meta-openembedded: Upstream merge#88
Merged
amstewart merged 17 commits intoni:nilrt/master/scarthgapfrom May 29, 2025
Merged
Conversation
Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory References: https://nvd.nist.gov/vuln/detail/CVE-2025-0633 https://ubuntu.com/security/CVE-2025-0633 Upstream patch: https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f Signed-off-by: Soumya Sambu <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
As detailed in Pipewire documentation [0], the ALSA plugin requires config files to be symlinked as follow: ``` The plugin will be picked up by alsa when the following files are in /etc/alsa/conf.d/: /etc/alsa/conf.d/50-pipewire.conf -> /usr/share/alsa/alsa.conf.d/50-pipewire.conf /etc/alsa/conf.d/99-pipewire-default.conf ``` The above symlinks are missing, thus the pipewire device is not properly detected. Fix this by creating the required symlinks and installing them in the pipewire-alsa package. [0] https://github.com/PipeWire/pipewire/blob/master/INSTALL.md#alsa-plugin Link: openembedded#704 Signed-off-by: Ariel D'Alessandro <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. Signed-off-by: Archana Polampalli <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
0001-Use-default-cc-from-environment-variable.patch removed since it's not available in 1.2.0 License-Update: Reorg and rename files; add pyproject.toml Signed-off-by: Wang Mingyu <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Guðni Már Gilbert <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Guðni Már Gilbert <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Brotli can crash nodejs (on ARM), because the memory allocated for brotli wasn't properly aligned. google/brotli#1159 nodejs/node@dc035bb Signed-off-by: Jeroen Hofstee <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Backport a patch to correctly handle 64bit timestamps. Signed-off-by: Jeroen Hofstee <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
See discussions in closed/rejected issues linked from NVD CVE reports: * CVE-2023-26793: stephane/libmodbus#683 (comment) * CVE-2024-34244: stephane/libmodbus#743 (comment) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-32364 Upstream patch: https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 Signed-off-by: Yogita Urade <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-32365 Upstream patch: https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41 Signed-off-by: Yogita Urade <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903-0001 is the dependent commit and CVE-2025-43903-0002 is the actual CVE fix. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-43903 Upstream patches: https://gitlab.freedesktop.org/poppler/poppler/-/commit/33672ca1b6670f7378e24f6d475438f7f5d86b05 https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669 Signed-off-by: Yogita Urade <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
License-Update: Copyright year updated to 2024. Include security update: CVE-2024-26306 and CVE-2024-53580 drop backported patch: do-not-listen-to-old-udp-prot-listener.patch ChangeLog: https://github.com/esnet/iperf/releases/tag/3.18 https://github.com/esnet/iperf/releases/tag/3.17.1 https://github.com/esnet/iperf/releases/tag/3.17 Signed-off-by: Zhang Peng <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-47619 Upstream patch: syslog-ng/syslog-ng@12a0624 Signed-off-by: Yogita Urade <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
If CAN_ERR_CNT is set, the snprintf_can_error_frame() bails out, as it cannot decode CAN_ERR_CNT. Signed-off-by: Jeroen Hofstee <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
* fixes: https://lists.openembedded.org/g/openembedded-devel/message/117255 DEBUG: Executing shell function do_compile * Getting build dependencies for wheel... /usr/lib/ld-linux-aarch64.so.1: No such file or directory Traceback (most recent call last): File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py", line 389, in <module> main() ~~~~^^ File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py", line 373, in main json_out["return_val"] = hook(**hook_input["kwargs"]) ~~~~^^^^^^^^^^^^^^^^^^^^^^^^ File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py", line 143, in get_requires_for_build_wheel return hook(config_settings) File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/setuptools/build_meta.py", line 334, in get_requires_for_build_wheel return self._get_build_requires(config_settings, requirements=[]) ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/setuptools/build_meta.py", line 304, in _get_build_requires self.run_setup() ~~~~~~~~~~~~~~^^ File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/recipe-sysroot-native/usr/lib/python3.13/site-packages/setuptools/build_meta.py", line 320, in run_setup exec(code, locals()) ~~~~^^^^^^^^^^^^^^^^ File "<string>", line 23, in <module> File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/posix_ipc-1.2.0/build_support/discover_system_info.py", line 409, in discover d["QUEUE_PRIORITY_MAX"] = sniff_mq_prio_max() ~~~~~~~~~~~~~~~~~^^ File "TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/posix_ipc-1.2.0/build_support/discover_system_info.py", line 238, in sniff_mq_prio_max if max_priority < 0: ^^^^^^^^^^^^^^^^ TypeError: '<' not supported between instances of 'str' and 'int' ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel WARNING: TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/temp/run.do_compile.2736023:168 exit 1 from 'nativepython3 -m build --no-isolation --wheel --outdir TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/dist TOPDIR/BUILD/work/raspberrypi4_64-webos-linux/python3-posix-ipc/1.2.0/posix_ipc-1.2.0' WARNING: Backtrace (BB generated script): On some hosts. Signed-off-by: Martin Jansa <[email protected]> Signed-off-by: Khem Raj <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Upstream-Status: Backport from proftpd/proftpd@981a379 Signed-off-by: Vijay Anusuri <[email protected]> Signed-off-by: Armin Kuster <[email protected]>
Signed-off-by: Can Wong <[email protected]>
amstewart
approved these changes
May 29, 2025
Shreejit-03
pushed a commit
to Shreejit-03/meta-openembedded
that referenced
this pull request
Feb 23, 2026
* Fixed testing issues when C extensions are not desired. Contributed by Michał Górny in ni#79. * Added support for GraalPy. Contributed by Michael Šimáček in ni#87. * Fixed testing issues on Python 3.14. Contributed by Michał Górny in ni#88. * Modernized packaging to have metadata in pyproject.toml. * Added Python 3.14 wheels. Signed-off-by: Khem Raj <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is the periodic currency merge with upstream scarthgap branch.
Did the merge using
upstream_merge.shscript. No conflicts.Address CVE errors/warnings
AB#3039648
AB#3039634
Testing
bitbake packagefeed-ni-corebitbake packagegroup-ni-desirablebitbake package-index && bitbake nilrt-base-system-imageNote to maintainers
Please complete this merge manually to avoid upstream hashes being changed by GH.