Bruce Ashfield [Thu, 16 Oct 2025 03:08:34 +0000 (23:08 -0400)]
linux-yocto/6.16: update to v6.16.11
Updating linux-yocto/6.16 to the latest korg -stable release that comprises
the following commits:
683320aeb0e83 Linux 6.16.11 8f9c9fafc0e7a ASoC: qcom: audioreach: fix potential null pointer dereference 1f053d82e59c7 media: stm32-csi: Fix dereference before NULL check c9e024e907caf media: iris: Fix memory leak by freeing untracked persist buffer 888830b2cbc03 wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() 9cddad3b26dac mm: swap: check for stable address space before operating on the VMA 15c0e136bd8cd media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID d9f6ce99624a4 media: rc: fix races with imon_disconnect() 9a00de20ed8ba media: tuner: xc5000: Fix use-after-free in xc5000_release f3f3f00bcabbd media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe 3ffabc79388e6 media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove af600e7f5526d ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free 4b29228694958 scsi: target: target_core_configfs: Add length check to avoid buffer overflow 412450c2f9d16 gcc-plugins: Remove TODO_verify_il for GCC >= 16 8faee580d63bc blk-mq: fix blk_mq_tags double free while nr_requests grown bcabc18865f36 Linux 6.16.10 e4825368285e3 iommufd: Fix race during abort for file descriptors e7e5315212819 spi: cadence-qspi: defer runtime support on socfpga if reset bit is enabled b7ec8a2b094a3 spi: cadence-quadspi: Implement refcount to handle unbind during busy 4109506b7eba2 sched_ext: idle: Handle migration-disabled tasks in BPF code 1f2bffc8dd18b sched_ext: idle: Make local functions static in ext_idle.c 2243b9b728b3c wifi: iwlwifi: pcie: fix byte count table for some devices b9ebc20920be3 wifi: iwlwifi: fix byte count table for old devices fc19489dfaf42 fbcon: Fix OOB access in font allocation c0c01f9aa08c8 fbcon: fix integer overflow in fbcon_do_set_font 2aa2cea8f7716 mm/damon/sysfs: do not ignore callback's return value in damon_sysfs_damon_call() 21ee79ce93812 mm/hugetlb: fix folio is still mapped when deleted 7c78ae54e342d x86/Kconfig: Reenable PTDUMP on i386 309b8857c50d0 x86/topology: Implement topology_is_core_online() to address SMT regression b64d23d1b9321 riscv: Use an atomic xchg in pudp_huge_get_and_clear() 8df142e93098b netfs: fix reference leak 5855792c6bb9a kmsan: fix out-of-bounds access to shadow memory 61ae3a52075dc gpiolib: Extend software-node support to support secondary software-nodes a2cb8818a3d91 fs/proc/task_mmu: check p->vec_buf for NULL 41782c44bb843 afs: Fix potential null pointer dereference in afs_put_server a63e7dcf6a552 vhost-net: flush batched before enabling notifications 7de587f87f37e Revert "vhost/net: Defer TX queue re-enable until after sendmsg" 238f33bb3f6fa pinctrl: airoha: fix wrong MDIO function bitmaks cda80b7937bb5 pinctrl: airoha: fix wrong PHY LED mux value for LED1 GPIO46 3bf00f58a8075 drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume 40903aa97e193 drm/ast: Use msleep instead of mdelay for edid read 5168f19d4d819 drm/xe: Don't copy pinned kernel bos twice on suspend 408d90e817211 arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports eca259860a084 arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes a22ccb766ced5 arm64: dts: marvell: cn913x-solidrun: fix sata ports status d00bcd2d5414e ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address e57d19757aeb2 tracing: fprobe: Fix to remove recorded module addresses from filter cbb8c94f92d0c tracing: fgraph: Protect return handler from recursion loop b47c4e06687a5 tracing: dynevent: Add a missing lockdown check on dynevent fbe96bd25423e crypto: af_alg - Fix incorrect boolean values in af_alg_ctx 6200d2e7ea6a6 i40e: improve VF MAC filters accounting 168107437eac5 i40e: add mask to apply valid bits for itr_idx 8b13df5aa877b i40e: add max boundary check for VF filters a991dc56d3e9a i40e: fix validation of VF state in get resources 560e168341058 i40e: fix input validation logic for action_meta 5c1f96123113e i40e: fix idx validation in config queues msg d4e3eaaa3cb3a i40e: fix idx validation in i40e_validate_queue_map afec12adab55d i40e: add validation for ring_len param 1cf7258a9cf33 HID: asus: add support for missing PX series fn keys f76347f4ec435 HID: intel-thc-hid: intel-quickspi: Add WCL Device IDs 930cb05a9e107 tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() 908478fe58848 Revert "drm/xe/guc: Enable extended CAT error reporting" e35eeb3a8eaf8 Revert "drm/xe/guc: Set RCS/CCS yield policy" 093615fc76063 smb: client: fix wrong index reference in smb2_compound_op() 923638cea4c17 platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() 2858cae6896ea drm/panthor: Defer scheduler entitiy destruction to queue release f1635765cd0fd futex: Use correct exit on failure from futex_hash_allocate_default() c6adf475f375c drm/amd/display: remove output_tf_change flag 9682dc123f8f1 drm/i915/ddi: Guard reg_val against a INVALID_TRANSCODER 94c5669b1b172 drm/xe: Fix build with CONFIG_MODULES=n bacbadedbba73 drm/xe/vf: Don't expose sysfs attributes not applicable for VFs 6021d412108f7 gpio: regmap: fix memory leak of gpio_regmap structure d824b2dbdcfe3 futex: Prevent use-after-free during requeue-PI 0fc650fa475b5 drm/gma500: Fix null dereference in hdmi teardown a8a63f27c3a8a octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() 449aae54fa510 net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port 075c92577f529 net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() 8523fee4caad8 net/mlx5e: Fix missing FEC RS stats for RS_544_514_INTERLEAVED_QUAD 5aa468e563ce7 net/mlx5: HWS, ignore flow level for multi-dest table 7f1b5d056f053 net/mlx5: HWS, remove unused create_dest_array parameter 3c77f6d244188 net/mlx5: fs, fix UAF in flow counter release 1c5a55ce47578 selftests: fib_nexthops: Fix creation of non-FDB nexthops 8dd4aa0122885 nexthop: Forbid FDB status change while nexthop is in a group 61341d935833f net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS 3e4a313b11fca bnxt_en: correct offset handling for IPv6 destination address 4d109d6c56c60 broadcom: fix support for PTP_EXTTS_REQUEST2 ioctl 1bfb2d9456c18 broadcom: fix support for PTP_PEROUT_DUTY_CYCLE 87a1f16f07c6c Bluetooth: MGMT: Fix possible UAFs 7ce635b3d3aba vhost: Take a reference on the task in struct vhost_task. a78fd4fc5694e Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync dde33124f17cf Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue 1609ab5393d33 Bluetooth: hci_sync: Fix hci_resume_advertising_sync c283e4a0e078a ethernet: rvu-af: Remove slash from the driver name d5411685dc2f6 net/smc: fix warning in smc_rx_splice() when calling get_page() 1697577e1669b net: tun: Update napi->skb after XDP process 394c58017e5f4 can: peak_usb: fix shift-out-of-bounds issue b638c3fb0f163 can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow 7f7b21026a6fe can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow e77fdf9e33a83 can: hi311x: populate ndo_change_mtu() to prevent buffer overflow e587af2c89ecc can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow cc4cb275764da xfrm: fix offloading of cross-family tunnels a78e557765223 xfrm: xfrm_alloc_spi shouldn't use 0 as SPI 966877e96d022 selftests/bpf: Skip timer cases when bpf_timer is not supported b6b7db6530236 bpf: Reject bpf_timer for PREEMPT_RT f577bec9836d1 can: rcar_can: rcar_can_resume(): fix s2ram with PSCI 528151da32c17 wifi: virt_wifi: Fix page fault on connect 0bcc5ea4bb30d amd/amdkfd: correct mem limit calculation for small APUs a01d1325e0fbd drm/amdkfd: fix p2p links bug in topology aae986c5805c7 NFSv4.2: Protect copy offload and clone against 'eof page pollution' 204099ce6574b NFS: Protect against 'eof page pollution' f51f9695207bc btrfs: don't allow adding block device of less than 1 MB e64b692a2d55f selftests/fs/mount-notify: Fix compilation failure. 6233715b4b714 bpf: Check the helper function is valid in get_helper_proto e6014ad4d009e smb: server: use disable_work_sync in transport_rdma.c 27ce0a17ee989 smb: server: don't use delayed_work for post_recv_credits_work 302c25ec64051 cpufreq: Initialize cpufreq-based invariance before subsys d342ba13c2a91 ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients c49b3ffc64cae arm64: dts: imx8mp: Correct thermal sensor index 8707ccbf686f7 firmware: imx: Add stub functions for SCMI CPU API 5f9587bbb3bb7 firmware: imx: Add stub functions for SCMI LMM API 39cc5381c80c0 firmware: imx: Add stub functions for SCMI MISC API e3aba0b7f24c4 arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 1f58c03bc7580 HID: amd_sfh: Add sync across amd sfh work functions 0fd5a4eeb726c HID: cp2112: fix setter callbacks return value f1958eb140458 IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions dbeeeae988cce net: sfp: add quirk for FLYPRO copper SFP+ module 4ceb739a3260a ALSA: usb-audio: Add mute TLV for playback volumes on more devices f20938fb3ba2e ALSA: usb-audio: move mixer_quirks' min_mute into common quirk f637c0678f8e8 gpiolib: acpi: Add quirk for ASUS ProArt PX13 001470af9436a ALSA: usb-audio: Add DSD support for Comtrue USB Audio device 86cb0f559b71e platform/x86: oxpec: Add support for OneXPlayer X1 Mini Pro (Strix Point) 1e1873264e9de ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for PTL. eae9d5c299b78 ASoC: Intel: soc-acpi: Add entry for HDMI_In capture support in PTL match table 71f64a3244ac9 ASoC: Intel: soc-acpi: Add entry for sof_es8336 in PTL match table. 9b866ec1b3d8f i2c: designware: Add quirk for Intel Xe dcae67ba20e39 mmc: sdhci-cadence: add Mobileye eyeQ support 44fd9560ea831 drm/panfrost: Add support for Mali on the MT8370 SoC 39fdf31a26526 drm/panfrost: Commonize Mediatek power domain array definitions 8cae20f2a4719 drm/panfrost: Drop duplicated Mediatek supplies arrays 01c1287ef2a44 net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick a94d1a0de44d7 net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info e9d96c5baa454 usb: core: Add 0x prefix to quirks debug output 330e7cc51c275 ALSA: usb-audio: Fix build with CONFIG_INPUT=n 645c7aa98d1e9 ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA 9a183aeb23ca4 ALSA: usb-audio: Convert comma to semicolon bdb9cc8a8f940 HID: multitouch: specify that Apple Touch Bar is direct 3e4453b40562f HID: multitouch: take cls->maxcontacts into account for Apple Touch Bar even without a HID_DG_CONTACTMAX field cf60067a13847 HID: multitouch: support getting the tip state from HID_DG_TOUCH fields in Apple Touch Bar 6a6edca250126 HID: multitouch: Get the contact ID from HID_DG_TRANSDUCER_INDEX fields in case of Apple Touch Bar 0105cfc41abeb ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 042ce4cb97ae4 ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks 9f76d2c9e8c02 ALSA: usb-audio: Simplify NULL comparison in mixer_quirks 8af6015e380ca ALSA: usb-audio: Avoid multiple assignments in mixer_quirks d3934ea7fb976 ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks 0afc2246dd448 ALSA: usb-audio: Fix block comments in mixer_quirks c11341fb8fc3a ALSA: usb-audio: Fix whitespace & blank line issues in mixer_quirks 2ea8b2ce48de5 ALSA: usb-audio: Fix code alignment in mixer_quirks f8ae65129919a firewire: core: fix overlooked update of subsystem ABI version 16bd546200ec5 scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
*Summary of discussion with the rust upstream about using latest LLVM instead of Rust maintained LLVM fork.
https://internals.rust-lang.org/t/can-we-use-proper-clang-instead-of-llvm-fork-what-rust-uses/23489
*Upstream LLVM is generally compatible:
- Rust does support building with upstream (vanilla) LLVM, especially the latest
major release and the one or two preceding ones.
https://rustc-dev-guide.rust-lang.org/backend/updating-llvm.html#updating-llvm
*Impact on Yocto Rust upgrades:
- Rust upgrades shall always check for updates on rust forked llvm and backport
the relevant patches to llvm.
*Regarding the rust forked llvm local patches:
- There are no local patches on rust forked llvm other than the backported fixes
from llvm master.
*We are copying the natively built `llvm-config` binary into the target sysroot and running
it. However, this `llvm-config` has compile time dependencies on various other arch's LLVM
libraries because native-llvm is built for all oe-core supported targets.
Attempting to work around this by symlinking the missing libraries from the native sysroot
into the target sysroot leads to mixed architectures in the final `.rlib`. Specifically,
the object files extracted from those symlinked libraries within `librustc_llvm-<hash>.rlib`
are built for the host, while others are correctly built for the target This results in linker
failures due to file format not recognized.
To resolve this, we now build llvm-target also for all oe-core supported architectures in
addition to the native-llvm build. This ensures that `llvm-config` and all associated
libraries are built for the correct target, eliminating cross-architecture contamination
and linker issues.
*We are enabling -DLLVM_INSTALL_UTILS=ON to ensure essential LLVM utilities like FileCheck
are available, as they are required by the Rust build.
Without this, the build fails with an error as below:
| thread 'main' panicked at src/bootstrap/src/core/sanity.rs:315:21:
| FileCheck executable "poky/build/tmp/work/x86_64-linux/rust-native/1.90.0/recipe-sysroot
-native/usr/bin/FileCheck" does not exist
*We now add these flags "-Clink-arg=-lz -Clink-arg=-lzstd" because of this following
diff otherwise we will get errors during link time.
Setup in rust-llvm
-DLLVM_ENABLE_ZLIB=OFF \
-DLLVM_ENABLE_ZSTD=OFF \
-DLLVM_ENABLE_FFI=OFF \
Setup in llvm
-DLLVM_ENABLE_FFI=ON \
*When multilibs enabled:
llvm-config expects static libraries to be located in the lib directory rather than
lib64. However, since we are copying the natively built llvm-config to target sysroot
and running it and llvm-config doesn't know anything about lib64 existence. To accommodate
this without breaking multilib behavior, we are creating a symlink from 'lib' to 'lib64'
directory.
Previously, when we depended on rust-llvm, this worked because we specified:
-DCMAKE_INSTALL_PREFIX:PATH=${libdir}/llvm-rust
With this setup, llvm-config was installed inside ${libdir}/llvm-rust, which included
its own bin and lib directories. Thus, llvm-config located in bin would correctly find
the libraries in the adjacent lib directory.
Even when multilib was enabled or not, llvm-config would still look for libraries under
lib in this structure, so everything functioned as expected.
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rightnow rust depends on llvm instead of rust-llvm
Setup in rust-llvm
CFLAGS:remove = "-g"
CXXFLAGS:remove = "-g"
Setup in llvm
DEBUG_LEVELFLAG = "-g1"
As a result, the stage1 compiler crate binaries include debug symbols,
increasing their size. These binaries are used to run tests inside QEMU.
To accommodate this, increase the QEMU RAM allocation to 1024 MB.
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 15 Oct 2025 20:49:40 +0000 (21:49 +0100)]
classes/mirrors: use geo-located kernel.org mirrors
We use the kernel.org mirrors for a number of projects: obviously the
kernel, but also the GNU tarballs are fetched from there too.
However, mirrors.kernel.org does not have any geo-proximity DNS magic
and will always resolve to the primary server on in west coast USA,
which is far from ideal if you're not near there.
Switch the mirror URLs to mirrors.edge.kernel.org, which does actually
resolve to a closer server.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the linux-firmware packate to the latest release. Add firmware
packages for Intel Sensors Hub on Dell and HP machines and also several
new Qualcomm firmware packages
Dmitry Baryshkov [Mon, 13 Oct 2025 18:03:47 +0000 (21:03 +0300)]
linux-firmware: drop catch-all Atheros packages
With the linux-firmware now being an empty package there is no need in
the catch-all ${PN}-ath*k-misc packages since developers will have to
package all firmware separately. Drop useless packages now.
sanity.bbclass: Remove tool version repetition for gcc, patch, git, make, tar
This commit mainly changes the way that error messages are printed when
sanity checking for the version numbers of gcc, patch, git, make and
tar. It affects the following functions:
Before this commit, the minimum version number and the error string
were hard-coded string literals which the programmer had to maintain
manually and independently. With this change, the version is defined
once in each function and then used both for checking and for error
printing.
Additionally, the affected error messages have been made to spill
over multiple lines for better source code readability.
Link to the relevant discussion:
https://lists.openembedded.org/g/openembedded-core/topic/115491380#msg224131
This change has been tested by changing the version string and making
sure that the test fails and the proper minimum version is reported
in the error message.
Leon Anavi [Mon, 13 Oct 2025 13:24:09 +0000 (16:24 +0300)]
python3-idna: Upgrade 3.10 -> 3.11
Upgrade to release 3.11:
- Update to Unicode 16.0.0, including significant changes to UTS46
processing. As a result of Unicode ending support for it,
transitional processing no longer has an effect and returns the
same result.
- Add support for Python 3.14, lowest supported version is
Python 3.8.
- Various updates to packaging, including PEP 740 support.
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Dmitry Baryshkov [Sun, 12 Oct 2025 22:53:58 +0000 (01:53 +0300)]
mesa: provide glx.pc
New Vulkan CTS 1.4.4 started requiring glx.pc pkg-config file. Apply a
patch adding one in order to let VK CTS and other programs find Mesa GLX
implementation.
Joshua Watt [Wed, 15 Oct 2025 16:04:38 +0000 (10:04 -0600)]
weston-init: Allow weston user to be specified
Adds variables to set the name of the weston user (defaulting to
"weston") and the home directory (defaulting to "/home/weston"). This
allows users to easily change which user the compositor runs as.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Analysis] Add LibFunc_ prefix to enums in TargetLibraryInfo. (NFC)
Summary:
The LibFunc::Func enum holds enumerators named for libc functions.
Unfortunately, there are real situations, including libc implementations, where
function names are actually macros (musl uses "#define fopen64 fopen", for
example; any other transitively visible macro would have similar effects).
Strictly speaking, a conforming C++ Standard Library should provide any such
macros as functions instead (via <cstdio>). However, there are some "library"
functions which are not part of the standard, and thus not subject to this
rule (fopen64, for example). So, in order to be both portable and consistent,
the enum should not use the bare function names.
The old enum naming used a namespace LibFunc and an enum Func, with bare
enumerators. This patch changes LibFunc to be an enum with enumerators prefixed
with "LibFFunc_". (Unfortunately, a scoped enum is not sufficient to override
macros.)
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 15 Oct 2025 15:41:27 +0000 (16:41 +0100)]
openmp: recipe cleanup
Remove perlnative inherit, this recipe does not depend on non-standard
perl (or any perl, in fact).
Remove python3native inherit, this recipe does not depend on non-standard
Python modules. python3-native will still be pulled into the sysroot via
python3targetconfig however.
Remove PACKAGECONFIG:remove:powerpc, as powerpc is explicitly marked as
not compatible later in the recipe.
Remove LLVM_ENABLE_PER_TARGET_RUNTIME_DIR, this is only used during
monolithic builds of llvm.
Remove OPENMP_STANDALONE_BUILD, this is automatically detected when
building.
Remove CMAKE_POSITION_INDEPENDENT_CODE, this is the default value.
Remove all _TOOL, these are not used.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 15 Oct 2025 22:24:42 +0000 (23:24 +0100)]
perf: Tweak reproducibility fix
Instead of building libperf.a, we should run install_headers as with the other
libraries. Hopefully this resolves the remaining race issue around headers.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Tue, 14 Oct 2025 05:52:29 +0000 (22:52 -0700)]
vte: Depend on system provided fmt package
vte 0.82+ has started to package fmt as a subproject if this is not found
on system, the bundled version however, does not work with clang on
32bit machines, since it is 11.0 and there are fixes in newer version
needed to work with clang
Fixes
../sources/vte-0.82.1/subprojects/fmt/include/fmt/format.h:752:35: error: call to function 'free' that is neither visible in the template
Richard Purdie [Wed, 15 Oct 2025 16:50:52 +0000 (17:50 +0100)]
patchelf: Update 0.18.0 -> 0.18.0+git
Patchelf hasn't released since 2023 but does have fixes on its master branch. We've been
seeing segfaults on relocated qemu-img binaries from qemu-system-native in some cases
and using an updated patchelf does seem to avoid these.
Richard Purdie [Wed, 15 Oct 2025 14:49:24 +0000 (15:49 +0100)]
distro/defaultsetup: Add buildstats by default
This has been the default in poky's local.conf.sample since forever. It was missing
during the migrtion to bitbake-setup and that created a few failures. We've fixes most
of the places but found a new one in the performance tests.
Having these available is useful for debugging and doesn't really add much overhead
to the build.
We could push this over into the poky DISTRO however I've been wanting to
try and reconcile things where possible so putting this into defaultsetup feels
like the right choice to me. Distros can still override as they would the other
classes in INHERIT_DISTRO.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rust-target-config: PPC64 targets require explicit ABI selection to avoid build failures with rustc.
Without a specified ABI, rustc panics with the following error:
| thread 'rustc' panicked at compiler/rustc_codegen_ssa/src/back/metadata.rs:394:21:
| No ABI specified for this PPC64 ELF target.
As noted in the upstream changes:
If the flags do not correctly indicate the ABI,
linkers such as ld.lld assume that the ppc64 object files are always ELFv2,
which leads to broken binaries if ELFv1 is used for the object files.
Because of this, it is now required to explicitly specify the ABI for PPC64 targets
using one of the following:
"elfv1" => EF_PPC64_ABI_ELF_V1,
"elfv2" => EF_PPC64_ABI_ELF_V2,
If no ABI is specified, the Rust compiler will panic with the error:
No ABI specified for this PPC64 ELF target
To address this:
- Set 'elfv2' for powerpc64le (little-endian), which mandates ELFv2 ABI.
- Set 'elfv1' for powerpc64 (big-endian), which defaults to ELFv1 ABI.
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Tue, 14 Oct 2025 00:08:33 +0000 (17:08 -0700)]
libpam: Fix build with LLD linker
LLD is strict about versioned symbols unlike BFD linker, it flags
undefined ones, Allow undefined symbols like BFD linker
Fixes
| riscv64-yoe-linux-ld.lld: error: version script assignment of 'global' to symbol 'pam_sm_acct_mgmt' failed: symbol not defined
| riscv64-yoe-linux-ld.lld: error: version script assignment of 'global' to symbol 'pam_sm_chauthtok' failed: symbol not defined
| riscv64-yoe-linux-ld.lld: error: version script assignment of 'global' to symbol 'pam_sm_close_session' failed: symbol not defined
| riscv64-yoe-linux-ld.lld: error: version script assignment of 'global' to symbol 'pam_sm_open_session' failed: symbol not defined
| riscv64-yoe-linux-clang: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dmitry Baryshkov [Sun, 12 Oct 2025 15:08:04 +0000 (18:08 +0300)]
x264: switch to PACKAGECONFIG
Switch to PACKAGECONFIG in order to make x264 options configurable.
Enable FFmpeg (by default) and OpenCL (if enabled by the distro). Pick
up the patch to fix building with the latest FFmpeg.
Khem Raj [Sat, 11 Oct 2025 23:05:35 +0000 (16:05 -0700)]
llvm/clang: Upgrade to 21.1.3 release
brings following fixes
* 450f52eec88f Bump version to 21.1.3.
* 05b5090e961f Port 5b4819e to release/21.x
* 2cb08dbb39b1 [compiler-rt][sanitizer] fix msghdr for musl (#136195)
* 6e687cbe0dd3 [SPARC] Prevent meta instructions from being inserted into delay slots (#161111)
* f8151a1d2c86 [clang] [Headers] Don't use unreserved names in avx10_2bf16intrin.h (#161824)
* 9ee4ac8a8359 [clang][SPARC] Pass 16-aligned structs with the correct alignment in CC (#155829)
* 220bac16a417 [Hexagon] Add opcode V6_vS32Ub_npred_ai for offset validity check (#161618)
* a867bd53e861 [clang][PAC] Don't try to diagnose use of pointer auth on dependent types #159505 (#159859)
* 41e817a1d1f4 release/21.x: [clang-format] Fix bugs in annotating arrows and square brackets (#160973)
* 559d966bcb54 [Mips] Fix atomic min/max generate mips4 instructions when compiling for mips2 (#159717)
* d1e2f8916128 [LLD] [COFF] Fix symbol names for import thunks (#160694)
* 0060034c6a0b [analyzer] Revert #115918, so empty base class optimization works again (#157480)
* 31e4363ba9c2 [NVPTX] Disable relative lookup tables (#159748)
* 74cb34a6f51a Bump version to 21.1.3
Currently, the definitions of MIRRORS and PREMIRRORS made by
test_yocto_source_mirror() are overwritten when run on the autobuilder:
* MIRRORS = "" is extended by mirrors.bbclass to its usual value.
* PREMIRRORS = "* dl.yp.org" is overwritten by the autobuilder.conf
config fragment to ""
Despite this unexpected configuration, the test passes because after
failing to find a PREMIRROR (empty), failing to download the normal
SRC_URI (because of BB_ALLOWED_NETWORKS), the fetcher tries the MIRRORS
which have by default download.yoctoproject.org. For example, on a
failed meta-oe-mirror test[0], we can see a lot of warnings:
"stdio: WARNING: ... do_fetch: Failed to fetch URL https://... attempting MIRRORS if available"
By using the ":forcevariable" override, test_yocto_source_mirror() makes
sure the correct value is set for MIRRORS and PREMIRRORS (whatever is
the configuration).
Dmitry Baryshkov [Fri, 10 Oct 2025 11:59:51 +0000 (14:59 +0300)]
mesa: sort out driver lists
Sort the lists of VUKAN_DRIVERS, GALLIUMDRIVERS and driver-related
PACAKGECONFIG entries, making it easier to add new drivers or to find
out the correct dependencies for the driver.
Dmitry Baryshkov [Fri, 10 Oct 2025 11:59:50 +0000 (14:59 +0300)]
mesa: be more explicit about gallium-llvm dependency
Historically mesa recipe had separate variables for drivers that
depended on gallium-llvm PACKAGECONFIG. Since that time we started
listing other dependencies explicitly (e.g. libclc). Drop the
intermediate variables and make the dependency on gallium-llvm more
explicit.
Dmitry Baryshkov [Fri, 10 Oct 2025 11:59:48 +0000 (14:59 +0300)]
mesa: add opencl -> clang build dependency
With the commits 448f4a84cb22 ("llvm: add recipe for just the LLVM
libraries") and d76dc362c8e1 ("clang: use llvm recipe") the 'llvm'
dependency inside mesa.inc does no longer pull in the clang libraries,
failing RustiCL build as it can not find Clang libaries.
Add direct dependency on the clang in order to fulfill build-time deps.
Fixes: d76dc362c8e1 ("clang: use llvm recipe") Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Fri, 10 Oct 2025 20:52:00 +0000 (22:52 +0200)]
binutils: patch CVE-2025-11083
Pick patch per link in NVD report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Fri, 10 Oct 2025 20:51:59 +0000 (22:51 +0200)]
binutils: patch CVE-2025-11082
Pick patch per link in NVD report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building cargo-c with DEBUG mode, QA checks fail due to
absolute paths from the build environment (TMPDIR) being embedded into
the debug symbols/binaries. This causes issues such as:
ERROR: do_package_qa: File /usr/bin/.debug/cargo-capi contains reference to TMPDIR [buildpaths]
ERROR: do_package_qa: File /usr/bin/.debug/cargo-cinstall contains reference to TMPDIR [buildpaths]
ERROR: do_package_qa: File /usr/bin/.debug/cargo-cbuild contains reference to TMPDIR [buildpaths]
ERROR: do_package_qa: File /usr/bin/.debug/cargo-ctest contains reference to TMPDIR [buildpaths]
To fix this, pass an additional -ffile-prefix-map option to DEBUG_PREFIX_MAP to
ensure that paths under `${CARGO_HOME}` are remapped to `${TARGET_DBGSRC_DIR}`.
This ensures debug info is reproducible and does not leak host-specific paths.
Ryan Eatmon [Tue, 7 Oct 2025 22:43:49 +0000 (17:43 -0500)]
u-boot: Make sure the build dir is unique for each UBOOT_CONFIG
Each UBOOT_CONFIG entry is run in a different directory under ${B} so
that the files can be generated, compiled, and installed differently
from each other. Currently that unique directory name was just the
defconfig used for each UBOOT_CONFIG.
One potential conflict arises when you want build the same defconfig
twice, but pass in different make options. Then we get directory
collision. Simple fix is to include both the defconfig name and the
UBOOT_CONFIG type in the directory name.
This change has the potential to be backwards breaking if a layer is
using the UBOOT_CONFIG flow and overriding/appending any of the do_*
shell functions. Each of those will either need to change to using:
${B}/${config} -> ${B}/${config}-${type}
or for append functions they can use the new variable in the parent
function:
${B}/${config} -> ${B}/${builddir}
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy MacLeod [Tue, 7 Oct 2025 20:46:13 +0000 (16:46 -0400)]
gawk: disable persistent memory allocator due to licensing
In gawk-5.2, a feature that allows gawk to preserve memory between runs:
https://www.gnu.org/software/gawk/manual/html_node/Persistent-Memory.html
was added. The files that implement this, support/pma.[ch], are licensed
under the AGPL3 which some entities perfer to avoid. Force people to knowingly
opt into using this feature and license using:
PACKAGECONFIG:append:pn-gawk = " pma-if-64bit"
where pma is an abbreviation for persistent memory allocator and the
"-if-64bit" suffix is a indicator to users that the feature only works
for 64 bit targets. Also add AGPL to LICENSE and LICENSE:${PN}, when using pma.
Correct the license to be AGPL-3.0-or-later. There hasn't been a change in
the license terms, at least for main.c, haven't changed significantly in
the last 15 years:
License-Update: Reflects conditional AGPL use and more as described above.
Testing requires a non-root account and following the example in the link above:
$ truncate -s <size> data.pma
$ chmod 0600 data.pma
$ GAWK_PERSIST_FILE=data.pma gawk 'BEGIN { print ++i }'
1
$ GAWK_PERSIST_FILE=data.pma gawk 'BEGIN { print ++i }'
2
$ GAWK_PERSIST_FILE=data.pma gawk 'BEGIN { print ++i }'
3
This works on qemu[x86-|arm|riscv]64 but not on qemu[arm|x86] where the
--enable-pma is ignored because there is a requirement and build-time test
for 8 byte void pointers in m4/pma.m4:
if test "$SKIP_PERSIST_MALLOC" = no && test $ac_cv_sizeof_void_p -eq 8
Finally, remove an old comment about GPLv2, GPLv3 versions of gawk
since this is no longer important as the GPLv2 version is not maintained.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 7 Oct 2025 20:13:15 +0000 (22:13 +0200)]
go: upgrade 1.25.1 -> 1.25.2
Upgrade to latest 1.25.x release [1]:
$ git --no-pager log --oneline go1.25.1..go1.25.2 bed6c81c2d (tag: go1.25.2) [release-branch.go1.25] go1.25.2 2612dcfd3c [release-branch.go1.25] archive/tar: set a limit on the size of GNU sparse file 1.0 regions 90f72bd500 [release-branch.go1.25] encoding/pem: make Decode complexity linear e0f655bf3f [release-branch.go1.25] encoding/asn1: prevent memory exhaustion when parsing using internal/saferio 100c5a6680 [release-branch.go1.25] net/http: add httpcookiemaxnum GODEBUG option to limit number of cookies parsed f0c69db15a [release-branch.go1.25] crypto/x509: improve domain name verification 9fd3ac8a10 [release-branch.go1.25] net/url: enforce stricter parsing of bracketed IPv6 hostnames 5d7a787aa2 [release-branch.go1.25] net/textproto: avoid quadratic complexity in Reader.ReadResponse 930ce220d0 [release-branch.go1.25] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key 6a057327cf [release-branch.go1.25] net/mail: avoid quadratic behavior in mail address parsing 66f6feaa53 [release-branch.go1.25] spec: revert "update spec date to match release date" d6f2741248 [release-branch.go1.25] spec: update spec date to match release date 28ac8d2104 [release-branch.go1.25] net/http: avoid connCount underflow race 06993c7721 [release-branch.go1.25] context: don't return a non-nil from Err before Done is closed 0b53e410f8 [release-branch.go1.25] debug/pe: permit symbols with no name 7735dc90ed [release-branch.go1.25] cmd/compile: don't rely on loop info when there are irreducible loops 205d086595 [release-branch.go1.25] crypto/tls: quote protocols in ALPN error message 16fdaac4b1 [release-branch.go1.25] sync/atomic: correct Uintptr.Or return doc f3dc4aac0b [release-branch.go1.25] runtime: initialise debug settings much earlier in startup process 79c3081b4b [release-branch.go1.25] internal/poll: don't call Seek for overlapped Windows handles b816c79658 [release-branch.go1.25] lib/fips140: re-seal v1.0.0 90de3b3399 [release-branch.go1.25] crypto/internal/fips140: remove key import PCTs, make keygen PCTs fatal bec452a3a2 [release-branch.go1.25] crypto/internal/fips140: update frozen module version to "v1.0.0" 57bd28ab7f [release-branch.go1.25] crypto/internal/fips140/ecdsa: make TestingOnlyNewDRBG generic f75bcffa4a [release-branch.go1.25] os: set full name for Roots created with Root.OpenRoot 7d570090a9 [release-branch.go1.25] os: fix Root.MkdirAll to handle race of directory creation be61132165 [release-branch.go1.25] cmd/compile: export to DWARF types only referenced through interfaces a86792b169 [release-branch.go1.25] net: skip TestIPv4WriteMsgUDPAddrPort on plan9 879e3cb5f7 [release-branch.go1.25] runtime: lock mheap_.speciallock when allocating synctest specials
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 13 Oct 2025 11:32:20 +0000 (12:32 +0100)]
perf: Improve build race/reproducibulity fixes
The include options shouldn't be needed with the make fix but issues still remained.
Looking at the logs, it looks like these are from other header directories and
we need to run "make install_headers" for all of the sub components before starting
the main build.
Update the workaround to do that for each component with internal header copies.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Fri, 10 Oct 2025 16:08:42 +0000 (11:08 -0500)]
linux-firmware: Set FILES to ""
Now that all of the current firmware has either been moved into
sub-packages or removed due to licensing the base package is now
empty. Going forward we would like to keep the base package empty
and force the version updates to bin any new firmwares into
sub-packages.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Fri, 10 Oct 2025 16:08:41 +0000 (11:08 -0500)]
linux-firmware: Remove unlicensed firmware
Create a new REMOVE_UNLICENSED variable and do_install() logic to
allow for marking certain firmware files as something to remove and not
package up.
This comes from the fact that the WHENCE file has a number of firmware
entries that have no license information or very questionable
declarations as to what the license is for the firmware.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Fri, 10 Oct 2025 16:08:40 +0000 (11:08 -0500)]
linux-firmware: Move all firmware into sub-packages
A lot of the firmware has already been broken out into sub-packages, but
a good number were still lingering in the base linux-firmware package.
Move all of the remaining firmware into sub-packages based on the
driver name in the WHENCE file or into existing sub-packages where a
file or two were missed.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a zsh-completion-pkgs image feature to install *-zsh-completion
packages into an image. This is similar to the existing
bash-completion-pkgs feature.
Suggested-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Adam Nilsson <Adam.X.Nilsson@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steve Sakoman [Thu, 9 Oct 2025 02:31:23 +0000 (19:31 -0700)]
oeqa/sdk/cases/autotools.py: use gnu mirror instead of main server
ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.
Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.
This information was sourced from https://www.gnu.org/prep/ftp.html
Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steve Sakoman [Thu, 9 Oct 2025 02:31:22 +0000 (19:31 -0700)]
oeqa/selftest/cases/meta_ide.py: use gnu mirror instead of main server
ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.
Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.
This information was sourced from https://www.gnu.org/prep/ftp.html
Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Tue, 7 Oct 2025 16:22:56 +0000 (11:22 -0500)]
u-boot: Add specifying make options as part the config looping
There is a need to generate alternative versions of the uboot files
using the existing config looping system, but we need to add additional
settings to the make call rather simply specifying a different config.
Specifically we have two use cases:
1) We want to sign the same uboot files with two different keys where
the key will be passed on the make call.
2) We want to include the alternative defconfigs from a different
repository and need to add the path to this new location on the make
command line.
This introduces a fourth value for the UBOOT_CONFIG settings:
config,images,binary,make_opts
The values are placed into a new generated variable
UBOOT_CONFIG_MAKE_OPTS which is a '?' separated list since space can be
present if you need to specify multiple options. This is handled by
changing IFS in the shell code when looping over the variable.
Additionally, add in a new variable UBOOT_MAKE_OPTS which is added to
the make calls in the various do_compile functions that do the actual
compiling.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Postactions are not part of the tests but allow to retrieve useful data
from the target. They try to do this using SSH, but this can fail when
no SSH server is present on the target. Ignore these fails.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa: runtime: Ignore SSH errors during setup and tear down
Tests using SSH will fail when no SSH server is present on the target.
These tests are disabled in these cases, by being marked with a
dependency on ssh.SSHTest.test_ssh, which in turns has a dependency on
having either dropbear or openssh-sshd in the image.
But setUpClass() and tearDownClass() functions are always executed, even
on tests failing the dependency checks, leading to unexpected failed
tests.
Ignoring SSH errors in setup and tear down allows to avoid these test
errors.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa: target: ssh: Fail on SSH error even when errors are ignored
Most tests running SSH commands ask for no error to be raised when the
returned status is not 0. As run() will return this status, they may
later use its value to do a similar check on their own, or completely
ignore it. But most of the tests do not check if the non-zero status is
caused by a fail of the command run on the target or by a fail of SSH
itself.
This can lead to confusion when the error does not come from the command
executed on the target but from SSH itself: test might wrongfully be
marked as PASSED or might fail with incoherent errors.
As SSH errors are always reported with exit code 255, we can easily
filter these.
Modify OESSHTarget.run() behaviour so an AssertionError is raised on SSH
failures, even when ignore_status parameter is True. Still allow to
explicitly ignore this error for the rare cases where this can be
needed.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Tue, 7 Oct 2025 14:51:32 +0000 (22:51 +0800)]
tcl8: upgrade 8.6.16 -> 8.6.17
ChangeLog:
2024-12-16 (bug) [63449c] [namespace children] doesn't match non-glob
patterns below the global namespace
2025-01-06 (bug) [fc3509] Better error-message than "interpreter uses
an incompatible stubs mechanism"
2025-01-19 tzdata updated to Olson's tzdata2025a
2025-01-28 (bug) [4f0b57] Win: [exec] now works on App Execution
Aliases.
2025-01-28 (bug) [4e2c8b] Win: [auto_execok] handles larger set of
shell commands.
2025-03-06 (bug) [ba68d1] errorline from [interp eval], interp-26.9
2025-03-23 tzdata updated to Olson's tzdata2025b
2025-04-11 (bug) [fd8341] Tcl_InitStubs compatibility for 9.1, better
error-handling
2025-05-05 (bug) [42d14c] Fix scan with long mantissa. Ex.: scan
"1.[string repeat 1 191]e-321" %g
2025-06-18 (bug) [4f338b] add missing Tcl_CloseEx docs
2025-06-24 (bug) [ecf35c] Correct nested handling of return option
-options
2025-06-25 (bug) [ecafd8] Euro/Tail-sign missing from cp864 encoding
2025-07-03 (bug) [6b0f77] gcc 14 breaks configure test for bigendian
leading to broken floating point
2025-07-16 (bug) [c9f052] prevent overflow crash in Tcl_SplitList().
2025-07-21 (bug) [61c01e] Flawed ref counts in filesystem
implementation for Windows led to use-after-free
2025-08-12 (new) dde => 1.4.5
2025-08-12 (bug) [992f94] avoid misaligned pointers in macOS file
attribute functions
Set LC_ALL and LANG to en_US.UTF-8 when running ptest since the test
cases now include more encodings than just ASCII[1].
Also, add rdepends on locale-base-en-us and tzdata for ptest package,
as they are required for running ptest.
Khem Raj [Mon, 6 Oct 2025 21:48:48 +0000 (14:48 -0700)]
ghostscript: Do not treat declaration-after-statement warning as error
This option is added by ghostscript and is passed down to its modules
e.g. brotli, brotli does expect c99 or newer standard and hence uses
declarations after statement. This option causes compiler e.g. clang
to find this warning and treat it as error on 32bit builds
./brotli/c/dec/decode.c:440:12: error: mixing declarations and code is incompatible with standards before C99 [-Werror,-Wdeclaration-after-statement]
440 | uint32_t __fastload_table = (*table);
| ^
1 error generated.
recipeutils/get_recipe_upstream_version: pass ud.name instead of 'default'
While all but the osc fetcher ignore the third parameter of their
latest_revision implementation, 'default' isn't a valid name in general.
Since commit 2515fbd10824 ("fetch: Drop multiple branch/revision support
for single git urls") in bitbake a fetcher only handles a single
branch/revision and the only sensible thing to pass is `ud.name`.
OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)
* Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)
* Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release builds, as it broke some exiting applications that relied on the previous 3.x semantics, as documented in OpenSSL_version(3).
OpenSSL 3.5.3 is a bug fix release.
This release incorporates the following bug fixes and mitigations:
* Added FIPS 140-3 PCT on DH key generation.
* Fixed the synthesised OPENSSL_VERSION_NUMBER.
* Removed PCT on key import in the FIPS provider as it is not required by the standard.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
selftest/meta_ide: source the environment first, then change to the sources directory
This too used to work by coincidence: sourcing the environment
quietly failed without changing to the build directory, but
now that it works properly, things should be done in correct order.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sourcing a script with arguments is a non-standard bash extension
and doesn't work with other shells (e.g. dash, which is used on
Debian and derivatives). This used to work by coincidence when
running against integrated poky repo without having to separately
specify where bitbake is, but no longer does.
Using set is a POSIX standard.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pass the BITBAKEDIR parameter to oe-init-build-env when called from the
environment-setup script. This fixes compatibility with bitbake-setup,
which places bitbake in a different directory structure than the
standard poky repository layout where bitbake is located alongside
oe-init-build-env.
The issue was discovered when running the oe-selftest test
DevtoolIdeSdkTests.test_devtool_ide_sdk_shared_sysroots, which failed
because the environment-setup script was not able to find bitbake.
File ".../openembedded-core/meta/lib/oeqa/selftest/cases/devtool.py",
line 2955, in test_devtool_ide_sdk_shared_sysroots
self.assertExists(cmake_native)
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
File ".../openembedded-core/meta/lib/oeqa/selftest/case.py", line 251,
in assertExists
raise self.failureException(msg)
AssertionError: 'Error: The bitbake directory (/tmp/devtoolqah9ndff2x/bitbake)
does not exist! Please ensure a copy of bitbake exists at this location or
specify an alternative path on the command line\n
.../build-st/tmp/sysroots/x86_64/usr/bin/cmake' does not exist
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Grünert [Wed, 27 Aug 2025 06:49:40 +0000 (08:49 +0200)]
scripts/runqemu: raise an error when bitbake was not found
Running 'scrupts/runqemu' without bitbake in PATH causes the
following error:
```
Traceback (most recent call last):
File "/home/rg/temp_stuff/oe_2/./scripts/runqemu", line 1807, in main
config.check_args()
~~~~~~~~~~~~~~~~~^^
File "/home/rg/temp_stuff/oe_2/./scripts/runqemu", line 624, in check_args
s = re.search('^DEPLOY_DIR_IMAGE="(.*)"', self.bitbake_e, re.M)
File "/usr/lib/python3.13/re/__init__.py", line 177, in search
return _compile(pattern, flags).search(string)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^
TypeError: expected string or bytes-like object, got 'NoneType'
```
This patch adds a more helpful error message to inform the user that
bitbake was not found, e.g. because oe-init-build-env was not sourced.
This is an example of the new error message after the patch:
```
runqemu - ERROR - In order for this script to dynamically infer paths
kernels or filesystem images, you either need bitbake in your PATH
or to source oe-init-build-env before running this script.
Dynamic path inference can be avoided by passing a *.qemuboot.conf to
runqemu, i.e. `runqemu /path/to/my-image-name.qemuboot.conf`
Bitbake is needed to run 'bitbake -e', but it is not found in PATH. Please source the bitbake build environment.
```
CC: Richard Purdie <richard.purdie@linuxfoundation.org> CC: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Grünert <r.gruenert@pironex.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
runqemu: ensure that bitbake environment is either returned, or an exception is raised
This eliminates the other remaining code path where environment getter
returns 'nothing'. This and the previous patch were tested in a-full,
and no errors occurred [1], which means the code paths that make
use of the function returning nothing are never actually executed
and can be cleaned up (in the following patch).
The rationale is that if environment getter cannot obtain the environment,
it should report that and not sweep the issue under the carpet;
it's up to the caller to handle that situation, or make pre-emptive
checks that avoid calling the environment getter when it is bound to fail.
Ross Burton [Wed, 8 Oct 2025 14:26:20 +0000 (15:26 +0100)]
clang: consolidate LLVM_APPEND_VC_REV=OFF
Whilst the change to add TMPDIR to GIT_CEILING_DIRECTORIES should stop
LLVM from embedding git information into the recipes, also disable this
behaviour explicitly.
We do this because it's not just the sha of the source tree but also
the full URL of the repository, which would be an information leak if
an internal git mirror was being used.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Oct 2025 10:42:46 +0000 (11:42 +0100)]
clang: use llvm recipe
Change this recipe to build just clang and clang-tools-extra, using the
LLVM provided by the llvm recipe.
This adds an 'extra-tools' PACKAGECONFIG (enabled by default) that
controls whether to build the clang-tools-extra project. This includes
clang-tidy and clangd, but the compile time and size for these
components is not insignificant.
Add a patch from upstream to support using native prebuilt tools (such
as clang-tblgen) when building standalone.
Add a patch that is being worked on with upstream to not rebuild clang-
tblgen if it has already been provided. This saves a little build time,
but more importantly for us resolves a static linking/uninative problem.
Remove the dependency on clang-cross in non-native builds by just
depending on llvm-native and using the un-prefixed tools directly.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Oct 2025 10:42:45 +0000 (11:42 +0100)]
llvm: add recipe for just the LLVM libraries
Whilst it's convenient to build all of the LLVM project in one big
recipe, that's not ideal when we may just need LLVM on target and not
the rest.
Bring back a LLVM recipe that can be used by both clang (shortly) and
Rust (in the future)
Set the build type to MinSizeRel and DEBUG_LEVELFLAG to -g1 (instead of
the default, -g): the LLVM debug symbols are very large (several
gigabytes) and this reduces them to hundreds of megabytes.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Oct 2025 10:42:44 +0000 (11:42 +0100)]
clang: globally disable build-time RPATHs for reproducibility
Various bits of the LLVM project set the build RPATH in a way that means
we have non-deterministic binaries even though we should always be using
relative paths.
This clearly is not working as some of the binaries get rewritten on
install and have large string paddings that correlate with erased build
paths.
So that we don't have to disable RPATHs in every recipe, just do it once
in the common include file and remove the existing recipe-specific
assignments that are now not needed.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 8 Oct 2025 14:02:24 +0000 (15:02 +0100)]
bitbake.conf: add TMPDIR to GIT_CEILING_DIRECTORIES
We export GIT_CEILING_DIRECTORIES=WORKDIR to ensure that git calls
inside the builds don't find oe-core when they're meant to be looking
for the git repository of the source code.
However, this breaks for recipes that use work-shared (such as llvm), as
their working directory is outside of WORKDIR.
Solve this by adding TMPDIR to the list as a final catch, but keeping
WORKDIR first so that git will stop sooner in the general case.
This solves reproduciblity problems in LLVM, where for example lld's
version string would contain the URL and commit hash of the poky repo
being built.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 6 Oct 2025 13:21:12 +0000 (14:21 +0100)]
bitbake.conf,lib/configfragments: Use a new dedicated toolcfg.conf file
Rather than using auto.conf which already has established use in CI, or
local.conf which users expect to own/control, start writing "tooling"
controlled settings to a toolcfg.conf.
This frees CI to handle auto.conf as it wants, but avoids the tooling
breaking users local.conf files.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 6 Oct 2025 13:14:52 +0000 (14:14 +0100)]
oeqa/selftest/bblock/fitimage/sstatetests: Fix changing MACHINE during the test
With config fragments, changing MACHINE in the test like this no
longer works. Use the forcevarable override to allow it to work.
This also needs a tweak to bitbake to work correctly, sent
seperately. Whilst ugly, this avoids the need to start changing
config fragments within oeqa right now.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 6 Oct 2025 13:09:02 +0000 (14:09 +0100)]
oeqa/selftest: Fix single threaded race issue
oe-selftest sets up separate build directories to run the tests in.
To to this, environment paths pointing at the previous build directory
are updated. In the multi-threaded case this is fine as the thread is
destroyed and the parent remains unchanged but in the single threaded
case, the environment is broken afterwards. This can mean we try and access
a directory which is in the process of being deleted (e.g. by clobberdir).
Restore the environment afterwards regardless to ensure the single threaded
case doesn't try and access the build directory which is now being deleted.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
selftest/bblayers: maintain compatibility with integrated poky repo
This amends the recently merged commit that assumes the transition
to separate repositories has already happened and re-instatates
support for integrated poky.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yoann Congal [Fri, 3 Oct 2025 21:12:48 +0000 (23:12 +0200)]
oeqa/selftest/wic: fix PATH for wic.Wic2.test_extra_partition_plugin
Without importing PATH from the wic-tools recipes, the build host PATH
is used and this test may fail depending on tools (parted, dumpe2fs,
...) availability. This triggers build faillure on AB (e.g. [0])
To fix this, import PATH from wic-tools and ensure the original
environment is restored after.
Since this indent a block of code into a try/finally block, here is the
diff ignoring white spaces change:
diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index bff3842305..bc99673d0d 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -1680,0 +1681,4 @@ INITRAMFS_IMAGE = "core-image-initramfs-boot"
+ oldpath = os.environ['PATH']
+ os.environ['PATH'] = get_bb_var("PATH", "wic-tools")
+
+ try:
@@ -1696,0 +1701,3 @@ INITRAMFS_IMAGE = "core-image-initramfs-boot"
+ finally:
+ os.environ['PATH'] = oldpath
+
Yoann Congal [Fri, 3 Oct 2025 21:12:47 +0000 (23:12 +0200)]
oeqa/selftest/wic: fix PATH for wic.Wic2.test_extra_partition_space
Without importing PATH from the wic-tools recipes, the build host PATH
is used and this test may fail depending on tools (parted, dumpe2fs,
...) availability. This triggers build faillure on AB (e.g. [0])
To fix this, import PATH from wic-tools and ensure the original
environment is restored after.
Since this indent a block of code into a try/finally block, here is the
diff ignoring white spaces change:
diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index b1c318bd4e..34d844b90b 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -1331,0 +1332,4 @@
+ oldpath = os.environ['PATH']
+ os.environ['PATH'] = get_bb_var("PATH", "wic-tools")
+
+ try:
@@ -1366,0 +1371,2 @@
+ finally:
+ os.environ['PATH'] = oldpath
Peter Marko [Fri, 3 Oct 2025 18:25:33 +0000 (20:25 +0200)]
busybox: patch CVE-2025-46394
Pick commit mentioning this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Tiemann [Thu, 2 Oct 2025 09:59:25 +0000 (11:59 +0200)]
udev-extraconf: Avoid slashes in mountpoint names
Devices with labels such as "Hello/World/Foo/Bar" cause mount.sh to
create the directory structure @MOUNT_BASE@/Hello/World/Foo/Bar. The
partition is mounted to the nested "Bar" directory. On device removal,
the directory structure is not cleaned up.
This commit replaces all forward slashes in partition labels by
underscores to avoid this edge case.
Signed-off-by: Robert Tiemann <rtie@gmx.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Tiemann [Thu, 2 Oct 2025 09:59:24 +0000 (11:59 +0200)]
udev-extraconf: Speed up mount.sh
On devices with many partitions, running blkid without parameters can
be rather slow because all block devices are inspected:
$ time /sbin/blkid
real 0m0.474s
user 0m0.026s
sys 0m0.172s
versus
$ time /sbin/blkid /dev/mmcblk0p10
real 0m0.027s
user 0m0.002s
sys 0m0.018s
Plugging in a device with 5 partitions means that mount.sh is going to
be executed 5 times, and so will be blkid. In the real-world case
outlined above, this adds up to an overhead of about 2.3 seconds for
blkid alone.
This commit changes mount.sh so that the block device of interest is
passed directly to blkid such that blkid inspects only that device,
leading to significant speedup.
Signed-off-by: Robert Tiemann <rtie@gmx.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The extra_partition plugin allows populating an extra partition with
files listed in the new IMAGE_EXTRA_PARTITION_FILES variable. The
implementation is similar to the bootimg_partition plugin.
This plugin provides an easy way to install files that are not part of
the rootfs, from the deploy directory.
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
