Whilst this doesn't remove all possible issues, removing files in /bin/
directories, then removing support files (like shared libraries) does
reduce the potential for weird failures if the system calls things like
python3.
[YOCTO #16323]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
devtool: provide explicit error for missing "script" command
Without this "script" command, the "devtool build" provides a very
ambigous error: `/bin/sh: line 1: script: command not found`. With this
patch we provide a more detailed error.
On Fedora 43 the "script" command is not present by default, one needs
to install the "util-linux-script" package. On other systems it's in a
different package.
Signed-off-by: Walter Werner Schneider <contact@schnwalter.eu> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
scripts/rpm2cpio.sh: Use 'xz -dc' instead of xzcat
rpm2cpio.sh calls xzcat to decompress,and xzcat is equivalent to:
xz --decompress --stdout (-d and -c, in short)
Since commit d1930f8, it is assumed that xz is provided, but 'xzcat'
used in rpm2cpio.sh is not listed in HOSTTOOLS. With it being only a
symlink, and with commit eb3ec74 replacing bzip2 with bunzip2 in a
similar way, this fixes the bin_package class for rpm without adding
xzcat to HOSTTOOLS.
5e565948158 This is the 2.46.1 release a195046618e gprof: fix testsuite with older glibc 4bcbe5932ae sim: fix a few -Wdiscarded-qualifiers errors 66bf5c4dd9a Fix even more -Wdiscarded-qualifers issues 3e4fd1a57ec bfd: fix 2 more -Wdiscarded-qualifiers errors e7b4e8eb10a check sframe version in _bfd_elf_parse_sframe e6336a0b1c4 Correct calls to sframe_encoder_free 09a510d7e3f Correct calls to sframe_decoder_free 1f5796eedaf Fix discarded-qualifiers problems in ldlang.c 1d74be61a50 ld: Fix calls to strchr that discard or use wrong const qualifiers 922d530f0aa binutils: fix C23 -Wdiscarded-qualifiers errors b88558ce1a1 Fix the strrchr error for DOS based filesystem 36ced277bcc gprof: Fix strchr discarded qualifier call c27aa8783da ld: Limit PR ld/34088 test to Linux/x86-64 and Linux/aarch64 2cd5360f35a ld: Maintain the input file order 155188ea10a x86: refine special casing of insns with MSR as immediate
The removed soup2 packageconfig option is still included in a condition
to either add libsoup-2.4 or libsoup as a RDEPEND for ${PN}-soup. Since
soup3 is now the only packageconfig option, libsoup can be
unconditionally used.
Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Richard Purdie [Thu, 18 Jun 2026 08:49:17 +0000 (09:49 +0100)]
README: Merge OE-Core and QEMU READMEs into one
OE-Core originally had separate READMEs due to the layout with Poky. This
reason no longer exists and we can merge things into one README now which
should make the contribution information easier to find for users.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Tue, 16 Jun 2026 10:17:24 +0000 (18:17 +0800)]
mesa: upgrade 26.0.6 -> 26.1.2
add patches to fix compilation with GCC < 13
Add two patches to fix build failures when using older GCC:
- Fix typed enum syntax not supported by GCC 11.
- Fix variable declaration after case label not allowed by GCC 10.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jaipaul Cheernam [Tue, 16 Jun 2026 10:57:34 +0000 (12:57 +0200)]
install-buildtools: auto-discover environment setup script via glob
The environment setup script installed by a buildtools tarball is named
environment-setup-<arch>-<sdk-name>-linux. The script previously hardcoded
"pokysdk" for this component, so any distro that ships buildtools under a
different SDK name gets a FileNotFoundError after an otherwise successful
install.
Use glob.glob() to discover the environment setup script by pattern
matching on environment-setup-<arch>-*-linux in the install directory.
Since a buildtools install should produce exactly one such script, error
out if zero or more than one match is found.
Signed-off-by: Jaipaul Cheernam <jaipaul.cheernam@est.tech> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Tue, 16 Jun 2026 12:59:19 +0000 (13:59 +0100)]
ghostscript: upgrade 10.07.0 -> 10.07.1
out-of-tree.patch refreshed for 10.07.1.
[ link updated to new ticket - RB ]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Omkar Patil [Tue, 16 Jun 2026 12:41:49 +0000 (18:11 +0530)]
libinput: fix CVE-2026-50292
In libinput before 1.30.4 and 1.31.x before 1.31.3,
libinput-device-group unescaped phys output can inject
udev properties leading to arbitrary root code execution
Peter Marko [Tue, 16 Jun 2026 19:23:18 +0000 (21:23 +0200)]
vex: drop obsolete conflict check with cve-check class
cve-check class was removed, so this check is obsolete.
>From commit message introducing vex class it's not clear why this check
is present, but presumably to not extend the cve status multiple times.
Thas is no longer possible since commit 45e18f4270d084d81c21b1e5a4a601ce975d8a77 introduced sanity check to
prevent that from happening.
Therefore it's also not necessary to rewrite this check to new
sbom-cve-check(-recipe) classes.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Brings following fixes: ca7933e47d3a [libc++] Disable mistakenly enabled `optional<T&>` constructors for `optional<T>` (#194446) 208ef916cf20 [WebAssembly] narrow instructions use signed saturation (#201798) e80beda6e255 [VPlan] Account for any-of costs in legacy cost model 3397c37d5d31 Inline stack probes immediately after `allocateStack` in `eliminateCallFramePseudoInstr` (#195456) 1f5aee55a3fc [DAG] Narrow vselect mask to vXi1 in foldToMaskedStore (#201609) 070e505ce21d [LLD][ELF] Add missing initialization of Symbol `used` member. 761b9134dd9b [BPF] treat compiler fence as codegen no-op (#196734) 724301d98c6e Fix "Cannot select" crash on bitcast between f64 and int vector types (#201509) 60c18c6aeaed [CMake][Release] Use llvm-bitcode-strip on Darwin for build with -ffat-lto-objects (#200764) b65aa9b5ea8d [Clang] Profile the NNS of UnresolvedUsingType and CXXThisType correctly in concept hashing (#199617) b4fe3880d09b Bump version to 22.1.8
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[RP: Tweak to ensure SUMMARY changes were the correct lines] Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Nicolas Dechesne [Tue, 16 Jun 2026 16:49:59 +0000 (18:49 +0200)]
alsa-ucm-conf: remove stale comment
The "Something went wrong at upstream tarballing" comment was added in
commit 3b69f6c450 ("alsa-ucm-conf: upgrade 1.2.4 -> 1.2.5") to flag a
one-off issue with that release tarball. It has since been carried
forward through every upgrade despite no longer being relevant, so
remove it.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
warning: cryptography-cffi@0.49.0: .../release/build/cryptography-cffi-d4ad0316804194ce/out/_openssl.c:57:10:
fatal error: Python.h: No such file or directory
warning: cryptography-cffi@0.49.0: 57 | #include <Python.h>
warning: cryptography-cffi@0.49.0: | ^~~~~~~~~~
warning: cryptography-cffi@0.49.0: compilation terminated.
Backwards incompatible subset of upstream release notes:
49.0.0 - 2026-06-12
* BACKWARDS INCOMPATIBLE: Support for x86_64 macOS has been removed. We
now only publish arm64 wheels for macOS.
* BACKWARDS INCOMPATIBLE: Support for 32-bit Windows has been removed.
Users should move to a 64-bit Python installation.
* BACKWARDS INCOMPATIBLE: Removed the deprecated PUBLIC_KEY_TYPES,
PRIVATE_KEY_TYPES, CERTIFICATE_PRIVATE_KEY_TYPES,
CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, and CERTIFICATE_PUBLIC_KEY_TYPES
type aliases. Use PublicKeyTypes, PrivateKeyTypes,
CertificateIssuerPrivateKeyTypes, CertificateIssuerPublicKeyTypes, and
CertificatePublicKeyTypes instead. These were deprecated in version
40.0.
* BACKWARDS INCOMPATIBLE: ChaCha20 now treats the first 4 bytes of the
nonce as a 32-bit little-endian block counter (as defined in RFC 7539)
and tracks the number of bytes processed. Attempting to encrypt or
decrypt more data than the counter allows before it would overflow now
raises a ValueError rather than silently diverging from RFC 7539.
Setting the counter portion of the nonce to zero allows encrypting up
to 256 GiB with a given nonce.
* BACKWARDS INCOMPATIBLE: Loading an X.509 certificate whose ECDSA or DSA
signature AlgorithmIdentifier contains encoded NULL parameters now
raises a ValueError. Such certificates are invalid, but older versions
of Java emitted them; previously they loaded with a deprecation
warning.
For full upstream changelog, see:
https://cryptography.io/en/latest/changelog/#v49-0-0
Full comparison of changes:
https://github.com/pyca/cryptography/compare/48.0.1...49.0.0
Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sai Sneha [Mon, 15 Jun 2026 08:43:39 +0000 (14:13 +0530)]
i2c-tools: add LGPL-2.1-or-later license for libi2c
The libi2c library included in i2c-tools is licensed under
LGPL-2.1-or-later, as stated in the upstream README and the
COPYING.LGPL file. Update LICENSE and LIC_FILES_CHKSUM to reflect
this.
Fixes: https://bugzilla.yoctoproject.org/show_bug.cgi?id=16313 Signed-off-by: Sai Sneha <saisneha196@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Thu, 21 May 2026 07:46:47 +0000 (00:46 -0700)]
strace: upgrade 6.19 -> 7.0
[RP: Fix AUH patch location issues] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
