Germann, Bastian [Fri, 12 Dec 2025 13:47:07 +0000 (13:47 +0000)]
run-postinsts: propagate exit state to run-postinsts.service
In case an exec_postinst_scriptlets child process fails during installation we
want indication that the run-postinsts.service had a problem.
We still try to install all scriptlets and only run remove_rcsd_link if all
postinst scripts ran without error. Otherwise on every following boot a new
install attempt of the missing scriptlet(s) is performed.
Liu Yiding [Fri, 12 Dec 2025 08:31:31 +0000 (16:31 +0800)]
gnutls: fix postinst script for ${PN}-fips for multilibs
Append "-p" parameter to mkdir to fix failure like following:
When use "gnutls-cli --fips140-mode" command in multilib environment, it shows library not found error.
root@qemux86-64:~# gnutls-cli --fips140-mode
library is NOT in FIPS140-2 mode
And it was caused by lacking hmac files.
root@qemux86-64:~# ls /usr/lib64/.*hmac
ls: cannot access '/usr/lib64/.libgnutl*': No such file or directory
The reason is as following:
When '${sysconfdir}/gnutls' was created by 'mkdir' with lib32-gnutls, the dir will not be created again by 'mkdir' with lib-gnutls again, and the subsequent command will not be executed, so hmac files were missing in lib64 environment.
${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac
So append "-p" parameter can avoid this error.
[RP: The -p option doesn't error if the directory already exists] Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cross task outputs can call native dependencies and even when cross
recipe output doesn't change it might produce different results when
the called native dependency is changed, e.g. clang-cross-${TARGET_ARCH}
contains symlink to clang binary from clang-native, but when clang-native
outhash is changed, clang-cross-${TARGET_ARCH} will still be considered
equivalent and target recipes aren't rebuilt with new clang binary, see
work around in https://github.com/kraj/meta-clang/pull/1140 to make target
recipes to depend directly not only on clang-cross-${TARGET_ARCH} but
clang-native as well.
I have added a small testcase in meta-selftest which demostrates this issue.
Not included in this change, but will send it if useful.
openembedded-core $ ls -1 meta-selftest/recipes-devtools/hashequiv-test/
print-datetime-link-cross.bb
print-datetime-link-native.bb
print-datetime-native.bb
print-datetime-usecross.bb
print-datetime-usenative.bb
print-datetime-native provides script which prints defined PRINT_DATETIME variable.
print-datetime-link-native and print-datetime-link-cross both provide a symlink to
the script from print-datetime-native.
print-datetime-usenative and print-datetime-usecross are target recipes using the
native and cross versions of print-datetime-link-* recipe.
# clean build all is rebuilt:
$ bitbake -k print-datetime-usenative print-datetime-usecross
WARNING: print-datetime-native-1.0-r0 do_install: print-datetime-native current DATETIME in script is 2025-11-13_20_05
WARNING: print-datetime-link-native-1.0-r0 do_install: print-datetime-link-native current DATETIME in symlink is 2025-11-13_20_05
WARNING: print-datetime-link-cross-x86_64-1.0-r0 do_install: print-datetime-link-cross-x86_64 current DATETIME in symlink is 2025-11-13_20_05
WARNING: print-datetime-usenative-1.0-r0 do_install: print-datetime-usenative current DATETIME from print-datetime-link is 2025-11-13_20_05
WARNING: print-datetime-usecross-1.0-r0 do_install: print-datetime-usecross current DATETIME from print-datetime-link is 2025-11-13_20_05
# keep sstate-cache and hashserv.db:
# print-datetime-usenative is correctly rebuilt, because print-datetime-link-native has different hash (because print-datetime-native hash changed)
# print-datetime-usecross wasn't rebuilt, because print-datetime-link-cross-x86_64 doesn't include the changed hash of print-datetime-native
$ bitbake -k print-datetime-usenative print-datetime-usecross
WARNING: print-datetime-native-1.0-r0 do_install: print-datetime-native current DATETIME in script is 2025-11-13_20_07
WARNING: print-datetime-link-native-1.0-r0 do_install: print-datetime-link-native current DATETIME in symlink is 2025-11-13_20_07
WARNING: print-datetime-link-cross-x86_64-1.0-r0 do_install: print-datetime-link-cross-x86_64 current DATETIME in symlink is 2025-11-13_20_07
WARNING: print-datetime-usenative-1.0-r0 do_install: print-datetime-usenative current DATETIME from print-datetime-link is 2025-11-13_20_07
It's because print-datetime-link-cross-x86_64 depsig doesn't include print-datetime-native signature:
Chen Qi [Fri, 12 Dec 2025 02:36:45 +0000 (10:36 +0800)]
qemuboot.bbclass: make nameserver configurable
Instead of hardcoding '8.8.8.8' for tap interface, we introduce
QB_TAP_NAMESERVER to allow nameserver to be configured.
This helps improve runqemu user experience because users can easily
configure their nameservers to access the networks they want. Note
that this method does not change the contents of the rootfs.
Ross Burton [Thu, 11 Dec 2025 17:55:47 +0000 (17:55 +0000)]
meson: upgrade to 1.10.0
Release notes:
- Support for the `counted_by` attribute
- Added a `values()` method for dictionaries
- Add cmd_array method to ExternalProgram
- Microchip XC32 compiler support
- Added OS/2 support
- Android cross file generator
- Array `.slice()` method
- `-Db_msvcrt` on clang
- Added `build_subdir` arg to various targets
- Support for Cargo workspaces
- Experimental Codegen module
- Methods from compiler object now accept strings for include_directories
- `meson format` has a new `--check-diff` option
- `-Db_thinlto_cache` now supported for GCC
- Using `meson.get_compiler()` to get a language from another project is marked broken
- Experimental C++ import std support
- Common `Cargo.lock` for all Cargo subprojects
- Add a configure log in meson-logs
- Added new `namingscheme` option
- Rewriter improvements
- Passing `-C default-linker-libraries` to rustc
- `rustc` will receive `-C embed-bitcode=no` and `-C lto` command line options
- New method to handle GNU and Windows symbol visibility for C/C++/ObjC/ObjC++
- Vala BuildTarget dependency enhancements
- `i18n.xgettext` now accepts CustomTarget and CustomTargetIndex as sources
Drop 0001-python-module-do-not-manipulate-the-environment-when.patch as
this code no longer exists.
Rebase 0001-Make-CPU-family-warnings-fatal.patch as code moved.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 11 Dec 2025 17:55:46 +0000 (17:55 +0000)]
oeqa/selftest/meson: use iputils instead of libepoxy
libepoxy is suboptimal for the SDK testing purposes, mainly because it
is a GL-based library so we have to disable all of the functionality.
While this hasn't been a problem, meson 1.9.2 introduces a change of
behaviour which breaks the build.
Take this opportunity to switch to iputils, which is actively maintained,
has minimal dependencies, and builds faster.
Also move some asserts into build_meson() to avoid duplication in the
test case.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 11 Dec 2025 15:50:41 +0000 (15:50 +0000)]
libxml2: remove obsolete ptest RDEPENDS
As part of the libxml2 2.10.3 upgrade[1] the run-ptest was moved from
calling make to running the tests directly, but the make dependency was
not removed.
Also verified that there is no bash usage in the tests, so also remove
the bash dependency.
patchtest/selftest: Ensure HEAD is attached before running attach tests case
If the repo is in a detached HEAD state, create and check out a temporary branch
to attach HEAD. If the branch already exists, the error is raised via run_sh.
Add a check to verify that the Git state has not changed before and
after the test in the attached HEAD.
patchtest/selftest: Extract head-attached test loop into function
Move the loop that run the tests in head attached tests into a function
'test_head_attached'. Also add an explicit check for the case where no patches
are found and exit with an error.
patchtest/selftest: refactor patch retrieval and result analysis
Move the code responsible for collecting patches into a new get_patches()
function. It returns a list of dictionaries containing:
- test ID
- patch name
- expected result
- root path
Refactor result analysis code into an analyze_result() function that updates the
counts dictionary.
These two refactorings will make it easier to add a new test in detached HEAD
mode.
patchtest: fix failure when oe-core repo is in detached HEAD
Patchtest fails when oe-core git repo is in a "detached HEAD" state:
Error log:
> File "/usr/lib/python3/dist-packages/git/repo/base.py", line 881, in
active_branch return self.head.reference ^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3/dist-packages/git/refs/symbolic.py", line 311, in
_get_reference raise TypeError("%s is a detached symbolic reference as it
points to %r" % (self, sha)) TypeError: HEAD is a detached symbolic reference
as it points to '3dd31d3b29730fa1130645d76bb71914ac036335' None
In this case, no current branch is available for the clean operation.
To fix this, updates the checkout logic:
- if a current branch is available, use it,
- otherwise, fall back to the commit pointed to by HEAD.
This ensures that the script works correctly even when HEAD is detached.
* Recent updates to rustc now require 'target_pointer_width'
to be specified as an integer.
Cast it to 'int' in rust target configuration to resolve the
type consistency error.
https://github.com/rust-lang/rust/pull/144443
* The "remote-test-server" bin is now generated in stage2-tools-bin dir
rather than stage1. Update the test suite and recipe accordingly.
* Rebase existing patches with v1.91.0.
* Drop merged patches with rust v1.91.0.
- 0001-libunwind-Use-gcs-instead-of-gcs-target-attribute.patch
https://github.com/llvm/llvm-project/pull/138077/commits/bcc31a9384d2df1c0f27ef140e1f0f9ee493034f
Yash Shinde [Thu, 11 Dec 2025 14:08:14 +0000 (06:08 -0800)]
oeqa/selftest/rust: Exclude tier-check and fix openssl-sys build error
- Exclude tier-check which fails due to file not found error.
Testing stage2 platform support check (x86_64-poky-linux-gnu)
Compiling tier-check v0.1.0
(/srv/pokybuild/yocto-worker/qemux86-64-tc/build/build-st-1400964/tmp/work/x86-64-v3-poky-linux/rust/1.91.1/sources/rustc-1.91.1-src/src/tools/tier-check)
thread 'main' (163263) panicked at src/tools/tier-check/src/main.rs:16:10:
rustc should run: Os { code: 2, kind: NotFound, message: "No such file or directory" }
- Fix following error by providing openssl in the image:
error: failed to run custom build command for `openssl-sys v0.9.109`
Failed to find OpenSSL development headers.
You can try fixing this setting the `OPENSSL_DIR` environment variable
pointing to your OpenSSL installation or installing OpenSSL headers package
specific to your distribution.
- Exclude "tests/assembly-llvm/c-variadic-arm.rs" failing on arm32.
Peter Tatrai [Thu, 11 Dec 2025 14:08:13 +0000 (06:08 -0800)]
oeqa/selftest/rust: add missing zlib and zstd dependencies
LLVM requires zlib and zstd support for compression routines
used by rustc_codegen_llvm and related components.
Recipe-level RUSTFLAGS are not propagated in qemu image, causing bootstrap
test linkage failures. When these libraries are absent in the selftest
execution environment, bootstrap test binaries fail to link and cause
following failure:
error: linking with `target-rust-ccld` failed: exit status: 1
= note: undefined reference to `compress2'
= note: undefined reference to `uncompress'
= note: undefined reference to `ZSTD_decompress'
= note: undefined reference to `ZSTD_isError'
= note: undefined reference to `ZSTD_compress2'
= note: undefined reference to `crc32'
Explicitly pass `-lz` and `-lzstd` in the image and ensure the corresponding
runtime libraries are present in the image.
It was initially reported on qemuppc and later seen across all tested
architectures (arm32/64, riscv64, x86_32/64).
Bruce Ashfield [Wed, 10 Dec 2025 14:53:00 +0000 (09:53 -0500)]
kernel-devsrc: add files for 6.18+
kernel's 6.18+ have added a dependency on rq-offsets.
The rq-offsets compile pulls in kernel/sched/rq-offsets.c plus the
scheduler-local headers (sched.h, cpudeadline.h, cpupri.h, features.h,
stats.h, ext.h) and kernel/workqueue_internal.h; those weren’t
previously in the devsrc payload, so kernel/ sched/rq-offsets.s
couldn’t be built on target.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 10 Dec 2025 13:56:03 +0000 (13:56 +0000)]
buildhistory_analysis: show renamed directories
If a directory was just renamed but the contents did not change, it was
not listed in the output. This change should be listed, so be sure to
handle that case.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changqing Li [Tue, 9 Dec 2025 10:41:21 +0000 (18:41 +0800)]
go.bbclass: change GOTMPDIR to improve reproducibility
When cgo is enabled, the Go toolchain writes temporary source files
(*.c) under GOTMPDIR and compiles them there. when -trimpath is passed
to go, Go passes options such as
-ffile-prefix-map=$WORK/b387=/tmp/go-build internally to the GCC
instance it invokes. The variable WORK is a temporary directory created
under GOTMPDIR, refer the following log:
OE also passes its own DEBUG_PREFIX_MAP to GCC(finally by CGO_CFLAGS),
including -ffile-prefix-map=${B}=${TARGET_DBGSRC_DIR}, where B is
${WORKDIR}/build. Because GOTMPDIR defaults to ${WORKDIR}/build-tmp, the
Go temporary directory looks like ${WORKDIR}/build-tmp/go-buildXYZ. Its
prefix therefore begins with ${WORKDIR}/build, so GCC matches the
DEBUG_PREFIX_MAP entry for ${B} first.
As a result, a path such as ${WORKDIR}/build-tmp/go-buildXYZ is
rewritten to ${TARGET_DBGSRC_DIR}-tmp/go-buildXYZ. This breaks the
-ffile-prefix-map option that Go itself adds, because the original WORK
path no longer matches the value Go expects. Since Go creates
go-buildXYZ directories randomly and internally, this causes the build
non-reproducible.
This patch changes GOTMPDIR from ${WORKDIR}/build-tmp to
${WORKDIR}/tmp-go-build so that the path no longer matches ${B}. This
prevents unintended replacements by OE's DEBUG_PREFIX_MAP and
restores reproducibility.
Note that pure go program like go-helloworld under OE will not have this
issue since it doen't use cgo, it is reproducible without this fix
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix builds on Ubuntu 25.10 by making sure to use parameters that are
correctly understood by core-utils and uutils. Most of these were
already removed by a previous commit, but some occurrences were missed.
Lucas Stach [Mon, 8 Dec 2025 19:17:39 +0000 (20:17 +0100)]
oe-depends-dot: handle packages with period in name
oe-depends-dot currently fails to look up the key when the package
name contains a period, as the key gets truncated in the split from
the task. Handle this by only splitting a single time from the right.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Fri, 5 Dec 2025 06:07:20 +0000 (06:07 +0000)]
util-linux/util-linux-libuuid: upgrade from 2.41.1 to 2.41.2
The following two patches are dropped as they are in new version:
util-linux/0001-include-mount-api-utils-avoid-using-sys-mount.h.patch
util-linux/0001-tests-helpers-test_sigstate.c-explicitly-reset-SIGIN.patch
Ptest change:
The new test case misc/colors needs lib/color-names.c. So copy it.
Hongxu Jia [Wed, 3 Dec 2025 08:24:02 +0000 (16:24 +0800)]
libxml2: upgrade 2.14.6 -> 2.15.1
Due to upstream [Remove LZMA support][1], drop option --without-lzma
Due to upstream [disable python bindings by default][2] and are
planned to be removed in the 2.16 release[3][4]. If we still enable
python bindings by --with-python=yes, due to upstream [doc: Build docs
with Doxygen and xsltproc][5], build python binding requires doxygen
otherwise build will fail, and we do not provide doxygen in oe-core,
so remove python package directly.
Refresh install-tests.patch and run-ptest to not install python test
cases
lib/oe/patch: use author date as commit date for "git am"
By default, "git am" uses the time of commit creation as the committer
date and is therefore "unique" to each build.
Use the --committer-date-is-author-date option for git to use the author
date as the committer date to get deterministic meta-data and therefore
commit hashes (which may end-up in sources or build in the form of e.g.
localversion file).
https://git.openembedded.org/openembedded-core/commit/?id=5624dfcea87da54c49ba1d63b528da020f351908 added support for tmux in ncurses-terminfo-base in 2015
by adding "TERM=screen". However the value of TERM is now a build option of tmux, and it uses TERM="tmux-256color" in my testing on Ubuntu / macOS.
This commit restores support for tmux in ncurses-terminfo-base. This fixes e.g. `top` not working when starting `tmux`, then `adb shell`, then `top`.
Robert Yang [Mon, 1 Dec 2025 02:33:49 +0000 (18:33 -0800)]
e2fsprogs: misc/create_inode.c: Fix for file larger than 2GB
Fixed:
$ dd if=/dev/zero of=../image.ext4 bs=1M count=4k
$ dd if=/dev/random of=../rootfs/largefile bs=1M count=3k
$ ./misc/mke2fs -t ext4 -d ../rootfs/ ../image.ext4
__populate_fs: Ext2 file too big while writing file "largefile"
mke2fs: Ext2 file too big while populating file system
This was because the offset is overflow, use __u64 to fix the problem.
Another code which uses ext2_off_t is copy_fs_verity_data(), but it only copies
the metadata, so it should be enough large for it, just leave it there.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
However, I think the commit cannot be reverted, not only because
there are a bunch of changes based on this one, but also because
the change look like a reasonable one.
Before xserver is able to handle such issue inside its codes, this service
need wait for udev to settle things before it starts. This can avoid the
above race condition error.
The 'runlevel', 'initctl', 'telinit' related contents are removed
because they are offically removed in v258.
Disable tests explicitly. This is because we're not installing any
tests. There's no point building them out. And this puts extra burden
on making things compile for musl.
gcrypt and gnutls PACKAGECONFIGs are removed as "OpenSSL is now the only
supported cryptography backend for systemd-resolved and systemd-importd."
systemd-systemctl-native changes:
sysvinit compat actions are removed. This includes removing unncessary
patches and adding EXTRA_OEMESON. The systemctl-native should only focus
on the systemd units as it was. The removed two extra patches look like
a workaround to make do_rootfs pass. But the correct behavior is that
systemctl-native should not invoke systemd-sysv-install and only focus
on systemd units.
musl changes:
1. This version has big changes in musl patches. The goal is to
help maintenance. I want patches to be more easily applied
to new versions. The count of files modified by musl specific
patches decreased from 113 (v257) to 34 (v258).
2. All patches are re-evaluated.
This version of systemd introduces big changes in header
files and other places. So the previous musl patches are
re-evaluated one by one. Those that are dropped are considered not
needed. A few new ones are added. There are some notable ones.
0012-do-not-disable-buffer-in-writing-files.patch is dropped because
there is not runtime error.
0016-Fix-the-segfault-for-glob-related-codes-and-define-d.patch is
added because this version of systemd uses strv_free to free gl_pathv
instead of relying on globfree provided by libc.
Chen Qi [Sat, 29 Nov 2025 04:05:01 +0000 (12:05 +0800)]
base-passwd: add clock group
New systemd version (v258) introduces a new group, clock, to
"enable applications like linuxptp to open clocks without root
privileges".[1]
This results in warning at do_rootfs time:
WARNING: Group clock has never been defined
Add group clock with gid 81 to fix this issue. The wheel group's
gid is 80, so 81 is chosen.
Note that Debian rejects this patch because they're using sysusers
to handle such groups, including 'clock', 'kvm', 'sgx', etc. We're
not relying on sysusers, so we have to add a patch here.
Below are more detailed reasons for why these groups (wheel, sgx, kvm,
clock) need to be in base-passwd as oe-specific patches instead of being
added via separate recipes:
OE currently does not have a mechanism like systemd-sysusers that if a
group has been added, the related configurations in separate packages
do not have confliction.
In OE, when multiple recipes need the same group, and these recipes
do not necessarily have deps on each other, the current viable way
to do this is to add that group to base-passwd.
If things change in the future, which means significant change to our
useradd related bbclasses, we might do similar as Debian. But before
that, these groups need to remain in base-passwd.
Vivek Puar [Tue, 25 Nov 2025 09:07:22 +0000 (14:37 +0530)]
udev-extraconf: Split automount and autonet into seperate packages
Created two subpackages (${PN}-automount and ${PN}-autonet) to separate
udev rules and scripts for automount and autonet functionality.
If the image only needs storage devices to be auto-mounted or just needs
network hotplug handling, splitting the packages let us choose automount or
autonet package without having to care about other rules. This change does not
save much space but helps avoid installing unnecessary scripts and rules.
Peter Marko [Sat, 6 Dec 2025 10:12:30 +0000 (11:12 +0100)]
sqlite: upgrade 3.51.0 -> 3.51.1
>From https://sqlite.org/changes.html
2025-11-28 (3.51.1)
1. Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release.
2. Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 25 Nov 2025 22:52:57 +0000 (23:52 +0100)]
sqlite3: upgrade 3.50.4 -> 3.51.0
Handles CVE-2025-7709.
Drop commit included in this release.
Refresh and rename the other patch.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 13 Oct 2025 07:08:46 +0000 (09:08 +0200)]
sqlite3: upgrade 3.48.0 -> 3.50.4
Handle CVE-2025-3277, CVE-2025-29087 and CVE-2025-29088.
This update includes major change in how it is built.
Instead of autotools, autosetup is used.
Autosetup (https://msteveb.github.io/autosetup/) claims to be
* Replacement for autoconf in many situations
However it also claims NOT to
* Intended to replace all possible uses of autoconf
This means that some autoconf features are not available.
Recipe changes:
* stop inheriting autotools and define B, do_configure and do_install
* add patch to disable zlib as autosetup cannot be preconfigured like
autotools to force function calls
* update packageconfig options to match new syntax
* libedit is detected with ncurses linking options (as seen in
do_configure log)
* backport rpaths fix
* define soname to avoid file-rdeps QA error due to wrong library name
* clean B for do_configure as the new Makefiles do not seem to properly
retrigger build if configuration changes
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 4 Dec 2025 16:18:20 +0000 (16:18 +0000)]
gcc: fix bad-mapper-3.C test failures on some hosts
This test tries to open an IPv6 socket to 'localhost', but some distros
(such as ubuntu 24.04) only have an IPv4 address for localhost and use
ip6-localhost for ::1. This means the lookups fail in a way that the
test was not expecting, and the test fails.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 4 Dec 2025 16:18:18 +0000 (16:18 +0000)]
binutils-testsuite: fix ld tests that check for enable_libctf
The ld tests expect that the Makefile is being used and has written to
ld/enabling.exp. As we don't do that, manually write the file with the
right content.
This fixes the ld/testsuite/ld-ctf/ctf.exp tests.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Wed, 26 Nov 2025 01:41:45 +0000 (17:41 -0800)]
binutils: Upgrade to 2.45.1 release
Regenerate ld/configure
Brings following changes
* e3a18893e1c LoongArch: Use more appropriate assertions for the relocation of TLS LE
* b136efd10a7 Re: dlltool memory leaks
* b4bde11f310 ld: Don't use -mdirect-extern-access for LoongArch
* ab776bc8685 lto: Set plugin_format to bfd_plugin_no only if known_used is set
* cec7ab85f24 aarch64: gas: Allow movprfx with fmmla and bfscale [PR gas/33562]
* 0b040187894 aarch64, gas: Relax Armv9.6-A mandatory feature set
* 4df2be75910 i386: Add GLIBC_ABI_GNU_TLS version dependency
* 71c1de4b0c8 x86-64: Add GLIBC_ABI_DT_X86_64_PLT version dependency
* b0fe5c23780 x86: Add GLIBC_ABI_GNU2_TLS version dependency
* d5945a221ff x86: Copy non_got_ref_without_indirect_extern_access
There's been an intermittent build fail that looks like a race:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=16000
While I can't say for sure if this is fixing the issue,
there's no harm in adding a backport that rearranges the
faulty code, and someone can then try to add a real fix on top
of it. Or the race goes away and we're good.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport qemu patch relaxing size requirements on sdcard sizes, allowing
to use sizes that are not powers of 2, as long as they are above the
SDSC max capacity (2GiB).
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ankur Tyagi [Fri, 28 Nov 2025 06:18:50 +0000 (19:18 +1300)]
liburcu: upgrade 0.15.3 -> 0.15.5
v0.15.5
* x86: Define cmm_smp_mb() as lock; addl rather than mfence
* Introduce barrier test
* Add test_uatomic to gitignore
* Cleanup: Remove stray space
* benchmark: Add uatomic benchmark
v0.15.4
* uatomic: Fix redundant memory barriers for atomic builtin operations
* Cleanup: Remove useless declarations from urcu-qsbr
* src/urcu-bp.c: assert => urcu_posix_assert
* ppc.h: improve ppc64 caa_get_cycles on Darwin
Zhang Peng [Wed, 26 Nov 2025 03:19:10 +0000 (11:19 +0800)]
libpng: upgrade 1.6.50 -> 1.6.51
Changes from version 1.6.50 to version 1.6.51
- Fixed CVE-2025-64505 (moderate severity): Heap buffer overflow in `png_do_quantize`
via malformed palette index. (Reported by Samsung; analyzed by Fabio Gritti.)
- Fixed CVE-2025-64506 (moderate severity): Heap buffer over-read in `png_write_image_8bit`
with 8-bit input and `convert_to_8bit` enabled.
(Reported by Samsung and weijinjinnihao@users.noreply.github.com; analyzed by Fabio Gritti.)
- Fixed CVE-2025-64720 (high severity): Buffer overflow in `png_image_read_composite` via
incorrect palette premultiplication. (Reported by Samsung; analyzed by John Bowler.)
- Fixed CVE-2025-65018 (high severity): Heap buffer overflow in `png_combine_row` triggered
via `png_image_finish_read`. (Reported by yosiimich@users.noreply.github.com.)
- Fixed a memory leak in `png_set_quantize`. (Reported by Samsung; analyzed by Fabio Gritti.)
- Removed the experimental and incomplete ERROR_NUMBERS code. (Contributed by Tobias Stoeckmann.)
- Improved the RISC-V vector extension support; required RVV 1.0 or newer. (Contributed by Filip Wasil.)
- Added GitHub Actions workflows for automated testing.
- Performed various refactorings and cleanups.
Jiaying Song [Thu, 4 Dec 2025 06:00:53 +0000 (14:00 +0800)]
icu: exclude debug files from ptest execution
When EXTRA_IMAGE_FEATURES contains dbg-pkgs, a .debug directory is
created containing debug symbol files that cannot be executed, causing
ptest failures such as:
/usr/lib64/icu/ptest/run-ptest: line 7: ././.debug/cintltst: cannot execute binary file: Exec format error
FAIL: ./.debug/cintltst
Modify run-ptest script to skip .debug directory files during test
execution.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Thu, 4 Dec 2025 06:44:27 +0000 (06:44 +0000)]
coreutils: upgrade from 9.7 to 9.9
0001-sort-fix-buffer-under-read-CWE-127.patch is dropped as it has
been in version 9.9.
Adapt to upstream change about chcon and runcon:
https://gitweb.git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commit;h=8ba47d09a33f0740e071a8394f3504e0fb57948e
They are not built unless selinux is available.
Changqing Li [Thu, 4 Dec 2025 01:55:41 +0000 (09:55 +0800)]
shadow: disable econf
When libeconf is installed on the host and GCC from extended buildtools
is used, the host’s libeconf is detected and -DUSE_ECONF=1 gets enabled.
However, the buildtools GCC cannot see the host header files, causing
the shadow-native do_compile fail with error:
../../shadow-4.17.3/lib/getdef.c:22:10: fatal error: libeconf.h: No such file or directory
This patch disable econf to workaround above issue.
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Quentin Schulz [Wed, 3 Dec 2025 11:32:31 +0000 (12:32 +0100)]
python3-sphinxcontrib-svg2pdfconverter: add new recipe
This will be a dependency for building the Yocto docs soon, so let's add
a recipe for it.
This does SVG to PDF (or PNG) conversion for images used in Sphinx
projects.
It exposes three different Sphinx extensions, each using a different
tool for the conversion:
- cairosvg, a Python module with no available recipe,
- inkscape, only available in seemingly unmaintained 3rd party layer,
- rsvg-convert,
Adam Duskett [Wed, 3 Dec 2025 15:02:51 +0000 (16:02 +0100)]
rpm selftests: use sha256 keys
rpm selftests: use sha256 keys
Starting with RHEL9, the SHA-1 algorithm for signatures in general
and RPM package signatures specifically has been deprecated. [1]
As such, Yocto should follow suit and replace the ancient selftest signing
keys which are currently SHA1 with sequoia-compatible sha256 RSA4096 keys.
If someone runs `sq inspect ./key.secret` the output shows:
```
Invalid: No binding signature at time 2025-12-02T14:15:19Z: Policy rejected
non-revocation signature (PositiveCertification) requiring second pre-image
resistance, because SHA1 is not considered secure
```
And while there are instructions on how to update SHA1 key files to SHA256[2],
unfortuantly, the key files are 10 years old and gnupg refuses to update them.
As such, do the following:
- Add use_sha256=True to the detach_sign call in
meta/lib/oe/package_manager/rpm/__init__.py.
- Add new keys in meta-selftest/files/signing/ with RSA4096 encryption and SHA256.
The keys are generated with almost the same parameters as commit 6b9d22b:
gpg gpg --expert --full-generate-key the used input was:
- key: (8) RSA (set your own capabilities)
- key-size: 4096
- key-valid: 0
- Real Name: testuser
- Email address: testuser@email.com
- Comment: nocomment
- passphrase: test123
The public key and secret were then exported in armor format:
```
gpg --armor --export "$KEYID" > key.pub
gpg --output key.secret --armor --export-secret-key "$KEYID"
```
The output of `sq inspect key.secret` now shows a valid key:
```
key.secret: Transferable Secret Key.
lib_package.bbclass: Use += to add to PACKAGE_BEFORE_PN
The bash-completion bbclass recently started to use PACKAGE_BEFORE_PN to
add the ${PN}-bash-completion package. This meant that a recipe, e.g.,
proj in meta-oe, that inherits both bash-completion and lib_package
would fail since lib_package set PACKAGE_BEFORE_PN rather than added to
it.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Quentin Schulz [Wed, 3 Dec 2025 11:24:36 +0000 (12:24 +0100)]
recipetool: support PEP639-variant of license key in pyproject.toml
Python modules using PEP639-variant of the license key[1] are currently
returning Unknown as LICENSE when using recipetool create on them
because we try to parse the key as a dict but it is now an SPDX license
expression.
This adds support for PEP639-variant of the license key, though it does
not handle the newly added license-files key[2] as I couldn't find a
dual-licensed recipe which uses that mechanism yet.
During the last opkg update the application's ACL feature was
enabled by default, which requires acl recipe as a dependency,
however it wasn't enabled in the recipe, making compilation
fail when libacl wasn't in the sysroot.
This change adds a PACKAGECONFIG that makes acl an optional
dependency, and it is only enabled automatically if "acl"
is present in DISTRO_FEATURES.
It also enables xattr per default when the corresponding DISTRO_FEATURES
is enabled.
opkg: fix WITH_ACL and USE_ATTR being enabled per default
ENABLE_XATTR and ENABLE_ACL were both "no" per default in autoconf, and this default
value was mistakenly changed during the cmake migration. Change it back to OFF per default
Gyorgy Sarvari [Wed, 3 Dec 2025 09:09:19 +0000 (10:09 +0100)]
xeyes: upgrade 1.3.0 -> 1.3.1
License-Update: added new copyright line "Copyright (c) 2023 q3k"
Shortlog:
man page: fix warnings from `mandoc -T lint` and `groff -rCHECKSTYLE=10`
Improve man page formatting
meson: Add option to build with meson
Cast Xlib XID types to xcb types
Add unused attribute to unused parameters of callback functions
Fix 5 -Wuseless-cast warnings from gcc 14.1
Fix -Wcalloc-transposed-args warnings
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
