Ross Burton [Thu, 19 Jun 2025 13:20:45 +0000 (14:20 +0100)]
oeqa/selftest: add new test for toolchain switching
Add a basic test for the toolchain switching code: set the
toolchain to GCC by default but Clang for a specific recipe, and verify
that two recipes are built with the expected compiler.
This works because before we strip the installed binaries there is a
.comment segment that contains the list of toolchains used.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 19 Jun 2025 13:20:44 +0000 (14:20 +0100)]
oeqa/selftest/esdk: remove postconfig argument
Discovered when looking for users of get_bb_var()'s postconfig argument,
this wrapper around runCmd() has a postconfig argument that has odd
behaviour: it _appends_ the new configuration to local.conf instead of
having them used for this specific run (unlike the other functions in
commands.py)
None of the eSDK tests use this functionality, so remove it. Future test
cases that need to write further configuration should do so directly.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Moritz Haase [Tue, 17 Jun 2025 09:24:56 +0000 (11:24 +0200)]
cmake: Correctly handle cost data of tests with arbitrary chars in name
ctest automatically optimizes the order of (parallel) test execution based on
historic test case runtime via the COST property (see [0]), which can have a
significant impact on overall test run times. Sadly this feature is broken in
CMake < 4.0.0 for test cases that have spaces in their name (see [1]).
This commit backports the upstream fix. As repeated test runs are expected to
mainly take place inside the SDK, the patch is only applied to 'nativesdk'
builds.
Andrej Valek [Wed, 18 Jun 2025 08:04:39 +0000 (10:04 +0200)]
dropbear: add xauth runtime recommends dependency on x11 DISTRO_FEATURE
Change enable-x11-forwarding PACKAGECONFIG to x11, while we can rely
directly on X11 DISTRO_FEATURE. Previously when enable-x11-forwarding was
used, the XAUTH_COMMAND failed due to missing xauth. So add xauth to
runtime recommends dependency and enable this behavior as default.
Signed-off-by: Andrej Valek <andrej.v@skyrain.eu> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jamin Lin [Tue, 17 Jun 2025 08:10:52 +0000 (16:10 +0800)]
oe-selftest: fitimage: Add test for signing U-Boot FIT image without SPL
This adds a new selftest case `test_sign_uboot_fit_image_without_spl` to verify
that the build can correctly generate and sign a U-Boot FIT image in a scenario
where no SPL is used.
Background:
- Some boards build only the U-Boot proper FIT image and do not require an SPL.
- The signing flow must handle this case gracefully: generate the ITS, sign
the FIT image, and skip signing/injecting a key into the SPL DTB.
What this test does:
1) Enables `UBOOT_FITIMAGE_ENABLE` and `SPL_SIGN_ENABLE` but explicitly sets
`SPL_DTB_BINARY` to an empty string to indicate that no SPL is present.
2) Verifies that the U-Boot ITS and FIT image are built successfully.
3) Confirms that the generated ITS file includes signature metadata as requested.
4) Dumps the FIT image to ensure that the signature nodes exist.
5) Confirms that the log for `do_uboot_assemble_fitimage` shows the expected
mkimage/mkimage_sign invocation.
This ensures that signing works correctly even when only the U-Boot proper is built,
which matches real-world configurations that do not require an SPL.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jamin Lin [Tue, 17 Jun 2025 08:10:51 +0000 (16:10 +0800)]
uboot-sign.bbclass: Refactor condition checks to use && and || instead of -a and -o
This commit cleans up and modernizes the shell condition expressions in
`uboot-sign.bbclass` to follow best practices for portable and reliable shell usage.
Key changes:
- Replace legacy `[ -a ]` and `[ -o ]` with explicit `[ ] && [ ]` and `[ ] || [ ]`.
Modern POSIX and busybox sh recommend using `&&` and `||` instead of `-a` and `-o`
because `-a` and `-o` are less robust and can cause parsing ambiguities in some shells.
- Simplify `concat_dtb()` by moving the DTB existence check to the top and using
early `return` to avoid deep nesting.
- Remove redundant fallback `else` blocks; use clearer control flow with direct checks.
This improves maintainability, reduces shell syntax pitfalls, and aligns with
current shell scripting best practices.
References:
- POSIX recommends avoiding `-a` and `-o` in `[ ]` and using explicit `&&` and `||`:
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jamin Lin [Tue, 17 Jun 2025 08:10:50 +0000 (16:10 +0800)]
uboot-sign: Support signing U-Boot FIT image without SPL
Previously, the signing flow in "uboot-sign.bbclass" assumed that SPL was always
present and that the FIT signing process must inject the public key into the
SPL DTB. This made it inflexible for use cases where only the U-Boot proper
FIT image is built and signed, with no SPL binary at all.
This change introduces the following adjustments:
- The `SPL_DTB_BINARY` variable can be explicitly set to an empty string
to indicate that no SPL is present.
- The signing logic checks `SPL_DTB_BINARY` and skips injecting the
key or verifying the SPL DTB if it is empty.
- The FIT image generation and deployment are always performed if
`UBOOT_FITIMAGE_ENABLE` is enabled, regardless of the SPL settings.
- The deploy helper now uses a single check on `SPL_DTB_BINARY` to decide
whether to deploy the signed SPL DTB.
Now the sign step checks if SPL_DTB_BINARY is empty:
If present, it signs the FIT image and injects the public key into the SPL DTB,
then verifies both.
If empty, it only signs the FIT image and generates the ITS with the signature
node, but does not attempt to verify or add the key to a non-existent SPL DTB.
Key Behavior Explained
If SPL_DTB_BINARY is empty, we assume there is no SPL.
If UBOOT_FITIMAGE_ENABLE=1, we always create the FIT image and ITS.
If SPL_SIGN_ENABLE=1, we always sign the FIT image, but only inject the key into
the SPL DTB if it exists.
Poonam Jadhav [Mon, 16 Jun 2025 04:36:57 +0000 (10:06 +0530)]
libpng: Add ptest
Install libpng test-suite to run it as a ptest.
As the test-suite takes more than 30 seconds to run,
add libpng-ptest to PTESTS_SLOW in ptest-packagelists.inc
Daniel Turull [Tue, 10 Jun 2025 15:24:43 +0000 (17:24 +0200)]
improve_kernel_cve_report: add script for postprocesing of kernel CVE data
Adding postprocessing script to process data from linux CNA that includes more accurate metadata and it is updated directly by the source.
Example of enhanced CVE from a report from cve-check:
{
"id": "CVE-2024-26710",
"status": "Ignored",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710",
"summary": "In the Linux kernel, the following vulnerability [...]",
"scorev2": "0.0",
"scorev3": "5.5",
"scorev4": "0.0",
"modified": "2025-03-17T15:36:11.620",
"vector": "LOCAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"detail": "not-applicable-config",
"description": "Source code not compiled by config. ['arch/powerpc/include/asm/thread_info.h']"
},
And same from a report generated with vex:
{
"id": "CVE-2024-26710",
"status": "Ignored",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710",
"detail": "not-applicable-config",
"description": "Source code not compiled by config. ['arch/powerpc/include/asm/thread_info.h']"
},
For unpatched CVEs, provide more context in the description:
Tested with 6.12.22 kernel
{
"id": "CVE-2025-39728",
"status": "Unpatched",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2025-39728",
"summary": "In the Linux kernel, the following vulnerability has been [...],
"scorev2": "0.0",
"scorev3": "0.0",
"scorev4": "0.0",
"modified": "2025-04-21T14:23:45.950",
"vector": "UNKNOWN",
"vectorString": "UNKNOWN",
"detail": "version-in-range",
"description": "Needs backporting (fixed from 6.12.23)"
},
CC: Peter Marko <peter.marko@siemens.com> CC: Marta Rybczynska <rybczynska@gmail.com> Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 17 Jun 2025 14:16:48 +0000 (15:16 +0100)]
libcheck: disable subunit support
We don't have a recipe for subunit in core (or any layer in the layer
index), and unfortunately a bug in the CMakeLists means that the native
build can detect subunit on the host (so host contamination) and only
half-enable it, so the build fails.
Take a patch from upstream's github to add an option for subunit, and
explicitly disable it.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 6 Jun 2025 13:31:57 +0000 (14:31 +0100)]
toolchain/gcc/clang: Update PREFERRED_PROVIDER to work with multilibs
As currently written, the PREFERRED_PROVIDER entries don't work with multilib
since they are added after the manipulations by multilib_global at ConfigParsed
time. We therefore need to spell out the configs correctly for multilib.
To avoid variable overwritten warnings from the expansion, we then have to
expand out the nativesdk providers usng class overrides.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 23 May 2025 03:52:35 +0000 (20:52 -0700)]
toolchain: Provide abstraction for recipe specific toolchain selection
This change implements a toolchain selection mechanism. Selection is
made using a set of variables, primarily PREFERRED_TOOLCHAIN_TARGET which
defaults to gcc.
It uses the familiar name for toolchain e.g. "gcc" which selects GNU
compiler + binutils as default C/C++ toolchain or "clang" which will
use LLVM/Clang Compiler. Layers an add their own toolchain definitions
too.
There are also PREFERRED_TOOLCHAIN_NATIVE and PREFERRED_TOOLCHAIN_SDK
which will ulitmately allow selection of the toolchain used for the
native/cross and nativesdk/crosssdk compilers. This currently isn't
functional but is essential to the patch to ensure things are set
to the existing gcc support in those cases.
Users would most commonly want to set:
PREFERRED_TOOLCHAIN_TARGET ?= "clang"
in local.conf or other distro specific global configuration metadata.
It is also selectable at recipe scope, since not all packages are
buildable with either clang or gcc, a recipe can explicitly require
a given toolchain using the TOOLCAHIN variable, e.g. glibc can not
be built with clang therefore glibc recipe sets:
TOOLCHAIN = "gcc"
The TOOLCHAIN variable is distinct from the user preference so recipes
with specific requirements can be identified. This also allows different
polcies to be be specified for native/SDK cases in the future.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 6 Jun 2025 10:46:46 +0000 (11:46 +0100)]
base: Add deferred class event handler
Use the new deferred class event to set the class overrides earlier.
This improves interaction of the override with PACKAGECONFIG values
that control conditional inherits (such as python support).
This also allows toolchain configuration in an easier and more user
friendly way.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 13 Jun 2025 16:20:52 +0000 (17:20 +0100)]
wic: Avoid problems with "-" characters in plugin names
Remap "-" characters in plugin names to "_" so wic plugins
can be extended using standard python class inheritance.
This change means wic files can be incrementally updated over time
to the correct name rather than breaking everything. Actual plugin
module files will need to be renamed as done in previous patches.
Also remove a double call to get_plugins() which isn't needed.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Anibal Limon [Wed, 11 Jun 2025 15:33:18 +0000 (15:33 +0000)]
wic: pluginbase ensure layer order when load plugins
To support extensions on wic plugins, the load order needs
to be grauntee matching BBLAYERS variable.
Fix cases when try to import a plugin from another layer,
example of the case to fix,
```
Traceback (most recent call last):
File "/workspaces/ls/linux/layers/openembedded-core/scripts/wic",line
547, in <module>
sys.exit(main(sys.argv[1:]))
^^^^^^^^^^^^^^^^^^
...
File "/workspaces/ls/linux/layers/openembedded-core/scripts/lib/wic/
engine.py", line 137, in list_source_plugins
plugins = PluginMgr.get_plugins('source')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/workspaces/ls/linux/layers/openembedded-core/scripts/lib/wic/
pluginbase.py", line 73, in get_plugins
spec.loader.exec_module(module)
File "<frozen importlib._bootstrap_external>", line 940, in exec_module
File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
File "/workspaces/ls/linux/limonsoftware/bsp/scripts/lib/wic/plugins/
source/bootimg_rpi_autoboot_partition.py", line 1, in <module>
from wic.plugins.source.bootimg_partition import BootimgPartitionPlugin
ModuleNotFoundError: No module named 'wic.plugins.source.bootimg_partition'
```
Signed-off-by: Anibal Limon <anibal@limonsoftware.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Mon, 16 Jun 2025 09:16:36 +0000 (17:16 +0800)]
python3-pdm: upgrade 2.24.2 -> 2.25.1
Changelog:
=============
- Fix duplicated dependencies added to the lock file when the same dependency with extras is requested.
- Stabilize order of the extras and dependency-groups fields in pylock output.
- Fix Windows 11 install pdm error, which is because of msgpack install failure.
- Change the return type of array_of_inline_tables to list[dict] from list[str]
- Ensure uv resolver to include hash for package files.
- Avoid infinite recursion when reading pyproject.toml with circular file dependencies.
- Support pylock as alternative lock format and make it opt-in by config.
- Search for package metadata in lock file first when reuse strategy is used.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Mon, 16 Jun 2025 09:16:33 +0000 (17:16 +0800)]
python3-dtschema: upgrade 2025.2 -> 2025.6.1
Changelog:
===========
- Fix a longstanding ordering issue with extracting type information
from properties which have a reference to another property. 'mac-mode'
is the one in the Linux kernel.
- Fix a false positive warning about missing
unevaluatedProperties/additionalProperties
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Mon, 16 Jun 2025 09:16:32 +0000 (17:16 +0800)]
python3-cython: upgrade 3.1.1 -> 3.1.2
Bugs fixed
----------
* Attribute lookups failed on the "bool" builtin type.
* Type checks on or-ed union types could incorrectly return false.
* Negative list indexing could accidentally wrap around twice in PyPy and the Limited API.
* Iterating over literal sequences with starred (unpacked) items could infer a wrong
type for the loop variable and fail to assign the values.
* Calls to C functions taking exception types failed to check for a 'None' argument.
* Fused functions had an incorrect "__module__" attribute.
* The type of Cython implemented functions had an incorrect "__module__" attribute.
* Errors while indexing into "bytearray" or "str" in "nogil" sections could crash.
* "bytearray.append()" could silently accept some invalid character numbers.
* The C++11 "<type_traits>" header was included regardless of the C++ version.
* "PyDict_GetItemStringRef()" was accidentally used in older Limited API versions.
* "abort()" was used but not always available in the Limited API.
* Some dependencies were missing from the "depfile".
* Embedded function signatures were not always separated from the existing docstring.
* "numpy.math" was missing from "Cython/Includes/" and could not be cimported.
* Some tests were adapted for NumPy 2.x.
* Some C compiler warnings were fixed.
* "Cython.Build" was not officially exposing the "cythonize" function.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Mon, 16 Jun 2025 09:16:28 +0000 (17:16 +0800)]
lttng-modules: upgrade 2.13.18 -> 2.13.19
Changelog:
===========
* Fix missing override when CONFIG_COMPAT_OLD_SIGACTION is not defined
* fix: writeback: 'balance_dirty_pages' Respect 'CONFIG_CGROUP_WRITEBACK'
* Fix: scsi: RESERVE and RELEASE renamed in Linux v6.15-rc1
* Fix: del_timer[_sync] deleted in linux v6.15-rc1
* Fix: Use 'nonseekable_open' for proc files
* Fix: trace_balance_dirty_pages in Linux v6.14.2
* fix: version constraint for building lttng-probe-9p
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Mon, 16 Jun 2025 09:16:27 +0000 (17:16 +0800)]
libsolv: upgrade 0.7.32 -> 0.7.33
Changelog:
===========
- selected bug fixes:
* improve transaction ordering by allowing more uninst->uninst
edges
* implement color filtering when adding update targets
- new features:
* support orderwithrequires dependencies in susedata.xml
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Mon, 16 Jun 2025 09:16:25 +0000 (17:16 +0800)]
libjpeg-turbo: upgrade 3.1.0 -> 3.1.1
Changelog:
- Hardened the libjpeg API against hypothetical calling applications that may
erroneously change the value of the 'data_precision' field in
'jpeg_compress_struct' or 'jpeg_decompress_struct' after calling
'jpeg_start_compress()' or 'jpeg_start_decompress()'.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Mon, 16 Jun 2025 09:16:21 +0000 (17:16 +0800)]
gtk4: upgrade 4.18.5 -> 4.18.6
Bugs fixed:
- Wrong behavior of GdkKeymap on macOS
- cups: NULL-terminate array of choices
- Fix the android build
- icontheme: Load the missing image icon from the theme
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
hongxu [Mon, 16 Jun 2025 05:00:53 +0000 (13:00 +0800)]
libxml2: fix CVE-2025-6021
According to [1]
A flaw was found in libxml2's xmlBuildQName function, where integer overflows
in buffer size calculations can lead to a stack-based buffer overflow. This
issue can result in memory corruption or a denial of service when processing
crafted input.
Refer debian [2], backport a fix [3] from upstream
Ross Burton [Fri, 13 Jun 2025 13:16:17 +0000 (14:16 +0100)]
oe/license_finder: don't return the "crunched" license text in crunch_license
crunch_license() will perform some basic text manipulation to try and
canonicalise the license texts. It also returns the new license text but
none of the callers use this, and as a slightly mangled version of the
original it has no real purpose.
Remove this return value and clean up the callers.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 13 Jun 2025 13:16:16 +0000 (14:16 +0100)]
oe/license_finder: remove unused arguments in get_license_md5sums
get_license_md5sums() has two optional arguments:
- static_only: if set, don't checksum the licenses in COMMON_LICENSE_DIR
- linenumbers: if set, the CSV file can contain begin/end/md5 values as
used in LIC_FILES_CHKSUM.
Neither of these are used and complicate the logic, so remove them.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 13 Jun 2025 13:16:14 +0000 (14:16 +0100)]
oe/license_finder: add first_only argument to find_licenses()
It may be desired to find only the "top-level" license file instead of
every potential candidate, so add a first_only argument (defaulting to
False to preserve existing behaviour) to return just the first license
found.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 13 Jun 2025 13:16:11 +0000 (14:16 +0100)]
lib/oe/license_finder: extract license finding code from recipetool
This code is 99% identical to the original code in recipetool/create.py,
but with two minor changes:
- The implicit recipetool logger is changed to an explicit logger
- The CSV of license hashes is moved to meta/files/
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Sat, 14 Jun 2025 15:58:12 +0000 (17:58 +0200)]
oe-selftest: fitimage: replace cleansstate with compile -f
Avoid using "cleansstate" in tests, as it can remove files from
SSTATE_DIR and disrupt parallel builds on autobuilders. Use
"bitbake kernel-signing-keys-native -c compile -f" to force key
regeneration without affecting shared state.
Adrian Freihofer [Sat, 14 Jun 2025 15:41:34 +0000 (17:41 +0200)]
devtool: ide-sdk code remove twxs.cmake
Do no longer recommend the twxs.cmake VSCode plugin. There is now a
language server built into the ms-vscode.cmake-tools plugin as well.
>From Release notes 1.20.53
https://marketplace.visualstudio.com/items/ms-vscode.cmake-tools/changelog
Add notification suggesting users to uninstall twxs.cmake now that we
have built-in Language Services. Follow this advice.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gyorgy Sarvari [Thu, 12 Jun 2025 14:20:34 +0000 (16:20 +0200)]
weston: upgrade 14.0.1 -> 14.0.2
While at it, also add libpam as a dependency to the vnc pkgconf, to
avoid the following error:
| Run-time dependency pam found: NO (tried pkgconfig and cmake)
|
| ../weston-14.0.2/libweston/meson.build:95:15: ERROR: C shared or static library 'pam' not found
Changelog:
- frontend: Fix crash in output resize handler
- libweston: fix bitshift in weston_idalloc_get_id()
- libweston: fix realloc in weston_idalloc
- libweston: refactor update_lowest_free_bucket()
- libweston-desktop: don't try to move child surfaces to not existing layer
- libweston/input.c: Fix weston crash with the mouse event
- windowed-output-api.h: Provide ARRAY_LENGH() for windowed-output-api
- drm: Fix underlay test
- compositor: Mark pnode accordingly when buffer type is direct
- compositor: re-order paint node placeholder checks
- gl-renderer: Take direct-display into consideration
- shared: fix binding-modifier none
- vnc: Allow neatvnc in version 0.9.0
- compositor: Prevent startup crash when hdcp mode is set on display
- libweston/desktop: Avoid a potential crash on invalid resource
- libweston/desktop: Don't destroy the xdg_surface
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The cheeck for debug-deps is looking for the mere existence of the
substring "-dbg" inside of the name of an RDEPENDS package, but it should be
an endswith check. This helps with some eroneous errors in kernel
module names like:
ERROR: linux-xxx do_package_qa: QA Issue: kernel-modules rdepends on kernel-module-g-dbgp-6.12.22-ti [debug-deps]
and
ERROR: QA Issue: kernel-module-mtk-vcodec-dec-6.16.0-rc1-next-20250610-dirty rdepends on kernel-module-mtk-vcodec-dbgfs-6.16.0-rc1-next-20250610-dirty [debug-deps]
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 12 Jun 2025 20:30:01 +0000 (21:30 +0100)]
libtheora: disable all 32-bit arm assembler
The 32-bit Arm assembler is mostly broken. In 1.1.0 it was never used,
and 1.2.0 tries to enable it and there are a number of different ways it
can fail (some gcc/architecture combinations, and all clang builds).
Until this is fixed upstream, simply disable assembler entirely.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Quentin Schulz [Thu, 12 Jun 2025 12:14:32 +0000 (14:14 +0200)]
mesa: do not build nouveau NVIDIA gallium-llvm driver if not requested
The Nouveau driver is used for NVIDIA GPUs and thus doesn't really need
to be always enabled when building gallium-llvm drivers.
So let's guard it with a nouveau PACKAGECONFIG.
The only intended change is nouveau not being build on target mesa on
non-x86/i686 machines when building gallium-llvm drivers as I assume
NVIDIA GPUs aren't that common on other CPU architectures (tegra already
bringing in the nouveau driver should handle the NVIDIA SoCs that would
benefit from nouveau driver and thus are not impacted by this change).
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Quentin Schulz [Thu, 12 Jun 2025 12:14:31 +0000 (14:14 +0200)]
mesa: do not build r300 AMD gallium-llvm driver if not requested
It doesn't make much sense to always build the r300 AMD gallium LLVM
driver as that's HW-specific.
Instead, let's guard it with the amd PACKAGECONFIG.
This will only disable R300 for target mesa on non-x86/i686 machines
where gallium-llvm PACKAGECONFIG is selected but not amd, otherwise
behavior is left unchanged.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Volk [Tue, 10 Jun 2025 05:58:10 +0000 (07:58 +0200)]
libcheck: use cmake instead of autotools
- this fixes a build issue seen with current master-next branch:
| check.texi:1610: warning: node prev pointer for `Testing Signal Handling and Exit Values' is `Selective Running of Tests' but prev is `Selecting Tests Based on Arbitrary Tags' in menu
| check.texi:2051: warning: node prev pointer for `TAP Logging' is `Test Logging' but prev is `XML Logging' in menu
| make[2]: Leaving directory '/home/flk/poky/build/tmp/work/corei7-64-poky-linux/libcheck/0.15.2/build/doc'
| make[2]: *** [Makefile:452: ../../check-0.15.2/doc/check.info] Error 1
| make[1]: *** [Makefile:574: all-recursive] Error 1
| make[1]: Leaving directory '/home/flk/poky/build/tmp/work/corei7-64-poky-linux/libcheck/0.15.2/build'
| make: *** [Makefile:420: all] Error 2
| ERROR: oe_runmake failed
| WARNING: /home/flk/poky/build/
- checkmk adds a reproducibility issue. @AWK_PATH@ is unique, because awk is
in hosttools. We dont want it that way for target. Use a '-D' assignment to
fix this (Thanks to Ross.Burton@arm.com).
Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Hongxu Jia [Fri, 13 Jun 2025 03:43:17 +0000 (20:43 -0700)]
ovmf: fix CVE-2024-38797
According to [1]:
EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of
bounds when a corrupted data pointer and length are sent via an adjecent network.
A successful exploit of this vulnerability may lead to a loss of Integrity and/or
Availability.
Osose Itua [Wed, 11 Jun 2025 15:24:22 +0000 (11:24 -0400)]
toaster.bbclass: fix toaster error caused by tabs in BBLAYERS
Users may unknowingly put tabs in BBLAYERS instead of spaces, and this is
interpreted as a literal "\t" at the start of the filepath which causes
_get_layer_dict() function to fail at finding the filepath.
Instead of using split(" "), which restricts it to split on just spaces
replace with split() as this handles spaces, tabs and newlines.
Min steps to reproduce:
- Clone the poky repo:
git clone git://git.yoctoproject.org/poky
cd poky
source oe-init-build-env
- Insert tabs in the BBLAYERS variable in bblayers.conf
- Note: tab needs to be in the recipe that is being built for the error to be observed
- Ex: ` /home/<user>/src/poky/meta-skeleton \`
- Start toaster
source toaster start
bitbake hello
Error message:
FileNotFoundError: [Errno 2] No such file or directory: '\t/home/<user>/src/poky/meta-skeleton’
Fix by using split() instead of split(" ").
Suggested-by: Anakin Childerhose <anakin.childerhose@savoirfairelinux.com> CC: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Osose Itua <osose.itua@savoirfairelinux.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The meaning of the "len" parameter in the my_strncat function is the size limit for
copying characters from "from", not the size limit for "to" after copying. Also,
the "#define safestrcat(to, from) my_strncat(to, from, sizeof(to) - strlen(to) - 1)"
has already imposed a limit on max based on the size of "to". Modify the function
to prevent truncation of content when too many bytes are passed to the my_strcat function.
Yash Shinde [Tue, 10 Jun 2025 06:19:54 +0000 (23:19 -0700)]
rust: Upgrade 1.85.1->1.86.0
Rust stable version updated to 1.86.0.
https://blog.rust-lang.org/2025/04/03/Rust-1.86.0.html
* Add pkgconfig-native and openssl to resolve openssl-sys crate
dependency on pkg-config. As per rust document this is a required dependency.
Fixes:
| error: failed to run custom build command for `openssl-sys v0.9.106`
| Could not find openssl via pkg-config:
| The pkg-config command could not be found.
|
| Most likely, you need to install a pkg-config package for your OS.
| Try `apt install pkg-config`, or `yum install pkg-config`,
| or `pkg install pkg-config`, or `apk add pkgconfig` depending on your distribution
* Add Ninja as a dependency for building Rust to prevent bootstrap
build regression.
Fixes:
| Building LLD for x86_64-unknown-linux-gnu
|
| Couldn't find required command: ninja (or ninja-build)
|
| You should install ninja as described at
| <https://github.com/ninja-build/ninja/wiki/Pre-built-Ninja-packages>,
| or set `ninja = false` in the `[llvm]` section of `config.toml`.
| Alternatively, set `download-ci-llvm = true` in that `[llvm]` section
| to download LLVM rather than building it.
* Add bash to DEPENDS to resolve missing dependency for subtree-sync.sh
Fixes:
ERROR: rust-1.86.0-r0 do_package_qa: QA Issue: /usr/lib/rustlib/src/rust/library/portable-simd/subtree-sync.sh
contained in package rust requires /bin/bash, but no providers found in RDEPENDS:rust? [file-rdeps]
* Add do_install:append() task to remove cargo bin from rust native builds.
This resolves the following conflict:
Fixes:
ERROR: libstd-rs-1.86.0-r0 do_prepare_recipe_sysroot: The file /usr/bin/cargo is
installed by both rust-native and cargo-native, aborting
* Update Unicode-3.0 license checksums.
License-Update: Copyright and license files to distributions are updated.
https://github.com/rust-lang/rust/commit/f9c16997dc016a3ef1456f56df2ab564a1c48cb2
It adds copyright and license files (including HTML versions) to distributions,
aligns with license compliance tools like reuse, and ensures all required
license texts are properly included and formatted.
* Disable building of extended Rust tools to reduce build time and filesystem usage.
Update config.toml to disable building of extended Rust tools that are not required.
This helps minimize unnecessary build time and filesystem usage.
* The "remote-test-server" bin is now generated in stage2-tools-bin dir
rather than stage1. Update the test suite accordingly.
* Fix do_package QA issue by packing missing zsh files and directories:
Fixes:
do_package: QA Issue: rust: Files/directories were installed but not shipped in any package:
/usr/share/zsh
/usr/share/zsh/site-functions
/usr/share/zsh/site-functions/_cargo
Please set FILES such that these items are packaged. Alternatively if they are unneeded,
avoid installing them or delete them within do_install
* From v1.86.0, a "self-contained" LLD is built as part of rust
bootstrap build. This results in additional build time and
installations. Disable rust-lld in config.toml to prevent it.
* Drop Zdual-proc-macros-additional-check.patch patch
since it's merged with v1.86.0
https://github.com/rust-lang/rust/commit/139d6ba054a1a4cc5fe64981ad46fd5547bd4916
* LTO config is applied to rustdoc from v1.86.0.
Rebase 0001-src-core-build_steps-tool.rs-switch-off-lto-for-rust.patch
which disables it to avoid suffixes in binaries causing non-reproducibility.
https://github.com/rust-lang/rust/commit/1fe351b
* Restrict tests using "//@only <target_arch>" to avoid failures on riscv64,
which is now part of default AB testing. Since riscv64 is Tier 2
with no automated testing, some tests may fail. This approach ensures tests continue
running on supported architectures while skipping them on riscv64.
https://doc.rust-lang.org/rustc/platform-support.html#tier-2-with-host-tools
Ross Burton [Wed, 11 Jun 2025 12:37:37 +0000 (13:37 +0100)]
python3-ndg-httpsclient: remove unused recipe
The last dependency in core on this recipe was removed in May 2024[1],
and there don't appear to be any other users that I can find. The last
upstream release was in 2018 so this is now obsolete.
Peter Marko [Tue, 10 Jun 2025 22:07:38 +0000 (00:07 +0200)]
go: upgrade 1.24.3 -> 1.24.4
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.3..go1.24.4 6796ebb2cb [release-branch.go1.24] go1.24.4 85897ca220 [release-branch.go1.24] net/http: strip sensitive proxy headers from redirect requests 9f9cf28f8f [release-branch.go1.24] os: don't follow symlinks on Windows when O_CREATE|O_EXCL a31c931adf [release-branch.go1.24] cmd/link: allow linkname reference to a TEXT symbol regardless of size 03811ab1b3 [release-branch.go1.24] crypto/x509: decouple key usage and policy validation 04a9473847 [release-branch.go1.24] lib/fips140: set inprocess.txt to v1.0.0 db8f1dc948 [release-branch.go1.24] hash/maphash: hash channels in purego version of maphash.Comparable 664cf832ec [release-branch.go1.24] runtime/debug: document DefaultGODEBUG as a BuildSetting 431f75a0b9 [release-branch.go1.24] os: fix Root.Mkdir permission bits on OpenBSD
Fixes CVE-2025-4673, CVE-2025-0913 and CVE-2025-22874 [2].
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gyorgy Sarvari [Tue, 10 Jun 2025 09:49:37 +0000 (11:49 +0200)]
seatd: fix packaging error with systemd DISTRO_FEATURES
The systemd unit file for this recipe is only installed in case
the target system's init system is systemd. It is achieved by
inspecting the VIRTUAL-RUNTIME_init_manager variable.
However the systemd class was inherited unconditionally. This caused
a failure in do_package task, in case systemd is present in the
DISTRO_FEATURES but the system's init manager is sysvinit: in this case
the systemd unit file is not installed, however systemd.bbclass is
still trying to register is as a startup service. At this point
it failed:
ERROR: seatd-0.9.1-r0 do_package: Didn't find service unit 'seatd.service', specified in SYSTEMD_SERVICE:seatd.
To avoid this, install the systemd unit file unconditionally, regardless
of the used init system.
Daniel Turull [Tue, 10 Jun 2025 15:24:41 +0000 (17:24 +0200)]
package: export debugsources in PKGDESTWORK as json
The source information used during packaging can be use from other tasks to
have more detailed information on the files used during the compilation and
improve SPDX accuracy.
Source files used during compilation are store as compressed zstd json in
pkgdata/debugsources/$PN-debugsources.json.zstd
Format:
{ binary1: [src1, src2, ...], binary2: [src1, src2, ...] }
I checked the sstate size, and it slightly increases using core-image-full-cmdline:
without patch: 2456792 KB sstate-cache/
with patch: 2460028 KB sstate-cache/
(4236 KB or 0.17%)
CC: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
PR32858 ld segfault on fuzzed object
We missed one place where it is necessary to check for empty groups.
Backport a patch from upstream to fix CVE-2025-5244
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5]
Dixit Parmar [Mon, 9 Jun 2025 13:45:35 +0000 (19:15 +0530)]
kernel-module-split: fix conf file generation when KERNEL_SPLIT_MODULES=0
KERNEL_MODULE_AUTOLOAD defines the list of the kernel modules to be autoloaded
on boot. kernel-module-split.bbclass generates the required modules.load.d and
conf files for each kernel module. This conf files inturn read by system service
to perform module loading and configuration. When a kernel module is added to
KERNEL_MODULE_AUTOLOAD the conf files must be generated in all cases.
When KERNEL_SPLIT_MODULES=0 modprobe and autoload conf files are not
getting generated for the kernel modules.
To fix that enhanced the class implementation by separating out conf
file handling mechanism in two functions, generate_conf_files() and
frob_metadata(). generate_conf_files() handles no-split case where as
frob_metadata() keeps handling the existing case for spliting the modules.
Splitted common handling/generation of conf files stuff in to handle_conf_files()
function which gets invoked by both frob_metadata() and generate_conf_files()
on top of the scenario specific handling done in respective functions.
This implementation covers generation of the conf files for in-tree kernel
modules as well as standalone kernel module built as seperate package/recipe.
[YOCTO #15145]
Signed-off-by: Dixit Parmar <dixitparmar19@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gyorgy Sarvari [Mon, 9 Jun 2025 10:47:32 +0000 (12:47 +0200)]
libtheora: upgrade 1.1.1 -> 1.2.0
Drop no-docs.patch, and use "--disable-doc" configuration instead.
Drop autoreconf.patch, because it is included in the release.
Add 0001-add-missing-files.patch to mitigate a release issue, which
caused some files to be missing from the tarball.
Major changes:
- New 'ptalarbvorm' encoder
- New th_encode_ctl option for copying configuration from an existing
setup header, useful for splicing streams.
- Added support for RISC OS.
- Improved ARM support.
- Various speed, bug fixes and code quality improvements.
The coreutils-getlimits package is no longer needed since findutils-ptest
now uses its own getlimits implementation. This improves modularity and
makes it easier to use alternative coreutils implementations via PREFERRED_PROVIDER
(e.g. uutils-coreutils recipe in meta-openembedded).
Having findutils depending on coreutils-getlimits makes it harder to replace GNU coreutils with uutils-coreutils
using PREFERRED_PROVIDER.
Also, the findutils repository contains a version of getlimits used for the tests, so there is no need to depend
on coreutils's version of getlimits.
The default license for util-linux is GPL-2.0-or-later.
Most of the applications and the libraries are also linked with
libcommon.la, which uses these licenses:
LGPL-2.1-or-later & BSD-2-Clause & BSD-3-Clause & MIT
Set the above licenses for all dynamic packages, unless explicitly
specified.
In particular, this avoids setting BSD-4-Clause-UC and EUPL-1.2 on
packages where they do not belong.
License-Update: See above Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
util-linux: Move the license information to the recipe
util-linux does not share the license information with
util-linux-libuuid so it makes no sense to have it in the util-linux.inc
file.
This also drops libuuid/COPYING from LIC_FILES_CHKSUM as libuuid is not
built by this recipe.
License-Update: See above Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The license information is not the same as for util-linux, so set it in
the recipe rather than expecting util-linux.inc to set it.
License-Update: See above Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gyorgy Sarvari [Thu, 5 Jun 2025 05:42:15 +0000 (07:42 +0200)]
piglit: upgrade to latest revision
Changelog:
tests: Add test for GL_EXT_shader_clock
tests: Add test for GL_EXT_shader_realtime_clock
vulkan: Add cmat tests using constant as accumulator
tests: test UBO and SSBO backed by the same buffer
arb_direct_state_access: fix internaformat query behavior
khr_texture_compression_astc: normalize error-color
tests/util: provide simple array for cleanup handlers
ext_external_objects: use piglit_set_destroy_func instead of atexit
ext_external_objects: fix timeline semaphore validation error
ext_external_objects: fix validation error with barriers
ext_external_objects: fix validation error on cmdbuf usage
ext_external_objects: fix validation error releasing resources
ext_external_objects: fix validation error for cmdbuffer usage
ext_external_objects: fix validation error with semaphore value
arb_shading_language_420pack: test uniform block matching
gl: test push pop attribute with color material
GL_EXT_texture_integer: basic validation tests
cmake: Fix mis-matching arguments warning
fix invalid typecast
Gyorgy Sarvari [Thu, 5 Jun 2025 05:28:40 +0000 (07:28 +0200)]
puzzles: upgrade to latest revision
Changelog:
Describe front-end pixel scaling in devel.but
js: handle most of the device pixel ratio in the front end
js: replace blitters array with a Map
js: index blitters Map by C address of blitter structure
js: trust CanvasRenderingContext2D.drawImage() to DTRT
js: unwrap most drawing functions
GTK: avoid explicitly using Cairo image surfaces
Document getenv_bool()
Update reference Git commit in devel.but
Remove BLITTER_FROMSAVED from drawing API
GTK: correct offset when copying backing to window
GTK/Cairo: simplify do_blitter_load()
GTK: add support for using a GdkFrameClock where available
Mosaic: make solver notice when it gets stuck.
Mines: put a warning on the web page about bug reports.
Palisade: preference to clear complete regions.
Chen Qi [Thu, 5 Jun 2025 03:42:10 +0000 (11:42 +0800)]
util-linux: fix ptest failure for musl
The kill/decode test case fails for musl. The root cause is the test
case only considers glibc and uses 34 as SIGRTMIN while musl uses 35.
Add patches to fix this issue.
Changelog:
Fix issue with handling BAP and removal of PAC.
Fix issue with handling SID for broadcast receiver.
Fix issue with handling HSP/HFP reconnection policy.
Fix issue with handling cable pairing and Sixaxis controllers.
Fix issue with handling virtual cable unplug for HID devices.
Fix issue with handling service records for HID devices.
Add support for AVDTP and TX timestamps.
Full changelog:
https://github.com/bluez/bluez/compare/5.82...5.83
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
