Add traditional-activation PACKAGECONFIG to DBus recipe in order to allow
users to enable or disable traditional DBus service activation.
DBus service activation refers to automatically starting an application
when a DBus message is sent to a service provided by that application.
Traditionally, this is done by the DBus-daemon, thus, the term traditional
here. On systems using systemd, systemd can do this, instead.
On some systems it might be of interest to disable the traditional service
activation in order to ensure that services are always started via systemd.
Per default, traditional service activation is enabled for DBus. Thus, the
traditional-activation PACKAGECONFIG is added to the default PACKAGECONFIG.
Otherwise, we might introduce a breaking change here.
The binary dbus-daemon-launch-helper isn't created in case DBus is built
with traditional service activation disabled, so we change its attributes
only when traditional service activation is turned on.
Signed-off-by: Weisser, Pascal <pascal.weisser.ext@karlstorz.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Sun, 20 Jul 2025 21:08:53 +0000 (23:08 +0200)]
orc: set CVE_PRODUCT
There are new CVEs reported for this recipe which are not for this
componene, but for a component with same name from apache.
sqlite> select vendor, product, id, count(*) from products where product like 'orc' group by vendor, product, id;
apache|orc|CVE-2018-8015|1
apache|orc|CVE-2025-47436|4
gstreamer|orc|CVE-2024-40897|1
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 23 Jul 2025 12:24:48 +0000 (13:24 +0100)]
lldb: don't build rpaths into binaries
LLDB defaults to adding rpaths into the binaries which are then stripped
by CMake on install.
However, this rpath removal is implemented by editing the binary instead
of relinking at install time, so the final binary will have an entry in
the dynstr section which is all nulls but is as long as the build path.
Obviously this breaks reproducibility, so disable the use of rpaths in
LLDB to remove this problem.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
xorg-server 21.1.17
This release contains the fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg/2025-June/062055.html
xorg-server 21.1.18
This release contains an additional fix for CVE-2025-49176 from June 17
security advisory: https://lists.x.org/archives/xorg/2025-June/062055.html
Ross Burton [Mon, 21 Jul 2025 13:24:24 +0000 (14:24 +0100)]
clang: improve LLVM target selection logic
The GPU targets are incredibly slow to build, so if the DISTRO_FEATURES
doesn't include opengl or vulkan assume that the user will not be using
a GPU and disable them.
Alternatively, a distribution could state that they'll only be using
one of the backends, and set LLVM_TARGETS_GPU explicitly.
On my build machine, disabling the GPU targets reduces the build time of
clang-native from 21m to 16m.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 21 Jul 2025 13:24:23 +0000 (14:24 +0100)]
libclc: split out of clang
Split the libclc subproject out of the clang recipe and into a dedicated
libclc recipe.
This is useful because libclc is the OpenCL runtime library and as such
isn't target-specific and needs a native clang to build, not a target
libllvm.
Verified that nothing is dropped by adding clang and libclc to an image
and verifying that the file list is the same before and after this
change.
We need to patch the libclc CMakeLists to allow it to use an out-of-tree
prepare_builtins binary, discussion is ongoing with upstream to resolve
this properly.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 21 Jul 2025 13:24:22 +0000 (14:24 +0100)]
cmake: remove CMAKE_SYSTEM_* from the native toolchain
If these variables are set explictly then CMake assumes that it is
cross-compiling[1]. We don't need to set them as the default values as
detected by CMake are correct for native.
systemd: add libblkid and libfdisk PACKAGECONFIG options
Introduce new PACKAGECONFIG options in systemd for both libblkid and
libfdisk [1][2].
Set blkid as enabled by default because the bootctl command depends
on it to be built. For example, images like core-image-sato-sdk rely on
bootctl and have specific tests for it.
Previously this worked implicitly because the upstream Meson option
defaulted to auto, which enabled the dependency if libblkid was present.
Now, without explicitly enabling it via PACKAGECONFIG, the feature would
be disabled, which triggers testimage errors.
Changelog 301:
- Avoid spurious differences in h5dump output caused by exposure of absolute
internal extraction paths.
- Use our_check_output in the ODT comparator.
- Memoize a number of calls to --version.
Changelog 300:
- Fix a regression and add a test so that diffoscope picks up differences
in metadata for identical files again.
Changelog 299:
- Add python3-defusedxml to the Build-Depends in order to include it in the
Docker image.
objcopy: Don't extend the output section size
Since the output section contents are copied from the input, don't
extend the output section size beyond the input section size.
Backport a patch from upstream to fix CVE-2025-7545
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]
Ross Burton [Fri, 18 Jul 2025 13:58:40 +0000 (14:58 +0100)]
harfbuzz: build with -Os
Upstream explicitly say in their CONFIG.md file to build with -Os:
Make sure you build with your compiler's "optimize for size" option.
On `gcc` this is `-Os` [ ... ] HarfBuzz heavily uses inline functions
and the optimize-size flag can make the library smaller by 20% or
more. Moreover, sometimes, based on the target CPU, the optimize-size
builds perform *faster* as well, thanks to lower code footprint and
caching effects
Drop the patch to build just hb-subset-plan-layout.cc with -Os (which
was a workaround for a GCC bug), and pass -Os globally.
This manages to reduce the duration to harfbuzz:do_compile on my machine
from 75s to 47s, and has a big impact on the library sizes:
harfbuzz: PKGSIZE changed from 1769358 to 1237070 (-30%)
harfbuzz-dbg: PKGSIZE changed from 84920168 to 71203208 (-16%)
harfbuzz-subset: PKGSIZE changed from 1579247 to 940191 (-40%)
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add following patches.
- 0001-test-Add-support-ptest.patch
- Some default paths in test code are invalid at runtime and cause
- test failures. So add a patch to adjust path to test data for ptest
- environment.
- 0001-ICU-23120-Mask-UnicodeStringTest-TestLargeMemory-on-.patch
- Since ICU-77.1, a test case (TestLargeMemory) that fails to build
- in a 32-bit environment. So add a patch to skip this test case.
- This bug has been reported to upstream. See https://unicode-org.atlassian.net/browse/ICU-23120.
Install icu test-suite to run it as a ptest.
Add icu to PTESTS_FAST because it takes 27sec (less than 30sec) to complete on
qemux86-64 with kvm enabled.
* 87f0227cb601 [InstCombine] Avoid folding `select(umin(X, Y), X)` with min/max values in false arm (#143020)
* df43f93388b7 [PhaseOrdering] Add test for #139050 (NFC)
* 25bcf1145fd7 [RISCV] Fix assertion failure when using -fstack-clash-protection (#135248)
* 6fb913d3e2ec [RelLookupTableConverter] Drop unnamed_addr for GVs in entries to avoid generating GOTPCREL relocations (#146068)
* 0c9f909b7976 [AArch64][SME] Fix restoring callee-saves from FP with hazard padding (#143371)
* fa792cd4c630 [AsmPrinter] Always emit global equivalents if there is non-global uses (#145648)
* ce455b382c08 [objcopy][MachO] Revert special handling of encryptable binaries (#144058)
* 0de59a293f7a [X86] Ignore NSW when DstSVT is i32 (#131755)
* 9af763f038f7 [gtest] Fix building on OpenBSD/sparc64 (#145225)
* 1daceb20611f [LoongArch] Pass OptLevel to LoongArchDAGToDAGISel correctly
* b21155f97a0a [LoongArch] Precommit test case to show bug in LoongArchISelDagToDag
* da18fb9f04ce [LoongArch] Fix xvshuf instructions lowering (#145868)
* 65ce78f338cf [LoongArch] Pre-commit test for fixing xvshuf instructions. NFC
* 5532d5b745e4 [AArch64] Ensure the LR is preserved if we must call __arm_get_current_vg (#145760)
* 5ac3ce819688 [WebAssembly] Fix inline assembly with vector types (#146574)
* b83658b7e2c8 Bump version to 20.1.8
Ross Burton [Tue, 15 Jul 2025 14:46:46 +0000 (15:46 +0100)]
clang: set CVE_PRODUCT
There are a number of recipes that are part of the LLVM Project, so set
CVE_PRODUCT to llvm:llvm in common.inc to ensure that all of the recipes
are covered.
Also add llvm:clang in the clang recipe, as there are a number of CVEs
with that product name.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Below commits on binutils-2.44 stable branch are updated.
b09cf42d51e ld/PE: special-case relocation types only for COFF inputs f0019390d12 s390: Prevent GOT access rewrite for misaligned symbols 452f5511154 x86: Check MODRM for call and jmp in binutils older than 2.45 4058d5a38a1 ld: fix C23 issue in vers7 test 33578177adc dwarf: Dump .debug_loclists only for DWARF-5
Test Results:
Before After Diff
No. of expected passes 310 310 0
No. of unexpected failures 1 1 0
No. of untested testcases 1 1 0
No. of unsupported tests 9 9 0
Testing was done and there were no regressions found
Bruce Ashfield [Wed, 16 Jul 2025 13:48:52 +0000 (09:48 -0400)]
linux-yocto/6.12: update to v6.12.38
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
259f4977409c Linux 6.12.38 faac2abe895d x86/CPU/AMD: Properly check the TSA microcode fbad404f04d7 Linux 6.12.37 0029b3c1320b x86/process: Move the buffer clearing before MONITOR 331cfdd27429 x86/microcode/AMD: Add TSA microcode SHAs d5d66e31fd9a KVM: SVM: Advertise TSA CPUID bits to guests 7a0395f6607a x86/bugs: Add a Transient Scheduler Attacks mitigation 0720e436e594 x86/bugs: Rename MDS machinery to something more generic 4c443046d8c9 mm: userfaultfd: fix race of userfaultfd_move and swap cache ead91de35d9c mm/vmalloc: fix data race in show_numa_info() 679bf9a0ccb8 powerpc/kernel: Fix ppc_save_regs inclusion in build c782f98eef14 usb: typec: displayport: Fix potential deadlock f65ad436e4bc platform/x86: think-lmi: Fix sysfs group cleanup 5805edbea588 platform/x86: think-lmi: Fix kobject cleanup b11397bf9ade platform/x86: think-lmi: Create ksets consecutively f5fe094f35a3 riscv: cpu_ops_sbi: Use static array for boot_data d8ca2036f30d powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed 53892dc68693 iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU 5f28563f0c68 optee: ffa: fix sleep in atomic context ccdc472b4df6 Logitech C-270 even more broken 4c37963d67fb i2c/designware: Fix an initialization issue c745744a8231 dma-buf: fix timeout handling in dma_resv_wait_timeout v2 631f9de9a7f4 cifs: all initializations for tcon should happen in tcon_info_alloc 7b02e09fc0ba smb: client: fix readdir returning wrong type with POSIX extensions 7cb875016032 usb: acpi: fix device link removal c68a27bbebbd usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume 3b1407caac17 usb: dwc3: Abort suspend on soft disconnect failure 27199ab79079 usb: cdnsp: Fix issue with CV Bad Descriptor test b68e355a6132 usb: cdnsp: do not disable slot for disabled slot 46f758928156 Input: iqs7222 - explicitly define number of external channels dbdd2a232019 Input: xpad - support Acer NGR 200 Controller 195597e0beb3 xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS 8bfd11dae3fb xhci: dbc: Flush queued requests before stopping dbc 9f3b2e497deb xhci: dbctty: disable ECHO flag by default fbebc2254af8 usb: xhci: quirk for data loss in ISOC transfers 9f7589318928 Revert "usb: xhci: Implement xhci_handshake_check_state() helper" 8caccd2eac33 usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed 1a81dfc9d10a NFSv4/flexfiles: Fix handling of NFS level errors in I/O 5e110e867941 drm/xe: Allow dropping kunit dependency as built-in 994b0bc2a0e8 drm/xe/bmg: Update Wa_22019338487 beb89ada5715 IB/mlx5: Fix potential deadlock in MR deregistration f6588557023e RDMA/mlx5: Fix cache entry update on dereg error f94c422157f3 fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass cdd9862252a0 module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper e036efbe5822 add a string-to-qstr constructor 42c5a4b47d4a rcu: Return early if callback is not specified c40b207cafd0 mtd: spinand: fix memory leak of ECC engine conf 18ff4ed6a33a ACPICA: Refuse to evaluate a method if arguments are missing 327997afbb5e wifi: ath6kl: remove WARN on bad firmware input 1b1026563999 wifi: mac80211: drop invalid source address OCB frames 3e554f115374 aoe: defer rexmit timer downdev work to workqueue 7296c938df24 scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() 3d546c8b1070 regulator: fan53555: add enable_time support and soft-start times 2ec1cc322a01 ASoC: amd: yc: update quirk data for HP Victus 39e36a744ec3 powerpc: Fix struct termio related ioctl macros 19bd7597858d genirq/irq_sim: Initialize work context pointers properly c584b9b62c0c platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list f8155ee19ddc ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic c24c06bd14f2 ata: pata_cs5536: fix build on 32-bit UML 3ce57d493dd8 ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled f42b8e575395 ALSA: sb: Force to disable DMAs once when DMA mode is changed c5e0af68c899 ALSA: sb: Don't allow changing the DMA mode during operations 3f6ce8433a90 drm/msm: Fix another leak in the submit error path 0eaa495b3d57 drm/msm: Fix a fence leak in submit error path c0527f7534c0 scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag 790ce73721ab sched_ext: Make scx_group_set_weight() always update tg->scx.weight 7ccaa5fa5d25 drm/amdgpu/mes: add missing locking in helper functions 238a218d422e arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on 646442758910 drm/amd/display: Add more checks for DSC / HUBP ONO guarantees 81ebb8d755d9 drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 710deaff6aeb drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read b47a1f9323c2 drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause 4f77d8f8a93e drm/simpledrm: Do not upcast in release helpers acf9ab15ec97 selinux: change security_compute_sid to return the ssid or tsid on match 6d0b588614c4 drm/xe/guc: Explicitly exit CT safe mode on unwind ff6482fb4589 drm/xe/guc: Dead CT helper e595433c6399 drm/xe: Replace double space with single space after comma 0dadcd17e212 drm/xe: move DPT l2 flush to a more sensible place 1883a83695fe drm/xe: Allow bo mapping on multiple ggtts ce1ef3b64ef7 drm/xe: add interface to request physical alignment for buffer objects 98e5c71e7e74 drm/xe: Move DSB l2 flush to a more sensible place e5f01b2b6771 drm/xe: Fix DSB buffer coherency 61628111e74f mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() e0fefe9bc07e netfs: Fix oops in write-retry from mis-resetting the subreq iterator c2a952fb41cc remoteproc: k3-r5: Refactor sequential core power up/down operations b14a64c1a97f remoteproc: k3-r5: Use devm_rproc_add() helper 0ea3572c15ad remoteproc: k3-r5: Use devm_ioremap_wc() helper e392148f7fa0 remoteproc: k3-r5: Use devm_kcalloc() helper f802fb717dfd remoteproc: k3-r5: Add devm action to release reserved memory 5eec92eb4fe7 remoteproc: k3: Call of_node_put(rmem_np) only once in three functions 5b6eb04c0552 ubsan: integer-overflow: depend on BROKEN to keep this out of CI f3a472b91408 arm64: dts: qcom: sm8650: add the missing l2 cache node 5a867d09f533 arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description 7f0e93324122 arm64: dts: renesas: Factor out White Hawk Single board support b9baad894b27 arm64: dts: renesas: Use interrupts-extended for Ethernet PHYs d8b92a122aed arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 67b3bb57fa17 arm64: dts: qcom: sm8650: change labels to lower-case 4265682c29c9 bpf: Do not include stack ptr register in precision backtracking bookkeeping c5474a7b04cc bpf: use common instruction history across all states be1e0287ac78 hisi_acc_vfio_pci: bugfix the problem of uninstalling driver bac4641756c2 hisi_acc_vfio_pci: bugfix cache write-back issue ea405fb41449 scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk 6857cbf0e4b3 scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask ae082dbcef5b scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure 8912b139a8d4 f2fs: zone: fix to calculate first_zoned_segno correctly ffbbe11577b7 f2fs: zone: introduce first_zoned_segno in f2fs_sb_info 58330262213a f2fs: decrease spare area for pinned files for zoned devices 81fdecac3f2c iommu: ipmmu-vmsa: avoid Wformat-security warning 7d151bf9bd2b RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug 7e48e3ddf9e3 wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers 3fffbb8d33de wifi: ath12k: Handle error cases during extended skb allocation 316060297e20 wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path b77a5ecb3d3b bonding: Mark active offloaded xfrm_states b24c3c5b421e ACPI: thermal: Execute _SCP before reading trip points 0c44a4095803 ACPI: thermal: Fix stale comment regarding trip points da45b381aafa ASoC: tas2764: Reinit cache on part reset d1f8358c5d35 ASoC: tas2764: Extend driver to SN012776 9468bcd92d64 gfs2: Don't start unnecessary transactions during log flush 519aed5bdab7 gfs2: Move gfs2_trans_add_databufs a2562bdd35e9 sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE 3edcabcfc253 sched/fair: Add new cfs_rq.h_nr_runnable 0cc4721a7182 sched/fair: Rename h_nr_running into h_nr_queued 2dc82f0d781b btrfs: fix wrong start offset for delalloc space release during mmap write 5ff2ed0f0aca btrfs: prepare btrfs_page_mkwrite() for large folios cde7f9407884 gfs2: deallocate inodes in gfs2_create_inode 8e753fc3d5fb gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc 24ae2de15bda gfs2: Move gfs2_dinode_dealloc 4f66983aeb02 gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE 7df46e6f8847 gfs2: Add GLF_PENDING_REPLY flag fbb2d296d4ad gfs2: Decode missing glock flags in tracepoints 9649fec0f9c2 gfs2: Prevent inode creation race af2ce45c2824 gfs2: Rename dinode_demise to evict_behavior 862ca0b49f1a gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE 170af4314e4d gfs2: Initialize gl_no_formal_ino earlier 33b65fcec79e kunit: qemu_configs: Disable faulting tests on 32-bit SPARC b70cda91569a kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y a55f301e607c kunit: qemu_configs: sparc: use Zilog console 8a039506c032 crypto: zynqmp-sha - Add locking d78f79a2c1ff spinlock: extend guard with spinlock_bh variants 9a0b8ef2a91b crypto: iaa - Do not clobber req->base.data e23ac0026624 crypto: iaa - Remove dst_null support 3f4adfc58700 arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma 2ba9db22d72a smb: client: fix race condition in negotiate timeout by using more precise timing 4db893a9bf9e amd-xgbe: do not double read link status a553afd91f55 net/sched: Always pass notifications when child class becomes empty 56aebaaa3adc nui: Fix dma_mapping_error() check 446ac00b86be rose: fix dangling neighbour pointers in rose_rt_device_down() 16858ab7fd61 enic: fix incorrect MTU comparison in enic_change_mtu() 6074bff08ac2 amd-xgbe: align CL37 AN sequence as per databook f358d949cea2 lib: test_objagg: Set error message in check_expect_hints_stats() 50c86c094533 netfs: Fix i_size updating 9b55b7bdb0bb smb: client: set missing retry flag in cifs_writev_callback() 590eb2574929 smb: client: set missing retry flag in cifs_readv_callback() cd8c8c20de3b smb: client: set missing retry flag in smb2_writev_callback() 3eb39038dca3 igc: disable L1.2 PCI-E link substate to avoid performance issue 9a36715cd6bc idpf: convert control queue mutex to a spinlock 018ff57fd79c idpf: return 0 size for RSS key if not supported 6a17e0d27fbe drm/i915/gsc: mei interrupt top half should be in irq disabled context 5a7ae7bebdc4 drm/i915/gt: Fix timeline left held on VMA alloc error 510a6095d754 net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect 3f6932ef2537 smb: client: fix warning when reconnecting channel 6a5348dbd745 drm/bridge: aux-hpd-bridge: fix assignment of the of_node 800a6bde38f9 platform/mellanox: mlxreg-lc: Fix logic error in power state check 206e2dca0ee5 platform/x86: dell-wmi-sysman: Fix class device unregistration 8d6b2f704f6e platform/x86: dell-sysman: Directly use firmware_attributes_class 48edcece52e0 platform/x86: think-lmi: Fix class device unregistration 1cef9e9e0090 platform/x86: think-lmi: Directly use firmware_attributes_class b36faa83285f platform/x86: firmware_attributes_class: Simplify API b5c180ec1fbc platform/x86: firmware_attributes_class: Move include linux/device/class.h 1958bccfa47a platform/x86: hp-bioscfg: Fix class device unregistration 0386a68f959a platform/x86: hp-bioscfg: Directly use firmware_attributes_class 5df3b870bc38 platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks 431e58d56fcb nvmet: fix memory leak of bio integrity f0fee863a7cb nvme: Fix incorrect cdw15 value in passthru error logging 9d4064787d8d drm/i915/selftests: Change mock_request() to return error pointers 3832ddc2fae8 spi: spi-fsl-dspi: Clear completion counter before initiating transfer 0a38b1836894 drm/exynos: fimd: Guard display clock control with runtime PM calls dbd187e8c18c dpaa2-eth: fix xdp_rxq_info leak 91a6b86d5845 ethernet: atl1: Add missing DMA mapping error checks and count errors 735ac80fa913 btrfs: use btrfs_record_snapshot_destroy() during rmdir bfd5c9e83d89 btrfs: propagate last_unlink_trans earlier when doing a rmdir 1728fef7ca37 btrfs: record new subvolume in parent dir earlier to avoid dir logging races d6d806004605 btrfs: fix inode lookup error handling during log replay 401d098f92ea btrfs: fix invalid inode pointer dereferences during log replay 0502d1127436 btrfs: return a btrfs_inode from read_one_inode() 56e9882ba22f btrfs: return a btrfs_inode from btrfs_iget_logging() 7ac790dc2ba0 btrfs: fix iteration of extrefs during log replay e4c3176acecf btrfs: fix missing error handling when searching for inode refs during log replay 381c1c121979 Bluetooth: Prevent unintended pause by checking if advertising is active b611a5bf44e2 platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message 4bbdb8dd35b4 platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 bd69049f981d RDMA/mlx5: Fix vport loopback for MPV device 3d8d401d3333 RDMA/mlx5: Fix CC counters query for MPV a33a0c15b762 RDMA/mlx5: Fix HW counters query for non-representor devices e4ff9dedeb56 scsi: ufs: core: Fix spelling of a sysfs attribute name b1abc5ab47d6 scsi: sd: Fix VPD page 0xb7 length check 218ae6bfe253 scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() 350dae778b63 scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() 864a54c1243e NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN 3c94212b57be nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. 93fccfa71c66 RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert 9d2ef890e499 RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling f5fe78cfcba1 platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment 896e0d9337b5 arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename 31405510a48d firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context 2c07fd0eada8 firmware: arm_ffa: Move memory allocation outside the mutex locking 076fa20b4f57 firmware: arm_ffa: Fix memory leak by freeing notifier callback node 9ff95ed0371a drm/v3d: Disable interrupts before resetting the GPU ca40e57b22a0 mtk-sd: reset host->mrq on prepare_data() error 3419bc6a7b65 mtk-sd: Prevent memory corruption from DMA map failure cfbdcabab2fb mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data 5581e694d3a1 usb: typec: altmodes/displayport: do not index invalid pin_assignments ea20568895c1 Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() e4d19e5d71b2 regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods dae12bc688b8 iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes a99f80c88a97 Bluetooth: MGMT: mesh_send: check instances prior disabling advertising 44bb1e13b454 Bluetooth: MGMT: set_mesh: update LE scan interval and window 3672fe9d1ed6 Bluetooth: hci_sync: revert some mesh modifications 0698a2eb7d89 Bluetooth: HCI: Set extended advertising data synchronously 50345c93698e mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier ec9be081c577 Revert "mmc: sdhci: Disable SD card clock before changing parameters" cf7235914dc4 mmc: sdhci: Add a helper function for dump register in dynamic debug mode 9546118ba789 net: libwx: fix the incorrect display of the queue number 75705b44e0b9 vsock/vmci: Clear the vmci transport packet properly when initializing it e036b72d6a16 net: txgbe: request MISC IRQ in ndo_open a54280b0eb99 s390/pci: Do not try re-enabling load/store if device is disabled 2640c230aac4 s390/pci: Fix stale function handles in error handling bc68bc356334 virtio-net: ensure the received length does not exceed allocated size 892f6ed9a4a3 virtio-net: xsk: rx: fix the frame's length check bd6c1932ac9c rtc: cmos: use spin_lock_irqsave in cmos_interrupt ee61aec8529e rtc: pcf2127: fix SPI command byte for PCF2131 669e6c723b32 rtc: pcf2127: add missing semicolon after statement
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For /usr/lib/rpm/macros, Yocto explicitly set OECMAKE_FIND_ROOT_PATH_MODE_PROGRAM
= "ONLY" [1][2] to search tools from CMAKE_FIND_ROOT_PATH [5] which locates in
native recipe sysroot or HOSTTOOLS_DIR. If found in native recipe sysroot or
HOSTTOOLS_DIR, the sed operation removed leading `/'
Moritz Haase [Thu, 3 Jul 2025 13:27:20 +0000 (15:27 +0200)]
cmake: upgrade 3.31.6 -> 4.0.3
This is the first major release bump for CMake since 3.0 was released in 2014.
Compatibility with versions of CMake older than 3.5 has been removed. Full
release notes are available at [0].
Obsolete patches have been removed and the few remaining ones have been
refreshed. We can now build cmake without patches, only cmake-native requires
two that are not suitable for upstreaming.
The main license file has been renamed from Copyright.txt to LICENSE.rst in [1].
References to the file have been updated, causing changes to the licensing
header in 'cmake.h' (see [2]).
Additionally, the '1996 - 2024' copyright statement in (cm)curl's COPYING was
updated to '1996 - 2025' in [3].
Michal Sieron [Fri, 11 Jul 2025 16:38:49 +0000 (18:38 +0200)]
bitbake.conf: Remove PR glob part from STAMPCLEAN
Since OE-Core rev: cc83e45484656a6b577ff84817131735023daad4
the STAMP value and STAMPCLEAN glob have been mismatched. The
issue is present since the PR part was removed from the STAMP variable
in that comit.
An example use case that I found was broken due to this:
1. Have recipes foo_A.bb and foo_B.bb
2. Build foo-native with PREFERRED_VERSION_foo-native = "A"
3. ${COMPONENTS_DIR}/x86_64-linux/foo-native has version A
4. Build foo-native with PREFERRED_VERSION_foo-native = "B"
5. ${COMPONENTS_DIR}/x86_64-linux/foo-native has version B
6. Build foo-native with PREFERRED_VERSION_foo-native = "A"
7. ${COMPONENTS_DIR}/x86_64-linux/foo-native still has version B
In my case the PREFERRED_VERSION comes from different machines.
The issue showed itself when a bar-native compiled against foo-native
version A was pulled from sstate-cache and foo-native in version B was
kept in ${COMPONENTS_DIR} after previous build for a different machine.
The two variables should be in sync and this patch corrects that.
[RP: Tweak commit message] Signed-off-by: Michal Sieron <michalwsieron@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jiaying Song [Thu, 10 Jul 2025 09:48:31 +0000 (17:48 +0800)]
ruby-ptest : some ptest fixes
- Skip the test_rm_r_no_permissions test under the root user, as
deletion always succeeds.
- Filter out tests under the -ext- directory in run-ptest. Due to the
commit [1],the packaging of .so test files under the .ext directory
was removed. As a result, adjust the test filtering rules to avoid
test failures caused by missing files.
- Add installation of rdoc.rb and did_you_mean.rb files in
do_install_ptest to ensure complete test dependencies.
Peter Marko [Wed, 9 Jul 2025 18:51:41 +0000 (20:51 +0200)]
python3: update CVE product
There are two "new" CVEs reported for python3, their CPEs are:
* CVE-2020-1171: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
* CVE-2020-1192: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
These are for "Visual Studio Code Python extension".
Solve this by addding CVE vendor to python CVE product to avoid
confusion with Microsoft as vendor.
Examining CVE DB for historical python entries shows:
sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython'
...> or product like 'python%3' group by vendor, product;
microsoft|python|2
python|python|1054
python_software_foundation|python|2
Note that this already shows that cpython product is not used, so
CVE-2023-33595 mentioned in 62598e1138f21a16d8b1cdd1cfe902aeed854c5c
was updated.
But let's keep it for future in case new CVE starts with that again.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Wed, 9 Jul 2025 18:07:52 +0000 (20:07 +0200)]
go: upgrade 1.24.4 -> 1.24.5
Upgrade to latest 1.24.x release [1]:
$ git --no-pager log --oneline go1.24.4..go1.24.5 9d828e80fa (tag: go1.24.5) [release-branch.go1.24] go1.24.5 825eeee3f7 [release-branch.go1.24] cmd/go: disable support for multiple vcs in one module dbf30d88f3 [release-branch.go1.24] cmd/link: permit a larger size BSS reference to a smaller DATA symbol 6b51660c8c [release-branch.go1.24] runtime: set mspan limit field early and eagerly cc604130c8 [release-branch.go1.24] runtime: prevent mutual deadlock between GC stopTheWorld and suspendG 21b488bb60 [release-branch.go1.24] runtime: handle system goroutines later in goroutine profiling e038690847 [release-branch.go1.24] cmd/go/internal/fips140: ignore GOEXPERIMENT on error 1575127ef8 [release-branch.go1.24] runtime: add missing unlock in sysReserveAlignedSbrk 7d08a16fba [release-branch.go1.24] cmd/compile/internal/ssa: fix PPC64 merging of (AND (S[RL]Dconst ...) 5f2cbe1f64 [release-branch.go1.24] cmd/compile: do nil check before calling duff functions, on arm64 and amd64
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 24 Jun 2025 21:50:53 +0000 (23:50 +0200)]
glibc: Add flags to CFLAGS instead of CC
Recent changes mean toolchain variables are initialized via inherit_defer.
It is therefore no longer possible to add to CC using the += operator.
Instead, add to CFLAGS.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd: add rdepends on libnss-resolve to nss-resolve PACKAGECONFIG
Add a runtime dependency on libnss-resolve to nss-resolve PACKAGECONFIG in
systemd recipe. libnss-resolve provides nss-resolve which is a plug-in
module for the GNU Name Service Switch (NSS) functionality of the GNU C
Library (glibc) enabling it to resolve hostnames via the systemd-resolved
local network name resolution service.
See https://man7.org/linux/man-pages/man8/nss-resolve.8.html.
Runtime dependencies on other NSS plug-in modules are provided via other
PACKAGECONFIG entries in a similar way (myhostname - libnss-myhostname,
nss - libnss-resolve).
Signed-off-by: Weisser, Pascal <pascal.weisser.ext@karlstorz.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Sat, 12 Jul 2025 12:50:43 +0000 (14:50 +0200)]
oeqa/utils/command: simplify tap detection
Simplify the code by removing the fallback to ifconfig if the ip command
is not available. ip commands are nowadays available on all host
machines. The transition from ifconfig to ip has taken place long time
ago e.g. for the runqemu-gen-tapdevs script.
This also fixes the detection of tap devices if the tap devices are not
named tap0, tap1, etc. but have a different name, e.g. foo0, foo1 which
is the case if the OE_TAP_NAME environment variable is set.
Some examples:
$ ip tuntap show mode tap
$ sudo ./scripts/runqemu-gen-tapdevs 1000 2
Creating 2 tap devices for GID: 1000...
Creating tap0
Creating tap1
...
$ ip tuntap show mode tap
tap0: tap persist group 1000
tap1: tap persist group 1000
$ sudo ./scripts/runqemu-gen-tapdevs 1000 0
Note: Destroying pre-existing tap interface tap0...
Note: Destroying pre-existing tap interface tap1...
$ ip tuntap show mode tap
$ sudo OE_TAP_NAME=foo ./scripts/runqemu-gen-tapdevs 1000 2
Creating 2 tap devices for GID: 1000...
Creating foo0
Creating foo1
...
$ ip tuntap show mode tap
foo0: tap persist group 1000
foo1: tap persist group 1000
$ sudo OE_TAP_NAME=foo ./scripts/runqemu-gen-tapdevs 1000 0
Note: Destroying pre-existing tap interface foo0...
Note: Destroying pre-existing tap interface foo1...
$ ip tuntap show mode tap
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Sat, 12 Jul 2025 13:06:37 +0000 (15:06 +0200)]
oe-selftest: devtool: run without poky
If DISTRO is set to poky, the ptest DISTRO_FEATURE is enable. However,
without meta-poky layer, ptest packages are not compiled and the tests
fail with:
ERROR: Nothing RPROVIDES 'cmake-example-ptest'...
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Sat, 12 Jul 2025 13:06:36 +0000 (15:06 +0200)]
oe-selftest: devtool deploy-target test --strip option
Extend the devtool deploy-target test to test with and without the
--strip option. The --strip code path recently broke unnoticed because
of changes in pseudo.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 11 Jul 2025 15:51:35 +0000 (16:51 +0100)]
llvm-tblgen-native: add new recipe
Building the LLVM projects often means using the TableGen tools
(llvm-tblgen etc).
We currently build them as part of clang-native, but I am teasing the
clang recipe into its component parts and having to build llvm-native
or lldb-native simply for one tool isn't ideal.
Instead, add a native recipe that simply builds the tablegen binaries
for llvm, clang, and lldb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 11 Jul 2025 15:51:34 +0000 (16:51 +0100)]
clang: move BPN assignment from common.inc
There's a BPN assignment in common.inc which means all recipes need to
either be called clang, or set BPN themselves.
Move the assignment to the clang recipes. For now I'm leaving the
existing BPN assignments in the other recipes, in case there are complex
multilib-related reasons to retain them.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
compiler-rt: Fix install location for native builds
Currently, clang when used for native builds and uses --rtlib=compiler-rt
does not find the LLVM runtime because its installed in different
directory than where compiler expects it to be. As a result, build fails
for packages using clang in both capacity ( native and cross )
e.g. qtwebengine
Make the build work across native sanitizers as well.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Fixes:
- CVE-2025-46805: do NOT send signals with root privileges
- CVE-2025-46804: avoid file existence test information leaks
- CVE-2025-46803: apply safe PTY default mode of 0620
- CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
- CVE-2025-23395: reintroduce lf_secreopen() for logfile
- buffer overflow due bad strncpy()
- uninitialized variables warnings
- typos
- combining char handling that could lead to a segfault
Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Wed, 9 Jul 2025 07:08:04 +0000 (15:08 +0800)]
kea: set correct permissions for /var/run/kea
Set the permissions of /var/run/kea to 750 to fix kea server startup
error:
ERROR [kea-dhcp4.dhcp4/445.140718820303936] DHCP4_INIT_FAIL failed to
initialize Kea server: configuration error using file
'/etc/kea/kea-dhcp4.conf': 'socket-name' is invalid: socket
path:/var/run/kea does not exist or does not have permssions = 750
This permission check was introduced by commit[1] in kea 2.6.3.
Changelog:
===========
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add credentials when passing source urls to uv resolver. (#3553)
* Redact credentials in source urls in the log output, and inject credentials into the source url for uv sync command as well. (#3555)
* Fix a bug that extra dependencies of transitive dependencies are not properly installed when USE_UV=true (#3558)
* Improve the terminal output when setting up a script environment. (#3560)
* Skip non-existent library paths in post-install steps when trying to fix the pth files. (#3561)
It introduces new features, improvements, and bug fixes, including
- a new code generation model using recursive functions
- new block types
- improved compile-time performance
It also adds a new warning, -Wdeprecated-eof-rule, and improves
the handling of the end-of-input rule
bitbake.conf: fix pseudo for devtool deploy-target --strip
Without this fix:
devtool deploy-target cmake-example qemu1 --strip
...
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/lib/libcmake-example-lib.so.1.0.0': Operation not permitted
cp: failed to preserve ownership for ...cmake-example/1.0/devtool-deploy-target-stripped/usr/lib/libcmake-example-lib.so.1: Operation not permitted
cp: failed to preserve ownership for ...cmake-example/1.0/devtool-deploy-target-stripped/usr/lib/libcmake-example-lib.so: Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/lib': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/bin/cmake-example': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/bin/test-cmake-example': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr/bin': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped/usr': Operation not permitted
cp: failed to preserve ownership for '.../cmake-example/1.0/devtool-deploy-target-stripped': Operation not permitted
tar: ./usr/lib/libcmake-example-lib.so.1.0.0: time stamp 2025-07-06 16:46:06 is 0.527890738 s in the future
tar: ./usr/lib/libcmake-example-lib.so.1: time stamp 2025-07-06 16:46:06 is 0.527462566 s in the future
tar: ./usr/lib/libcmake-example-lib.so: time stamp 2025-07-06 16:46:06 is 0.526732779 s in the future
tar: ./usr/lib: time stamp 2025-07-06 16:46:06 is 0.526415655 s in the future
tar: ./usr/bin/cmake-example: time stamp 2025-07-06 16:46:06 is 0.52568721 s in the future
tar: ./usr/bin/test-cmake-example: time stamp 2025-07-06 16:46:06 is 0.525054415 s in the future
tar: ./usr/bin: time stamp 2025-07-06 16:46:06 is 0.524821739 s in the future
INFO: Successfully deployed .../cmake-example/1.0/devtool-deploy-target-stripped
d8a8358a7207 mmc-utils: Pass key_mac buffer to rpmb_get_key() a23ad7875b89 mmc-utils: Start to use the generic print_usage function e769d44ecb77 mmc-utils: Introduce a generic print_usage function 6586fa5535dc mmc-utils: Simplify and streamline print_help function ec75d4b3b671 mmc-utils: Remove unused adv_help member from struct Command
Note: Some ISA options, such as CONFIG_RISCV_ISA_C may be reenabled by other
options such as CONFIG_EFI. This is properly reported by the configuration
tooling.
Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: add workaround for broken paths in native libcrypto.pc
Since d1b29222 ("openssl-native(sdk): poision built in paths") the
workaround for host path contamination in native(sdk) openssl is fixed.
But an unfortunate side-effect of forcing the directory variables
(OPENSSLDIR, ENGINESDIR, MODULESDIR) to be invalid is that it renders
the generated native pkg-config file (libcrypto.pc) unusable:
This will prevent other native tools (like libp11-native) from
installing their (.so) files into valid OpenSSL directories.
The strange paths are a result of OpenSSL's build system attempting to
resolve the dummy path "/not/builtin" relative to ${libdir} for
libcrypto.pc.in:
There doesn't appear to be a straightforward way to avoid embedding a
built-in host path while still generating a valid libcrypto.pc file.
This workaround now post-fixes the .pc files for openssl-native by using
two sed calls to replace the invalid paths with the valid ones.
(To prevent bitbake from early expanding the libdir variables, use a
group as a simple hack.)
Mikko Rapeli [Mon, 7 Jul 2025 07:21:32 +0000 (10:21 +0300)]
testexport.bbclass oe-test: capture all tests and data from all layers
testexport.bbclass only copied files from core layer to
the testexport.tar.gz to run tests. Then it filtered
out tests and files which were not specified in
TEST_SUITES variable.
Remove filtering of files to include parselogs.py
test data files which are machine and/or layer specific.
TEST_SUITES variable is now read from build time exported
data store when running tests so there is no need to remove
files from exported tests in testexport.bbclass.
Adapt oe-test script to find "lib" directories from
the new structure with layer specific paths which are
used to find tests and test data files.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
