Adrian Freihofer [Mon, 23 Feb 2026 21:06:38 +0000 (22:06 +0100)]
devtool: ide-sdk: support kernel module development
This add very basic support for kernel module development with devtool
ide-sdk. It exports the kernel build environment and sets up
tasks for building and cleaning the module. But it does not yet support
install, deploy, and debug tasks. It looks like possible to offer the
same level of support as for CMake and Meson based projects, but that
requires more work.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 23 Feb 2026 21:06:37 +0000 (22:06 +0100)]
module.bbclass: move environment setup to kernel_module.py
Refactor: move kernel module environment setup from do_devshell to
kernel_module.py
Extract the kernel module environment variable setup from do_devshell
into oe.kernel_module.kernel_module_os_env(). This enables code reuse
for future features such as devtool ide-sdk.
Note: it would also be possible to e.g. bb.utils.py. But when every such
a widely used utility function gets changed, bitbake needs to recompile
a lot of code. Therefore it's probably better to put it into a
separate file. It also is a very specific function, so oe.kernel_module
seems to be a good place.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 23 Feb 2026 21:06:36 +0000 (22:06 +0100)]
devtool: ide-sdk gate gdbserver warnings on recipe need
Add a `wants_gdbserver` attribute to modified recipes and evaluate it
across the selected set. Only emit warnings about missing `gdbserver`
and missing `image-combined-dbg` when at least one recipe actually
requires remote debugging support.
This avoids noisy, irrelevant warnings in setups that do not use
gdbserver.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In shared-sysroot IDE SDK mode, the C++ CMake example test ran CMake
commands but did not assert that configure/build completed successfully.
This could hide failures and produce false positives.
Capture command output from both steps and assert expected messages:
- configure: "Build files have been written to: <builddir>"
- build: "Built target"
This makes the test explicitly fail when CMake configure or build does not
complete as expected.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 23 Feb 2026 21:06:34 +0000 (22:06 +0100)]
oe-selftest: devtool: add compile step in ide-sdk tests
Add explicit compile step to the ide-sdk test workflow. The current
implementation relies on calling bitbake -c install to perform the
install step, which also triggers a build. But this will change when
bitbake will support task execution without handling dependencies.
To make the tests future-proof, add an explicit compile step after
modifying the source code.
This also improves the test coverage for meson based recipes, as the
compile step is now explicitly tested.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Daniel Turull [Wed, 4 Feb 2026 13:42:34 +0000 (14:42 +0100)]
improve_kernel_cve_report: update data if CVE exists
This allow to include additional information if one of the
sources is more complete. Updating description with more
up to date information and including summary.
For example:
Before while using cve_check:
{
"id": "CVE-2025-68167",
"status": "Patched",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2025-68167",
"detail": "fixed-version",
"description": "Fixed from version 6.18"
},
After:
{
"id": "CVE-2025-68167",
"status": "Patched",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2025-68167",
"detail": "fixed-version",
"description": "Fixed from version 6.18",
"summary": "In the Linux kernel, the following (...)"
},
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 2 Mar 2026 04:55:31 +0000 (23:55 -0500)]
linux-yocto/6.18: genericarm64: feature splits and enablement
Integrating the following commit(s) to linux-yocto/.:
98a36302 cfgs/nfc: create an intel-nfc-vendor specific feature 6350b56a netfilter.cfg: enable NF_CONNTRACK_SNMP a425fdd0 pmem.cfg: enable DEV_DAX and DEV_DAX_HMEM 70eeaeff genericarm64.scc: enable TRANSPARENT_HUGEPAGE support d62a1267 security-arm64.cfg: rename CFI_CLANG to CFI b925ef94 security-arm64.cfg: correctly enable KASAN 1fdb98a4 security-arm64.cfg: add comment for ARM64_BTI_KERNEL 6d8bf6f0 security.cfg: move RANDOMIZE_MEMORY to x86_64 18fcb6dc arm.scc: move ARM_CPUIDLE to arm only 7e1d9b2b numa_x86_64.scc: move x86_64 config from numa.cfg to numa_x86_64.cfg e93e999e sound.cfg: split SND_SOC_WM8731 to I2C and SPI variants 5a567776 sound_x86.scc: take over x86 configs from sound.scc 1ae7ce94 genericarm64.cfg: enable MTD NAND ECC support 15d48f71 genericarm64.cfg: enable TI MTD NAND support 40a67254 genericarm64-serial.cfg: set SERIAL_8250_CONSOLE to y 5ee6148e qemu-kvm.cfg: remove extra space 9f780417 firmware.cfg: whitespace fixes bc221187 genericarm64.cfg: fix CONFIG_PM_DEVFREQ_EVENT aef69bf3 Revert "genericarm64.scc: enable OP-TEE support" 6f597e1a genericarm64.cfg: enable SCSI support for HiSilicon etc f1f313cf genericarm64.scc: enable RPMB support a4565911 genericarm64.scc: enable GNSS support 391566e2 gnss.scc: add feature d40a455d genericarm64.cfg: enable more bus drivers 20e41104 genericarm64.cfg: enable PCI_PASID support 0b2967f5 genericarm64.scc: enable NFC support 2643b37e nfc-vendor.scc: move Intel configs to nfc-vendor-intel.cfg b1d00b01 genericarm64.scc: enable RFKILL LED, INPUT and GPIO 92610953 rfkill-extra.scc: add fragment for RFKILL LEDs, input and GPIO support fc7d5f45 bluetooth.cfg: enable BT_LEDS support f18ec272 genericarm64.scc: enable HSR 79fa2c17 hsr.scc: add feature for High-availability Seamless Redundancy (HSR & PRP) 1313923a genericarm64.scc: enable Time Sensitive Networking e190eeff intel-x86.scc: enable hibernation with feature c941f4ee genericarm64.scc: enable hibernation support ce5c6d9d hibernation.scc: add feature 83620a7d bluetooth-usb.cfg: enable MediaTek and RealTek support cf6e1261 bluetooth-hw.cfg: enable BT_MTK ffdd0769 genericarm64.cfg: enable Microchip PHY support
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 2 Mar 2026 04:55:29 +0000 (23:55 -0500)]
linux-yocto/6.18: update to v6.18.11
Updating linux-yocto/6.18 to the latest korg -stable release that comprises
the following commits:
ee4fb138af107 Linux 6.18.11 32f08c3ddd6dd gpio: omap: do not register driver in probe() 116f7bd8160c6 wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add 24a253c3aa6d9 PCI: endpoint: Avoid creating sub-groups asynchronously 60b75407c172e drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free ed82e7949f5ca xfs: fix UAF in xchk_btree_check_block_owner d741534302f71 erofs: fix UAF issue for file-backed mounts w/ directio option 1d6bd6183e723 bus: fsl-mc: fix use-after-free in driver_override_show() d14e991279831 scsi: qla2xxx: Query FW again before proceeding with login f04840512438a scsi: qla2xxx: Free sp in error path to fix system crash c068ebbaf5282 scsi: qla2xxx: Delay module unload while fabric scan in progress ae49d33bfc08b scsi: qla2xxx: Allow recovery for tape devices 1a9585e4c58d1 scsi: qla2xxx: Validate sp before freeing associated memory 1339455044155 wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() 46c1d56ad321f hfs: ensure sb->s_fs_info is always cleaned up 4aa45f841413c nilfs2: Fix potential block overflow that cause system hang 52505d7f713bf crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req e69a7b0a71b65 crypto: virtio - Add spinlock protection with virtqueue notification 2ed27b5a11743 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly 62c89e1992c86 crypto: octeontx - Fix length check to avoid truncation in ucode_load_store d75207465eed2 crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode 65a0016016e8b ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 be7a9bcee0ca6 Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB 8d76b2488eb3c driver core: enforce device_lock for driver_match_device() 16c8be3d55441 smb: client: let send_done handle a completion without IB_SEND_SIGNALED 6bf260ace7301 smb: client: let smbd_post_send_negotiate_req() use smbd_post_send() 69ce4ae2ab65c smb: client: fix last send credit problem causing disconnects cca0526ef2344 smb: client: make use of smbdirect_socket.send_io.bcredits 9eff83600edf6 smb: client: use smbdirect_send_batch processing d059e5fc49755 smb: client: introduce and use smbd_{alloc, free}_send_io() 1f3e8e2c67cbc smb: client: split out smbd_ib_post_send() 8786127068d51 smb: client: port and use the wait_for_credits logic used by server 1fe0f989beb8b smb: client: remove pointless sc->send_io.pending handling in smbd_post_send_iter() 2b08ca3ab6cc5 smb: client: remove pointless sc->recv_io.credits.count rollback b9ec75aba3c8f smb: client: let smbd_post_send() make use of request->wr 5b69ba9978dd0 smb: client: let recv_done() queue a refill when the peer is low on credits f664e6e8a8110 smb: client: make use of smbdirect_socket.recv_io.credits.available 24082642654f3 smb: server: let send_done handle a completion without IB_SEND_SIGNALED 85bf0a73831cc smb: server: fix last send credit problem causing disconnects 5ef18a2e66f2f smb: server: make use of smbdirect_socket.send_io.bcredits cea7afb097b00 smb: server: let recv_done() queue a refill when the peer is low on credits 66c082e3d4651 smb: server: make use of smbdirect_socket.recv_io.credits.available 88cf40f7b5fb4 smb: smbdirect: introduce smbdirect_socket.send_io.bcredits.* e811e60e1cc79 smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available cd25e0d809531 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() e4a8a96a93d08 ksmbd: add chann_lock to protect ksmbd_chann_list xarray 71b5e7c528315 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths c4b9edd559873 smb: client: split cached_fid bitfields to avoid shared-byte RMW races 1658b66fed206 io_uring: allow io-wq workers to exit when unused f02693a40e407 io_uring/io-wq: add exit-on-idle state 41cec610f6906 Linux 6.18.10 31b593fbece63 riscv: Add intermediate cast to 'unsigned long' in __get_user_asm ecd164120c248 ALSA: usb-audio: Use the right limit for PCM OOB check 24ad4cfac0b8e ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU. 57bac08056787 spi: tegra114: Preserve SPI mode bits in def_command1_reg b8eec12aa666c spi: tegra: Fix a memory leak in tegra_slink_probe() 2ac3a105e5149 spi: tegra210-quad: Protect curr_xfer check in IRQ handler d51554dc05695 spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer 3bc293d5b5650 spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer 2d3c0122e9611 spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one 51013068438ac spi: tegra210-quad: Move curr_xfer read inside spinlock e1777c400b7a9 spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer b767cf2d4efc8 regulator: spacemit-p1: Fix n_voltages for BUCK and LDO regulators 3f9b508b3eecc i2c: imx: preserve error state in block data length handler e71e3fa90a151 gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc() 279cb9180510f ASoC: amd: fix memory leak in acp3x pdm dma ops 8434b351cd4ea ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() 01d2fb15f15c1 firmware: cs_dsp: rate-limit log messages in KUnit builds abd66845227c5 firmware: cs_dsp: Factor out common debugfs string read b8ad2d53f706a ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF f3ed399e9aa6f nvme-pci: handle changing device dma map requirements 3c58f6121863c drm/xe/guc: Fix CFI violation in debugfs access. 8b68a45f9722f netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() 32ddd09d1103e hwmon: (occ) Mark occ_init_attribute() as __printf 8abb71d4a1dce drm/xe/pm: Disable D3Cold for BMG only on specific platforms 7c5db0957a230 drm/xe/query: Fix topology query pointer advance 184a84f03b5e6 drm/mgag200: fix mgag200_bmc_stop_scanout() 2e5edb69e5d0e net: gro: fix outer network offset 589a530ae44d0 net: add proper RCU protection to /proc/net/ptype 9f42cb8fafd6d net: ethernet: adi: adin1110: Check return value of devm_gpiod_get_optional() in adin1110_check_spi() 100f3bf914612 drm/amd/display: fix wrong color value mapping on MCM shaper LUT 0031f8829c7fb wifi: iwlwifi: mvm: pause TCM on fast resume 9b9f52f052f49 wifi: iwlwifi: mld: cancel mlo_scan_start_wk 5a2b4b0e9c003 net: enetc: Convert 16-bit register reads to 32-bit for ENETC v4 566ea5769ec27 net: enetc: Convert 16-bit register writes to 32-bit for ENETC v4 f346253e5fd95 net: enetc: Remove CBDR cacheability AXI settings for ENETC v4 d98745c68023f net: enetc: Remove SI/BDR cacheability AXI settings for ENETC v4 c175b1eaf729e tipc: use kfree_sensitive() for session key material f3931416cbdd0 net: rss: fix reporting RXH_XFRM_NO_CHANGE as input_xfrm for contexts 2718ae6af7445 linkwatch: use __dev_put() in callers to prevent UAF 64cf3016234ce io_uring/zcrx: fix page array leak fad7334082cd1 net: don't touch dev->stats in BPF redirect paths 8860ddf0e07be hwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify() 1b2efc593dca9 net: usb: r8152: fix resume reset deadlock cdedcd5aa3f3c macvlan: fix error recovery in macvlan_common_newlink() c9e4daf62ca07 net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module 8553bf2e09828 i40e: drop udp_tunnel_get_rx_info() call from i40e_open() 07bb882485f89 ice: drop udp_tunnel_get_rx_info() call from ndo_open() 7565d4df66b66 ice: Fix PTP NULL pointer dereference during VSI rebuild ef72678c9df0e ice: PTP: fix missing timestamps on E825 hardware 6801ef140fc33 ice: fix missing TX timestamps interrupts on E825 devices 1b381a638e185 dpaa2-switch: add bounds check for if_id in IRQ handler 4640fa5ad5e1a net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup 293eaad0d6d6b net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup d028147ae0640 net: liquidio: Initialize netdev pointer before queue setup 155eb99aff292 dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero 8a672f177ebe1 net/sched: cls_u32: use skb_header_pointer_careful() 9b186feb75267 net: add skb_header_pointer_careful() helper f8611a7981cd0 hwmon: (dell-smm) Add Dell G15 5510 to fan control whitelist 9ee608a64e37c smb/client: fix memory leak in smb2_open_file() faff38ebbfe63 platform/x86/intel/tpmi/plr: Make the file domain<n>/status writeable 9029ccfab2ca9 platform/x86: hp-bioscfg: Skip empty attribute names 6c45a5a7e1e3b platform/x86: intel_telemetry: Fix PSS event register mask f93ae43780b75 platform/x86: toshiba_haps: Fix memory leaks in add/remove routines 245ff08e261ce Revert "drm/amd/display: pause the workload setting in dm" 98bf5bc8cb8cb tracing: Avoid possible signed 64-bit truncation 6dd87f6afe9e9 ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio 3228b2eceb6c3 btrfs: reject new transactions if the fs is fully read-only b4b065a880997 wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice ccb3c75d57039 btrfs: sync read disk super and set block size 7a1bec39c014e wifi: mac80211: correctly check if CSA is active 990e40fb1d111 btrfs: fix Wmaybe-uninitialized warning in replay_one_buffer() 3835e49e146a4 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() 108cbf2b7d295 ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU 1d5f2329ab4df io_uring/rw: free potentially allocated iovec on cache put failure c65a1a72a41e4 riscv: Use 64-bit variable for output in __get_user_asm 4530f4e4d0e6a scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() 8a7ef96e6af91 wifi: cfg80211: Fix bitrate calculation overflow for HE rates 36e88bd40a8c0 spi: intel-pci: Add support for Nova Lake SPI serial flash 7178b36de1850 ALSA: usb-audio: Add delay quirk for MOONDROP Moonriver2 Ti f08f2d2907675 regmap: maple: free entry on mas_store_gfp() failure 7d4c9c448c2b3 spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization 66b73d3f2cfc7 ALSA: hda/tas2781: Add newly-released HP laptop e6ce61e01c9a2 ASoC: tlv320adcx140: Propagate error codes during probe 3ba3d959c17aa ASoC: amd: yc: Fix microphone on ASUS M6500RE 1c90f930e7b41 nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() 62932d9ed639a ALSA: usb-audio: Prevent excessive number of frames e810b290922c5 nvme-fc: release admin tagset if init fails a883080063f97 ASoC: simple-card-utils: Check device node before overwrite direction 61fa85497c7b7 ASoC: davinci-evm: Fix reference leak in davinci_evm_probe 9f665b3c3d9a1 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() 921903d73967f ASoC: Intel: sof_sdw: Add new quirks for PTL on Dell with CS42L43 74309a4b0ffc7 wifi: mac80211: collect station statistics earlier when disconnect da1880c7b6b83 HID: Elecom: Add support for ELECOM M-XT3DRBK (018C) 71434e45bf124 HID: logitech: add HID++ support for Logitech MX Anywhere 3S b1f8285bc8e35 riscv: trace: fix snapshot deadlock with sbi ecall 151589d15ee87 ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free cd7ff7fd3e4b7 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset ecb8653a8fe9d HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) 1e84a807c98a7 HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer 2124279f1f8c3 HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() 6e2108daed94e HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list 645671377158f drm/amd/display: Reduce number of arguments of dcn30's CalculatePrefetchSchedule() eb5d6dedadd66 netfilter: replace -EEXIST with -EBUSY ddab2d0f93200 PCI: qcom: Remove ASPM L0s support for MSM8996 SoC 3210077ed2648 ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk 5b9bbe3d7bb90 x86/sev: Disable GCOV on noinstr object 75f1f512b1567 ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 747b9a7d4c712 HID: playstation: Center initial joystick axes to prevent spurious events 7ae5b35148119 HID: intel-ish-hid: Reset enum_devices_done before enumeration 8b44e75379510 riscv: Sanitize syscall table indexing under speculation 28768bd3abf99 btrfs: fix reservation leak in some error paths when inserting inline extent a206870513cda HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL ea5ef771f3c26 HID: intel-ish-hid: Update ishtp bus match to support device ID table 6de3a371a8b9f btrfs: do not free data reservation in fallback from inline due to -ENOSPC 70dd3513ed6ac smb/server: fix refcount leak in parse_durable_handle_context() c2ed4f71e9288 LoongArch: Enable exception fixup for specific ADE subcode 2bb9c8a77df50 io_uring: use GFP_NOWAIT for overflow CQEs on legacy rings 4665e52bde3b1 smb/server: fix refcount leak in smb2_open() 0107b18cd8ac1 md: suspend array while updating raid_disks via sysfs 9531210f348aa LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED fdda836fcee6f smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() f309b2c7df659 block,bfq: fix aux stat accumulation destination 86acdc1791944 platform/x86: dell-lis3lv02d: Add Latitude 5400 ff6892ea544c4 wifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP 6b7c60feab3c6 net: usb: sr9700: support devices with virtual driver CD 10d3ff7e5812c wifi: mac80211: don't WARN for connections on invalid channels 689a7980e4788 wifi: wlcore: ensure skb headroom before skb_push e0bd226804f8e wifi: mac80211: ocb: skip rx_no_sta when interface is not joined abd219fd48b11 tracing: Fix ftrace event field alignments 116ffca92dc4d binderfs: fix ida_alloc_max() upper bound e9bcfe865188a binder: fix BR_FROZEN_REPLY error log a6050dedb6f1c binder: fix UAF in binder_netlink_report() 287221c5e0707 rust_binderfs: fix ida_alloc_max() upper bound 685bb05d307ac rust_binder: add additional alignment checks 598fe3ff32e43 rust_binder: correctly handle FDA objects of length zero 13de38aa3ea7a sched/fair: Have SD_SERIALIZE affect newidle balancing de7cb4282dafc sched/fair: Skip sched_balance_running cmpxchg when balance is not due 3a15c519d2b0f bus: mhi: host: pci_generic: Add Telit FE990B40 modem support fa2274bb17a4a treewide: Drop pci_save_state() after pci_restore_state() 71c50e60421bb PCI/ERR: Ensure error recoverability at all times 1a893bd719121 hwmon: (gpio-fan) Allow to stop FANs when CONFIG_PM is disabled 37751b6d0b6b5 hwmon: (gpio-fan) Fix set_rpm() return value 4385b2f284354 KVM: Don't clobber irqfd routing type when deassigning irqfd 7a245ef476ffb KVM: selftests: Add -U_FORTIFY_SOURCE to avoid some unpredictable test failures a82647e1a9499 net: spacemit: k1-emac: fix jumbo frame support d5b3a66986697 net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue 488009aa62bb1 net: cpsw: Execute ndo_set_rx_mode callback in a work queue ef763b480a3de nouveau/gsp: fix suspend/resume regression on r570 firmware a20887d5239a3 nouveau/gsp: use rpc sequence numbers properly. 9cc8caba82c2b nouveau: add a third state to the fini handler. 5f645222eb30c Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" 7b6a0f121d502 mm, shmem: prevent infinite loop on truncate race 41a7b9ab855c8 gve: Correct ethtool rx_dropped calculation 11f8311f69e4c gve: Fix stats report corruption on queue count change e9cdd54797dc2 drm/amd: Set minimum version for set_hw_resource_1 on gfx11 to 0x52 d3081353acaa6 cgroup/dmem: avoid pool UAF 5c38604abbfa5 cgroup/dmem: avoid rcu warning when unregister region c13816e8fa23d cgroup/dmem: fix NULL pointer dereference when setting max e258ed369c9e0 ceph: fix oops due to invalid pointer for kfree() in parse_longname() 35e6fd0d5bc30 ARM: 9468/1: fix memset64() on big-endian 46dfdb6f7a79d rbd: check for EOD after exclusive lock is ensured to be held 57b36ffc8881d ceph: fix NULL pointer dereference in ceph_mds_auth_match() e8af57e090790 mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single cbc03ce3e6ce7 procfs: avoid fetching build ID while holding VMA lock eb54ce033b344 pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains 11ca03ce17d7d pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup 5171a3dddf427 pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset 72129d55be9ce pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup d72563e402bab pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state 5727ccf9d19ca ALSA: aloop: Fix racy access at PCM trigger 21816bbc8492f platform/x86: intel_telemetry: Fix swapped arrays in PSS output b5a02290ee3a4 KVM: x86: Explicitly configure supported XSS from {svm,vmx}_set_cpu_caps() a94b956bb7272 x86/kfence: fix booting on 32bit non-PAE systems feb603a69f830 x86/vmware: Fix hypercall clobbers ab200d71553bd nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
QB_MEM works in recipe scope because testimage.bbclass reads it from the
current recipe datastore (d) at test time via the qemuboot.conf mechanism.
PTEST_RUNNER_TIMEOUT was only available through testdata.json (written
during image build via export2json). The testimage task reads td from the
potentially stale testdata.json, and PTEST_RUNNER_TIMEOUT was never
refreshed from the live recipe context.
[YOCTO #16163]
Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tim Orling [Fri, 27 Feb 2026 19:39:29 +0000 (11:39 -0800)]
core-image-ptest: add PTEST_RUNNER_TIMEOUT
In lib/oeqa/runtime/cases/ptest.py, the timeout used to be hardcoded to 450 seconds.
Now that it is a variable, make that a bit more obvious by setting a default value.
Set PTEST_RUNNER_TIMEOUT for python3-cffi to 600 seconds as it is known to come close
to and surpass the 450 second limit under heavy load.
Fixes: [YOCTO #16163] Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Francesco Valla [Sun, 1 Mar 2026 21:17:03 +0000 (22:17 +0100)]
kernel-fit-image: support arbitrary loadables
Allow a user to insert additional, arbitrary loadables in a FIT image.
The loadables can be specified through the FIT_LOADABLES variable as
a list, with parameters defined by flags on dedicated FIT_LOADABLE_*
variables; they will be included in all configurations.
Sensible defaults will be used for some parameters (type, compression,
description, arch, os) if the corresponding flag is not set, while
others (load address and entry point) will be omitted in the final FIT
image.
As an example, the following configuration can be specified to add as
loadables a TF-A BL31 firmware and a (compressed) TEE firmware, to be
loaded respectively at 0x204E0000 and 0x96000000:
Signed-off-by: Francesco Valla <francesco@valla.it> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Livin Sunny [Fri, 27 Feb 2026 22:38:02 +0000 (16:38 -0600)]
busybox: Fixes CVE-2025-60876
This addresses CVE-2025-60876[1], which allows malicious URLs to inject
HTTP headers. It has been accepted by Debian[2] and is tracked here [4].
The upstream fix has been submitted [3] and is pending merge.
Changqing Li [Sat, 28 Feb 2026 09:27:52 +0000 (17:27 +0800)]
toolchain-scripts-base.bbclass: remove timestamp
This timestamp makes the package meta-environment-qemux86-64 not
reproducible, and it is the time when the package is built, mabybe not
that important, the key info is the meta revision.
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Fri, 27 Feb 2026 02:24:20 +0000 (02:24 +0000)]
runqemu: restore support to run inside SDK
Using runqemu from SDK has been supported for a long time[1].
Below are example steps for using runqemu inside SDK.
1. mkdir destdir
2. cp -r /path/to/build/tmp/deploy/image/qemux86-64 destdir
3. Install SDK to destdir
4. Source SDK
5. runqemu qemux86-64 nographic slirp
Recently the related code path was deleted by accident during
an effort to make codes cleaner and more consistent.
We need to restore support for it.
What actually matters is the STAGING_BINDIR_NATIVE, which we
use to locate the qemu binary. So in case of SDK, we set it
from OECORE_NATIVE_SYSROOT. The STAGING_DIR_NATIVE checking
and setting are meaningless, thus deleting it.
A notable change is:
1. This release now uses Mike Haertel's MinRX regular expression matcher
as the default regexp engine. The old regex and dfa engines are still
available.
The former regex matcher is selectable at run-time by setting the environemnt
variable:
GAWK_GNU_MATCHERS
More details are available here:
https://cgit.git.savannah.gnu.org/cgit/gawk.git/tree/README_d/README.matchers?h=gawk-5.4-stable
Switch the tarball from .gz to .xz to reduce size by ~3MB.
No ptests errors for x86-64 for glibc/musl.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: Package /etc/ssl/openssl.conf.d in openssl-conf
Since the /etc/ssl/openssl.conf file is packaged in openssl-conf, it
makes sense to also add the new /etc/ssl/openssl.conf.d directory to the
same package.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Thu, 26 Feb 2026 20:19:50 +0000 (21:19 +0100)]
oe-init-build-env: Drop VSCode setup
Remove the VSCode setup from oe-init-build-env.
Since poky as a combo-layer repository is no longer available, using the
oe-init-build-env script from openembedded-core is no longer
straightforward. There are too many ways to set up a build environment,
with different directory structures, with containers involved or not,
etc. Each of these setups may have its own way to provide IDE support.
A simple shell script like oe-init-vscode cannot address all these use
cases. Rather than trying to make oe-init-build-env smart enough to
cover all these cases, it is better to delegate the responsibility to
whatever tool or repository is used to set up the build environment.
If no tool such as bitbake-setup is used, it is still possible to use
a variant of the oe-setup-vscode script from a custom layer. One way
which works well is to create a custom oe-init-build-env script in the
custom layer repository which calls the custom oe-setup-vscode script
from the custom layer repository. Example directory structure:
my-project/
├── .vscode # generated by oe-setup-vscode
| # when oe-init-build-env is called
├── layers/
│ └── openembedded-core/
| └── bitbake/
├── scripts/
│ └── oe-setup-vscode
├── build/
│ └── conf
└── oe-init-build-env
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update RDEPENDS for perl-module-extutils-parsexs, refer [1], this should
fix libmodule-build-perl ptest failure:
Failed to load or import from ExtUtils::ParseXS (version 3.57). Please
check that ExtUtils::ParseXS is installed correctly and that the newest
version will be found in your @INC path: Can't locate
ExtUtils/ParseXS/Node.pm in @INC
New Features:
Support for new instructions added to AMD, ARM and RISC-V architectures.
Support for version 3 of the SFrame standard.
The readelf program can now display the contents of Global Offset Tables.
Improved linker tagging support.
Dropped patches:
0001-aarch64-constify-BTI-and-GCS-report-functions.patch
Since the fix is already included in binutils 2.46.
CVE patches: CVE-2025-11081,CVE-2025-11082,CVE-2025-11083,
CVE-2025-11839,CVE-2025-11840,CVE-2025-11412,CVE-2025-11413,
CVE-2025-11414,CVE-2025-11494,CVE-2025-11495.
These were dropped because they are already addressed in binutils 2.46.
Drop CVE_STATUS:
binutils 2.46 has needed fixes for CVE-2025-7545 and CVE-2025-7546.
Testcases changes:
-------------------------------------------------------------------------------
Testcase-name 2.45.1 2.46
-------------------------------------------------------------------------------
nm --ifunc-chars=-- (global ifunc) - PASS
nm --ifunc-chars=-- (local ifunc) - PASS
copy with unknown section flag - PASS
objcopy tek2bin - PASS
binary symbol (implicit) - PASS
binary symbol (explicit) - PASS
readelf SFrame V2 (x86-64/test-v2-ET_EXEC.sframe) - PASS
objdump SFrame V2 (x86-64/test-v2-ET_EXEC.sframe) - PASS
readelf SFrame V2 (x86-64/test-v2-ET_REL.sframe) - PASS
objdump SFrame V2 (x86-64/test-v2-ET_REL.sframe) - PASS
run objcopy of executable UNSUPPORTED PASS
run stripped executable UNSUPPORTED PASS
run stripped executable with saving a symbol UNSUPPORTED PASS
Copy object attributes v2 data from an object to another - UNSUPPORTED
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A trailing slash or consecutive slashes anywhere in TMPDIR cause
BitBake variable expansion to embed those redundant slashes into
derived variables such as STAGING_DIR and WORKDIR. The sstate
machinery in sstate_add() normalises its directory arguments via
os.path.normpath(), so manifest entries always contain clean paths.
Functions in staging.bbclass that read the same variables directly
via d.getVar() without normalising then fail to match manifest
entries, silently staging files to wrong locations and causing
do_populate_sysroot to abort.
Although POSIX permits paths with redundant slashes, they break the
string-matching assumptions embedded in the staging machinery, so
treat any TMPDIR that differs from its normalised form as an error.
Signed-off-by: Sam Povilus <sam.povilus@amd.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ricardo Simoes [Wed, 25 Feb 2026 16:27:47 +0000 (17:27 +0100)]
u-boot: Copy U-Boot script to B when suffix is not scr
With the introduction of the UNPACKDIR variable, commit [1] changed the
expected location of UBOOT_ENV_BINARY to B. This works fine when
UBOOT_ENV_SUFFIX is "scr" but it does not copy the script when it is
not. As documented in [2], it is expected that with any other value of
UBOOT_ENV_SUFFIX the script gets installed verbatim.
This commit fixes that by copying UNPACKDIR/UBOOT_ENV_SRC to
B/UBOOT_ENV_BINARY when UBOOT_ENV_SUFFIX is not "scr", as documented.
Leon Anavi [Wed, 25 Feb 2026 08:50:09 +0000 (10:50 +0200)]
python3-maturin: Upgrade 1.11.5 -> 1.12.4
Upgrade to release 1.12.4:
- Upgrade memmap2 version
- fix: platform tag detection for Android targets
- fix: only ignore maturin-generated native libraries on all platforms
- fix: ignore develop artifacts for all binding types during build
- feat: support conditional cargo features based on Python version
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
devtool: standard: Add new patches in correct order when finishing
Make sure that new patches that are added as a result of using devtool
finish are added to the SRC_URI in the same order they were committed.
Previously, the order was a result of the arbitrary order the patch
files were returned by os.walk(), which typically resulted in them being
added to the SRC_URI in the reverse order they were committed.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy MacLeod [Tue, 24 Feb 2026 21:42:59 +0000 (16:42 -0500)]
socat: upgrade 1.8.1.0 -> 1.8.1.1
Drop patch:
0001-fix-compile-failed-with-musl.patch
which is merged upstream: a235f59 Avoid compilation issue in xio-netlink.c with Musl libc
commit log:
4ce8786 Version 1.8.1.1 f13b27d A few minor corrections d5a2c46 Fixed a few buffer read overruns b314687 Fixed issue with POSIXMQ in unidirectional context a235f59 Avoid compilation issue in xio-netlink.c with Musl libc a7058c9 Fixed strchr with const for new glibc 35d5da1 Fixed timestamps of -v and -x (really)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy MacLeod [Tue, 24 Feb 2026 21:42:57 +0000 (16:42 -0500)]
nfs-utils: upgrade 2.8.4 -> 2.8.5
Commits (aside from typo fixes):
4e9b31fe Release: 2.8.5 00e2e62b nfsdctl: add support for min-threads parameter 4c275442 systemd: drop Wants=network-online.target for rpc-statd-notify 03b9c540 nfsiostat: normalize the mountpoints passed in from the command line 59e85671 Rename CONFIG_NFSV41 to CONFIG_BLKMAPD and disable by default 3b7de50f nfsdctl: ignore ipv6 listener creation error 0e71be58 locktest: use correct build flags 077b70fe sm-notify: Do not drop privileges if running as non-root user 8600bbb7 gssd: protect kerberos ticket cache access
CONFIG_NFSV41 was renamed to CONFIG_BLKMAPD so update the associated PACKAGEONFIG option.
Drop: 0001-locktest-Makefile.am-Do-not-use-build-flags.patch which as merged in: 0e71be58 locktest: use correct build flags
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Benjamin Robin [Tue, 24 Feb 2026 09:17:19 +0000 (10:17 +0100)]
meta: fix generation of kernel CONFIG_ in SPDX3
With the current solution, using a separate task
(do_create_kernel_config_spdx) there is a dependency issue. Sometimes
the final rootfs SBOM does not contain the CONFIG_ values.
do_create_kernel_config_spdx is executed after do_create_spdx which
deploys the SPDX file. do_create_kernel_config_spdx calls
oe.sbom30.find_root_obj_in_jsonld to read from the deploy directory,
which is OK, but the do_create_kernel_config_spdx ends up writing to
this deployed file (updating it).
do_create_rootfs_spdx has an explicit dependency to all do_create_spdx
tasks, but there is nothing that prevents executing
do_create_kernel_config_spdx after do_create_rootfs_spdx.
To fix it, instead, now read from the workdir, and write to the
workdir, and do the processing from the do_create_spdx task:
we append to the do_create_spdx task.
Furthermore, update oeqa selftest to execute do_create_spdx instead
of removed function.
Also only execute this task if create-spdx-3.0 was inherited,
previously this code could be executed if create-spdx-2.2 is
inherited.
Fixes: 228a968e7c47 ("kernel.bbclass: Add task to export kernel configuration to SPDX") Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 26 Feb 2026 11:31:27 +0000 (11:31 +0000)]
bitbake.conf: Switch BB_SIGNATURE_HANDLER to OEEquivHash by default
Hash Equivalence is an extremely powerful feature for reducing build time.
In simple terms, if something is rebuilt and the output is the same as a
previous build, all sstate build artefacts beyond that point can be reused
instead of being rebuilt.
This can be done with a local hash equivalence database/server which is the
default and even local builds with a local sstate can benefit hugely from it.
There is an assumption that builds are reproducible in order for this to work
optimally.
The downside is that when enabled to pull from a shared sstate cache, you need
to use a common hash equivalence server to match it for things to work well.
OE-Core wasn't enabling hash equivalence by default but this changes it to do
so. This has been extensively tested as the deafault in Poky for a long time.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade the firmware package to latest release. Add firmware for TI
TAS2783, Qualcomm Adreno A801, Qualcomm Glymur, Radxa Dragon Q6A CDSP
and several Intel Sensors Hub firmware versions. Also pick up several
ADSP topologies for Qualcomm X Elite and Qualcomm SM8450 based devices.
License-Update: copyright years, new firmware Co-developed-by: Sairamreddy Bojja <sbojja@qti.qualcomm.com> Signed-off-by: Sairamreddy Bojja <sbojja@qti.qualcomm.com> Cc: Vivek Puar <vpuar@qti.qualcomm.com> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 23 Feb 2026 22:18:31 +0000 (23:18 +0100)]
cve-exclusions: set status for 5 CVEs
Reuse work of Debian researchers and set status for fixed CVEs
accordingly.
These are not tracked by kernel itself, so generated exclusions won't
help here.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 23 Feb 2026 22:18:30 +0000 (23:18 +0100)]
linux-yocto: apply cve-exclusions also to rt and tiny recipe variants
Version is the same as base kernel, only configuration differs.
There is no reason to not apply the exclusions to all variants.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adam Duskett [Mon, 23 Feb 2026 15:39:22 +0000 (16:39 +0100)]
rpm/rootfs.py: ensure exit 1 has a word boundary
Currently, If a package installed by dnf has the word "exit" followed by
"100%" in the log file, the rpm/rootfs.py regex matches a failure thanks to
the "exit 1"00%, such as the following:
lz4: Remove a reference to the rejected CVE-2025-62813
The CVE-2025-62813 is rejected so do not reference it anymore.
So keep the patch but without referencing the CVE identifier.
The CVE database indicates the following reason:
This candidate was withdrawn by its CNA. Further investigation
showed that it was not a security issue.
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
avahi: Remove a reference to the rejected CVE-2021-36217
CVE-2021-36217 is rejected, and should no longer be referenced.
CVE-2021-36217 is a duplicate of CVE-2021-3502 which is already
referenced in the local-ping.patch.
The CVE database indicates the following reason:
ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of
CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502
instead of this candidate. All references and descriptions in this
candidate have been removed to prevent accidental usage.
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Sun, 22 Feb 2026 12:07:36 +0000 (13:07 +0100)]
kernel.bbclass: remove dependency on initramfs when not bundled
Previously, the kernel recipe depended on the initramfs image even when
INITRAMFS_IMAGE_BUNDLE was not enabled. This caused the kernel to be
rebuilt whenever the initramfs image changed, regardless of whether the
kernel actually included the initramfs.
The problematic chain was:
linux:do_deploy ->
linux:do_bundle_initramfs ->
image-initramfs:do_image_complete
The original intent (acc. to the comment) was to ensure the initramfs
image was available for tools like wic. However, apart from bundling the
initramfs in the kernel, there is probably no reason why the kernel
should depend on the initramfs. And it is therefore simply wrong if it
does so anyway. Thus, use cases that may be broken by these change are
based on a bug, not a feature. This needs to be fixed by adding a
dependency on the initramfs in the right place, not in the kernel where
this destroys the kernel's sstate-caching.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Sun, 22 Feb 2026 12:07:35 +0000 (13:07 +0100)]
image_types_wic.bbclass: add depend on initramfs
When the wic image creation requires an initramfs image that is not bundled
with the kernel (INITRAMFS_IMAGE_BUNDLE != "1"), ensure that the initramfs
image is built before attempting to create the wic image by adding an
explicit dependency on do_image_complete.
Previously, this dependency was incorrectly handled by kernel.bbclass.
This change moves the responsibility to image_types_wic.bbclass where
it belongs.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:26 +0000 (08:42 +0000)]
bitbake.conf: Enable opengl ptest multiarch wayland vulkan in DISTRO_FEATURES by default
This change enables the modern graphics stack defaults of opengl, wayland and
vulkan, it enables mutliarch which allows gcc, binutils and gdb to target
multiple file formats and it also enables ptests by default
This means that:
* nodistro builds will match the Yocto Project sstate CDN objects
* we have modern graphics defaults
* users will see ptest issues more clearly and be more likely to test
before sending patches
These DISTRO_FEATURES have been tested and used as defaults in poky for a
long time, this brings them into sync.
Backfill is used so those with their own distro can set the
DISTRO_FEATURES_BACKFILL_CONSIDERED variable to stop the backfill happening
for speccific values.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Anything that defines multiple git sources should have the largest value
taken when calculating the SOURCE_DATE_EPOCH for a package.
The previous iteration actually introduced some degree of randomness, as
it would stop on the first git repository reported by os.walk, which
does not assure any specific ordering by default.
Randy MacLeod [Thu, 19 Feb 2026 19:12:20 +0000 (14:12 -0500)]
coreutils: upgrade 9.9 -> 9.10
From https://lists.gnu.org/archive/html/coreutils-announce/2026-02/msg00000.html
Notable changes include:
- Options in man pages link directly into the full web docs
- timeout(1) now kills the command for all terminating signals
- paste(1) is now multi-byte character aware
- cp(1) fixes an unlikely infinite loop introduced in v9.9
- The multi-call binary is 3.2% smaller
Drop the 2 backported patches which are now part of 9.10.
License-Update: copyright years refreshed
For ptests, also install coreutils.texi which is used for a new test that ensures
there is an anchor for each --help option for all of coreutils' programs. See:
https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?h=v9.10&id=77e6b5d8f8d1ebc3125d6585a266a912a1123791
Most of the skipped tests are due to being "very expensive" according to the coreutils developers.
The other skipped tests need strace, gdb, etc or locale dependencies which has not yet been added.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy MacLeod [Thu, 19 Feb 2026 19:12:19 +0000 (14:12 -0500)]
coreutils: kill and uptime are no longer installed
In coreutils-9.10, as explained in: 6b399ad35 build: kill(1), uptime(1): don't install by default
* build-aux/gen-lists-of-programs.sh: kill and uptime are not installed
by arch, debian, fedora, suse at least, so add to disabled list.
Fixes https://github.com/coreutils/coreutils/issues/132
Note that in oe-core:
kill is provided by busybox, procps and util-linux
uptime is provided by busybox and procps
and in other layers there may be other providers of these commands.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This has been causing a significant performance regression,
to the point where AUH wasn't able to complete upgrades with
particularly large number of git commits between releases [1].
After discussing with Peter [2], running 'oe-selftest -r devtool' with this change (100% pass),
and also doing an AUH run with it, and reviewing the output I think this is fine to remove:
the case is either very niche or non-existent, and if it appears again, we
should come up with a better fix.
Aditya Kurdunkar [Wed, 18 Feb 2026 22:55:44 +0000 (04:25 +0530)]
externalsrc: fix duplicate entries in .git/info/exclude
`readlines()` preserves trailing newlines, so the duplicate check
against the stripped link name never matched. Strip lines before
comparing to prevent repeated entries on each devtool modify run.
Jan Luebbe [Mon, 16 Feb 2026 15:02:01 +0000 (16:02 +0100)]
openssl: add support for config snippet includes
This allows configuration (such as enabling providers) to be done by
adding snippet files to /etc/ssl/openssl.cnf.d instead of modifying a
copy of the full configuration file. As new snippets can be added from
separate recipes, targeted changes can be done in multiple layers.
For example, the pkcs11-provider can be enabled by adding a pkcs11.cnf
containing something like:
[default_sect]
activate = 1
Peter Marko [Fri, 20 Feb 2026 20:53:15 +0000 (21:53 +0100)]
alsa-lib: patch CVE-2026-25068
Pick patch mentioned in NVD report.
It also includes CVE ID in commit message.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Wed, 18 Feb 2026 22:53:25 +0000 (23:53 +0100)]
glib-2.0: upgrade 2.86.3 -> 2.86.4
Fixes CVE-2026-1484, CVE-2026-1485 and CVE-2026-1489.
Release notes [1]:
Overview of changes in GLib 2.86.4, 2026-02-13
* Fix several security vulnerabilities of varying severity (see below
for details)
* Bugs fixed:
* #3858 (closed) glib-compile-resources: Incorrect compiler detection
on Windows when building GTK causes a DoS (L. E. Segovia)
* #3863 (closed) Iterating over a short (preallocated) GVariant
bytestring invalidly refs a NULL GBytes (Christian Hergert)
* #3870 (closed) (CVE-2026-1484) (YWH-PGM9867-168) Integer Overflow ->
Buffer Underflow on Glib through glib/gbase64.c via
g_base64_encode_close() leads to OOB Write (Marco Trevisan)
* #3871 (closed) (CVE-2026-1485) (#YWH-PGM9867-169) Buffer underflow
on Glib through gio/gcontenttype-fdo.c via parse_header() lead to
OOB Read/Write (Marco Trevisan)
* #3872 (closed) (CVE-2026-1489) (#YWH-PGM9867-171) Integer Overflow
on Glib through glib/guniprop.c via output_marks() lead to OOB Write
in glib/gutf8.c:g_unichar_to_utf8() (Marco Trevisan (Treviño))
* !4946 (merged) Update Romanian translation glib-2-86
* !4955 (merged) Backport !4954 (merged) “glib-compile-resources:
Always assume MSVC compiler if VCINSTALLDIR is set” to glib-2-86
* !4961 (merged) Backport !4960 (merged) “glib/gvariant: add failing
test for bytestring and fix it” to glib-2-86
* !4979 (merged) [glib-2-86] gbase64: Use gsize to prevent potential
overflow
* !4981 (merged) [glib-2-86] gio/gcontenttype-fdo: Do not overflow if
header is longer than MAXINT
* !4984 (merged) [glib-2-86] guniprop: Use size_t for output_marks
length
* !5010 (merged) Update Kazakh translation
* Translation updates:
* Kazakh (Baurzhan Muftakhidinov)
* Romanian (Antonio Marin)
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 16 Feb 2026 13:48:35 +0000 (13:48 +0000)]
cmake: remove obsolete patches
0001-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal.patch can be
replaced with two variable assignments to seed the results we want.
0002-CMakeLists.txt-disable-USE_NGHTTP2.patch is not needed anymore as
the vendored curl will disable the use of nghttp2 automatically if it
isn't found.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:30 +0000 (08:42 +0000)]
distro/defaultsetup: Enable space optimization tweaks
This enables a collection of tweaks which reudce build output size where
the output has been found to be particularly problematic.
This reduces sstate object size as well as on disk build footprint, it
also helps memory usage for linking some of the recipes. This in turn
improves built speed and the smaller sstate objects are faster to compress,
decompress and transfer over the network.
This change has been tested in poky for a long time.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:29 +0000 (08:42 +0000)]
distro/defaultsetup: Enable security flags by default
This defaults to including our security flags which use stack-protector-strong
and D_FORTIFY_SOURCE=2 by default, as aids to improve detection of security issues.
This change has been tested in poky for a long time and allows us to align
our default compilation flags and environment.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:28 +0000 (08:42 +0000)]
distro/defaultsetup: Enable no-static-libs by default
In general, few people use statlic libraries. They are however large and take up a lot
of space on disk as well as taking time to compress/decompress and tranfser in sstate
objects.
This change disables most of them by default for disk space and speed/size performance
benefits.
This change has been tested in poky for a long time.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:27 +0000 (08:42 +0000)]
defaultsetup: Enable uninative by default
uninative allows reuse of native sstate built on one distro on another. This change
enables it by default, as has been done by default in poky for a long time.
The reason for the change is that this makes the sstate CDN much more useful
to speed up builds if good network access is available. It also standardises
the builds to our usual testing configuration, removing one key difference
which new users sometimes run into.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:25 +0000 (08:42 +0000)]
conf: Switch to systemd by default and simplify init manager selection
This change effectively switches things to use INIT_MANAGER to select the init
system and drops the old compatibility 'none' method. The init manager selection
is now complex enough that requiring users to select it makes sense.
The new default is systemd, which reflects popular opinion. This is known to have
issues in some of our configurations such as musl but is also frequently asked for.
Anyone replacing defaultsetup.conf in their own setup will need to provide
equivalent functionality but that is execpted for any of the settings in there.
This change drops sysvinit from the default distro features backfill, meaning
we no longer need to remove it in systemd setups and places the init managers
on a more equal and equivalent standing.
This is a behaviour change for anyone using nodistro and anyone not already
setting INIT_MANAGER explictly. This does not change the default for distros
which select an init manager already (e.g. poky).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:16:47 +0000 (08:16 +0000)]
conf/distro: Drop default-versions.inc
This conf file used to be useful when we had multiple versions of recipes
but we no longer do that and the file is empty. Remove it as obsolete and
not needed anymore.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:16:46 +0000 (08:16 +0000)]
binutils: Drop unneeded and problematic vardeps explict value and immediate expansion
This was introduced in 0788cf349fe37ef4a36c626dbc396c97d1ab14d7 as a way of
tracking the EXTRA_OECONF changes. These should be tracked reliably by the
contains() code now so it is assumed this was working around a bug at the time.
I checked the current task hashes and that information is there.
Therefore drop this bit of code as the immediate expansion causes inaccurate
values.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Similar to native, backfilling of items from DISTRO_FEATURES when
combined with DISTRO_FEATURES_FILTER_NATIVESDK was not functioning
correctly.
Ensure the backfill is applied before filtering, then clear the value to
prevent further backfill. This makes the nativesdk and crosssdk cases
match the native code.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sunil Dora [Thu, 19 Feb 2026 12:59:18 +0000 (04:59 -0800)]
rust: Enable dynamic linking with llvm
Fixes [Yocto #16058]
A segmentation fault occurs in rustc (e.g. in
llvm::X86ReadAdvanceTable) when reusing sstate artifacts built with
different host toolchain versions.
Issue sequence:
1. llvm-native is built with a newer toolchain
(e.g. GCC 15/Binutils 2.45).
2. rust-native is later built with an older linker.
(e.g. GCC 12/Binutils 2.40).
3. The older linker statically links parts of llvm-native into
librustc_driver.
4. The resulting binary crashes at runtime inside the statically
linked LLVM code.
The corruption happens at link time when mixing static native objects
produced by different toolchain generations.
Enable dynamic LLVM linking (link-shared = true) for rust-native so rustc
links against libLLVM.so instead of static archives, avoiding host linker
incompatibilities when reusing sstate artifacts.
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Suggested-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
