.../openssh/openssh/CVE-2024-39894.patch | 35 ++++
.../openssh/openssh_9.6p1.bb | 1 +
...-fix-segfault-when-compiled-by-clang.patch | 41 +++++
.../busybox/busybox/CVE-2021-42380.patch | 151 ++++++++++++++++++
.../busybox/busybox/CVE-2023-42363.patch | 67 ++++++++
meta/recipes-core/busybox/busybox_1.36.1.bb | 3 +
...1-intl-Fix-build-failure-with-make-j.patch | 35 ++++
meta/recipes-core/gettext/gettext_0.22.5.bb | 1 +
...he-filename-can-t-be-longer-than-255.patch | 40 -----
meta/recipes-devtools/apt/apt_2.6.1.bb | 1 -
.../binutils/binutils-2.42.inc | 2 +-
.../go/{go-1.22.4.inc => go-1.22.5.inc} | 2 +-
...e_1.22.4.bb => go-binary-native_1.22.5.bb} | 6 +-
..._1.22.4.bb => go-cross-canadian_1.22.5.bb} | 0
...{go-cross_1.22.4.bb => go-cross_1.22.5.bb} | 0
...osssdk_1.22.4.bb => go-crosssdk_1.22.5.bb} | 0
...runtime_1.22.4.bb => go-runtime_1.22.5.bb} | 0
...ent-based-hash-generation-less-pedan.patch | 11 +-
...OOLDIR-to-be-overridden-in-the-envir.patch | 12 +-
...3-ld-add-soname-to-shareable-objects.patch | 9 +-
...de-CC-when-building-dist-and-go_boot.patch | 10 +-
...dist-separate-host-and-target-builds.patch | 9 +-
...d-go-make-GOROOT-precious-by-default.patch | 13 +-
...ut-build-specific-paths-from-linker-.patch | 12 +-
...ldgo.go-do-not-hardcode-host-compile.patch | 11 +-
...uild-paths-on-staticly-linked-arches.patch | 9 +-
.../go/{go_1.22.4.bb => go_1.22.5.bb} | 0
.../less/files/CVE-2024-32487.patch | 74 +++++++++
meta/recipes-extended/less/less_643.bb | 1 +
...ce-FORCE_INLINE_TEMPLATE-with-inline.patch | 52 ++++++
.../vulkan/vulkan-samples_git.bb | 1 +
...loat.c-fix-inlining-failed-in-call-t.patch | 56 +++++++
.../xorg-lib/pixman_0.42.2.bb | 1 +
.../vte/vte/CVE-2024-37535-01.patch | 64 ++++++++
.../vte/vte/CVE-2024-37535-02.patch | 85 ++++++++++
meta/recipes-support/vte/vte_0.74.2.bb | 5 +-
37 files changed, 711 insertions(+), 118 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-39894.patch
create mode 100644 meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
create mode 100644 meta/recipes-core/gettext/gettext/0001-intl-Fix-build-failure-with-make-j.patch
delete mode 100644 meta/recipes-devtools/apt/apt/0001-strutl.cc-the-filename-can-t-be-longer-than-255.patch
rename meta/recipes-devtools/go/{go-1.22.4.inc => go-1.22.5.inc} (89%)
rename meta/recipes-devtools/go/{go-binary-native_1.22.4.bb => go-binary-native_1.22.5.bb} (78%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.22.4.bb => go-cross-canadian_1.22.5.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.22.4.bb => go-cross_1.22.5.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.22.4.bb => go-crosssdk_1.22.5.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.22.4.bb => go-runtime_1.22.5.bb} (100%)
rename meta/recipes-devtools/go/{go_1.22.4.bb => go_1.22.5.bb} (100%)
create mode 100644 meta/recipes-extended/less/files/CVE-2024-32487.patch
create mode 100644 meta/recipes-graphics/vulkan/vulkan-samples/0001-zstd.c-replace-FORCE_INLINE_TEMPLATE-with-inline.patch
create mode 100644 meta/recipes-graphics/xorg-lib/pixman/0001-pixman-combine-float.c-fix-inlining-failed-in-call-t.patch
create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-01.patch
create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-02.patch
--
2.34.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 00/12] Patch review
@ 2024-08-29 13:32 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2024-08-29 13:32 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Monday, September 2
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7287
The following changes since commit 8b5c66c91d94f4c8521fe9443e65d86063dba5e5:
oeqa/utils/postactions: transfer whole archive over ssh instead of doing individual copies (2024-08-20 05:03:49 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Archana Polampalli (2):
ffmpeg: fix CVE-2024-32230
qemu: fix CVE-2024-7409
Bartosz Golaszewski (1):
linux-firmware: add a package for ath12k firmware
Changqing Li (2):
expect-native: fix do_compile failure with gcc-14
libcap-ng: update SRC_URI
Niko Mauno (1):
util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error
Peter Marko (2):
libyaml: Ignore CVE-2024-35325
curl: Patch CVE-2024-7264
Quentin Schulz (1):
weston-init: fix weston not starting when xwayland is enabled
Siddharth Doshi (1):
vim: Upgrade 9.1.0114 -> 9.1.0682
Simone Weiß (1):
curl: Ignore CVE-2024-32928
Yogita Urade (1):
qemu: fix CVE-2024-4467
.../util-linux/util-linux_2.39.3.bb | 12 +-
meta/recipes-devtools/expect/expect_5.45.4.bb | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 9 +
.../qemu/qemu/CVE-2024-4467-0001.patch | 112 ++
.../qemu/qemu/CVE-2024-4467-0002.patch | 55 +
.../qemu/qemu/CVE-2024-4467-0003.patch | 57 +
.../qemu/qemu/CVE-2024-4467-0004.patch | 1187 +++++++++++++++++
.../qemu/qemu/CVE-2024-4467-0005.patch | 239 ++++
.../qemu/qemu/CVE-2024-7409-0001.patch | 167 +++
.../qemu/qemu/CVE-2024-7409-0002.patch | 175 +++
.../qemu/qemu/CVE-2024-7409-0003.patch | 126 ++
.../qemu/qemu/CVE-2024-7409-0004.patch | 164 +++
meta/recipes-graphics/wayland/weston-init.bb | 2 +-
.../linux-firmware/linux-firmware_20240312.bb | 8 +-
.../ffmpeg/ffmpeg/CVE-2024-32230.patch | 36 +
.../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 +
.../curl/curl/CVE-2024-7264-1.patch | 61 +
.../curl/curl/CVE-2024-7264-2.patch | 316 +++++
meta/recipes-support/curl/curl_8.7.1.bb | 3 +
.../libcap-ng/libcap-ng-python_0.8.5.bb | 2 -
meta/recipes-support/libcap-ng/libcap-ng.inc | 8 +-
meta/recipes-support/libyaml/libyaml_0.2.5.bb | 1 +
...m-add-knob-whether-elf.h-are-checked.patch | 39 -
meta/recipes-support/vim/vim.inc | 5 +-
24 files changed, 2737 insertions(+), 50 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-7264-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-7264-2.patch
delete mode 100644 meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
--
2.34.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 00/12] Patch review
@ 2024-12-10 20:56 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2024-12-10 20:56 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Thursday, December 12
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/616
The following changes since commit 92cb4641ff4ec8c1f681bca21cfeaf2ba6923ab7:
resulttool: Improve repo layout for oeselftest results (2024-12-04 06:02:55 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Archana Polampalli (5):
ffmpeg: fix CVE-2023-49501
ffmpeg: fix CVE-2024-28661
ffmpeg: fix CVE-2023-50007
ffmpeg: fix CVE-2023-49528
ffmpeg: fix CVE-2024-7055
Divya Chellam (1):
libpam: fix CVE-2024-10041
Guðni Már Gilbert (4):
systemd: drop intltool-native from DEPENDS
systemd-boot: drop intltool-native from DEPENDS
python3-poetry-core: drop python3-six from RDEPENDS
dnf: drop python3-iniparse from DEPENDS and RDEPENDS
Peter Marko (1):
qemu: set CVE-2024-6505 to fixed
Ross Burton (1):
sanity: check for working user namespaces
meta/classes-global/sanity.bbclass | 24 +++++
.../systemd/systemd-boot_255.13.bb | 2 +-
meta/recipes-core/systemd/systemd_255.13.bb | 2 +-
meta/recipes-devtools/dnf/dnf_4.19.0.bb | 3 +-
.../python/python3-poetry-core_1.9.0.bb | 1 -
meta/recipes-devtools/qemu/qemu.inc | 3 +
.../pam/libpam/CVE-2024-10041.patch | 98 +++++++++++++++++++
meta/recipes-extended/pam/libpam_1.5.3.bb | 1 +
.../ffmpeg/ffmpeg/CVE-2023-49501.patch | 30 ++++++
.../ffmpeg/ffmpeg/CVE-2023-49528.patch | 58 +++++++++++
.../ffmpeg/ffmpeg/CVE-2023-50007.patch | 78 +++++++++++++++
.../ffmpeg/ffmpeg/CVE-2024-28661.patch | 37 +++++++
.../ffmpeg/ffmpeg/CVE-2024-7055.patch | 38 +++++++
.../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 5 +
14 files changed, 375 insertions(+), 5 deletions(-)
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
--
2.34.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 00/12] Patch review
@ 2025-01-30 2:51 Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 01/12] openssl: patch CVE-2024-13176 Steve Sakoman
` (11 more replies)
0 siblings, 12 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Friday, January 31
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/907
The following changes since commit 62cb12967391db709315820d48853ffa4c6b4740:
build-appliance-image: Update to scarthgap head revision (2025-01-26 14:05:12 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Adrian Freihofer (6):
devtool: modify support debug-builds
devtool: ide-sdk sort cmake preset
devtool: ide-sdk recommend DEBUG_BUILD
oe-selftest: devtool ide-sdk use modify debug-build
devtool: ide-sdk remove the plugin from eSDK installer
uboot-config: fix devtool modify with kernel-fitimage
Guðni Már Gilbert (1):
systemd: upgrade 255.13 -> 255.17
Marek Vasut (1):
u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and
UBOOT_ENV enabled
Peter Marko (4):
openssl: patch CVE-2024-13176
go: upgrade 1.22.8 -> 1.22.9
go: upgrade 1.22.9 -> 1.22.10
go: upgrade 1.22.10 -> 1.22.11
meta/classes-recipe/kernel-fitimage.bbclass | 53 +-------
meta/classes-recipe/uboot-config.bbclass | 17 ++-
meta/classes-recipe/uboot-sign.bbclass | 26 ++--
meta/conf/image-fitimage.conf | 53 ++++++++
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
.../openssl/openssl/CVE-2024-13176.patch | 126 ++++++++++++++++++
.../openssl/openssl_3.2.3.bb | 1 +
...55.13.bb => systemd-boot-native_255.17.bb} | 0
...-boot_255.13.bb => systemd-boot_255.17.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
...1-missing_type.h-add-comparison_fn_t.patch | 2 +-
...k-parse_printf_format-implementation.patch | 6 +-
...tall-dependency-links-at-install-tim.patch | 2 +-
...missing.h-check-for-missing-strndupa.patch | 33 +++--
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 2 +-
...005-add-missing-FTW_-macros-for-musl.patch | 2 +-
...06-Use-uintmax_t-for-handling-rlim_t.patch | 6 +-
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 2 +-
...patible-basename-for-non-glibc-syste.patch | 2 +-
...implment-systemd-sysv-install-for-OE.patch | 2 +-
...uffering-when-writing-to-oom_score_a.patch | 4 +-
...compliant-strerror_r-from-GNU-specif.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
...-not-disable-buffer-in-writing-files.patch | 34 ++---
.../0013-Handle-__cpu_mask-usage.patch | 2 +-
.../systemd/0014-Handle-missing-gshadow.patch | 2 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 2 +-
...ass-correct-parameters-to-getdents64.patch | 2 +-
.../0017-Adjust-for-musl-headers.patch | 6 +-
...trerror-is-assumed-to-be-GNU-specifi.patch | 2 +-
...util-Make-STRERROR-portable-for-musl.patch | 2 +-
...ake-malloc_trim-conditional-on-glibc.patch | 4 +-
...hared-Do-not-use-malloc_info-on-musl.patch | 2 +-
...22-avoid-missing-LOCK_EX-declaration.patch | 4 +-
.../{systemd_255.13.bb => systemd_255.17.bb} | 0
.../go/{go-1.22.8.inc => go-1.22.11.inc} | 2 +-
..._1.22.8.bb => go-binary-native_1.22.11.bb} | 6 +-
...1.22.8.bb => go-cross-canadian_1.22.11.bb} | 0
...go-cross_1.22.8.bb => go-cross_1.22.11.bb} | 0
...sssdk_1.22.8.bb => go-crosssdk_1.22.11.bb} | 0
...untime_1.22.8.bb => go-runtime_1.22.11.bb} | 0
.../go/{go_1.22.8.bb => go_1.22.11.bb} | 0
scripts/lib/devtool/ide_sdk.py | 63 +++------
scripts/lib/devtool/standard.py | 3 +
44 files changed, 301 insertions(+), 182 deletions(-)
create mode 100644 meta/conf/image-fitimage.conf
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-13176.patch
rename meta/recipes-core/systemd/{systemd-boot-native_255.13.bb => systemd-boot-native_255.17.bb} (100%)
rename meta/recipes-core/systemd/{systemd-boot_255.13.bb => systemd-boot_255.17.bb} (100%)
rename meta/recipes-core/systemd/{systemd_255.13.bb => systemd_255.17.bb} (100%)
rename meta/recipes-devtools/go/{go-1.22.8.inc => go-1.22.11.inc} (89%)
rename meta/recipes-devtools/go/{go-binary-native_1.22.8.bb => go-binary-native_1.22.11.bb} (78%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.22.8.bb => go-cross-canadian_1.22.11.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.22.8.bb => go-cross_1.22.11.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.22.8.bb => go-crosssdk_1.22.11.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.22.8.bb => go-runtime_1.22.11.bb} (100%)
rename meta/recipes-devtools/go/{go_1.22.8.bb => go_1.22.11.bb} (100%)
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 01/12] openssl: patch CVE-2024-13176
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 02/12] systemd: upgrade 255.13 -> 255.17 Steve Sakoman
` (10 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Picked [1] per link in [2]
[1] https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-13176
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2024-13176.patch | 126 ++++++++++++++++++
.../openssl/openssl_3.2.3.bb | 1 +
2 files changed, 127 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-13176.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-13176.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-13176.patch
new file mode 100644
index 0000000000..28d4dd706a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-13176.patch
@@ -0,0 +1,126 @@
+From 4b1cb94a734a7d4ec363ac0a215a25c181e11f65 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 15 Jan 2025 18:27:02 +0100
+Subject: [PATCH] Fix timing side-channel in ECDSA signature computation
+
+There is a timing signal of around 300 nanoseconds when the top word of
+the inverted ECDSA nonce value is zero. This can happen with significant
+probability only for some of the supported elliptic curves. In particular
+the NIST P-521 curve is affected. To be able to measure this leak, the
+attacker process must either be located in the same physical computer or
+must have a very fast network connection with low latency.
+
+Attacks on ECDSA nonce are also known as Minerva attack.
+
+Fixes CVE-2024-13176
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/26429)
+
+(cherry picked from commit 63c40a66c5dc287485705d06122d3a6e74a6a203)
+(cherry picked from commit 392dcb336405a0c94486aa6655057f59fd3a0902)
+
+CVE: CVE-2024-13176
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ crypto/bn/bn_exp.c | 21 +++++++++++++++------
+ crypto/ec/ec_lib.c | 7 ++++---
+ include/crypto/bn.h | 3 +++
+ 3 files changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
+index b876edbfac36e..af52e2ced6914 100644
+--- a/crypto/bn/bn_exp.c
++++ b/crypto/bn/bn_exp.c
+@@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+ * out by Colin Percival,
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ */
+-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+ {
+@@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ unsigned int t4 = 0;
+ #endif
+
+- bn_check_top(a);
+- bn_check_top(p);
+- bn_check_top(m);
+-
+ if (!BN_is_odd(m)) {
+ ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return 0;
+@@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ goto err;
+ } else
+ #endif
+- if (!BN_from_montgomery(rr, &tmp, mont, ctx))
++ if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx))
+ goto err;
+ ret = 1;
+ err:
+@@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ return ret;
+ }
+
++int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++ const BIGNUM *m, BN_CTX *ctx,
++ BN_MONT_CTX *in_mont)
++{
++ bn_check_top(a);
++ bn_check_top(p);
++ bn_check_top(m);
++ if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont))
++ return 0;
++ bn_correct_top(rr);
++ return 1;
++}
++
+ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
+index c92b4dcb0ac45..a79fbb98cf6fa 100644
+--- a/crypto/ec/ec_lib.c
++++ b/crypto/ec/ec_lib.c
+@@ -21,6 +21,7 @@
+ #include <openssl/opensslv.h>
+ #include <openssl/param_build.h>
+ #include "crypto/ec.h"
++#include "crypto/bn.h"
+ #include "internal/nelem.h"
+ #include "ec_local.h"
+
+@@ -1261,10 +1262,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
+ if (!BN_sub(e, group->order, e))
+ goto err;
+ /*-
+- * Exponent e is public.
+- * No need for scatter-gather or BN_FLG_CONSTTIME.
++ * Although the exponent is public we want the result to be
++ * fixed top.
+ */
+- if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
++ if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data))
+ goto err;
+
+ ret = 1;
+diff --git a/include/crypto/bn.h b/include/crypto/bn.h
+index 302f031c2ff1d..499e1d10efab0 100644
+--- a/include/crypto/bn.h
++++ b/include/crypto/bn.h
+@@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+ */
+ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++ const BIGNUM *m, BN_CTX *ctx,
++ BN_MONT_CTX *in_mont);
+ int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+ int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.3.bb b/meta/recipes-connectivity/openssl/openssl_3.2.3.bb
index 2c30dbd47a..0b47bab550 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.2.3.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.3.bb
@@ -13,6 +13,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
file://0001-Configure-do-not-tweak-mips-cflags.patch \
file://0001-Added-handshake-history-reporting-when-test-fails.patch \
file://CVE-2024-9143.patch \
+ file://CVE-2024-13176.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 02/12] systemd: upgrade 255.13 -> 255.17
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 01/12] openssl: patch CVE-2024-13176 Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 03/12] go: upgrade 1.22.8 -> 1.22.9 Steve Sakoman
` (9 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Guðni Már Gilbert <gudni.m.g@gmail.com>
The update includes 156 commits. Full list of changes can be found on Github [1]
All patches were refreshed with devtool. One patch had to be manually
rebased to resolve a merge conflict introduced with 255.14 [2].
[1] https://github.com/systemd/systemd-stable/compare/v255.13...v255.17
[2] 0003-src-basic-missing.h-check-for-missing-strndupa.patch
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...55.13.bb => systemd-boot-native_255.17.bb} | 0
...-boot_255.13.bb => systemd-boot_255.17.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
...1-missing_type.h-add-comparison_fn_t.patch | 2 +-
...k-parse_printf_format-implementation.patch | 6 ++--
...tall-dependency-links-at-install-tim.patch | 2 +-
...missing.h-check-for-missing-strndupa.patch | 33 ++++++++++--------
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 2 +-
...005-add-missing-FTW_-macros-for-musl.patch | 2 +-
...06-Use-uintmax_t-for-handling-rlim_t.patch | 6 ++--
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 2 +-
...patible-basename-for-non-glibc-syste.patch | 2 +-
...implment-systemd-sysv-install-for-OE.patch | 2 +-
...uffering-when-writing-to-oom_score_a.patch | 4 +--
...compliant-strerror_r-from-GNU-specif.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
...-not-disable-buffer-in-writing-files.patch | 34 +++++++++----------
.../0013-Handle-__cpu_mask-usage.patch | 2 +-
.../systemd/0014-Handle-missing-gshadow.patch | 2 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 2 +-
...ass-correct-parameters-to-getdents64.patch | 2 +-
| 6 ++--
...trerror-is-assumed-to-be-GNU-specifi.patch | 2 +-
...util-Make-STRERROR-portable-for-musl.patch | 2 +-
...ake-malloc_trim-conditional-on-glibc.patch | 4 +--
...hared-Do-not-use-malloc_info-on-musl.patch | 2 +-
...22-avoid-missing-LOCK_EX-declaration.patch | 4 +--
.../{systemd_255.13.bb => systemd_255.17.bb} | 0
28 files changed, 68 insertions(+), 63 deletions(-)
rename meta/recipes-core/systemd/{systemd-boot-native_255.13.bb => systemd-boot-native_255.17.bb} (100%)
rename meta/recipes-core/systemd/{systemd-boot_255.13.bb => systemd-boot_255.17.bb} (100%)
rename meta/recipes-core/systemd/{systemd_255.13.bb => systemd_255.17.bb} (100%)
diff --git a/meta/recipes-core/systemd/systemd-boot-native_255.13.bb b/meta/recipes-core/systemd/systemd-boot-native_255.17.bb
similarity index 100%
rename from meta/recipes-core/systemd/systemd-boot-native_255.13.bb
rename to meta/recipes-core/systemd/systemd-boot-native_255.17.bb
diff --git a/meta/recipes-core/systemd/systemd-boot_255.13.bb b/meta/recipes-core/systemd/systemd-boot_255.17.bb
similarity index 100%
rename from meta/recipes-core/systemd/systemd-boot_255.13.bb
rename to meta/recipes-core/systemd/systemd-boot_255.17.bb
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 88f24f99c2..c359d77e9d 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -15,7 +15,7 @@ LICENSE:libsystemd = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
-SRCREV = "565916c245b53b49f5917f5326d21246f46ae3db"
+SRCREV = "fb92304041cd203d2ca84cc28721dea5e1355c4e"
SRCBRANCH = "v255-stable"
SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}"
diff --git a/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch b/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
index 78a4bf5868..9e9ccf51c8 100644
--- a/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
+++ b/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
@@ -1,4 +1,4 @@
-From af2784935b483bd0eb5705ef7072a5cea6fe9eef Mon Sep 17 00:00:00 2001
+From abbda6d89c0b850c0adeebc3e210d9b255072a40 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 13:55:12 +0800
Subject: [PATCH] missing_type.h: add comparison_fn_t
diff --git a/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch b/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
index e19f7dc688..c91f24b026 100644
--- a/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
+++ b/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
@@ -1,4 +1,4 @@
-From b9b4f9bbca46832ea152979d8c9459f29c2e83fa Mon Sep 17 00:00:00 2001
+From adaa70c17daedd8d81525d080fda8a1e22efe3a4 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Sat, 22 May 2021 20:26:24 +0200
Subject: [PATCH] add fallback parse_printf_format implementation
@@ -22,10 +22,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
create mode 100644 src/basic/parse-printf-format.h
diff --git a/meson.build b/meson.build
-index 2418d6e8f7..b544a69aaa 100644
+index d5109b0d00..ccde927cf3 100644
--- a/meson.build
+++ b/meson.build
-@@ -731,6 +731,7 @@ endif
+@@ -732,6 +732,7 @@ endif
foreach header : ['crypt.h',
'linux/memfd.h',
'linux/vm_sockets.h',
diff --git a/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
index aca30d5ffe..11e9be6059 100644
--- a/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
+++ b/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
@@ -1,4 +1,4 @@
-From 178b7b4adefdf1d80fa3a5eb54a49ef0fc12369f Mon Sep 17 00:00:00 2001
+From 95bf78fe7d7b7d41ff43e761bb78adfb4fdb9303 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Thu, 21 Feb 2019 16:23:24 +0800
Subject: [PATCH] binfmt: Don't install dependency links at install time for
diff --git a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
index 802002a1c3..0b75896b00 100644
--- a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
+++ b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
@@ -1,7 +1,10 @@
-From eca6019bbd793c8d8a99142677a548766a775153 Mon Sep 17 00:00:00 2001
+From 76f4749e3a583ad3c924bdff4a6bde967c674ed7 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 14:18:21 +0800
Subject: [PATCH] src/basic/missing.h: check for missing strndupa
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
include missing.h for definition of strndupa
@@ -20,6 +23,8 @@ Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
[Rebased for v254]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
[Rebased for v255.1]
+Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
+[Rebased for v255.14]
---
meson.build | 1 +
src/backlight/backlight.c | 1 +
@@ -75,7 +80,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
51 files changed, 62 insertions(+)
diff --git a/meson.build b/meson.build
-index b544a69aaa..90b07aeb14 100644
+index 216a8cbc91..d5109b0d00 100644
--- a/meson.build
+++ b/meson.build
@@ -572,6 +572,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
@@ -99,7 +104,7 @@ index b2032adaa5..ee9201826d 100644
#define PCI_CLASS_GRAPHICS_CARD 0x30000
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index 50224648d3..2eaa6e3307 100644
+index e978bd3eff..d08c903c3b 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -38,6 +38,7 @@
@@ -239,7 +244,7 @@ index d7cfcd9105..6cb0ddf575 100644
int procfs_get_pid_max(uint64_t *ret) {
_cleanup_free_ char *value = NULL;
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
-index f9014dc560..1d7840a5b5 100644
+index 0c2d739977..5c150806a0 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -27,6 +27,7 @@
@@ -263,7 +268,7 @@ index 12dfdf76fa..e66332519a 100644
static char **arg_path = NULL;
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
-index 88198010ee..74d61bfaaf 100644
+index b3baf03afc..7404784a01 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -25,6 +25,7 @@
@@ -299,7 +304,7 @@ index 7bb026af48..a86128e40c 100644
int bus_property_get_triggered_unit(
sd_bus *bus,
diff --git a/src/core/execute.c b/src/core/execute.c
-index 4d597bf8a6..7d27f80834 100644
+index aa179fd57e..1ee9f4526b 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -72,6 +72,7 @@
@@ -323,7 +328,7 @@ index b8e3f7aadd..8ce8ca68d8 100644
#if HAVE_KMOD
#include "module-util.h"
diff --git a/src/core/service.c b/src/core/service.c
-index 5f4859e0d3..a920154f55 100644
+index d3ea8a9c3c..c3441f785c 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -45,6 +45,7 @@
@@ -371,7 +376,7 @@ index 2d380bc7a7..d3f5612728 100644
#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
-index 87e2f28841..58275f41f1 100644
+index f52ed03dd0..3fa708a906 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -77,6 +77,7 @@
@@ -443,7 +448,7 @@ index d988588de0..458df8df9a 100644
#define MAX_SIZE (2*1024*1024)
diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
-index 7a1dd2569f..d187baad47 100644
+index acabec699f..8115d3784a 100644
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@@ -44,6 +44,7 @@
@@ -467,19 +472,19 @@ index bf45974ca5..2cb7e930c0 100644
#include "parse-util.h"
#include "path-util.h"
diff --git a/src/network/generator/network-generator.c b/src/network/generator/network-generator.c
-index 48527a2c73..9777fe0561 100644
+index e5f78a3b99..4833de2009 100644
--- a/src/network/generator/network-generator.c
+++ b/src/network/generator/network-generator.c
-@@ -14,6 +14,7 @@
- #include "string-table.h"
+@@ -15,6 +15,7 @@
#include "string-util.h"
#include "strv.h"
+ #include "vlan-util.h"
+#include "missing_stdlib.h"
/*
# .network
diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
-index 161b1c1c70..ba1c459f78 100644
+index 2bb034eb22..c9837b8d79 100644
--- a/src/nspawn/nspawn-settings.c
+++ b/src/nspawn/nspawn-settings.c
@@ -16,6 +16,7 @@
@@ -503,7 +508,7 @@ index c64e79bdff..eda26b0b9a 100644
static void setup_logging_once(void) {
static pthread_once_t once = PTHREAD_ONCE_INIT;
diff --git a/src/portable/portable.c b/src/portable/portable.c
-index faeb97bd06..30768f728e 100644
+index 4aced8c391..6f426e0e51 100644
--- a/src/portable/portable.c
+++ b/src/portable/portable.c
@@ -42,6 +42,7 @@
diff --git a/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
index ccfe8e6aa9..96872ac150 100644
--- a/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
+++ b/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
@@ -1,4 +1,4 @@
-From a15045a60893f29ce9720e62cafbc0b87908ad49 Mon Sep 17 00:00:00 2001
+From e9110b095a5728762b3bd3abdec2a99b4ce01b5e Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 14:56:21 +0800
Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined
diff --git a/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch b/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
index a29aab8390..936183f238 100644
--- a/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
@@ -1,4 +1,4 @@
-From b2c98ef636ac7dfdf86e7a42aebc3142a5b167d2 Mon Sep 17 00:00:00 2001
+From 1eeac3e8ce96ad5da381555e93a57330cb8a5d48 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:00:06 +0800
Subject: [PATCH] add missing FTW_ macros for musl
diff --git a/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch b/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
index 818b946886..34d62c9e32 100644
--- a/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
+++ b/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
@@ -1,4 +1,4 @@
-From 3ea46787827fb6db631b240589d2f447b977f7d9 Mon Sep 17 00:00:00 2001
+From fd2bb25921040fc5faed3a4aae0bd9e03f8f4742 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:12:41 +0800
Subject: [PATCH] Use uintmax_t for handling rlim_t
@@ -86,10 +86,10 @@ index c1f0b2b974..61c5412582 100644
return 1;
}
diff --git a/src/core/execute.c b/src/core/execute.c
-index 7d27f80834..bde0f8137c 100644
+index 1ee9f4526b..cb29799afb 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
-@@ -1042,9 +1042,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
+@@ -1043,9 +1043,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
for (unsigned i = 0; i < RLIM_NLIMITS; i++)
if (c->rlimit[i]) {
fprintf(f, "%sLimit%s: " RLIM_FMT "\n",
diff --git a/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
index ad7cf90f1d..7cc8002a90 100644
--- a/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
+++ b/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
@@ -1,4 +1,4 @@
-From 0e51be93aa8c647bf1761d684c722b92d3cfabc1 Mon Sep 17 00:00:00 2001
+From fde97394bf1a2faffa420afb098af61676033640 Mon Sep 17 00:00:00 2001
From: Andre McCurdy <armccurdy@gmail.com>
Date: Tue, 10 Oct 2017 14:33:30 -0700
Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
diff --git a/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
index 4d6382810b..5579dc3dcc 100644
--- a/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
+++ b/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
@@ -1,4 +1,4 @@
-From 9f85e2db2b40313de555b3103aa485b9b84382fe Mon Sep 17 00:00:00 2001
+From e2e1fee9fd5635420408777524dd418ce10dddc8 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 27 May 2018 08:36:44 -0700
Subject: [PATCH] Define glibc compatible basename() for non-glibc systems
diff --git a/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch b/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
index 0909185dcf..2151d51af2 100644
--- a/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
+++ b/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
@@ -1,4 +1,4 @@
-From c223945b20aadd1e3b1f3986e159cb3755aabf99 Mon Sep 17 00:00:00 2001
+From 2b40558d201b73962077d0cedef820dfe95395c7 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 5 Sep 2015 06:31:47 +0000
Subject: [PATCH] implment systemd-sysv-install for OE
diff --git a/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
index 55a033ecec..6586cbb72c 100644
--- a/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
+++ b/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
@@ -1,4 +1,4 @@
-From 64b98f7ba1f5211bd19cd98c9d7e4d0f884cf65d Mon Sep 17 00:00:00 2001
+From b783adf25c5619931189b4474d389a808e7845d6 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Wed, 4 Jul 2018 15:00:44 +0800
Subject: [PATCH] Do not disable buffering when writing to oom_score_adj
@@ -24,7 +24,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index 4492e7ded2..b61a2aba74 100644
+index 1447f65399..dcbc7ac973 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -1716,7 +1716,7 @@ int set_oom_score_adjust(int value) {
diff --git a/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
index f3f3698e5a..79db096b34 100644
--- a/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
+++ b/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
@@ -1,4 +1,4 @@
-From bc75e47baaddbd629d9757a2539102649d9501fd Mon Sep 17 00:00:00 2001
+From ac820a745c905e0045ce5cc41da7eaa802078b1b Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Tue, 10 Jul 2018 15:40:17 +0800
Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi
diff --git a/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch b/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
index a73c67efb1..67fd4921ba 100644
--- a/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
+++ b/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
@@ -1,4 +1,4 @@
-From e8a03df3275aef82a1bfd5c1ce60058c5e39eb09 Mon Sep 17 00:00:00 2001
+From 4a2472cae75720b3129260c8789a87af26ca443a Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:44:54 +0800
Subject: [PATCH] avoid redefinition of prctl_mm_map structure
diff --git a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
index c2defc7e1e..e735a00bb9 100644
--- a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
+++ b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
@@ -1,4 +1,4 @@
-From f3630404d25dd91e87e7aac09d5dee9b92655082 Mon Sep 17 00:00:00 2001
+From 8072fee9fcb0e9a8c73de56f38468e7287ac4961 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Fri, 1 Mar 2019 15:22:15 +0800
Subject: [PATCH] do not disable buffer in writing files
@@ -47,7 +47,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
22 files changed, 50 insertions(+), 51 deletions(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index 2eaa6e3307..5c2876b5c9 100644
+index d08c903c3b..77ebe85dfd 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -443,7 +443,7 @@ int cg_kill_kernel_sigkill(const char *path) {
@@ -59,7 +59,7 @@ index 2eaa6e3307..5c2876b5c9 100644
if (r < 0)
return r;
-@@ -869,7 +869,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+@@ -873,7 +873,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
sc = strstrip(contents);
if (isempty(sc)) {
@@ -68,7 +68,7 @@ index 2eaa6e3307..5c2876b5c9 100644
if (r < 0)
return r;
} else if (!path_equal(sc, agent))
-@@ -887,7 +887,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+@@ -891,7 +891,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
sc = strstrip(contents);
if (streq(sc, "0")) {
@@ -77,7 +77,7 @@ index 2eaa6e3307..5c2876b5c9 100644
if (r < 0)
return r;
-@@ -914,7 +914,7 @@ int cg_uninstall_release_agent(const char *controller) {
+@@ -918,7 +918,7 @@ int cg_uninstall_release_agent(const char *controller) {
if (r < 0)
return r;
@@ -86,7 +86,7 @@ index 2eaa6e3307..5c2876b5c9 100644
if (r < 0)
return r;
-@@ -924,7 +924,7 @@ int cg_uninstall_release_agent(const char *controller) {
+@@ -928,7 +928,7 @@ int cg_uninstall_release_agent(const char *controller) {
if (r < 0)
return r;
@@ -95,7 +95,7 @@ index 2eaa6e3307..5c2876b5c9 100644
if (r < 0)
return r;
-@@ -1840,7 +1840,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri
+@@ -1844,7 +1844,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri
if (r < 0)
return r;
@@ -201,10 +201,10 @@ index 61539afdbf..77e2b35daf 100644
return r;
diff --git a/src/core/main.c b/src/core/main.c
-index 1c0030a75f..7108a87d46 100644
+index 8373a156cb..33e866942c 100644
--- a/src/core/main.c
+++ b/src/core/main.c
-@@ -1678,7 +1678,7 @@ static void initialize_core_pattern(bool skip_setup) {
+@@ -1683,7 +1683,7 @@ static void initialize_core_pattern(bool skip_setup) {
if (getpid_cached() != 1)
return;
@@ -253,7 +253,7 @@ index 500c310cfc..f9845ff9e7 100644
log_warning_errno(r, "Failed to drop caches, ignoring: %m");
else
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
-index 01e66b4658..f3ea82ca1b 100644
+index 5f7491e8e2..b4a0af4073 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -2516,7 +2516,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
@@ -279,10 +279,10 @@ index a5002437c6..b12e6cd9c9 100644
log_error_errno(r, "Failed to move process: %m");
goto finish;
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index a229c70875..4ceb73e915 100644
+index 005a3d2be1..526d3c4311 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
-@@ -2690,7 +2690,7 @@ static int reset_audit_loginuid(void) {
+@@ -2707,7 +2707,7 @@ static int reset_audit_loginuid(void) {
if (streq(p, "4294967295"))
return 0;
@@ -291,7 +291,7 @@ index a229c70875..4ceb73e915 100644
if (r < 0) {
log_error_errno(r,
"Failed to reset audit login UID. This probably means that your kernel is too\n"
-@@ -4143,7 +4143,7 @@ static int setup_uid_map(
+@@ -4160,7 +4160,7 @@ static int setup_uid_map(
return log_oom();
xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid);
@@ -300,7 +300,7 @@ index a229c70875..4ceb73e915 100644
if (r < 0)
return log_error_errno(r, "Failed to write UID map: %m");
-@@ -4153,7 +4153,7 @@ static int setup_uid_map(
+@@ -4170,7 +4170,7 @@ static int setup_uid_map(
return log_oom();
xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid);
@@ -367,10 +367,10 @@ index 805503f366..01a7ccb291 100644
log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m");
}
diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c
-index ea1b024ab6..bb82f37580 100644
+index 67862dcc61..9e9265c214 100644
--- a/src/shared/hibernate-util.c
+++ b/src/shared/hibernate-util.c
-@@ -501,7 +501,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
+@@ -504,7 +504,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
/* We write the offset first since it's safer. Note that this file is only available in 4.17+, so
* fail gracefully if it doesn't exist and we're only overwriting it with 0. */
@@ -379,7 +379,7 @@ index ea1b024ab6..bb82f37580 100644
if (r == -ENOENT) {
if (offset != 0)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-@@ -517,7 +517,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
+@@ -520,7 +520,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
log_debug("Wrote resume_offset=%s for device '%s' to /sys/power/resume_offset.",
offset_str, device);
diff --git a/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch b/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
index 4982d6c7af..e995da81ff 100644
--- a/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
+++ b/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
@@ -1,4 +1,4 @@
-From db390dc6bfa0a7b27010e0dcd25f45f17a6e3954 Mon Sep 17 00:00:00 2001
+From 4b46cf08f269b69d5336bf3d8f617a288bd65ea8 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Fri, 13 Sep 2019 19:26:27 -0400
Subject: [PATCH] Handle __cpu_mask usage
diff --git a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
index ac74d1fab7..8cc9c1ba0c 100644
--- a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
+++ b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
@@ -1,4 +1,4 @@
-From 0019ddcc5c415df52504dd2b779b5acb19e4084d Mon Sep 17 00:00:00 2001
+From 76a0eea205c943a0e1fd0db7336cabb98d5c6c8c Mon Sep 17 00:00:00 2001
From: Alex Kiernan <alex.kiernan@gmail.com>
Date: Tue, 10 Mar 2020 11:05:20 +0000
Subject: [PATCH] Handle missing gshadow
diff --git a/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
index 551d9f8037..915a7bb0be 100644
--- a/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
@@ -1,4 +1,4 @@
-From eb4095a963a51a1b3de693f8cf0ac27304f30d24 Mon Sep 17 00:00:00 2001
+From bd309e23e3e5b7bff8cd4b6778396d921438295e Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 12 Apr 2021 23:44:53 -0700
Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl
diff --git a/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch b/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
index 947833e92b..a9961b515d 100644
--- a/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
+++ b/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
@@ -1,4 +1,4 @@
-From c9c0cdbc37c2e0ac1917188b6f3a1ad54cbbd816 Mon Sep 17 00:00:00 2001
+From 81eb93545808124b3c1abbef2e5d71ad28a1a870 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 21 Jan 2022 15:15:11 -0800
Subject: [PATCH] pass correct parameters to getdents64
--git a/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch b/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
index 922a390cc3..d8557bd3f3 100644
--- a/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
+++ b/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
@@ -1,4 +1,4 @@
-From 038809fb270d11909d502d76b56bb83784ff478d Mon Sep 17 00:00:00 2001
+From d09615e61bc779228c996f024ec48c7e21eb64c9 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 21 Jan 2022 22:19:37 -0800
Subject: [PATCH] Adjust for musl headers
@@ -242,7 +242,7 @@ index ff372092e6..eef66811f4 100644
#include "nlmon.h"
diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c
-index db84e7cf6e..93d5642962 100644
+index ab3b8fbb51..68f88b3ca3 100644
--- a/src/network/netdev/tunnel.c
+++ b/src/network/netdev/tunnel.c
@@ -2,7 +2,7 @@
@@ -332,7 +332,7 @@ index b11fdbbd0d..a971a917f0 100644
#include "conf-parser.h"
#include "alloc-util.h"
diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
-index 4c7d837c41..6df6dfb816 100644
+index 52fed20b57..e66bc34993 100644
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -6,7 +6,7 @@
diff --git a/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch b/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
index 9e21222b99..0fd55eb0ea 100644
--- a/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
+++ b/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
@@ -1,4 +1,4 @@
-From b771a2ed8d6e07b006710767b79475dece4d789c Mon Sep 17 00:00:00 2001
+From c0c90f4e2381091830203e1286115b0a30e059d3 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 8 Nov 2022 13:31:34 -0800
Subject: [PATCH] test-bus-error: strerror() is assumed to be GNU specific
diff --git a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
index a6f2fe1d0f..e0228d6ad8 100644
--- a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
@@ -1,4 +1,4 @@
-From f70a8031ded3bcfe4c5f1cea4763ae257ca27be8 Mon Sep 17 00:00:00 2001
+From 6ad0fb9dcd6940a9a24e515b61d4b6245c3b1e98 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 23 Jan 2023 23:39:46 -0800
Subject: [PATCH] errno-util: Make STRERROR portable for musl
diff --git a/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch b/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
index cc123b4dee..45284e89e1 100644
--- a/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
+++ b/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
@@ -1,4 +1,4 @@
-From 9ae5377acfa895bfc1ea61aef4fbe754bc2f7f33 Mon Sep 17 00:00:00 2001
+From 70abcbd93b8854c4dd0ae88b82f394d325b2a365 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 2 Aug 2023 12:06:27 -0700
Subject: [PATCH] sd-event: Make malloc_trim() conditional on glibc
@@ -12,7 +12,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
-index 25f3b1fc4f..9ea3c964b2 100644
+index b3541a1429..ba87265d9f 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -1874,7 +1874,7 @@ _public_ int sd_event_add_exit(
diff --git a/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch b/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
index 5e03284507..691bf89afd 100644
--- a/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
@@ -1,4 +1,4 @@
-From d814a5cae2ecbee079816e3fc7b34a59da356a3b Mon Sep 17 00:00:00 2001
+From c85009340b3a58686390ee70671334593e348a10 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 2 Aug 2023 12:20:40 -0700
Subject: [PATCH] shared: Do not use malloc_info on musl
diff --git a/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch b/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
index e4ed2002c4..6b3aa607b4 100644
--- a/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
+++ b/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
@@ -1,4 +1,4 @@
-From e355e927950e8978a417067f25f30bf311896c96 Mon Sep 17 00:00:00 2001
+From 45478696b3a3eb1fbcd6c5cd4899bb426230c2e1 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Tue, 2 Jan 2024 11:03:27 +0800
Subject: [PATCH] avoid missing LOCK_EX declaration
@@ -15,7 +15,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
2 files changed, 2 insertions(+)
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
-index 308d332c15..b1c43bbc6a 100644
+index 22bc8d10c1..9bced8f420 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -5,6 +5,7 @@
diff --git a/meta/recipes-core/systemd/systemd_255.13.bb b/meta/recipes-core/systemd/systemd_255.17.bb
similarity index 100%
rename from meta/recipes-core/systemd/systemd_255.13.bb
rename to meta/recipes-core/systemd/systemd_255.17.bb
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 03/12] go: upgrade 1.22.8 -> 1.22.9
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 01/12] openssl: patch CVE-2024-13176 Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 02/12] systemd: upgrade 255.13 -> 255.17 Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 04/12] go: upgrade 1.22.9 -> 1.22.10 Steve Sakoman
` (8 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Upgrade to latest 1.22.x release [1]:
$ git --no-pager log --oneline go1.22.8..go1.22.9
8af39d30a4 (tag: go1.22.9) [release-branch.go1.22] go1.22.9
c19e5887f4 [release-branch.go1.22] cmd/cgo/internal/testcarchive: remove 1-minute timeout
e3fd4ba7f9 [release-branch.go1.22] cmd/link: generate Mach-O UUID when -B flag is specified
29252e4c5a [release-branch.go1.22] runtime: fix TestGdbAutotmpTypes on gdb version 15
[1] https://github.com/golang/go/compare/go1.22.8...go1.22.9
(From OE-Core rev: 4f2f202506bcefb4d6c46a11738e159e261a4a4b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/{go-1.22.8.inc => go-1.22.9.inc} | 2 +-
...o-binary-native_1.22.8.bb => go-binary-native_1.22.9.bb} | 6 +++---
...cross-canadian_1.22.8.bb => go-cross-canadian_1.22.9.bb} | 0
.../go/{go-cross_1.22.8.bb => go-cross_1.22.9.bb} | 0
.../go/{go-crosssdk_1.22.8.bb => go-crosssdk_1.22.9.bb} | 0
.../go/{go-runtime_1.22.8.bb => go-runtime_1.22.9.bb} | 0
meta/recipes-devtools/go/{go_1.22.8.bb => go_1.22.9.bb} | 0
7 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.22.8.inc => go-1.22.9.inc} (89%)
rename meta/recipes-devtools/go/{go-binary-native_1.22.8.bb => go-binary-native_1.22.9.bb} (78%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.22.8.bb => go-cross-canadian_1.22.9.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.22.8.bb => go-cross_1.22.9.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.22.8.bb => go-crosssdk_1.22.9.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.22.8.bb => go-runtime_1.22.9.bb} (100%)
rename meta/recipes-devtools/go/{go_1.22.8.bb => go_1.22.9.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.22.8.inc b/meta/recipes-devtools/go/go-1.22.9.inc
similarity index 89%
rename from meta/recipes-devtools/go/go-1.22.8.inc
rename to meta/recipes-devtools/go/go-1.22.9.inc
index 542519b930..8fe2a8e39c 100644
--- a/meta/recipes-devtools/go/go-1.22.8.inc
+++ b/meta/recipes-devtools/go/go-1.22.9.inc
@@ -15,4 +15,4 @@ SRC_URI += "\
file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
"
-SRC_URI[main.sha256sum] = "df12c23ebf19dea0f4bf46a22cbeda4a3eca6f474f318390ce774974278440b8"
+SRC_URI[main.sha256sum] = "e81a362f51aee2125722b018e46714e6a055a1954283414c0f937e737013db22"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.22.8.bb b/meta/recipes-devtools/go/go-binary-native_1.22.9.bb
similarity index 78%
rename from meta/recipes-devtools/go/go-binary-native_1.22.8.bb
rename to meta/recipes-devtools/go/go-binary-native_1.22.9.bb
index 98799eb503..040091be79 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.22.8.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.22.9.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "5f467d29fc67c7ae6468cb6ad5b047a274bae8180cac5e0b7ddbfeba3e47e18f"
-SRC_URI[go_linux_arm64.sha256sum] = "5c616b32dab04bb8c4c8700478381daea0174dc70083e4026321163879278a4a"
-SRC_URI[go_linux_ppc64le.sha256sum] = "c546f27866510bf8e54e86fe6f58c705af0e894341e5572c91f197a734152c27"
+SRC_URI[go_linux_amd64.sha256sum] = "84a8f05b7b969d8acfcaf194ce9298ad5d3ddbfc7034930c280006b5c85a574c"
+SRC_URI[go_linux_arm64.sha256sum] = "5beec5ef9f019e1779727ef0d9643fa8bf2495e7222014d2fc4fbfce5999bf01"
+SRC_URI[go_linux_ppc64le.sha256sum] = "dcee55b402eaf46e7ffb2018b9e30b27ae5e821367697d8f8ff1ed1cecfd7948"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.22.8.bb b/meta/recipes-devtools/go/go-cross-canadian_1.22.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.22.8.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.22.9.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.22.8.bb b/meta/recipes-devtools/go/go-cross_1.22.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.22.8.bb
rename to meta/recipes-devtools/go/go-cross_1.22.9.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.22.8.bb b/meta/recipes-devtools/go/go-crosssdk_1.22.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.22.8.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.22.9.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.22.8.bb b/meta/recipes-devtools/go/go-runtime_1.22.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.22.8.bb
rename to meta/recipes-devtools/go/go-runtime_1.22.9.bb
diff --git a/meta/recipes-devtools/go/go_1.22.8.bb b/meta/recipes-devtools/go/go_1.22.9.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.22.8.bb
rename to meta/recipes-devtools/go/go_1.22.9.bb
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 04/12] go: upgrade 1.22.9 -> 1.22.10
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 03/12] go: upgrade 1.22.8 -> 1.22.9 Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 05/12] go: upgrade 1.22.10 -> 1.22.11 Steve Sakoman
` (7 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Upgrade to latest 1.22.x release [1]:
$ git --no-pager log --oneline go1.22.9..go1.22.10
8f3f22eef8 (tag: go1.22.10) [release-branch.go1.22] go1.22.10
6d7a95abca [release-branch.go1.22] runtime: reserve 4kB for system stack on windows-386
6f05fa7a4f [release-branch.go1.22] syscall: mark SyscallN as noescape
3355db9690 [release-branch.go1.22] time: accept "+01" in TestLoadFixed on OpenBSD
[1] https://github.com/golang/go/compare/go1.22.9...go1.22.10
(From OE-Core rev: e357c93b39df938dc36195dbd779a58b2951b8e6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/{go-1.22.9.inc => go-1.22.10.inc} | 2 +-
...-binary-native_1.22.9.bb => go-binary-native_1.22.10.bb} | 6 +++---
...ross-canadian_1.22.9.bb => go-cross-canadian_1.22.10.bb} | 0
.../go/{go-cross_1.22.9.bb => go-cross_1.22.10.bb} | 0
.../go/{go-crosssdk_1.22.9.bb => go-crosssdk_1.22.10.bb} | 0
.../go/{go-runtime_1.22.9.bb => go-runtime_1.22.10.bb} | 0
meta/recipes-devtools/go/{go_1.22.9.bb => go_1.22.10.bb} | 0
7 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.22.9.inc => go-1.22.10.inc} (89%)
rename meta/recipes-devtools/go/{go-binary-native_1.22.9.bb => go-binary-native_1.22.10.bb} (78%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.22.9.bb => go-cross-canadian_1.22.10.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.22.9.bb => go-cross_1.22.10.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.22.9.bb => go-crosssdk_1.22.10.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.22.9.bb => go-runtime_1.22.10.bb} (100%)
rename meta/recipes-devtools/go/{go_1.22.9.bb => go_1.22.10.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.22.9.inc b/meta/recipes-devtools/go/go-1.22.10.inc
similarity index 89%
rename from meta/recipes-devtools/go/go-1.22.9.inc
rename to meta/recipes-devtools/go/go-1.22.10.inc
index 8fe2a8e39c..2abe7d0f3e 100644
--- a/meta/recipes-devtools/go/go-1.22.9.inc
+++ b/meta/recipes-devtools/go/go-1.22.10.inc
@@ -15,4 +15,4 @@ SRC_URI += "\
file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
"
-SRC_URI[main.sha256sum] = "e81a362f51aee2125722b018e46714e6a055a1954283414c0f937e737013db22"
+SRC_URI[main.sha256sum] = "1e94fd48be750d1fafb4d9b3b6dd31a6e9d2735d339bf2462bc97b64ca4c1037"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.22.9.bb b/meta/recipes-devtools/go/go-binary-native_1.22.10.bb
similarity index 78%
rename from meta/recipes-devtools/go/go-binary-native_1.22.9.bb
rename to meta/recipes-devtools/go/go-binary-native_1.22.10.bb
index 040091be79..8c8fe5bff9 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.22.9.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.22.10.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "84a8f05b7b969d8acfcaf194ce9298ad5d3ddbfc7034930c280006b5c85a574c"
-SRC_URI[go_linux_arm64.sha256sum] = "5beec5ef9f019e1779727ef0d9643fa8bf2495e7222014d2fc4fbfce5999bf01"
-SRC_URI[go_linux_ppc64le.sha256sum] = "dcee55b402eaf46e7ffb2018b9e30b27ae5e821367697d8f8ff1ed1cecfd7948"
+SRC_URI[go_linux_amd64.sha256sum] = "736ce492a19d756a92719a6121226087ccd91b652ed5caec40ad6dbfb2252092"
+SRC_URI[go_linux_arm64.sha256sum] = "5213c5e32fde3bd7da65516467b7ffbfe40d2bb5a5f58105e387eef450583eec"
+SRC_URI[go_linux_ppc64le.sha256sum] = "db05b9838f69d741fb9a5301220b1a62014aee025b0baf341aba3d280087b981"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.22.9.bb b/meta/recipes-devtools/go/go-cross-canadian_1.22.10.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.22.9.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.22.10.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.22.9.bb b/meta/recipes-devtools/go/go-cross_1.22.10.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.22.9.bb
rename to meta/recipes-devtools/go/go-cross_1.22.10.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.22.9.bb b/meta/recipes-devtools/go/go-crosssdk_1.22.10.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.22.9.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.22.10.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.22.9.bb b/meta/recipes-devtools/go/go-runtime_1.22.10.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.22.9.bb
rename to meta/recipes-devtools/go/go-runtime_1.22.10.bb
diff --git a/meta/recipes-devtools/go/go_1.22.9.bb b/meta/recipes-devtools/go/go_1.22.10.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.22.9.bb
rename to meta/recipes-devtools/go/go_1.22.10.bb
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 05/12] go: upgrade 1.22.10 -> 1.22.11
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 04/12] go: upgrade 1.22.9 -> 1.22.10 Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 06/12] u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled Steve Sakoman
` (6 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Upgrade to latest 1.22.x release [1]:
$ git --no-pager log --oneline go1.22.10..go1.22.11
f072884354 (tag: go1.22.11) [release-branch.go1.22] go1.22.11
b72d56f98d [release-branch.go1.22] net/http: persist header stripping across repeated redirects
19d2103415 [release-branch.go1.22] crypto/x509: properly check for IPv6 hosts in URIs
ae9996f965 [release-branch.go1.22] runtime: hold traceAcquire across casgstatus in injectglist
223260bc63 [release-branch.go1.22] crypto/tls: fix Config.Time in tests using expired certificates
Fixes CVE-2024-45336 and CVE-2024-45341
[1] https://github.com/golang/go/compare/go1.22.10...go1.22.11
(From OE-Core rev: 4589986602319f9ed61e381b333bb53b731eb8d8)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/{go-1.22.10.inc => go-1.22.11.inc} | 2 +-
...binary-native_1.22.10.bb => go-binary-native_1.22.11.bb} | 6 +++---
...oss-canadian_1.22.10.bb => go-cross-canadian_1.22.11.bb} | 0
.../go/{go-cross_1.22.10.bb => go-cross_1.22.11.bb} | 0
.../go/{go-crosssdk_1.22.10.bb => go-crosssdk_1.22.11.bb} | 0
.../go/{go-runtime_1.22.10.bb => go-runtime_1.22.11.bb} | 0
meta/recipes-devtools/go/{go_1.22.10.bb => go_1.22.11.bb} | 0
7 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.22.10.inc => go-1.22.11.inc} (89%)
rename meta/recipes-devtools/go/{go-binary-native_1.22.10.bb => go-binary-native_1.22.11.bb} (78%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.22.10.bb => go-cross-canadian_1.22.11.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.22.10.bb => go-cross_1.22.11.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.22.10.bb => go-crosssdk_1.22.11.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.22.10.bb => go-runtime_1.22.11.bb} (100%)
rename meta/recipes-devtools/go/{go_1.22.10.bb => go_1.22.11.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.22.10.inc b/meta/recipes-devtools/go/go-1.22.11.inc
similarity index 89%
rename from meta/recipes-devtools/go/go-1.22.10.inc
rename to meta/recipes-devtools/go/go-1.22.11.inc
index 2abe7d0f3e..21222bea4e 100644
--- a/meta/recipes-devtools/go/go-1.22.10.inc
+++ b/meta/recipes-devtools/go/go-1.22.11.inc
@@ -15,4 +15,4 @@ SRC_URI += "\
file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
"
-SRC_URI[main.sha256sum] = "1e94fd48be750d1fafb4d9b3b6dd31a6e9d2735d339bf2462bc97b64ca4c1037"
+SRC_URI[main.sha256sum] = "a60c23dec95d10a2576265ce580f57869d5ac2471c4f4aca805addc9ea0fc9fe"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.22.10.bb b/meta/recipes-devtools/go/go-binary-native_1.22.11.bb
similarity index 78%
rename from meta/recipes-devtools/go/go-binary-native_1.22.10.bb
rename to meta/recipes-devtools/go/go-binary-native_1.22.11.bb
index 8c8fe5bff9..a526cc88bc 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.22.10.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.22.11.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "736ce492a19d756a92719a6121226087ccd91b652ed5caec40ad6dbfb2252092"
-SRC_URI[go_linux_arm64.sha256sum] = "5213c5e32fde3bd7da65516467b7ffbfe40d2bb5a5f58105e387eef450583eec"
-SRC_URI[go_linux_ppc64le.sha256sum] = "db05b9838f69d741fb9a5301220b1a62014aee025b0baf341aba3d280087b981"
+SRC_URI[go_linux_amd64.sha256sum] = "0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991"
+SRC_URI[go_linux_arm64.sha256sum] = "9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031"
+SRC_URI[go_linux_ppc64le.sha256sum] = "963a0ec973640b23ee8bb7a462cc415276fd8436111a03df8c34eb3b1ae29f12"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.22.10.bb b/meta/recipes-devtools/go/go-cross-canadian_1.22.11.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.22.10.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.22.11.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.22.10.bb b/meta/recipes-devtools/go/go-cross_1.22.11.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.22.10.bb
rename to meta/recipes-devtools/go/go-cross_1.22.11.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.22.10.bb b/meta/recipes-devtools/go/go-crosssdk_1.22.11.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.22.10.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.22.11.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.22.10.bb b/meta/recipes-devtools/go/go-runtime_1.22.11.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.22.10.bb
rename to meta/recipes-devtools/go/go-runtime_1.22.11.bb
diff --git a/meta/recipes-devtools/go/go_1.22.10.bb b/meta/recipes-devtools/go/go_1.22.11.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.22.10.bb
rename to meta/recipes-devtools/go/go_1.22.11.bb
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 06/12] u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 05/12] go: upgrade 1.22.10 -> 1.22.11 Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 07/12] devtool: modify support debug-builds Steve Sakoman
` (5 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Marek Vasut <marex@denx.de>
In case both UBOOT_SIGN_ENABLE and UBOOT_ENV are enabled and
kernel-fitimage.bbclass is in use to generate signed kernel
fitImage, there is a circular dependency between uboot-sign
and kernel-fitimage bbclasses . The loop looks like this:
kernel-fitimage.bbclass:
- do_populate_sysroot depends on do_assemble_fitimage
- do_assemble_fitimage depends on virtual/bootloader:do_populate_sysroot
- virtual/bootloader:do_populate_sysroot depends on virtual/bootloader:do_install
=> The virtual/bootloader:do_install installs and the
virtual/bootloader:do_populate_sysroot places into
sysroot an U-Boot environment script embedded into
kernel fitImage during do_assemble_fitimage run .
uboot-sign.bbclass:
- DEPENDS on KERNEL_PN, which is really virtual/kernel. More accurately
- do_deploy depends on do_uboot_assemble_fitimage
- do_install depends on do_uboot_assemble_fitimage
- do_uboot_assemble_fitimage depends on virtual/kernel:do_populate_sysroot
=> do_install depends on virtual/kernel:do_populate_sysroot
=> virtual/bootloader:do_install depends on virtual/kernel:do_populate_sysroot
virtual/kernel:do_populate_sysroot depends on virtual/bootloader:do_install
Attempt to resolve the loop. Pull fitimage configuration options into separate
new configuration file image-fitimage.conf so these configuration options can
be shared by both uboot-sign.bbclass and kernel-fitimage.bbclass, and make use
of mkimage -f auto-conf / mkimage -f auto option to insert /signature node key-*
subnode into U-Boot control DT without depending on the layout of kernel fitImage
itself. This is perfectly valid to do, because the U-Boot /signature node key-*
subnodes 'required' property can contain either of two values, 'conf' or 'image'
to authenticate either selected configuration or all of images when booting the
fitImage.
For details of the U-Boot fitImage signing process, see:
https://docs.u-boot.org/en/latest/usage/fit/signature.html
For details of mkimage -f auto-conf and -f auto, see:
https://manpages.debian.org/experimental/u-boot-tools/mkimage.1.en.html#EXAMPLES
(From OE-Core rev: 259bfa86f384206f0d0a96a5b84887186c5f689e)
Fixes: 5e12dc911d0c ("u-boot: Rework signing to remove interdependencies")
Reviewed-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-recipe/kernel-fitimage.bbclass | 53 +--------------------
meta/classes-recipe/uboot-sign.bbclass | 26 +++++-----
meta/conf/image-fitimage.conf | 53 +++++++++++++++++++++
3 files changed, 68 insertions(+), 64 deletions(-)
create mode 100644 meta/conf/image-fitimage.conf
diff --git a/meta/classes-recipe/kernel-fitimage.bbclass b/meta/classes-recipe/kernel-fitimage.bbclass
index 18ab17bd2c..3e20c3248b 100644
--- a/meta/classes-recipe/kernel-fitimage.bbclass
+++ b/meta/classes-recipe/kernel-fitimage.bbclass
@@ -5,6 +5,7 @@
#
inherit kernel-uboot kernel-artifact-names uboot-config
+require conf/image-fitimage.conf
def get_fit_replacement_type(d):
kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
@@ -52,58 +53,6 @@ python __anonymous () {
d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
}
-
-# Description string
-FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
-
-# Kernel fitImage Hash Algo
-FIT_HASH_ALG ?= "sha256"
-
-# Kernel fitImage Signature Algo
-FIT_SIGN_ALG ?= "rsa2048"
-
-# Kernel / U-Boot fitImage Padding Algo
-FIT_PAD_ALG ?= "pkcs-1.5"
-
-# Generate keys for signing Kernel fitImage
-FIT_GENERATE_KEYS ?= "0"
-
-# Size of private keys in number of bits
-FIT_SIGN_NUMBITS ?= "2048"
-
-# args to openssl genrsa (Default is just the public exponent)
-FIT_KEY_GENRSA_ARGS ?= "-F4"
-
-# args to openssl req (Default is -batch for non interactive mode and
-# -new for new certificate)
-FIT_KEY_REQ_ARGS ?= "-batch -new"
-
-# Standard format for public key certificate
-FIT_KEY_SIGN_PKCS ?= "-x509"
-
-# Sign individual images as well
-FIT_SIGN_INDIVIDUAL ?= "0"
-
-FIT_CONF_PREFIX ?= "conf-"
-FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
-
-FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
-
-# Allow user to select the default DTB for FIT image when multiple dtb's exists.
-FIT_CONF_DEFAULT_DTB ?= ""
-
-# length of address in number of <u32> cells
-# ex: 1 32bits address, 2 64bits address
-FIT_ADDRESS_CELLS ?= "1"
-
-# Keys used to sign individually image nodes.
-# The keys to sign image nodes must be different from those used to sign
-# configuration nodes, otherwise the "required" property, from
-# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
-# Then the images signature checking will not be mandatory and no error will be
-# raised in case of failure.
-# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
-
#
# Emit the fitImage ITS header
#
diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass
index a17be745ce..96c47ab016 100644
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -26,6 +26,7 @@
# We need some variables from u-boot-config
inherit uboot-config
+require conf/image-fitimage.conf
# Enable use of a U-Boot fitImage
UBOOT_FITIMAGE_ENABLE ?= "0"
@@ -85,9 +86,6 @@ UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
# ex: 1 32bits address, 2 64bits address
UBOOT_FIT_ADDRESS_CELLS ?= "1"
-# This is only necessary for determining the signing configuration
-KERNEL_PN = "${PREFERRED_PROVIDER_virtual/kernel}"
-
UBOOT_FIT_UBOOT_LOADADDRESS ?= "${UBOOT_LOADADDRESS}"
UBOOT_FIT_UBOOT_ENTRYPOINT ?= "${UBOOT_ENTRYPOINT}"
@@ -96,8 +94,6 @@ python() {
sign = d.getVar('UBOOT_SIGN_ENABLE') == '1'
if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' or sign:
d.appendVar('DEPENDS', " u-boot-tools-native dtc-native")
- if sign:
- d.appendVar('DEPENDS', " " + d.getVar('KERNEL_PN'))
}
concat_dtb() {
@@ -106,16 +102,26 @@ concat_dtb() {
if [ -e "${UBOOT_DTB_BINARY}" ]; then
# Re-sign the kernel in order to add the keys to our dtb
+ UBOOT_MKIMAGE_MODE="auto-conf"
+ # Signing individual images is not recommended as that
+ # makes fitImage susceptible to mix-and-match attack.
+ if [ "${FIT_SIGN_INDIVIDUAL}" = "1" ] ; then
+ UBOOT_MKIMAGE_MODE="auto"
+ fi
${UBOOT_MKIMAGE_SIGN} \
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
- -F -k "${UBOOT_SIGN_KEYDIR}" \
+ -f $UBOOT_MKIMAGE_MODE \
+ -k "${UBOOT_SIGN_KEYDIR}" \
+ -o "${FIT_HASH_ALG},${FIT_SIGN_ALG}" \
+ -g "${UBOOT_SIGN_IMG_KEYNAME}" \
-K "${UBOOT_DTB_BINARY}" \
- -r ${B}/fitImage-linux \
+ -d /dev/null \
+ -r ${B}/unused.itb \
${UBOOT_MKIMAGE_SIGN_ARGS}
# Verify the kernel image and u-boot dtb
${UBOOT_FIT_CHECK_SIGN} \
-k "${UBOOT_DTB_BINARY}" \
- -f ${B}/fitImage-linux
+ -f ${B}/unused.itb
cp ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SIGNED}
fi
@@ -351,10 +357,6 @@ uboot_assemble_fitimage_helper() {
}
do_uboot_assemble_fitimage() {
- if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
- cp "${STAGING_DIR_HOST}/sysroot-only/fitImage" "${B}/fitImage-linux"
- fi
-
if [ -n "${UBOOT_CONFIG}" ]; then
unset i
for config in ${UBOOT_MACHINE}; do
diff --git a/meta/conf/image-fitimage.conf b/meta/conf/image-fitimage.conf
new file mode 100644
index 0000000000..be9ae30134
--- /dev/null
+++ b/meta/conf/image-fitimage.conf
@@ -0,0 +1,53 @@
+# Possible options for fitImage generation, mainly
+# related to signing of the fitImage content.
+
+# Description string
+FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
+
+# Kernel fitImage Hash Algo
+FIT_HASH_ALG ?= "sha256"
+
+# Kernel fitImage Signature Algo
+FIT_SIGN_ALG ?= "rsa2048"
+
+# Kernel / U-Boot fitImage Padding Algo
+FIT_PAD_ALG ?= "pkcs-1.5"
+
+# Generate keys for signing Kernel fitImage
+FIT_GENERATE_KEYS ?= "0"
+
+# Size of private keys in number of bits
+FIT_SIGN_NUMBITS ?= "2048"
+
+# args to openssl genrsa (Default is just the public exponent)
+FIT_KEY_GENRSA_ARGS ?= "-F4"
+
+# args to openssl req (Default is -batch for non interactive mode and
+# -new for new certificate)
+FIT_KEY_REQ_ARGS ?= "-batch -new"
+
+# Standard format for public key certificate
+FIT_KEY_SIGN_PKCS ?= "-x509"
+
+# Sign individual images as well
+FIT_SIGN_INDIVIDUAL ?= "0"
+
+FIT_CONF_PREFIX ?= "conf-"
+FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
+
+FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
+
+# Allow user to select the default DTB for FIT image when multiple dtb's exists.
+FIT_CONF_DEFAULT_DTB ?= ""
+
+# length of address in number of <u32> cells
+# ex: 1 32bits address, 2 64bits address
+FIT_ADDRESS_CELLS ?= "1"
+
+# Keys used to sign individually image nodes.
+# The keys to sign image nodes must be different from those used to sign
+# configuration nodes, otherwise the "required" property, from
+# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
+# Then the images signature checking will not be mandatory and no error will be
+# raised in case of failure.
+# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 07/12] devtool: modify support debug-builds
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 06/12] u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 08/12] devtool: ide-sdk sort cmake preset Steve Sakoman
` (4 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Adrian Freihofer <adrian.freihofer@gmail.com>
Add a new option --debug-builds to automatically add DEBUG_BUILD = “1”
to the bbappend file of this recipe. This is especially useful when
invoking devtool modify before invoking devtool ide-sdk to perform a
remote debugging session.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/devtool/standard.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 05161942b7..908869cc4f 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -1031,6 +1031,8 @@ def modify(args, config, basepath, workspace):
if branch == args.branch:
continue
f.write('# patches_%s: %s\n' % (branch, ','.join(branch_patches[branch])))
+ if args.debug_build:
+ f.write('\nDEBUG_BUILD = "1"\n')
update_unlockedsigs(basepath, workspace, args.fixed_setup, [pn])
@@ -2396,6 +2398,7 @@ def register_commands(subparsers, context):
parser_modify.add_argument('--branch', '-b', default="devtool", help='Name for development branch to checkout (when not using -n/--no-extract) (default "%(default)s")')
parser_modify.add_argument('--no-overrides', '-O', action="store_true", help='Do not create branches for other override configurations')
parser_modify.add_argument('--keep-temp', help='Keep temporary directory (for debugging)', action="store_true")
+ parser_modify.add_argument('--debug-build', action="store_true", help='Add DEBUG_BUILD = "1" to the modified recipe')
parser_modify.set_defaults(func=modify, fixed_setup=context.fixed_setup)
parser_extract = subparsers.add_parser('extract', help='Extract the source for an existing recipe',
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 08/12] devtool: ide-sdk sort cmake preset
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 07/12] devtool: modify support debug-builds Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 09/12] devtool: ide-sdk recommend DEBUG_BUILD Steve Sakoman
` (3 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Adrian Freihofer <adrian.freihofer@gmail.com>
Sort the keys of the generated CMakeUserPreset.json file to make it
easier to search and compare.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/devtool/ide_sdk.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/lib/devtool/ide_sdk.py b/scripts/lib/devtool/ide_sdk.py
index 65873b088d..eee5425aa7 100755
--- a/scripts/lib/devtool/ide_sdk.py
+++ b/scripts/lib/devtool/ide_sdk.py
@@ -493,7 +493,7 @@ class RecipeModified:
vars = (key for key in d.keys() if not key.startswith(
"__") and not d.getVarFlag(key, "func", False))
- for var in vars:
+ for var in sorted(vars):
func = d.getVarFlag(var, "func", False)
if d.getVarFlag(var, 'python', False) and func:
continue
@@ -545,7 +545,7 @@ class RecipeModified:
cache_vars = {}
oecmake_args = d.getVar('OECMAKE_ARGS').split()
extra_oecmake = d.getVar('EXTRA_OECMAKE').split()
- for param in oecmake_args + extra_oecmake:
+ for param in sorted(oecmake_args + extra_oecmake):
d_pref = "-D"
if param.startswith(d_pref):
param = param[len(d_pref):]
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 09/12] devtool: ide-sdk recommend DEBUG_BUILD
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 08/12] devtool: ide-sdk sort cmake preset Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 10/12] oe-selftest: devtool ide-sdk use modify debug-build Steve Sakoman
` (2 subsequent siblings)
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Adrian Freihofer <adrian.freihofer@gmail.com>
The debug_build_config function was never called. Compiling with debug
optimized compiler flags was not working. Even with the
--debug-build-config flag set, the build configuration from the recipe
was used.
The devtool ide-sdk --debug-build-config approach didn't work very well
anyway. The problem is that changing the bbappend file doesn't work
while bitbake uses the bbappend file. As a workaround, it would be
possible to parse the recipe, get DEBUG_BUILD and the path to the append
file, exit tinfoil, change the bbappend file, reopen tinfoil and do what
ide-sdk is supposed to do. Such an implementation would be complicated
and slow.
Therefore, the code that was originally supposed to implement this is
removed from ide-sdk and the new --debug-build function of devtool
modify is used instead. Additionally, a hint should be given on how to
manually add DEBUG_BUILD = '1' to bbappend.
This is compatible with the VSCode Bitbake plug-in, which does not
support this parameter anyway.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/devtool/ide_sdk.py | 50 ++++++----------------------------
1 file changed, 9 insertions(+), 41 deletions(-)
diff --git a/scripts/lib/devtool/ide_sdk.py b/scripts/lib/devtool/ide_sdk.py
index eee5425aa7..5e4c543275 100755
--- a/scripts/lib/devtool/ide_sdk.py
+++ b/scripts/lib/devtool/ide_sdk.py
@@ -288,6 +288,7 @@ class RecipeModified:
self.bblayers = None
self.bpn = None
self.d = None
+ self.debug_build = None
self.fakerootcmd = None
self.fakerootenv = None
self.libdir = None
@@ -348,6 +349,7 @@ class RecipeModified:
self.bpn = recipe_d.getVar('BPN')
self.cxx = recipe_d.getVar('CXX')
self.d = recipe_d.getVar('D')
+ self.debug_build = recipe_d.getVar('DEBUG_BUILD')
self.fakerootcmd = recipe_d.getVar('FAKEROOTCMD')
self.fakerootenv = recipe_d.getVar('FAKEROOTENV')
self.libdir = recipe_d.getVar('libdir')
@@ -389,17 +391,6 @@ class RecipeModified:
self.recipe_id = self.bpn + "-" + self.package_arch
self.recipe_id_pretty = self.bpn + ": " + self.package_arch
- def append_to_bbappend(self, append_text):
- with open(self.bbappend, 'a') as bbap:
- bbap.write(append_text)
-
- def remove_from_bbappend(self, append_text):
- with open(self.bbappend, 'r') as bbap:
- text = bbap.read()
- new_text = text.replace(append_text, '')
- with open(self.bbappend, 'w') as bbap:
- bbap.write(new_text)
-
@staticmethod
def is_valid_shell_variable(var):
"""Skip strange shell variables like systemd
@@ -412,34 +403,6 @@ class RecipeModified:
return True
return False
- def debug_build_config(self, args):
- """Explicitely set for example CMAKE_BUILD_TYPE to Debug if not defined otherwise"""
- if self.build_tool is BuildTool.CMAKE:
- append_text = os.linesep + \
- 'OECMAKE_ARGS:append = " -DCMAKE_BUILD_TYPE:STRING=Debug"' + os.linesep
- if args.debug_build_config and not 'CMAKE_BUILD_TYPE' in self.cmake_cache_vars:
- self.cmake_cache_vars['CMAKE_BUILD_TYPE'] = {
- "type": "STRING",
- "value": "Debug",
- }
- self.append_to_bbappend(append_text)
- elif 'CMAKE_BUILD_TYPE' in self.cmake_cache_vars:
- del self.cmake_cache_vars['CMAKE_BUILD_TYPE']
- self.remove_from_bbappend(append_text)
- elif self.build_tool is BuildTool.MESON:
- append_text = os.linesep + 'MESON_BUILDTYPE = "debug"' + os.linesep
- if args.debug_build_config and self.meson_buildtype != "debug":
- self.mesonopts.replace(
- '--buildtype ' + self.meson_buildtype, '--buildtype debug')
- self.append_to_bbappend(append_text)
- elif self.meson_buildtype == "debug":
- self.mesonopts.replace(
- '--buildtype debug', '--buildtype plain')
- self.remove_from_bbappend(append_text)
- elif args.debug_build_config:
- logger.warn(
- "--debug-build-config is not implemented for this build tool yet.")
-
def solib_search_path(self, image):
"""Search for debug symbols in the rootfs and rootfs-dbg
@@ -988,6 +951,13 @@ def ide_setup(args, config, basepath, workspace):
recipe_modified.gen_meson_wrapper()
ide.setup_modified_recipe(
args, recipe_image, recipe_modified)
+
+ if recipe_modified.debug_build != '1':
+ logger.warn(
+ 'Recipe %s is compiled with release build configuration. '
+ 'You might want to add DEBUG_BUILD = "1" to %s. '
+ 'Note that devtool modify --debug-build can do this automatically.',
+ recipe_modified.name, recipe_modified.bbappend)
else:
raise DevtoolError("Must not end up here.")
@@ -1065,6 +1035,4 @@ def register_commands(subparsers, context):
'-p', '--no-preserve', help='Do not preserve existing files', action='store_true')
parser_ide_sdk.add_argument(
'--no-check-space', help='Do not check for available space before deploying', action='store_true')
- parser_ide_sdk.add_argument(
- '--debug-build-config', help='Use debug build flags, for example set CMAKE_BUILD_TYPE=Debug', action='store_true')
parser_ide_sdk.set_defaults(func=ide_setup)
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 10/12] oe-selftest: devtool ide-sdk use modify debug-build
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (8 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 09/12] devtool: ide-sdk recommend DEBUG_BUILD Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 11/12] devtool: ide-sdk remove the plugin from eSDK installer Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 12/12] uboot-config: fix devtool modify with kernel-fitimage Steve Sakoman
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Adrian Freihofer <adrian.freihofer@gmail.com>
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index fc08906117..ee75687f01 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -2493,7 +2493,7 @@ class DevtoolIdeSdkTests(DevtoolBase):
self.track_for_cleanup(tempdir)
self.add_command_to_tearDown('bitbake -c clean %s' % recipe_name)
- result = runCmd('devtool modify %s -x %s' % (recipe_name, tempdir))
+ result = runCmd('devtool modify %s -x %s --debug-build' % (recipe_name, tempdir))
self.assertExists(os.path.join(tempdir, build_file),
'Extracted source could not be found')
self.assertExists(os.path.join(self.workspacedir, 'conf',
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 11/12] devtool: ide-sdk remove the plugin from eSDK installer
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (9 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 10/12] oe-selftest: devtool ide-sdk use modify debug-build Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 12/12] uboot-config: fix devtool modify with kernel-fitimage Steve Sakoman
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Adrian Freihofer <adrian.freihofer@gmail.com>
The ide-sdk command bootstraps the SDK from the bitbake environment
before the IDE configuration is generated. In the case of the eSDK
installer, the bootstrapping is performed during the installation of
the eSDK installer. Running the ide-sdk plugin from an eSDK installer
based setup would require skipping the bootstrapping and probably taking
some other differences into account when generating the IDE
configurations.
This would be possible. But it will probably never be implemented, as
running devtool ide-sdk directly from the bitbake environment is much
more flexible.
Also, some of the recent improvements that have made it into the core
have the potential to make the eSDK installer obsolete at some point in
the future:
- bitbake-layers create-layers-setup replicates the layers
- bitbake-config-build replicates the build configuration
- The new sstate mirror features replicate the sstate
- bblock locks the sstate more flexible than the eSDK installer
- devtool ide-sdk bootstraps the SDK directly from the bitbake
environment. The same environment-setup... file is provided with
--mode=shared.
The devtool modify based workflow is supported since always by devtool
and also the default --mode of devtool ide-sdk.
These functions essentially cover what the eSDK installer does without
a need for the current implementation of the eSDK installer and the
populate_sdk_ext, which is hard to maintain and takes a lot of time to
build.
This means that instead of making the ide-sdk plugin compatible with the
eSDK installer, we should rather replace the current implementation of
the eSDK installer and populate_sdk_ext with an implementation that can
replicate a normal bitbake environment in a convenient way where the
ide-sdk plugin also just works without additional complexity.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/devtool/ide_sdk.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/scripts/lib/devtool/ide_sdk.py b/scripts/lib/devtool/ide_sdk.py
index 5e4c543275..0b50165a12 100755
--- a/scripts/lib/devtool/ide_sdk.py
+++ b/scripts/lib/devtool/ide_sdk.py
@@ -965,6 +965,15 @@ def ide_setup(args, config, basepath, workspace):
def register_commands(subparsers, context):
"""Register devtool subcommands from this plugin"""
+ # The ide-sdk command bootstraps the SDK from the bitbake environment before the IDE
+ # configuration is generated. In the case of the eSDK, the bootstrapping is performed
+ # during the installation of the eSDK installer. Running the ide-sdk plugin from an
+ # eSDK installer-based setup would require skipping the bootstrapping and probably
+ # taking some other differences into account when generating the IDE configurations.
+ # This would be possible. But it is not implemented.
+ if context.fixed_setup:
+ return
+
global ide_plugins
# Search for IDE plugins in all sub-folders named ide_plugins where devtool seraches for plugins.
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 12/12] uboot-config: fix devtool modify with kernel-fitimage
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
` (10 preceding siblings ...)
2025-01-30 2:51 ` [OE-core][scarthgap 11/12] devtool: ide-sdk remove the plugin from eSDK installer Steve Sakoman
@ 2025-01-30 2:51 ` Steve Sakoman
11 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-30 2:51 UTC (permalink / raw)
To: openembedded-core
From: Adrian Freihofer <adrian.freihofer@siemens.com>
How to reproduce:
- UBOOT_CONFIG must be used. With UBOOT_MACHINE it works fine.
A simple example based on oe-core is to modify the
beaglebone-yocto.conf file like this:
-UBOOT_MACHINE = "am335x_evm_defconfig"
+UBOOT_CONFIG = "foo"
+UBOOT_CONFIG[foo] = "am335x_evm_defconfig"
- A build configuration which inherits the kernel-fitimage.bbclass is
needed. For example:
MACHINE = "beaglebone-yocto"
KERNEL_IMAGETYPE = "Image"
KERNEL_IMAGETYPES += " fitImage "
KERNEL_CLASSES = " kernel-fitimage "
devtool modify linux-yocto
devtool build linux-yocto
...
| cp: cannot stat '.../linux-yocto-6.6.21+git/am335x_evm_defconfig/.config':
No such file or directory
| WARNING: .../linux-yocto/6.6.21+git/temp/run.do_configure.2081673:172 exit 1
from 'cp .../linux-yocto-6.6.21+git/am335x_evm_defconfig/.config
.../build/workspace/sources/linux-yocto/.config.baseline'
The reason for this problem is that the uboot-config.bbclass sets the
variable KCONFIG_CONFIG_ROOTDIR to a path that makes sense for u-boot,
but not for other recipes. However, the kernel-fitimage.bbclasse, for
example, inherits the uboot-config.bbclass, which brings the
u-boot-specific path into the kernel build context.
This change removes the uboot-specific KCONFIG_CONFIG_ROOTDIR path from
recipes other than u-boot itself.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from b23581a22619c52724c8e078f29e871e2ee74259)
Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-recipe/uboot-config.bbclass | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/meta/classes-recipe/uboot-config.bbclass b/meta/classes-recipe/uboot-config.bbclass
index e55fc38b7c..bf21961977 100644
--- a/meta/classes-recipe/uboot-config.bbclass
+++ b/meta/classes-recipe/uboot-config.bbclass
@@ -101,12 +101,12 @@ python () {
# The "doc" varflag is special, we don't want to see it here
ubootconfigflags.pop('doc', None)
ubootconfig = (d.getVar('UBOOT_CONFIG') or "").split()
+ recipename = d.getVar("PN")
if not ubootmachine and not ubootconfig:
- PN = d.getVar("PN")
FILE = os.path.basename(d.getVar("FILE"))
bb.debug(1, "To build %s, see %s for instructions on \
- setting up your machine config" % (PN, FILE))
+ setting up your machine config" % (recipename, FILE))
raise bb.parse.SkipRecipe("Either UBOOT_MACHINE or UBOOT_CONFIG must be set in the %s machine configuration." % d.getVar("MACHINE"))
if ubootmachine and ubootconfig:
@@ -140,9 +140,12 @@ python () {
if not found:
raise bb.parse.SkipRecipe("The selected UBOOT_CONFIG key %s has no match in %s." % (ubootconfig, ubootconfigflags.keys()))
- if len(ubootconfig) == 1:
- d.setVar('KCONFIG_CONFIG_ROOTDIR', os.path.join(d.getVar("B"), d.getVar("UBOOT_MACHINE").strip()))
- else:
- # Disable menuconfig for multiple configs
- d.setVar('KCONFIG_CONFIG_ENABLE_MENUCONFIG', "false")
+ # This recipe might be inherited e.g. by the kernel recipe via kernel-fitimage.bbclass
+ # Ensure the uboot specific menuconfig settings do not leak into other recipes
+ if 'u-boot' in recipename:
+ if len(ubootconfig) == 1:
+ d.setVar('KCONFIG_CONFIG_ROOTDIR', os.path.join(d.getVar("B"), d.getVar("UBOOT_MACHINE").strip()))
+ else:
+ # Disable menuconfig for multiple configs
+ d.setVar('KCONFIG_CONFIG_ENABLE_MENUCONFIG', "false")
}
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 00/12] Patch review
@ 2025-06-06 15:59 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-06-06 15:59 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, June 10
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1740
The following changes since commit d1b64f190c1686f081f5ba2c4f2b320048f6a514:
sstatetests: Switch to new CDN (2025-06-02 07:21:18 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Changqing Li (6):
libsoup: fix CVE-2025-32908
libsoup: fix CVE-2025-32907
libsoup-2.4: fix CVE-2025-32907
libsoup-2.4: fix do_compile failure
libsoup-2.4: fix CVE-2025-32053
libsoup: fix CVE-2025-32053
Deepesh Varatharajan (2):
binutils: Fix CVE-2025-5245
binutils: Fix CVE-2025-5244
Divya Chellam (2):
screen: fix CVE-2025-46802
screen: fix CVE-2025-46804
Guðni Már Gilbert (1):
systemd: upgrade 255.18 -> 255.21
Vijay Anusuri (1):
python3-setuptools: Fix CVE-2025-47273
...55.18.bb => systemd-boot-native_255.21.bb} | 0
...-boot_255.18.bb => systemd-boot_255.21.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
...1-missing_type.h-add-comparison_fn_t.patch | 2 +-
...k-parse_printf_format-implementation.patch | 2 +-
...tall-dependency-links-at-install-tim.patch | 2 +-
...missing.h-check-for-missing-strndupa.patch | 10 +-
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 2 +-
...005-add-missing-FTW_-macros-for-musl.patch | 2 +-
...06-Use-uintmax_t-for-handling-rlim_t.patch | 2 +-
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 2 +-
...patible-basename-for-non-glibc-syste.patch | 2 +-
...implment-systemd-sysv-install-for-OE.patch | 2 +-
...uffering-when-writing-to-oom_score_a.patch | 2 +-
...compliant-strerror_r-from-GNU-specif.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
...-not-disable-buffer-in-writing-files.patch | 8 +-
.../0013-Handle-__cpu_mask-usage.patch | 2 +-
.../systemd/0014-Handle-missing-gshadow.patch | 2 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 2 +-
...ass-correct-parameters-to-getdents64.patch | 2 +-
.../0017-Adjust-for-musl-headers.patch | 2 +-
...trerror-is-assumed-to-be-GNU-specifi.patch | 2 +-
...util-Make-STRERROR-portable-for-musl.patch | 2 +-
...ake-malloc_trim-conditional-on-glibc.patch | 2 +-
...hared-Do-not-use-malloc_info-on-musl.patch | 2 +-
...22-avoid-missing-LOCK_EX-declaration.patch | 4 +-
.../{systemd_255.18.bb => systemd_v255.21.bb} | 0
.../binutils/binutils-2.42.inc | 2 +
.../binutils/0022-CVE-2025-5244.patch | 25 +++
.../binutils/0022-CVE-2025-5245.patch | 38 ++++
.../CVE-2025-47273-pre1.patch | 54 +++++
.../python3-setuptools/CVE-2025-47273.patch | 59 ++++++
.../python/python3-setuptools_69.1.1.bb | 2 +
.../screen/screen/CVE-2025-46802.patch | 146 +++++++++++++
.../screen/screen/CVE-2025-46804.patch | 131 ++++++++++++
meta/recipes-extended/screen/screen_4.9.1.bb | 2 +
.../libsoup/libsoup-2.4/CVE-2025-32053.patch | 39 ++++
.../libsoup/libsoup-2.4/CVE-2025-32907.patch | 39 ++++
.../libsoup-2.4/CVE-2025-32910-1.patch | 79 +------
.../libsoup-2.4/CVE-2025-32910-2.patch | 60 +-----
.../libsoup-2.4/CVE-2025-32912-1.patch | 20 +-
.../libsoup/libsoup-2.4_2.74.3.bb | 4 +-
.../libsoup-3.4.4/CVE-2025-32053.patch | 40 ++++
.../libsoup-3.4.4/CVE-2025-32907-1.patch | 200 ++++++++++++++++++
.../libsoup-3.4.4/CVE-2025-32907-2.patch | 68 ++++++
.../libsoup-3.4.4/CVE-2025-32908-1.patch | 89 ++++++++
.../libsoup-3.4.4/CVE-2025-32908-2.patch | 53 +++++
meta/recipes-support/libsoup/libsoup_3.4.4.bb | 7 +-
49 files changed, 1053 insertions(+), 170 deletions(-)
rename meta/recipes-core/systemd/{systemd-boot-native_255.18.bb => systemd-boot-native_255.21.bb} (100%)
rename meta/recipes-core/systemd/{systemd-boot_255.18.bb => systemd-boot_255.21.bb} (100%)
rename meta/recipes-core/systemd/{systemd_255.18.bb => systemd_v255.21.bb} (100%)
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46802.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46804.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 00/12] Patch review
@ 2025-07-09 2:51 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-07-09 2:51 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tursday, July 10
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1980
The following changes since commit 15881f41f8c00c5f0a68628c2d49ca1aa1999c2e:
xwayland: fix CVE-2025-49180 (2025-07-03 09:04:44 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Bruce Ashfield (3):
linux-yocto/6.6: update to v6.6.93
linux-yocto/6.6: update to v6.6.94
linux-yocto/6.6: update to v6.6.96
Changqing Li (4):
icu: fix CVE-2025-5222
libsoup-2.4: refresh CVE-2025-4969.patch
libsoup-2.4: fix CVE-2025-4945
libsoup: fix CVE-2025-4945
Guocai He (1):
minicom: correct the SRC_URI
Hitendra Prajapati (1):
libxml2: fix CVE-2025-6021
Vijay Anusuri (1):
sudo: Fix CVE-2025-32462
Virendra Thakur (1):
curl: set conditional CVE_STATUS for CVE-2025-5025
Yogita Urade (1):
python3-urllib3: fix CVE-2025-50181
.../libxml/libxml2/CVE-2025-6021.patch | 56 ++++
meta/recipes-core/libxml/libxml2_2.12.10.bb | 1 +
.../python3-urllib3/CVE-2025-50181.patch | 283 ++++++++++++++++++
.../python/python3-urllib3_2.2.2.bb | 4 +
meta/recipes-extended/minicom/minicom_2.9.bb | 2 +-
.../sudo/files/CVE-2025-32462.patch | 42 +++
meta/recipes-extended/sudo/sudo_1.9.15p5.bb | 1 +
.../linux/linux-yocto-rt_6.6.bb | 6 +-
.../linux/linux-yocto-tiny_6.6.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +-
meta/recipes-support/curl/curl_8.7.1.bb | 2 +
.../icu/icu/CVE-2025-5222.patch | 166 ++++++++++
meta/recipes-support/icu/icu_74-2.bb | 1 +
.../libsoup/libsoup-2.4/CVE-2025-4945.patch | 117 ++++++++
.../libsoup/libsoup-2.4/CVE-2025-4969.patch | 54 +---
.../libsoup/libsoup-2.4_2.74.3.bb | 1 +
.../libsoup/libsoup-3.4.4/CVE-2025-4945.patch | 118 ++++++++
meta/recipes-support/libsoup/libsoup_3.4.4.bb | 1 +
18 files changed, 826 insertions(+), 63 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch
create mode 100644 meta/recipes-extended/sudo/files/CVE-2025-32462.patch
create mode 100644 meta/recipes-support/icu/icu/CVE-2025-5222.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4945.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4945.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][scarthgap 00/12] Patch review
@ 2025-07-17 2:58 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-07-17 2:58 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Friday, July 18
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2032
The following changes since commit 7a59dc5ee6edd9596e87c2fbcd1f2594c06b3d1b:
build-appliance-image: Update to scarthgap head revision (2025-07-11 08:14:46 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Archana Polampalli (1):
gdk-pixbuf: fix CVE-2025-7345
Deepesh Varatharajan (1):
binutils: stable 2.42 branch updates
Hitendra Prajapati (1):
libxml2: fix CVE-2025-49794 & CVE-2025-49796
Joe Slater (1):
oe-debuginfod: add option for data storage
Michal Seben (1):
timedated: wait for jobs before SetNTP response
Peter Marko (3):
python3: update CVE product
busybox: apply patch for CVE-2023-39810
iputils: patch CVE-2025-48964
Praveen Kumar (1):
sudo: upgrade 1.9.15p5 -> 1.9.17p1
Steve Sakoman (1):
Revert "sudo: Fix CVE-2025-32462"
Vijay Anusuri (1):
git: Upgrade 2.44.3 -> 2.44.4
Yi Zhao (1):
kea: set correct permissions for /var/run/kea
.../kea/files/kea-dhcp-ddns.service | 1 +
.../kea/files/kea-dhcp4.service | 1 +
.../kea/files/kea-dhcp6.service | 1 +
.../busybox/busybox/CVE-2023-39810.patch | 136 +++++++++++++
meta/recipes-core/busybox/busybox_1.36.1.bb | 1 +
.../CVE-2025-49794-CVE-2025-49796.patch | 186 ++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.12.10.bb | 1 +
...d-on-org.freedesktop.timedate1.SetNT.patch | 97 +++++++++
meta/recipes-core/systemd/systemd_255.21.bb | 1 +
.../binutils/binutils-2.42.inc | 2 +-
.../git/{git_2.44.3.bb => git_2.44.4.bb} | 2 +-
.../python/python3_3.12.11.bb | 2 +-
.../iputils/iputils/CVE-2025-48964.patch | 99 ++++++++++
.../iputils/iputils_20240117.bb | 1 +
...o.conf.in-fix-conflict-with-multilib.patch | 7 +-
.../sudo/files/CVE-2025-32462.patch | 42 ----
meta/recipes-extended/sudo/sudo.inc | 2 +-
.../{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} | 55 +++++-
.../gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch | 55 ++++++
.../gdk-pixbuf/gdk-pixbuf_2.42.12.bb | 1 +
scripts/oe-debuginfod | 17 +-
21 files changed, 657 insertions(+), 53 deletions(-)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-39810.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
create mode 100644 meta/recipes-core/systemd/systemd/0003-timedated-Respond-on-org.freedesktop.timedate1.SetNT.patch
rename meta/recipes-devtools/git/{git_2.44.3.bb => git_2.44.4.bb} (98%)
create mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
delete mode 100644 meta/recipes-extended/sudo/files/CVE-2025-32462.patch
rename meta/recipes-extended/sudo/{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} (52%)
create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2025-07-17 2:59 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-30 2:51 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 01/12] openssl: patch CVE-2024-13176 Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 02/12] systemd: upgrade 255.13 -> 255.17 Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 03/12] go: upgrade 1.22.8 -> 1.22.9 Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 04/12] go: upgrade 1.22.9 -> 1.22.10 Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 05/12] go: upgrade 1.22.10 -> 1.22.11 Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 06/12] u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 07/12] devtool: modify support debug-builds Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 08/12] devtool: ide-sdk sort cmake preset Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 09/12] devtool: ide-sdk recommend DEBUG_BUILD Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 10/12] oe-selftest: devtool ide-sdk use modify debug-build Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 11/12] devtool: ide-sdk remove the plugin from eSDK installer Steve Sakoman
2025-01-30 2:51 ` [OE-core][scarthgap 12/12] uboot-config: fix devtool modify with kernel-fitimage Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-07-17 2:58 [OE-core][scarthgap 00/12] Patch review Steve Sakoman
2025-07-09 2:51 Steve Sakoman
2025-06-06 15:59 Steve Sakoman
2024-12-10 20:56 Steve Sakoman
2024-08-29 13:32 Steve Sakoman
2024-07-18 13:45 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox