Add support for rust-out-of-tree module compilation:
- Add dependency to rust-native
- Remap ${S} in compiled output to avoid buildpath errors
- Added check to skip rust out-of-ree-module compilation,
if rust kernel support is not enabled
Yoann Congal [Fri, 13 Mar 2026 15:59:16 +0000 (08:59 -0700)]
kernel.bbclass: Copy include/config/auto.conf in STAGING_KERNEL_BUILDDIR
Linux commit aaed5c7739be ("kbuild: slim down package for building
external modules")[0] states that include/config/auto.conf is also a
file needed for out-of-tree build.
This avoids this error when building an out-of-tree Rust kernel module:
| make -C .../tmp/work-shared/qemux86-64/kernel-source M=$PWD
| make[1]: Entering directory '.../tmp/work-shared/qemux86-64/kernel-source'
| make[2]: Entering directory '.../tmp/work/qemux86_64-poky-linux/rust-out-of-tree-module/git/sources/rust-out-of-tree-module-git'
| .../tmp/work-shared/qemux86-64/kernel-source/Makefile:779: .../tmp/work-shared/qemux86-64/kernel-build-artifacts/include/config/auto.conf: No such file or directory
Yoann Congal [Fri, 13 Mar 2026 15:59:15 +0000 (08:59 -0700)]
selftest/cases/runtime_test: Add test for Linux Rust sample
This new case tests that the rust_mininal sample inside the kernel source
tree is buildable and works properly: check that the module can be
loaded and that it prints correctly.
Harish Sadineni [Fri, 13 Mar 2026 15:59:14 +0000 (08:59 -0700)]
kernel-devsrc: copying rust-kernel source to $kerneldir/build
When CONFIG_RUST is enabled, running 'make prepare' in the target & SDK
fails because the Rust kernel infrastructure is incomplete in the staged
kernel sources.
The Rust build system requires a wider set of interdependent sources
during make prepare, including bindgen inputs, C helper sources,
generated headers, and other support files. These are all located under
the kernel rust/ directory.
To ensure make prepare succeeds and to support building Rust-based
kernel modules from the target & SDK, copy the full rust/ directory
(of size 2.5MB) into $kerneldir/build when the rust-kernel distro feature
is enabled.
Additionally, when Rust support is enabled, 'make prepare' generates
.rmeta files (crate metadata in a custom binary format) and shared
objects (.so) that are required for compiling Rust kernel modules.
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This issue occurs because CFLAGS are being passed to HOSTRUSTC.
Updated the flags in the make-mod-scripts recipe to align with
the flags used by linux-yocto.
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Harish Sadineni [Fri, 13 Mar 2026 15:59:11 +0000 (08:59 -0700)]
kernel-yocto-rust: Fix for buildpaths errors when rust is enabled for kernel
Fixes for buildpaths errors after enabling rust for linux-kernel
-Introduced KRUSTFLAGS to pass `--remap-path-prefix` to rustc while
building kernel with rust support.
Co-authored-by: El Mehdi YOUNES <elmehdi.younes@smile.fr> Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Harish Sadineni [Fri, 13 Mar 2026 15:59:09 +0000 (08:59 -0700)]
rust: install Rust library sources for 'make rustavailable' support
The `make rustavailable` process (1) expects the Rust standard library source files (e.g., `lib.rs`)
to be present in the `library/` directory under `rustlib/src/rust/`.
This patch ensures the required sources are available by:
- Installing the `library/` directory (of size ~50MB) into `${D}${libdir}/rustlib/src/rust` for
making them available during `make rustavailable` for native, target & sdk.
- packaging `${libdir}/rustlib/src/rust` sepearately with `${PN}-src-lib`.
1) See the kernel tree for Documentation/rust/quick-start.rst in the section: Requirements: Building
Harish Sadineni [Fri, 13 Mar 2026 15:59:08 +0000 (08:59 -0700)]
linux-yocto: conditionally add clang/rust/bindgen-cli-native to DEPENDS
Conditionally add 'clang-native', 'rust-native' and 'bindgen-cli-native' to 'DEPENDS'
when Kernel Rust Support is enabled.
These tools are required for building Rust-enabled kernels and for
generating Rust FFI bindings via bindgen during the kernel build.
This ensures the additional dependencies are only pulled in when
Rust support is explicitly enabled, avoiding unnecessary native
dependencies for non-Rust kernel builds.
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Harish Sadineni [Fri, 13 Mar 2026 15:59:07 +0000 (08:59 -0700)]
kernel-yocto: Enable rust in kernel
Allow enabling Rust support in the kernel by simply adding "rust" to
KERNEL_FEATURES in local.conf or a global configuration file. This maps the
feature name to the appropriate kernel configuration fragment located
at features/kernel-rust/kernel-rust.scc
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Licensing files COPYING.NEWLIB and COPYING.GPL2 were removed upstream,
checksum for COPYING needs update since files included may change with
every release.
Tested to work on qemuarm,aarch64,riscv32 and riscv64 variants
https://dev.azure.com/ahcbb6/baremetal-qemu/_build/results?buildId=21709&view=results
Signed-off-by: Alejandro Hernandez <alhe@linux.microsoft.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License changes:
- Adds BSD-2 for m68k-atari-elf target
Tested to work on qemux86,arm,aarch64,riscv32 and riscv64 variants:
https://dev.azure.com/ahcbb6/baremetal-qemu/_build/results?buildId=21709&view=results
Signed-off-by: Alejandro Hernandez Samaniego <alhe@linux.microsoft.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rust: Drop oeqa-selftest-Increase-timeout-in-process-sigpipe-ru.patch
This patch was originally introduced to address a rare failure on the PPC
target and with the latest version of rustc this issue no longer occurs.
So, this patch can be removed.
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Fri, 13 Mar 2026 00:28:45 +0000 (19:28 -0500)]
oeqa/selftest: wic: Add vfat to test_wic_sector_size
Add an empty vfat partition to the 4k sector size test. This ensures that
the -S 4096 option is passed to mkfs.vfat, and the resulting filesystem is
generated.
We also now verify that the requested partitions, and names were created
as expected. Size does not matter, only the partition type and name.
Note, there is a known issue in parted that 4096 fat partitions are not
recognized by fstype, so report themselves as empty in the regular output.
Both wic ls and parted p show an unknown filesytem type. However, the type
of the partition (last field) is set to msftdata, so we can use that
instead.
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 11 Mar 2026 09:24:56 +0000 (09:24 +0000)]
oeqa/selftest: Introduce OEQA_TESTDISPLAY variable and use for sdl/gtk qemu test
Currently we've been using DISPLAY from the parent environment indiscriminately.
Since we can change many of the tests to use internal VNC, we really need a mechanism
to only use a DISPLAY when the system really needs to and there is no other option.
Somehow we need to differentiate between that and a system with graphics available.
Introduce OEQA_TESTDISPLAY for this purpose, this being used only if there is no other
way to run the test.
There is only one test case I'm aware of that needs this, so this patch updates
that test case.
This variable is not meant as a replacement for all DISLAY usage, it is only
for cases where the test would not otherwise work.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ltp: workaround openat2 build failure with glibc 2.43
glibc 2.43 added native openat2() support, causing LTP's configure to
set HAVE_OPENAT2=1 and skip its own internal definitions, resulting in
a build failure. Add a patch to undef HAVE_OPENAT2 in lapi/openat2.h
as a workaround until a proper fix is found.
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
glibc 2.43 introduces linux/openat2.h through the fcntl include chain
(bits/fcntl-linux.h -> linux/openat2.h) which expects __u64 to be
defined before inclusion. Move <fcntl.h> in barebox scripts/include/
linux/types.h to after the typedef definitions to fix the build.
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxcrypt: avoid discarded-qualifiers build failure with glibc 2.43
With the glibc 2.43 upgrade, building nativesdk-libxcrypt triggers a
-Wdiscarded-qualifiers warning in crypt-gost-yescrypt.c and
crypt-sm3-yescrypt.c which becomes a build failure due to -Werror.
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gcc-runtime: avoid discarded-qualifiers build failure with glibc 2.43
With the glibc 2.43 upgrade, building gcc-runtime triggers a
-Wdiscarded-qualifiers warning in libgomp/affinity-fmt.c which
becomes a build failure due to -Werror.
Add -Wno-error=discarded-qualifiers to CFLAGS as a workaround until
the upstream const-correctness issue in libgomp is resolved.
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- gettext-minimal-native: update Makevars.template source path to new
location under gettext-tools/wizard/po-templates/traditional/
- use-pkgconfig.patch: refresh patch hunks to match updated upstream
context in libxml.m4 and selinux-selinux-h.m4, update selinux
discovery: replace AC_SEARCH_LIBS (getfilecon_raw) with
PKG_CHECK_MODULES for correct sysroot handling
- gettext_1.0.bb: add autotools ptest directory and install
gettext-tools autotools build artifacts for ptest
ptest results:
=======================
All 630 tests passed
(41 tests were not run)
=======================
DURATION: 45
END: /usr/lib/gettext/ptest
2026-03-09T17:58
STOP: ptest-runner
TOTAL: 1 FAIL: 0
With the previous version:
All 626 tests passed
(40 tests were not run)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 11 Mar 2026 11:06:05 +0000 (11:06 +0000)]
bitbake.conf: Set PACKAGECONFIG vardepvalue
For PACKAGECONFIG settings in recipes, we care about the end value, we don't
really care how it is constructed. bbappends to recipes can add things to
the default PACKAGECONFIG settings, for example being dependent on a DISTRO_FEATURE
or another variable. If the computed value doesn't change, the task hashes can remain
constant, allowing for better sstate reuse.
To do this, set a vardepvalue of the variable value itself, ignoring how
the actual value is calculated.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
PLATS linux-readline is moved, and readline is changed to load
dynamically, refer [1], keep readline as PACKAGECONFIG to allow user to
remove readline dependency.
Lua use dlopen by default, and LUA_READLINELIB is set to libreadline.so,
but libreadline.so is in the dev package, which will make Lua cannot
load libreadline even when libreadline is installed. Make readline as
build dependency and detect the real libreadline name and set LUA_READLINELIB
Krupal Ka Patel [Mon, 9 Mar 2026 05:19:33 +0000 (22:19 -0700)]
python3-setuptools: drop Windows launcher executables on non-mingw builds
setuptools installs Windows launcher executables (cli*.exe, gui*.exe)
into site-packages. These binaries are only used on Windows platforms
but are packaged for target, native, and nativesdk builds.
Remove the Windows launcher executables when not building for a mingw
(mingw32/mingw64) host to avoid shipping unused Windows binaries.
Signed-off-by: Krupal Ka Patel <krkapate@cisco.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Krupal Ka Patel [Mon, 9 Mar 2026 05:18:26 +0000 (22:18 -0700)]
python3-pip: drop unused Windows distlib launcher templates
pip vendors distlib which ships Windows launcher template binaries
(*.exe) under pip/_vendor/distlib. These files are only used on
Windows systems but are installed and packaged for target, native,
and nativesdk builds.
Remove the distlib *.exe templates when not building for a mingw
(mingw32/mingw64) host to avoid shipping unused Windows binaries and
reduce package noise.
Signed-off-by: Krupal Ka Patel <krkapate@cisco.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Tue, 10 Mar 2026 18:38:22 +0000 (12:38 -0600)]
gcc-source: Use allarch.bbclass
Converts the recipe to use allarch.bbclass. This is necessary because
SSTATE_PKGARCH is set to "allarch" based on if allarch is inherited or
not. If it is not, SSTATE_PKGARCH has the value "all", which means any
data written out based on it cannot be found (because "all" is not in
SSTATE_ARCHS)
Joshua Watt [Tue, 10 Mar 2026 18:38:21 +0000 (12:38 -0600)]
llvm-project-source: Use allarch.bbclass
Converts the recipe to use allarch.bbclass. This is necessary because
SSTATE_PKGARCH is set to "allarch" based on if allarch is inherited or
not. If it is not, SSTATE_PKGARCH has the value "all", which means any
data written out based on it cannot be found (because "all" is not in
SSTATE_ARCHS)
Martin Jansa [Thu, 5 Mar 2026 18:03:29 +0000 (19:03 +0100)]
m4: upgrade to 1.4.21
https://lists.gnu.org/archive/html/m4-announce/2026-02/msg00000.html
This release is being made mainly to cater to recent glibc changes in
light of the C23 language standard. However, it also includes fixes
for some corner-case bugs in eval and when using the defn macro on
builtins.
Fixes m4-native builds on hosts with glibc-2.43 like:
./stdlib.h:827:20: error: expected identifier or '(' before '_Generic'
./string.h:777:20: error: expected identifier or '(' before '_Generic'
Remove 0001-gettext-h-Avoid-gcc-Wformat-security-warnings-with-d.patch
which is included in gnulib revision used by m4 since:
https://gitweb.git.savannah.gnu.org/gitweb/?p=m4.git;a=commit;h=beee8d26382460010338c37f9dd9f823aa9f4ee8
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changqing Li [Fri, 6 Mar 2026 04:05:53 +0000 (12:05 +0800)]
procps: support ptest when TCLIBC is glibc
* Support ptest for procps TCLIBC is glibc. The configure.ac only match
LINUX as "linux-gnu", we can patch it to make test can run on musl lib
system, but the upstream testsuite should only run on gnu libc host,
some test cases only suitable for glibc, eg: Some of the error messages
for free command on musl system is not the same as glibc system, which
will make test failed. In order to avoid some other unexpected failure,
just support ptest for glibc.
* Bug [1] is filed for musl support, we may can add support for musl
libc later when upstream add the musl support
* procps's testsuite use DejaGnu test framework. The testsuite is
expected to run during build time, this implementation create the same
folder structure as the testsuite expected to make it can work well.
Francesco Valla [Wed, 4 Mar 2026 23:04:05 +0000 (00:04 +0100)]
uboot-config: fix KCONFIG_CONFIG_ROOTDIR path
Commit 22e96b3 ("u-boot: Make sure the build dir is unique for each
UBOOT_CONFIG") changed the u-boot build directory name to include the
UBOOT_CONFIG value the build is performed for. Align to the new pattern
also the KCONFIG_CONFIG_ROOTDIR variable, which is used by devtool to
create a config baseline in case the menuconfig task is enabled.
This fixes the following error, which can be seen when building u-boot
under devtool and UBOOT_CONFIG contains a single configuration:
cp: cannot stat '<u-boot-builddir>/<u-boot-defconfig>/.config': No such file or directory
Signed-off-by: Francesco Valla <francesco@valla.it> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter de Ridder [Wed, 4 Mar 2026 16:03:36 +0000 (17:03 +0100)]
cross-canadian.bbclass: merged /usr support
Use ${root_prefix} instead of ${base_prefix} while setting
${target_base_prefix}, otherwise we might loose the root prefix configuration
change in case of 'usrmerge' distro feature is enabled.
Signed-off-by: Peter de Ridder <peter.de.ridder@jotron.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
sanity.bbclass: warn when sstate is outside of build dir, but hash equiv database is inside it
This should help with the long-standing usability problem: when
someone tweaks the configuration to put sstate somewhere else than
the default (so that it can be shared between local builds, or over NFS),
they should also share the hash equivalency database, but no indication
would be given to the user to do so.
This will issue a warning and recommend to start a dedicated hash equivalency
server (if sstate is on NFS), or set BB_HASHSERVE_DB_DIR (if it isn't).
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Tue, 3 Mar 2026 01:58:45 +0000 (09:58 +0800)]
grub: fix grub installation error on i386 target
Commit 1a5417f39[1] introduced a grub installation error on i386 target:
grub-mkimage: error: `/usr/lib/grub/i386-pc/kernel.img' is
miscompiled: its start address is 0x9074 instead of 0x9000: ld.gold
bug?.
A series of patches are under review in grub mailing list[2]. Once these
patches are merged, we will backport them to the current version.
Currently, referring to Gentoo[3] and Libreboot[4], revert the following
commits as a workaround: 1a5417f39 configure: Check linker for --image-base support ac042f3f5 configure: Print a more helpful error if autoconf-archive is
not installed
Richard Purdie [Tue, 10 Mar 2026 23:33:10 +0000 (23:33 +0000)]
qemurunner: Drop nographic option now runqemu falls back to VNC
Since runqemu now falls back to vnc or a none display if DISPLAY isn't set,
we no longer need to pass nographic to the qemu commandline and can allow
runqemu just to handle it.
One challenge with nographic is that it changes more that just the display
setting, it can affect the serial and parallel port mappings so this also
makes settings slightly more consistent accross environments.
Ultimately, this allows us to stop requiring X desktops whilst still having
a way to connect to the display over VNC for debugging.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 10 Mar 2026 23:33:09 +0000 (23:33 +0000)]
scripts/runqemu: Allow VNC use as a fallback when there is no DISPLAY set
We would like to be able to fall back on QEMU's internal VNC server when
there is no DISPLAY available. Add code to do this, putting a socket for
VNC alongside the network interface tap lock files.
This won't work if tap networking isn't enabled but in most of our use
cases it will be and it avoids having to invent a new location for the
sockets. If there are needs outside this, that can be addressed in future.
Also move the other "publicvnc" code to be alongside the rest of the graphics
parameters for ease of reading the code. The publicvnc option doesn't
work for this use case as it can't handle multiple concurrent qemu istances.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Thu, 5 Mar 2026 22:30:31 +0000 (23:30 +0100)]
license_image.bbclass: report all packages with incompatible license
When multiple packages cannot be installed it shows only first one it
finds, because of bb.fatal use. It might require many iterations to find
all packages to avoid.
e.g. with ptest enabled and GPL-3.0-or-later, GPL-3.0-only set as
incompatible licenses you might get list like this for relatively small
image:
ERROR: image-1.0-r0 do_rootfs: Some packages cannot be installed into the image because they have incompatible licenses:
bzip2-ptest (GPL-3.0-or-later)
coreutils (GPL-3.0-or-later)
coreutils-stdbuf (GPL-3.0-or-later)
diffutils (GPL-3.0-or-later)
findutils (GPL-3.0-or-later)
gawk (GPL-3.0-or-later)
gnutls-openssl (GPL-3.0-or-later)
gnutls-ptest (GPL-3.0-or-later)
grep (GPL-3.0-only)
make (GPL-3.0-only)
mpfr (LGPL-3.0-or-later)
python3-dbusmock (GPL-3.0-only)
readline (GPL-3.0-or-later)
sed (GPL-3.0-or-later)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 5 Mar 2026 11:51:30 +0000 (11:51 +0000)]
subversion: fix race in parallel builds
In parallel build its possible for objects to be written into directories
that do not exist yet, as mkdir-init and local-all are executed at the
same time.
This fix is ugly, but a proper fix would be quite invasive. Upstream have
been informed of the problem.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 5 Mar 2026 11:51:29 +0000 (11:51 +0000)]
gnutls: make C99 detection more resiliant
gnutls checks that the compiler supports C99 code by checking that the
standard being used is C99 or C11. This will fail with autoconf 2.73,
which will tell the compiler to use C23 by default.
Change the logic so that the build works with C23 by flipping the logic:
we know that C89 is less than C99, but we don't know the names of future
standards.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Thu, 5 Mar 2026 21:05:45 +0000 (22:05 +0100)]
vim: upgrade 9.2.0 -> 9.2.0110
Solves CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420,
CVE-2026-28421 and CVE-2026-28422.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Harish Sadineni [Thu, 5 Mar 2026 13:16:22 +0000 (05:16 -0800)]
gcc: Fix gcc-libitm false positives in regression report
Some of the gcc-libitm test cases include build paths (e.g. [1]) in their results.
When comparing two build outputs, these embedded paths cause resulttool to incorrectly report regressions.
[1] ptestresult.gcc-libitm-user.libitm.c++/dropref.C -B /srv/pokybuild/yocto-worker/qemuarm64-tc/build/build-st-64312/
..../libitm/../libstdc++-v3/src/.libs (test for excess errors): PASS
This leads to a false regression such as:
PASS → No matching test result
Le Qi [Thu, 5 Mar 2026 03:15:18 +0000 (11:15 +0800)]
alsa-ucm-conf: Remove JackControl from TALOS EVK HiFi config
The EVK board does not support headset or jack detection.
Keeping JackControl entries prevents PipeWire (wpctl) from
exposing sinks and sources correctly.
Remove JackControl from Headphones and Headset devices so
PipeWire can enumerate playback and capture nodes normally.
link: https://github.com/alsa-project/alsa-ucm-conf/pull/704 Signed-off-by: Le Qi <le.qi@oss.qualcomm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ricardo Salveti [Thu, 5 Mar 2026 22:00:42 +0000 (19:00 -0300)]
systemd: package lib/nvpcr as part of systemd
systemd 259 includes NvPCRs JSON snippets when tpm2 support is enabled
via packageconfig, so make sure they are also included as part of the
main systemd package.
This fixes the following issue when tpm2 is enabled in systemd:
ERROR: systemd-1_259.1-r0 do_package: QA Issue: systemd: Files/directories
were installed but not shipped in any package:
/usr/lib/nvpcr
/usr/lib/nvpcr/cryptsetup.nvpcr
/usr/lib/nvpcr/hardware.nvpcr
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Wed, 4 Mar 2026 23:11:38 +0000 (00:11 +0100)]
systemd: properly package new container files
v259 added more container files which need to ba correctly packaged.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Fri, 6 Mar 2026 22:34:02 +0000 (23:34 +0100)]
go: upgrade 1.26.0 -> 1.26.1
Upgrade to latest 1.26.x release [1]:
$ git --no-pager log --oneline go1.26.0..go1.26.1 e87b10ea2a (tag: go1.26.1) [release-branch.go1.26] go1.26.1 e792d6aa95 [release-branch.go1.26] crypto/x509: fix name constraint checking panic a761c9ff70 [release-branch.go1.26] crypto/x509: fix full email constraint matching 994692847a [release-branch.go1.26] html/template: properly escape URLs in meta content attributes 65c7d7a9fb [release-branch.go1.26] net/url: reject IPv6 literal not at start of host e28ac674af [release-branch.go1.26] cmd/go: revert update default go directive in mod or work init 4d1051fdc9 [release-branch.go1.26] cmd: re-vendor x/tools for Go 1.26.1 8cce3ab20c [release-branch.go1.26] os: avoid escape from Root via ReadDir or Readdir ef041913a8 [release-branch.go1.26] cmd/compile: ensure StructMake/ArrayMake1 of direct interfaces are unwrapped 155c25e249 [release-branch.go1.26] cmd/compile: pointer-shaped types are SSAable even if lots of 0-sized fields c5723195a6 [release-branch.go1.26] net/smtp: prevent test failures due to expired test certificate f67a1f4c76 [release-branch.go1.26] cmd/go: fix pkg-config flag sanitization 4659d630da [release-branch.go1.26] cmd/compile: avoid folding 64-bit integers into 32-bit constants 6fb3df88d4 [release-branch.go1.26] go/analysis/passes/modernize: add vendored code 85050c90ee [release-branch.go1.26] cmd/compile: fix mis-compilation for static array initialization 12c0690eeb [release-branch.go1.26] cmd/compile: don't drop same register twice e8df1a6697 [release-branch.go1.26] reflect: use &zeroVal[0] instead of nil for data field for zero-sized payloads 167ef716ba [release-branch.go1.26] cmd/compile: rewriteFixedLoad: ensure AuxInt is sign-extended 495e6c6b09 [release-branch.go1.26] internal/syscall/windows: correct some enums and syscall signatures 29618c4439 [release-branch.go1.26] cmd/link: don't pass -Wl,-S on illumos c283d1f762 [release-branch.go1.26] os: support deleting inaccessible files in RemoveAll
Fixes CVE-2026-27137, CVE-2026-27138, CVE-2026-27142, CVE-2026-25679 and
CVE-2026-27139.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rust: Drop revert-link-std-statically-in-rustc_driver-feature.patch
Starting from Rust 1.82, std is statically linked with rustc_driver.so.
This change affected the runtime dependencies of the rustc_main test
binary, causing tests to fail in QEMU because librustc_driver*.so is
not shipped and cannot be found.
After discussing with upstream, the patch is removed, and the test is
skipped using #[cfg(not(test))]. The rustc_main function does not include
any test code,so this safely restores the feature without impacting tests.
cargo-c is an external Cargo extension used to build Rust libraries
with a C-compatible ABI and generate C headers and pkg-config files.
Since it is not part of the standard Rust toolchain, move it from the
rust directory to cargo-c under recipes-devtools for better organization
and maintainability.
Zhang Peng [Fri, 6 Mar 2026 05:03:13 +0000 (13:03 +0800)]
texinfo: upgrade texinfo 7.2 -> 7.3
Upgrade to latest revision of 7.3
- Refresh patch 0001-Makefile.am-do-not-build-manpages.patch
- Remove -I ${S}/gnulib/m4 from EXTRA_AUTORECONF since configure.ac
already defines AC_CONFIG_MACRO_DIRS
- Fix QA issue for load_txi_modules (new file in 7.3)
Andrej Kozemcak [Thu, 5 Mar 2026 09:33:53 +0000 (10:33 +0100)]
iproute2: upgrade 6.18.0 -> 6.19.0
Drop fix-musl.patch as it was merged upstream.
Add missing include for types (linux/types.h).
Changes:
- new dpll command for managing Digital Phase-Locked Loop devices via netlink.
- expanded CAN XL support
- MPTCP improvements
- devlink:
- added support for 64‑bit parameters
- added new SWITCHDEV_INACTIVE eswitch mode
- added burst period configuration for health reporters
- genl:
- supports JSON output
- ifstat, nstat, lnstat:
- converted to use the high-level json_print API for unified JSON output
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 6 Mar 2026 15:21:10 +0000 (15:21 +0000)]
tcl8: prefer tcl's own tzdata
The little thread that was "one of the tcl test cases fails with system
tzdata" has unravelled upstream into a series of problems with the tz
code when the system tzdata is used:
Ross Burton [Fri, 6 Mar 2026 15:21:09 +0000 (15:21 +0000)]
tcl: prefer tcl's own tzdata
The little thread that was "one of the tcl test cases fails with system
tzdata" has unravelled upstream into a series of problems with the tz
code when the system tzdata is used:
Ross Burton [Thu, 5 Mar 2026 15:06:15 +0000 (15:06 +0000)]
tcl8: rewrite ptest (again)
Backport the previous commit's changes for tcl9 to the tc8 recipe:
I discovered that running a single test case with tcltest doesn't let
you know if the test failed or not, so when run-ptest moved away from
using all.tcl[1] we were always marking the tests as passing.
So, revert that commit and use all.tcl as a test runner. This is more
noisy, but importantly will let us know if a test failed.
Remove our un-upstreamable tweaks to the interp tests and instead skip
the test that is known to be fragile, so we don't have to carry a patch
forever.
Don't install another copy of the entire Tcl library for the tests, as
there is no real point. This does then expose a bug in the tests where
clock-59.2 assumes that it is running in a source tree and behaves
differently if the system tzdata is being used. This is being worked on
upstream[2], for now skip this test.
Ross Burton [Thu, 5 Mar 2026 15:06:14 +0000 (15:06 +0000)]
tcl: rewrite ptest (again)
I discovered that running a single test case with tcltest doesn't let
you know if the test failed or not, so when run-ptest moved away from
using all.tcl[1] we were always marking the tests as passing.
So, revert that commit and use all.tcl as a test runner. This is more
noisy, but importantly will let us know if a test failed.
Remove our un-upstreamable tweaks to the interp tests and instead skip
the test that is known to be fragile, so we don't have to carry a patch
forever.
Don't install another copy of the entire Tcl library for the tests, as
there is no real point. This does then expose a bug in the tests where
clock-59.2 assumes that it is running in a source tree and behaves
differently if the system tzdata is being used. This is being worked on
upstream[2], for now skip this test.
Hongxu Jia [Wed, 4 Mar 2026 04:54:10 +0000 (12:54 +0800)]
python3-setuptools: upgrade 80.9.0 -> 82.0.0
Remove python3-pkg-resources
History v82.0.0 [1]:
Deprecations and Removals
- pkg_resources has been removed from Setuptools. Most common uses of pkg_resources have
been superseded by the importlib.resources and importlib.metadata projects. Projects
and environments relying on pkg_resources for namespace packages or other behavior
should depend on older versions of setuptools. (#3085)
Hongxu Jia [Wed, 4 Mar 2026 04:54:13 +0000 (12:54 +0800)]
python3-semantic-version: remove python3-pkg-resources from runtime depends
Due to setuptools removes and deprecates pkg_resources in 82.0.0 [1],
python-semanticversion import `pkg_resources` conditionally for Python 3.8- [2],
because we have python 3.14+, then python3-pkg-resources is not necessary
for us, remove it from runtime depends
Hongxu Jia [Wed, 4 Mar 2026 04:54:12 +0000 (12:54 +0800)]
python3-scons: remove python3-pkg-resources from runtime depends
Due to setuptools removes and deprecates pkg_resources in 82.0.0 [1],
SCons nowhere in its code does import `setuptools` or `pkg_resources` [2],
remove python3-pkg-resources from runtime depends
Hongxu Jia [Wed, 4 Mar 2026 04:54:11 +0000 (12:54 +0800)]
meson: remove python3-pkg-resources from runtime depends
Due to setuptools removes and deprecates pkg_resources in 82.0.0 [1]
meson removes setuptools and uses mesondata instead [2], remove
python3-pkg-resources from runtime depends
Hongxu Jia [Wed, 4 Mar 2026 10:28:11 +0000 (18:28 +0800)]
ncurses: upgrade 6.5 -> 6.6
1. License-Update: copyright years updated
2. Fix installed-vs-shipped QA error
...
ERROR: ncurses-6.6-r0 do_package: QA Issue: ncurses: Files/directories were installed but not shipped in any package:
/usr/lib
ncurses: 1 installed and not shipped files. [installed-vs-shipped]
...
Due to commit [1], upstream hardcoded `lib` to create symlink
...
** sym-linked tmp/work/x86-64-v3-oe-linux/ncurses/6.6/image/usr/lib/terminfo for compatibility
...
Apply a local patch to not create symlink terminfo under image/usr/lib,
and clean up symlink remove operation in recipe
Ross Burton [Wed, 4 Mar 2026 16:48:34 +0000 (16:48 +0000)]
autotools: remove deletion of aclocal.m4
We've historically[1] deleted any aclocal.m4 file in the source tree
before autoreconfing on the grounds that it is "too shy" to overwrite
aclocal.m4, so we forcibly delete the aclocal.m4 unless aclocal has been
excluded in autoreconf.
However, this shyness has been removed in autoconf 2.70[2] and autoreconf
will always call aclocal, which will rewrite the file if needed.
So, remove the explicit deletion of aclocal.m4. I've verified that a
build of all recipes in core that use autotools have identical
aclocal.m4 files before and after this change.
[1] This code appears in oe-classic during 2011 but originated in a
BitKeeper commit, so predates our use of git.
[2] autoconf bc7e12e7 ("autoreconf: drop support for old (< 1.8) aclocal versions")
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 4 Mar 2026 16:48:31 +0000 (16:48 +0000)]
lzop: remove custom aclocal.m4 handling
The aclocal.m4 wrangling is historical, the custom macros are now part
of lzop-1.04/autoconf/local.m4 and the aclocal.m4 in the tarball is in
fact generated with aclocal.
Thus we no longer need to ship an acinclude.m4 or exclude aclocal from
running.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- useradd.8: fix default group ID (Tim Biermann)
- revert drop of subid_init() (Serge Hallyn)
- Georgian translation (NorwayFun)
- useradd: Avoid taking unneeded space: do not reset non-existent data
in lastlog (David Kalnischkies)
- relax username restrictions (Alexander Kanavin)
- selinux: check MLS enabled before setting serange (genBTC)
- copy_tree: use fchmodat instead of chmod (Samanta Navarro)
- copy_tree: don't block on FIFOs (Samanta Navarro)
- add shell linter (Jan Macku)
- copy_tree: carefully treat permissions (Samanta Navarro)
- lib/commonio: make lock failures more detailed (Luca BRUNO)
- lib: use strzero and memzero where applicable (Christian Göttsche)
- Update Dutch translation (Frans Spiesschaert)
- Don't test for NULL before calling free (Alex Colomar)
- Use libc MAX() and MIN() (Alejandro Colomar)
- chage: Fix regression in print_date (Xiami)
- usermod: report error if homedir does not exist (Iker Pedrosa)
- libmisc: minimum id check for system accounts (Iker Pedrosa)
- fix usermod -rG x y wrongly adding a group (xyz)
- man: add missing space in useradd.8.xml (Iker Pedrosa)
- lastlog: check for localtime() return value (Iker Pedrosa)
- Raise limit for passwd and shadow entry length (Iker Pedrosa)
- Remove adduser-old.c (Alejandro Colomar)
- useradd: Fix buffer overflow when using a prefix (David Michael)
- Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andrej Kozemcak [Tue, 3 Mar 2026 13:36:44 +0000 (14:36 +0100)]
libunistring: upgrade 1.4.1 -> 1.4.2
- prepare for 1.4.2 release.
- version.sh: Bump version number, date, gnulib version.
- README: Update version.
- NEWS: Update.
- sync with gnulib.
- lib/unistring/cdefs.h: Update from gnulib/m4/gnulib-common.m4.
(_GL_UNNAMED): New macro.
(_UC_UNNAMED): Apply
- new C macro _GL_UNNAMED
- Make the generated <unistring/stdint.h> more usable in C++ mode.
- lib/Makefile.am (unistring/stdint.h): In C++ 11 or newer mode, just use
<cstdint>.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andrej Kozemcak [Tue, 3 Mar 2026 13:36:43 +0000 (14:36 +0100)]
iptables: upgrade 1.8.11 -> 1.8.12
Changes:
- fix null dereference parsing bitwise operations.
- refuse to run under file capabilities, ie. getauxval(AT_SECURE).
- fix for all-zero mask on Big Endian in arptables-nft.
- support adding and replacing a rule in the same batch in iptables-nft.
- filter
-A FORWARD -m comment --comment "new rule being replaced"
-R FORWARD 1 -m comment --comment "new replacing rule"
COMMIT
- print -X in xtables-monitor command for base chains.
- remove incorrect libebt_redirect translations.
- translate bare '-m sctp' match to '-p sctp' just like TCP and UDP.
- support for info-request and info-reply icmp types.
- fix interface comparisons in `-C` commands in iptables-nft.
- several fixes for ip[6]tables-translate, the tool to ease migration
to nftables.
- document flush behaviour with --noflush for user-defined chains.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes:
- Several changes related to LCD filtering are implemented to
achieve better performance and encourage sound practices.
Bug fixes:
- A bunch of potential security problems have been found. All users
should update.
- The italic angle in `PS_FontInfo` is now stored as a fixed-point
value in degrees for all Type 1 fonts and their derivatives,
consistent with CFF fonts and common practices. The broken
underline position and thickness values are fixed for CFF fonts.
Miscellaneous:
- The `x` field in the `FT_Span` structure is now unsigned.
- Demo program `ftgrid` got an option `-m` to select a start
character to display.
- Similarly, demo program `ftmulti` got an option `-m` to select a
text string for rendering.
- Option `-d` in the demo program `ttdebug` is now called `-a`,
expecting a comma-separated list of axis values. The user
interface is also slightly improved.
- The `ftinspect` demo program can now be compiled with Qt6, too.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
* Update Mozilla certificate authority bundle to version 2.82
The following certificate authorities were added (+):
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
+ SwissSign RSA TLS Root CA 2022 - 1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
The following certificate authorities were removed (-):
- GlobalSign Root CA
- Entrust.net Premium 2048 Secure Server CA
- Baltimore CyberTrust Root (closes: #1121936)
- Comodo AAA Services root
- XRamp Global CA Root
- Go Daddy Class 2 CA
- Starfield Class 2 CA
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
* Use dh_usrlocal to create /usr/local/share/ca-certificates
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
