Peter Marko [Sun, 24 Aug 2025 14:57:43 +0000 (16:57 +0200)]
cve-update: remove cleanup of db_file in downloads
Since the code was changed to update the DB in temporary file, code
cleaning the final file in downloads is never executed.
Remove it.
Since the code always removes both files in temporary directory, remove
also comment which is trying to differentiate this code from code just
removed.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Sun, 24 Aug 2025 14:57:42 +0000 (16:57 +0200)]
cve-update: decrease update interval to 23 hours
If the job runs every day at the same time, it usually updates only
every second day, because it takes non-0 time for DB update and set the
timestamp. So it does not take full 24-hours from time when the DB was
updated until the next job starts.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This seems to be misimplemented when re-adding update from nvd1 feed.
Use file in temporary directory instead of downloads directory for
update process.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Sun, 24 Aug 2025 11:51:26 +0000 (13:51 +0200)]
binutils: set status for CVE-2025-7545 and CVE-2025-7546
The patches linked in NVD reports are present in binutils-2_45-branch.
Technically the NVD is wrong (=2.45 should be <2.45), but fixing it in
the recipe is not problematic as all cpe-stable-backport will be
automatically removed in next upgrade so will not be "kept forever".
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diego Sueiro [Wed, 20 Aug 2025 11:24:55 +0000 (12:24 +0100)]
wic: Fix --overhead-factor and --extra-space checks
If --overhead-factor and --extra-space are passed with =FOO the
check fails. Fix this by checking parsed.overhead_factor and
parsed.extra_space instead.
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Peter Marko [Sat, 23 Aug 2025 20:15:12 +0000 (22:15 +0200)]
cve-update-db-native: fix fetcher for CVEs missing nodes
As of now, update of CVE DB from FKIE source (which is the defailt)
fails with following error:
File: '<build>/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 393, function: update_db_fkie
0389: [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
0390:
0391: for config in elt['configurations']:
0392: # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
*** 0393: for node in config["nodes"]:
0394: parse_node_and_insert(conn, node, cveId, False)
0395:
0396:def update_db(d, conn, jsondata):
0397: if (d.getVar("NVD_DB_VERSION") == "FKIE"):
Exception: KeyError: 'nodes'
Entry for new CVE-2025-32915 is broken.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Change-Id: Ia1fdf7698ebeef62a88052713645d5b499164353 Signed-off-by: Per x Johansson <perxjoh@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Harish Sadineni [Fri, 22 Aug 2025 07:12:27 +0000 (00:12 -0700)]
gcc-testsuite: Fix test failures with output pattern due to ssh warning.
when running oe-selftest for gcc some of the output pattern matchng test cases
were getting failed due to below issue.
Output line 1 was:
Warning: Permanently added '192.168.7
Should match (from /poky/poky/build-st/tmp/work-shared/gcc-15.1.0-r0/sources/
gcc-15.1.0/gcc/testsuite/gcc.dg/dg-output-file-1-lp64.txt):
This is a test output for lp64 target
Failed test for output line 1 This is a test output for lp64 target
Harish Sadineni [Fri, 22 Aug 2025 07:12:25 +0000 (00:12 -0700)]
gcc: Oe-selftest failure analysis - fix for pr90579.c test failures
When gcc build with PIE enabled the following tests
were getting failed:
FAIL: gcc.target/i386/pr90579.c scan-assembler vaddsd\tr\\+40
FAIL: gcc.target/i386/pr90579.c scan-assembler vaddsd\tr\\+32
FAIL: gcc.target/i386/pr90579.c scan-assembler vaddsd\tr\\+24
FAIL: gcc.target/i386/pr90579.c scan-assembler vaddsd\tr\\+16
Detailed bug info & upstream fix is here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118885
Khem Raj [Fri, 22 Aug 2025 05:17:25 +0000 (22:17 -0700)]
gettext: Force UTF-8 runtime and skip requiring ISO-8859-1
On musl, there is no real legacy (non-UTF-8) fr_FR locale.
These tests are designed for libcs that ship both fr_FR (ISO-8859-1)
and fr_FR.UTF-8. So the right thing will be to SKIP these tests
Unsetting LOCALE_FR will ensure that it does not enable ISO-8859-1
path, so reset it in run-ptest but thats not enough because it is
being set in the test's own init-env file as well so clear it in that
file as well.
Leon Anavi [Thu, 21 Aug 2025 20:43:50 +0000 (23:43 +0300)]
connman: Upgrade 1.44 -> 1.45
Upgrade to release 1.45:
- Add missing newlines on error messages
- timezone: Replace Localtime file copy with symbolic link
- Fix CVE-2025-32366 vulnerability
- Fix CVE-2025-32743 vulnerability
- vpn: Fix extracting of PrefixLength D-Bus value
- vpn: Fix mem leak of gid_list in task setup
- dchpv6: Set err to 0 when client creation succeeds
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Changes between 9.1.1198 -> 9.1.1652
====================================
https://github.com/vim/vim/compare/v9.1.1198...v9.1.1652
Refresh patches.
Add tag to SRC_URI.
Disable newly introduced wayland support (in patch version 1485).
To this belongs also adding recursion in delete command for dir auto
which was newly failing as there is wayland directory inside now.
If someone is interested, this can be probably enabled, but without
additional work it results in compilation error due to function
redefinition conflicts.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Khem Raj [Thu, 21 Aug 2025 18:12:46 +0000 (11:12 -0700)]
findutils: Use C locale to run ptests
Ensure consistent locale setting, since we are not
using make environemnt to run the tests like
upstream does. The test scripts are run explicitly
This fixes a problem with musl ptest runs where the
locale-driven quoting ends up using C.UTF-8 quotes
in gnulib’s quotearg() end up with curly quotes
instead of ASCII quote character which is expected
and result is reported as failure even though numbers
are matching.
Fixes:
-find: invalid group name or GID argument to -group: '4294967296'
+find: invalid group name or GID argument to -group: ‘4294967296’
Ross Burton [Thu, 21 Aug 2025 11:58:29 +0000 (12:58 +0100)]
babeltrace2: don't install static modules
There's no point building or installing static plugins, so apply a patch
to only build shared plugins.
Poky passes --disable-static via no-static-libs.inc, but anyone building
babeltrace2 with nodistro or another distro that doesn't use
no-static-libs.inc will fail to build babeltrace2 because of packaging
errors around the static version of the python plugin.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Ross Burton [Thu, 21 Aug 2025 11:02:42 +0000 (12:02 +0100)]
nghttp2: rewrite recipe to be an idiomatic library recipe
This recipe for nghttp2 doesn't build any of the binaries, just the core
library, but is structured like a recipe that is primarily an application
that happens to ship libraries.
Remove the lib${BPN} package and put the library into PN (which will then
be debian-renamed).
Use the shorthand option to just build the library.
Add documentation enabling/disabling options so we don't install the
docs if not needed. Currently there are no extra dependencies as the
sphinx-generated manpages are pre-built in the tarballs, but this could
change.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Falk Bauer [Thu, 21 Aug 2025 07:09:44 +0000 (09:09 +0200)]
psplash: Do not mount PSPLASH_FIFO_DIR if the env variable is empty
The script file psplash.sh tries to mount the PSPLASH_FIFO_DIR variable.
If the variable is empty, the mountpoint command returns a usage text
(busybox mountpoint here, util-linux mountpoint behaves the same):
The return code with this console output is 0 and the mount command in the
if statement is executed.
Then this mount also fails with an empty mountpoint argument.
The source code of psplash respects an empty PSPLASH_FIFO_DIR variable
(see psplash.c) and makes a fallback to "/run". So the psplash.sh script should
also respect the empty var.
Try to mount the PSPLASH_FIFO_DIR only if the variable is not empty.
Khem Raj [Thu, 21 Aug 2025 06:45:25 +0000 (23:45 -0700)]
python3: Pass PLATFORM_TRIPLET explicitly when cross compiling
Do not rely on how python detects the platform triplet
We have been lucky to get it cross-compiling since our build hosts
are also using glibc, so the headers and gcc install locations match
and the values it detects are mostly what we will need for glibc
based targets, but when we use musl e.g. the problems show up where
python3 is not able to automitically discover python modules so any
python package having compiled .so modules fail to load.
Example is ptest failures with TCLIBC = "musl"
and running core-image-ptest-python3-rpds-py
This is revamp of patch [1], currently its working for glibc
based cross-compiling because we build on linux systems which are also
glibc based, but python on musl shows the problem.
When python was upgraded to 3.12 [2], this patch was wrongly dropped
and sadly regression went unnoticed, without this patch
Python's automatic module discovery does not work when it is cross-compiled
this is because it tries host tools and compiler installation during configure
to detect it. .so modules e.g. modulename.cpython-*.so are not seen as a result.
This is seen when running python3-rpds-py ptests where it should load
rpds.cpython-313-x86_64-linux-musl.so rpds.so but it does not and the module test
fail.
Khem Raj [Thu, 21 Aug 2025 06:45:21 +0000 (23:45 -0700)]
elfutils: Add run-backtrace-{native|data}.sh to known failures
musl's thread startup/teardown sequences and frame-pointer handling
differ from glibc. elfutils can fail to terminate unwinds properly
in multithreaded musl apps which leads to truncated or bogus traces
and then the test's "must contain main" assertion fails.
CVE entry was corrected in NVD DB.
It looks like NVD is now getting faster and more reliable with
annotations...
Signed-off-by: Peter Marko <peter.marko@siemens.com> Cc: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Liu Yiding [Wed, 20 Aug 2025 08:49:37 +0000 (16:49 +0800)]
nghttp2: remove nghttp2-proxy
fix issue that:
| nothing provides nghttp2-proxy >= 1.66.0 needed by nghttp2-1.66.0-r0.core2_64 from base
nghttp2-proxy is supposed to involve files ${bindir}/nghttpx and ${datadir}/${BPN}/fetch-ocsp-response
But now nghttp2-proxy will not be created because:
1. ENABLE_APP=OFF in EXTRA_OECMAKE makes ${bindir}/nghttpx not be produced
2. 1.66.0 version has removed fetch-ocsp-response-file according to the Changelog
| cat /tmp/work/aarch64-ubinux-linux/nghttp2/1.66.0/sources/nghttp2-1.66.0/ChangeLog
| ....
| nghttpx: Remove OCSP stapling
|
| This commit removes OCSP stapling features and the following options
| are deprecated and have no effect:
|
| - fetch-ocsp-response-file
| - no-ocsp
| - no-verify-ocsp
| - ocsp-update-interval
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khang D Nguyen [Wed, 20 Aug 2025 02:55:24 +0000 (09:55 +0700)]
systemd.bbclass: deduplicate template and instance lines in preset file
If SYSTEMD_SERVICE contains both template and instance names, the
preset file will contain two lines: one describing the template name
and one describing the instance names.
This is problematic because systemd.preset only use the first matching
one [1], leading to the instances not getting enabled.
For example, openbmc's obmc-console recipe has the following
final SYSTEMD_SERVICE variable:
fragments/autobuilder: add go to SDK_TOOLCHAIN_LANGS
For reasons unknown, only rust was listed, which means
nativesdk-go was not built or tested, which lead to
breakage like one fixed in
https://git.yoctoproject.org/poky/commit/?id=a669cd2e0c760da9d7e872daea9590fc9e86d766
Note that with this change only building and installing go
into SDKsis tested, but no tests are performed with the
toolchain itself in testsdk/testimage.
For that, a bug has been filed:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15953
Remove go from x32 and mingw targets as it will not build for them.
(next to similar removals for rust)
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures
The default assignments look like this:
TARGET_GO386 = "${@go_map_386(d.getVar('TARGET_ARCH'), d.getVar('TUNE_FEATURES'), d)}"
TUNE_FEATURES is a target-specific variable, and so should be used
only for target builds. The change is similar to what is already done
for native packages.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 18 Aug 2025 19:56:02 +0000 (21:56 +0200)]
glib-2.0: update 2.84.2 -> 2.84.4
Overview of changes in GLib 2.84.4, 2025-08-08
==============================================
* Bugs fixed:
- #3716 (CVE-2025-7039) (#YWH-PGM9867-104) Buffer Under-read on GLib through
glib/gfileutils.c via get_tmp_file() (Michael Catanzaro)
- #3721 GFile leak in g_local_file_set_display_name during error handling
(Philip Withnall, Michael Catanzaro)
- !4668 Backport !4667 “Incorrect output parameter handling in closure helper
of g_settings_bind_with_mapping_closures” to glib-2-84
- !4675 Backport !4674 “gfileutils: fix computation of temporary file name” to
glib-2-84
- !4679 Backport !4677 and !4678 “Fix GFile leak in
g_local_file_set_display_name()” to glib-2-84
- !4697 Backport !4696 “gthreadpool: Catch pool_spawner creation failure” to
glib-2-84
- !4705 Backport !4702 “gio/filenamecompleter: Fix leaks” to glib-2-84
- !4711 Backport !4708 “gfilenamecompleter: Fix g_object_unref() of undefined
value” to glib-2-84
Overview of changes in GLib 2.84.3, 2025-06-13
==============================================
* Bugs fixed:
- !4656 Backport !4655 “gstring: Fix overflow check when expanding the string”
to glib-2-84
!4656 solves first half of CVE-2025-6052
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ricardo Salveti [Tue, 19 Aug 2025 00:56:05 +0000 (21:56 -0300)]
initramfs-framework: mount /run and move to rootfs before switch_root
Mount /run as tmpfs during early init and include it in the set of
mounts moved to $ROOTFS_DIR prior to exec switch_root.
Having /run available early lets initramfs modules stamp state that can
later influence systemd service jobs, since systemd will reuse the mount
point instead of creating a new one during boot.
This is particularly useful with ostree, as it uses /run/ostree-booted
as way to describe that the rootfs comes from an ostree deployment.
Changelog:
=================
- audioconvert: Fix regression when using a mix matrix
- audioconvert: mix-matrix causes caps negotiation failure
- decodebin3: Don't error on an incoming ONVIF metadata stream
- gloverlay: Recompute geometry when caps change, and load texture after stopping and starting again
- uridecodebin3: Add missing locking and NULL checks when adding URIs to messages
- uridecodebin3: segfault in update_message_with_uri() if no decoder available
- videorate, imagefreeze: add support for JPEG XS
- gst-device-monitor-1.0: Add shell quoting for launch lines
- gst-device-monitor-1.0: Fix criticals, and also accept utf8 in launch lines
- gst-device-monitor-1.0: Use gst_print instead of g_print
Refer to release note, no changes this time
https://gstreamer.freedesktop.org/releases/1.26/#1.26.5
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Moritz Haase [Mon, 18 Aug 2025 06:44:13 +0000 (08:44 +0200)]
libcomps: upgrade 0.1.21 -> 0.1.22
The project did not publish release notes, but the list of changes is available
at [0]. The new release brings a fix for [1] and ships the patch to build with
CMake 4+.
Richard Purdie [Tue, 19 Aug 2025 09:09:07 +0000 (10:09 +0100)]
lttng-tools: Disable slow tests to fix ptest runs
Add a patch disabling some ptests in lttng-tools since they are slow, give
no output on the console and cause the ptest run to error due to our 450s
inactivity timeout.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Remove 0001-fix-lttng-tools-fails-to-compile-with-libxml2-2.14.0.patch
as the issue has been fixed in another way as [1].
* Rebase 0001-tests-do-not-strip-a-helper-library.patch and disable-tests.patch
to fuzz issue.
* Add babeltrace2 to DEPENDS to fix below configure error.
| configure: error: libbabeltrace2 is required to build tests
* src/common/config/session.xsd is restructured to src/common/session.xsd [2].
* Add 0001-gen-ust-events-constructor-change-rpath-to-libdir-li.patch to fix
the below buildpath QA issue.
ERROR: lttng-tools-2.14.0-r0 do_package_qa: QA Issue: File /usr/lib/lttng-tools/ptest/tests/utils/testapp/gen-ust-events-constructor/gen-ust-events-c-constructor-so in package lttng-tools-ptest contains reference to TMPDIR [buildpaths]
ERROR: lttng-tools-2.14.0-r0 do_package_qa: QA Issue: lttng-tools-ptest: /usr/lib/lttng-tools/ptest/tests/utils/testapp/gen-ust-events-constructor/gen-ust-events-c-constructor-so contains bad RPATH /buildarea3/myu2/yocto/builds/ptest-2025-07-09/tmp/work/core2-64-poky-linux/lttng-tools/2.14.0/build/tests/utils/testapp/gen-ust-events-constructor [rpaths]
ERROR: lttng-tools-2.14.0-r0 do_package_qa: QA Issue: File /usr/lib/lttng-tools/ptest/tests/utils/testapp/gen-ust-events-constructor/gen-ust-events-constructor-so in package lttng-tools-ptest contains reference to TMPDIR [buildpaths]
ERROR: lttng-tools-2.14.0-r0 do_package_qa: QA Issue: lttng-tools-ptest: /usr/lib/lttng-tools/ptest/tests/utils/testapp/gen-ust-events-constructor/gen-ust-events-constructor-so contains bad RPATH /buildarea3/myu2/yocto/builds/ptest-2025-07-09/tmp/work/core2-64-poky-linux/lttng-tools/2.14.0/build/tests/utils/testapp/gen-ust-events-constructor [rpaths]
* Add the redpends for lttng-tools-ptest to fix the test failure.
ERROR: tools/live/test_early_inactive_app.py
============================================
Traceback (most recent call last):
File "/usr/lib/lttng-tools/ptest/tests/regression/./tools/live/test_early_inactive_app.py", line 21, in <module>
import lttngtest
File "/usr/lib/lttng-tools/ptest/tests/utils/lttngtest/__init__.py", line 9, in <module>
from .environment import *
File "/usr/lib/lttng-tools/ptest/tests/utils/lttngtest/environment.py", line 13, in <module>
import random
ModuleNotFoundError: No module named 'random'
ERROR: tools/live/test_early_inactive_app.py - missing test plan
ModuleNotFoundError: No module named 'random'
ModuleNotFoundError: No module named 'xml'
ModuleNotFoundError: No module named 'tempfile'
ModuleNotFoundError: No module named 'json'
ModuleNotFoundError: No module named 'bt2'
RP: Added install of missing expect scripts
Add new dependency on lttng-ust-dev due to test requirement (and remove QA check warning)
Add missing dependency on python3-asyncio for concurency module
Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Michael Jeanson [Thu, 14 Aug 2025 17:49:50 +0000 (17:49 +0000)]
babeltrace2: Fix python bindings ptests
The python bindings ptests weren't functional. This patch:
* Adds a patch to allow the tests to be executed on target standalone
* Sets a variable to allow the right install path to be passed to setup.py
* Sets the right paths in the ptest runner script for the python modules
* Installs the missing data needed to run the tests
Base patch was written by Michael Jeanson, RP then tweaked wording
and formatting and added config to complete the work on all arches.
Signed-off-by: Michael Jeanson <mjeanson@efficios.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* The lttng-tools test fails as below as it needs bt2 module.
ERROR: ust/high-throughput/test_high_throughput_snapshot.py
===========================================================
Traceback (most recent call last):
File "/usr/lib/lttng-tools/ptest/tests/regression/./ust/high-throughput/test_high_throughput_snapshot.py", line 26, in <module>
import bt2
ModuleNotFoundError: No module named 'bt2'
Enable python plugins for babeltrace2 to provide the above support.
* Add swig-native to DEPENDS to fix the below configure error.
| configure: error: SWIG 2.0.0 or newer is required to build the python bindings
* There are some ptest failed cases after enable python plugins and
track the failed ptest as https://bugs.lttng.org/issues/1430.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Fri, 15 Aug 2025 17:05:17 +0000 (19:05 +0200)]
dpkg: set status for CVE-2025-6297
NVD tracks this CVE as "Up to (excluding) 2025-06-30"
(which is fix commit date, not dpkg version)
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Simone Weiß [Sat, 16 Aug 2025 20:24:06 +0000 (20:24 +0000)]
libadwaita: upgrade 1.7.5 -> 1.7.6
Changes:
- AdwAlertDialog/AdwMessageDialog
- Emit ::response when cancelled after calling choose()
- AdwDialog
- Fix widget activation in window-backed dialogs
- Fix set_focus() in window-backed dialogs
- AdwLayoutSlot
- Error out if ID is not set
- AdwNavigationView
- Defer swipe start to ::begin-swipe
- AdwTabOverview
- Make button hitboxes larger
- AdwWrapLayout
- Fix a memory leak
- Various fixes
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 14 Aug 2025 12:14:43 +0000 (13:14 +0100)]
nfs-utils: Fix do_configure when switching configurations
On the autobuilder we saw:
ERROR: nfs-utils-2.8.3-r0 do_package_qa: QA Issue: nfs-utils package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge]
This can be reproduced by running do_configure with sysvinit, switching to
systemd and re-running do_configure. udev_rulesdir will then have the wrong
value.
Fix the sed expressions so the task can rerun correctly and update as
desired.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 10 Aug 2025 10:07:09 +0000 (11:07 +0100)]
Revert "qemux86-64: Reduce tuning to core2-64"
This was originally applied as our autobuilder had older hardware and couldn't
cope with the newer settings. This has been resolved in the new cluster so we
can go back to the newer tuning, which software is now more likely to need.
Khem Raj [Sun, 17 Aug 2025 05:53:31 +0000 (22:53 -0700)]
perl: Disable builtin memcpy & string inlines with gcc/x86-64-v3
PERL built with GCC 15 and -march=x86-64-v3 fails several
op/pack.t cases due to aggressive lowering of __builtin_memcpy
and inlined/fortified string ops. In pp_pack, some in-place copies
can overlap, treating memcpy as non-overlapping yields corrupted
bytes (zeros or wrong prefixes).
The issue does not reproduce with -march=core2.
When using x86-64-v3 memcpy gets emitted very aggressively
(vectorized / reordered) and assumes no overlap.
The flags force calls through libc (overlap-safe behavior),
restoring deterministic pack/unpack and fixing the test failures.
Inline functions could be faster in execution but correctness is
more important
Fixes [YOCTO #15950]
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Vincent Davis Jr [Thu, 14 Aug 2025 04:25:49 +0000 (00:25 -0400)]
bootimg_pcbios: add funcs to configure booting with grub
Functions added, but not executed during
wic image creation include:
_get_staging_libdir
* Finds target lib directory if for some
reason STAGING_LIBDIR isn't set.
_do_configure_grub
* Will search for a grub configuration passed via
bootloader --configfile. If not found build a
default one which searches for partition that
contains the given the kernel name via grub
search module.
_do_prepare_grub
1. Sets default values for GRUB_MKIMAGE_FORMAT_PC
and GRUB_PREFIX_PATH if none specified. Both
variables are required by grub-mkimage.
* GRUB_MKIMAGE_FORMAT_PC is used to define
target platform.
* GRUB_PREFIX_PATH is used to define which
directory grub config and modules are going
to reside in.
2. Generates grub config to embed into core.img.
This config is used to search for partition
containing grub config.
3. Creates a custom core.img or grub stage 1.5
with an embedded grub config.
4. Copies all the target built grub modules into
GRUB_PREFIX_PATH directory.
5. Creates boot partition
_do_install_grub
1. dd target platform specific boot.img to the first
0-440 bytes of the resulting wic image. dd grub
stage 1 to wic image. If this wics plugin is used
with GPT as partition table format and grub selected
as bootloader it's more than likely for grub hybrid
booting because bootimg_efi plugin should and more
than likely will be used in that case. So, boot.img
may be dd regardless if partition table format is
GPT or MBR.
2. dd custom core.img (grub stage 1.5) with embedded
configuration to the resulting wic image starting
at byte 512 up to sizeof(core.img).
3. Both boot.img and core.img are required for legacy
bios boot. See grub Wiki for more details on
boot.img and core.img.
https://en.wikipedia.org/wiki/GNU_GRUB
Commit also imports python modules required by the
above implemented functions.
Signed-off-by: Vincent Davis Jr <vince@underview.tech> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Vincent Davis Jr [Thu, 14 Aug 2025 04:25:48 +0000 (00:25 -0400)]
bootimg_pcbios: cleanup prepare and install syslinux funcs
This commit:
1. Removes unrequired function params from
* _do_prepare_syslinux
* _do_install_syslinux
Reason is that they aren't required by
the function.
2. Moves finding of resulting wic image
back into do_install_disk task. As
the same code may be leverage to install
other bootloaders to the resulting disk.
Signed-off-by: Vincent Davis Jr. <vince@underview.tech> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Vincent Davis Jr [Thu, 14 Aug 2025 04:25:47 +0000 (00:25 -0400)]
bootimg_pcbios: cleanup _do_configure_syslinux function
This commit:
1. Removes all unrequired function parameters.
The part parameter was kept due to it's potential
future usage in _do_configure_syslinux function.
part.fstype specifically may be used with the
rootfstype kernel paramater.
2. Sets a default timeout to 500 if bootloader --timeout
not specified. To avoid 'None' being placed
as the value in resulting configuartion file.
3. Sets a default kernel parameter string if
bootloader --append not specified. This also
helps avoid 'None' being places as the value
in resulting configuration file.
4. Replace all instances of
cr_workdir, "/hdd/boot"
with variable
hdddir
as it's set at the top of the function. No,
need to re-implement what the variable is
already defined to store.
Signed-off-by: Vincent Davis Jr <vince@underview.tech> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Most bootloaders that will be included in this
wics plugin will require a configuration file
to define kernel params, execute custom
modules, or enable the ability to select
one of multiple boot entries.
Create a seperate generic function to facilitate
finding if a bootloader config file passed through
bootloader --configfile flag. So, that other functions
that are used to create/install a bootloader boot
configuration file can leverage the function.
Signed-off-by: Vincent Davis Jr. <vince@underview.tech> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is to prepare for inclusion of other
bootloaders. It also makes reading
through the wics plugin much easier if
you group bootloader specific partition
creation functions together and place them
at the bottom of the file versus leaving
them in their current position.
Signed-off-by: Vincent Davis Jr. <vince@underview.tech> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Vincent Davis Jr [Thu, 14 Aug 2025 04:25:44 +0000 (00:25 -0400)]
bootimg_pcbios: move syslinux install into seperate functions
Current oe-core bootimg_pcbios wics plugin
only supports installing syslinux directly
into the resulting wic image.
This commit seperates syslinux installation from
class BootimgPcbiosPlugin(SourcePlugin) override
functions in preparation of supporting the installation
of other bootloaders to the resulting wics plugin
such as:
* grub
* extlinux
Being moved now to make it easier to include
future bootloaders.
Signed-off-by: Vincent Davis Jr <vince@underview.tech> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Wed, 13 Aug 2025 20:49:21 +0000 (16:49 -0400)]
linux-yocto/6.12: update to v6.12.41
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
no ids found, dumping: 8f5ff9784f32 Linux 6.12.41 c0c21293d0c2 mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma c60f5156e62d KVM: x86: Free vCPUs before freeing VM state d8b3dfd4d36c Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" ffbedb4ad984 Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" 5a276d341c8e Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" c72303e7eb49 Revert "drm/xe/gt: Update handling of xe_force_wake_get return" 69fbb3f1740b drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x bc9abdf6bce8 ALSA: hda: Add missing NVIDIA HDA codec IDs beb314a55e1e ALSA: hda/tegra: Add Tegra264 support c7f864d34529 Drivers: hv: Make the sysfs node size for the ring buffer dynamic beddf74e4064 ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS 90d5cd64f46d iio: hid-sensor-prox: Fix incorrect OFFSET calculation 05847477ff8a iio: hid-sensor-prox: Restore lost scale assignments 86dca1cb4804 wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure b63eb95856c0 Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" 98937588ff9c arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage 3d12349ade54 x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() f1b3ad11ec11 KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush d483bf624f22 KVM: x86: model canonical checks more precisely c0c82c2adc22 KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks 62dd9132a458 KVM: x86: Route non-canonical checks in emulator through emulate_ops 94620f95f6cd KVM: x86: drop x86.h include from cpuid.h a4d60ba277ec ext4: fix out of bounds punch offset 51492e99894a ext4: correct the error handle in ext4_fallocate() 85defb9933f6 ext4: fix incorrect punch max_end 35bd33e3ef09 ext4: move out common parts into ext4_fallocate() 8a98313caa3a ext4: move out inode_lock into ext4_fallocate() 1697ca500a84 ext4: factor out ext4_do_fallocate() 2cbc4d640d40 ext4: refactor ext4_insert_range() 8bb93d988212 ext4: refactor ext4_collapse_range() db1fcf7fd51c ext4: refactor ext4_zero_range() 33f61ecabb10 ext4: refactor ext4_punch_hole() d9116d28538a ext4: don't explicit update times in ext4_fallocate() a5ae7fa30cd9 erofs: fix large fragment handling 41485d7c637b erofs: clean up header parsing for ztailpacking and fragments f9b2cb6fff33 erofs: simplify tail inline pcluster handling 516fabf34173 erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches 9a84e212e334 erofs: refine z_erofs_get_extent_compressedlen() 4d0f12dc8335 erofs: simplify z_erofs_load_compact_lcluster() 1e5a88732ace arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on 4a7b64ba0cca mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() a1bc9a394a27 crypto: powerpc/poly1305 - add depends on BROKEN for now b49b543f4e0b comedi: comedi_test: Fix possible deletion of uninitialized timers 28419a4f3a1e jfs: reject on-disk inodes of an unsupported type 3ad50c7c66cc x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() b85815675fc5 spi: cadence-quadspi: fix cleanup of rx_chan on failure paths a7c6de9f8467 usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach 27e423886a7a usb: typec: tcpm: allow switching to mode accessory to mux properly a9a1eb410f35 usb: typec: tcpm: allow to use sink in accessory mode 77a4a907cc53 selftests/bpf: Add tests with stack ptr register in conditional jmp bafb375c4606 rust: give Clippy the minimum supported Rust version 4c8f15e770fb mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n 656eaddbc952 mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list 140edd5adf6d selftests: mptcp: connect: also cover checksum 219c4eb6c3f0 selftests: mptcp: connect: also cover alt modes 1bff28ea4b11 resource: fix false warning in __request_region() 79663a15a1c7 nilfs2: reject invalid file types when reading inodes 27e740614df8 kasan: use vmalloc_dump_obj() for vmalloc error reports 0fde7dccbf4c ice: Fix a null pointer dereference in ice_copy_and_init_pkg() 44af78621c09 gve: Fix stuck TX queue for DQ queue format 50c61f55b6b9 e1000e: ignore uninitialized checksum word on tgp 78328fad6c49 e1000e: disregard NVM checksum on tgp when valid checksum bit is not set a3bba0205830 dpaa2-switch: Fix device reference count leak in MAC endpoint handling 4dd56cabfbe5 dpaa2-eth: Fix device reference count leak in MAC endpoint handling 708fd522b86d arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() 060a28e39053 ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx d3f60054b6a0 ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx ba8e8a8a2e19 sprintf.h requires stdarg.h cf8e62f6e1b2 bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() 5b8d6cb9a03d i2c: virtio: Avoid hang by using interruptible completion wait 5622108c3041 i2c: tegra: Fix reset error handling with ACPI 42c4471b30fa i2c: qup: jump out of the loop in case of timeout 9ea8a9ebbea8 timekeeping: Zero initialize system_counterval when querying time from phc drivers 6ed79cf1183a ARM: 9450/1: Fix allowing linker DCE with binutils < 2.36 f7ff03247600 mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() f5ee8a39f03e drm/sched: Remove optimization that causes hang when killing dependent jobs 198604687f19 drm/amdgpu: Reset the clear flag in buddy during resume d2a6a3543fd2 platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots 616ca3c4d11e platform/x86: ideapad-laptop: Fix FnLock not remembered among boots 4de81eb46284 net: hns3: default enable tx bounce buffer when smmu enabled 68494b2ca295 net: hns3: fixed vf get max channels bug 952cd60f695b net: hns3: disable interrupt when ptp init failed 7676d652801c net: hns3: fix concurrent setting vlan filter issue 1194ad0d44d6 s390/ism: fix concurrency management in ism_cmd() de5aaea0384c selftests: drv-net: wait for iperf client to stop sending 61baf2a43d45 ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop 5c25b4f2769e drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() 0ca816a96fdc can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode 11a2eadf0bd2 net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class 5f02ea0f63dd net: appletalk: Fix use-after-free in AARP proxy probe 18617f4063e5 i40e: When removing VF MAC filters, only check PF-set MAC dc08e1772566 i40e: report VF tx_dropped with tx_errors instead of tx_discards ebd24581e055 net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch 6b1f7194d02c net/mlx5: Fix memory leak in cmd_exec() 07759e28a3b5 net: ti: icssg-prueth: Fix buffer allocation for ICSSG 1dc0ed16cfbc ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv 5918c3f4800a xfrm: interface: fix use-after-free after changing collect_md xfrm interface 07ab45902446 xfrm: Set transport header to fix UDP GRO handling 085f24f0be55 xfrm: state: use a consistent pcpu_id in xfrm_state_find 6bf2daafc51b xfrm: state: initialize state_ptrs earlier in xfrm_state_find 80d66be8a04f staging: vchiq_arm: Make vchiq_shutdown never fail 0fb8478fb0ea platform/x86: Fix initialization order for firmware_attributes_class 9128b2dbe510 x86/hyperv: Fix usage of cpu_online_mask to get valid cpu ef3bee8d1da1 tools/hv: fcopy: Fix incorrect file path conversion 8a1fbb642b74 platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input d38e1e0a64a9 platform/mellanox: mlxbf-pmc: Validate event/enable input f0580af3d3ec platform/mellanox: mlxbf-pmc: Remove newline char from event name input 1b102d2cc4bc regmap: fix potential memory leak of regmap_bus be4f30f7c178 iio: adc: ad7949: use spi_is_bpw_supported() 5aa9a2d57899 interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node 3fd782ceabea RDMA/core: Rate limit GID cache warning messages 96876f6e859e platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA 5d4261dbb333 regulator: core: fix NULL dereference on unbind due to stale coupling data bf812206f2d0 virtio_ring: Fix error reporting in virtqueue_resize 30ce52f1616e virtio_net: Enforce minimum TX ring size for reliability a7b79db25846 Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT 2bf554c820f1 x86/traps: Initialize DR7 by writing its architectural reset value
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Implement the full REUSE spec [1] to help with copyright and licensing
audits and compliance. This will reduce a lot of manual work for the
licensing audit required in Debian on each update and also allow using
automated tools.
For files that lacked copyright and licensing information, I used the
following guidelines. If a clear author could be determined from the git
history use it, otherwise use 'EfficiOS Inc.'. For code use
'GPL-2.0-only OR LGPL-2.1-only' unless otherwise stated, for
documentation 'CC-BY-SA-4.0' and for data files 'CC0-1.0'.
Freeform text files were converted to Markdown to allow licensing
comments.
Running the reuse tool on the repo is now succesful:
$ reuse lint
# SUMMARY
* Bad licenses: 0
* Deprecated licenses: 0
* Licenses without file extension: 0
* Missing licenses: 0
* Unused licenses: 0
* Used licenses: CC0-1.0, GPL-2.0-only, CC-BY-SA-4.0, MIT, LGPL-2.1-only
* Read errors: 0
* files with copyright information: 358 / 358
* files with license information: 358 / 358
Congratulations! Your project is compliant with version 3.0 of the REUSE Specification :-)
[1] https://reuse.software/tutorial/
Change-Id: I1755cab24a6fcec7a6c9a2136891418203ec34b8 Signed-off-by: Michael Jeanson <mjeanson@efficios.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Osama Abdelkader [Wed, 13 Aug 2025 22:12:27 +0000 (00:12 +0200)]
strace: upgrade 6.15 -> 6.16
Upgrade to the latest upstream release (2025-08-05), which includes:
- Added new -N/--arg-names option to show syscall argument names
- Implemented PTRACE_SET_SYSCALL_INFO ptrace API support from Linux 6.16
- Decoding updates for SO_RCVPRIORITY, SO_PASSRIGHTS, RTA_NH_ID, RTA_FLOWLABEL
- Enhanced statx syscall decoding and numerous new constant/ioctl updates
Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
