Peter Marko [Fri, 10 Oct 2025 20:51:59 +0000 (22:51 +0200)]
binutils: patch CVE-2025-11082
Pick patch per link in NVD report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building cargo-c with DEBUG mode, QA checks fail due to
absolute paths from the build environment (TMPDIR) being embedded into
the debug symbols/binaries. This causes issues such as:
ERROR: do_package_qa: File /usr/bin/.debug/cargo-capi contains reference to TMPDIR [buildpaths]
ERROR: do_package_qa: File /usr/bin/.debug/cargo-cinstall contains reference to TMPDIR [buildpaths]
ERROR: do_package_qa: File /usr/bin/.debug/cargo-cbuild contains reference to TMPDIR [buildpaths]
ERROR: do_package_qa: File /usr/bin/.debug/cargo-ctest contains reference to TMPDIR [buildpaths]
To fix this, pass an additional -ffile-prefix-map option to DEBUG_PREFIX_MAP to
ensure that paths under `${CARGO_HOME}` are remapped to `${TARGET_DBGSRC_DIR}`.
This ensures debug info is reproducible and does not leak host-specific paths.
Ryan Eatmon [Tue, 7 Oct 2025 22:43:49 +0000 (17:43 -0500)]
u-boot: Make sure the build dir is unique for each UBOOT_CONFIG
Each UBOOT_CONFIG entry is run in a different directory under ${B} so
that the files can be generated, compiled, and installed differently
from each other. Currently that unique directory name was just the
defconfig used for each UBOOT_CONFIG.
One potential conflict arises when you want build the same defconfig
twice, but pass in different make options. Then we get directory
collision. Simple fix is to include both the defconfig name and the
UBOOT_CONFIG type in the directory name.
This change has the potential to be backwards breaking if a layer is
using the UBOOT_CONFIG flow and overriding/appending any of the do_*
shell functions. Each of those will either need to change to using:
${B}/${config} -> ${B}/${config}-${type}
or for append functions they can use the new variable in the parent
function:
${B}/${config} -> ${B}/${builddir}
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy MacLeod [Tue, 7 Oct 2025 20:46:13 +0000 (16:46 -0400)]
gawk: disable persistent memory allocator due to licensing
In gawk-5.2, a feature that allows gawk to preserve memory between runs:
https://www.gnu.org/software/gawk/manual/html_node/Persistent-Memory.html
was added. The files that implement this, support/pma.[ch], are licensed
under the AGPL3 which some entities perfer to avoid. Force people to knowingly
opt into using this feature and license using:
PACKAGECONFIG:append:pn-gawk = " pma-if-64bit"
where pma is an abbreviation for persistent memory allocator and the
"-if-64bit" suffix is a indicator to users that the feature only works
for 64 bit targets. Also add AGPL to LICENSE and LICENSE:${PN}, when using pma.
Correct the license to be AGPL-3.0-or-later. There hasn't been a change in
the license terms, at least for main.c, haven't changed significantly in
the last 15 years:
License-Update: Reflects conditional AGPL use and more as described above.
Testing requires a non-root account and following the example in the link above:
$ truncate -s <size> data.pma
$ chmod 0600 data.pma
$ GAWK_PERSIST_FILE=data.pma gawk 'BEGIN { print ++i }'
1
$ GAWK_PERSIST_FILE=data.pma gawk 'BEGIN { print ++i }'
2
$ GAWK_PERSIST_FILE=data.pma gawk 'BEGIN { print ++i }'
3
This works on qemu[x86-|arm|riscv]64 but not on qemu[arm|x86] where the
--enable-pma is ignored because there is a requirement and build-time test
for 8 byte void pointers in m4/pma.m4:
if test "$SKIP_PERSIST_MALLOC" = no && test $ac_cv_sizeof_void_p -eq 8
Finally, remove an old comment about GPLv2, GPLv3 versions of gawk
since this is no longer important as the GPLv2 version is not maintained.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 7 Oct 2025 20:13:15 +0000 (22:13 +0200)]
go: upgrade 1.25.1 -> 1.25.2
Upgrade to latest 1.25.x release [1]:
$ git --no-pager log --oneline go1.25.1..go1.25.2 bed6c81c2d (tag: go1.25.2) [release-branch.go1.25] go1.25.2 2612dcfd3c [release-branch.go1.25] archive/tar: set a limit on the size of GNU sparse file 1.0 regions 90f72bd500 [release-branch.go1.25] encoding/pem: make Decode complexity linear e0f655bf3f [release-branch.go1.25] encoding/asn1: prevent memory exhaustion when parsing using internal/saferio 100c5a6680 [release-branch.go1.25] net/http: add httpcookiemaxnum GODEBUG option to limit number of cookies parsed f0c69db15a [release-branch.go1.25] crypto/x509: improve domain name verification 9fd3ac8a10 [release-branch.go1.25] net/url: enforce stricter parsing of bracketed IPv6 hostnames 5d7a787aa2 [release-branch.go1.25] net/textproto: avoid quadratic complexity in Reader.ReadResponse 930ce220d0 [release-branch.go1.25] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key 6a057327cf [release-branch.go1.25] net/mail: avoid quadratic behavior in mail address parsing 66f6feaa53 [release-branch.go1.25] spec: revert "update spec date to match release date" d6f2741248 [release-branch.go1.25] spec: update spec date to match release date 28ac8d2104 [release-branch.go1.25] net/http: avoid connCount underflow race 06993c7721 [release-branch.go1.25] context: don't return a non-nil from Err before Done is closed 0b53e410f8 [release-branch.go1.25] debug/pe: permit symbols with no name 7735dc90ed [release-branch.go1.25] cmd/compile: don't rely on loop info when there are irreducible loops 205d086595 [release-branch.go1.25] crypto/tls: quote protocols in ALPN error message 16fdaac4b1 [release-branch.go1.25] sync/atomic: correct Uintptr.Or return doc f3dc4aac0b [release-branch.go1.25] runtime: initialise debug settings much earlier in startup process 79c3081b4b [release-branch.go1.25] internal/poll: don't call Seek for overlapped Windows handles b816c79658 [release-branch.go1.25] lib/fips140: re-seal v1.0.0 90de3b3399 [release-branch.go1.25] crypto/internal/fips140: remove key import PCTs, make keygen PCTs fatal bec452a3a2 [release-branch.go1.25] crypto/internal/fips140: update frozen module version to "v1.0.0" 57bd28ab7f [release-branch.go1.25] crypto/internal/fips140/ecdsa: make TestingOnlyNewDRBG generic f75bcffa4a [release-branch.go1.25] os: set full name for Roots created with Root.OpenRoot 7d570090a9 [release-branch.go1.25] os: fix Root.MkdirAll to handle race of directory creation be61132165 [release-branch.go1.25] cmd/compile: export to DWARF types only referenced through interfaces a86792b169 [release-branch.go1.25] net: skip TestIPv4WriteMsgUDPAddrPort on plan9 879e3cb5f7 [release-branch.go1.25] runtime: lock mheap_.speciallock when allocating synctest specials
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 13 Oct 2025 11:32:20 +0000 (12:32 +0100)]
perf: Improve build race/reproducibulity fixes
The include options shouldn't be needed with the make fix but issues still remained.
Looking at the logs, it looks like these are from other header directories and
we need to run "make install_headers" for all of the sub components before starting
the main build.
Update the workaround to do that for each component with internal header copies.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Fri, 10 Oct 2025 16:08:42 +0000 (11:08 -0500)]
linux-firmware: Set FILES to ""
Now that all of the current firmware has either been moved into
sub-packages or removed due to licensing the base package is now
empty. Going forward we would like to keep the base package empty
and force the version updates to bin any new firmwares into
sub-packages.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Fri, 10 Oct 2025 16:08:41 +0000 (11:08 -0500)]
linux-firmware: Remove unlicensed firmware
Create a new REMOVE_UNLICENSED variable and do_install() logic to
allow for marking certain firmware files as something to remove and not
package up.
This comes from the fact that the WHENCE file has a number of firmware
entries that have no license information or very questionable
declarations as to what the license is for the firmware.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Fri, 10 Oct 2025 16:08:40 +0000 (11:08 -0500)]
linux-firmware: Move all firmware into sub-packages
A lot of the firmware has already been broken out into sub-packages, but
a good number were still lingering in the base linux-firmware package.
Move all of the remaining firmware into sub-packages based on the
driver name in the WHENCE file or into existing sub-packages where a
file or two were missed.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a zsh-completion-pkgs image feature to install *-zsh-completion
packages into an image. This is similar to the existing
bash-completion-pkgs feature.
Suggested-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Adam Nilsson <Adam.X.Nilsson@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steve Sakoman [Thu, 9 Oct 2025 02:31:23 +0000 (19:31 -0700)]
oeqa/sdk/cases/autotools.py: use gnu mirror instead of main server
ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.
Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.
This information was sourced from https://www.gnu.org/prep/ftp.html
Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steve Sakoman [Thu, 9 Oct 2025 02:31:22 +0000 (19:31 -0700)]
oeqa/selftest/cases/meta_ide.py: use gnu mirror instead of main server
ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.
Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.
This information was sourced from https://www.gnu.org/prep/ftp.html
Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Tue, 7 Oct 2025 16:22:56 +0000 (11:22 -0500)]
u-boot: Add specifying make options as part the config looping
There is a need to generate alternative versions of the uboot files
using the existing config looping system, but we need to add additional
settings to the make call rather simply specifying a different config.
Specifically we have two use cases:
1) We want to sign the same uboot files with two different keys where
the key will be passed on the make call.
2) We want to include the alternative defconfigs from a different
repository and need to add the path to this new location on the make
command line.
This introduces a fourth value for the UBOOT_CONFIG settings:
config,images,binary,make_opts
The values are placed into a new generated variable
UBOOT_CONFIG_MAKE_OPTS which is a '?' separated list since space can be
present if you need to specify multiple options. This is handled by
changing IFS in the shell code when looping over the variable.
Additionally, add in a new variable UBOOT_MAKE_OPTS which is added to
the make calls in the various do_compile functions that do the actual
compiling.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Postactions are not part of the tests but allow to retrieve useful data
from the target. They try to do this using SSH, but this can fail when
no SSH server is present on the target. Ignore these fails.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa: runtime: Ignore SSH errors during setup and tear down
Tests using SSH will fail when no SSH server is present on the target.
These tests are disabled in these cases, by being marked with a
dependency on ssh.SSHTest.test_ssh, which in turns has a dependency on
having either dropbear or openssh-sshd in the image.
But setUpClass() and tearDownClass() functions are always executed, even
on tests failing the dependency checks, leading to unexpected failed
tests.
Ignoring SSH errors in setup and tear down allows to avoid these test
errors.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa: target: ssh: Fail on SSH error even when errors are ignored
Most tests running SSH commands ask for no error to be raised when the
returned status is not 0. As run() will return this status, they may
later use its value to do a similar check on their own, or completely
ignore it. But most of the tests do not check if the non-zero status is
caused by a fail of the command run on the target or by a fail of SSH
itself.
This can lead to confusion when the error does not come from the command
executed on the target but from SSH itself: test might wrongfully be
marked as PASSED or might fail with incoherent errors.
As SSH errors are always reported with exit code 255, we can easily
filter these.
Modify OESSHTarget.run() behaviour so an AssertionError is raised on SSH
failures, even when ignore_status parameter is True. Still allow to
explicitly ignore this error for the rare cases where this can be
needed.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Tue, 7 Oct 2025 14:51:32 +0000 (22:51 +0800)]
tcl8: upgrade 8.6.16 -> 8.6.17
ChangeLog:
2024-12-16 (bug) [63449c] [namespace children] doesn't match non-glob
patterns below the global namespace
2025-01-06 (bug) [fc3509] Better error-message than "interpreter uses
an incompatible stubs mechanism"
2025-01-19 tzdata updated to Olson's tzdata2025a
2025-01-28 (bug) [4f0b57] Win: [exec] now works on App Execution
Aliases.
2025-01-28 (bug) [4e2c8b] Win: [auto_execok] handles larger set of
shell commands.
2025-03-06 (bug) [ba68d1] errorline from [interp eval], interp-26.9
2025-03-23 tzdata updated to Olson's tzdata2025b
2025-04-11 (bug) [fd8341] Tcl_InitStubs compatibility for 9.1, better
error-handling
2025-05-05 (bug) [42d14c] Fix scan with long mantissa. Ex.: scan
"1.[string repeat 1 191]e-321" %g
2025-06-18 (bug) [4f338b] add missing Tcl_CloseEx docs
2025-06-24 (bug) [ecf35c] Correct nested handling of return option
-options
2025-06-25 (bug) [ecafd8] Euro/Tail-sign missing from cp864 encoding
2025-07-03 (bug) [6b0f77] gcc 14 breaks configure test for bigendian
leading to broken floating point
2025-07-16 (bug) [c9f052] prevent overflow crash in Tcl_SplitList().
2025-07-21 (bug) [61c01e] Flawed ref counts in filesystem
implementation for Windows led to use-after-free
2025-08-12 (new) dde => 1.4.5
2025-08-12 (bug) [992f94] avoid misaligned pointers in macOS file
attribute functions
Set LC_ALL and LANG to en_US.UTF-8 when running ptest since the test
cases now include more encodings than just ASCII[1].
Also, add rdepends on locale-base-en-us and tzdata for ptest package,
as they are required for running ptest.
Khem Raj [Mon, 6 Oct 2025 21:48:48 +0000 (14:48 -0700)]
ghostscript: Do not treat declaration-after-statement warning as error
This option is added by ghostscript and is passed down to its modules
e.g. brotli, brotli does expect c99 or newer standard and hence uses
declarations after statement. This option causes compiler e.g. clang
to find this warning and treat it as error on 32bit builds
./brotli/c/dec/decode.c:440:12: error: mixing declarations and code is incompatible with standards before C99 [-Werror,-Wdeclaration-after-statement]
440 | uint32_t __fastload_table = (*table);
| ^
1 error generated.
recipeutils/get_recipe_upstream_version: pass ud.name instead of 'default'
While all but the osc fetcher ignore the third parameter of their
latest_revision implementation, 'default' isn't a valid name in general.
Since commit 2515fbd10824 ("fetch: Drop multiple branch/revision support
for single git urls") in bitbake a fetcher only handles a single
branch/revision and the only sensible thing to pass is `ud.name`.
OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)
* Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)
* Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release builds, as it broke some exiting applications that relied on the previous 3.x semantics, as documented in OpenSSL_version(3).
OpenSSL 3.5.3 is a bug fix release.
This release incorporates the following bug fixes and mitigations:
* Added FIPS 140-3 PCT on DH key generation.
* Fixed the synthesised OPENSSL_VERSION_NUMBER.
* Removed PCT on key import in the FIPS provider as it is not required by the standard.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
selftest/meta_ide: source the environment first, then change to the sources directory
This too used to work by coincidence: sourcing the environment
quietly failed without changing to the build directory, but
now that it works properly, things should be done in correct order.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sourcing a script with arguments is a non-standard bash extension
and doesn't work with other shells (e.g. dash, which is used on
Debian and derivatives). This used to work by coincidence when
running against integrated poky repo without having to separately
specify where bitbake is, but no longer does.
Using set is a POSIX standard.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pass the BITBAKEDIR parameter to oe-init-build-env when called from the
environment-setup script. This fixes compatibility with bitbake-setup,
which places bitbake in a different directory structure than the
standard poky repository layout where bitbake is located alongside
oe-init-build-env.
The issue was discovered when running the oe-selftest test
DevtoolIdeSdkTests.test_devtool_ide_sdk_shared_sysroots, which failed
because the environment-setup script was not able to find bitbake.
File ".../openembedded-core/meta/lib/oeqa/selftest/cases/devtool.py",
line 2955, in test_devtool_ide_sdk_shared_sysroots
self.assertExists(cmake_native)
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
File ".../openembedded-core/meta/lib/oeqa/selftest/case.py", line 251,
in assertExists
raise self.failureException(msg)
AssertionError: 'Error: The bitbake directory (/tmp/devtoolqah9ndff2x/bitbake)
does not exist! Please ensure a copy of bitbake exists at this location or
specify an alternative path on the command line\n
.../build-st/tmp/sysroots/x86_64/usr/bin/cmake' does not exist
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Grünert [Wed, 27 Aug 2025 06:49:40 +0000 (08:49 +0200)]
scripts/runqemu: raise an error when bitbake was not found
Running 'scrupts/runqemu' without bitbake in PATH causes the
following error:
```
Traceback (most recent call last):
File "/home/rg/temp_stuff/oe_2/./scripts/runqemu", line 1807, in main
config.check_args()
~~~~~~~~~~~~~~~~~^^
File "/home/rg/temp_stuff/oe_2/./scripts/runqemu", line 624, in check_args
s = re.search('^DEPLOY_DIR_IMAGE="(.*)"', self.bitbake_e, re.M)
File "/usr/lib/python3.13/re/__init__.py", line 177, in search
return _compile(pattern, flags).search(string)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^
TypeError: expected string or bytes-like object, got 'NoneType'
```
This patch adds a more helpful error message to inform the user that
bitbake was not found, e.g. because oe-init-build-env was not sourced.
This is an example of the new error message after the patch:
```
runqemu - ERROR - In order for this script to dynamically infer paths
kernels or filesystem images, you either need bitbake in your PATH
or to source oe-init-build-env before running this script.
Dynamic path inference can be avoided by passing a *.qemuboot.conf to
runqemu, i.e. `runqemu /path/to/my-image-name.qemuboot.conf`
Bitbake is needed to run 'bitbake -e', but it is not found in PATH. Please source the bitbake build environment.
```
CC: Richard Purdie <richard.purdie@linuxfoundation.org> CC: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Grünert <r.gruenert@pironex.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
runqemu: ensure that bitbake environment is either returned, or an exception is raised
This eliminates the other remaining code path where environment getter
returns 'nothing'. This and the previous patch were tested in a-full,
and no errors occurred [1], which means the code paths that make
use of the function returning nothing are never actually executed
and can be cleaned up (in the following patch).
The rationale is that if environment getter cannot obtain the environment,
it should report that and not sweep the issue under the carpet;
it's up to the caller to handle that situation, or make pre-emptive
checks that avoid calling the environment getter when it is bound to fail.
Ross Burton [Wed, 8 Oct 2025 14:26:20 +0000 (15:26 +0100)]
clang: consolidate LLVM_APPEND_VC_REV=OFF
Whilst the change to add TMPDIR to GIT_CEILING_DIRECTORIES should stop
LLVM from embedding git information into the recipes, also disable this
behaviour explicitly.
We do this because it's not just the sha of the source tree but also
the full URL of the repository, which would be an information leak if
an internal git mirror was being used.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Oct 2025 10:42:46 +0000 (11:42 +0100)]
clang: use llvm recipe
Change this recipe to build just clang and clang-tools-extra, using the
LLVM provided by the llvm recipe.
This adds an 'extra-tools' PACKAGECONFIG (enabled by default) that
controls whether to build the clang-tools-extra project. This includes
clang-tidy and clangd, but the compile time and size for these
components is not insignificant.
Add a patch from upstream to support using native prebuilt tools (such
as clang-tblgen) when building standalone.
Add a patch that is being worked on with upstream to not rebuild clang-
tblgen if it has already been provided. This saves a little build time,
but more importantly for us resolves a static linking/uninative problem.
Remove the dependency on clang-cross in non-native builds by just
depending on llvm-native and using the un-prefixed tools directly.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Oct 2025 10:42:45 +0000 (11:42 +0100)]
llvm: add recipe for just the LLVM libraries
Whilst it's convenient to build all of the LLVM project in one big
recipe, that's not ideal when we may just need LLVM on target and not
the rest.
Bring back a LLVM recipe that can be used by both clang (shortly) and
Rust (in the future)
Set the build type to MinSizeRel and DEBUG_LEVELFLAG to -g1 (instead of
the default, -g): the LLVM debug symbols are very large (several
gigabytes) and this reduces them to hundreds of megabytes.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Oct 2025 10:42:44 +0000 (11:42 +0100)]
clang: globally disable build-time RPATHs for reproducibility
Various bits of the LLVM project set the build RPATH in a way that means
we have non-deterministic binaries even though we should always be using
relative paths.
This clearly is not working as some of the binaries get rewritten on
install and have large string paddings that correlate with erased build
paths.
So that we don't have to disable RPATHs in every recipe, just do it once
in the common include file and remove the existing recipe-specific
assignments that are now not needed.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 8 Oct 2025 14:02:24 +0000 (15:02 +0100)]
bitbake.conf: add TMPDIR to GIT_CEILING_DIRECTORIES
We export GIT_CEILING_DIRECTORIES=WORKDIR to ensure that git calls
inside the builds don't find oe-core when they're meant to be looking
for the git repository of the source code.
However, this breaks for recipes that use work-shared (such as llvm), as
their working directory is outside of WORKDIR.
Solve this by adding TMPDIR to the list as a final catch, but keeping
WORKDIR first so that git will stop sooner in the general case.
This solves reproduciblity problems in LLVM, where for example lld's
version string would contain the URL and commit hash of the poky repo
being built.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 6 Oct 2025 13:21:12 +0000 (14:21 +0100)]
bitbake.conf,lib/configfragments: Use a new dedicated toolcfg.conf file
Rather than using auto.conf which already has established use in CI, or
local.conf which users expect to own/control, start writing "tooling"
controlled settings to a toolcfg.conf.
This frees CI to handle auto.conf as it wants, but avoids the tooling
breaking users local.conf files.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 6 Oct 2025 13:14:52 +0000 (14:14 +0100)]
oeqa/selftest/bblock/fitimage/sstatetests: Fix changing MACHINE during the test
With config fragments, changing MACHINE in the test like this no
longer works. Use the forcevarable override to allow it to work.
This also needs a tweak to bitbake to work correctly, sent
seperately. Whilst ugly, this avoids the need to start changing
config fragments within oeqa right now.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 6 Oct 2025 13:09:02 +0000 (14:09 +0100)]
oeqa/selftest: Fix single threaded race issue
oe-selftest sets up separate build directories to run the tests in.
To to this, environment paths pointing at the previous build directory
are updated. In the multi-threaded case this is fine as the thread is
destroyed and the parent remains unchanged but in the single threaded
case, the environment is broken afterwards. This can mean we try and access
a directory which is in the process of being deleted (e.g. by clobberdir).
Restore the environment afterwards regardless to ensure the single threaded
case doesn't try and access the build directory which is now being deleted.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
selftest/bblayers: maintain compatibility with integrated poky repo
This amends the recently merged commit that assumes the transition
to separate repositories has already happened and re-instatates
support for integrated poky.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yoann Congal [Fri, 3 Oct 2025 21:12:48 +0000 (23:12 +0200)]
oeqa/selftest/wic: fix PATH for wic.Wic2.test_extra_partition_plugin
Without importing PATH from the wic-tools recipes, the build host PATH
is used and this test may fail depending on tools (parted, dumpe2fs,
...) availability. This triggers build faillure on AB (e.g. [0])
To fix this, import PATH from wic-tools and ensure the original
environment is restored after.
Since this indent a block of code into a try/finally block, here is the
diff ignoring white spaces change:
diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index bff3842305..bc99673d0d 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -1680,0 +1681,4 @@ INITRAMFS_IMAGE = "core-image-initramfs-boot"
+ oldpath = os.environ['PATH']
+ os.environ['PATH'] = get_bb_var("PATH", "wic-tools")
+
+ try:
@@ -1696,0 +1701,3 @@ INITRAMFS_IMAGE = "core-image-initramfs-boot"
+ finally:
+ os.environ['PATH'] = oldpath
+
Yoann Congal [Fri, 3 Oct 2025 21:12:47 +0000 (23:12 +0200)]
oeqa/selftest/wic: fix PATH for wic.Wic2.test_extra_partition_space
Without importing PATH from the wic-tools recipes, the build host PATH
is used and this test may fail depending on tools (parted, dumpe2fs,
...) availability. This triggers build faillure on AB (e.g. [0])
To fix this, import PATH from wic-tools and ensure the original
environment is restored after.
Since this indent a block of code into a try/finally block, here is the
diff ignoring white spaces change:
diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index b1c318bd4e..34d844b90b 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -1331,0 +1332,4 @@
+ oldpath = os.environ['PATH']
+ os.environ['PATH'] = get_bb_var("PATH", "wic-tools")
+
+ try:
@@ -1366,0 +1371,2 @@
+ finally:
+ os.environ['PATH'] = oldpath
Peter Marko [Fri, 3 Oct 2025 18:25:33 +0000 (20:25 +0200)]
busybox: patch CVE-2025-46394
Pick commit mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Tiemann [Thu, 2 Oct 2025 09:59:25 +0000 (11:59 +0200)]
udev-extraconf: Avoid slashes in mountpoint names
Devices with labels such as "Hello/World/Foo/Bar" cause mount.sh to
create the directory structure @MOUNT_BASE@/Hello/World/Foo/Bar. The
partition is mounted to the nested "Bar" directory. On device removal,
the directory structure is not cleaned up.
This commit replaces all forward slashes in partition labels by
underscores to avoid this edge case.
Signed-off-by: Robert Tiemann <rtie@gmx.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Tiemann [Thu, 2 Oct 2025 09:59:24 +0000 (11:59 +0200)]
udev-extraconf: Speed up mount.sh
On devices with many partitions, running blkid without parameters can
be rather slow because all block devices are inspected:
$ time /sbin/blkid
real 0m0.474s
user 0m0.026s
sys 0m0.172s
versus
$ time /sbin/blkid /dev/mmcblk0p10
real 0m0.027s
user 0m0.002s
sys 0m0.018s
Plugging in a device with 5 partitions means that mount.sh is going to
be executed 5 times, and so will be blkid. In the real-world case
outlined above, this adds up to an overhead of about 2.3 seconds for
blkid alone.
This commit changes mount.sh so that the block device of interest is
passed directly to blkid such that blkid inspects only that device,
leading to significant speedup.
Signed-off-by: Robert Tiemann <rtie@gmx.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The extra_partition plugin allows populating an extra partition with
files listed in the new IMAGE_EXTRA_PARTITION_FILES variable. The
implementation is similar to the bootimg_partition plugin.
This plugin provides an easy way to install files that are not part of
the rootfs, from the deploy directory.
mesa-demos: split info tools to a separate package
While the rest of programs inside mesa-demos are really "demos", several
*info utilities have separate value as they allow gathering information
about the running system in a manner similar to clinfo or vulkaninfo.
Split them into a separate package in order to allow picking them info
the images without picking up the rest of "demos".
Jon Mason [Wed, 1 Oct 2025 17:58:14 +0000 (13:58 -0400)]
tunes/arm: add support for newer arm64 cores
Add tunes for cores that have been present since GCC 14.1.0.
These have been present in meta-arm since mid-July, and have all been
verified with fvp-base and testimage. Of those present in meta-arm,
arch-armv8-9a.inc, arch-armv9-4a.inc, and arch-armv9-5a.inc have been
excluded from this commit, as there are currently issues compiling some
packages (but still present in meta-arm for those that want to use them
despite those issues).
Signed-off-by: Jon Mason <jon.mason@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
b708aea0bc71 [SCEV] Don't perform implication checks with many predicates (#158652) 77a3b0eda361 [RISCV] Refactor RVV builtin code generation for reduce compilation time [NFC] (#154906) f14551dbc4e8 [RISCV] Reduce ManualCodeGen for RVV intrinsics with rounding mode. NFC dcc2c1c933be [RISCV] Reduce ManualCodeGen for segment load/store intrinsics. NFC e625a781211e [LLVM] Update CUDA ELF flags for their new ABI (#149534) 3e93017936b5 MC: Better handle backslash-escaped symbols (#158780) bc5e9a5e2009 [MC] Add parseSymbol() helper (NFC) (#158106) e2e5eb2f1cd9 [Loads] Check for overflow when adding MaxPtrDiff + Offset. 661c387fc2f1 release/21.x: [VPlan] Don't narrow op multiple times in narrowInterleaveGroups. f5c1b5206cbe [PowerPC] Avoid working on deleted node in ext bool trunc combine (#160050) db70369f400e [Clang] Fix an error-recovery crash after d1a80dea (#159976) 9c8736f348e0 [ELF] -r/--emit-relocs: Fix crash when processing .rela.text before .text (#156354) 15a31832eab7 [RISCV] Re-work how VWADD_W_VL and similar _W_VL nodes are handled in combineOp_VLToVWOp_VL. (#159205) f089fb21fffa [LoongArch] Fix MergeBaseOffset for constant pool index operand (#159336) 9eedaf5b1001 [VectorCombine] Fix scalarizeExtExtract for big-endian (#157962) 5af5cfb60d9e [clang-format] Handle C digit separators (#158418) 0174263ac214 Bump version to 21.1.2 ff039a98523f [RISCV] Support PreserveMost calling convention (#148214) 1a644bc50948 [X86] Fix assertion in AVX512 setcc combine due to invalid APInt mask width (#155775) 2c8cb316b5d2 [lldb][test] Only assert function name is in user-code on Darwin platforms f5ba88341e7c [lldb][test] TestTsanBasic.py: fix function name assertion faedeb1a2420 [lldb][Instrumentation] Set selected frame to outside sanitizer libraries (#133079) 54896838ca5e [lldb][Target] Clear selected frame index after a StopInfo::PerformAction (#133078) f4907049285c [Clang][Cygwin] Use correct mangling rule (#158404)
selftest/bblayers: do not assume integrated poky repo
The autobuilder is being transitioned to bitbake-setup which
sets up individual repositories that yocto is made of. Adjust
hardcoded revisions to match these repositories.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
devtool: ide_sdk: pass BITBAKEDIR to oe-init-build-env
This fixes an issue where the generated install_and_deploy script is
unable to find the bitbake directory when run outside of the build
environment. This happens if the oe-selftest suite runs in a bitbake
environment that is bootstrapped by bitbake-setup.
AssertionError: Command '.../build-st/workspace/ide-sdk/cmake-example/
scripts/install_and_deploy_cmake-example-cortexa57' returned non-zero exit status 1:
Error: The bitbake directory (/tmp/devtoolqakq7kzgeo/bitbake) does not exist!
Please ensure a copy of bitbake exists at this location or specify an
alternative path on the command line
. /tmp/devtoolqakq7kzgeo/core-copy/oe-init-build-env
/home/adrian/bitbake-builds/poky-master-poky-with-sstate-distro_poky-altcfg-machine_qemuarm64/build-st
failed
Another reason this issue occurs with oe-selftests is that devtool
tests assume the full poky git repository is available. The setUpModule
function clones layer repositories, which for poky includes bitbake.
However, when using separate git repositories for bitbake and
openembedded-core, the bitbake directory is not preserved during layer
copying. While copying layers to allow modification during tests makes
sense, copying bitbake is less beneficial. Referring to the original
bitbake location is preferable, but cleaning up the devtool tests is
not part of this change.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
devtool: ide-sdk: use /bin/sh instead of /bin/bash
When generating the install and deploy script for IDEs, use /bin/sh
instead of /bin/bash. While this is not addressing a known issue,
using the more portable /bin/sh shell is preferable and avoids
requiring bash to be installed.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lib/bbconfigbuild/configfragments: disable the previous builtin fragment when enabling a new one
There was a flaw in the logic that allowed multiple builtin fragments with
the same prefix to be enabled at the same time. The correct behaviour
is that only one of them should be enabled, and when enabling it
all previously enabled fragments should be removed.
The issues that this caused are further explained in
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15987
[YOCTO #15987]
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 29 Sep 2025 17:11:22 +0000 (18:11 +0100)]
linux-firmware: skip ldflags sanity check
Some of the firmware blobs, for example qcom/apq8016/modem.mbn, are
actually ELF files. We don't want to hold these to our exacting standard
for link flags because we're not building them and they don't run on the
target directly.
Note that as this check parses the output of ${OBJDUMP} -p it behaves
differently with binutils vs llvm. It looks like binutils bails early
as it doesn't know what the target architecture is, whereas LLVM is more
comprehensive in its support.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
populate_sdk_ext: do not require CONF_VERSION (e.g. local.conf version) to be set
The version checks for local.conf/site.conf/bblayers.conf are all optional,
and aren't enforced (by insane class) if the versions aren't set.
As bitbake-setup writes out a blank local.conf, it doesn't put a version in it
either. Also, esdk bundle has a fixed set of layers and is not at risk of
needing to update its own local.conf.
The same condition is already in place for esdk's bblayers.conf for similar reasons.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changqing Li [Tue, 30 Sep 2025 08:00:55 +0000 (16:00 +0800)]
package.py: replace all files unconditionally when copy debug sources
This is for fixing reproducible issue for package like:
intel-speed-select-src. For intel-speed-select, one of the debug sources
is /usr/src/debug/intel-speed-select/1.0/include/linux/thermal.h,
file include/linux/thermal.h under ${S} (kernel-sources)
link file include/linux/thermal.h under ${B}, which link to ${S}/include/uapi/linux/thermal.h
During copy debug sources, sources under ${S} copied first, then sources
under ${B} is copied. mtime of ${S}/include/linux/thermal.h and
${S}/include/uapi/linux/thermal.h are decided by when it is fetched, so
it is not determinate, maybe same or different.
For cpio, if the in file is older than or the same as the exist file,
cpio will not replace the exist file with warning "cpio: xxx not created:
newer or same age version exists". And this will cause
intel-speed-select-src maybe not reproducible.
And option '-u' for cpio, first, this will make the copied file
determistic. Second, source files under ${B} should have higher priority
then ${S}, it may be generated during build, the target is more likely
to use this file.
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Ryan Eatmon [Thu, 25 Sep 2025 19:21:15 +0000 (14:21 -0500)]
linux-firmware: Fix FILES for intel firmware
The 20250917 version is installing the firmware files into the
/usr/lib/firmware/intel directory and symbolic links to those files
under /usr/lib/firmware. FILES needs to be updated to correctly package
all of the files into the right packages. Without this we get a dependency
from the linux-firmware-iwlwifi-* and linux-firmware-qat packages back to
linux-firmware which means you have to install ALL of the drivers when you
depend on the specific package.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Ross Burton [Mon, 29 Sep 2025 17:11:25 +0000 (18:11 +0100)]
clang: build with MinSizeRel
This is the recommended build configuration upstream unless speed is the
ultimate goal. They say it's almost as fast as Release (-O3) but a lot
smaller on disk:
Ross Burton [Mon, 29 Sep 2025 17:11:24 +0000 (18:11 +0100)]
clang: fix reproducibility issue in LLVMConfig.cmake
The LLVMConfig.cmake file is mostly LLVM configuration, but it also
specifies if some Python modules (needed by the opt-viewer tool) were
present on the build host.
This is host contamination and a source of non-determinism, so remove it
from the installed file.
gn is a commonly used build tool to generate ninja files, used
in a lot of recipes e.g. chromium, qtwebengine, perfetto, hafnium etc.
these recipes come from different layers e.g. meta-qt6/meta-arm/meta-oe
since not all layers depend on meta-oe ( meta-arm does not ), its not
a possible option.
Given the usecases, putting it in core will benefit the ecosystem
and reduce some duplication. This recipe is taken from meta-arm
Disable maybe-initialized is a gcc specific option as error
Disable format warnings as errors, it adds -Wno-format explictly in
its build system
Since commit 19004950ad56 ("sanity: Check if the C++ toolchain supports
--std=gnu++20") host GCC must support "--std=gnu++20", which became
available in 10.1. This is already reflected in the documentation [1]
but not here.
Update the sanity check on GCC and raise the minimum version to 10.1.
Remove the dead link to www.softwarecollections.org.
shadow: Increase the maximum group name length to 32 (the default)
Back in 2014, the maximum group name length was increased from 16 (the
default) to 24. Since then, the default has increased to 32, and our
configuration is now actually a decrease in maximum group name length.
Remove the configuration to use the default instead, which aligns the
maximum group name length with the maximum user name length.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Ross Burton [Sat, 27 Sep 2025 10:41:36 +0000 (11:41 +0100)]
meson: upgrade to 1.9.1
Changes in this release:
751b09390 Bump versions to 1.9.1 for release d0abb2133 Boost python must have a library component. e6732c220 Check for header only Boost libraries. 08429813b get_llvm_tool_names: add llvm 21 f3b383217 docs: fix pre-1.8 order for per-subproject options a2d395498 Revert "test cases: do not pass global option on command line" d0f82544e Revert "tests: skip test common/223 in the -Ddefault_library=... jobs" 2abdb2f0b options: put back in place 1.7 ordering of opt=value vs subp:opt=value 83cbc65c2 Fix not passing user option args to scan-build build e746db0b4 Document internal dep support in pkgconfig.generate `requires` arg f6ab732b7 msetup: not-found subprojects do not have known options 5d21e653a utils: make .wraplock optional d1e219cb8 Fix Cygwin test failure. 0fc77e2d7 coredata: do not write None to cmd_line.txt 533ba5cb3 options: do not raise exception for unknown options in -U command ae822d1d4 test cases/common/32 has header: disable undef with libcxx c58f0d951 rustdoc: skip --crate-type option b8e0e9d3d fix transient failure on rust/12 bindgen 75cf757b7 coredata: check for per-subproject compiler and linker arguments a747c4ea8 coredata: check for per-subproject compiler options
Drop the two backported patches.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
xkeyboard-config: Turn absolute symlinks into relative
Native builds encode symlinks pointing to absolute paths into
build native sysroot which gets into sstate artifacts and an error
is rightly generated
ERROR: xkeyboard-config-native-2.45-r0 do_populate_sysroot: sstate found an absolute path symlink /mnt/b/yoe/master/build/tmp/work/x86_64-linux/xkeyboard-config-native/2.45/sysroot-destdir/mnt/b/yoe/master/build/tmp/work/x86_64-linux/xkeyboard-config-native/2.45/recipe-sysroot-native/usr/share/X11/xkb pointing at /mnt/b/yoe/master/build/tmp/work/x86_64-linux/xkeyboard-config-native/2.45/recipe-sysroot-native/usr/share/xkeyboard-config-2. Please replace this with a relative link.
ERROR: xkeyboard-config-native-2.45-r0 do_populate_sysroot: Failing task due to absolute path symlinks
Turn these symlinks to be relative inside D which will reflect
correclty without need for absolute path prefix
Bruce Ashfield [Mon, 29 Sep 2025 18:59:29 +0000 (14:59 -0400)]
linux-yocto/6.12: update to v6.12.49
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
da274362a7bd Linux 6.12.49 6553fdf0f7d4 minmax.h: remove some #defines that are only expanded once cf5fe0b36f10 minmax.h: simplify the variants of clamp() 5c2b06b31da6 minmax.h: move all the clamp() definitions after the min/max() ones 5f6818002047 minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() e94ce277b568 minmax.h: reduce the #define expansion of min(), max() and clamp() ab58f71b8fdf minmax.h: update some comments d9c5ccf6b69b minmax.h: add whitespace around operators and after commas 63fd831aa5dc rtc: pcf2127: fix SPI command byte for PCF2131 backport 207fa0d49522 xhci: dbc: Fix full DbC transfer ring after several reconnects 490f1ca013b5 xhci: dbc: decouple endpoint allocation from initialization 9b28ef1e4cc0 usb: xhci: remove option to change a default ring's TRB cycle bit e5051c055926 usb: xhci: introduce macro for ring segment list iteration c839be6df4da mptcp: pm: nl: announce deny-join-id0 flag 34f351c0fa95 mm/gup: check ref_count instead of lru before migration 096c5b1fde51 mm: add folio_expected_ref_count() for reference count calculation 23da4e0bb2a3 vmxnet3: unregister xdp rxq info in the reset path ca8938704142 KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions e5a3331a2e98 x86/bugs: KVM: Add support for SRSO_MSR_FIX f9c6aec2a6dd x86/bugs: Add SRSO_USER_KERNEL_NO support 0a3ac13d8686 platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk 7228ed156377 platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 a89c34babc2e io_uring: fix incorrect io_kiocb reference in io_link_skb 922338efaad6 smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path 24c1106504c6 crypto: af_alg - Set merge to zero early in af_alg_sendmsg 6ae90a2baf92 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) b814660334bb smb: client: fix filename matching of deferred files ea5cbcecd54d drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() f108c98c7005 drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path 0da73f782769 drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ 503de75db426 drm/xe/tile: Release kobject for the failure path 22814abfd961 ASoC: Intel: catpt: Expose correct bit depth to userspace b51ded0f604e ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message e5c10cec7a1b ASoC: wm8974: Correct PLL rate rounding 987b1d5e39b9 ASoC: wm8940: Correct typo in control name ccba708502b6 ASoC: wm8940: Correct PLL rate rounding 695673eb5711 io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check 93e9d0293d3b io_uring/msg_ring: kill alloc_cache for io_kiocb allocations e6b2b4a0ffd8 io_uring: include dying ring in task_work "should cancel" state d7a38ee4f0be io_uring: backport io_should_terminate_tw() 9b71bfefc405 io_uring/cmd: let cmds to know about dying task 9ffc5f132a35 ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx acab5c56a6fa selftests: mptcp: avoid spurious errors on TCP disconnect 2b5b0674686f selftests: mptcp: connect: catch IO errors on listen side ca261278c6b7 mptcp: propagate shutdown to subflows when possible 60b07b9f6093 rds: ib: Increment i_fastreg_wrs before bailing out 21ba85d9d508 net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer 232e74984061 drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put 2ae6d79a769b KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active bd5524ec7155 mmc: mvsdio: Fix dma_unmap_sg() nents value 6dbac7d814a7 ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S 9c534dbfd172 ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed d1c96316e4c1 ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface bf46ed89bf24 btrfs: tree-checker: fix the incorrect inode ref size check cd92c8ab336c iommu/amd/pgtbl: Fix possible race while increase page table level c023b4f4444f iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() 1e68a5f046e9 LoongArch: Check the return value when creating kobj 05a76baf2700 LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled 382f5ff57010 LoongArch: vDSO: Check kcalloc() result in init_vdso() 040f278cc1a5 LoongArch: Fix unreliable stack for live patching b6f29fa5f603 objtool/LoongArch: Mark special atomic instruction as INSN_BUG type 89d40cc647da objtool/LoongArch: Mark types based on break immediate code 1766f14c8f97 LoongArch: Update help info of ARCH_STRICT_ALIGN cbb8cd66d0bc mm: revert "mm: vmscan.c: fix OOM on swap stress test" f6e161f3fa99 gup: optimize longterm pin_user_pages() for large folio f8f64254bca5 dm-stripe: fix a possible integer overflow cb58eaad2235 dm-raid: don't set io_min and io_opt for raid1 7061e566ce5d power: supply: bq27xxx: restrict no-battery detection to bq27000 f91359651678 power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery 9aee87da5572 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg 1adc72411f3d nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* 9644798294c7 ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size 8be498fcbd5b ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer e97c45c770f5 perf/x86/intel: Fix crash in icl_update_topdown_event() ff27e23b311f octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() 6e33a7eed587 cnic: Fix use-after-free bugs in cnic_delete_task acf8d06b8b97 net: liquidio: fix overflow in octeon_init_instr_queue() f07c925bb70e Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" 208640e6225c tls: make sure to abort the stream if headers are bogus fa4749c06564 tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). 0c691ea3852c octeon_ep: fix VF MAC address lifecycle handling 4c0bfb2dc6ab bonding: don't set oif to bond dev when getting NS target destination d1f3db4e7a3b net/mlx5e: Harden uplink netdev access against device unbind bec504867acc igc: don't fail igc_probe() on LED setup error 610332f7ac20 i40e: remove redundant memory barrier when cleaning Tx descs 80555adb5c89 ice: fix Rx page leak on multi-buffer frames 1644ee7696f3 ice: store max_frame and rx_buf_len only in ice_rx_ring 3e3be7bbe4a5 net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure 13e7a6e96076 selftests: mptcp: sockopt: fix error messages 10e54bf7cb6e mptcp: tfo: record 'deny join id0' info bb7a3f09e9d4 selftests: mptcp: userspace pm: validate deny-join-id0 flag 7f5b09cc84e0 mptcp: set remote_deny_join_id0 on SYN recv 9a958802080c bonding: set random address only when slaves already exist 660b2a8f5a30 qed: Don't collect too many protection override GRC elements 5f445eb25990 net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR 79320035973f dpaa2-switch: fix buffer pool seeding for control traffic 3112c70b2e01 um: Fix FD copy size in os_rcv_fd_msg() 00e98b5a6903 um: virtio_uml: Fix use-after-free after put_device in probe 9c416e76a57f btrfs: fix invalid extref key setup when replaying dentry ded4d207a320 cgroup: split cgroup_destroy_wq into 3 workqueues eed66faed623 pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch 8df33f4d4a0b wifi: mac80211: fix incorrect type for ret 32adb020b0c3 wifi: mac80211: increase scan_ies_len for S1G 814952c1b1ff ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported b146e0434feb nvme: fix PI insert on write 2203ef417044 wifi: wilc1000: avoid buffer overflow in WID string configuration
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 29 Sep 2025 18:59:27 +0000 (14:59 -0400)]
linux-yocto/6.16: update to v6.16.9
Updating linux-yocto/6.16 to the latest korg -stable release that comprises
the following commits:
b0d8acc71198 Linux 6.16.9 f9fc28d1451b samples/damon/prcl: avoid starting DAMON before initialization 40108f69c372 clk: sunxi-ng: mp: Fix dual-divider clock rate readback f9fa006e3527 samples/damon/mtier: avoid starting DAMON before initialization 8f7dd196be59 samples/damon: change enable parameters to enabled 1338fb5d576a samples/damon/prcl: fix boot time enable crash 941452199941 dt-bindings: serial: 8250: move a constraint 95c9489abfc4 dt-bindings: serial: 8250: spacemit: set clocks property as required ceee5585720a dt-bindings: serial: 8250: allow clock 'uartclk' and 'reg' for nxp,lpc1850-uart fb0b1ef7055b mptcp: pm: nl: announce deny-join-id0 flag 46d6ff0da889 platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk 1aa91f3d4f16 platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 50a98ce1ea69 io_uring: fix incorrect io_kiocb reference in io_link_skb 0991418bf98f smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path 9617c3ede9ff smb: client: fix file open check in __cifs_unlink() 5ba113d0b049 io_uring/msg_ring: kill alloc_cache for io_kiocb allocations 045ee26aa392 crypto: af_alg - Set merge to zero early in af_alg_sendmsg 3fabb1236f2e smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) ac6fbc3d0030 smb: client: use disable[_delayed]_work_sync in smbdirect.c a39e32f03183 smb: client: fix filename matching of deferred files 581fb78e0388 smb: client: let recv_done verify data_offset, data_length and remaining_data_length cbda551b90a7 smb: client: make use of struct smbdirect_recv_io 089ea68aae42 smb: smbdirect: introduce struct smbdirect_recv_io 86b4bddb8292 smb: client: make use of smbdirect_socket->recv_io.expected f2ffba55b686 smb: smbdirect: introduce smbdirect_socket.recv_io.expected dd1a415dcfd5 drm/xe/guc: Set RCS/CCS yield policy 97207a4fed53 drm/xe/guc: Enable extended CAT error reporting 56f34936bf8c drm/xe: Fix error handling if PXP fails to start 09b473a80c1c ALSA: usb: qcom: Fix false-positive address space check b45cabfa717d drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() e3fe0101463a drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path 1a7ea294d57f drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ e6a1df8cf275 drm/xe/pf: Drop rounddown_pow_of_two fair LMEM limitation f32a0226e848 drm/xe/tile: Release kobject for the failure path 65c5cfbd6d93 ASoC: amd: acp: Fix incorrect retrival of acp_chip_info f7229775e41d iommu/amd: Fix alias device DTE setting 34f3a9e04e73 ASoC: Intel: catpt: Expose correct bit depth to userspace f6433733326b ASoC: SDCA: Fix return value in sdca_regmap_mbq_size() 9ff967d7e8d9 ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message cd59ca8f75db ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded() 7c28b31b2209 ASoC: wm8974: Correct PLL rate rounding badf6143198e ASoC: wm8940: Correct typo in control name 7a372ac1e890 ASoC: wm8940: Correct PLL rate rounding 519b95c74f40 ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx ee8d393af37e selftests: mptcp: avoid spurious errors on TCP disconnect 47f8d4403995 selftests: mptcp: connect: catch IO errors on listen side 80d38ea27a1e mptcp: propagate shutdown to subflows when possible c62000bf27db rds: ib: Increment i_fastreg_wrs before bailing out bc509293c9d4 crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() 27d94a2a52cb gpiolib: acpi: initialize acpi_gpio_info struct 21a39b958b4b net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer 6db60106a07f io_uring: include dying ring in task_work "should cancel" state f757ab3db457 io_uring/io-wq: fix `max_workers` breakage and `nr_workers` underflow 898aaf78480b drm/amd: Only restore cached manual clock settings in restore if OD enabled 20f87640ebe7 drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put 1ff89f5627ef drm/amdgpu: suspend KFD and KGD user queues for S0ix b477c5668ec6 drm/amdkfd: add proper handling for S0ix 0e2db61cc589 KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active c0603b80436d x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT 79a9ba8da904 mmc: sdhci-uhs2: Fix calling incorrect sdhci_set_clock() function 7650c994ced2 mmc: sdhci-pci-gli: GL9767: Fix initializing the UHS-II interface during a power-on 7186d8e8bd96 mmc: sdhci: Move the code related to setting the clock from sdhci_set_ios_common() into sdhci_set_ios() d0b7ff384b7a mmc: mvsdio: Fix dma_unmap_sg() nents value 66e6d1c92806 ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S cc336b242ea7 ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed 59c4accddfeb ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface 8276c97dccee ASoC: SDCA: Add quirk for incorrect function types for 3 systems 417ed00d48e7 btrfs: tree-checker: fix the incorrect inode ref size check 359613f2fa00 iommu/s390: Make attach succeed when the device was surprise removed 17a58caf3863 iommu/s390: Fix memory corruption when using identity domain 7d462bdecb7d iommu/amd/pgtbl: Fix possible race while increase page table level b0c0e231060a iommu/amd: Fix ivrs_base memleak in early_amd_iommu_init() 7ff7d16649b2 iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() 1c731284374a LoongArch: KVM: Fix VM migration failure with PTW enabled 960eedb14caf LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_pch_pic_regs_access() 55ba91b4e04d LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_eiointc_sw_status_access() 105605ca76e9 LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_eiointc_regs_access() 291d4b01d3b1 LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_eiointc_ctrl_access() 401363c839cb LoongArch: Handle jump tables options for RUST 1967642780cf LoongArch: Make LTO case independent in Makefile db65fea5f0aa LoongArch: Check the return value when creating kobj 5f2b63a398ed LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled a417571950f9 LoongArch: vDSO: Check kcalloc() result in init_vdso() 2feeecd7c685 LoongArch: Fix unreliable stack for live patching 5dbbc7b04c14 objtool/LoongArch: Mark special atomic instruction as INSN_BUG type e0aefa8f4612 objtool/LoongArch: Mark types based on break immediate code 953138ff0ff6 LoongArch: Update help info of ARCH_STRICT_ALIGN 1eda9ab8da6b mm: folio_may_be_lru_cached() unless folio_test_large() fb4e6d587a27 mm: revert "mm: vmscan.c: fix OOM on swap stress test" d0c8ba94cb70 mm/gup: local lru_add_drain() to avoid lru_add_drain_all() 163843e8c8f3 gup: optimize longterm pin_user_pages() for large folio 3958f9ec7251 mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" fdac0a3f58c0 mm/gup: check ref_count instead of lru before migration ee27658c239b dm-stripe: fix a possible integer overflow ba3a78db47ec dm-raid: don't set io_min and io_opt for raid1 e8f496001e0c btrfs: initialize inode::file_extent_tree after i_mode has been set 8ae09726773a Revert "sched_ext: Skip per-CPU tasks in scx_bpf_reenqueue_local()" a4ee54e68282 power: supply: bq27xxx: restrict no-battery detection to bq27000 d18d7035ecb8 power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery 45bcf60fe49b crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg 7b7361da9e7f nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* ff750e9f2c4d zram: fix slot write race condition c64b915bb3d9 ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size 529b121b00a6 ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer 5ca20bb7b4bd octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() 0627e1481676 cnic: Fix use-after-free bugs in cnic_delete_task 45f71f4ac4aa net: liquidio: fix overflow in octeon_init_instr_queue() 6e1675c8b612 net: clear sk->sk_ino in sk_set_socket(sk, NULL) 53222fc8ebbc Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" 61ca2da5fb8f tls: make sure to abort the stream if headers are bogus ae313d14b45e tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). 0357a37b4a8b octeon_ep: fix VF MAC address lifecycle handling e2019c7d3a3e bonding: don't set oif to bond dev when getting NS target destination 948381b58298 net/mlx5e: Add a miss level for ipsec crypto offload 8df354eb2dd6 net/mlx5e: Harden uplink netdev access against device unbind 805c7df4faca doc/netlink: Fix typos in operation attributes f05e82d85532 igc: don't fail igc_probe() on LED setup error 3ce36b3b9c69 ixgbe: destroy aci.lock later within ixgbe_remove path a4a4b796dcf6 ixgbe: initialize aci.lock before it's used 5ac700c61648 i40e: remove redundant memory barrier when cleaning Tx descs fcb5718ebfe7 ice: fix Rx page leak on multi-buffer frames 4f21a0b3c8c2 net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure 5735f1fb81a8 selftests: mptcp: sockopt: fix error messages 7f501faddb3c mptcp: tfo: record 'deny join id0' info fa9a7f272b01 selftests: mptcp: userspace pm: validate deny-join-id0 flag f679e3dc6c01 mptcp: set remote_deny_join_id0 on SYN recv f3439ed58636 bonding: set random address only when slaves already exist 8b1dc0217f96 net: dst_metadata: fix IP_DF bit not extracted from tunnel headers 70affe82e38f qed: Don't collect too many protection override GRC elements 1c24b132c119 octeon_ep: Validate the VF ID 71571e187106 rxrpc: Fix untrusted unsigned subtract 8ac99c57029e rxrpc: Fix unhandled errors in rxgk_verify_packet_integrity() 64e76fcb5311 dpll: fix clock quality level reporting 993b734d31ab net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR d0c3f85a041a dpaa2-switch: fix buffer pool seeding for control traffic e1fa8f786c8d net/mlx5: Not returning mlx5_link_info table when speed is unknown 4c2c59cc838c um: Fix FD copy size in os_rcv_fd_msg() c2ff91255e01 um: virtio_uml: Fix use-after-free after put_device in probe 856e039ded02 smb: server: let smb_direct_writev() respect SMB_DIRECT_MAX_SEND_SGES 09ea55d02c89 pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch 0835c4592344 wifi: mac80211: fix incorrect type for ret 0dbad5f5549e wifi: mac80211: increase scan_ies_len for S1G 745418fc8229 wifi: mt76: do not add non-sta wcid entries to the poll list 778a062c131e ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported 0cdf320eb46c nvme: fix PI insert on write ae50f8562306 wifi: wilc1000: avoid buffer overflow in WID string configuration d06a83038bd6 perf maps: Ensure kmap is set up for all inserts 314a92e5950f btrfs: zoned: fix incorrect ASSERT in btrfs_zoned_reserve_data_reloc_bg() eff2bb3b300b btrfs: fix invalid extref key setup when replaying dentry 05e0b03447cf cgroup: split cgroup_destroy_wq into 3 workqueues
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Being minimalist, dash does not support the (non-POSIX) feature of
passing an argument while sourcing a script. Like in
. <some path>/oe-init-build-env <build dir>
With dash, one must instead use:
cd <some path>
set <build dir> # puts <build dir> in $1
. ./oe-init-build-env # can only be called from its directory in dash
oe-setup-build generate a sourcable "init-build-env" script, this script
must use the above snippet to be used in dash.
Ross Burton [Fri, 26 Sep 2025 16:32:31 +0000 (17:32 +0100)]
expat: upgrade to 2.7.3
Security fixes:
- Fix alignment of internal allocations for some non-amd64 architectures
(e.g. sparc32); fixes up on the fix to CVE-2025-59375 from #1034 (of
Expat 2.7.2 and related backports)
- Fix a class of false positives where input should have been rejected
with error XML_ERROR_ASYNC_ENTITY; regression from CVE-2024-8176 fix
pull request #973 (of Expat 2.7.0 and related backports). Please check
the added unit tests for example documents.
Other changes:
- Prove and regression-proof absence of integer overflow from function
expat_realloc
- Remove "harmless" cast that truncated a size_t to unsigned
- Autotools: Remove "ln -s" discovery
- docs: Be consistent with use of floating point around
XML_SetAllocTrackerMaximumAmplification
- docs: Make it explicit that XML_GetCurrentColumnNumber starts at 0
- docs: Better integrate the effect of the activation thresholds
- docs: Fix an in-comment typo in expat.h
- docs: Fix a typo in README.md
- docs: Improve change log of release 2.7.2
- xmlwf: Resolve use of functions XML_GetErrorLineNumber and
XML_GetErrorColumnNumber
- Windows: Normalize .bat files to CRLF line endings
- Version info bumped from 12:0:11 (libexpat*.so.1.11.0) to 12:1:11
(libexpat*.so.1.11.1); see https://verbump.de/ for what these numbers
do
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 26 Sep 2025 14:33:39 +0000 (15:33 +0100)]
classes/cmake: unset LDFLAGS in toolchain-native.bbclass
If a recipe is using toolchain-native.cmake to build native portion in a
non-native build, the target LDFLAGS from the environment will leak into
the native build.
This was noticed as building a SDK with clang means that LDFLAGS contains
a --dynamic-loader argument, so native binaries were trying to use the
target loader.
There are several variables that are set from LDFLAGS[1] so instead of
setting them all, we can simply unset the environment variable in the
toolchain.
oeqa/bblayers.py: add tests for adding new built-in fragments
Add discussed in [1], our best option for customizing built-in fragments
is to pass them from a layer configuration. In short, the reason is that
our statement must be parsed before the addfragments call is parsed.We
also have to use the :append override as using += would override the
original definition of OE_FRAGMENTS_BUILTIN (since it uses a ?=
assignment).
Provide a test case for customizing built-in fragments with
meta-selftest.
Peter Marko [Thu, 25 Sep 2025 16:12:05 +0000 (18:12 +0200)]
tiff: ignore CVE-2025-8851
This is fixed in v4.7.0, however cve_check cannot match it as NVD says
"Up to (excluding) 2024-08-11".
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Wed, 24 Sep 2025 19:57:46 +0000 (20:57 +0100)]
bitbake-layers/create: Improve help message for layerid argument
'Layer ID' isn't a commonly used term in our help messages or
documentation, so clarify that this is the identifier used for the new
layer in BBFILE_COLLECTIONS.
Also clarify that the default is the basename of the layerdir argument
if a layer ID is not separately provided.
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
