testimage.bbclass: check that root-login-with-empty-password image features are present
More or less all of testimage relies on logging in as root, without password,
both on console and over ssh. Previously this was enabled by default in poky
and core, but now that it isn't, testimage will error out on timeouts in
both console and ssh login attempts. This commit adds an earlier check and
provides a hint to the users about what they should do.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fragments: add a 'root-login-with-empty-password' fragment
Please see this for background/some discussion:
https://lists.openembedded.org/g/openembedded-architecture/topic/115913545
Care should be taken to not enable this by default, and especially not for
production images. Poky and oe-core default templates did it, and it was
not a good starting point. Hopefully the fragment name, and the description
that users will see when enabling the fragment will provide enough warning.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bbconfigbuild/configfragments.py: print fragment descriptions when enabling them
Such descriptions can contain useful or important information, and users may
not see that otherwise at all. To reduce clutter in CI outputs or similar
scenarios, -q option suppresses that printing.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Even though x11 is currently a default DISTRO feature, even for
nodistro, core-image-sato should require the x11 feature. Without the
x11 in DISTRO_FEATURES, bitbake fails with the following:
ERROR: Required build target 'core-image-sato' has no buildable providers.
Missing or unbuildable dependency chain was: ['core-image-sato',
'packagegroup-core-x11-base']
With this change, the error changes to something more clear to new
users of the project:
ERROR: Nothing PROVIDES 'core-image-sato'
core-image-sato was skipped: missing required distro feature 'x11'
(not in DISTRO_FEATURES)
Signed-off-by: Walter Werner SCHNEIDER <contact@schnwalter.eu> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 29 Oct 2025 13:03:10 +0000 (13:03 +0000)]
classes/base: prefer gnu-prefixed HOSTTOOLS
Ubuntu 25.10 has changed the default coreutils implementation from GNU
coreutils to uutils/coreutils. Unfortunately this causes build problems:
couldn't allocate absolute path for 'null'.
tail: cannot open 'standard input' for reading: No such file or directory
install: failed to chown '...': Invalid argument (os error 22)
Clear build failures happen in 'install' and 'tail', but there may be
further breakage.
Luckily, Ubuntu also installs GNU coreutils with a binary prefix of
'gnu', so whilst these issues are root-caused and fixed in either pseudo
or uutils we can prefer the gnu-prefixed binaries where they are present.
[ YOCTO #16028 ]
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Thu, 30 Oct 2025 17:12:23 +0000 (13:12 -0400)]
linux-yocto/6.12: update to v6.12.55
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
4fc43debf504 Linux 6.12.55 d28c1b1566a1 dmaengine: Add missing cleanup on module unload f3ccb4918654 arm64: errata: Apply workarounds for Neoverse-V3AE 6de6d315f34c arm64: cputype: Add Neoverse-V3AE definitions ac50c6e0a8f9 mm/ksm: fix flag-dropping behavior in ksm_madvise a156af6a4dc3 NFSD: Define a proc_layoutcommit for the FlexFiles layout type e4d2a1d31fc9 phy: cadence: cdns-dphy: Update calibration wait time for startup state machine 963f2239bdbc mptcp: reset blackhole on success with non-loopback ifaces ad16235c9d3e mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). c159590e3234 mptcp: Call dst_release() in mptcp_active_enable(). 4388b7f1e42c net: Add locking to protect skb->dev access in ip_output 95d4308875d1 ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] 8f001670cbb2 net: dst: add four helpers to annotate data-races around dst->dev bcdbf4d7d913 tcp: cache RTAX_QUICKACK metric in a hot cache line f620d9ba4a09 tcp: convert to dev_net_rcu() bf580112ed61 ixgbevf: fix mailbox API compatibility by negotiating supported features 68bfddd2b3be ixgbevf: fix getting link speed data for E610 devices 8a661d63d554 ixgbevf: Add support for Intel(R) E610 device fb151d86dc04 PCI: Add PCI_VDEVICE_SUB helper macro 620f3b0ede9c vfs: Don't leak disconnected dentries on umount dc63d8781463 d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier 9ec6939a502d x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID 12e3db99bc4e x86/resctrl: Refactor resctrl_arch_rmid_read() 78a2d39e2eef md: fix mssing blktrace bio split events 2d24bf9117ad md/raid10: Handle bio_split() errors 74dc8c235ad0 md/raid1: Handle bio_split() errors 069e7bbe4382 md/raid0: Handle bio_split() errors fd819637d0cf padata: Reset next CPU when reorder sequence wraps around 88ad39711bfb xfs: use deferred intent items for reaping crosslinked blocks e9fd43b799d2 wifi: rtw89: avoid possible TX wait initialization race c33da548fbf2 NFSD: Fix last write offset handling in layoutcommit da68bc55d5f8 NFSD: Implement large extent array support in pNFS 18eee640741c NFSD: Minor cleanup in layoutcommit processing 47c609979b08 NFSD: Rework encoding and decoding of nfsd4_deviceid 5def53c55a1e nfsd: Drop dprintk in blocklayout xdr functions 434b399044ae nfsd: Use correct error code when decoding extents 7e708dbee2e8 iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended 29c57a688bb4 iio: imu: inv_icm42600: Simplify pm_runtime setup 69a837b75edc PM: runtime: Add new devm functions 4d1422bfef2d phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling f9ad5c7c472f phy: cdns-dphy: Store hs_clk_rate and return it 9909b28175c1 xfs: fix log CRC mismatches between i386 and other architectures ab0f805bed81 xfs: rename the old_crc variable in xlog_recover_process 586c75dfd1d2 hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() f3fe1abdeb2c nvme/tcp: handle tls partially sent records in write_space() 2a87a1c5866c selftests: arg_parsing: Ensure data is flushed to disk before reading. 095d692e5997 ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails 9ab3e03765b9 HID: multitouch: fix name of Stylus input devices 560024035fe7 HID: hid-input: only ignore 0 battery events for digitizers bba7208765d2 ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card c1bcd7205ac3 selftests/bpf: make arg_parsing.c more robust to crashes 21ba0445e422 accel/qaic: Synchronize access to DBC request queue head & tail pointer 551f1dfbcb7f accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() 646868e6962b accel/qaic: Fix bootlog initialization ordering e15f6ac84445 ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings cb4c8439cf6d sched/fair: Fix pelt lost idle time detection 8fecfa1c17a1 drm/rockchip: vop2: use correct destination rectangle height check 33fee60d39b7 drm/draw: fix color truncation in drm_draw_fill24 e4628ada9b95 drm/amd/powerplay: Fix CIK shutdown temperature 87b634c37509 drm/amdgpu: fix handling of harvesting for ip_discovery firmware 0a77caacc1d3 drm/amdgpu: add support for cyan skillfish without IP discovery 90653d924b6b drm/amdgpu: add ip offset support for cyan skillfish 657e8f9f7489 drm/i915/guc: Skip communication warning on reset in progress af66058d13f0 ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit 129cef0e37d4 ASoC: nau8821: Generalize helper to clear IRQ status 8ed3d6cf03cb ASoC: nau8821: Cancel jdet_work before handling jack ejection 70a65e2893a7 ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec e2a7c66261fe drm/bridge: lt9211: Drop check for last nibble of version register d694f809df41 riscv: kprobes: Fix probe address validation 3fc87107f036 nvme-multipath: Skip nr_active increments in RETRY disposition 5a833099033d drm/panthor: Ensure MCU is disabled on suspend d8a3a530d8b3 net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset f30f0062f609 net: usb: lan78xx: Add error handling to lan78xx_init_mac_address 95af08507322 netdevsim: set the carrier when the device goes up bbcf2da067ae tls: don't rely on tx_work during send() 39dec4ea3daf tls: wait for pending async decryptions if tls_strp_msg_hold fails bea15cd6f1e2 tls: always set record_type in tls_process_cmsg 0e2e8c4d0c37 tls: wait for async encrypt in case of error during latter iterations of sendmsg b1cf131f6df8 tls: trim encrypted message to match the plaintext on short splice 49683288a77c tg3: prevent use of uninitialized remote_adv and local_adv variables 4602b8cee148 ksmbd: fix recursive locking in RPC handle list access 814ec62e42f4 tcp: fix tcp_tso_should_defer() vs large RTT 4f4af833c7ee amd-xgbe: Avoid spurious link down messages during interface toggle eeb434548867 net/ip6_tunnel: Prevent perpetual tunnel growth 599f9faabaee r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H 34143a23fca8 doc: fix seg6_flowlabel path 824be3d3437f net: dlink: handle dma_map_single() failure properly 7ed47a3207f5 can: m_can: fix CAN state in system PM b7f989b93836 can: m_can: call deinit/init callback when going into suspend/resume 6219594f665f can: m_can: add deinit callback df689d75c46d can: m_can: m_can_chip_config(): bring up interface in correct state 4411ca4ca715 can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active b4851ba36459 can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() 39563a86579a dax: skip read lock assertion for read-only filesystems f32fea4c0234 HID: multitouch: fix sticky fingers df23d9ac3455 Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" 24883bfe09c5 cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay 380353c3a92b usb: gadget: f_rndis: Refactor bind path to use __free() 15b9faf53ba8 usb: gadget: f_ecm: Refactor bind path to use __free() 201a66d8e663 usb: gadget: f_acm: Refactor bind path to use __free() d3fe7143928d usb: gadget: f_ncm: Refactor bind path to use __free() 56b5f34542d7 usb: gadget: Introduce free_usb_request helper 1a3949c3e5c3 usb: gadget: Store endpoint pointer in usb_request 7138de99f7b1 drm/exynos: exynos7_drm_decon: remove ctx->suspended a02e8415156b drm/exynos: exynos7_drm_decon: properly clear channels during bind 2812c6b13bcc drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions e8b5f4d80775 media: nxp: imx8-isi: m2m: Fix streaming cleanup on release f0b75b4caaaf media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() 3e7b89ed9f07 drm/msm/a6xx: Fix PDC sleep sequence 2e24713ba2db cdx: Fix device node reference leak in cdx_msi_domain_init c472088522d6 irqdomain: cdx: Switch to of_fwnode_handle() 03fe1647e265 drm/amd: Check whether secure display TA loaded successfully eacc4fc28dd9 perf/core: Fix MMAP2 event device with backing files 7024b11fb47e perf/core: Fix MMAP event path names with backing files 6ddc602b1cfb perf/core: Fix address filter match with backing files e5914820d351 drm/amdgpu: fix gfx12 mes packet status return check e4937f3ef925 drm/amdgpu: use atomic functions with memory barriers for vm fault info e5e3eb2aff92 drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies 8bc4a8d39bac cifs: parse_dfs_referrals: prevent oob on malformed input cc87d3d0f4af can: gs_usb: increase max interface to U8_MAX 52eb720e5bfd can: gs_usb: gs_make_candev(): populate net_device->dev_port 3fdcfd91b93f btrfs: do not assert we found block group item when creating free space tree 187333e6d484 btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST 376b9f404130 btrfs: fix incorrect readahead expansion length 2b039c50299b btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl d2d3902f134e btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running de985264eef6 ext4: detect invalid INLINE_DATA + EXTENTS flag combination 5b7b9a17151b ext4: wait for ongoing I/O to complete before freeing blocks 9f5738883977 jbd2: ensure that all ongoing I/O complete before freeing blocks 40bf3676cb39 f2fs: fix wrong block mapping for multi-devices d6cf1320591d r8152: add error handling in rtl8152_driver_init 4772e7f18ac2 slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL e15605b68b49 smb: client: Fix refcount leak for cifs_sb_tlink dc15450a5b85 rust: cfi: only 64-bit arm and x86 support CFI_CLANG 2c6e5904c5bd drm/xe/guc: Check GuC running state before deregistering exec queue c1859a8cfe84 Linux 6.12.54 779327c2be02 nfsd: decouple the xprtsec policy check from check_nfsd_access() 2d68f8a7379d mount: handle NULL values in mnt_ns_release() e051ab688e5d ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA 996b8797d62f nfsd: fix access checking for NLM under XPRTSEC policies 4c4d66e8110e nfsd: fix __fh_verify for localio 55fd40390e27 perf test stat: Avoid hybrid assumption when virtualized e67e3e738f08 sched/fair: Block delayed tasks on throttled hierarchy during dequeue 496b5ef11dc3 writeback: Avoid excessively long inode switching times bd408c334f3a writeback: Avoid softlockup when switching many inodes 4bdabd52ca1b cramfs: Verify inode mode when loading from disk a05855302b50 fs: Add 'initramfs_options' to set initramfs mount options 2076b916bf41 pid: Add a judgment for ns null in pid_nr_ns 446a54d35759 minixfs: Verify inode mode when loading from disk e85385d5a400 copy_file_range: limit size if in compat mode 14fd5e880a47 irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume 47744d188004 irqchip/sifive-plic: Make use of __assign_bit() e1d6661095b0 s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG 9d04727414b7 s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL 67228efec545 s390/bpf: Describe the frame using a struct instead of constants f6fa61d89ee5 s390/bpf: Centralize frame offset calculations 14e4623df610 mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage 04610b77809f ipmi: Fix handling of messages with provided receive message pointer 53d6e403affb ipmi: Rework user message limit handling 1e059ce9cc7b mptcp: pm: in-kernel: usable client side with C-flag 532db65943fc ACPI: property: Do not pass NULL handles to acpi_attach_data() 687ff8354acd ACPI: property: Add code comments explaining what is going on 6c654ecf6e19 ACPI: property: Disregard references in data-only subnode lists 237d6e1de0f2 ACPI: battery: Add synchronization between interface updates 6950184bf51b ACPI: battery: Check for error code from devm_mutex_init() call ca0e8805d8f0 ACPI: battery: initialize mutexes through devm_ APIs 5187bb848aab ACPI: battery: allocate driver data through devm_ APIs efbc2d6a9291 nfsd: unregister with rpcbind when deleting a transport 0a1ee3c932dc nfsd: don't use sv_nrthreads in connection limiting calculations. 18744bc56b0e nfsd: refine and rename NFSD_MAY_LOCK 763d4aa41845 NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() 658bedb82ec5 nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT 34ff466f74d0 x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP b7b6f95bb336 x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() 423eba50f833 arm64: mte: Do not flag the zero page as PG_mte_tagged fa1974fad4bc statmount: don't call path_put() under namespace semaphore 32c258aad47e KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace 81c5d23a2975 cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency 820cfaee9d92 btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() 24b760c6c45a mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag a632935c1758 mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type 71e80c82c608 mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value a4ae0c21ae13 ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples 848e6babaa8a ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams fb54ffd60064 PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release 7e8e579a0c2f PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() 5e311f009daa mm/ksm: fix incorrect KSM counter handling in mm_struct during fork 0fa388ab2c29 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference 875fb3f87ae0 Squashfs: reject negative file sizes in squashfs_read_inode() 234f6e1f7e6f Squashfs: add additional inode sanity checking 7db47e737128 media: mc: Clear minor number before put device 394ad2131933 selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled 6f02e337cbf4 lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older 4c0df2938e11 ext4: free orphan info with kvfree 2722f13fdeeb ACPICA: Allow to skip Global Lock initialization c7242c71cb0f ext4: validate ea_ino and size in check_xattrs 6b879c4c6bba ext4: guard against EA inode refcount underflow in xattr update 4c2473d591e1 ext4: fix an off-by-one issue during moving extents 2a0cf438320c ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() d0327630ecab ext4: correctly handle queries for metadata mappings c2ad6583fe26 ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() a2d803fab8a6 ext4: verify orphan file size is not too big 9169ef838d0c ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() 6248ff249b4f nfsd: nfserr_jukebox in nlm_fopen should lead to a retry 017addab06aa NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() d9c7886b84b3 mm/damon/lru_sort: use param_ctx for damon_attrs staging ac42320ec873 mm/damon/vaddr: do not repeat pte_offset_map_lock() until success b9737c2063ab mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 856fe1a900a6 mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations ee2b37c11d62 mm/thp: fix MTE tag mismatch when replacing zero-filled subpages b419093e5e42 wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 feb1774aaf85 wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 bd3ac455a88d wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again 715b6a5b41da slab: mark slab->obj_exts allocation failures unconditionally e8baa4bf9d90 slab: prevent warnings when slab obj_exts vector allocation fails f7ab235fa0d7 s390: Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR 54ccd92b7976 s390/dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request 9582756d9746 s390/dasd: enforce dma_alignment to ensure proper buffer validation 86cade051b67 selftests: mptcp: join: validate C-flag + def limit 93749fb7f6a4 x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) 4fe479073715 x86/umip: Check that the instruction opcode is at least two bytes 08c70f1f7217 x86/fred: Remove ENDBR64 from FRED entry points 1ce9d6c60c92 spi: cadence-quadspi: Fix cqspi_setup_flash() a3a7b7467956 spi: cadence-quadspi: Flush posted register writes before DAC access 4497954dd233 spi: cadence-quadspi: Flush posted register writes before INDAC access 1f17a94311e8 PCI: tegra194: Reset BARs when running in PCIe endpoint mode a93bd0a668b2 PCI: tegra194: Handle errors in BPMP response 695c062da7d3 PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() 7503861b839b PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock 8f79f82ea5da PCI: rcar-host: Drop PMSR spinlock 551108bd5c9b PCI: rcar-gen4: Fix PHY initialization 65b218539486 PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit 37e46d6cfb7d PCI: j721e: Fix programming sequence of "strap" settings 3bc0a180d928 PCI/AER: Support errors introduced by PCIe r6.0 a4bc85f083ad PCI/AER: Fix missing uevent on recovery when a reset is requested 2fad3c11066c PCI/ERR: Fix uevent on failure to recover 53154cd40ccf PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV 3ea9bd428581 PCI/sysfs: Ensure devices are powered for config reads d4f9b44e81fc PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock 97e4a50069fc PCI: xilinx-nwl: Fix ECAM programming 866236611286 rseq/selftests: Use weak symbol reference, not definition, to link with glibc 4790e3a1f61d rtc: interface: Fix long-standing race when setting alarm 04eaae798085 rtc: interface: Ensure alarm irq is enabled when UIE is enabled cbcfb32b6aae memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe 99141fc03c22 mmc: mmc_spi: multiple block read remove read crc ack cb7a1f5e2930 mmc: core: SPI mode remove cmd7 c2c8a3bfd824 mtd: rawnand: fsmc: Default to autodetect buswidth 1463cd066f32 xsk: Harden userspace-supplied xdp_desc validation d381de7fd4cd xtensa: simdisk: add input size check in proc_write_simdisk e3c5ac668bb9 sparc: fix error handling in scan_one_device() 9632dd92bd55 sparc64: fix hugetlb for sun4u 8019b3699289 sctp: Fix MAC comparison to be constant-time 4fbcd2bc60df scsi: sd: Fix build warning in sd_revalidate_disk() 7b2ef1a0a2f1 scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() 305b1a39f3bb sched/deadline: Fix race in push_dl_task() b9cc7155e65f Revert "ipmi: fix msg stack when IPMI is disconnected" d9457e625875 pwm: berlin: Fix wrong register in suspend/resume e5505b3c7370 powerpc/pseries/msi: Fix potential underflow and leak issue e7057be810ed powerpc/powernv/pci: Fix underflow and leak issue b91518adbec9 power: supply: max77976_charger: fix constant current reporting fb03a2cd4b1b pinctrl: samsung: Drop unused S3C24xx driver data df2a0ee58d9e nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk 371ccc8908b3 parisc: Remove spurious if statement from raw_copy_from_user() a75aa35e1aa1 parisc: don't reference obsolete termio struct for TC* constants 660b40a31932 openat2: don't trigger automounts with RESOLVE_NO_XDEV f112154107d4 of: unittest: Fix device reference count leak in of_unittest_pci_node_verify b4f4122b5795 loop: fix backing file reference leak on validation error e5400e827220 lib/genalloc: fix device leak in of_gen_pool_get() ec230e7ac6a9 KEYS: trusted_tpm1: Compare HMAC values in constant time 19b45c84bd9f kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths 38946f094bbd iommu/vt-d: PRS isn't usable if PDS isn't supported c322dc8051b8 iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume 6187753da298 init: handle bootloader identifier in kernel parameters bb9730d8c063 iio: xilinx-ams: Unmask interrupts after updating alarms 2165424b1485 iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK 9fcf4821964b iio: frequency: adf4350: Fix prescaler usage. 4b8613394c0d iio: dac: ad5421: use int type to store negative error codes f10ec6a5a22f iio: dac: ad5360: use int type to store negative error codes cf2f2250882a iio/adc/pac1934: fix channel disable configuration b26923512dbe fuse: fix livelock in synchronous file put from fuseblk workers a9bce5fed67c fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() f12039df1515 fs: quota: create dedicated workqueue for quota_release_work 8ce394a094f1 fs/ntfs3: Fix a resource leak bug in wnd_extend() f7cf0d774710 fbdev: Fix logic error in "offb" name match b99bc5a48ddc eventpoll: Replace rwlock with spinlock 23351fbe499f crypto: rockchip - Fix dma_unmap_sg() nents value f037ab3dd49c crypto: atmel - Fix dma_unmap_sg() direction 3ddd4942ea3d crypto: aspeed - Fix dma_unmap_sg() direction ba63d4e9857a cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() bc9f74e96b3e copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) c83d6fbabc07 clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk 61a60c45ebd6 bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() 3d20d59c0e86 bus: mhi: ep: Fix chained transfer handling in read path 361d67276eb8 btrfs: avoid potential out-of-bounds in btrfs_encode_fh() c7c6c09cb46f blk-crypto: fix missing blktrace bio split events a91c4c1efb9a drm/amd/display: Enable Dynamic DTBCLK Switch ee49c1cf1b9c drm/xe/uapi: loosen used tracking restriction eca4673229b0 drm/nouveau: fix bad ret code in nouveau_bo_move_prep 82ba9b12e8ee drm/rcar-du: dsi: Fix 1/2/3 lane support ebb874e62067 drm/panthor: Fix memory leak in panthor_ioctl_group_create() 70de0a96c3a0 media: lirc: Fix error handling in lirc_register() cf5cdf7534db media: ti: j721e-csi2rx: Fix source subdev link creation a5d05d925a84 media: ti: j721e-csi2rx: Use devm_of_platform_populate f52c8cfe84b9 media: vivid: fix disappearing <Vendor Command With ID> messages 7a5509677577 media: venus: firmware: Use correct reset sequence for IRIS2 6abc3b74e50a media: s5p-mfc: remove an unused/uninitialized variable b7f82da7f864 media: pci: mg4b: fix uninitialized iio scan data 502ee4852b2c media: pci: ivtv: Add missing check after DMA map bf81e513c282 media: mc: Fix MUST_CONNECT handling for pads with no links 153afef28222 media: i2c: mt9v111: fix incorrect type for ret a9edd7f64eed media: cx18: Add missing check after DMA map cde6cdb2b25f media: cec: extron-da-hd-4k-plus: drop external-module make commands 823087ab267e firmware: meson_sm: fix device leak at probe b1fc6cc30e12 xen/events: Update virq_to_irq on migration a1e7f07ae6b5 xen/events: Return -EEXIST for bound VIRQs 8f6306ed9f23 xen/manage: Fix suspend error path 0f8b3aabb253 xen/events: Cleanup find_virq() return codes 377229c49c08 dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required 3479e0e9a325 perf/arm-cmn: Fix CMN S3 DTM offset 719215a16020 ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init 3ba58e9158d2 ARM: AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) 4e7eec38e27d arm64: kprobes: call set_memory_rox() for kprobe page 454128d96cf5 arm64: dts: ti: k3-am62a-main: Fix main padcfg length 07dd0edfcdec arm64: dts: qcom: x1e80100-pmics: Disable pm8010 by default 28901349a6ab arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees 1e137c4b12b7 arm64: dts: qcom: msm8939: Add missing MDSS reset 34d90c37bb68 arm64: dts: qcom: msm8916: Add missing MDSS reset 947751c11e08 ACPI: debug: fix signedness issues in read/write helpers 594101b69cc5 ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT c19ce8b13f64 ACPI: property: Fix buffer properties extraction for subnodes e3e6f0ba1cd2 s390/vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections 62f922283aa7 s390: vmlinux.lds.S: Reorder sections ee04cff9ed4d bpf: Avoid RCU context warning when unpinning htab with internal structs 7aef9f900528 gpio: wcd934x: mark the GPIO controller as sleeping d9839dbaae6a tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single fc2f2011d3d8 cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points 7a411fb4674d smb: client: fix missing timestamp updates after utime(2) 6e2c760b644a cifs: Fix copy_to_iter return value check dc4c854a5e74 crypto: essiv - Check ssize for decryption and in-place encryption a794af484367 selftests: netfilter: query conntrack state to check for port clash resolution dae85dc6ad5b bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() 7ea55a44493a netfilter: nft_objref: validate objref and objrefmap expressions d74bcf496985 drm/amd/display: Properly disable scaling on DCE6 00f1bd57068b drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 56251bdf36ee drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs 9626d3af3cd1 drm/amdgpu: Add additional DCE6 SCL registers 2ff846335798 mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() b586fbbebd49 mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() 2a2b88a2d780 mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() f36a305d30f5 bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} 1ee147efee68 mailbox: zynqmp-ipi: Fix SGI cleanup on unbind cd0cbf2713f6 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop 91bbee4e6dfe mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes ddd9c81a1b3b mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call 6d6754330981 tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() cdab92a75985 perf python: split Clang options when invoking Popen 882b91ec6e9f tools build: Align warning options with perf 6f4f4bab8973 net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe 7b9269de9815 ice: ice_adapter: release xa entry on adapter allocation failure 70acdd1eb35f net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work c11ace909e87 tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). d0e8f1445c19 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() 488c94753979 drm/vmwgfx: Fix copy-paste typo in validation 655a2f29bfc2 drm/vmwgfx: Fix Use-after-free in validation 13c9e4ed125e drm/vmwgfx: Fix a null-ptr access in the cursor snooper f224b06c7281 s390/cio: Update purge function to unregister the unused subchannels c772e7cc9045 drm/xe/hw_engine_group: Fix double write lock release in error path e82948ba83cc net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() 9fc2af69d5d1 ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel 2db1464d8be2 LoongArch: Init acpi_gbl_use_global_lock to false f7f2b1c3038c LoongArch: Add cflag -fno-isolate-erroneous-paths-dereference eb6cd53402db ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time a41a9d0a5b59 ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size 53d07ac2adfb ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size 00d3af40b158 scsi: mvsas: Fix use-after-free bugs in mvs_work_queue 5e1020047cb7 cpufreq: tegra186: Set target frequency for all cpus in policy 8d54bd8d8768 clk: tegra: do not overallocate memory for bpmp clocks 28defa35ed15 clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver a8b0247e7e9e clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() 04d7cef497a9 clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() 51d376a16e55 clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m c766c3aa3169 perf evsel: Ensure the fallback message is always written to f49a92fe5716 perf tools: Add fallback for exclude_guest b01c2dd67929 perf test: Add a test for default perf stat command 8e67c35a6425 perf test: Don't leak workload gopipe in PERF_RECORD_* f1c41dbd0810 perf session: Fix handling when buffer exceeds 2 GiB 3fcbe5482810 perf test shell lbr: Avoid failures with perf event paranoia 491c4eed60fa perf test: Update sysfs path for core PMU caps 20027d8416a4 perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches c955a161b4a9 perf arm_spe: Correct memory level for remote access 4dd0a97e3b7a perf arm-spe: Rename the common data source encoding ec29c3e9bdcc perf arm_spe: Correct setting remote access bdde538d5d8c rtc: optee: fix memory leak on driver removal d98a5eeede96 rtc: x1205: Fix Xicor X1205 vendor prefix 4be14daf8919 perf util: Fix compression checks returning -1 as bool ca370366fdcd clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() 18a8d826b469 clk: at91: peripheral: fix return value 2fe5844fa994 clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() 535e310360f6 libperf event: Ensure tracing data is multiple of 8 sized 2f3e5c090166 perf evsel: Avoid container_of on a NULL leader 7be1a7b56ef1 perf test trace_btf_enum: Skip if permissions are insufficient 2692752311d6 perf disasm: Avoid undefined behavior in incrementing NULL 1aeb7e6392d5 asm-generic/io.h: Skip trace helpers if rwmmio events are disabled 94e6336dc1f0 media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() 0cd821daa260 iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE 2af086f6fd99 KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 801f7999ab8b dma-mapping: fix direction in dma_alloc direction traces 15b8a5b4cdc1 page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches 68a8fc370b86 clocksource/drivers/clps711x: Fix resource leaks in error paths 659874b7ee49 listmount: don't call path_put() under namespace semaphore b42a82c630f4 rseq: Protect event mask against membarrier IPI fdd380a59505 arm64: map [_text, _stext) virtual address range non-executable+read-only 90f60c455d10 fscontext: do not consume log entries when returning -EMSGSIZE 02f0b08f970f fs: always return zero on success from replace_fd()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Thu, 30 Oct 2025 17:12:18 +0000 (13:12 -0400)]
linux-yocto/6.17: fix rdinit boot warning
Integrating the following commit(s) to linux-yocto/6.17:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: boot: only emit rdinit warning on initramfs boot
Date: Mon, 27 Oct 2025 09:47:05 -0400
commit 98aa4d5d242d3a73 [init/main.c: add warning when file specified in
rdinit is inaccessible] promoted a long time check to be visible on
boot.
The issue is that it is always issued even when an initramfs boot is
not used.
To avoid needing to completely disable CONFIG_BLK_DEV_INITRD and not
have the warning issues when an initramfs isn't used, we add checks for
the existence and size of an initramfs before allowing the warning
to be generated.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Thu, 30 Oct 2025 17:12:17 +0000 (13:12 -0400)]
linux-yocto/6.17: unify qemumips (malta) branches
The 6.17+ kernel cache is using a single branch for the mti malta
machines, which are what qemumips* emulate. We update our branch
specification to make them buildable.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lib/crypto: arm/sha1: Migrate optimized code into library
Instead of exposing the arm-optimized SHA-1 code via arm-specific
crypto_shash algorithms, instead just implement the sha1_blocks()
library function. This is much simpler, it makes the SHA-1 library
functions be arm-optimized, and it fixes the longstanding issue where
the arm-optimized SHA-1 code was disabled by default. SHA-1 still
remains available through crypto_shash, but individual architectures no
longer need to handle it.
To match sha1_blocks(), change the type of the nblocks parameter of the
assembly functions from int to size_t. The assembly functions actually
already treated it as size_t.
Dmitry Baryshkov [Tue, 28 Oct 2025 22:34:24 +0000 (00:34 +0200)]
linux-firmware: drop catch-all QCA package
With the linux-firmware now being an empty package there is no need in
the catch-all ${PN}-qca-misc package since developers will have to
package all firmware separately. Drop useless packages now.
Update the sed replacement rule to strictly match '/usr/bin/python'
(with no trailing characters)
The previous sed rule was too broad and could incorrectly change Python
shebangs such as in
/lib/modules/6.16.11-yocto-standard/build/scripts/macro_checker.py from
'#!/usr/bin/python3' to '#!/usr/bin/env python33'.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enrico Jörns [Tue, 28 Oct 2025 07:32:48 +0000 (08:32 +0100)]
barebox: upgrade 2025.08.0 -> 2025.09.0
Changes in 2025.09.0
--------------------
* Added support for SoCFPGA Agilex5 and Rockchip RK3576
* Added structured I/O support for shell commands
* Added support for booting signed Rockchip images
* Support for adding device tree overlay (.dtbo) files to FIT images
* New 'bfetch' eyecandy tool for displaying logo and system information
(similar to 'neofetch')
* Several other fixes and improvements
rust-target-config: Fix ABI override for powerpc64le target
Ensure the powerpc64le check is exclusive by using `elif`, preventing the
powerpc64 condition from overriding it. This keeps the ABI as elfv2 for
PPC64LE and fixes related build failures.
Khem Raj [Mon, 27 Oct 2025 23:39:29 +0000 (16:39 -0700)]
binutils-cross-canadian: Do not install bdf-plugins
for SDK they are provided via nativesdk-binutils
latest binutils have started to build libdep plugin
as static library libdep.a which is then reported via build QA
Khem Raj [Mon, 27 Oct 2025 23:39:28 +0000 (16:39 -0700)]
classes/toolchain/clang: Add placeholder for dynamic linker in cross-canadian packages
clang-cross-canadian is just symlinking into nativesdk-clang unlike gcc which
has separate binaries and they have inbuilt dynamic linker specs. To help clang
built cross-canadian binaries add it via cmdline option here, cross-canadian
binaries are only usable on installed SDKs, and these paths get re-written with
correct SDK specific linker during SDK install relocation process.
This helps clang built cross-canadian tools e.g. from binutils-cross-canadian
be relocated correctly on SDK install.
Randolph Sapp [Mon, 27 Oct 2025 23:19:19 +0000 (18:19 -0500)]
x11-volatiles: register x11 volatile directories
Add a volatiles entry for popular x11 and adjacent utilities. This is
designed to mimic the systemd tmpfiles.d entries and prevent any one
user from creating these directories with permissions that may
negatively impact multi-user environments.
Ross Burton [Mon, 27 Oct 2025 22:49:05 +0000 (22:49 +0000)]
python3-urllib3: remove rust dependency
python3-cryptography (and thus, rust-native) is only needed by the
urllib3.contrib.pyopenssl module, which is not recommended for use up
the urllib3 upstream maintainers:
Module for using pyOpenSSL as a TLS backend. This module was relevant
before the standard library ssl module supported SNI, but now that
we've dropped support for Python 2.7 all relevant Python versions
support SNI so **this module is no longer recommended**.
Add a PACKAGECONFIG to control whether this module is shipped, and
disable it by default.
This removes rust-native from the default build of urllib3, which is in
the dependencies of other common modules such as requests and sphinx.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 27 Oct 2025 21:38:00 +0000 (22:38 +0100)]
lz4: patch CVE-2025-62813
Pick commit mentioned in NVD report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 27 Oct 2025 20:56:49 +0000 (21:56 +0100)]
oe-selftest: fitimage: test absent optional nodes in ITS files
Extend the test framework to verify that certain optional nodes are properly
absent from ITS files based on configuration. The _get_req_its_paths()
method now returns a tuple containing both expected and not-expected
paths, enabling negative testing of conditional components.
Test improvements:
- Add verification for absent bootscr, setup, and ramdisk image nodes
when their respective features are disabled
- Extend configuration node testing with proper kernel/fdt/ramdisk
field validation based on device tree and initramfs settings
Code cleanup:
- Remove unused tempfile module import
- Sort bb_vars keys alphabetically in _test_fitimage_py()
- Add debug output for bb_vars overrides when debug logging is enabled
- Remove trailing empty line
- Fix DTB file ordering for consistent test results
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 27 Oct 2025 20:56:48 +0000 (21:56 +0100)]
Revert "kernel-fit-image: control kernel section with FIT_LINUX_BIN"
This reverts the commit (Oe-core 0d17c4fb514f0b9f2117a844cdf00ed52631380a)
which recently introduced the FIT_LINUX_BIN variable to control kernel
section inclusion in FIT images.
The original change aimed to provide flexibility by:
- Enabling FIT images without kernel sections for specific use cases
by setting FIT_LINUX_BIN to an empty value.
- Supporting alternative kernel binary filenames instead of hardcoding
"linux.bin" in multiple places.
However, the current implementation is incomplete. The filename
customization is not implemented - the code still hardcodes "linux.bin"
and doesn't actually use the variable in a consistent way.
There is also no test coverage for this new functionality.
Rather than completing the partial implementation, Qualcomm decided to
develop a solution that better aligns with their specific requirements
and may be independent of the kernel-fit-image class.
The revert restores the previous consistent behavior with unconditional
kernel section inclusion. This saves us from adding test coverage,
documentation and maintenance for this new but currently known to be
unused and incomplete feature. This feature can be reintroduced later
if there is a clear need and a complete implementation.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gyorgy Sarvari [Mon, 27 Oct 2025 20:22:39 +0000 (21:22 +0100)]
tar: use diffutils for ptest instead of busybox
A testcase (sparse03) sometimes times out on the AB, in qemu (without kvm):
the test generates an 8GB sparse file, tars it, untars it, and then
it compares the two versions with cmp.
This process, going through 16GB of data (using one thread, with cmp) takes some
time anyway, but when there is extra load on the host machine, and qemu
can't use its core exclusively, then it can take more than 5 minutes easily
(which is the default ptest timeout).
However the full version of cmp from diffutils seems to be more efficient than
the busybox version:
When using busybox on my idle machine (w/ qemuriscv64) the test case execution
takes 150s, and it almost always times out when there is extra load.
Using diffutils, my idle machine executes the same testcase in 55s, and it
never times out even if there is high load on the host system (execution
always stayed under 3 minutes).
Due to this switch to diffutils when running ptest.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
core-image-weston: Add wayland as required feature.
Signed-off-by: Walter Werner SCHNEIDER <contact@schnwalter.eu> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Zhang Peng [Mon, 27 Oct 2025 06:09:15 +0000 (14:09 +0800)]
avahi: fix CVE-2024-52615
CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
Zhang Peng [Mon, 27 Oct 2025 06:09:14 +0000 (14:09 +0800)]
avahi: fix CVE-2024-52616
CVE-2024-52616:
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs
randomly only once at startup, incrementing them sequentially after that. This
predictable behavior facilitates DNS spoofing attacks, allowing attackers to
guess transaction IDs.
Peter Tatrai [Mon, 27 Oct 2025 10:29:00 +0000 (11:29 +0100)]
oeqa/selftest/rust: strip debug symbols from test binaries
Strip debug symbols from test binaries using RUSTFLAGS='-C strip=debuginfo'
to reduce binary sizes from 300+ MB to ~140 MB.
This is especially critical for PowerPC mac99 which has a hardcoded 768MB
RAM limit in QEMU. Without stripping, test binaries uploaded to /tmp (tmpfs)
cause 'No space left on device' errors during test execution.
The size reduction also benefits all other architectures by reducing
memory pressure and upload times during testing.
Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 27 Oct 2025 16:58:48 +0000 (16:58 +0000)]
elfutils: Do not suppress stringop-overflow warning on build hosts
stringop-overflow is a gcc specific option and when we try to use non-gcc
compiler as host compiler e.g. clang, this causes several configure tests to fail
because clang reports this as an option it does not understand and bails out
error: unknown warning option '-Werror=stringop-overflow'; did you mean '-Werror=shift-overflow'? [-Werror,-Wunknown-warning-option]
One of the failing tests is the check for PIC support in compiler and results
in errors during compilation like
/usr/bin/ld: libelf_pic.a(elf_error.os): relocation R_X86_64_TPOFF32 against `global_error' can not be used when making a shared object; recompile with -fPIC
and elfutils-native failing to build with clang as host compiler
This patch was added to support version of fedora in 2022 and the error
has since been addressed in glibc [1]
Gyorgy Sarvari [Sat, 25 Oct 2025 14:52:11 +0000 (16:52 +0200)]
ptest-perl/run-ptest: set exit code
Set exit code on the run-ptest script: though the logparser
looks for PASS/FAIL state, it can be still useful when running
the tests manually - when there is a lot of output, it is
easier to see the summary at the end if the test has actually
passed or failed without scrolling back.
Yoann Congal [Fri, 24 Oct 2025 00:16:20 +0000 (02:16 +0200)]
selftest/bblayers: Add a test to validate bitbake-setup registry schema
This test validates bitbake/default-registry/configurations/*.conf.json
against bitbake-setup.schema.json:
INFO - test_validate_bitbake_setup_default_registry (bblayers.BitbakeLayers.test_validate_bitbake_setup_default_registry)
DEBUG - Validating .../poky/bitbake/bin/../default-registry/configurations/oe-nodistro.conf.json
DEBUG - Validating .../poky/bitbake/bin/../default-registry/configurations/poky-master.conf.json
INFO - ... ok
INFO - test_validate_examplelayersjson (bblayers.BitbakeLayers.test_validate_examplelayersjson)
INFO - ... ok
INFO - ----------------------------------------------------------------------
INFO - Ran 2 tests in 110.469s
INFO - OK
INFO - RESULTS:
INFO - RESULTS - bblayers.BitbakeLayers.test_validate_bitbake_setup_default_registry: PASSED (0.92s)
INFO - RESULTS - bblayers.BitbakeLayers.test_validate_examplelayersjson: PASSED (0.19s)
INFO - SUMMARY:
INFO - oe-selftest () - Ran 2 tests in 110.469s
INFO - oe-selftest - OK - All required tests passed (successes=2, skipped=0, failures=0, errors=0)
* Extract a function "validate_json"
* Read bitbake variables in setUpClass to avoid makeing repeated calls
to bitbake
* Allow to specify the schema relative to $COREBASE/meta/files/
* Specify the Base URI to allow schema to reference each other
Yoann Congal [Fri, 24 Oct 2025 00:16:18 +0000 (02:16 +0200)]
meta/files: Add a jsonschema for bitbake-setup configuration files
This schema is a bit loose and should validate any configuration files working with
bitbake-setup but, also, some broken ones:
* If present, a "bb-layer" can be an empty array.
* bb-setup need at least one of "bb-layers" or "oe-template", that is
not enforced in the current schema.
* bb-setup accepts "configurations = []" but it results in a impossible
choice in interactive mode. This is rejected by the schema.
* In each configuration, "name" and "description" are optional but the
flatten configuration must have them. This is not enforced by the
schema.
To test a configuration files against this schema: (for exemple to
validate bitbake default registry)
$ pip install check-jsonschema
$ check-jsonschema -v --schemafile meta/files/bitbake-setup.schema.json bitbake/default-registry/configurations/*
ok -- validation done
The following files were checked:
bitbake/default-registry/configurations/oe-nodistro.conf.json
bitbake/default-registry/configurations/poky-master.conf.json
Daniel Turull [Thu, 23 Oct 2025 07:13:39 +0000 (09:13 +0200)]
improve_kernel_cve_report: add option to read debugsources.zstd
Adding option to be able to import debugsources.zstd directly.
The linux-yocto-debugsources.zstd is generated in every build and
does not require any additional configuration.
In contrast, SPDX_INCLUDE_COMPILED_SOURCES needs to be explicitly
added and increases build time.
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Libarchive 3.8.2 is a bugfix and security release.
Security fixes:
* 7zip: Fix out of boundary access (#2668)
* tar reader: fix checking the result of the strftime (#2719, CVE-2025-25724)
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
222fc11f2b8f Bump version to 21.1.4 480a90482e5b release/21.x: [clang-format] Fix a crash on BAS_BlockIndent (#164047) 3333dd88a493 Update clang/lib/Format/TokenAnnotator.cpp 54cdd973782e [clang-format] Annotate ::operator and Foo::operator correctly (#164048) ceeb93096c79 [libclang/python] Return None instead of null cursors from Token.cursor (#163183) 7e153f5372ed [clang-format] Fix an assertion failure on comment-only config files (#163111) faca424bc5f7 [clang-format] Correctly handle backward compatibility of C headers (#159908) c5a3aa8934b0 [libc++] Properly implement array cookies in the ARM ABI (#160182) 0d819a9104b2 [libunwind] Fix aarch64 SEH unwinding with a debugger attached (#162867) 464d75ad5f26 [MachinePipeliner] Add test missed in #154940 (NFC) (#163350) ffa6b0c365ec [MachinePipeliner] Limit the number of stores in BB (#154940) 570c4c944338 [clang] Fix catching pointers by reference on mingw targets (#162546) c6af6be3cd1c [libc++][docs] Add missing entry for P3379R0 to `21.rst` a2e93dce5f2b [Hexagon][llvm-objdump] Start a fresh packet at symbol boundaries. (#163466) dfdee9a929aa [clang][modules] Derive mtime from PCM timestamps, not PCM files (#162965) bd9bc536b4ac [LLD] [COFF] Fix aarch64 delayimport of sret arguments (#163096) 7b785dcb70f6 [LLD][COFF] Fix tailMergeARM64 delayload thunk 128 MB range limitation (#161844) a847f1832857 [Hexagon] Support lowering of setuo & seto for vector types in Hexagon (#158740) e14b5e82244e [clang-format] Fix a bug in wrapping { after else (#161048) b54051ac74cb [clang-format] Correctly annotate RequiresExpressionLBrace (#155773) c9fbd571b52c dfsan: Fix test with gcc 15. 68f118f265c9 Switch dtls_test.c from XFAIL to UNSUPPORTED on aarch64. a86b1e397e90 compiler-rt: Make the tests pass on AArch64 and with page size != 4096. c03b58bb091e [clangd] Fix code action kind for readability-identifier-naming fixes (#162808) caef7619d5fd [clang-format] Fix a bug in OneLineFormatOffRegex (#162961) 5386abc82ab8 [libc++][ranges] Fix `ranges::join_view` segmented iterator trait (#158347) 18593ab316f6 workflows/release-binaries: Run tests on the same runner as the build (#162421) 13bee3a798b1 [Mips] Fix clang crashes when assembling invalid MIPS beql instructions with --arch=mips (#156413) 0d1b9249d189 [CI] Add dyung and c-rhodes to the Release Asset List (#162478) c000f3226bdf [Mips] Fixed libunwind::Registers_mips_o32::jumpto to allow for load delay (#152942) 276050887539 [LLDB][ProcessWindows] Set exit status on instance rather than going through all targets (#159308)
devtool: un-/deploy-target: put deploylist into destdir
When deploying on devices with a RO root-filesystem, devtool would
fail on writing to the hard-coded "deploylist_path = '/.devtool'"
Since devtool already supports deploying to a different root-prefix
with: hostname[:destdir], we can make use of this guaranteed RW
location to place the deployment-list there.
Add the destdir parameter to the _prepare_remote_script function, to
construct the deploylist_path from it. For the 'undeploy' the same
host:destdir splitting logic is used as in 'deploy'.
Now it is possible to modify and build a recipe 'foo-bar' with
devtool, and have its ./image content deployed through:
$build> devtool deploy foo-bar target:/opt/development-overlay
Or removed again with:
$build> devtool undeploy foo-bar target:/opt/development-overlay
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Tear down method is executed even when the tests are disabled. This lead
to SSH being used to run commands on the target, and as it might fail
when no SSH server is present, we had to use ignore_ssh_fails=True here.
Instead, remove log file just before it is created: it will remain on
the target after the test is run, but this should be acceptable.
oeqa: runtime: logrotate: Remove setup and tear down methods
Setup and tear down methods are executed even when the tests are disabled.
This lead to SSH being used to run commands on the target, and as it
might fail when no SSH server is present, we had to use
ignore_ssh_fails=True here.
Instead, run cleanup tasks in tests themselves and remove the tear down
method.
Also, the wtmp configuration file is not modified since the test was
modified a few years ago: there is no need to backup and restore it.
Jason M. Bills [Wed, 22 Oct 2025 15:05:17 +0000 (08:05 -0700)]
systemd.bbclass: support template files with dots
If the SYSTEMD_SERVICE variable contains a template instance that has
dots in the name such as "xyz.openbmc_project.my@instance.service", the
regex splits on all the dots resulting in the following python
exception:
Exception: ValueError: too many values to unpack (expected 3)
To continue to support service files with dots in the name, this changes
to first split only on the '@' to isolate the name, then split the
second half on the last dot to get the remaining two parameters.
Splitting on the last dot allows dots in the instance name, as well.
Confirmed when building that the three parameters for template instances
without dots came out the same and that template instances with dots
include the full name with dots in the first parameter.
Confirmed when using an instance name with dots that the full instance
name came out correctly with dots.
CC: Ross Burton <Ross.Burton@arm.com> Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jose Quaresma [Wed, 22 Oct 2025 09:06:49 +0000 (10:06 +0100)]
create-spdx-3.0: add SPDX_LICENSES to SPDX3_DEP_FILES
If we have changes on SPDX_LICENSES content we ended up building invalid sstate-cache archives.
The default value for the SPDX_LICENSES is the file meta/files/spdx-licenses.json but this file
don't use the bitbake fetcher and because of this their checksum is not validated.
So we need to add this file to the build dependency chain of the SPDX.
For example, currently we have bump from 3.24.0 to 3.27.0 on master-next for the file
meta/files/spdx-licenses.json. Since the file content is not taken into account, we end
up creating invalid sstate-cache artifacts on the autobuilder on master-next builds.
This created sstate-cache artifacts will also be available to master branch users
that are using the upstream sstate-cache mirror.
If someone is using the public mirror but still following the master branch
they will encounter something like the following error which this change aims to resolve.
Khem Raj [Wed, 22 Oct 2025 04:53:51 +0000 (21:53 -0700)]
rust: Do not modify rpaths in llvm-config
No need to edit rpaths in llvm-config, this is not
needed anymore because the llvm-config used is from
standard install inside sysroot unlike when rust-llvm
was used, where it was installed into its own location
to avoid conflicts with llvm-config coming from llvm/clang
Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jörg Sommer [Tue, 21 Oct 2025 18:20:00 +0000 (20:20 +0200)]
gtk+3: Update 3.24.43 -> 3.24.51
According to https://www.gtk.org/docs/installations/linux/#gtk-v3x the new
place for downloads is download.gnome.org aka $GNOME_MIRROR (ftp.g.o
redirects to this). And new versions are without `+`.
Update opengl.patch, handle new `is_gl_context_current`.
Overview of Changes in GTK+ 3.24.51, 29-09-2025
===============================================
* Wayland:
- Force window titles to be valid utf8
- Flush tablet events when neccessary
* X11:
- Avoid a use-after-free with threads
* Windows:
- Avoid min/max buttons for dialogs
* Images:
- Replace a few calls to gdk_pixbuf_get_pixels
with read_pixels to avoid thread-safety issues
* GL:
- Try harder to keep the GL context current
* Input:
- Make compose file parsing more robust
* Translation updates:
Catalan
Esperanto
Persian
Overview of Changes in GTK+ 3.24.50, 07-08-2025
===============================================
* Themes:
- Add a progress-working-symbolic icon
- Support strokes in symbolic icons
- Update theme CSS
- Remove hardcoded Cantarell font
* GtkShortcutsWindow:
- Differentiate all keypad symbols visually
* GtkApplication:
- Register unsandboxed apps with the portals
* macOS:
- Remove redundant NSView calls
- Fix some memory leaks
- Don't try to use the file transfer portal
* Windows:
- Always mark windows as minimizable
* X11
- Fix problems with gtk_window_get_geometry
* Wayland:
- Fix a crash
* Input:
- Make compose sequence visuals configurable
* Printing:
- Fix the build with libcups 3
- Support gnome-papers as previewer
* Translation updates
Nepali
Persian
Uzbek (Latin)
Overview of Changes in GTK+ 3.24.49, 05-03-2025
===============================================
* Fix a crash in GtkIMContext
* Fix crashes in DND with GtkPlug/GtkSocket
* Wayland:
- Fix erroneous crossing events, causing menus to malfunction
- Support the cursor-shape protocol
* X11:
- Enforce size limits on windows, preventing lockups
* macOS:
- Fix pen tilt handling
* Translation updates
Bulgarian
Thai
Overview of Changes in GTK+ 3.24.48, 25-02-2025
===============================================
* Switch to the new ci-based release process
Overview of Changes in GTK+ 3.24.44, 24-01-2025
===============================================
* GtkFileChooser:
- Stop replacing : (colon) with U+2236 (ratio)
* GtkEmojiChooser:
- Update to Unicode 16 / CLDR 46
* GtkSpinButton:
- Use semantically appropriate icon names
- Make numeric spin buttons always LTR
* GtkEntry:
- Stop guessing text direction from keyboard layout
- Add a shortcut and context menu item to change text direction
* GtkEventControllerMotion:
- Make enter and leave signals work
* Accessibility:
- Use message dialog titles as names
* GDK:
- Fix portal handling of gvfs files
* Wayland:
- Support the xdg_foreign_v2 protocol
- Try to fix monitor geometry on sway
- Improve font setting fallback
- Use a better default cursor size
- Fix a crash during DND
* macOS:
- Fix a UI hang
* Translation updates:
Bulgarian
Farsi
Hindi
Hungarian
Icelandic
Latvian
Serbian
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steffen Greber [Tue, 21 Oct 2025 09:47:38 +0000 (09:47 +0000)]
wic: add option to specify the diskid
This adds a feature to specify the disk ID when creating a disk with
the wic tool. This is useful when using the DOS partition scheme and
booting with root=PARTUUID=<partuuid>. In DOS partitions, the partition
ID is <diskid>-<partition-number>, so it makes sense to let the user
define the disk ID.
You can specify it in the kickstart file using the --diskid argument
to the bootloader command. The value can be given in decimal or
hexadecimal format (e.g. 3735928559 or 0xdeadbeef). If omitted, the
previous behaviour does not change.
Signed-off-by: Steffen Greber <sgreber@lilafast.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 20 Oct 2025 22:09:11 +0000 (00:09 +0200)]
binutils: patch CVE-2025-11495
Pick commit per NVD CVE report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 20 Oct 2025 22:09:10 +0000 (00:09 +0200)]
binutils: patch CVE-2025-11413
Pick commit per NVD CVE report.
Note that there were two patches for this, first [1] and then [2].
The second patch moved the original patch to different location.
Cherry-pick of second patch is successful leaving out the code removing
the code from first location, so the patch attached here is not
identical to the upstream commit but is identical to applying both and
merging them to a single patch.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 20 Oct 2025 22:09:09 +0000 (00:09 +0200)]
binutils: patch CVE-2025-11412
Pick commit per NVD CVE report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 20 Oct 2025 22:09:08 +0000 (00:09 +0200)]
binutils: patch CVE-2025-11414
Pick commit per NVD CVE report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
See release notes at
- http://downloads.yoctoproject.org/releases/opkg/opkg-0.8.0.release-notes
[0.8.0] - 2025-01-10
The minor version bump in this release is due to the changes to cURL error output line format.
- [Changed](https://git.yoctoproject.org/opkg/commit/?id=ab03377868256427279b36c4b2a298edae4260b8) the error output for the curl download backend, to now report the HTTP error code for failed requests.
- e.g. `error: log_curl_download_error: Failed to download headers of https://foo.bar/all/Packages.gz: The requested URL returned error: 401`
- Enabling debug-verbosity, while using the cURL backend, [will now](https://git.yoctoproject.org/opkg/commit/?id=ce6fede3db931bb0da70d1334cdc4101d0aec702) print cURL's verbose error log to stderr when there is a download failure.
- The verbose output may contain confidential information about your cURL transactions. So this is your reminder that debug-verbosity should not be enabled in production systems or sensitive security environments.
- The commandline configuration file option (`-f`) [can now](https://git.yoctoproject.org/opkg/commit/?id=36d08b93d2859992b624a4ba2f412cfa5c766050) be specified multiple times, and each configuration file will be loaded and their settings merged.
- [Fixed](https://git.yoctoproject.org/opkg/commit/?id=c87188d7535684fddb8cf80993c147b215602b63) a bug in control field parsing where custom fields whose keys are similar to other fields could be confused by the parser.
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mike Crowe [Mon, 20 Oct 2025 16:03:53 +0000 (17:03 +0100)]
multilib.bbclass: Filter ROOTFS_RO_UNNEEDED to fix uninstallation
When building an entire multilib image (e.g. lib32-core-image-minimal)
we need to ensure that the unneeded packages in ROOTFS_RO_UNNEEDED get
the multilib prefix applied before they are compared against the list of
installed packages inside Rootfs._uninstall_unneeded() to decide whether
they need to be installed.
Ryan Eatmon [Mon, 20 Oct 2025 14:49:32 +0000 (09:49 -0500)]
kernel-fit-image: Split signing variables
Right now all signing is done with a single variable: UBOOT_SIGN_ENABLE.
This has the side effect of not allowing for signing the fitImage while
not signing the uboot files.
This patch creates three new variables specific to FIT_KERNEL and
defaults them to the corresponding UBOOT variables. That way all
existing code will remain the same, but we can selectively control just
signing the fitImage without also signing the uboot files.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
spdx_common: Fix invalid SPDX downloadLocation for Rust crates
Fixes [YOCTO #15909]
SPDX validation was failing due to the use of `crate://crates.io/...` as the
`downloadLocation`, which is not a valid SPDX URL as per the 2.2 specification.
This patch updates `fetch_data_to_uri()` in `spdx_common.py` to detect when the
fetcher type is "crate" and instead use the `url` attribute, which contains a
valid HTTP(S) URL in the expected format, e.g.:
Liu Yiding [Mon, 20 Oct 2025 02:39:55 +0000 (10:39 +0800)]
kea: fix installation umask to 0022 of meson.
The default installation umask is 0027 for Kea-built artifacts.
And it caused package conflicts as following:
Error: Transaction test error:
file /usr/lib/pkgconfig conflicts between attempted installs of kea-dev-3.0.1-r0.x86_64_v3 and btrfs-tools-dev-6.16-r0.x86_64_v3
file /usr/lib/pkgconfig conflicts between attempted installs of libgcrypt-dev-1.11.2-r0.x86_64_v3 and kea-dev-3.0.1-r0.x86_64_v3
I submitted an issue to the upstream and found upstream alreadly known this issue.
https://gitlab.isc.org/isc-projects/kea/-/issues/4171
https://gitlab.isc.org/isc-projects/kea/-/issues/3993
Then I follow the method in the SPEC file of upstream to fix this problem in Yocto.
https://gitlab.isc.org/isc-projects/kea-packaging/-/blob/master/rpm/kea.spec?ref_type=heads
meson setup build \
--buildtype release \
--install-umask 0022 \
--bindir %{_bindir} \
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The NumPy 2.3.4 release is a patch release split between a number of maintenance
updates and bug fixes. This release supports Python versions 3.11-3.14. This
release is based on Python 3.14.0 final.
Changes
- The npymath and npyrandom libraries now have a .lib rather than a .a
file extension on win-arm64, for compatibility for building with MSVC
and setuptools. Please note that using these static libraries is
discouraged and for existing projects using it, it's best to use it
with a matching compiler toolchain, which is clang-cl on Windows on
Arm.
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ricardo Salveti [Fri, 17 Oct 2025 18:51:12 +0000 (15:51 -0300)]
initramfs-framework: drop redundant /var/lock directory creation
base-files already provides /var/lock as a symbolic link to /run/lock, and
since /run is created and mounted as tmpfs during init, there is no need
to explicitly create /var/lock within initramfs.
This avoids the following spurious error during boot:
mkdir: can't create directory '/var/lock': No such file or directory
Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Fri, 17 Oct 2025 17:14:02 +0000 (19:14 +0200)]
go: upgrade 1.25.2 -> 1.25.3
Upgrade to latest 1.25.x release [1]:
$ git --no-pager log --oneline go1.25.2..go1.25.3 28622c1959 (tag: go1.25.3) [release-branch.go1.25] go1.25.3 e05b2c92d9 [release-branch.go1.25] crypto/x509: rework fix for CVE-2025-58187 79ec0c94f3 [release-branch.go1.25] spec: update spec date to match release date
This release addresses breakage caused by a security patch included in Go 1.25.2
and 1.24.8, which enforced overly restrictive validation on the parsing of X.509
certificates. We've removed those restrictions while maintaining the security
fix that the initial release addressed [2].
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Liu Yiding [Fri, 17 Oct 2025 05:57:24 +0000 (13:57 +0800)]
llvm: multilib-header fix for llvm/Config/llvm-config.h
Fix following conflicts when enabling multilib.
Error: Transaction test error:
file /usr/include/llvm/Config/llvm-config.h conflicts between attempted installs of lib32-llvm-dev-21.1.3-r1.core2_32 and llvm-dev-21.1.3-r1.x86_64_v3
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Thu, 16 Oct 2025 20:40:58 +0000 (22:40 +0200)]
python3: upgrade 3.13.7 -> 3.13.9
Drop upstreamed patch and refresh remaining patches.
Release information:
* https://www.python.org/downloads/release/python-3138/
* 3.13.8 is the eighth maintenance release of 3.13, containing around
200 bugfixes, build improvements and documentation changes since
3.13.7.
* https://www.python.org/downloads/release/python-3139/
* This Python 3.13.9, a maintenance release for Python 3.13.
* 3.13.9 is an expedited release containing a fix for one specific
regression in Python 3.13.8
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gyorgy Sarvari [Thu, 16 Oct 2025 08:28:29 +0000 (10:28 +0200)]
webkitgtk: upgrade 2.48.5 -> 2.50.0
Dropped fix-armv7-compilation.patch, because it is included in this
release.
Dropped no-musttail-arm.patch, because it has been solved by project
(a bit differently)[1]
Added a new backported patch, fix-musl-compilation.patch
to avoid build error when compiling with musl libc:
.../Source/bmalloc/libpas/src/libpas/pas_probabilistic_guard_malloc_allocator.c:52:10: fatal error: execinfo.h: No such file or directory
| 52 | #include <execinfo.h>
| | ^~~~~~~~~~~~
Another patch, fix_op_instanceof_handler_for_32-bit_C-loop_build.patch is under review by
upstream. It fixes compiling for 32-bit targets by fixing the following error:
error: label 'op_instanceof_return_location' used but not defined
Changelog:
2.50.0:
- Fix rendering with software rasterization enabled.
- Fix WebAudio issues after idling for a minute.
- Fix several crashes and rendering issues.
2.49.90:
- Add support for font collection / fragment identifiers.
- Fix web process deadlock on exit.
- Fix stuttering when playing WebP animations
- Fix CSS animations with cubic-bezier timing function.
- Do not start the MemoryPressureMonitor if it's disabled
- Translation updates: Polish, Slovenian.
- Fix several crashes and rendering issues.
2.49.4:
- Enable CSS property font-variant-emoji is now enabled by default.
- Improve emoji font selection.
- Add SVT-AV1 encoder support to media backend.
- Show device scale factor in webkit://gpu.
- Fix font rendering of composed characters with certain fonts.
- Fix handling of font synthesis properties (bold/italic).
- Fix documentation of WebKitDeviceInfoPermissionRequest.
- Fix several crashes and rendering issues.
2.49.3:
- Add new API to get the theme color of a WebKitWebView.
- Fix rendering with GTK 3.
- Notify automation session on abnormal disconnections.
- Fix a crash by ensuring SkiaRecordingResult is destroyed on the main thread.
- Fix build on s390x.
- Fix the build with GTK 3.
- Fix several crashes and rendering issues.
2.49.2:
- Enable damage propagation to the UI process by default.
- Pass available input devices from UI process to web process for Interaction Media Features.
- Always have a fallback when domain does not have known base.
- Fix URL after HSTS upgrade in case of redirection.
- Fix rendering when device scale factor change comes before the web view geometry update.
- Ensure web view is focused on tap gesture.
- Fix a crash when setting WEBKIT_SKIA_GPU_PAINTING_THREADS=0.
- Fix several crashes and rendering issues.
- Translation updates: Brazilian Portuguese, Swedish.
2.49.1:
- Change threaded rendering implementation to use Skia API instead of WebCore display
list that is not thread safe. This also allowed to improve performance by recording
layers once and replaying every dirty region in different worker threads.
- Added hybrid rendering mode that tries to use the GPU worker threads, but if they
are all busy the CPU worker threads are used if possible.
- Add volume locking support to media player.
- Add support for tracing counters with Sysprof.
- Fix several crashes and rendering issues.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Liu Yiding [Wed, 15 Oct 2025 02:13:36 +0000 (10:13 +0800)]
kea: fix conflict between kea-dhcp4 and kea-dhcp6 multilibs
There are conflict of config files between kea and lib32-kea:
| Error: Transaction test error:
| file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of lib32-kea-3.0.1-r0.core2_32 and kea-3.0.1-r0.x86_64_v3
| file /etc/kea/kea-dhcp6.conf conflicts between attempted installs of lib32-kea-3.0.1-r0.core2_32 and kea-3.0.1-r0.x86_64_v3
Update this patch after kea was upgraded to 3.0.1.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 17 Oct 2025 09:34:30 +0000 (10:34 +0100)]
build-appliance-image: install bitbake+oe-core+meta-yocto, not poky
Change the build-appliance image to include current git trees of the
separate bitbake/openembedded-core/meta-yocto repositories, instead of
the merged poky repository as that is being discontinued.
linux-firmware: Fix removing unlicensed firmware if compression is used
If FIRMWARE_COMPRESSION is set, the newly added code to remove
unlicensed firmware fails with:
| Remove unlicensed firmware: acenic/tg1.bin
| rm: cannot remove '.../work/all-oe-linux/linux-firmware/20250917/image/usr/lib/firmware/acenic/tg1.bin': No such file or directory
This is because the code does not consider that the file may be
compressed.
Fix it by factoring out the code to construct the compressed file
name suffix from do_install:append() into a python function and
also use it for the actual file names listed in REMOVE_UNLICENSED.
Ross Burton [Fri, 17 Oct 2025 13:27:17 +0000 (14:27 +0100)]
classes/cargo_common: ensure B is clean
The cargo class defaults to out-of-tree builds in WORKDIR/build, but
at no point was that directory cleaned. This causes problems with the
rust standard library recipe (libstd-rs) which installs manually with cp,
so rebuilds can be contaminated with the contents of previous builds.
I believe that post-release we should switch cargo.bbclass to mandating
out-of-tree builds to reduce the complexity, but for now in out-of-tree
builds we can just delete the ${B}/target directory.
Note that we use ${B}/target because there at least were reasons to use
that name[1], it is unclear if these limitations still hold. We can't
simply clean ${B} because that will break recipes that use cargo and
something else to build, for example librsvg.
kconfig: Add transitional symbol attribute for migration support
During kernel option migrations (e.g. CONFIG_CFI_CLANG to CONFIG_CFI),
existing .config files need to maintain backward compatibility while
preventing deprecated options from appearing in newly generated
configurations. This is challenging with existing Kconfig mechanisms
because:
1. Simply removing old options breaks existing .config files.
2. Manually listing an option as "deprecated" leaves it needlessly
visible and still writes them to new .config files.
3. Using any method to remove visibility (.e.g no 'prompt', 'if n',
etc) prevents the option from being processed at all.
Add a "transitional" attribute that creates symbols which are:
- Processed during configuration (can influence other symbols' defaults)
- Hidden from user menus (no prompts appear)
- Omitted from newly written .config files (gets migrated)
- Restricted to only having help sections (no defaults, selects, etc)
making it truly just a "prior value pass-through" option.
The transitional syntax requires a type argument and prevents type
redefinition:
config NEW_OPTION
bool "New option"
default OLD_OPTION
config OLD_OPTION
bool
transitional
help
Transitional config for OLD_OPTION migration.
This allows seamless migration: olddefconfig processes existing
CONFIG_OLD_OPTION=y settings to enable CONFIG_NEW_OPTION=y, while
CONFIG_OLD_OPTION is omitted from newly generated .config files.
Added positive and negative testing via "testconfig" make target.
Bruce Ashfield [Thu, 16 Oct 2025 03:08:42 +0000 (23:08 -0400)]
linux-yocto/6.16: genericarm64: feature splits and enablement
Integrating the following commit(s):
9e0a3e81 genericarm64.cfg: enable more power, reset drivers 0293b84e genericarm64.cfg: enable MFD_KHADAS_MCU f9c89a33 genericarm64-regulator.cfg: enable more drivers 01af8892 genericarm64.cfg: enable more IRQCHIP support 96bf1e51 genericarm64.scc: enable USB serial support dc7502db genericarm64.cfg: improve SATA support e85415a3 genericarm64.cfg: improve input device support cb734447 genericarm64.cfg: enable more Hisilicon PCI drivers 362c7b10 genericarm64.cfg: enable USB_CHIPIDEA_NPCM c9127be9 genericarm64.cfg: enable EXTCON_USBC_CROS_EC 3836443f genericarm64.cfg: improve PHY support a25d50d8 genericarm64-clock.cfg: improve Qualcomm, Renesas etc clock driver support 5e47e723 usb-net.cfg: add USB_LAN78XX e5be3915 genericarm64-clock.cfg: add more Renesas support 8d1d61f1 genericarm64.cfg: improve Renesas pmdomain support 89d463fc genericarm64.cfg: enable UACCE 18251d7d genericarm64.cfg: more MTD CFI etc support 070f72bc genericarm64.cfg: enable PCIe error reporting dfa6ca16 genericarm64.cfg: add more ethernet support 5821cdf3 genericarm64.scc: add genericarm64-rtc.cfg and enable more HW support e9847838 genericarm64.cfg: enable Chrome OS platform drivers 549b8af0 genericarm64.scc: enable Mellanox ethernet support 5e172179 mellanox.scc: add network driver feature 27eaec09 genericarm64.cfg: improve USB_DWC3 support c543148b genericarm64.cfg: improve TYPEC_MUX support 62b093b3 genericarm64.scc: enable exFAT support 360d572b cfg/fs/exfat.scc: add config feature 8be64103 genericarm64.cfg: add more USB 3.0 and basic 2.0 support 48e00648 genericarm64-arch.cfg: enable more Renesas support cef54e58 genericarm64.cfg: enable ARM_PSCI_FW support 129993c7 genericarm64.cfg: enable more TPM and FFA support 8cd8cb12 genericarm64.cfg: enable TCG_TIS as module be840fc8 genericarm64.cfg: enable ZYNQMP_FIRMWARE 9f94acee genericarm64.cfg: enable COMMON_CLK_ZYNQMP 10a0e7c7 genericarm64.cfg: enable DMI_SYSFS 705cae9a genericarm64.scc: enable efi-test.scc 08fd4f23 efi-test: add config fragment for EFI test interface 98178196 genericarm64.cfg: enable ARM_PSCI_CPUIDLE_DOMAIN
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
