Bruce Ashfield [Thu, 30 Oct 2025 17:12:18 +0000 (13:12 -0400)]
linux-yocto/6.17: fix rdinit boot warning
Integrating the following commit(s) to linux-yocto/6.17:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: boot: only emit rdinit warning on initramfs boot
Date: Mon, 27 Oct 2025 09:47:05 -0400
commit 98aa4d5d242d3a73 [init/main.c: add warning when file specified in
rdinit is inaccessible] promoted a long time check to be visible on
boot.
The issue is that it is always issued even when an initramfs boot is
not used.
To avoid needing to completely disable CONFIG_BLK_DEV_INITRD and not
have the warning issues when an initramfs isn't used, we add checks for
the existence and size of an initramfs before allowing the warning
to be generated.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Thu, 30 Oct 2025 17:12:17 +0000 (13:12 -0400)]
linux-yocto/6.17: unify qemumips (malta) branches
The 6.17+ kernel cache is using a single branch for the mti malta
machines, which are what qemumips* emulate. We update our branch
specification to make them buildable.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lib/crypto: arm/sha1: Migrate optimized code into library
Instead of exposing the arm-optimized SHA-1 code via arm-specific
crypto_shash algorithms, instead just implement the sha1_blocks()
library function. This is much simpler, it makes the SHA-1 library
functions be arm-optimized, and it fixes the longstanding issue where
the arm-optimized SHA-1 code was disabled by default. SHA-1 still
remains available through crypto_shash, but individual architectures no
longer need to handle it.
To match sha1_blocks(), change the type of the nblocks parameter of the
assembly functions from int to size_t. The assembly functions actually
already treated it as size_t.
Dmitry Baryshkov [Tue, 28 Oct 2025 22:34:24 +0000 (00:34 +0200)]
linux-firmware: drop catch-all QCA package
With the linux-firmware now being an empty package there is no need in
the catch-all ${PN}-qca-misc package since developers will have to
package all firmware separately. Drop useless packages now.
Update the sed replacement rule to strictly match '/usr/bin/python'
(with no trailing characters)
The previous sed rule was too broad and could incorrectly change Python
shebangs such as in
/lib/modules/6.16.11-yocto-standard/build/scripts/macro_checker.py from
'#!/usr/bin/python3' to '#!/usr/bin/env python33'.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enrico Jörns [Tue, 28 Oct 2025 07:32:48 +0000 (08:32 +0100)]
barebox: upgrade 2025.08.0 -> 2025.09.0
Changes in 2025.09.0
--------------------
* Added support for SoCFPGA Agilex5 and Rockchip RK3576
* Added structured I/O support for shell commands
* Added support for booting signed Rockchip images
* Support for adding device tree overlay (.dtbo) files to FIT images
* New 'bfetch' eyecandy tool for displaying logo and system information
(similar to 'neofetch')
* Several other fixes and improvements
rust-target-config: Fix ABI override for powerpc64le target
Ensure the powerpc64le check is exclusive by using `elif`, preventing the
powerpc64 condition from overriding it. This keeps the ABI as elfv2 for
PPC64LE and fixes related build failures.
Khem Raj [Mon, 27 Oct 2025 23:39:29 +0000 (16:39 -0700)]
binutils-cross-canadian: Do not install bdf-plugins
for SDK they are provided via nativesdk-binutils
latest binutils have started to build libdep plugin
as static library libdep.a which is then reported via build QA
Khem Raj [Mon, 27 Oct 2025 23:39:28 +0000 (16:39 -0700)]
classes/toolchain/clang: Add placeholder for dynamic linker in cross-canadian packages
clang-cross-canadian is just symlinking into nativesdk-clang unlike gcc which
has separate binaries and they have inbuilt dynamic linker specs. To help clang
built cross-canadian binaries add it via cmdline option here, cross-canadian
binaries are only usable on installed SDKs, and these paths get re-written with
correct SDK specific linker during SDK install relocation process.
This helps clang built cross-canadian tools e.g. from binutils-cross-canadian
be relocated correctly on SDK install.
Randolph Sapp [Mon, 27 Oct 2025 23:19:19 +0000 (18:19 -0500)]
x11-volatiles: register x11 volatile directories
Add a volatiles entry for popular x11 and adjacent utilities. This is
designed to mimic the systemd tmpfiles.d entries and prevent any one
user from creating these directories with permissions that may
negatively impact multi-user environments.
Ross Burton [Mon, 27 Oct 2025 22:49:05 +0000 (22:49 +0000)]
python3-urllib3: remove rust dependency
python3-cryptography (and thus, rust-native) is only needed by the
urllib3.contrib.pyopenssl module, which is not recommended for use up
the urllib3 upstream maintainers:
Module for using pyOpenSSL as a TLS backend. This module was relevant
before the standard library ssl module supported SNI, but now that
we've dropped support for Python 2.7 all relevant Python versions
support SNI so **this module is no longer recommended**.
Add a PACKAGECONFIG to control whether this module is shipped, and
disable it by default.
This removes rust-native from the default build of urllib3, which is in
the dependencies of other common modules such as requests and sphinx.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 27 Oct 2025 21:38:00 +0000 (22:38 +0100)]
lz4: patch CVE-2025-62813
Pick commit mentioned in NVD report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 27 Oct 2025 20:56:49 +0000 (21:56 +0100)]
oe-selftest: fitimage: test absent optional nodes in ITS files
Extend the test framework to verify that certain optional nodes are properly
absent from ITS files based on configuration. The _get_req_its_paths()
method now returns a tuple containing both expected and not-expected
paths, enabling negative testing of conditional components.
Test improvements:
- Add verification for absent bootscr, setup, and ramdisk image nodes
when their respective features are disabled
- Extend configuration node testing with proper kernel/fdt/ramdisk
field validation based on device tree and initramfs settings
Code cleanup:
- Remove unused tempfile module import
- Sort bb_vars keys alphabetically in _test_fitimage_py()
- Add debug output for bb_vars overrides when debug logging is enabled
- Remove trailing empty line
- Fix DTB file ordering for consistent test results
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 27 Oct 2025 20:56:48 +0000 (21:56 +0100)]
Revert "kernel-fit-image: control kernel section with FIT_LINUX_BIN"
This reverts the commit (Oe-core 0d17c4fb514f0b9f2117a844cdf00ed52631380a)
which recently introduced the FIT_LINUX_BIN variable to control kernel
section inclusion in FIT images.
The original change aimed to provide flexibility by:
- Enabling FIT images without kernel sections for specific use cases
by setting FIT_LINUX_BIN to an empty value.
- Supporting alternative kernel binary filenames instead of hardcoding
"linux.bin" in multiple places.
However, the current implementation is incomplete. The filename
customization is not implemented - the code still hardcodes "linux.bin"
and doesn't actually use the variable in a consistent way.
There is also no test coverage for this new functionality.
Rather than completing the partial implementation, Qualcomm decided to
develop a solution that better aligns with their specific requirements
and may be independent of the kernel-fit-image class.
The revert restores the previous consistent behavior with unconditional
kernel section inclusion. This saves us from adding test coverage,
documentation and maintenance for this new but currently known to be
unused and incomplete feature. This feature can be reintroduced later
if there is a clear need and a complete implementation.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gyorgy Sarvari [Mon, 27 Oct 2025 20:22:39 +0000 (21:22 +0100)]
tar: use diffutils for ptest instead of busybox
A testcase (sparse03) sometimes times out on the AB, in qemu (without kvm):
the test generates an 8GB sparse file, tars it, untars it, and then
it compares the two versions with cmp.
This process, going through 16GB of data (using one thread, with cmp) takes some
time anyway, but when there is extra load on the host machine, and qemu
can't use its core exclusively, then it can take more than 5 minutes easily
(which is the default ptest timeout).
However the full version of cmp from diffutils seems to be more efficient than
the busybox version:
When using busybox on my idle machine (w/ qemuriscv64) the test case execution
takes 150s, and it almost always times out when there is extra load.
Using diffutils, my idle machine executes the same testcase in 55s, and it
never times out even if there is high load on the host system (execution
always stayed under 3 minutes).
Due to this switch to diffutils when running ptest.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
core-image-weston: Add wayland as required feature.
Signed-off-by: Walter Werner SCHNEIDER <contact@schnwalter.eu> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Zhang Peng [Mon, 27 Oct 2025 06:09:15 +0000 (14:09 +0800)]
avahi: fix CVE-2024-52615
CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
Zhang Peng [Mon, 27 Oct 2025 06:09:14 +0000 (14:09 +0800)]
avahi: fix CVE-2024-52616
CVE-2024-52616:
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs
randomly only once at startup, incrementing them sequentially after that. This
predictable behavior facilitates DNS spoofing attacks, allowing attackers to
guess transaction IDs.
Peter Tatrai [Mon, 27 Oct 2025 10:29:00 +0000 (11:29 +0100)]
oeqa/selftest/rust: strip debug symbols from test binaries
Strip debug symbols from test binaries using RUSTFLAGS='-C strip=debuginfo'
to reduce binary sizes from 300+ MB to ~140 MB.
This is especially critical for PowerPC mac99 which has a hardcoded 768MB
RAM limit in QEMU. Without stripping, test binaries uploaded to /tmp (tmpfs)
cause 'No space left on device' errors during test execution.
The size reduction also benefits all other architectures by reducing
memory pressure and upload times during testing.
Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 27 Oct 2025 16:58:48 +0000 (16:58 +0000)]
elfutils: Do not suppress stringop-overflow warning on build hosts
stringop-overflow is a gcc specific option and when we try to use non-gcc
compiler as host compiler e.g. clang, this causes several configure tests to fail
because clang reports this as an option it does not understand and bails out
error: unknown warning option '-Werror=stringop-overflow'; did you mean '-Werror=shift-overflow'? [-Werror,-Wunknown-warning-option]
One of the failing tests is the check for PIC support in compiler and results
in errors during compilation like
/usr/bin/ld: libelf_pic.a(elf_error.os): relocation R_X86_64_TPOFF32 against `global_error' can not be used when making a shared object; recompile with -fPIC
and elfutils-native failing to build with clang as host compiler
This patch was added to support version of fedora in 2022 and the error
has since been addressed in glibc [1]
Gyorgy Sarvari [Sat, 25 Oct 2025 14:52:11 +0000 (16:52 +0200)]
ptest-perl/run-ptest: set exit code
Set exit code on the run-ptest script: though the logparser
looks for PASS/FAIL state, it can be still useful when running
the tests manually - when there is a lot of output, it is
easier to see the summary at the end if the test has actually
passed or failed without scrolling back.
Yoann Congal [Fri, 24 Oct 2025 00:16:20 +0000 (02:16 +0200)]
selftest/bblayers: Add a test to validate bitbake-setup registry schema
This test validates bitbake/default-registry/configurations/*.conf.json
against bitbake-setup.schema.json:
INFO - test_validate_bitbake_setup_default_registry (bblayers.BitbakeLayers.test_validate_bitbake_setup_default_registry)
DEBUG - Validating .../poky/bitbake/bin/../default-registry/configurations/oe-nodistro.conf.json
DEBUG - Validating .../poky/bitbake/bin/../default-registry/configurations/poky-master.conf.json
INFO - ... ok
INFO - test_validate_examplelayersjson (bblayers.BitbakeLayers.test_validate_examplelayersjson)
INFO - ... ok
INFO - ----------------------------------------------------------------------
INFO - Ran 2 tests in 110.469s
INFO - OK
INFO - RESULTS:
INFO - RESULTS - bblayers.BitbakeLayers.test_validate_bitbake_setup_default_registry: PASSED (0.92s)
INFO - RESULTS - bblayers.BitbakeLayers.test_validate_examplelayersjson: PASSED (0.19s)
INFO - SUMMARY:
INFO - oe-selftest () - Ran 2 tests in 110.469s
INFO - oe-selftest - OK - All required tests passed (successes=2, skipped=0, failures=0, errors=0)
* Extract a function "validate_json"
* Read bitbake variables in setUpClass to avoid makeing repeated calls
to bitbake
* Allow to specify the schema relative to $COREBASE/meta/files/
* Specify the Base URI to allow schema to reference each other
Yoann Congal [Fri, 24 Oct 2025 00:16:18 +0000 (02:16 +0200)]
meta/files: Add a jsonschema for bitbake-setup configuration files
This schema is a bit loose and should validate any configuration files working with
bitbake-setup but, also, some broken ones:
* If present, a "bb-layer" can be an empty array.
* bb-setup need at least one of "bb-layers" or "oe-template", that is
not enforced in the current schema.
* bb-setup accepts "configurations = []" but it results in a impossible
choice in interactive mode. This is rejected by the schema.
* In each configuration, "name" and "description" are optional but the
flatten configuration must have them. This is not enforced by the
schema.
To test a configuration files against this schema: (for exemple to
validate bitbake default registry)
$ pip install check-jsonschema
$ check-jsonschema -v --schemafile meta/files/bitbake-setup.schema.json bitbake/default-registry/configurations/*
ok -- validation done
The following files were checked:
bitbake/default-registry/configurations/oe-nodistro.conf.json
bitbake/default-registry/configurations/poky-master.conf.json
Daniel Turull [Thu, 23 Oct 2025 07:13:39 +0000 (09:13 +0200)]
improve_kernel_cve_report: add option to read debugsources.zstd
Adding option to be able to import debugsources.zstd directly.
The linux-yocto-debugsources.zstd is generated in every build and
does not require any additional configuration.
In contrast, SPDX_INCLUDE_COMPILED_SOURCES needs to be explicitly
added and increases build time.
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Libarchive 3.8.2 is a bugfix and security release.
Security fixes:
* 7zip: Fix out of boundary access (#2668)
* tar reader: fix checking the result of the strftime (#2719, CVE-2025-25724)
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
222fc11f2b8f Bump version to 21.1.4 480a90482e5b release/21.x: [clang-format] Fix a crash on BAS_BlockIndent (#164047) 3333dd88a493 Update clang/lib/Format/TokenAnnotator.cpp 54cdd973782e [clang-format] Annotate ::operator and Foo::operator correctly (#164048) ceeb93096c79 [libclang/python] Return None instead of null cursors from Token.cursor (#163183) 7e153f5372ed [clang-format] Fix an assertion failure on comment-only config files (#163111) faca424bc5f7 [clang-format] Correctly handle backward compatibility of C headers (#159908) c5a3aa8934b0 [libc++] Properly implement array cookies in the ARM ABI (#160182) 0d819a9104b2 [libunwind] Fix aarch64 SEH unwinding with a debugger attached (#162867) 464d75ad5f26 [MachinePipeliner] Add test missed in #154940 (NFC) (#163350) ffa6b0c365ec [MachinePipeliner] Limit the number of stores in BB (#154940) 570c4c944338 [clang] Fix catching pointers by reference on mingw targets (#162546) c6af6be3cd1c [libc++][docs] Add missing entry for P3379R0 to `21.rst` a2e93dce5f2b [Hexagon][llvm-objdump] Start a fresh packet at symbol boundaries. (#163466) dfdee9a929aa [clang][modules] Derive mtime from PCM timestamps, not PCM files (#162965) bd9bc536b4ac [LLD] [COFF] Fix aarch64 delayimport of sret arguments (#163096) 7b785dcb70f6 [LLD][COFF] Fix tailMergeARM64 delayload thunk 128 MB range limitation (#161844) a847f1832857 [Hexagon] Support lowering of setuo & seto for vector types in Hexagon (#158740) e14b5e82244e [clang-format] Fix a bug in wrapping { after else (#161048) b54051ac74cb [clang-format] Correctly annotate RequiresExpressionLBrace (#155773) c9fbd571b52c dfsan: Fix test with gcc 15. 68f118f265c9 Switch dtls_test.c from XFAIL to UNSUPPORTED on aarch64. a86b1e397e90 compiler-rt: Make the tests pass on AArch64 and with page size != 4096. c03b58bb091e [clangd] Fix code action kind for readability-identifier-naming fixes (#162808) caef7619d5fd [clang-format] Fix a bug in OneLineFormatOffRegex (#162961) 5386abc82ab8 [libc++][ranges] Fix `ranges::join_view` segmented iterator trait (#158347) 18593ab316f6 workflows/release-binaries: Run tests on the same runner as the build (#162421) 13bee3a798b1 [Mips] Fix clang crashes when assembling invalid MIPS beql instructions with --arch=mips (#156413) 0d1b9249d189 [CI] Add dyung and c-rhodes to the Release Asset List (#162478) c000f3226bdf [Mips] Fixed libunwind::Registers_mips_o32::jumpto to allow for load delay (#152942) 276050887539 [LLDB][ProcessWindows] Set exit status on instance rather than going through all targets (#159308)
devtool: un-/deploy-target: put deploylist into destdir
When deploying on devices with a RO root-filesystem, devtool would
fail on writing to the hard-coded "deploylist_path = '/.devtool'"
Since devtool already supports deploying to a different root-prefix
with: hostname[:destdir], we can make use of this guaranteed RW
location to place the deployment-list there.
Add the destdir parameter to the _prepare_remote_script function, to
construct the deploylist_path from it. For the 'undeploy' the same
host:destdir splitting logic is used as in 'deploy'.
Now it is possible to modify and build a recipe 'foo-bar' with
devtool, and have its ./image content deployed through:
$build> devtool deploy foo-bar target:/opt/development-overlay
Or removed again with:
$build> devtool undeploy foo-bar target:/opt/development-overlay
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Tear down method is executed even when the tests are disabled. This lead
to SSH being used to run commands on the target, and as it might fail
when no SSH server is present, we had to use ignore_ssh_fails=True here.
Instead, remove log file just before it is created: it will remain on
the target after the test is run, but this should be acceptable.
oeqa: runtime: logrotate: Remove setup and tear down methods
Setup and tear down methods are executed even when the tests are disabled.
This lead to SSH being used to run commands on the target, and as it
might fail when no SSH server is present, we had to use
ignore_ssh_fails=True here.
Instead, run cleanup tasks in tests themselves and remove the tear down
method.
Also, the wtmp configuration file is not modified since the test was
modified a few years ago: there is no need to backup and restore it.
Jason M. Bills [Wed, 22 Oct 2025 15:05:17 +0000 (08:05 -0700)]
systemd.bbclass: support template files with dots
If the SYSTEMD_SERVICE variable contains a template instance that has
dots in the name such as "xyz.openbmc_project.my@instance.service", the
regex splits on all the dots resulting in the following python
exception:
Exception: ValueError: too many values to unpack (expected 3)
To continue to support service files with dots in the name, this changes
to first split only on the '@' to isolate the name, then split the
second half on the last dot to get the remaining two parameters.
Splitting on the last dot allows dots in the instance name, as well.
Confirmed when building that the three parameters for template instances
without dots came out the same and that template instances with dots
include the full name with dots in the first parameter.
Confirmed when using an instance name with dots that the full instance
name came out correctly with dots.
CC: Ross Burton <Ross.Burton@arm.com> Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jose Quaresma [Wed, 22 Oct 2025 09:06:49 +0000 (10:06 +0100)]
create-spdx-3.0: add SPDX_LICENSES to SPDX3_DEP_FILES
If we have changes on SPDX_LICENSES content we ended up building invalid sstate-cache archives.
The default value for the SPDX_LICENSES is the file meta/files/spdx-licenses.json but this file
don't use the bitbake fetcher and because of this their checksum is not validated.
So we need to add this file to the build dependency chain of the SPDX.
For example, currently we have bump from 3.24.0 to 3.27.0 on master-next for the file
meta/files/spdx-licenses.json. Since the file content is not taken into account, we end
up creating invalid sstate-cache artifacts on the autobuilder on master-next builds.
This created sstate-cache artifacts will also be available to master branch users
that are using the upstream sstate-cache mirror.
If someone is using the public mirror but still following the master branch
they will encounter something like the following error which this change aims to resolve.
Khem Raj [Wed, 22 Oct 2025 04:53:51 +0000 (21:53 -0700)]
rust: Do not modify rpaths in llvm-config
No need to edit rpaths in llvm-config, this is not
needed anymore because the llvm-config used is from
standard install inside sysroot unlike when rust-llvm
was used, where it was installed into its own location
to avoid conflicts with llvm-config coming from llvm/clang
Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jörg Sommer [Tue, 21 Oct 2025 18:20:00 +0000 (20:20 +0200)]
gtk+3: Update 3.24.43 -> 3.24.51
According to https://www.gtk.org/docs/installations/linux/#gtk-v3x the new
place for downloads is download.gnome.org aka $GNOME_MIRROR (ftp.g.o
redirects to this). And new versions are without `+`.
Update opengl.patch, handle new `is_gl_context_current`.
Overview of Changes in GTK+ 3.24.51, 29-09-2025
===============================================
* Wayland:
- Force window titles to be valid utf8
- Flush tablet events when neccessary
* X11:
- Avoid a use-after-free with threads
* Windows:
- Avoid min/max buttons for dialogs
* Images:
- Replace a few calls to gdk_pixbuf_get_pixels
with read_pixels to avoid thread-safety issues
* GL:
- Try harder to keep the GL context current
* Input:
- Make compose file parsing more robust
* Translation updates:
Catalan
Esperanto
Persian
Overview of Changes in GTK+ 3.24.50, 07-08-2025
===============================================
* Themes:
- Add a progress-working-symbolic icon
- Support strokes in symbolic icons
- Update theme CSS
- Remove hardcoded Cantarell font
* GtkShortcutsWindow:
- Differentiate all keypad symbols visually
* GtkApplication:
- Register unsandboxed apps with the portals
* macOS:
- Remove redundant NSView calls
- Fix some memory leaks
- Don't try to use the file transfer portal
* Windows:
- Always mark windows as minimizable
* X11
- Fix problems with gtk_window_get_geometry
* Wayland:
- Fix a crash
* Input:
- Make compose sequence visuals configurable
* Printing:
- Fix the build with libcups 3
- Support gnome-papers as previewer
* Translation updates
Nepali
Persian
Uzbek (Latin)
Overview of Changes in GTK+ 3.24.49, 05-03-2025
===============================================
* Fix a crash in GtkIMContext
* Fix crashes in DND with GtkPlug/GtkSocket
* Wayland:
- Fix erroneous crossing events, causing menus to malfunction
- Support the cursor-shape protocol
* X11:
- Enforce size limits on windows, preventing lockups
* macOS:
- Fix pen tilt handling
* Translation updates
Bulgarian
Thai
Overview of Changes in GTK+ 3.24.48, 25-02-2025
===============================================
* Switch to the new ci-based release process
Overview of Changes in GTK+ 3.24.44, 24-01-2025
===============================================
* GtkFileChooser:
- Stop replacing : (colon) with U+2236 (ratio)
* GtkEmojiChooser:
- Update to Unicode 16 / CLDR 46
* GtkSpinButton:
- Use semantically appropriate icon names
- Make numeric spin buttons always LTR
* GtkEntry:
- Stop guessing text direction from keyboard layout
- Add a shortcut and context menu item to change text direction
* GtkEventControllerMotion:
- Make enter and leave signals work
* Accessibility:
- Use message dialog titles as names
* GDK:
- Fix portal handling of gvfs files
* Wayland:
- Support the xdg_foreign_v2 protocol
- Try to fix monitor geometry on sway
- Improve font setting fallback
- Use a better default cursor size
- Fix a crash during DND
* macOS:
- Fix a UI hang
* Translation updates:
Bulgarian
Farsi
Hindi
Hungarian
Icelandic
Latvian
Serbian
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steffen Greber [Tue, 21 Oct 2025 09:47:38 +0000 (09:47 +0000)]
wic: add option to specify the diskid
This adds a feature to specify the disk ID when creating a disk with
the wic tool. This is useful when using the DOS partition scheme and
booting with root=PARTUUID=<partuuid>. In DOS partitions, the partition
ID is <diskid>-<partition-number>, so it makes sense to let the user
define the disk ID.
You can specify it in the kickstart file using the --diskid argument
to the bootloader command. The value can be given in decimal or
hexadecimal format (e.g. 3735928559 or 0xdeadbeef). If omitted, the
previous behaviour does not change.
Signed-off-by: Steffen Greber <sgreber@lilafast.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 20 Oct 2025 22:09:11 +0000 (00:09 +0200)]
binutils: patch CVE-2025-11495
Pick commit per NVD CVE report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 20 Oct 2025 22:09:10 +0000 (00:09 +0200)]
binutils: patch CVE-2025-11413
Pick commit per NVD CVE report.
Note that there were two patches for this, first [1] and then [2].
The second patch moved the original patch to different location.
Cherry-pick of second patch is successful leaving out the code removing
the code from first location, so the patch attached here is not
identical to the upstream commit but is identical to applying both and
merging them to a single patch.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 20 Oct 2025 22:09:09 +0000 (00:09 +0200)]
binutils: patch CVE-2025-11412
Pick commit per NVD CVE report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 20 Oct 2025 22:09:08 +0000 (00:09 +0200)]
binutils: patch CVE-2025-11414
Pick commit per NVD CVE report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
See release notes at
- http://downloads.yoctoproject.org/releases/opkg/opkg-0.8.0.release-notes
[0.8.0] - 2025-01-10
The minor version bump in this release is due to the changes to cURL error output line format.
- [Changed](https://git.yoctoproject.org/opkg/commit/?id=ab03377868256427279b36c4b2a298edae4260b8) the error output for the curl download backend, to now report the HTTP error code for failed requests.
- e.g. `error: log_curl_download_error: Failed to download headers of https://foo.bar/all/Packages.gz: The requested URL returned error: 401`
- Enabling debug-verbosity, while using the cURL backend, [will now](https://git.yoctoproject.org/opkg/commit/?id=ce6fede3db931bb0da70d1334cdc4101d0aec702) print cURL's verbose error log to stderr when there is a download failure.
- The verbose output may contain confidential information about your cURL transactions. So this is your reminder that debug-verbosity should not be enabled in production systems or sensitive security environments.
- The commandline configuration file option (`-f`) [can now](https://git.yoctoproject.org/opkg/commit/?id=36d08b93d2859992b624a4ba2f412cfa5c766050) be specified multiple times, and each configuration file will be loaded and their settings merged.
- [Fixed](https://git.yoctoproject.org/opkg/commit/?id=c87188d7535684fddb8cf80993c147b215602b63) a bug in control field parsing where custom fields whose keys are similar to other fields could be confused by the parser.
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mike Crowe [Mon, 20 Oct 2025 16:03:53 +0000 (17:03 +0100)]
multilib.bbclass: Filter ROOTFS_RO_UNNEEDED to fix uninstallation
When building an entire multilib image (e.g. lib32-core-image-minimal)
we need to ensure that the unneeded packages in ROOTFS_RO_UNNEEDED get
the multilib prefix applied before they are compared against the list of
installed packages inside Rootfs._uninstall_unneeded() to decide whether
they need to be installed.
Ryan Eatmon [Mon, 20 Oct 2025 14:49:32 +0000 (09:49 -0500)]
kernel-fit-image: Split signing variables
Right now all signing is done with a single variable: UBOOT_SIGN_ENABLE.
This has the side effect of not allowing for signing the fitImage while
not signing the uboot files.
This patch creates three new variables specific to FIT_KERNEL and
defaults them to the corresponding UBOOT variables. That way all
existing code will remain the same, but we can selectively control just
signing the fitImage without also signing the uboot files.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
spdx_common: Fix invalid SPDX downloadLocation for Rust crates
Fixes [YOCTO #15909]
SPDX validation was failing due to the use of `crate://crates.io/...` as the
`downloadLocation`, which is not a valid SPDX URL as per the 2.2 specification.
This patch updates `fetch_data_to_uri()` in `spdx_common.py` to detect when the
fetcher type is "crate" and instead use the `url` attribute, which contains a
valid HTTP(S) URL in the expected format, e.g.:
Liu Yiding [Mon, 20 Oct 2025 02:39:55 +0000 (10:39 +0800)]
kea: fix installation umask to 0022 of meson.
The default installation umask is 0027 for Kea-built artifacts.
And it caused package conflicts as following:
Error: Transaction test error:
file /usr/lib/pkgconfig conflicts between attempted installs of kea-dev-3.0.1-r0.x86_64_v3 and btrfs-tools-dev-6.16-r0.x86_64_v3
file /usr/lib/pkgconfig conflicts between attempted installs of libgcrypt-dev-1.11.2-r0.x86_64_v3 and kea-dev-3.0.1-r0.x86_64_v3
I submitted an issue to the upstream and found upstream alreadly known this issue.
https://gitlab.isc.org/isc-projects/kea/-/issues/4171
https://gitlab.isc.org/isc-projects/kea/-/issues/3993
Then I follow the method in the SPEC file of upstream to fix this problem in Yocto.
https://gitlab.isc.org/isc-projects/kea-packaging/-/blob/master/rpm/kea.spec?ref_type=heads
meson setup build \
--buildtype release \
--install-umask 0022 \
--bindir %{_bindir} \
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The NumPy 2.3.4 release is a patch release split between a number of maintenance
updates and bug fixes. This release supports Python versions 3.11-3.14. This
release is based on Python 3.14.0 final.
Changes
- The npymath and npyrandom libraries now have a .lib rather than a .a
file extension on win-arm64, for compatibility for building with MSVC
and setuptools. Please note that using these static libraries is
discouraged and for existing projects using it, it's best to use it
with a matching compiler toolchain, which is clang-cl on Windows on
Arm.
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ricardo Salveti [Fri, 17 Oct 2025 18:51:12 +0000 (15:51 -0300)]
initramfs-framework: drop redundant /var/lock directory creation
base-files already provides /var/lock as a symbolic link to /run/lock, and
since /run is created and mounted as tmpfs during init, there is no need
to explicitly create /var/lock within initramfs.
This avoids the following spurious error during boot:
mkdir: can't create directory '/var/lock': No such file or directory
Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Fri, 17 Oct 2025 17:14:02 +0000 (19:14 +0200)]
go: upgrade 1.25.2 -> 1.25.3
Upgrade to latest 1.25.x release [1]:
$ git --no-pager log --oneline go1.25.2..go1.25.3 28622c1959 (tag: go1.25.3) [release-branch.go1.25] go1.25.3 e05b2c92d9 [release-branch.go1.25] crypto/x509: rework fix for CVE-2025-58187 79ec0c94f3 [release-branch.go1.25] spec: update spec date to match release date
This release addresses breakage caused by a security patch included in Go 1.25.2
and 1.24.8, which enforced overly restrictive validation on the parsing of X.509
certificates. We've removed those restrictions while maintaining the security
fix that the initial release addressed [2].
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Liu Yiding [Fri, 17 Oct 2025 05:57:24 +0000 (13:57 +0800)]
llvm: multilib-header fix for llvm/Config/llvm-config.h
Fix following conflicts when enabling multilib.
Error: Transaction test error:
file /usr/include/llvm/Config/llvm-config.h conflicts between attempted installs of lib32-llvm-dev-21.1.3-r1.core2_32 and llvm-dev-21.1.3-r1.x86_64_v3
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Thu, 16 Oct 2025 20:40:58 +0000 (22:40 +0200)]
python3: upgrade 3.13.7 -> 3.13.9
Drop upstreamed patch and refresh remaining patches.
Release information:
* https://www.python.org/downloads/release/python-3138/
* 3.13.8 is the eighth maintenance release of 3.13, containing around
200 bugfixes, build improvements and documentation changes since
3.13.7.
* https://www.python.org/downloads/release/python-3139/
* This Python 3.13.9, a maintenance release for Python 3.13.
* 3.13.9 is an expedited release containing a fix for one specific
regression in Python 3.13.8
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gyorgy Sarvari [Thu, 16 Oct 2025 08:28:29 +0000 (10:28 +0200)]
webkitgtk: upgrade 2.48.5 -> 2.50.0
Dropped fix-armv7-compilation.patch, because it is included in this
release.
Dropped no-musttail-arm.patch, because it has been solved by project
(a bit differently)[1]
Added a new backported patch, fix-musl-compilation.patch
to avoid build error when compiling with musl libc:
.../Source/bmalloc/libpas/src/libpas/pas_probabilistic_guard_malloc_allocator.c:52:10: fatal error: execinfo.h: No such file or directory
| 52 | #include <execinfo.h>
| | ^~~~~~~~~~~~
Another patch, fix_op_instanceof_handler_for_32-bit_C-loop_build.patch is under review by
upstream. It fixes compiling for 32-bit targets by fixing the following error:
error: label 'op_instanceof_return_location' used but not defined
Changelog:
2.50.0:
- Fix rendering with software rasterization enabled.
- Fix WebAudio issues after idling for a minute.
- Fix several crashes and rendering issues.
2.49.90:
- Add support for font collection / fragment identifiers.
- Fix web process deadlock on exit.
- Fix stuttering when playing WebP animations
- Fix CSS animations with cubic-bezier timing function.
- Do not start the MemoryPressureMonitor if it's disabled
- Translation updates: Polish, Slovenian.
- Fix several crashes and rendering issues.
2.49.4:
- Enable CSS property font-variant-emoji is now enabled by default.
- Improve emoji font selection.
- Add SVT-AV1 encoder support to media backend.
- Show device scale factor in webkit://gpu.
- Fix font rendering of composed characters with certain fonts.
- Fix handling of font synthesis properties (bold/italic).
- Fix documentation of WebKitDeviceInfoPermissionRequest.
- Fix several crashes and rendering issues.
2.49.3:
- Add new API to get the theme color of a WebKitWebView.
- Fix rendering with GTK 3.
- Notify automation session on abnormal disconnections.
- Fix a crash by ensuring SkiaRecordingResult is destroyed on the main thread.
- Fix build on s390x.
- Fix the build with GTK 3.
- Fix several crashes and rendering issues.
2.49.2:
- Enable damage propagation to the UI process by default.
- Pass available input devices from UI process to web process for Interaction Media Features.
- Always have a fallback when domain does not have known base.
- Fix URL after HSTS upgrade in case of redirection.
- Fix rendering when device scale factor change comes before the web view geometry update.
- Ensure web view is focused on tap gesture.
- Fix a crash when setting WEBKIT_SKIA_GPU_PAINTING_THREADS=0.
- Fix several crashes and rendering issues.
- Translation updates: Brazilian Portuguese, Swedish.
2.49.1:
- Change threaded rendering implementation to use Skia API instead of WebCore display
list that is not thread safe. This also allowed to improve performance by recording
layers once and replaying every dirty region in different worker threads.
- Added hybrid rendering mode that tries to use the GPU worker threads, but if they
are all busy the CPU worker threads are used if possible.
- Add volume locking support to media player.
- Add support for tracing counters with Sysprof.
- Fix several crashes and rendering issues.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Liu Yiding [Wed, 15 Oct 2025 02:13:36 +0000 (10:13 +0800)]
kea: fix conflict between kea-dhcp4 and kea-dhcp6 multilibs
There are conflict of config files between kea and lib32-kea:
| Error: Transaction test error:
| file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of lib32-kea-3.0.1-r0.core2_32 and kea-3.0.1-r0.x86_64_v3
| file /etc/kea/kea-dhcp6.conf conflicts between attempted installs of lib32-kea-3.0.1-r0.core2_32 and kea-3.0.1-r0.x86_64_v3
Update this patch after kea was upgraded to 3.0.1.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 17 Oct 2025 09:34:30 +0000 (10:34 +0100)]
build-appliance-image: install bitbake+oe-core+meta-yocto, not poky
Change the build-appliance image to include current git trees of the
separate bitbake/openembedded-core/meta-yocto repositories, instead of
the merged poky repository as that is being discontinued.
linux-firmware: Fix removing unlicensed firmware if compression is used
If FIRMWARE_COMPRESSION is set, the newly added code to remove
unlicensed firmware fails with:
| Remove unlicensed firmware: acenic/tg1.bin
| rm: cannot remove '.../work/all-oe-linux/linux-firmware/20250917/image/usr/lib/firmware/acenic/tg1.bin': No such file or directory
This is because the code does not consider that the file may be
compressed.
Fix it by factoring out the code to construct the compressed file
name suffix from do_install:append() into a python function and
also use it for the actual file names listed in REMOVE_UNLICENSED.
Ross Burton [Fri, 17 Oct 2025 13:27:17 +0000 (14:27 +0100)]
classes/cargo_common: ensure B is clean
The cargo class defaults to out-of-tree builds in WORKDIR/build, but
at no point was that directory cleaned. This causes problems with the
rust standard library recipe (libstd-rs) which installs manually with cp,
so rebuilds can be contaminated with the contents of previous builds.
I believe that post-release we should switch cargo.bbclass to mandating
out-of-tree builds to reduce the complexity, but for now in out-of-tree
builds we can just delete the ${B}/target directory.
Note that we use ${B}/target because there at least were reasons to use
that name[1], it is unclear if these limitations still hold. We can't
simply clean ${B} because that will break recipes that use cargo and
something else to build, for example librsvg.
kconfig: Add transitional symbol attribute for migration support
During kernel option migrations (e.g. CONFIG_CFI_CLANG to CONFIG_CFI),
existing .config files need to maintain backward compatibility while
preventing deprecated options from appearing in newly generated
configurations. This is challenging with existing Kconfig mechanisms
because:
1. Simply removing old options breaks existing .config files.
2. Manually listing an option as "deprecated" leaves it needlessly
visible and still writes them to new .config files.
3. Using any method to remove visibility (.e.g no 'prompt', 'if n',
etc) prevents the option from being processed at all.
Add a "transitional" attribute that creates symbols which are:
- Processed during configuration (can influence other symbols' defaults)
- Hidden from user menus (no prompts appear)
- Omitted from newly written .config files (gets migrated)
- Restricted to only having help sections (no defaults, selects, etc)
making it truly just a "prior value pass-through" option.
The transitional syntax requires a type argument and prevents type
redefinition:
config NEW_OPTION
bool "New option"
default OLD_OPTION
config OLD_OPTION
bool
transitional
help
Transitional config for OLD_OPTION migration.
This allows seamless migration: olddefconfig processes existing
CONFIG_OLD_OPTION=y settings to enable CONFIG_NEW_OPTION=y, while
CONFIG_OLD_OPTION is omitted from newly generated .config files.
Added positive and negative testing via "testconfig" make target.
Bruce Ashfield [Thu, 16 Oct 2025 03:08:42 +0000 (23:08 -0400)]
linux-yocto/6.16: genericarm64: feature splits and enablement
Integrating the following commit(s):
9e0a3e81 genericarm64.cfg: enable more power, reset drivers 0293b84e genericarm64.cfg: enable MFD_KHADAS_MCU f9c89a33 genericarm64-regulator.cfg: enable more drivers 01af8892 genericarm64.cfg: enable more IRQCHIP support 96bf1e51 genericarm64.scc: enable USB serial support dc7502db genericarm64.cfg: improve SATA support e85415a3 genericarm64.cfg: improve input device support cb734447 genericarm64.cfg: enable more Hisilicon PCI drivers 362c7b10 genericarm64.cfg: enable USB_CHIPIDEA_NPCM c9127be9 genericarm64.cfg: enable EXTCON_USBC_CROS_EC 3836443f genericarm64.cfg: improve PHY support a25d50d8 genericarm64-clock.cfg: improve Qualcomm, Renesas etc clock driver support 5e47e723 usb-net.cfg: add USB_LAN78XX e5be3915 genericarm64-clock.cfg: add more Renesas support 8d1d61f1 genericarm64.cfg: improve Renesas pmdomain support 89d463fc genericarm64.cfg: enable UACCE 18251d7d genericarm64.cfg: more MTD CFI etc support 070f72bc genericarm64.cfg: enable PCIe error reporting dfa6ca16 genericarm64.cfg: add more ethernet support 5821cdf3 genericarm64.scc: add genericarm64-rtc.cfg and enable more HW support e9847838 genericarm64.cfg: enable Chrome OS platform drivers 549b8af0 genericarm64.scc: enable Mellanox ethernet support 5e172179 mellanox.scc: add network driver feature 27eaec09 genericarm64.cfg: improve USB_DWC3 support c543148b genericarm64.cfg: improve TYPEC_MUX support 62b093b3 genericarm64.scc: enable exFAT support 360d572b cfg/fs/exfat.scc: add config feature 8be64103 genericarm64.cfg: add more USB 3.0 and basic 2.0 support 48e00648 genericarm64-arch.cfg: enable more Renesas support cef54e58 genericarm64.cfg: enable ARM_PSCI_FW support 129993c7 genericarm64.cfg: enable more TPM and FFA support 8cd8cb12 genericarm64.cfg: enable TCG_TIS as module be840fc8 genericarm64.cfg: enable ZYNQMP_FIRMWARE 9f94acee genericarm64.cfg: enable COMMON_CLK_ZYNQMP 10a0e7c7 genericarm64.cfg: enable DMI_SYSFS 705cae9a genericarm64.scc: enable efi-test.scc 08fd4f23 efi-test: add config fragment for EFI test interface 98178196 genericarm64.cfg: enable ARM_PSCI_CPUIDLE_DOMAIN
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Thu, 16 Oct 2025 03:08:34 +0000 (23:08 -0400)]
linux-yocto/6.16: update to v6.16.11
Updating linux-yocto/6.16 to the latest korg -stable release that comprises
the following commits:
683320aeb0e83 Linux 6.16.11 8f9c9fafc0e7a ASoC: qcom: audioreach: fix potential null pointer dereference 1f053d82e59c7 media: stm32-csi: Fix dereference before NULL check c9e024e907caf media: iris: Fix memory leak by freeing untracked persist buffer 888830b2cbc03 wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() 9cddad3b26dac mm: swap: check for stable address space before operating on the VMA 15c0e136bd8cd media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID d9f6ce99624a4 media: rc: fix races with imon_disconnect() 9a00de20ed8ba media: tuner: xc5000: Fix use-after-free in xc5000_release f3f3f00bcabbd media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe 3ffabc79388e6 media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove af600e7f5526d ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free 4b29228694958 scsi: target: target_core_configfs: Add length check to avoid buffer overflow 412450c2f9d16 gcc-plugins: Remove TODO_verify_il for GCC >= 16 8faee580d63bc blk-mq: fix blk_mq_tags double free while nr_requests grown bcabc18865f36 Linux 6.16.10 e4825368285e3 iommufd: Fix race during abort for file descriptors e7e5315212819 spi: cadence-qspi: defer runtime support on socfpga if reset bit is enabled b7ec8a2b094a3 spi: cadence-quadspi: Implement refcount to handle unbind during busy 4109506b7eba2 sched_ext: idle: Handle migration-disabled tasks in BPF code 1f2bffc8dd18b sched_ext: idle: Make local functions static in ext_idle.c 2243b9b728b3c wifi: iwlwifi: pcie: fix byte count table for some devices b9ebc20920be3 wifi: iwlwifi: fix byte count table for old devices fc19489dfaf42 fbcon: Fix OOB access in font allocation c0c01f9aa08c8 fbcon: fix integer overflow in fbcon_do_set_font 2aa2cea8f7716 mm/damon/sysfs: do not ignore callback's return value in damon_sysfs_damon_call() 21ee79ce93812 mm/hugetlb: fix folio is still mapped when deleted 7c78ae54e342d x86/Kconfig: Reenable PTDUMP on i386 309b8857c50d0 x86/topology: Implement topology_is_core_online() to address SMT regression b64d23d1b9321 riscv: Use an atomic xchg in pudp_huge_get_and_clear() 8df142e93098b netfs: fix reference leak 5855792c6bb9a kmsan: fix out-of-bounds access to shadow memory 61ae3a52075dc gpiolib: Extend software-node support to support secondary software-nodes a2cb8818a3d91 fs/proc/task_mmu: check p->vec_buf for NULL 41782c44bb843 afs: Fix potential null pointer dereference in afs_put_server a63e7dcf6a552 vhost-net: flush batched before enabling notifications 7de587f87f37e Revert "vhost/net: Defer TX queue re-enable until after sendmsg" 238f33bb3f6fa pinctrl: airoha: fix wrong MDIO function bitmaks cda80b7937bb5 pinctrl: airoha: fix wrong PHY LED mux value for LED1 GPIO46 3bf00f58a8075 drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume 40903aa97e193 drm/ast: Use msleep instead of mdelay for edid read 5168f19d4d819 drm/xe: Don't copy pinned kernel bos twice on suspend 408d90e817211 arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports eca259860a084 arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes a22ccb766ced5 arm64: dts: marvell: cn913x-solidrun: fix sata ports status d00bcd2d5414e ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address e57d19757aeb2 tracing: fprobe: Fix to remove recorded module addresses from filter cbb8c94f92d0c tracing: fgraph: Protect return handler from recursion loop b47c4e06687a5 tracing: dynevent: Add a missing lockdown check on dynevent fbe96bd25423e crypto: af_alg - Fix incorrect boolean values in af_alg_ctx 6200d2e7ea6a6 i40e: improve VF MAC filters accounting 168107437eac5 i40e: add mask to apply valid bits for itr_idx 8b13df5aa877b i40e: add max boundary check for VF filters a991dc56d3e9a i40e: fix validation of VF state in get resources 560e168341058 i40e: fix input validation logic for action_meta 5c1f96123113e i40e: fix idx validation in config queues msg d4e3eaaa3cb3a i40e: fix idx validation in i40e_validate_queue_map afec12adab55d i40e: add validation for ring_len param 1cf7258a9cf33 HID: asus: add support for missing PX series fn keys f76347f4ec435 HID: intel-thc-hid: intel-quickspi: Add WCL Device IDs 930cb05a9e107 tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() 908478fe58848 Revert "drm/xe/guc: Enable extended CAT error reporting" e35eeb3a8eaf8 Revert "drm/xe/guc: Set RCS/CCS yield policy" 093615fc76063 smb: client: fix wrong index reference in smb2_compound_op() 923638cea4c17 platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() 2858cae6896ea drm/panthor: Defer scheduler entitiy destruction to queue release f1635765cd0fd futex: Use correct exit on failure from futex_hash_allocate_default() c6adf475f375c drm/amd/display: remove output_tf_change flag 9682dc123f8f1 drm/i915/ddi: Guard reg_val against a INVALID_TRANSCODER 94c5669b1b172 drm/xe: Fix build with CONFIG_MODULES=n bacbadedbba73 drm/xe/vf: Don't expose sysfs attributes not applicable for VFs 6021d412108f7 gpio: regmap: fix memory leak of gpio_regmap structure d824b2dbdcfe3 futex: Prevent use-after-free during requeue-PI 0fc650fa475b5 drm/gma500: Fix null dereference in hdmi teardown a8a63f27c3a8a octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() 449aae54fa510 net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port 075c92577f529 net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() 8523fee4caad8 net/mlx5e: Fix missing FEC RS stats for RS_544_514_INTERLEAVED_QUAD 5aa468e563ce7 net/mlx5: HWS, ignore flow level for multi-dest table 7f1b5d056f053 net/mlx5: HWS, remove unused create_dest_array parameter 3c77f6d244188 net/mlx5: fs, fix UAF in flow counter release 1c5a55ce47578 selftests: fib_nexthops: Fix creation of non-FDB nexthops 8dd4aa0122885 nexthop: Forbid FDB status change while nexthop is in a group 61341d935833f net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS 3e4a313b11fca bnxt_en: correct offset handling for IPv6 destination address 4d109d6c56c60 broadcom: fix support for PTP_EXTTS_REQUEST2 ioctl 1bfb2d9456c18 broadcom: fix support for PTP_PEROUT_DUTY_CYCLE 87a1f16f07c6c Bluetooth: MGMT: Fix possible UAFs 7ce635b3d3aba vhost: Take a reference on the task in struct vhost_task. a78fd4fc5694e Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync dde33124f17cf Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue 1609ab5393d33 Bluetooth: hci_sync: Fix hci_resume_advertising_sync c283e4a0e078a ethernet: rvu-af: Remove slash from the driver name d5411685dc2f6 net/smc: fix warning in smc_rx_splice() when calling get_page() 1697577e1669b net: tun: Update napi->skb after XDP process 394c58017e5f4 can: peak_usb: fix shift-out-of-bounds issue b638c3fb0f163 can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow 7f7b21026a6fe can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow e77fdf9e33a83 can: hi311x: populate ndo_change_mtu() to prevent buffer overflow e587af2c89ecc can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow cc4cb275764da xfrm: fix offloading of cross-family tunnels a78e557765223 xfrm: xfrm_alloc_spi shouldn't use 0 as SPI 966877e96d022 selftests/bpf: Skip timer cases when bpf_timer is not supported b6b7db6530236 bpf: Reject bpf_timer for PREEMPT_RT f577bec9836d1 can: rcar_can: rcar_can_resume(): fix s2ram with PSCI 528151da32c17 wifi: virt_wifi: Fix page fault on connect 0bcc5ea4bb30d amd/amdkfd: correct mem limit calculation for small APUs a01d1325e0fbd drm/amdkfd: fix p2p links bug in topology aae986c5805c7 NFSv4.2: Protect copy offload and clone against 'eof page pollution' 204099ce6574b NFS: Protect against 'eof page pollution' f51f9695207bc btrfs: don't allow adding block device of less than 1 MB e64b692a2d55f selftests/fs/mount-notify: Fix compilation failure. 6233715b4b714 bpf: Check the helper function is valid in get_helper_proto e6014ad4d009e smb: server: use disable_work_sync in transport_rdma.c 27ce0a17ee989 smb: server: don't use delayed_work for post_recv_credits_work 302c25ec64051 cpufreq: Initialize cpufreq-based invariance before subsys d342ba13c2a91 ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients c49b3ffc64cae arm64: dts: imx8mp: Correct thermal sensor index 8707ccbf686f7 firmware: imx: Add stub functions for SCMI CPU API 5f9587bbb3bb7 firmware: imx: Add stub functions for SCMI LMM API 39cc5381c80c0 firmware: imx: Add stub functions for SCMI MISC API e3aba0b7f24c4 arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 1f58c03bc7580 HID: amd_sfh: Add sync across amd sfh work functions 0fd5a4eeb726c HID: cp2112: fix setter callbacks return value f1958eb140458 IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions dbeeeae988cce net: sfp: add quirk for FLYPRO copper SFP+ module 4ceb739a3260a ALSA: usb-audio: Add mute TLV for playback volumes on more devices f20938fb3ba2e ALSA: usb-audio: move mixer_quirks' min_mute into common quirk f637c0678f8e8 gpiolib: acpi: Add quirk for ASUS ProArt PX13 001470af9436a ALSA: usb-audio: Add DSD support for Comtrue USB Audio device 86cb0f559b71e platform/x86: oxpec: Add support for OneXPlayer X1 Mini Pro (Strix Point) 1e1873264e9de ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for PTL. eae9d5c299b78 ASoC: Intel: soc-acpi: Add entry for HDMI_In capture support in PTL match table 71f64a3244ac9 ASoC: Intel: soc-acpi: Add entry for sof_es8336 in PTL match table. 9b866ec1b3d8f i2c: designware: Add quirk for Intel Xe dcae67ba20e39 mmc: sdhci-cadence: add Mobileye eyeQ support 44fd9560ea831 drm/panfrost: Add support for Mali on the MT8370 SoC 39fdf31a26526 drm/panfrost: Commonize Mediatek power domain array definitions 8cae20f2a4719 drm/panfrost: Drop duplicated Mediatek supplies arrays 01c1287ef2a44 net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick a94d1a0de44d7 net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info e9d96c5baa454 usb: core: Add 0x prefix to quirks debug output 330e7cc51c275 ALSA: usb-audio: Fix build with CONFIG_INPUT=n 645c7aa98d1e9 ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA 9a183aeb23ca4 ALSA: usb-audio: Convert comma to semicolon bdb9cc8a8f940 HID: multitouch: specify that Apple Touch Bar is direct 3e4453b40562f HID: multitouch: take cls->maxcontacts into account for Apple Touch Bar even without a HID_DG_CONTACTMAX field cf60067a13847 HID: multitouch: support getting the tip state from HID_DG_TOUCH fields in Apple Touch Bar 6a6edca250126 HID: multitouch: Get the contact ID from HID_DG_TRANSDUCER_INDEX fields in case of Apple Touch Bar 0105cfc41abeb ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 042ce4cb97ae4 ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks 9f76d2c9e8c02 ALSA: usb-audio: Simplify NULL comparison in mixer_quirks 8af6015e380ca ALSA: usb-audio: Avoid multiple assignments in mixer_quirks d3934ea7fb976 ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks 0afc2246dd448 ALSA: usb-audio: Fix block comments in mixer_quirks c11341fb8fc3a ALSA: usb-audio: Fix whitespace & blank line issues in mixer_quirks 2ea8b2ce48de5 ALSA: usb-audio: Fix code alignment in mixer_quirks f8ae65129919a firewire: core: fix overlooked update of subsystem ABI version 16bd546200ec5 scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
