Wang Mingyu [Thu, 19 Mar 2026 10:13:19 +0000 (18:13 +0800)]
python3-pyopenssl: upgrade 25.3.0 -> 26.0.0
Changes:
- Added support for using aws-lc instead of OpenSSL.
- Properly raise an error if a DTLS cookie callback returned a cookie longer
than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a
buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459
- Added OpenSSL.SSL.Connection.get_group_name to determine which group name was
negotiated.
- Context.set_tlsext_servername_callback now handles exceptions raised in the
callback by calling sys.excepthook and returning a fatal TLS alert.
Previously, exceptions were silently swallowed and the handshake would proceed
as if the callback had succeeded. Credit to Leury Castillo for reporting this
issue. CVE-2026-27448
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Thu, 19 Mar 2026 10:13:17 +0000 (18:13 +0800)]
python3-numpy: upgrade 2.4.2 -> 2.4.3
Changelog:
============
- MAINT: Prepare 2.4.x for further development
- BUG: Fix some leaks found via LeakSanitizer
- MAINT: Synchronize 2.4.x submodules with main
- TYP: matlib: missing extended precision imports
- BUG: Fix weak hash function in np.isin().
- BUG: fix infinite recursion in np.ma.flatten_structured_array...
- BUG: Fix buffer overrun in CPU baseline validation
- BUG: Fix busdaycalendar's handling of a bool array weekmask....
- BUG: Fix reference leaks and NULL pointer dereferences
- MAINT: fix two minor issues noticed when touching the C API setup
- ENH: Test .kind not .char in np.testing.assert_equal
- BUG: fix type issues in uses if PyDataType macros
- MAINT: Don't use vulture 2.15, it has false positives
- MAINT: update openblas
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 18 Mar 2026 13:44:40 +0000 (07:44 -0600)]
spdx: Update to latest bindings
Updates the to bindings generated from version 1.0.0 of shacl2code.
These bindings make some changes to the way extension classes are
generated, add support for context in generate SPDX files, and are about
25% faster and more space efficient than the previous version
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 18 Mar 2026 13:44:39 +0000 (07:44 -0600)]
spdx: Remove do_collect_spdx_deps task
Removes the do_collect_spdx_deps task. This task was added a long time
ago, and appears to have been added due to a misunderstanding about how
the task graph works. It is not necessary since tasks can directly call
collect_direct_deps() with the appropriate task that they depend on to
get their dependencies.
This should fix several classes of SPDX bug where documents could not be
found because the wrong deps were being looked for due to which tasks
were re-run
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 18 Mar 2026 13:44:36 +0000 (07:44 -0600)]
spdx: Remove fatal errors for missing providers
When creating images and SDKs, do not error on missing providers. This
allows recipes to use the `nospdx` inherit to prevent SPDX from being
generated, but not result in an error when assembling the final image.
Note that runtime packages generation already ignored missing
providers, so this is changing image and SDK generation to match
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 18 Mar 2026 13:44:35 +0000 (07:44 -0600)]
spdx30: Remove package VEX
Removes VEX statements from packages. These are no longer necessary
since the VEX data is now attached to the recipes, which significantly
reduces the duplication of the data, and thus the size of the SPDX
output files.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 18 Mar 2026 13:44:34 +0000 (07:44 -0600)]
spdx_common: Check for dependent task in task flags
Checks that the task being used to detect dependencies is present in at
least one dependency task flag of the current task. This helps prevent
errors where the wrong task is specified and never found.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 18 Mar 2026 13:44:33 +0000 (07:44 -0600)]
spdx: De-duplicate CreationInfo
De-duplicates CreationInfo objects that are identical (except for ID)
when writing out an SBoM. This significantly reduces the number of
CreationInfo objects that end up in the final document.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 18 Mar 2026 13:44:32 +0000 (07:44 -0600)]
spdx30: Include patch file information in VEX
Modifies the SPDX VEX output to include the patches that fix a
particular vulnerability. This is done by adding a `patchedBy`
relationship from the `VexFixedVulnAssessmentRelationship` to the `File`
that provides the fix.
If the file can be located without fetching (e.g. is a file:// in
SRC_URI), the checksum will be included.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 18 Mar 2026 13:44:29 +0000 (07:44 -0600)]
spdx3: Add recipe SPDX data
Adds a new package to the SPDX output that represents the recipe data
for a given recipe. Importantly, this data contains only things that can
be determined statically from only the recipe, so it doesn't require
fetching or building anything. This means that build time dependencies
and CVE information for recipes can be analyzed without needing to
actually do any builds.
Sadly, license data cannot be included because NO_GENERIC_LICENSE means
that actual license text might only be available after do_fetch
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kai Kang [Wed, 18 Mar 2026 10:10:25 +0000 (18:10 +0800)]
packagegroup-core-tools-profile: add lttng-modules to LTTNGTOOLS
It has removed lttng-modules from lttng-tools's RRECOMMENDS, so add
lttng-modules to LTTNGTOOLS in packagegroup-core-tools-profile.bb to
make its dependent packages unchanged.
[RP: Fix for riscv64 which doesn't support lttng-modules] Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kai Kang [Wed, 18 Mar 2026 10:10:24 +0000 (18:10 +0800)]
lttng-tools: not rrecommend on lttng-modules
As in the lttng manual [1]:
Most distributions mark the LTTng-modules and LTTng-UST packages as
optional when installing LTTng-tools (which is always required). In
the following sections, we always provide the steps to install all
three, but note that:
* You only need to install LTTng-modules if you intend to use the
Linux kernel LTTng tracer.
* You only need to install LTTng-UST if you intend to use the user
space LTTng tracer.
there should be no force dependency between lttng-tools and
lttng-modules. When set lttng-modules in RRECOMMENDS, it always forces
to build lttng-modules whether it is required or not.
Compare to rpm spec [2] and debian conf [3], there are no any dependency
between them too.
Ricardo Ungerer [Tue, 17 Mar 2026 22:03:50 +0000 (22:03 +0000)]
documentation.conf: Add LICENSE_FLAGS related variables
The LICENSE_FLAGS, LICENSE_FLAGS_ACCEPTED, and LICENSE_FLAGS_DETAILS
documented in [1] are not listed in documentation.conf. This commit adds
them to the documentation.conf file.
Highlights in v2026.03.0:
- Security fix: signed FIT image vulnerability fixed; users doing
secure boot with signed FIT images should update to this release
- Added Rockchip RK3562 SoC support along with KickPi K3 board
- USB Fastboot now supports booting Linux kernels generically across
architectures (previously limited to ARM32 zImage)
- CI infrastructure gained PowerPC Qemu test coverage
- ARM NXP i.MX8MP: Fixed SoC UID incorrectly reading 64bit instead of
128bit; enable CONFIG_ARCH_IMX8MP_KEEP_COMPATIBLE_SOC_UID if rolled
out devices depend on constant SoC UID
For full release notes, see:
https://lore.kernel.org/barebox/abQ56zuKfzKlZvcr@pengutronix.de/T/#u
Dropped a local patch 0001-barebox-tools-fix-glibc-2.43-openat2-build.patch
as it has been merged now with this release.
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa/qemurunner: make the error message about invalid rootfs clearer
Printing "Invalid rootfs" when the rootfs image simply doesn't exist can
be misleading to the user. Print a clearer message to help users understand
the issue.
Signed-off-by: Corentin Guillevic <corentin.guillevic@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sunil Dora [Tue, 17 Mar 2026 11:15:37 +0000 (04:15 -0700)]
gdb: Upgrade 16.3 -> 17.1
GDB 17.1 includes the following changes and enhancements:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=gdb-17.1-release
* x86-64 CET shadow stack support
* Debugging Linux programs that use AArch64 Guarded Control Stacks
* GDB record feature now supports rv64gc architectures
* 'info threads' command support for two new options '-stopped' and '-running'
to limit the list of displayed threads.
* On Linux and FreeBSD, the addresses shown by the 'info sharedlibrary' command
are now for the full memory range allocated to the shared library.
* Linux checkpoints now work with multiple inferiors
* Improved linker namespace support
* Warnings and error messages now start with an emoji (warning sign,
or cross mark) if supported by the host charset. Configurable.
* Built-in support for TLS on Linux as backup when libthread_db is not
available. Supported on the x86_64, aarch64, ppc64, s390x, and riscv
architectures, when compiled with GLIBC or MUSL.
* New command "set riscv numeric-register-names" to display risc-v
registers using their numeric names instead of their ABI names.
* The Alpha target now supports target descriptions.
* Python API enhancements
* Support for Python versions older than 3.4 has been removed.
Jose Quaresma [Tue, 17 Mar 2026 16:22:12 +0000 (16:22 +0000)]
sanity: condition hash equivalence warnings to when it is in use.
The warnings about the hash equivalence server are only valid when the signature is
being used, and for that we have to check the BB_SIGNATURE_HANDLER variable.
This fix the warning that is displayed when using the basic signature hash, OEBasicHash.
| WARNING:
| You are using a local hash equivalence server but have configured an sstate mirror.
| This will likely mean no sstate will match from the mirror.
| You may wish to disable the hash equivalence use (BB_HASHSERVE),
| or use a hash equivalence server alongside the sstate mirror.
Signed-off-by: Jose Quaresma <jose.quaresma@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Harish Sadineni [Tue, 17 Mar 2026 18:07:53 +0000 (11:07 -0700)]
kernel-yocto-rust: Move rust kernel dependencies to bbclass
Move the rust kernel dpendencies from linux-yocto.inc to
kernel-yocto-rust.bbclass.
This centralizes Rust-specific configuration in the dedicated class,
which is intended to be inherited only when Rust kernel support is
enabled (e.g. via KERNEL_FEATURES).
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a backported patch from master to use underscore instead of
space in a generated filename. This fixes the build error:
| /usr/bin/ld: cannot find examples/application8/exampleapp8.p/meson-generated_.._exampleapp8: No such file or directory
| /usr/bin/ld: cannot find resources.c.o: No such file or directory
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dan McGregor [Mon, 16 Mar 2026 22:31:47 +0000 (16:31 -0600)]
systemd: break circular dependency with libfido2
libfido2 depends on udev, and when the fido2 feature is enabled
in systemd, systemd depends on libfido2. However, systemd really
only needs libfido2's headers at build time. It uses dlopen to
opportunistically enable the features at runtime. Break this
circular dependency by creating a recipe that provides libfido2's
headers and pkgconfig file. That allows systemd to build with
fido2 enabled and allows libfido2 do build as well.
Signed-off-by: Dan McGregor <danmcgr@protonmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Stefano Tondo [Thu, 12 Mar 2026 15:38:44 +0000 (16:38 +0100)]
cve_check: Escape special characters in CPE 2.3 strings
CPE 2.3 formatted string binding (cpe:2.3:...) requires
backslash escaping for special meta-characters per NISTIR 7695.
Characters like '++' and ':' in product names must be escaped.
The CPE 2.3 specification defines two bindings:
- URI binding (cpe:/...) uses percent-encoding
- Formatted string (cpe:2.3:...) uses backslash escaping
Escape the required meta-characters with backslash:
- Backslash (\\) -> \\
- Question mark (?) -> \?
- Asterisk (*) -> \*
- Colon (:) -> \:
- Plus (+) -> \+
All other characters are kept as-is without encoding.
Example CPE identifiers:
- cpe:2.3:*:*:crow:1.0\+x:*:*:*:*:*:*:*
- cpe:2.3:*:*:sdbus-c\+\+:2.2.1:*:*:*:*:*:*:*
Liu Yiding [Wed, 11 Mar 2026 02:40:42 +0000 (10:40 +0800)]
orc: Enable hotdoc to produce doc
Add do_install:append function to fix QA Issue like "File /usr/share/doc/orc/html/assets/js/search/hotdoc_fragments/orctarget.html-enum (unnamed at /work/x86-64-v3-poky-linux/orc/0.4.42/sources/orc-0.4.42/orc/orctarget.h:39:1).fragment in package orc-doc contains reference to TMPDIR [buildpaths]"
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Stefano Babic [Sun, 15 Mar 2026 12:44:01 +0000 (13:44 +0100)]
udev-extraconf: detect init manager from pid
Detecting the init manager from /sbin/init does not always work and it
fails when etc-overlayfs is used, because first the
pre-init script is called and init is renamed as init.orig.. Read the
process name with pid = 1 from /proc, and use it to detect the init manager.
The HAVE_SYSV_RC_LOCAL makes /etc/rc.local work as the rc-local.service
is still installed. And the HAVE_SYSV_COMPAT means /etc/rcX.d is still
supported.
Trevor Gamblin [Mon, 16 Mar 2026 20:58:03 +0000 (16:58 -0400)]
grub: add patch to use medany for riscv64
>From the upstream bug report, filed in 2024:
|GRUB 2.12 does not compile correctly using large model on riscv64 using gcc 14.1.1 (gcc-14.1.1-5.fc40.x86_64).
|
|It is my understanding that the large model should not really be used on riscv64 yet and trying to build GRUB 2.12 with it results in an error:
|
|+ ././grub-mkimage -O riscv64-efi -o grubriscv64.efi.orig -d grub-core --sbat ././sbat.csv -m memdisk.squashfs -p /EFI/fedora all_video boot blscfg btrfs cat configfile cryptodisk echo ext2 f2fs fat font gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_twofish gcry_whirlpool gfxmenu gfxterm gzio halt hfsplus http increment iso9660 jpeg loadenv loopback linux lvm luks luks2 memdisk mdraid09 mdraid1x minicmd net normal part_apple part_msdos part_gpt password_pbkdf2 pgp png reboot regexp search search_fs_uuid search_fs_file search_label serial sleep squash4 syslinuxcfg test tftp version video xfs zstd efi_netfs efifwsetup efinet lsefi lsefimmap connectefi
|././grub-mkimage: error: relocation 0x2b is not implemented yet.
|
|medany builds successfully and boots on the VisionFive2 and on VMs.
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Trevor Woerner [Mon, 16 Mar 2026 14:17:50 +0000 (10:17 -0400)]
wic: filemap: use separate fd for SEEK_HOLE probes
While working on splitting-out wic from oe-core, on my openSUSE Leap
16.0 machine, the moment I split wic out, 2 oe-selftests always failed
with 100% reproducibility:
- wic.ModifyTests.test_wic_cp_ext
- wic.Wic2.test_expand_mbr_image
In both cases the symptom is the same: the filesystem has inode tables
that are completely zeroed out. Both issues are linked together to the
same underlying fault.
FilemapSeek._get_ranges() is a generator. Due to the nature of finding
each hole/data extent one at a time using the lseek() system call,
it calls os.lseek() on a raw file descriptor, then yields, then the
caller, sparse_copy(), calls file.seek() + file.read() on a Python
BufferedReader wrapping that same fd — then the generator resumes and
calls os.lseek() again. This interleaving of raw os.lseek() and buffered
I/O on the same fd is undefined behaviour from Python's perspective.
The BufferedReader tracks its own idea of the fd's position and buffer
contents; os.lseek() changes the position behind its back. This can
corrupt its internal state and cause read() to return stale/zero data.
This code, however, has existed in wic since it was written, so why
was it not noticed before? It turns out this bug was being masked by a
number of implementation details that changed, especially when wic was
split out for oe-core. These changes conspired together to cause the bug
to be triggered.
One of the root causes of this bug is that Python 3.14 increased the
default buffer size from 8KB to 128KB[1]. With 8 KB buffers, read()s
either go through the direct-read path leaving the buffer empty, or
if it fills in 8KB chunks the buffer is fully drained. Either way,
with a small buffer, read()s do a real raw seek. No fast path. No
corruption. With a 128KB buffer, however, a much larger window exists
where BufferedReader.seek() can take the fast-path after the raw file
descriptor has already been repositioned by os.lseek() in the generator.
With the smaller buffer, this window was too narrow to hit in practice.
This is fixed by opening a second file object in FilemapSeek.__init__()
dedicated to SEEK_DATA/SEEK_HOLE probes, leaving the data-reading handle
(self._f_image) untouched.
This explains why the corruption is deterministic and tied to specific
block boundaries, why it only manifests with the split-out version using
Python 3.14 (on systems that are using Python versions less than 3.14 on
the host), and why using a separate file descriptor for reading bypasses
the issue entirely.
This is not an intermittent bug. For a more detailed explanation
including log files, in-depth analysis, and a standalone Python
reproducer, please see the linked bugzilla entry.
Richard Purdie [Tue, 17 Mar 2026 11:53:52 +0000 (11:53 +0000)]
license: Fix sstate hash conflict issues
Currently, SSTATE_PKGARCH is injected into the sstate packages themselves but
the output of do_populate_lic is meant to be architecture invariant.
Instead of putting it into the package, use that part of the path as the
installation location. This makes the sstate packages architecture invariant
and avoids hash mismatch issues.
Since the sstate install path isn't part of the task checksums, we can just
remove all the LICENSE_DEPLOY_PATHCOMPONENT code entirely. It will change the
native/cross locations to SSTATE_PKGARCH but that likely makes more sense anyway.
I suspect this was what I'd originally intended when I added SSTATE_PKGARCH to
the path but things weren't quite done correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yoann Congal [Sat, 14 Mar 2026 16:57:41 +0000 (17:57 +0100)]
qemurunner: Hide kernel messages on first non-raw run_serial() call
Kernel messages on console can be mixed with run_serial() command output
and might even prevent run_serial() to read the command exit code.
To fix this, on the first non-raw run_serial() call, run "dmesg -n 1"
first to hide the kernel message from the console we use to run
commands. Note that kernel messages are still logged in dmesg buffer.
man dmesg (from util-linux):
> -n, --console-level
> level Set the level at which printing of messages is done to the
> console. The level is a level number or abbreviation of the level name.
> For all supported levels see the --help output.
>
> For example, -n 1 or -n emerg prevents all messages, except emergency (panic)
> messages, from appearing on the console. All levels of messages are still
> written to /proc/kmsg, so syslogd(8) can still be used to control exactly where
> kernel messages appear. When the -n option is used, dmesg will not print or
> clear the kernel ring buffer.
Busybox's dmesg also support the option.
Raw run_serial() calls are used during the login process when it's too
early to run the dmesg command.
Changqing Li [Fri, 13 Mar 2026 10:49:08 +0000 (18:49 +0800)]
webkitgtk: remove PACKAGECONFIG soup2
* libsoup-2.4 already removed in commit [1], so remove the soup2
PACKAGECONFIG, which may causes depeneds on libsoup-2.4.
* soup2 will not be supported from 2.52.0.
* webkitgtk build with libsoup3 by default, USE_SOUP2 is OFF by default,
so also remove soup3 option
* libsoup-2.4 already removed in commit [1], so remove the soup2
PACKAGECONFIG, which may causes depeneds on libsoup-2.4
* provide soup3 option, enable soup3 will enable soup and soup version
will be auto defected as libsoup3 since we depend on libsoup, disable
soup3 will disable soup.
According to the Unified Kernel Image (UKI) specification [1], including
a compiled device tree in the .dtb section of a UKI is optional. However,
the current implementation always packages device trees listed in
KERNEL_DEVICETREE into the UKI by default. This makes uki.bbclass
unsuitable for systems that rely on firmware-provided DTBs and do not
want a DTB embedded in the UKI.
Fix this by introducing a new UKI_DEVICETREE variable to control device
tree packaging. The .dtb section is now populated from UKI_DEVICETREE
instead of KERNEL_DEVICETREE. Users who do not want DTBs included in the
UKI can override UKI_DEVICETREE to an empty value from their recipes.
Update the UKI selftests accordingly, as QEMU does not provide a device
tree to embed.
Peter Marko [Wed, 11 Mar 2026 22:46:05 +0000 (23:46 +0100)]
curl: upgrade 8.18.8 -> 8.19.0
Solves CVE-2026-1965, CVE-2026-3783, CVE-2026-3784 and CVE-2026-3805.
Drop patch included in the release.
Release info [1]:
Changes:
* BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026
* cmake: add `CURL_BUILD_EVERYTHING` option
* mqtt: initial support for MQTTS
* tool: support fractions for --limit-rate and --max-filesize
* tool_cb_hdr: with -J, use the redirect name as a backup
* vquic: drop support for OpenSSL-QUIC
* windows: add build option to use the native CA store
* windows: bump minimum to Vista (from XP)
(and lot of bugfixes)
[1] https://curl.se/ch/8.19.0.html
License-Update: copyright years refreshed
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade the firmware package to latest release. Add package
${PN}-lt8713sx for Lontium LT8713SX DP hub, add audioreach
firmware and license for Kaanapali, Lenovo ISH LNLM firmware
was renamed so add those files in ${PN}-ish-lnlm-53c4ffad
package, and modify FILES:${PN} for package ${PN}-ish-lnlm-12128606
to pack firmwares properly.
linux: cve-exclusions: Add --always to git-describe
Otherwise https://git.kernel.org/pub/scm/linux/security/vulns.git cannot be
used:
subprocess.CalledProcessError: Command '('git', 'describe', '--tags', 'HEAD')' returned non-zero exit status 128.
Original error from git:
fatal: No names found, cannot describe anything.
The change will at least produce an abbreviated SHA1 hash as {data_version}.
Fixes: 5e66e2b79fae ("linux/generate-cve-exclusions: show the name and version of the data source") Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Miroslav Cernak [Tue, 10 Mar 2026 12:57:53 +0000 (13:57 +0100)]
resulttool: Fix UnboundLocalError when missing test results
The junit_tree function failed when either ptest or imagetest results
were missing from testresults.json due to uninitialized variables.
Move variable initialization outside the loop to ensure they
always have default values.
Signed-off-by: Miroslav Cernak <miroslav.cernak@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
pypi.bbclass: set UPSTREAM_CHECK_PYPI_PACKAGE from PYPI_PACKAGE
This aligns the tarball upstream check regex (set from former variable)
with existing tarball name (set from the latter).
Previously the regex used a 'normalized' value (_ replaced with -)
which wasn't matching the actual tarballs, and required setting both
variables whenever PYPI_PACKAGE default wasn't suitable and had to be
set in the recipe.
I have confirmed that 'devtool check-upgrade-status' doesn't break.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jose Quaresma [Fri, 13 Mar 2026 17:16:35 +0000 (17:16 +0000)]
lib/oe/patch: add user and email when patchtool is git
When the PATCHTOOL=git, oe-core creates a git repo for the sources with:
git init
git add .
git commit
The git commit can fails blindly due to misconfigured user when git don't have
the email proper configured. Although the commit command does not fail
because it returns 0, it is not executed and the tree remains with all
files staged so the following git commands can fail and fails in some cases.
This problem has been particularly observed in some obscure and little-used
cases in openembedded-core like patching the linux-firmware which only works
using PATCHTOOL=git because it deals with binary files.
Signed-off-by: Jose Quaresma <jose.quaresma@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changqing Li [Wed, 25 Feb 2026 03:40:13 +0000 (11:40 +0800)]
appstream: upgrade from 1.0.6 to 1.1.2
License-Update: Update COPYING with latest from FSF
* Upstream changed the dependency, libyaml changed to libfyaml, refer [1]
* Upstream enable bash-completion by default, but bash-completion is in
ASSUME_PROVIDE, on host without bash-completion, appstream-native will
configure failed, so disable bash-completion for appstream-native
Xiangyu Chen [Fri, 13 Mar 2026 06:40:43 +0000 (14:40 +0800)]
lttng-modules: Upgrade 2.14.3 -> 2.14.4 to fix build issue on kernel 6.18
Add 0001-fix-adjust-range-in-btrfs-probe-for-v6.18.14.patch to
adjust Brtfs probe header for 6.18[1]
Change Log:
2026-02-09 LTTng modules 2.14.4
* fix: Manual conversion to use ->i_state accessors (v6.19)
* fix: btrfs: headers cleanup to remove unnecessary local includes (v6.19)
* Fix: Initialize syscall tables sorted entries
* Cleanup lttng-syscalls.h: Remove extern on function prototypes
* Make init_event_desc_enum_desc_sorted_entries public
* Update .gitreview for stable-2.14
Ryan Eatmon [Fri, 13 Mar 2026 15:14:21 +0000 (10:14 -0500)]
uboot-config: Fix scope of KCONFIG_CONFIG_ROOTDIR check
The current check is in the inner loop of UBOOT_CONFIG, but the check is
attempting to only apply to the case when there is a single entry in
UBOOT_CONFIG. Shift the indention to be outside of the for loop and
only execute once.
Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sunil Dora [Fri, 13 Mar 2026 16:01:33 +0000 (09:01 -0700)]
rust: enable dynamic LLVM linking by default
Fixes [YOCTO #16058]
Enable dynamic linking with LLVM (link-shared) for all rust variants
(native, nativesdk and target) via a PACKAGECONFIG option, enabled
by default. This prevents segmentation faults when reusing sstate
artifacts built with different host toolchains.
Update multilib library symlinking to include shared libraries and
adjust the rust selftest to install llvm so the dynamically linked
compiler can run correctly.
Suggested-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 14 Mar 2026 15:17:22 +0000 (15:17 +0000)]
ptest-packagelists: Exclude ptests from musl which are known to fail
Since we'd like to start tracking musl ptest regressions, mark the existing known
failures for qemuarm64 and qemux86-64 so we can then start to test without
warnings.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 14 Mar 2026 10:23:50 +0000 (10:23 +0000)]
sstate/sstatesig: Abstract dummy package architectures into layer.conf settings
Other layers need to be able to add dummy recipes. To do this add
DUMMY_PACKAGE_ARCHS_SDK and DUMMY_PACKAGE_ARCHS_TARGET in layer.conf
which can be used to add these to the right places in the code.
Don't add the variables to task signatures as these only matter in the
context of constructed images and not the recipes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 13 Mar 2026 15:12:27 +0000 (15:12 +0000)]
sstate: Tweak SDK sstate package architecture
While in this area of the code, it is worth noting that PACKAGE_ARCH + PN are
already designed to capture the needed information that we need in SSTATE_PKGARCH.
We can therefore simplify things by just using the standard fallack for SSTATE_PKGARCH
instead of more complex manipulations.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, the dummy SDK packages are re-running for different SDKMACHINE values
when they should not. The usage of allarch is broken and not triggering the right
PACKAGE_ARCH value due to the deferred nature of nativesdk. This was probably
broken when we switched to add deferred classes.
To try and make this all more explict and less prone to breakage, switch to calling
oe.utils.make_arch_independent() directly.
Add the 'special' package architecture values to SSTATE_ARCHS so the system cna properly
track them.
Remove the pointless tasks we don't need from the dummy recipes, mark the packagedata
as machine independent and then remove from the conflict list in sstate.bbclass.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 13 Mar 2026 11:40:43 +0000 (11:40 +0000)]
allarch/lib: Convert core of allarch code into a function
We need to call the functionality in allarch.bbclass from other contexts
and the current conditionals are problematic enough without further changes
confusing things. Move the code to a funtion in oe.utils so we can call
it as needed.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
