Add a backport patch to fix an issue with glibc >= 2.43
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
$ echo 'MACHINE = "qemuarm"' >> conf/local.conf
$ bitbake webkitgtk3
...
| {standard input}:43622: Error: symbol `op_instanceof_return_location' is already defined
| {standard input}:43623: Error: symbol `.Lop_instanceof_return_location' is already defined
| {standard input}:44352: Error: symbol `op_instanceof_return_location_wide16' is already defined
| {standard input}:44353: Error: symbol `.Lop_instanceof_return_location_wide16' is already defined
| {standard input}:45090: Error: symbol `op_instanceof_return_location_wide32' is already defined
| {standard input}:45091: Error: symbol `.Lop_instanceof_return_location_wide32' is already defined
...
Drop 0001-Fix-32bit-arm.patch which conflicts with upstream solution [1]
[1] fcaa289f60
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fix following system unsafe warning
/usr/lib/systemd/system/openct.service:10: Unit uses KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
It fails to run `bitbake -p` for qemuppc64 with errors:
ERROR: /path_to/meta-oe/recipes-security/spdm-emu/spdm-emu_git.bb:
unsupported architecture 'powerpc64le'
ERROR: /path_to/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb:
unsupported architecture 'powerpc64le'
Add qemuppc64 default TARGET_ARCH to the arch map.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Bug- and security-fix release. Shortlog:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-17...7.1.2-18
Also remove the obsolete CVE_STATUS assignments - all of these have been corrected
at NVD, and they are tracked with a version/CPE that mirror the real vulnerability
state of the recipe.
While at it, also corrected the reason for the remaining CVE_STATUS assignments.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* refresh patches
* remove workaround for cppunit-dev needed only in 1.15.0
Release Notes [1]:
This is a bugfix and maintenance release that also introduces a few new
features.
Security Fixes:
* CVE-2026-32776 (NULL function pointer dereference)
* CVE-2026-32777 (infinite loop)
* CVE-2026-32778 (NULL dereference on OOM retry)
[1] https://github.com/pocoproject/poco/releases/tag/poco-1.15.1-release
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Inherit python3targetconfig so that cross python3-config is used instead
of native.
This fixes the below error when building on a 64 bit host for a 32 bit
target:
| In file included from /workspaces/yocto/build/tmp/work/core2-32-poky-linux/libgpiod/1.6.5/recipe-sysroot-native/usr/include/python3.14/Python.h:72,
| from ../../../sources/libgpiod-1.6.5/bindings/python/gpiodmodule.c:8:
| /workspaces/yocto/build/tmp/work/core2-32-poky-linux/libgpiod/1.6.5/recipe-sysroot-native/usr/include/python3.14/pyport.h:429:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| 429 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| | ^~~~~
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
oe-core just moved from pkgconfig to pkgconf, which has broken the
ptest buikd due to how fragile the compilation was.
This will be revisited to build the tests properly, but for now simply
disable the ptests.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Added tag to SRC_URI.
Release notes [1]:
Add lvmlockd compare and write, index man pages, and a lot of fixes.
* Add atomic leases using Compare and Write (CAW) to lvmlockd.
* Add lvm-index(7), lvm-categories(7) and lvm-args(7) man pages.
* Use temporary activations for integrity, writecache, thin and VDO pool conv
preventing interference.
* Fix `vgreduce --removemissing --force` infinite loop for raid/mirror snapshot.
* Improve RAID LV health report to distinguish 'refresh needed' from 'repair needed'.
* Support `--interval +N` to delay first poll in pvmove and lvpoll.
* Show active cache mode in kernel table line with `lvs -o kernel_cache_mode`.
* Reject lvreduce of CoW snapshot COW store when it would truncate exception data.
* Skip filesystem resize handling for CoW snapshot COW store LVs in lvresize.
* Fix vgsplit to not fail on no active LV on a PV being split to an existing VG.
* Preserve file desciptors with CLOEXEC opened in library constructors.
* Add lvmpolld 'cmd' log keyword to enable verbose lvpoll output.
* Add `activate_lv_temporary()` to consolidate `LV_TEMPORARY` and sync handling.
* Add missing sync in `add_mirror_log()` and `activate_and_wipe_lv_list()`.
* Fix cachevol cmeta/cdata device offsets.
* Fix pofile generation to include SOURCES2 binaries and update xgettext options.
[1] https://github.com/lvmteam/lvm2/releases/tag/v2_03_39
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
newer gnulib-tool wrappers try to run a sibling Python
launcher file, .gnulib-tool.py, when Python 3 is available.
In current gnulib, that file is a real part of the tree,
and gnulib-tool will exec "$prog.py" in that mode
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* https://github.com/jthornber/thin-provisioning-tools#project-hosting says:
The upstream repository has been moved to device-mapper-utils[1], an
organization established to collect utilities for various device mapper
targets. While the original repository remains mirrored, we recommend
cloning from the new location[2] for better long-term maintenance.
[1]: https://github.com/device-mapper-utils/
[2]: https://github.com/device-mapper-utils/thin-provisioning-tools
* 0001-Define-more-ioctl-codes-on-riscv32gc-unknown-linux-g.patch got merged
upstream in rust-lang/libc.
* dependency rio got dropped in 1.3.0
* The new patch disable-cargo-metadata enables the feature of devicemapper,
because the build fails otherwise.
* On 32 bit architectures, the new patch dms-no-layout-check disables checks
from bindgen they always fail.
From thin-provisioning-tools-1.3.1/CHANGES:
v1.3.1
======
- Improve thin_ls performance using the optimized approach from thin_check
v1.3.0
======
- Improve thin_check performance with an optimized I/O strategy and more
memory-efficient data structures.
- Rewrite AsyncIoEngine using tokio IoUring, removing the rio dependency
- Enhance thin_check with edge-case fixes, including space map boundary checks
- Update thin_explore to use ratatui, replacing the archived tui crate
v1.2.2
=======
- Fix command line parsing for era_invalidate --metadata-snapshot
v1.2.1
=======
- Fix incorrect number of data blocks in thin_shrink's output superblock
v1.2.0
=======
- Remove atty and safemem dependencies due to security concerns
- Remove unused threaded btree walk code
- Change BTreeWalker constructor to take IoEngine by reference for simplicity
(breaking change)
- Update fixedbitset and few other dependencies with required code changes
Cc: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Adds ptest support for xdg-dbus-proxy.
Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Since adding these statuses NVD corrected their DB, and now both CVEs are
tracked with the correct version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also remove PV. There is no need to set PV since the version is in the
recipe file name.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is no need to set PV since the version is in the recipe file name.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openembedded-core updated to coreutils v9.10 in which commit
8c2461933411 ("timeout: honor ignored signal dispositions") changed the
behavior of timeout. It will no longer propagate SIGINT to background
shell jobs which breaks test-cases for gpio-tools which verify that they
exit correctly after receiving SIGINT. This backports the patch sent
upstream that removed the offending test-cases as we already have a
similar set of tests for SIGTERM.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-1013
The vulnerability has been patched since 2.3.13[1], however
NVD tracks it without version info.
Due to this, mark it patched explicitly.
[1]: 249bfcc511
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631
Though NVD indicates that 0.28.8 is still vulnerable, that does
not seem to be the case: the fix that is referenced by the advisory
has been backported[1] to this verison. Due to this, mark this
CVE as patched.
[1]: 21d129c842
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains many bugfixes and CVE fixes:
https://github.com/FreeRDP/FreeRDP/releases/tag/3.24.0
Added build option to use internal rc4 and md4 ciphers: this is due
to a recent change in oe-core. OpenSSL's legacy ciphers (like RC4 and MD4)
are now disabled by default (with 'legacy' PACKAGECONFIG), however
FreeRDP3 relies on them.
To ensure that the required ciphers are available, build the
recipe with this ciphers' internal implementations instead of
expecting OpenSSL to support them.
Ptests passed successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use this recipe to break a circular dependency between libfido2 and
systemd when systemd's fido PACKAGECONFIG is enabled. systemd depends
on libfido2, and libfido2 depends on udev provided by systemd. However,
systemd only depends on the headers provided by libfido2 and its pkgconf
data. systemd uses only the datatypes provided, and opportunistically
enables fido support if libfido2 is found.
This recipe provides only the headers and pkgconf data. This is
sufficient to allow systemd to build support for libfido2.
It only works with a related change I've submitted to openembedded core.
Signed-off-by: Dan McGregor <danmcgr@protonmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Gcc complains about:
| ../../sources/gd-2.3.3/src/gd_filename.c: In function 'ftype':
| ../../sources/gd-2.3.3/src/gd_filename.c:99:9: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
| 99 | ext = strrchr(filename, '.');
| | ^
| cc1: all warnings being treated as errors
Even the newest git master commit does not fix this.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fastfetch is a customisable tool for displaying system information in a
terminal.
Signed-off-by: Tafil Avdyli <tafil@tafhub.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade gosu from 1.17 to 1.19.
Add extra tag=${PV} parameter in SRC_URI to ensure we're at the
correct srcrev.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The following two patches are dropped as they have already been
in the new version:
- 0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch
- CVE-2024-1013.patch
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adapt patch 0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch
to new version of the code. Remove code which not exist and adapt to
new code.
Changelog:
v3.121:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html
Bugs:
- update vendored zlib to v1.3.2.
- Revert the unnecessary changes to intel-gcm-wrap.gyp.
- Use C fallback for AES-GCM on MinGW builds.
- fix ML-KEM PCT.
- Extend NSS Fuzzing docs.
- avoid integer overflow in platform-independent ghash.
- Fix errant whitespace in OISTE Server Root RSA G1 nickname.
- fix build with glibc-2.43 assignment discards ‘const’ qualifier from pointer.
- add gcm.gyp dependency for Solaris SPARC builds.
- Set nssckbi version to 2.84.
- Add e-Szigno TLS Root CA 2023 to NSS.
- allow manual selection of CPU_ARCH=x86_64 and ppc64 in coreconf/Darwin.mk.
- Update cryptofuzz version.
- Paranoia assert.
- Darwin compatibility for intel-aes.S and intel-gcm.S.
- rename intel-{aes,gcm}.s to .S.
- rename C files for platform-specific ghash implementations.
- simplify compilation of platform-specific GCM and GHASH.
- FORWARD_NULL null deref of worker in p7decode.c (sec_pkcs7_decoder_abort_digests).
- Out-of-Bounds Read in ML-DSA Private Key Parsing (zero-length privateKey).
v3.120:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_120.html
Bugs:
- Fix docs generation bug.
- CID 1678226: Dereferencing null pointer plaintext.data().
- Run PKCS12 fuzz target with –fuzz=tls in CI.
- Allowing RT be started several times.
- move linux decision and build tasks to d2g worker pools.
v3.119.1:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119_1.html
Bugs:
- restore coreconf/Darwin.mk behavior for intel archs.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* client: Fix use-after-free when creating async proxy failed
* daemon: Fix race on subscribers list when on thread
* ftp: Validate fe_size when parsing symlink target
* ftp: Check localtime() return value before use
* CVE-2026-28295: ftp: Use control connection address for PASV data
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters
* gphoto2: Use g_try_realloc() instead of g_realloc()
* cdda: Reject path traversal in mount URI host
* client: Fail when URI has invalid UTF-8 chars
* Some other fixes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 2.12.1
Bug solution: tests during append of existing raw log are less strict now.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
