Niko Mauno [Tue, 4 Nov 2025 08:33:33 +0000 (08:33 +0000)]
cve-update: Keep mtime stamp in the database itself
This should help to avoid problems that will occur if the modification
time of database file itself is altered e.g. by unassociated
process(es) on the file system which hosts the database file.
Since this change updates the database structure by adding a new table,
bump the 'minor' version number in database file names to enforce full
database fetch. This should also iron out e.g. situation where the
database might have inconspicuously omitted entries due to way in which
the mtime of database file itself was relied upon.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Niko Mauno [Tue, 4 Nov 2025 08:33:32 +0000 (08:33 +0000)]
cve-update: Take shared .inc file into use
Since there are two recipes for the similar purpose with some
considerable differences but also some identical definitions, take a
shared inc file into use by relocating common code lines there.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Niko Mauno [Tue, 4 Nov 2025 08:33:30 +0000 (08:33 +0000)]
cve-update-db-native: pycodestyle fixes
Fixes following pycodestyle complaints:
cve-update-db-native.bb:80:39: E712 comparison to True should be 'if cond is True:' or 'if cond:'
cve-update-db-native.bb:128:20: E401 multiple imports on one line
cve-update-db-native.bb:130:18: E401 multiple imports on one line
cve-update-db-native.bb:171:21: E741 ambiguous variable name 'l'
cve-update-db-native.bb:335:26: E225 missing whitespace around operator
cve-update-db-native.bb:344:12: E713 test for membership should be 'not in'
cve-update-db-native.bb:347:12: E713 test for membership should be 'not in'
Also leaves out a redundant 'gzip' import in update_db_file().
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Niko Mauno [Tue, 4 Nov 2025 08:33:29 +0000 (08:33 +0000)]
cve-update-nvd2-native: pycodestyle fixes
Fixes following pycodestyle complaints:
cve-update-nvd2-native.bb:95:54: E712 comparison to True should be 'if cond is True:' or 'if cond:'
cve-update-nvd2-native.bb:127:15: E211 whitespace before '('
cve-update-nvd2-native.bb:127:17: E201 whitespace after '('
cve-update-nvd2-native.bb:127:19: E201 whitespace after '('
cve-update-nvd2-native.bb:127:44: E202 whitespace before ')'
cve-update-nvd2-native.bb:127:46: E203 whitespace before ','
cve-update-nvd2-native.bb:174:20: E401 multiple imports on one line
cve-update-nvd2-native.bb:183:29: E203 whitespace before ':'
cve-update-nvd2-native.bb:236:16: E111 indentation is not a multiple of 4
cve-update-nvd2-native.bb:241:16: E111 indentation is not a multiple of 4
cve-update-nvd2-native.bb:336:39: E222 multiple spaces after operator
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Paul Barker [Mon, 3 Nov 2025 20:11:20 +0000 (20:11 +0000)]
pseudo: Add hard sstate dependencies for pseudo-native
Where a task (such as do_package) runs under fakeroot, the corresponding
setscene task (do_package_setscene) will also run under fakeroot when
restoring from sstate. Assuming pseudo is used as the fakeroot
implementation, we need pseudo-native and all its runtime dependencies
to be available in the sysroot before running any setscene tasks under
fakeroot.
We already add a hard dependency from all do_package_setscene tasks to
virtual/fakeroot-native:do_populate_sysroot in base.bbclass, but this
does not cover transitive dependencies. So, extend the dependencies of
pseudo-native:do_populate_sysroot_setscene to ensure that the sqlite3
library is also available in the sysroot before running fakeroot
setscene tasks.
[YOCTO #15963]
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Ross Burton [Mon, 3 Nov 2025 14:21:46 +0000 (14:21 +0000)]
kea: fix CVE-2025-11232
Backport a patch from upstream to resolve CVE-2025-11232:
Invalid characters cause assert
To trigger the issue, three configuration parameters must have
specific settings: "hostname-char-set" must be left at the default
setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must
be empty (the default); and "ddns-qualifying-suffix" must NOT be empty
(the default is empty). DDNS updates do not need to be enabled for
this issue to manifest. A client that sends certain option content
would then cause kea-dhcp4 to exit unexpectedly.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Mike Crowe [Mon, 3 Nov 2025 15:42:34 +0000 (15:42 +0000)]
sanity: Emit the error message if CONNECTIVITY_CHECK_MSG is set
Users may still be interested in the actual error message even if there
is a custom message for failure of the connectivity check since the
cause may be intermittent.
Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
readline: backport a patch to fix for caller setting rl_prompt to NULL
I've observed this issue affecting iwctl and connmanctl.
Patching readline solves the issue.
The original patch from [5] mixes many fixes in one commit. I've extract
only what matters to solve the issues observed with connman and iwd. The
final patch is the same patch sent by readline author to readline's mail list [6].
3.54.3 - 2025-09-21
-------------------
* Do not skip symbols both in Gio and in platform specific :mr:`452`
3.54.2 - 2025-09-13
-------------------
* Prefix platform specific symbols with platform name :mr:`451`
3.54.1 - 2025-09-12
-------------------
* Excempt GioPlatform namespaces from required version check :mr:`450`
3.54.0 - 2025-09-06
-------------------
* Fix compatibility with Python 3.14 :mr:`433`
* Add platform specific symbols back to Gio module :mr:`445`
* Include docs from old GNOME wiki :mr:`441`
* Add override for `GLib.MainContext.query()` :mr:`446`
* Fix optional inout parameter marshalling :mr:`447`
3.53.0 - 2025-08-27
-------------------
* Drop Python upper limit :mr:`418`
* Add `__enum|flags_values__` back to GEnum and GFlags :mr:`420`
* Fix asyncio event loop selector with Python 3.13 :mr:`421`
* Support `Gtk.Template` on sub-classed Python classes :mr:`199`
* Use GI Repository singleton if GLib >= 2.85 :mr:`427`
* Expose finish_func on function info to determine if a function can be used as awaitable :mr:`428`
* Documentation updates :mr:`424` :mr:`426` :mr:`429` :mr:`430`
* `ParamSpec` objects now return the expected enum type :mr:`432`
* Fix `Gio.ActionMap` override for `Gio.Application` :mr:`435`
* Fix regression for functions with multiple callbacks :mr:`436` :mr:`437`
* Cleanup: callable argument cache :mr:`438`
* Format Python and C code :mr:`386`
* Fix compatibility with GLib 2.84 :mr:`443`
* (chore) clean up array cache code :mr:`440`
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
1) CVE-2025-62229: Use-after-free in XPresentNotify structures creation
Using the X11 Present extension, when processing and adding the
notifications after presenting a pixmap, if an error occurs, a dangling
pointer may be left in the error code path of the function causing a
use-after-free when eventually destroying the notification structures
later.
Introduced in: Xorg 1.15
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b1
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2) CVE-2025-62230: Use-after-free in Xkb client resource removal
When removing the Xkb resources for a client, the function
XkbRemoveResourceClient() will free the XkbInterest data associated
with the device, but not the resource associated with it.
As a result, when the client terminates, the resource delete function
triggers a use-after-free.
Introduced in: X11R6
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/99790a2c
https://gitlab.freedesktop.org/xorg/xserver/-/commit/10c94238
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
3) CVE-2025-62231: Value overflow in Xkb extension XkbSetCompatMap()
The XkbCompatMap structure stores some of its values using an unsigned
short, but fails to check whether the sum of the input data might
overflow the maximum unsigned short value.
Introduced in: X11R6
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
1) CVE-2025-62229: Use-after-free in XPresentNotify structures creation
Using the X11 Present extension, when processing and adding the
notifications after presenting a pixmap, if an error occurs, a dangling
pointer may be left in the error code path of the function causing a
use-after-free when eventually destroying the notification structures
later.
Introduced in: Xorg 1.15
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b1
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
2) CVE-2025-62230: Use-after-free in Xkb client resource removal
When removing the Xkb resources for a client, the function
XkbRemoveResourceClient() will free the XkbInterest data associated
with the device, but not the resource associated with it.
As a result, when the client terminates, the resource delete function
triggers a use-after-free.
Introduced in: X11R6
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/99790a2c
https://gitlab.freedesktop.org/xorg/xserver/-/commit/10c94238
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
3) CVE-2025-62231: Value overflow in Xkb extension XkbSetCompatMap()
The XkbCompatMap structure stores some of its values using an unsigned
short, but fails to check whether the sum of the input data might
overflow the maximum unsigned short value.
Introduced in: X11R6
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Hongxu Jia [Mon, 3 Nov 2025 06:45:17 +0000 (14:45 +0800)]
vte: support reproducibility when debug build is enabled
When debug build is enabled, there is a build path issue in source file
which caused build is not reproducible
...subprojects/simdutf/simdutf.h...
1 /* auto-generated on 2025-03-17 16:13:41 -0400. Do not edit! */
2 /* begin file include/simdutf.h */
3 // /build-dir/vte-0.82.1/subprojects/simdutf/include/simdutf.h:1
4 #ifndef SIMDUTF_H
...subprojects/simdutf/simdutf.h...
The source file is auto generated by python script amalgamate.py,
apply a fix to the script to use relative path to instead
Yoann Congal [Sat, 1 Nov 2025 22:57:44 +0000 (23:57 +0100)]
oe-setup-layers: make "path" optional
Layer names and path are often redundant. Allow users to omit the path
key when it is equal to the layer name by using the layer name as a
default value for its path.
For example, from layers.example.json:
"sources": {
"meta-alex": {
"path": "meta-alex"
},
"meta-intel": {
"path": "meta-intel"
},
"poky": {
"path": "poky"
}
},
Update the schema to stop requiring "path" and remove it in example for
"meta-intel".
Peter Marko [Sat, 1 Nov 2025 21:04:15 +0000 (22:04 +0100)]
wpa-supplicant: patch CVE-2025-24912
Pick patches as listed in NVD CVE report.
Note that Debian lists one of the patches as introducing the
vulnerability. This is against what the original report [1] says.
Also the commit messages provide hints that the first patch fixes this
issue and second is fixing problem with the first patch.
[1] https://jvn.jp/en/jp/JVN19358384/
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Bruce Ashfield [Thu, 30 Oct 2025 17:12:18 +0000 (13:12 -0400)]
linux-yocto/6.17: fix rdinit boot warning
Integrating the following commit(s) to linux-yocto/6.17:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: boot: only emit rdinit warning on initramfs boot
Date: Mon, 27 Oct 2025 09:47:05 -0400
commit 98aa4d5d242d3a73 [init/main.c: add warning when file specified in
rdinit is inaccessible] promoted a long time check to be visible on
boot.
The issue is that it is always issued even when an initramfs boot is
not used.
To avoid needing to completely disable CONFIG_BLK_DEV_INITRD and not
have the warning issues when an initramfs isn't used, we add checks for
the existence and size of an initramfs before allowing the warning
to be generated.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Bruce Ashfield [Thu, 30 Oct 2025 17:12:17 +0000 (13:12 -0400)]
linux-yocto/6.17: unify qemumips (malta) branches
The 6.17+ kernel cache is using a single branch for the mti malta
machines, which are what qemumips* emulate. We update our branch
specification to make them buildable.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
lib/crypto: arm/sha1: Migrate optimized code into library
Instead of exposing the arm-optimized SHA-1 code via arm-specific
crypto_shash algorithms, instead just implement the sha1_blocks()
library function. This is much simpler, it makes the SHA-1 library
functions be arm-optimized, and it fixes the longstanding issue where
the arm-optimized SHA-1 code was disabled by default. SHA-1 still
remains available through crypto_shash, but individual architectures no
longer need to handle it.
To match sha1_blocks(), change the type of the nblocks parameter of the
assembly functions from int to size_t. The assembly functions actually
already treated it as size_t.
However, I think the commit cannot be reverted, not only because
there are a bunch of changes based on this one, but also because
the change look like a reasonable one.
Before xserver is able to handle such issue inside its codes, this service
need wait for udev to settle things before it starts. This can avoid the
above race condition error.
The 'runlevel', 'initctl', 'telinit' related contents are removed
because they are offically removed in v258.
Disable tests explicitly. This is because we're not installing any
tests. There's no point building them out. And this puts extra burden
on making things compile for musl.
gcrypt and gnutls PACKAGECONFIGs are removed as "OpenSSL is now the only
supported cryptography backend for systemd-resolved and systemd-importd."
systemd-systemctl-native changes:
sysvinit compat actions are removed. This includes removing unncessary
patches and adding EXTRA_OEMESON. The systemctl-native should only focus
on the systemd units as it was. The removed two extra patches look like
a workaround to make do_rootfs pass. But the correct behavior is that
systemctl-native should not invoke systemd-sysv-install and only focus
on systemd units.
musl changes:
1. This version has big changes in musl patches. The goal is to
help maintenance. I want patches to be more easily applied
to new versions. The count of files modified by musl specific
patches decreased from 113 (v257) to 34 (v258).
2. All patches are re-evaluated.
This version of systemd introduces big changes in header
files and other places. So the previous musl patches are
re-evaluated one by one. Those that are dropped are considered not
needed. A few new ones are added. There are some notable ones.
0012-do-not-disable-buffer-in-writing-files.patch is dropped because
there is not runtime error.
0016-Fix-the-segfault-for-glob-related-codes-and-define-d.patch is
added because this version of systemd uses strv_free to free gl_pathv
instead of relying on globfree provided by libc.
Chen Qi [Fri, 31 Oct 2025 06:11:03 +0000 (14:11 +0800)]
base-passwd: add clock group
New systemd version (v258) introduces a new group, clock, to
"enable applications like linuxptp to open clocks without root
privileges".[1]
This results in warning at do_rootfs time:
WARNING: Group clock has never been defined
Add group clock with gid 81 to fix this issue. The wheel group's
gid is 80, so 81 is chosen.
Note that Debian rejects this patch because they're using sysusers
to handle such groups, including 'clock', 'kvm', 'sgx', etc. We're
not relying on sysusers, so we have to add a patch here.
testimage.bbclass: check that root-login-with-empty-password image features are present
More or less all of testimage relies on logging in as root, without password,
both on console and over ssh. Previously this was enabled by default in poky
and core, but now that it isn't, testimage will error out on timeouts in
both console and ssh login attempts. This commit adds an earlier check and
provides a hint to the users about what they should do.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
fragments: add a 'root-login-with-empty-password' fragment
Please see this for background/some discussion:
https://lists.openembedded.org/g/openembedded-architecture/topic/115913545
Care should be taken to not enable this by default, and especially not for
production images. Poky and oe-core default templates did it, and it was
not a good starting point. Hopefully the fragment name, and the description
that users will see when enabling the fragment will provide enough warning.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
bbconfigbuild/configfragments.py: print fragment descriptions when enabling them
Such descriptions can contain useful or important information, and users may
not see that otherwise at all. To reduce clutter in CI outputs or similar
scenarios, -q option suppresses that printing.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Dmitry Baryshkov [Thu, 30 Oct 2025 11:54:15 +0000 (13:54 +0200)]
mesa: drop freedreno-fdperf PACKAGECONFIG
With libconfig being a part of OE-Core, we can now drop separate
freedreno-fdperf config option and merge the dependency into other
freedreno tools dependencies.
Dmitry Baryshkov [Thu, 30 Oct 2025 11:54:14 +0000 (13:54 +0200)]
libconfig: import recipe from meta-oe
One of the freedreno tools in the Mesa package depends on libconfig.
Recipes from other layers also depend on libconfig. It makes sense to
move libconfig to OE-Core in order to reduce inter-layer dependencies.
Changes between meta-oe and this recipe:
- Upgraded to 1.8.1
- Switched to UPSTREAM_CHECK_GITTAGREGEX
- Switched from autotools-brokensep to autotools
- Added a patch fixing reproducibility issues
Markus Volk [Thu, 30 Oct 2025 03:48:49 +0000 (04:48 +0100)]
libadwaita: update 1.7.6 -> 1.8.1
=============
Version 1.8.1
=============
- AdwComboRow
- Allow selecting items via touchscreen
- Improve accessibility
- AdwEntryRow
- Fix title ellipsizing too late
- Activate the row action when pressing enter
- AdwHeaderBar
- Fix title buttons on macOS
- AdwNavigationView
- Fix a build warning on some platforms
- AdwShortcutsDialog
- Fix removing sections when the model changes
- AdwTabBar/AdwTabGrid
- Fix context menu alignment on RTL
- Docs
- Replace deprecated GApplication flag
- Fix shortcuts screenshots in widget gallery in dark mode
- Translation updates
- Bulgarian
- Dutch
- Filipino
- Occitan
- Portuguese
- Uighur
=============
Version 1.8.0
=============
- AdwSpinner
- Switch to progressbar accessible role
- AdwSwipeTracker
- Fix memory leak
- Demo
- Fix 2 memory leaks
- Docs
- Typo fixes
- Translation updates
- Basque
- British English
- Catalan
- Chinese (China)
- Czech
- Danish
- Spanish
- Esperanto
- Finnish
- Galician
- Georgian
- Hungarian
- Korean
- Lithuanian
- Swedish
- Turkish
- Ukrainian
==============
Version 1.8.rc
==============
- Add copy-func and free-func annotations to boxed types
- AdwAlertDialog/AdwMessageDialog:
- Clarify behavior around :default-response
- AdwApplication
- Enable support for CSS media queries in the autoloaded styles
- AdwShortcutLabel
- Fix RTL layout
- AdwShortcutsDialog
- Fix 2 memory leaks
- AdwToastOverlay
- Fix disappear animation not playing on dismiss_all()
- Make the action button in toasts insensitive after a click
- AdwWrapLayout
- Fx allocation of a single child in RTL languages or with align > 0
- Build
- Require GTK 4.19.4
- Docs
- Fix AdwShortcutLabel and AdwShortcutsDialog screenshots in dark
- Fix close button style on screenshots
- Stylesheet
- Update GtkShortcutLabel style to match AdwShortcutLabel
- Switch to media queries instead of separate CSS variants
- Translation updates
- Brazilian Portuguese
- Galician
- Interlingua
- Japanese
- Persian
- Polish
- Russian
================
Version 1.8.beta
================
- AdwAlertDialog/AdwMessageDialog
- Emit ::response when cancelled after calling choose()
- AdwDialog
- Fix widget activation in window-backed dialogs
- Fix set_focus() in window-backed dialogs
- AdwLayoutSlot
- Error out if ID is not set
- AdwNavigationView
- Defer swipe start to ::begin-swipe
- AdwShortcutLabel
- Differentiate keypad keys better (same as in GtkShortcutLabel)
- AdwShortcutsDialog
- Show navigation pills for large dialogs
- Set a title
- Focus search bar with Ctrl+F
- Fix action-name fetching when presented as a window
- Fix search row activation
- Fix markup handling
- AdwTabBar
- Fix focusing start/end action widgets
- AdwTabOverview
- Make button hitboxes larger
- AdwWrapBox
- Add remove_all()
- AdwWrapLayout
- Fix a memory leak
- Build
- Evaluate dependencies early
- Demo
- Switch to AdwShortcutLabel
- Stylesheet
- Add .document style class using the document font
- Increase line height for .body and .caption
- Add hover/active styles to GtkFlowBox children
- Stop shipping symbolic PNG assets
- Fix .devel striping with new GTK
- Adapt window controls styles to GTK styles
- Various fixes
- Translation updates
- Belarusian
- Hebrew
- Romanian
- Slovenian
=================
Version 1.8.alpha
=================
- Add AdwShortcutsDialog
- Add AdwShortcutLabel
- Fix a crash with empty window layouts
- Avoid needlessly resassigning CSS classes for dynamic shadows
- AdwAboutDialog/AdwAboutWindow
- Fix a leak
- Fix mnemonics
- Clarify :translator-credits docs
- AdwAlertDialog/AdwMessageDialog
- Fix a warning with long headings
- AdwApplication
- Automatically set up app.shortcuts action if shortcuts-dialog.ui is present
- AdwAvatar
- Fix custom image size with GTK 4.19.2
- AdwBreakpointBin
- Preserve focus when switching breakpoints
- AdwCarousel
- Support keyboard navigation
- Fix a critical when disposing it after scrolling with mouse wheel
- AdwExpanderRow
- Fix grab_focus() behavior
- AdwHeaderBar
- Add support for native window controls in macOS
- AdwNavigationView
- fix :visible-page-tag notifications
- AdwPreferencesGroup
- Add bind_model()
- Add get_row()
- Allow rows that aren't AdwPreferencesRow
- AdwPreferencesPage
- Add insert()
- Add get_group()
- AdwStyleManager
- Fix font name docs
- Fix loading font names when debug variables are set
- Move yellow/green boundary for accent color
- Support high contrast on macOS
- AdwTabOverview
- Update window radius
- AdwToastOverlay
- Fix a critical when showing a toast while hiding it
- Fix accessible role in documentation
- Adaptive preview
- Add context to shell and device preset translatable strings
- Change screenshot tooltip
- Build
- Don't install internal static library
- Fix build with older gobject-introspection versions
- Demo
- Add a shortcut for opening preferences
- Docs
- Fix window radius value
- Fix missing AdwCarouselIndicatorLines image
- Inspector
- Disable markup on window rows
- Stylesheet
- Adjust GtkWindowControls styles for GTK 4.18.4 changes
- Optimize window and dialog shadows
- Fix disabled styles for various .view widgets
- Fix list DND styles
- Fix .property for expander rows
- Tests
- Fix a leak
- Translation updates
- Belarusian
- Brazilian Portuguese
- British English
- Catalan
- Friulian
- German
- Hebrew
- Hungarian
- Indonesian
- Japanese
- Latvian
- Portuguese
- Romanian
- Russian
- Slovenian
- Ukrainian
Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Even though x11 is currently a default DISTRO feature, even for
nodistro, core-image-sato should require the x11 feature. Without the
x11 in DISTRO_FEATURES, bitbake fails with the following:
ERROR: Required build target 'core-image-sato' has no buildable providers.
Missing or unbuildable dependency chain was: ['core-image-sato',
'packagegroup-core-x11-base']
With this change, the error changes to something more clear to new
users of the project:
ERROR: Nothing PROVIDES 'core-image-sato'
core-image-sato was skipped: missing required distro feature 'x11'
(not in DISTRO_FEATURES)
Signed-off-by: Walter Werner SCHNEIDER <contact@schnwalter.eu> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Ross Burton [Wed, 29 Oct 2025 13:03:10 +0000 (13:03 +0000)]
classes/base: prefer gnu-prefixed HOSTTOOLS
Ubuntu 25.10 has changed the default coreutils implementation from GNU
coreutils to uutils/coreutils. Unfortunately this causes build problems:
couldn't allocate absolute path for 'null'.
tail: cannot open 'standard input' for reading: No such file or directory
install: failed to chown '...': Invalid argument (os error 22)
Clear build failures happen in 'install' and 'tail', but there may be
further breakage.
Luckily, Ubuntu also installs GNU coreutils with a binary prefix of
'gnu', so whilst these issues are root-caused and fixed in either pseudo
or uutils we can prefer the gnu-prefixed binaries where they are present.
[ YOCTO #16028 ]
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
populate_sdk_ext: include image SPDX tasks in locked signatures
Fixes [YOCTO #15726]
Fixes [YOCTO #15853]
After the switch to SPDX 3.0, eSDK installation can fail with errors like:
gcc-source-1*:do_fetch attempted to execute unexpectedly
This is usually due to missing setscene tasks.
This is caused by image-related SPDX tasks, such as do_create_image_sbom_spdx,
being excluded from the locked signatures. Without these, the corresponding
sstate-cache artifacts are missing during eSDK installation.
Previously (under SPDX 2.2), these image SPDX/SBOM tasks were not
dependencies of do_populate_sdk_ext task, so their sstate artifacts
were not required at install time.
Fix:
- Added `do_create_image_sbom_spdx` as a task dependency before `do_sdk_depends`
to ensure SPDX/SBOM data generation is integrated in the eSDK build flow.
- Adjusted `prepare_locked_cache()` to retain SDK_TARGETS (and their multilib
variants) in the locked signatures file, ensuring image SPDX/SBOM tasks are
preserved and not excluded during locked-sigs filtering.
With this fix, eSDK installs work without unexpected task runs, even
for custom distros or "tar" images.
See release notes at
- http://downloads.yoctoproject.org/releases/opkg/opkg-0.9.0.release-notes
[0.9.0] - 2025-06-27
Semiannual opkg release.
Bumping the minor version as a result of the project build tooling changing from autotools to cmake.
- Added a Dockerfile container definition (`:docker/`) for a valid developer build environment for opkg.
- It's recommended that project contributors use this container to build and test their changes.
- The AutoTools-based build framework has [been replaced](https://git.yoctoproject.org/opkg/commit/?id=3f6040e321634471ec442fb0e80f140f1437e90b) with a more modern, CMake framework.
- Refer to the `docs/CONTRIBUTING.md` documentation for updated build instructions.
Gyorgy Sarvari [Thu, 23 Oct 2025 10:50:58 +0000 (12:50 +0200)]
openssl: extend check_cwm test timeout
Fixes [YOCTO 14649]
The default 3s test execution timeout isn't always enough for the check_cwm test
on the autobuilder in case there is a high load on the host machine,
and due to this this case fails sometimes.
This patch doubles the timeout for this testcase to 6 seconds to allow enough
time for execution even if there is high CPU usage by other processes.
oe-build-perf-report: filter used measurements for each commit
As the poky repository is no longer used, measurements are indexed using
the oe-core commit. But as bitbake, oe-core and meta-yocto are now
retrieved from separate gits, while measuring performances for a given branch
at some time interval, we can get the same commit for oe-core but
different ones for bitbake or meta-yocto. As a consequence, metadata
associated with the same index (oe-core commit) might differ.
Today this is not supported, as we do expect all metadata for a given
version remain the same.
For each oe-core commit, filter the measurements, in order to only keep
the ones with the metadata matching the last measurement found for the
said commit.
Hongxu Jia [Fri, 17 Oct 2025 07:19:08 +0000 (15:19 +0800)]
libxml2: upgrade 2.14.6 -> 2.15.0
Due to upstream [Remove LZMA support][1], drop option --without-lzma
Due to upstream [disable python bindings by default][2] and are
planned to be removed in the 2.16 release[3][4]. If we still enable
python bindings by --with-python=yes, due to upstream [doc: Build docs
with Doxygen and xsltproc][5], build python binding requires doxygen
otherwise build will fail, and we do not provide doxygen in oe-core,
so remove python package directly.
Refresh install-tests.patch and run-ptest to not install python test
cases
Peter Marko [Mon, 13 Oct 2025 07:08:46 +0000 (09:08 +0200)]
sqlite3: upgrade 3.48.0 -> 3.50.4
Handle CVE-2025-3277, CVE-2025-29087 and CVE-2025-29088.
This update includes major change in how it is built.
Instead of autotools, autosetup is used.
Autosetup (https://msteveb.github.io/autosetup/) claims to be
* Replacement for autoconf in many situations
However it also claims NOT to
* Intended to replace all possible uses of autoconf
This means that some autoconf features are not available.
Recipe changes:
* stop inheriting autotools and define B, do_configure and do_install
* add patch to disable zlib as autosetup cannot be preconfigured like
autotools to force function calls
* update packageconfig options to match new syntax
* libedit is detected with ncurses linking options (as seen in
do_configure log)
* backport rpaths fix
* define soname to avoid file-rdeps QA error due to wrong library name
* clean B for do_configure as the new Makefiles do not seem to properly
retrigger build if configuration changes
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
sstate.bbclass: Always show a progress bar if an sstate summary is wanted
In case sstate_checkhashes() is expected to show an sstate summary, then
always show the process progress bar regardless of how long the task
list is. Without this, the sstate summary could unintentionally
overwrite another active progress bar.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Hongxu Jia [Fri, 10 Oct 2025 07:52:56 +0000 (15:52 +0800)]
debug_build.inc: override INHIBIT_SYSROOT_STRIP for cross and native
The debug_build.inc is used to collect debug build configuration,
override INHIBIT_SYSROOT_STRIP for cross and native bbclass when DEBUG_BUILD
is enabled
The modern compilers and code seem to require extra steps to avoid DEBUG errors,
Move debug tuning configuration from recipes to an include file to address these
errors.
Drop `:remove' operation on variable, override variables directly
Hongxu Jia [Fri, 10 Oct 2025 07:52:54 +0000 (15:52 +0800)]
distro/include: Add debug_build.inc when DEBUG_BUILD is enabled
In bitbake.conf, use ??= to set *_OPTIMIZATION, add a new include
file debug_build.inc to use ?= to override *_OPTIMIZATION when
DEBUG_BUILD is enabled
When DEBUG_BUILD is enabled:
- Defer inherit bblcass debug_build, while setting DEBUG_BUILD = "1" in
local.conf, the debug build is enabled globally. For the recipe (such
as qemu) which doesn't work without optimization, set DEBUG_BUILD = "0"
to disable it for a given recipe
- Use include_all to allow other layers to add their own debug build
configurations
Jon Mason [Mon, 6 Oct 2025 14:24:37 +0000 (10:24 -0400)]
runqemu: resize rootfs image to power of 2 for SD or pflash
QEMU requires that SD and pflash images are sized to be a power of 2
(e.g., 32M, 64M, etc). So, if the image being used is not a power of 2
and it's being used for SD or pflash, increase it to the next power of 2
size via the truncate command.
This might not be an actual spec requirement, and is being investigated
in https://gitlab.com/qemu-project/qemu/-/issues/1754
Signed-off-by: Jon Mason <jon.mason@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Jon Mason [Mon, 6 Oct 2025 14:24:36 +0000 (10:24 -0400)]
runqemu: remove setting of mem on kernel command line for certain systems
Some emulated hardware will not boot if mem is set on the kernel command
line (all of the Raspberry Pi machines seemed to fail with this set,
possibly many others). Also, it is not necessary if the device tree
file is present, as that _should_ have the memory size specified in it.
Add a check for QB_DTB and don't set mem in the kernel command line if
present.
Signed-off-by: Jon Mason <jon.mason@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
wic/engine: fix copying directories into wic image with ext* partition
wic uses debugfs to write on ext* partitions, but debugfs can only
write to the current working directory and it cannot copy complete
directory trees. Running 'wic ls' on a copied directory show this:
-l: Ext2 inode is not a directory
Fix this by creating a command list for debugfs (-f parameter) when
recursive parsing the host directory in order to create a similar
directory structure (mkdir) and copy files (write) on each level
into the destination directory from the wic's ext* partition.
Signed-off-by: Daniel Dragomir <daniel.dragomir@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
patchtest: fix failure when oe-core repo is in detached HEAD
Patchtest fails when oe-core git repo is in a "detached HEAD" state:
Error log:
> File "/usr/lib/python3/dist-packages/git/repo/base.py", line 881, in
active_branch return self.head.reference ^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3/dist-packages/git/refs/symbolic.py", line 311, in
_get_reference raise TypeError("%s is a detached symbolic reference as it
points to %r" % (self, sha)) TypeError: HEAD is a detached symbolic reference
as it points to '3dd31d3b29730fa1130645d76bb71914ac036335' None
In this case, no current branch is available for the clean operation.
To fix this, updates the checkout logic:
- if a current branch is available, use it,
- otherwise, fall back to the commit pointed to by HEAD.
This ensures that the script works correctly even when HEAD is detached.
Haixiao Yan [Mon, 29 Sep 2025 02:56:44 +0000 (10:56 +0800)]
syslinux: clean old object and dependency files before do_install
Remove all previous .o and .d files from OBJ directories before
running do_install. This prevents stale build artifacts from
interfering with the installation of new binaries and modules,
especially after GCC upgrades that can invalidate existing dependency
files, such as:
make[4]: *** No rule to make target
'/build/tmp-glibc/work/corei7-64-wrs-linux/syslinux/6.04-pre2-r1/recipe-sysroot-native/
usr/lib/x86_64-wrs-linux/gcc/x86_64-wrs-linux/12.4.0/include/stdarg.h',
needed by 'zlib/adler32.o'. Stop.
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
We currently have a problem regarding complementary package installation,
that is, if 'oe-pkgdata-util glob' maps out packages that are not in
the oe-rootfs-repo, we will get error like below:
No match for argument: lib32-glibc-locale-en-gb
Error: Unable to find a match: lib32-glibc-locale-en-gb
Here are the steps to reproduce the issue:
1. Add the following lines to local.conf:
require conf/multilib.conf
MULTILIBS ?= "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 ?= "core2-32"
IMAGE_INSTALL:append = " lib32-sysstat"
2. bitbake lib32-glibc-locale && bitbake core-image-full-cmdline
This problem appears because:
1) At do_rootfs time, we first contruct a repo with a filtering
mechanism to ensure we don't pull in unneeded packages.[1]
2) oe-pkgdata-util uses the pkgdata without filtering.
In order to avoid any hardcoding that might grow in the future[2], we need
to give 'oe-pkgdata-util glob' some filtering ability.
So this patch does the following things:
1) Add a new option, '-a/--allpkgs', to 'oe-pkgdata-util glob'.
This gives it a filtering mechanism. As it's an option, people who use
'oe-pkgdata-util glob' command could use it as before.
2) Add to package_manager 'list_all' function implementations which
list all available functions in our filtered repo.
Ross Burton [Wed, 3 Sep 2025 16:44:59 +0000 (17:44 +0100)]
nativesdk-sdk-provides-dummy: allow pkgconfig to be installed into SDKs
This recipe is a dummy provider of pkgconfig, but we want our SDKs to
ship a pkgconfig binary if requested as otherwise that's a host tool
that would be required to use the SDK. On Linux that's easily solved,
but meta-mingw/meta-darwin SDKs can't really assume that pkgconfig will
be present on the host.
This behaviour dates back to 2014 when construction of SDKs with RPM
packages was added[1] and notably the same behaviour didn't exist for
ipkg-based SDKs.
[1] oe-core 417b27ce5c1 ("lib/oe/sdk.py: support RpmRootfs")
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Dmitry Baryshkov [Tue, 28 Oct 2025 22:34:24 +0000 (00:34 +0200)]
linux-firmware: drop catch-all QCA package
With the linux-firmware now being an empty package there is no need in
the catch-all ${PN}-qca-misc package since developers will have to
package all firmware separately. Drop useless packages now.
Update the sed replacement rule to strictly match '/usr/bin/python'
(with no trailing characters)
The previous sed rule was too broad and could incorrectly change Python
shebangs such as in
/lib/modules/6.16.11-yocto-standard/build/scripts/macro_checker.py from
'#!/usr/bin/python3' to '#!/usr/bin/env python33'.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enrico Jörns [Tue, 28 Oct 2025 07:32:48 +0000 (08:32 +0100)]
barebox: upgrade 2025.08.0 -> 2025.09.0
Changes in 2025.09.0
--------------------
* Added support for SoCFPGA Agilex5 and Rockchip RK3576
* Added structured I/O support for shell commands
* Added support for booting signed Rockchip images
* Support for adding device tree overlay (.dtbo) files to FIT images
* New 'bfetch' eyecandy tool for displaying logo and system information
(similar to 'neofetch')
* Several other fixes and improvements
rust-target-config: Fix ABI override for powerpc64le target
Ensure the powerpc64le check is exclusive by using `elif`, preventing the
powerpc64 condition from overriding it. This keeps the ABI as elfv2 for
PPC64LE and fixes related build failures.
Khem Raj [Mon, 27 Oct 2025 23:39:29 +0000 (16:39 -0700)]
binutils-cross-canadian: Do not install bdf-plugins
for SDK they are provided via nativesdk-binutils
latest binutils have started to build libdep plugin
as static library libdep.a which is then reported via build QA
Khem Raj [Mon, 27 Oct 2025 23:39:28 +0000 (16:39 -0700)]
classes/toolchain/clang: Add placeholder for dynamic linker in cross-canadian packages
clang-cross-canadian is just symlinking into nativesdk-clang unlike gcc which
has separate binaries and they have inbuilt dynamic linker specs. To help clang
built cross-canadian binaries add it via cmdline option here, cross-canadian
binaries are only usable on installed SDKs, and these paths get re-written with
correct SDK specific linker during SDK install relocation process.
This helps clang built cross-canadian tools e.g. from binutils-cross-canadian
be relocated correctly on SDK install.
Randolph Sapp [Mon, 27 Oct 2025 23:19:19 +0000 (18:19 -0500)]
x11-volatiles: register x11 volatile directories
Add a volatiles entry for popular x11 and adjacent utilities. This is
designed to mimic the systemd tmpfiles.d entries and prevent any one
user from creating these directories with permissions that may
negatively impact multi-user environments.
Ross Burton [Mon, 27 Oct 2025 22:49:05 +0000 (22:49 +0000)]
python3-urllib3: remove rust dependency
python3-cryptography (and thus, rust-native) is only needed by the
urllib3.contrib.pyopenssl module, which is not recommended for use up
the urllib3 upstream maintainers:
Module for using pyOpenSSL as a TLS backend. This module was relevant
before the standard library ssl module supported SNI, but now that
we've dropped support for Python 2.7 all relevant Python versions
support SNI so **this module is no longer recommended**.
Add a PACKAGECONFIG to control whether this module is shipped, and
disable it by default.
This removes rust-native from the default build of urllib3, which is in
the dependencies of other common modules such as requests and sphinx.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 27 Oct 2025 21:38:00 +0000 (22:38 +0100)]
lz4: patch CVE-2025-62813
Pick commit mentioned in NVD report.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
