Samuli Piippo [Wed, 4 Feb 2026 06:42:05 +0000 (06:42 +0000)]
oe/utils: filter license packages
The packages_filter_out_system() function is used in PACKAGESPLITFUNCS
to filter out "system" packages (-dbg, -dev). The filtered packages
should include license packages (-lic) as well, when they are generated
with LICENSE_CREATE_PACKAGE = "1", otherwise the license packages will
get pulled into images unintentionally.
Peter Marko [Tue, 3 Feb 2026 22:40:22 +0000 (23:40 +0100)]
ffmpeg: ignore 10 CVEs
First group of CVEs got a bogus cpe update listing all tags since v7.0.
All CVEs were fixed in v7.0 except CVE-2025-22921 fixed in v8.0.
Second group has date CPE (2025-01-13) instead of version (v8.0).
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 3 Feb 2026 21:47:17 +0000 (22:47 +0100)]
libsndfile1: patch CVE-2025-56226
Pick patches from both PRs linked in issue mentioned in NVD report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 3 Feb 2026 21:11:42 +0000 (22:11 +0100)]
vim: upgrade 9.1.1683 -> 9.1.2128
Removes CVE-2025-66476 from CVE metrics.
It's fixed in 9.1.1947, but only affects Vim for Windows.
Rebased patches and resolved conflicts.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Mon, 2 Feb 2026 06:47:34 +0000 (14:47 +0800)]
qemu: fix regression for ppc64
The qemu upstream commit, fcac98d0 (linux-user: Remove ELF_HWCAP2),
accidently introduced a regression. It used get_elf_hwcap where
get_elf_hwcap2 should be used.
With recent qemu upgrade in Yocto (10.1.3 -> 10.2.0), qemuppc64 build
is basically broken. There are a lot of do_configure failures with error
message like below:
Fatal glibc error: CPU lacks ISA 3.00 support (POWER9 or later required)
Backport a patch to fix this issue.
Note that although the problem was only revealed for qemuppc64, some arm
and arm64 machines will also likely get the same issue, as in qemu source
we have:
linux-user/aarch64/target_elf.h:#define HAVE_ELF_HWCAP2 1
linux-user/arm/target_elf.h:#define HAVE_ELF_HWCAP2 1
linux-user/ppc/target_elf.h:#define HAVE_ELF_HWCAP2 1
Replaced 0001-restripe.c-Use-_FILE_OFFSET_BITS-to-enable-largefile.patch
with 0001-raid6check.c-restripe.c-Use-64-bit-off_t-across-both.patch as
partial changes from first patch are part of the upstream version[1].
Dropped patches that are part of upstream version
- xmalloc.patch [2]
- 0001-Makefile-install-mdcheck.patch [3]
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/files/layers.schema.json: use URI shortcut for some remotes
Among the three sources, only two have a single remote. So we can replace
their entire structure 'remote' -> 'origin' -> 'uri' with a shorter one
(property 'uri' only).
It is cauding package_qa and reproducibility issues:
ERROR: lib32-libconfig-1.8.2-r0 do_package_qa: QA Issue: File /usr/lib/libconfig/ptest/tests/libconfig_tests in package lib32-libconfig-ptest contains reference to TMPDIR [buildpaths]
ERROR: lib32-libconfig-1.8.2-r0 do_package_qa: QA Issue: /usr/lib/libconfig/ptest/tests/libconfig_tests contained in package lib32-libconfig-ptest requires /bin/bash, but no providers found in RDEPENDS:lib32-libconfig-ptest? [file-rdeps]
Peter Marko [Sat, 31 Jan 2026 14:53:06 +0000 (15:53 +0100)]
expat: upgrade 2.7.3 -> 2.7.4
Changelog [1]:
Security fixes:
#1131 CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
failed to copy the encoding handler data passed to
XML_SetUnknownEncodingHandler from the parent to the new
subparser. This can cause a NULL dereference (CWE-476) from
external entities that declare use of an unknown encoding.
The expected impact is denial of service. It takes use of
both functions XML_ExternalEntityParserCreate and
XML_SetUnknownEncodingHandler for an application to be
vulnerable.
#1075 CVE-2026-25210 -- Add missing check for integer overflow
related to buffer size determination in function doContent
Bug fixes:
#1073 lib: Fix missing undoing of group size expansion in doProlog
failure cases
#1107 xmlwf: Fix a memory leak
#1104 WASI: Fix format specifiers for 32bit WASI SDK
Other changes:
#1105 lib: Fix strict aliasing
#1106 lib: Leverage feature "flexible array member" of C99
#1051 lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX
#1109 lib|xmlwf: Return NULL instead of 0 for pointers
#1068 lib|Windows: Clean up use of macro _MSC_EXTENSIONS with MSVC
#1112 lib: Remove unused import
#1110 xmlwf: Warn about XXE in --help output (and man page)
#1102 #1103 WASI: Stop using getpid
... and additional docs/autotools/cmake/infrastructure changes
Pratik Farkase [Thu, 29 Jan 2026 08:30:47 +0000 (09:30 +0100)]
libconfig: add ptest support
Add ptest support to enable automated testing of libconfig
using ptest-runner.
The implementation uses libtool --mode=install to properly
install test binaries, avoiding issues with libtool wrapper
scripts. Tests are built via 'make check TESTS=' to compile
without running during the build phase.
The test suite includes 16 tests covering parsing, formatting,
binary/hex values, escaped strings, and various edge cases.
All tests pass successfully on qemux86-64 :
START: ptest-runner
BEGIN: /usr/lib/libconfig/ptest
[TEST] ParsingAndFormatting
parsing testdata/input_0.cfg
parsing testdata/input_1.cfg
parsing testdata/input_2.cfg
parsing testdata/input_3.cfg
parsing testdata/input_4.cfg
parsing testdata/input_5.cfg
parsing testdata/input_6.cfg
parsing testdata/input_7.cfg
[ OK ] ParsingAndFormatting
[TEST] ParseInvalidFiles
[ OK ] ParseInvalidFiles
[TEST] ParseInvalidStrings
[ OK ] ParseInvalidStrings
[TEST] BigInt1
[ OK ] BigInt1
[TEST] BigInt2
[ OK ] BigInt2
[TEST] BigInt3
[ OK ] BigInt3
[TEST] BigInt4
[ OK ] BigInt4
[TEST] BigInt5
[ OK ] BigInt5
[TEST] BigInt6
[ OK ] BigInt6
[TEST] BigInt7
[ OK ] BigInt7
[TEST] RemoveSetting
[ OK ] RemoveSetting
[TEST] EscapedStrings
[ OK ] EscapedStrings
[TEST] OverrideSetting
[ OK ] OverrideSetting
[TEST] SettingLookups
[ OK ] SettingLookups
[TEST] ReadStream
[ OK ] ReadStream
[TEST] BinaryAndHex
some auto big hex: 4294967296
some auto big bin: 8589934591
negativehex: -1430532899
[ OK ] BinaryAndHex
Ryan Eatmon [Fri, 23 Jan 2026 23:08:19 +0000 (17:08 -0600)]
lttng-modules: Fix CONFIG_TRACEPOINTS patch
The check for CONFIG_TRACEPOINTS is guarded by a check for
CONFIG_LOCALVERSION. But what happens if your .config has
CONFIG_LOCALVERSION="" ? Then the check never runs and you try and
build the module even though CONFIG_TRACEPOINTS is missing.
Update the guard to check for either CONFIG_LOCALVERSION or
CONFIG_LOCALVERSION_AUTO.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ryan Eatmon [Tue, 27 Jan 2026 22:34:33 +0000 (16:34 -0600)]
uboot: Deprecate legacy UBOOT_CONFIG flow
Mark the legacy flow for settings the UBOOT_CONFIG options in a comma
separated list. This code will still work through wrynose, but will be
removed once wrynose is released.
Add warnings to point people in the right direction for fixing their
configs:
WARNING: Legacy use of UBOOT_CONFIG[foo] = "foo_config,foo_image,foo_binary" is deprecated. Please move to using UBOOT_CONFIG_* variables:
WARNING: UBOOT_CONFIG[foo] = "foo_config"
WARNING: UBOOT_CONFIG_IMAGE_FSTYPES[foo] = "foo_image"
WARNING: UBOOT_CONFIG_BINARY[foo] = "foo_binary"
WARNING: Legacy use of UBOOT_CONFIG[bar] = "bar_config,bar_image" is deprecated. Please move to using UBOOT_CONFIG_* variables:
WARNING: UBOOT_CONFIG[bar] = "bar_config"
WARNING: UBOOT_CONFIG_IMAGE_FSTYPES[bar] = "bar_image"
WARNING: Legacy use of UBOOT_CONFIG[bing] = "bing_config,,bing_binary" is deprecated. Please move to using UBOOT_CONFIG_* variables:
WARNING: UBOOT_CONFIG[bing] = "bing_config"
WARNING: UBOOT_CONFIG_BINARY[bing] = "bing_binary"
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 27 Jan 2026 18:36:41 +0000 (19:36 +0100)]
openssl: upgrade 3.5.4 -> 3.5.5
Resolved patch conflicts.
Release information [1]:
OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this release is High.
This release incorporates the following bug fixes and mitigations:
* Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. (CVE-2025-11187)
* Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467)
* Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID. (CVE-2025-15468)
* Fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB. (CVE-2025-15469)
* Fixed TLS 1.3 CompressedCertificate excessive memory allocation. (CVE-2025-66199)
* Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160)
* Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418)
* Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419)
* Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420)
* Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function. (CVE-2025-69421)
* Fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795)
* Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796)
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Leon Anavi [Fri, 23 Jan 2026 08:43:35 +0000 (10:43 +0200)]
python3-wcwidth: Upgrade 0.2.14 -> 0.3.1
Upgrade to release 0.3.1:
Add benchmarking using codspeed.io
improve width() performance
>From release 0.3.0:
- Migrate from setup.py + setuptools to pyproject.toml + hatchling
- Small improvements to update-tables.py and wcwidth-browser.py
- New: iter_graphemes()
- New: width() terminal-aware string measurement
- New: ljust(), rjust(), center() justify text
- New: wrap()
- improve wcswidth() performance ~30%
- New ambigous_width=1 argument
- New strip_sequences() and cut() functions
- Width 0 for Default_Ignorable_Code_Point characters
- Bugfix for Prepended_Concatenation_Mark characters
Fixes:
WARNING: python3-wcwidth-0.3.1-r0 do_check_backend: QA Issue:
inherits setuptools3 but has pyproject.toml with hatchling.build,
use the correct class [pep517-backend]
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Sun, 25 Jan 2026 16:22:41 +0000 (17:22 +0100)]
glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched
These were fixed with last hash update and start to appearing in CVE
reports.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jaeyoon Jung [Fri, 30 Jan 2026 10:09:15 +0000 (19:09 +0900)]
apt: Set gid to nogroup
Without --no-user-group, it tries to assign "_apt" gid which ends up
with an error as shown below when using static gid values and "_apt" is
not defined in USERADD_GID_TABLES.
| apt was skipped: Recipe apt, package apt: normal groupname "_apt" does not have a static ID defined.
Conventionally "_apt" does not have its own gid but rather uses
"nogroup". For that reason '_apt' gid is also removed from
meta-selftest/files/static-group.
Adrian Freihofer [Fri, 30 Jan 2026 07:52:32 +0000 (08:52 +0100)]
build-sysroots: Add sysroot tasks to default build and remove warning
Add both do_build_native_sysroot and do_build_target_sysroot to the
do_build dependency chain, allowing "bitbake build-sysroots" to populate
both sysroots automatically.
This is now safe to do since the previous commit added lockfiles to
serialize these tasks, preventing the race condition where they could
interfere with each other when run concurrently.
Remove the do_build_warn task which instructed users to call the tasks
explicitly, as this is no longer necessary. The warning was not clear.
For somebody who knwos about the race condition, it was obvious that
they should call the tasks explicitly, but for all other users this
was just confusing.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
can fail with errors like:
Exception: subprocess.CalledProcessError:
Command '.../tmp/sysroots/qemux86-64/usr/bin/postinst-base-passwd'
returned non-zero exit status 1.
Subprocess output:
.../tmp/sysroots/x86_64/usr/sbin/useradd
Running groupadd commands...
NOTE: cmake-example: Performing groupadd with
[--root ../tmp/sysroots/qemux86-64 --system cmake-example]
awk: error while loading shared libraries: libtinfo.so.5: cannot open
shared object file: No such file or directory
ERROR: cmake-example: groupadd command did not succeed.
The root cause is a race condition between do_build_target_sysroot and
do_build_native_sysroot. When run in parallel, do_build_target_sysroot
executes postinstall scripts (e.g., useradd) that invoke awk, while
do_build_native_sysroot is concurrently installing gawk-native into the
shared native sysroot (which is in PATH for do_build_target_sysroot).
Since sstate artifact installation is not atomic, awk binaries can be
installed before their dependent libraries. If do_build_target_sysroot
picks up the newly installed but incomplete awk, it fails with missing
library errors.
The situation is created by a mix of:
- gawk-native in ASSUME_PROVIDED (use host awk)
- glibc depending on gawk-replacement-native (builds gawk-native)
- Both tasks populating the same shared native sysroot directory
Fix this by adding a lockfile to both tasks, ensuring they cannot run
concurrently and avoiding the race condition where partially installed
native tools are accessed. While lockfiles are generally avoided in
BitBake due to performance concerns, this is acceptable here since these
tasks are not on a critical performance path.
[YOCTO #16135]
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Tue, 6 Jan 2026 16:03:33 +0000 (16:03 +0000)]
devtool: deploy: Reset PATH after strip_execs
We need to modify os.environ so that strip_execs() finds the correct
binaries to run. We shouldn't leave this modification in place for the
rest of the program execution though.
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Tue, 6 Jan 2026 16:03:32 +0000 (16:03 +0000)]
devtool: deploy: Run pseudo with correct PATH
When running FAKEROOTCMD (i.e. pseudo), we need to use the same PATH as
we would use if we were running inside bitbake instead of the host
environment's PATH. This ensures that we don't pick up any host
executables that may have problems with pseudo (such as the uutils
implementations of common system utilities used in Ubuntu 25.10).
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Mon, 26 Jan 2026 12:36:15 +0000 (13:36 +0100)]
busybox: fix a incomplete condition check
When deleting syslog sysvinit related config files, also check if
'systemd' is being enabled, after the change, it behaves same with the
check logic in rm_sysvinit_initddir.
${sysconfdir}/syslog.conf is also a sysvinit related config file, also
delete it.
Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Patrick Vogelaar [Sun, 25 Jan 2026 09:15:40 +0000 (10:15 +0100)]
openssh: add variable for key path
This patch adds a variable for the key directory path. This is especially
useful when working with a read-only file system where you want to
specify the location e.g. on a r/w partition. To be consistent, the
change was also done for the read write path.
For changing the path simply create a bbappend and override the
variable.
Signed-off-by: Patrick Vogelaar <patrick.vogelaar.dev@mailbox.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Dmitry Baryshkov [Fri, 23 Jan 2026 16:33:05 +0000 (18:33 +0200)]
linux-firmware: correct wil6210 dependency
The LICENSE.QualcommAtheros_ath10k is already packages as
linux-firmware-ath10k-license package, making OE skip
linux-firmware-qualcommatheros-ath10k-license (because it's now empty)
and thus making linux-firmware-wil6210 uninstallable.
Drop the duplicate licence package and use linux-firmware-ath10k-license
instead.
Trevor Gamblin [Fri, 23 Jan 2026 16:28:58 +0000 (11:28 -0500)]
qemurunner.py: replace 'codecs.open()' with 'open()'
With newer Python versions, codecs.open() is deprecated, leading to the
following warning:
|Stderr:
|/srv/pokybuild/tgamblin-qemux86/openembedded-core/meta/lib/oeqa/utils/qemurunner.py:133: DeprecationWarning: codecs.open() is deprecated. Use open() instead.
| with codecs.open(self.logfile + extension, "ab") as f:
Note that if we try to be explicit and make the 'errors' keyword
'strict' (as the codecs.open() call defaulted to), we see other
warnings:
|ValueError: binary mode doesn't take an errors argument
Theo GAIGE [Fri, 23 Jan 2026 10:46:49 +0000 (11:46 +0100)]
python3-pyelftools: add python3-logging to RDEPENDS
python3-logging is needed as a runtime dependency of python3-pyelftools
else the readelf.py script run into the following error :
```
Traceback (most recent call last):
File "/usr/bin/readelf.py", line 31, in <module>
from elftools.elf.elffile import ELFFile
File "/usr/lib/python3.12/site-packages/elftools/elf/elffile.py", line 29, in <module>
from ..dwarf.dwarfinfo import DWARFInfo, DebugSectionDescriptor, DwarfConfig
File "/usr/lib/python3.12/site-packages/elftools/dwarf/dwarfinfo.py", line 17, in <module>
from .structs import DWARFStructs
File "/usr/lib/python3.12/site-packages/elftools/dwarf/structs.py", line 10, in <module>
from logging.config import valid_ident
ModuleNotFoundError: No module named 'logging'
```
Signed-off-by: Theo GAIGE <tgaige.opensource@witekio.com> Reviewed-by: Louis Rannou <louis.rannou@non.se.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Randolph Sapp [Thu, 22 Jan 2026 19:50:00 +0000 (13:50 -0600)]
bitbake.conf: remove DEBUG_PREFIX_MAP from TARGET_LDFLAGS
Now that the previous bug affecting binary reproducibility has been
addressed [1], we can revert this patch. This will resolve issues with
cgo applications becoming unreprodcible.
Currently go considers link arguments to be sacred, meaning any change
should produce a different binary output. They ensure this by baking
link arguments into the intermediary output, changing the content ID of
that step. As such, the marco prefixes inadvertently end up adding build
paths to the output binary instead of removing them if they are passed
as link arguments to cgo applications.
These paths are later stripped out again, but at this point the content
ID of the dependency has changed and thus the build ID of the end
application will be affected by the cascade of hash changes. See the
upstream bug for more information [2].
Bruce Ashfield [Mon, 26 Jan 2026 15:23:49 +0000 (10:23 -0500)]
linux-yocto/6.12: update to v6.12.66
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
f6044d1fd846 Linux 6.12.66 9e3f8fa53348 bpf: test_run: Fix ctx leak in bpf_prog_test_run_xdp error path f8b406198778 ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback 47e676ce4d68 tpm2-sessions: Fix out of range indexing in name_size 42440155fe27 spi: cadence-quadspi: Prevent lost complete() call during indirect read 3762535fbbc0 scsi: sg: Fix occasional bogus elapsed time that exceeds timeout 0810c8e94d6b ASoC: fsl_sai: Add missing registers to cache default 1d2a10913089 ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL 8072299bf13f ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 44ed8fae346f ALSA: usb-audio: Update for native DSD support quirks ba6f0d1832ee can: j1939: make j1939_session_activate() fail if device is no longer registered 47206d70d1fb drm/amdkfd: Fix improper NULL termination of queue restore SMI event string 1c06d85c3d51 spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ f609041424d5 drm/amd/display: Fix DP no audio issue 9f6cf07687be ata: libata-core: Disable LPM on ST2000DM008-2FR102 14fa3d1927f1 netfilter: nf_tables: avoid chain re-validation if possible feb28b6827ec powercap: fix sscanf() error return value handling 3835d59f6999 powercap: fix race condition in register_control_type() 7b60aed82db1 net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant fb9ef40cccdb bpf: Fix reference count leak in bpf_prog_test_run_xdp() 6447e697cfa8 bpf, test_run: Subtract size of xdp_frame from allowed metadata size 6611a73b2991 bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN 0eb6e9d3b724 bpf: Make variables in bpf_prog_test_run_xdp less confusing 202c5b915e22 bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than 4K 5c647749bce3 btrfs: fix beyond-EOF write handling afbb57899612 btrfs: use variable for end offset in extent_writepage_io() a915072e5ac3 btrfs: truncate ordered extent when skipping writeback past i_size 7216d78ca34f btrfs: remove btrfs_fs_info::sectors_per_page ced5459df05a btrfs: add extra error messages for delalloc range related errors fb4fa3f9012b btrfs: subpage: dump the involved bitmap when ASSERT() failed 9ed14c3b787b btrfs: fix error handling of submit_uncompressed_range() fcc04c92cbb5 ALSA: ac97: fix a double free in snd_ac97_controller_register() 71138011dc01 ALSA: ac97bus: Use guard() for mutex locks 7388ba6e5ccd erofs: fix file-backed mounts no longer working on EROFS partitions d47b03775d55 erofs: don't bother with s_stack_depth increasing for now dd6ccec088ad arp: do not assume dev_hard_header() does not change skb->head de77d2cd178a net: enetc: fix build warning when PAGE_SIZE is greater than 128K 471dfb97599e net: usb: pegasus: fix memory leak in update_eth_regs_async() 43497313d0da net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset 3d67e8c22685 HID: quirks: work around VID/PID conflict for appledisplay 4969d6fa61af net: netdevsim: fix inconsistent carrier state after link/unlink d916df47a031 idpf: cap maximum Rx buffer size a4212d6732e3 idpf: fix memory leak in idpf_vport_rel() be3d31276199 idpf: keep the netdev when a reset fails 3264881431e3 net: fix memory leak in skb_segment_list for GRO packets 92ff65c660eb riscv: pgtable: Cleanup useless VA_USER_XXX definitions 1eeaaeceafcf btrfs: only enforce free space tree if v1 cache is required for bs < ps cases 6762937a8b45 vsock: Make accept()ed sockets use custom setsockopt() f1029391e604 bnxt_en: Fix potential data corruption with HW GRO/LRO 57f1dd8fa966 net: wwan: iosm: Fix memory leak in ipc_mux_deinit() 9e0f54294fae net/mlx5e: Don't print error message due to invalid module b71d08b96864 netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates 005671c60fcf net: sock: fix hardened usercopy panic in sock_recv_errqueue 50f65526b33d inet: ping: Fix icmp out counting 03fb1708b7d1 net: mscc: ocelot: Fix crash when adding interface under a lag 269c9283ff7f bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress 3950054c9512 net: marvell: prestera: fix NULL dereference on devlink_alloc() failure 26a82dce2bee netfilter: nf_conncount: update last_gc only when GC has been performed e1a436981ac9 netfilter: nf_tables: fix memory leak in nf_tables_newrule() cdafa52ad39b gpio: pca953x: handle short interrupt pulses on PCAL devices d4f333a0155d gpio: pca953x: Add support for level-triggered interrupts dd42e23b6d9e netfilter: nft_synproxy: avoid possible data-race on update operation 16b4508e8717 netfilter: nft_set_pipapo: fix range overlap detection b397bb9c34ac arm64: dts: mba8mx: Fix Ethernet PHY IRQ support 97fdde3189b6 arm64: dts: imx8qm-ss-dma: correct the dma channels of lpuart 35b38dd6a792 arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics i.MX8M Plus DHCOM 88d60cff3000 ARM: dts: imx6q-ba16: fix RTC interrupt level 3e458210ee2c arm64: dts: add off-on-delay-us for usdhc2 regulator 06b1dfa40090 crypto: qat - fix duplicate restarting msg during AER error 8f6afb166402 arm64: dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings 75e2bc2985f4 drm/amd/display: Apply e4479aecf658 to dml 163df8d79a0d drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files 582ba48e4a4c btrfs: fix NULL dereference on root when tracing inode eviction ec3695dd0acd btrfs: tracepoints: use btrfs_root_id() to get the id of a root 53df7a4c3a56 btrfs: qgroup: update all parent qgroups when doing quick inherit b9b19fecad7d btrfs: fix qgroup_snapshot_quick_inherit() squota bug dedec6e6b421 scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" 496ca70a15f4 scsi: ufs: core: Fix EH failure after W-LUN resume error f373695d62e0 scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset 261233f765d2 smb/client: fix NT_STATUS_NO_DATA_DETECTED value 596d1b968660 smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value b1dd68601676 smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value e83af97d5c39 drm/amd/display: shrink struct members a8559efcd576 NFS: Fix up the automount fs_context to use the correct cred 71029266093b ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) e1df03e293a0 NFSv4: ensure the open stateid seqid doesn't go backwards 6a1099604b0c dm-snapshot: fix 'scheduling while atomic' on real-time kernels f002df3a3305 alpha: don't reference obsolete termio struct for TC* constants 1b645cd729ef ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels 7010683101b5 csky: fix csky_cmpxchg_fixup not working 32dc49f49ea0 drm/xe: Ensure GT is in C0 during resumes e724d0261b7c drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally f09cd209359a tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). 6f468f6ff233 libceph: make calc_target() set t->paused, not just clear it e94075e950a6 libceph: reset sparse-read state in osd_fault() d2c4a5f69966 libceph: return the handler error from mon_handle_auth_done() c4c2152a858c libceph: make free_choose_arg_map() resilient to partial allocation 6c6cec3db3b4 libceph: replace overzealous BUG_ON in osdmap_apply_incremental() 2802ef3380fa libceph: prevent potential out-of-bounds reads in handle_auth_done() f94f95b81736 wifi: mac80211: restore non-chanctx injection behaviour 024f71a57d56 wifi: avoid kernel-infoleak from struct iw_point fcb7500bfa24 pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping 321e17ff3142 gpio: rockchip: mark the GPIO controller as sleeping 7500ab83bad2 drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] bc96db7051cc drm/pl111: Fix error handling in pl111_amba_probe 90b4b130a20d drm/amdgpu: Fix query for VPE block_type and ip_count 49a66829dd36 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag c61440f1e741 counter: 104-quad-8: Fix incorrect return value in IRQ handler 196e8fd7424b lib/crypto: aes: Fix missing MMU protection for AES S-box 97130283b83f mei: me: add nova lake point S DID 0c2413c69129 btrfs: always detect conflicting inodes when logging inode refs 8b402146e3a8 arm64: Fix cleared E0POE bit after cpu_suspend()/resume() 2f05f7737e16 net: 3com: 3c59x: fix possible null dereference in vortex_probe1() 1320d94a4df1 atm: Fix dma_free_coherent() size 3f5d7f3865c6 NFSD: Remove NFSERR_EAGAIN 8c1cf63ed465 NFSD: net ref data still needs to be freed even if net hasn't startup d95499900fe5 nfsd: check that server is running in unlock_filesystem 03c68f94fad1 nfsd: use correct loop termination in nfsd4_revoke_states() ba4811c8b433 nfsd: provide locking for v4_end_grace 6b7ad17f4dd5 NFSD: Fix permission check for read access to executable-only files
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 22 Jan 2026 15:34:38 +0000 (15:34 +0000)]
gpgme: ensure manpage generation is deterministic
In a similar way to the previous commits with pod2man, gpgme will not
generate manpages on a clean build but will on rebuilds due to
do_package -> rpm-native -> ... -> libgpg-error-native, where the
libgpg-error-native recipe provides the yat2m tool.
To ensure that we generate manpages deterministicly, depend on this
recipe.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 22 Jan 2026 15:34:34 +0000 (15:34 +0000)]
perl: provide pod2man
Many recipes uses pod2man to generate manpages from an almost
human-readable source format, which is part of the perl recipe.
This means that we have recipes that don't install manpages, or more
accurately don't install manpages if built from clean but _do_ if they
are a rebuild (because do_package -> rpm-native -> perl-native means the
sysroot now has pod2man in).
The obvious fix here is to DEPEND on perl-native but that an often look
like a redundant dependency that can be removed as removing it doesn't
cause problems (I'm fairly confident I'm responsible for patches like
this).
So, add a PROVIDES of pod2man to perl, so that recipes can DEPEND on
pod2man-native and this dependency is both obvious as to it's purpose
and easily removed if the manpages change source format.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
453e6b8dba (HEAD, origin/release/2.42/master) resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915) b0ec8fb689 memalign: reinstate alignment overflow check (CVE-2026-0861) f122d0b4d1 nptl: Optimize trylock for high cache contention workloads (BZ #33704) a1d3294a5b support: Exit on consistency check failure in resolv_response_add_name 8dfb84ad4e support: Fix FILE * leak in check_for_unshare_hints in test-container 2a0873aa81 sprof: fix -Wformat warnings on 32-bit hosts efdf4c0c87 sprof: check pread size and offset for overflow b11411fe2e posix: Fix invalid flags test for p{write,read}v2 8aaf4b732d ppc64le: Power 10 rawmemchr clobbers v20 (bug #33091) 2dbf973fe0 ppc64le: Restore optimized strncmp for power10 6b2957cfe8 ppc64le: Restore optimized strcmp for power10 828b8d23f3 AArch64: Fix and improve SVE pow(f) special cases 710d7a2e83 AArch64: fix SVE tanpi(f) [BZ #33642] 0c9430ed97 AArch64: Fix instability in AdvSIMD sinh ec041b1f53 AArch64: Fix instability in AdvSIMD tan 97297120ce AArch64: Optimise SVE scalar callbacks 17c3eab387 aarch64: fix includes in SME tests de1fe81f47 aarch64: fix cfi directives around __libc_arm_za_disable bf499c2a49 x86: fix wmemset ifunc stray '!' (bug 33542) 71874f167a aarch64: tests for SME 256030b984 aarch64: clear ZA state of SME before clone and clone3 syscalls 6de12fc9ad aarch64: define macro for calling __libc_arm_za_disable ab8c1b5d62 x86: Detect Intel Nova Lake Processor bf48b17a28 x86: Detect Intel Wildcat Lake Processor 18fd689cdc nptl: Fix MADV_GUARD_INSTALL logic for thread without guard page (BZ 33356) 46b4e37c9e nss: Group merge does not react to ERANGE during merge (bug 33361) 1166170d95 libio: Define AT_RENAME_* with the same tokens as Linux
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
mark.yang [Thu, 22 Jan 2026 05:51:43 +0000 (14:51 +0900)]
lto.inc: add clang specific LTO configuration
This commit adds support for Clang-specific LTO options.
1. -fuse-linker-plugin is not supported by Clang.
2. -ffat-lto-objects is used to ensure that object files (.o) are generated as ELF
even when LTO is applied. During the dwarfsrcfiles process, if LTO is used
with the Clang toolchain, static library object files are skipped if they are
LLVM bitcode instead of ELF. Therefore, it is recommended to add this to
LTOEXTRA if necessary.
3. Adding 'thin-lto' to DISTRO_FEATURES enables -flto=thin.
Tim Orling [Wed, 21 Jan 2026 21:07:19 +0000 (13:07 -0800)]
oeqa/runtime: Update tests for maturin
* The output from maturin has changed in newer releases.
* Bump guessing-game version to 0.3.0
* Update to abi3 Python3 >= 3.9 support.
NOTE: The "maturin develop" step builds around 45 crates
and needs enough RAM to run. You will also probably want
the performance of KVM. For QEMU/testimage, you will
want the following in local.conf (or a similar .conf file):
QEMU_USE_KVM = 'True'
QB_MEM = '-m 2048'
Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
pyproject.toml:
* restrict maturin to >=1.7 to ensure PyO3 27.0+ and python 3.13+ support
src/lib.rs:
* rand 0.9 API change: rand::thread_rng() was removed. Use rand::rng() or
the convenience function rand::random_range().
* PyO3 0.27 has breaking API changes from 0.21. The #[pymodule] function
signature changed from fn module_name(py: Python, m: &PyModule) to
fn module_name(m: &Bound<'_, PyModule>).
* 1.11.5
- Allow combining --compatibility pypi with other --compatibility values (#2928)
* 1.11.4
- Support armv6l and armv7l in pypi compatibility (#2926)
- Improve the reliability of maturin's own CI
* 1.11.3
- Fix manylinux2014 compliance check (#2922)
* 1.11.2
- Fix failed release
* 1.11.1
- Fix compiled artifacts being excluded by source path matching (#2910)
- Better error reporting for missing interpreters (#2918)
- Ignore unreadable excluded directories (#2916)
* 1.11.0 - Yanked
- Note: This release was yanked to a regression: #2909
- Refactor ModuleWriter to be easier to implement and use
- Add Android cross compilation support, fix wheel tags for Android
- Update generate-ci to macos-15-intel and add windows arm support
- Deprecate 'upload' and 'publish' CLI commands
Ulrich Ölmann [Fri, 16 Jan 2026 11:56:19 +0000 (12:56 +0100)]
initramfs-framework: add handover of PID 1's arguments
Although many PID 1 programs parse /proc/cmdline, let's follow the standard
convention and forward the command-line arguments received from the kernel to
the next PID 1 program.
Ricardo Ungerer [Tue, 20 Jan 2026 19:47:21 +0000 (19:47 +0000)]
yocto-check-layer: Fix README email check
So far the test_readme have been use of re.match to find an email
address in the README file. This only matches if the email address
is at the start of the file. This commit changes this to re.search to
find email addresses anywhere in the README file.
Signed-off-by: Ricardo Ungerer <ungerer.ricardo@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ricardo Ungerer [Tue, 20 Jan 2026 19:47:20 +0000 (19:47 +0000)]
yocto-check-layer: Add messages in test_readme assertions
Assertions in test_readme does not provide context message when they
fail. Which leads to errors like:
File "/media/workspace/yocto_master/openembedded-core/scripts/lib/checklayer/cases/common.py", line 41, in test_readme
self.assertTrue(email_regex.match(data))
AssertionError: None is not true
This patch adds context messages to the assertions to help identify the
issue when they fail.
Signed-off-by: Ricardo Ungerer <ungerer.ricardo@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Thu, 15 Jan 2026 02:19:17 +0000 (10:19 +0800)]
systemd: do not let do_fetch depend on PACKAGECONFIG
It's unnecessary to make SRC_URI contains something like:
${@bb.utils.contains('PACKAGECONFIG', 'xxx', 'file://xxx', '', d)}
This does not give us any benefit and it makes do_fetch depend
on PACKAGECONFIG, which means changing of PACKAGECONFIG will result
in rerunn of do_fetch.
Besides, the related codes in do_install already does the necessary
checks.
Peter Marko [Thu, 15 Jan 2026 00:24:20 +0000 (01:24 +0100)]
libpng: upgrade 1.6.53 -> 1.6.54
Handles CVE-2026-22695 and CVE-2026-22801.
License-Update: copyright years refreshed
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Thu, 15 Jan 2026 23:50:40 +0000 (00:50 +0100)]
go: upgrade 1.25.5 -> 1.25.6
Upgrade to latest 1.25.x release [1]:
$ git --no-pager log --oneline go1.25.5..go1.25.6 69801b25b9 (tag: go1.25.6) [release-branch.go1.25] go1.25.6 9d497df196 [release-branch.go1.25] archive/zip: reduce CPU usage in index construction afa9b66ac0 [release-branch.go1.25] net/url: add urlmaxqueryparams GODEBUG to limit the number of query parameters 2526187481 [release-branch.go1.25] cmd/go/internal/work: sanitize flags before invoking 'pkg-config' 082365aa55 [release-branch.go1.25] cmd/go: update VCS commands to use safer flag/argument syntax 4be38528a6 [release-branch.go1.25] crypto/tls: don't copy auto-rotated session ticket keys in Config.Clone 525dd85363 [release-branch.go1.25] crypto/tls: reject trailing messages after client/server hello ddcf27fc8c [release-branch.go1.25] Revert "errors: optimize errors.Join for single unwrappable errors" 14f50f6e3e [release-branch.go1.25] cmd/compile: handle propagating an out-of-range jump table index 4e531b2f14 [release-branch.go1.25] runtime: mark getfp as nosplit 6f07a57145 [release-branch.go1.25] runtime/race: set missing argument frame for ppc64x atomic And/Or wrappers ea603eea37 [release-branch.go1.25] os: allow direntries to have zero inodes on Linux 93f5d1c27e [release-branch.go1.25] os,internal/poll: don't call IsNonblock for consoles and Stdin d5bfdcbc47 [release-branch.go1.25] crypto/tls: use inner hello for earlyData when using QUIC and ECH
Fixes CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731,
CVE-2025-68119 and CVE-2025-61730.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dmitry Baryshkov [Thu, 15 Jan 2026 21:26:40 +0000 (23:26 +0200)]
mesa: drop VDPAU remnants
Mesa 25.3.x dropped support for VDPAU. Commit 88e26a937549 ("mesa:
upgrade 25.2.5 -> 25.3.1") has dropped most of VDPAU-related items,
but it didn't drop mesa-vdpau-drivers package (nor did it drop VDPAU
bits from mesa-dev). Drop those remnants.
Kai Kang [Thu, 15 Jan 2026 07:54:36 +0000 (15:54 +0800)]
qemu: 10.1.3 -> 10.2.0
Upgrade qemu from 10.1.3 to 10.2.0:
* remove backported 0012 patch
* update context for patches 0002 and 0010
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ' is stripped from the ID later in distro_identifier with:
# Filter out any non-alphanumerics and convert to lowercase
distro_id = re.sub(r'\W', '', distro_id).lower()
but not from version which results in a weird NATIVELSBSTRING like:
NATIVELSBSTRING = "gentoo-'2.18'"
And similarly the directory name in sstate-cache:
oe-core $ ls -d sstate-cache/gentoo-*
"sstate-cache/gentoo-'2.18'" sstate-cache/gentoo-2.18
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
