Default branch is renamed from `master` to `main`. Commitshas are the
same.
Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 58679b6a515b51d28c480836ad598fca6f0cc655)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Change the SRC_URI to the correct value due to the following error:
ERROR: geoip-1.6.12-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'http://sources.openembedded.org/GeoIP.dat.20181205.gz;apply=no;name=GeoIP-dat;')
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aadc2ac9dc49dfb5a2066401f22e7b553b324313)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
It was missing as the recipe is using --with-tirpc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adapted for Walnascar
Signed-off-by: Gyorgy Sarvari <gyorgy.sarvari@gmail.com>
(cherry picked from commit 8832aa3ca83d6a2f705d4aa48496f8bd12c9cc15)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
The currently generated LibVNCServerTargets.cmake will include the
following 'set_target_properties':
set_target_properties(LibVNCServer::vncclient PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
INTERFACE_LINK_LIBRARIES "systemd;/usr/lib/libz.so;/usr/lib/liblzo2.so;/usr/lib/libjpeg.so;/usr/lib/libgcrypt.so;/usr/lib/libgnutls.so"
)
INTERFACE_LINK_LIBRARIES here points to absolute paths which hardcodes
the library paths. From CMake doc [1]:
Note that it is not advisable to populate the INTERFACE_LINK_LIBRARIES
of a target with absolute paths to dependencies. That would hard-code
into installed packages the library file paths for dependencies as
found on the machine the package was made on.
This breaks krfb build (kde desktop sharing server) since CMake cannot
find these libraries. Removing the absolute paths solves the issue.
Note: I also added a 'inherit pkgconfig' since libvncserver uses it to
detect libsystemd presence.
1: https://cmake.org/cmake/help/latest/prop_tgt/INTERFACE_LINK_LIBRARIES.html
Signed-off-by: Marc Ferland <marc.ferland@sonatest.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 215694286716cf83bf9e52c5e61b4cbc861098fc)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
When building an SDK with lcov included, gcov isn't included in the SDK
by default. Running lcov to generate coverage fails, because it tries to
use the gcov binary from the host system instead and that cause problems
if the gcc versions do not match.
Signed-off-by: Jef Driesen <jefdriesen@telenet.be>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 0cd6283a4174453ac8d927d917268ba0c3161a02)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
When creating sparse images, the RAW image is no longer needed in
some workflows such as Android and CI pipelines. These RAW images
can be multi-GB artifacts and consume significant disk space.
This change introduces a configuration option
`DELETE_RAWIMAGE_AFTER_SPARSE_CMD` which, when set to "1",
removes the RAW image after sparse image generation.
This reduces disk usage in builds where sparse images are the
final deliverables and RAW images are not required.
Default behavior is unchanged: RAW images are kept unless the
variable is explicitly enabled:
DELETE_RAWIMAGE_AFTER_SPARSE_CMD = "1" # Delete RAW image
DELETE_RAWIMAGE_AFTER_SPARSE_CMD = "0" # Default behavior
(cherry-picked from f5246b7df447ac76ec04c6e5add398862d1c9ccd in master )
Signed-off-by: AshishKumar Mishra <emailaddress.ashish@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Gutenprint install hooks run in parallel but depend on each other. This
is a race condition and might trigger a build failure (e.g on AB [0]):
| chmod 700 $WORKDIR/image/usr/libexec/cups/backend/backend_gutenprint
| chmod: cannot access '$WORKDIR/image/usr/libexec/cups/backend/backend_gutenprint': Not a directory
| make[5]: *** [Makefile:2166: install-exec-hook] Error 1
Fixes this by adding an explicit dependency between the dependent
targets.
[0]: https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/46/steps/33/logs/stdio
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2024-58249:
In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-58249]
Upstream patches:
[f2918a9ac8]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(walnascar rev: d3d3df49d5f6e8747c0b04100c4f708b4cafbbd4)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Fix follow runtime error: ./build_support/src/sniff_mq_prio_max:
/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by
./build_support/src/sniff_mq_prio_max)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2025-54350:
In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion
failure and application exit upon a malformed authentication attempt.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-54350]
Upstream patches:
[4eab661da0]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
A flaw was found in libssh when using the ChaCha20 cipher with the
OpenSSL library. If an attacker manages to exhaust the heap space,
this error is not detected and may lead to libssh using a partially
initialized cipher context. This occurs because the OpenSSL error
code returned aliases with the SSH_OK code, resulting in libssh not
properly detecting the error returned by the OpenSSL library.
This issue can lead to undefined behavior, including compromised
data confidentiality and integrity or crashes.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5987
Upstream-patch:
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=90b4845e0c98574bbf7bea9e97796695f064bf57
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Add the instance specifier to the ptp4l dependency for the phc2sys
service, so the corresponding service is automatically started
correctly. This fixes the following error messages, when starting the
phc2sys@... service:
Failed to restart phc2sys@eth0.service: Unit ptp4l.service not found.
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 31f0b9d3d51a65b1c3d63eb6520e7ab174a8550c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This recipe is a Scarthgap backport of kernel-hardening-checker_0.6.10.2.bb
in the master branch as of August 19, 2025.
Tested on qemux86-64 and on beaglebone-yocto
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
There were a some accidenal typos in the CVE-2025-52886-0001.patch file
that introduced a number of syntactical errors in the qt5/src/poppler-annotation.cc
file, which failed the compilation, in case qt5 PACKAGECONFIG is enabled.
This change fixes these typos. Since qt6 is not enabled in the recipe,
only the qt5 related parts were verified.
While reworking the backport, unfortunately some line number differences
were introduced, which inflate the size of this patch - just scroll
past those.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2025-31181:
A flaw was found in gnuplot. The X11_graphics() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31181]
Upstream patches:
[af96c2c1b2/]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2025-31180:
A flaw was found in gnuplot. The CANVAS_text() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31180]
Upstream patches:
[b2343fd02c/]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2025-31179:
A flaw was found in gnuplot. The xstrftime() function may lead to a
segmentation fault, causing a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31179]
Upstream patches:
[ed647df512/]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2025-31178:
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31178]
Upstream patches:
[b78cc829a1/]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2025-31177:
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31177]
Upstream patches:
[226809aebb/]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2025-31176:
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation
fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31176]
Upstream patches:
[b456a3ef61/]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE-2025-3359:
A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal
may jeopardize the environment.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-3359]
Upstream patches:
[a5897feadc/]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
The repository of dictionaries doesn't have a branch named master. So, the
branch is switched to main.
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
An issue in the pdfseparate utility of freedesktop poppler
v25.04.0 allows attackers to cause an infinite recursion via
supplying a crafted PDF file. This can lead to a Denial of
Service (DoS).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50420
Upstream patch:
a7025904e3
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
File "/usr/lib/python3.12/site-packages/werkzeug/routing/exceptions.py", line 3, in <module>
import difflib
ModuleNotFoundError: No module named 'difflib'
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Backport a patch from upstream that allows vulkan-cts to work with
Vulkan version greater than 1.3. Previously any unknown Vulkan versions
will return 0 when we attempt to locate the minimum version with
minVulkanAPIVersion.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
v1 version was merged instead of v2 from:
https://lists.openembedded.org/g/openembedded-devel/message/118302
add missing Upstream-Status and CVE tags from v2.
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
which avoids the following QA issue during builds on 32-bit systems:
WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'
* Undefine _TIME_BITS to fix the build error:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Pick commit mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
These tests are failing and thus preventing verification of new patches.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>