A trailing slash or consecutive slashes anywhere in TMPDIR cause
BitBake variable expansion to embed those redundant slashes into
derived variables such as STAGING_DIR and WORKDIR. The sstate
machinery in sstate_add() normalises its directory arguments via
os.path.normpath(), so manifest entries always contain clean paths.
Functions in staging.bbclass that read the same variables directly
via d.getVar() without normalising then fail to match manifest
entries, silently staging files to wrong locations and causing
do_populate_sysroot to abort.
Although POSIX permits paths with redundant slashes, they break the
string-matching assumptions embedded in the staging machinery, so
treat any TMPDIR that differs from its normalised form as an error.
Signed-off-by: Sam Povilus <sam.povilus@amd.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ricardo Simoes [Wed, 25 Feb 2026 16:27:47 +0000 (17:27 +0100)]
u-boot: Copy U-Boot script to B when suffix is not scr
With the introduction of the UNPACKDIR variable, commit [1] changed the
expected location of UBOOT_ENV_BINARY to B. This works fine when
UBOOT_ENV_SUFFIX is "scr" but it does not copy the script when it is
not. As documented in [2], it is expected that with any other value of
UBOOT_ENV_SUFFIX the script gets installed verbatim.
This commit fixes that by copying UNPACKDIR/UBOOT_ENV_SRC to
B/UBOOT_ENV_BINARY when UBOOT_ENV_SUFFIX is not "scr", as documented.
Leon Anavi [Wed, 25 Feb 2026 08:50:09 +0000 (10:50 +0200)]
python3-maturin: Upgrade 1.11.5 -> 1.12.4
Upgrade to release 1.12.4:
- Upgrade memmap2 version
- fix: platform tag detection for Android targets
- fix: only ignore maturin-generated native libraries on all platforms
- fix: ignore develop artifacts for all binding types during build
- feat: support conditional cargo features based on Python version
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
devtool: standard: Add new patches in correct order when finishing
Make sure that new patches that are added as a result of using devtool
finish are added to the SRC_URI in the same order they were committed.
Previously, the order was a result of the arbitrary order the patch
files were returned by os.walk(), which typically resulted in them being
added to the SRC_URI in the reverse order they were committed.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy MacLeod [Tue, 24 Feb 2026 21:42:59 +0000 (16:42 -0500)]
socat: upgrade 1.8.1.0 -> 1.8.1.1
Drop patch:
0001-fix-compile-failed-with-musl.patch
which is merged upstream: a235f59 Avoid compilation issue in xio-netlink.c with Musl libc
commit log:
4ce8786 Version 1.8.1.1 f13b27d A few minor corrections d5a2c46 Fixed a few buffer read overruns b314687 Fixed issue with POSIXMQ in unidirectional context a235f59 Avoid compilation issue in xio-netlink.c with Musl libc a7058c9 Fixed strchr with const for new glibc 35d5da1 Fixed timestamps of -v and -x (really)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy MacLeod [Tue, 24 Feb 2026 21:42:57 +0000 (16:42 -0500)]
nfs-utils: upgrade 2.8.4 -> 2.8.5
Commits (aside from typo fixes):
4e9b31fe Release: 2.8.5 00e2e62b nfsdctl: add support for min-threads parameter 4c275442 systemd: drop Wants=network-online.target for rpc-statd-notify 03b9c540 nfsiostat: normalize the mountpoints passed in from the command line 59e85671 Rename CONFIG_NFSV41 to CONFIG_BLKMAPD and disable by default 3b7de50f nfsdctl: ignore ipv6 listener creation error 0e71be58 locktest: use correct build flags 077b70fe sm-notify: Do not drop privileges if running as non-root user 8600bbb7 gssd: protect kerberos ticket cache access
CONFIG_NFSV41 was renamed to CONFIG_BLKMAPD so update the associated PACKAGEONFIG option.
Drop: 0001-locktest-Makefile.am-Do-not-use-build-flags.patch which as merged in: 0e71be58 locktest: use correct build flags
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Benjamin Robin [Tue, 24 Feb 2026 09:17:19 +0000 (10:17 +0100)]
meta: fix generation of kernel CONFIG_ in SPDX3
With the current solution, using a separate task
(do_create_kernel_config_spdx) there is a dependency issue. Sometimes
the final rootfs SBOM does not contain the CONFIG_ values.
do_create_kernel_config_spdx is executed after do_create_spdx which
deploys the SPDX file. do_create_kernel_config_spdx calls
oe.sbom30.find_root_obj_in_jsonld to read from the deploy directory,
which is OK, but the do_create_kernel_config_spdx ends up writing to
this deployed file (updating it).
do_create_rootfs_spdx has an explicit dependency to all do_create_spdx
tasks, but there is nothing that prevents executing
do_create_kernel_config_spdx after do_create_rootfs_spdx.
To fix it, instead, now read from the workdir, and write to the
workdir, and do the processing from the do_create_spdx task:
we append to the do_create_spdx task.
Furthermore, update oeqa selftest to execute do_create_spdx instead
of removed function.
Also only execute this task if create-spdx-3.0 was inherited,
previously this code could be executed if create-spdx-2.2 is
inherited.
Fixes: 228a968e7c47 ("kernel.bbclass: Add task to export kernel configuration to SPDX") Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 26 Feb 2026 11:31:27 +0000 (11:31 +0000)]
bitbake.conf: Switch BB_SIGNATURE_HANDLER to OEEquivHash by default
Hash Equivalence is an extremely powerful feature for reducing build time.
In simple terms, if something is rebuilt and the output is the same as a
previous build, all sstate build artefacts beyond that point can be reused
instead of being rebuilt.
This can be done with a local hash equivalence database/server which is the
default and even local builds with a local sstate can benefit hugely from it.
There is an assumption that builds are reproducible in order for this to work
optimally.
The downside is that when enabled to pull from a shared sstate cache, you need
to use a common hash equivalence server to match it for things to work well.
OE-Core wasn't enabling hash equivalence by default but this changes it to do
so. This has been extensively tested as the deafault in Poky for a long time.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade the firmware package to latest release. Add firmware for TI
TAS2783, Qualcomm Adreno A801, Qualcomm Glymur, Radxa Dragon Q6A CDSP
and several Intel Sensors Hub firmware versions. Also pick up several
ADSP topologies for Qualcomm X Elite and Qualcomm SM8450 based devices.
License-Update: copyright years, new firmware Co-developed-by: Sairamreddy Bojja <sbojja@qti.qualcomm.com> Signed-off-by: Sairamreddy Bojja <sbojja@qti.qualcomm.com> Cc: Vivek Puar <vpuar@qti.qualcomm.com> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 23 Feb 2026 22:18:31 +0000 (23:18 +0100)]
cve-exclusions: set status for 5 CVEs
Reuse work of Debian researchers and set status for fixed CVEs
accordingly.
These are not tracked by kernel itself, so generated exclusions won't
help here.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Mon, 23 Feb 2026 22:18:30 +0000 (23:18 +0100)]
linux-yocto: apply cve-exclusions also to rt and tiny recipe variants
Version is the same as base kernel, only configuration differs.
There is no reason to not apply the exclusions to all variants.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adam Duskett [Mon, 23 Feb 2026 15:39:22 +0000 (16:39 +0100)]
rpm/rootfs.py: ensure exit 1 has a word boundary
Currently, If a package installed by dnf has the word "exit" followed by
"100%" in the log file, the rpm/rootfs.py regex matches a failure thanks to
the "exit 1"00%, such as the following:
lz4: Remove a reference to the rejected CVE-2025-62813
The CVE-2025-62813 is rejected so do not reference it anymore.
So keep the patch but without referencing the CVE identifier.
The CVE database indicates the following reason:
This candidate was withdrawn by its CNA. Further investigation
showed that it was not a security issue.
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
avahi: Remove a reference to the rejected CVE-2021-36217
CVE-2021-36217 is rejected, and should no longer be referenced.
CVE-2021-36217 is a duplicate of CVE-2021-3502 which is already
referenced in the local-ping.patch.
The CVE database indicates the following reason:
ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of
CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502
instead of this candidate. All references and descriptions in this
candidate have been removed to prevent accidental usage.
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Sun, 22 Feb 2026 12:07:36 +0000 (13:07 +0100)]
kernel.bbclass: remove dependency on initramfs when not bundled
Previously, the kernel recipe depended on the initramfs image even when
INITRAMFS_IMAGE_BUNDLE was not enabled. This caused the kernel to be
rebuilt whenever the initramfs image changed, regardless of whether the
kernel actually included the initramfs.
The problematic chain was:
linux:do_deploy ->
linux:do_bundle_initramfs ->
image-initramfs:do_image_complete
The original intent (acc. to the comment) was to ensure the initramfs
image was available for tools like wic. However, apart from bundling the
initramfs in the kernel, there is probably no reason why the kernel
should depend on the initramfs. And it is therefore simply wrong if it
does so anyway. Thus, use cases that may be broken by these change are
based on a bug, not a feature. This needs to be fixed by adding a
dependency on the initramfs in the right place, not in the kernel where
this destroys the kernel's sstate-caching.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Sun, 22 Feb 2026 12:07:35 +0000 (13:07 +0100)]
image_types_wic.bbclass: add depend on initramfs
When the wic image creation requires an initramfs image that is not bundled
with the kernel (INITRAMFS_IMAGE_BUNDLE != "1"), ensure that the initramfs
image is built before attempting to create the wic image by adding an
explicit dependency on do_image_complete.
Previously, this dependency was incorrectly handled by kernel.bbclass.
This change moves the responsibility to image_types_wic.bbclass where
it belongs.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:26 +0000 (08:42 +0000)]
bitbake.conf: Enable opengl ptest multiarch wayland vulkan in DISTRO_FEATURES by default
This change enables the modern graphics stack defaults of opengl, wayland and
vulkan, it enables mutliarch which allows gcc, binutils and gdb to target
multiple file formats and it also enables ptests by default
This means that:
* nodistro builds will match the Yocto Project sstate CDN objects
* we have modern graphics defaults
* users will see ptest issues more clearly and be more likely to test
before sending patches
These DISTRO_FEATURES have been tested and used as defaults in poky for a
long time, this brings them into sync.
Backfill is used so those with their own distro can set the
DISTRO_FEATURES_BACKFILL_CONSIDERED variable to stop the backfill happening
for speccific values.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Anything that defines multiple git sources should have the largest value
taken when calculating the SOURCE_DATE_EPOCH for a package.
The previous iteration actually introduced some degree of randomness, as
it would stop on the first git repository reported by os.walk, which
does not assure any specific ordering by default.
Randy MacLeod [Thu, 19 Feb 2026 19:12:20 +0000 (14:12 -0500)]
coreutils: upgrade 9.9 -> 9.10
From https://lists.gnu.org/archive/html/coreutils-announce/2026-02/msg00000.html
Notable changes include:
- Options in man pages link directly into the full web docs
- timeout(1) now kills the command for all terminating signals
- paste(1) is now multi-byte character aware
- cp(1) fixes an unlikely infinite loop introduced in v9.9
- The multi-call binary is 3.2% smaller
Drop the 2 backported patches which are now part of 9.10.
License-Update: copyright years refreshed
For ptests, also install coreutils.texi which is used for a new test that ensures
there is an anchor for each --help option for all of coreutils' programs. See:
https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?h=v9.10&id=77e6b5d8f8d1ebc3125d6585a266a912a1123791
Most of the skipped tests are due to being "very expensive" according to the coreutils developers.
The other skipped tests need strace, gdb, etc or locale dependencies which has not yet been added.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Randy MacLeod [Thu, 19 Feb 2026 19:12:19 +0000 (14:12 -0500)]
coreutils: kill and uptime are no longer installed
In coreutils-9.10, as explained in: 6b399ad35 build: kill(1), uptime(1): don't install by default
* build-aux/gen-lists-of-programs.sh: kill and uptime are not installed
by arch, debian, fedora, suse at least, so add to disabled list.
Fixes https://github.com/coreutils/coreutils/issues/132
Note that in oe-core:
kill is provided by busybox, procps and util-linux
uptime is provided by busybox and procps
and in other layers there may be other providers of these commands.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This has been causing a significant performance regression,
to the point where AUH wasn't able to complete upgrades with
particularly large number of git commits between releases [1].
After discussing with Peter [2], running 'oe-selftest -r devtool' with this change (100% pass),
and also doing an AUH run with it, and reviewing the output I think this is fine to remove:
the case is either very niche or non-existent, and if it appears again, we
should come up with a better fix.
Aditya Kurdunkar [Wed, 18 Feb 2026 22:55:44 +0000 (04:25 +0530)]
externalsrc: fix duplicate entries in .git/info/exclude
`readlines()` preserves trailing newlines, so the duplicate check
against the stripped link name never matched. Strip lines before
comparing to prevent repeated entries on each devtool modify run.
Jan Luebbe [Mon, 16 Feb 2026 15:02:01 +0000 (16:02 +0100)]
openssl: add support for config snippet includes
This allows configuration (such as enabling providers) to be done by
adding snippet files to /etc/ssl/openssl.cnf.d instead of modifying a
copy of the full configuration file. As new snippets can be added from
separate recipes, targeted changes can be done in multiple layers.
For example, the pkcs11-provider can be enabled by adding a pkcs11.cnf
containing something like:
[default_sect]
activate = 1
Peter Marko [Fri, 20 Feb 2026 20:53:15 +0000 (21:53 +0100)]
alsa-lib: patch CVE-2026-25068
Pick patch mentioned in NVD report.
It also includes CVE ID in commit message.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Wed, 18 Feb 2026 22:53:25 +0000 (23:53 +0100)]
glib-2.0: upgrade 2.86.3 -> 2.86.4
Fixes CVE-2026-1484, CVE-2026-1485 and CVE-2026-1489.
Release notes [1]:
Overview of changes in GLib 2.86.4, 2026-02-13
* Fix several security vulnerabilities of varying severity (see below
for details)
* Bugs fixed:
* #3858 (closed) glib-compile-resources: Incorrect compiler detection
on Windows when building GTK causes a DoS (L. E. Segovia)
* #3863 (closed) Iterating over a short (preallocated) GVariant
bytestring invalidly refs a NULL GBytes (Christian Hergert)
* #3870 (closed) (CVE-2026-1484) (YWH-PGM9867-168) Integer Overflow ->
Buffer Underflow on Glib through glib/gbase64.c via
g_base64_encode_close() leads to OOB Write (Marco Trevisan)
* #3871 (closed) (CVE-2026-1485) (#YWH-PGM9867-169) Buffer underflow
on Glib through gio/gcontenttype-fdo.c via parse_header() lead to
OOB Read/Write (Marco Trevisan)
* #3872 (closed) (CVE-2026-1489) (#YWH-PGM9867-171) Integer Overflow
on Glib through glib/guniprop.c via output_marks() lead to OOB Write
in glib/gutf8.c:g_unichar_to_utf8() (Marco Trevisan (Treviño))
* !4946 (merged) Update Romanian translation glib-2-86
* !4955 (merged) Backport !4954 (merged) “glib-compile-resources:
Always assume MSVC compiler if VCINSTALLDIR is set” to glib-2-86
* !4961 (merged) Backport !4960 (merged) “glib/gvariant: add failing
test for bytestring and fix it” to glib-2-86
* !4979 (merged) [glib-2-86] gbase64: Use gsize to prevent potential
overflow
* !4981 (merged) [glib-2-86] gio/gcontenttype-fdo: Do not overflow if
header is longer than MAXINT
* !4984 (merged) [glib-2-86] guniprop: Use size_t for output_marks
length
* !5010 (merged) Update Kazakh translation
* Translation updates:
* Kazakh (Baurzhan Muftakhidinov)
* Romanian (Antonio Marin)
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 16 Feb 2026 13:48:35 +0000 (13:48 +0000)]
cmake: remove obsolete patches
0001-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal.patch can be
replaced with two variable assignments to seed the results we want.
0002-CMakeLists.txt-disable-USE_NGHTTP2.patch is not needed anymore as
the vendored curl will disable the use of nghttp2 automatically if it
isn't found.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:30 +0000 (08:42 +0000)]
distro/defaultsetup: Enable space optimization tweaks
This enables a collection of tweaks which reudce build output size where
the output has been found to be particularly problematic.
This reduces sstate object size as well as on disk build footprint, it
also helps memory usage for linking some of the recipes. This in turn
improves built speed and the smaller sstate objects are faster to compress,
decompress and transfer over the network.
This change has been tested in poky for a long time.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:29 +0000 (08:42 +0000)]
distro/defaultsetup: Enable security flags by default
This defaults to including our security flags which use stack-protector-strong
and D_FORTIFY_SOURCE=2 by default, as aids to improve detection of security issues.
This change has been tested in poky for a long time and allows us to align
our default compilation flags and environment.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:28 +0000 (08:42 +0000)]
distro/defaultsetup: Enable no-static-libs by default
In general, few people use statlic libraries. They are however large and take up a lot
of space on disk as well as taking time to compress/decompress and tranfser in sstate
objects.
This change disables most of them by default for disk space and speed/size performance
benefits.
This change has been tested in poky for a long time.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:27 +0000 (08:42 +0000)]
defaultsetup: Enable uninative by default
uninative allows reuse of native sstate built on one distro on another. This change
enables it by default, as has been done by default in poky for a long time.
The reason for the change is that this makes the sstate CDN much more useful
to speed up builds if good network access is available. It also standardises
the builds to our usual testing configuration, removing one key difference
which new users sometimes run into.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:42:25 +0000 (08:42 +0000)]
conf: Switch to systemd by default and simplify init manager selection
This change effectively switches things to use INIT_MANAGER to select the init
system and drops the old compatibility 'none' method. The init manager selection
is now complex enough that requiring users to select it makes sense.
The new default is systemd, which reflects popular opinion. This is known to have
issues in some of our configurations such as musl but is also frequently asked for.
Anyone replacing defaultsetup.conf in their own setup will need to provide
equivalent functionality but that is execpted for any of the settings in there.
This change drops sysvinit from the default distro features backfill, meaning
we no longer need to remove it in systemd setups and places the init managers
on a more equal and equivalent standing.
This is a behaviour change for anyone using nodistro and anyone not already
setting INIT_MANAGER explictly. This does not change the default for distros
which select an init manager already (e.g. poky).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:16:47 +0000 (08:16 +0000)]
conf/distro: Drop default-versions.inc
This conf file used to be useful when we had multiple versions of recipes
but we no longer do that and the file is empty. Remove it as obsolete and
not needed anymore.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 21 Feb 2026 08:16:46 +0000 (08:16 +0000)]
binutils: Drop unneeded and problematic vardeps explict value and immediate expansion
This was introduced in 0788cf349fe37ef4a36c626dbc396c97d1ab14d7 as a way of
tracking the EXTRA_OECONF changes. These should be tracked reliably by the
contains() code now so it is assumed this was working around a bug at the time.
I checked the current task hashes and that information is there.
Therefore drop this bit of code as the immediate expansion causes inaccurate
values.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Similar to native, backfilling of items from DISTRO_FEATURES when
combined with DISTRO_FEATURES_FILTER_NATIVESDK was not functioning
correctly.
Ensure the backfill is applied before filtering, then clear the value to
prevent further backfill. This makes the nativesdk and crosssdk cases
match the native code.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sunil Dora [Thu, 19 Feb 2026 12:59:18 +0000 (04:59 -0800)]
rust: Enable dynamic linking with llvm
Fixes [Yocto #16058]
A segmentation fault occurs in rustc (e.g. in
llvm::X86ReadAdvanceTable) when reusing sstate artifacts built with
different host toolchain versions.
Issue sequence:
1. llvm-native is built with a newer toolchain
(e.g. GCC 15/Binutils 2.45).
2. rust-native is later built with an older linker.
(e.g. GCC 12/Binutils 2.40).
3. The older linker statically links parts of llvm-native into
librustc_driver.
4. The resulting binary crashes at runtime inside the statically
linked LLVM code.
The corruption happens at link time when mixing static native objects
produced by different toolchain generations.
Enable dynamic LLVM linking (link-shared = true) for rust-native so rustc
links against libLLVM.so instead of static archives, avoiding host linker
incompatibilities when reusing sstate artifacts.
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Suggested-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Antonin Godard [Tue, 17 Feb 2026 09:59:16 +0000 (10:59 +0100)]
python3-sphinx: backport patch to fix singlehtml URIs
The singlehtml builder creates broken links, as reported on the
yocto-docs list[1].
This issue was also reported upstream[2], and the temporary fix is to
revert commit c93723b80396 ("singlehtml: deprecate the 'fix_refuris'
helper function (#13037)") in sphinx.
time64.inc: add links to "Y2038 in Yocto" slides and video
I'm not sure if placing conference slides and video links
here is okay, but I believe this is the best starting point
for anyone dealing with the Y2038 problem. It will help and
provide important context and action points for those needing
to support 32 bit products beyond Y2038.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
time64.inc: clean up and add upstream tickets where issues remain
Most issues were resolved via upstream version updates that bring in
needed fixes:
glib-2.0 update to 2.78.0 that includes:
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550
curl update to 8.3.0 that includes
https://github.com/curl/curl/pull/11610
util-linux update to 2.39 that includes
https://github.com/util-linux/util-linux/pull/2430
https://github.com/util-linux/util-linux/commit/3ab9e699a8d90f55e0447516b7e05a8686180467
https://github.com/util-linux/util-linux/pull/2435
glib-networking update to 2.78.0 that includes
https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241
python3-cryptography update to 42.0.0 which resolves
https://github.com/pyca/cryptography/issues/9370 via
https://github.com/pyca/cryptography/pull/9964
perl update to 5.40.0 which includes
https://github.com/Perl/perl5/pull/21379
python3 update to 3.13.0 which includes
https://github.com/python/cpython/pull/118425
python3 update to 3.13.1 which includes
https://github.com/python/cpython/pull/124972
python3 update to 3.14.0 which includes
https://github.com/python/cpython/pull/119401
https://github.com/python/cpython/pull/125045
https://github.com/python/cpython/pull/107594
https://github.com/python/cpython/pull/125104
dbus update to 1.16.0 which includes
https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/444
https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/289
openssh update to 10.0p1 which includes
https://github.com/openssh/openssh-portable/pull/425
https://bugzilla.mindrot.org/show_bug.cgi?id=3684
https://marc.info/?l=openbsd-bugs&m=172561736524815&w=2
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-October/041621.html
(all reporting the same issue)
gcc update to 15.1 which includes
https://github.com/llvm/llvm-project/pull/99699
via https://github.com/gcc-mirror/gcc/commit/fa321004f3f6288d3ee2eefa6b02177131882dca
and allows dropping special flags and exceptions for gcc-sanitizers.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lttng-tools: install .expect test files with a wildcard
Otherwise, there will be failures on 32 bit hosts. Note
that the needed files are erroneously absent from upstream
release tarballs:
https://bugs.lttng.org/issues/1436
but once that is resolved, this commit will be effective.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lttng-tools: ensure that ptest errors are not suppressed
At some recent point lttng-tools ptests have quietly regressed,
and most of them aren't executed anymore. Errors are printed
on the console, but aren't reported as exit code from run-ptest.
The reason is that exitcode was set to what sed returned, not make.
The original reason for piping through sed was to unify /tmp/tmp.xxxx outputs
for easier results comparison, but (after fixing the tests) I don't
see such lines anymore, and in any case ensuring such regressions
are caught is more important.
With this fix, run-ptest and testimage starts to fail as it should.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tim Orling [Sun, 15 Feb 2026 22:10:57 +0000 (14:10 -0800)]
checklayer: fix get_depgraph() hang when command fails
The get_depgraph() function hangs indefinitely when a layer causes
command failures (e.g. meta-virtualization) because:
1. bb.command.CommandFailed was not included in the event mask passed
to set_event_mask(), so the failure event was silently dropped and
the while True loop never received a terminating event.
2. There was no timeout handling for the case where wait_event()
repeatedly returns None, leaving no escape from the loop.
Add CommandFailed to the event mask so failure events are properly
received and handled. Also add a timeout counter that raises
RuntimeError after 300 consecutive seconds of no events, preventing
an infinite hang.
Fixes [YOCTO #16170]
Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 17 Feb 2026 14:59:35 +0000 (15:59 +0100)]
iproute2: update link to homepage
The old link redirects here now.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 18 Feb 2026 14:41:07 +0000 (14:41 +0000)]
native: Use dynamic filtering for PROVIDES
Currently, PROVIDES is one of the few variables left which isn't handled by
filter code dynamically. This lead to bugs if for example you have a
PACKAGECONFIG value which references DISTRO_FEATURES, and DISTRO_FEATURES
is being set in the the native case late by backfill. The early expansion
of the value means it can use an incorrect DISTRO_FEATURES value leading to
confusing errors.
Convert the code to use a filter in common with the other code in the class.
This does lead to some behaviour differences outside OE-Core in meta-oe for
example where the PROVIDES of gd-native changed:
"gd-native gd-native-tools"
to
"gd-native gd-tools-native"
where the change is a clear improvement in correctness.
This fixes issues when DISTRO_FEATURES has backfill options in place in
the native case.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 18 Feb 2026 14:41:06 +0000 (14:41 +0000)]
native: Fix DISTRO_FEATURES backfill handling in native case
Currently, features listed in DISTRO_FEATURES_FILTER_NATIVE are not supported
for DISTRO_FEATURES_BACKFILL as the two variables interact badly. We now have
need to add some features to backfill which are in the filter_native case.
This patch fixes the handling by appuing the backfill, then zeroing the variable
once they are applied. This leads to them being correctly filtered.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 17 Feb 2026 22:44:34 +0000 (23:44 +0100)]
python3: upgrade 3.14.2 -> 3.14.3
>From release notes [1]:
Security
* gh-144125: BytesGenerator will now refuse to serialize (write)
headers that are unsafely folded or delimited; see
verify_generated_headers. (Contributed by Bas Bloemsaat and Petr
Viktorin in gh-121650).
* gh-143935: Fixed a bug in the folding of comments when flattening an
email message using a modern email policy. Comments consisting of a
very long sequence of non-foldable characters could trigger a forced
line wrap that omitted the required leading space on the continuation
line, causing the remainder of the comment to be interpreted as a new
header field. This enabled header injection with carefully crafted
inputs.
* gh-143925: Reject control characters in data: URL media types.
* gh-143919: Reject control characters in http.cookies.Morsel fields
and values.
* gh-143916: Reject C0 control characters within wsgiref.headers.Headers
fields, values, and parameters.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 17 Feb 2026 17:41:44 +0000 (18:41 +0100)]
zlib: upgrade 1.3.1 -> 1.3.2
Delete patch included in this version.
Remove CVE_STATUS for CVE resolved in this release.
Release information: [1]
More details on homepage: [2]
Audit details: [3]
Version 1.3.2 has these key updates from 1.3.1:
* Address findings of the 7ASecurity audit of zlib.
* Check for negative lengths in crc32_combine functions.
* Copy only the initialized window contents in inflateCopy.
* Prevent the use of insecure functions without an explicit request.
* Add compressBound_z and deflateBound_z functions for large values.
* Use atomics to build inflate fixed tables once.
* Add --undefined option to ./configure for UBSan checker.
* Copy only the initialized deflate state in deflateCopy.
* Zero inflate state on allocation.
* Add compress_z and uncompress_z functions.
* Complete rewrite of cmake support.
* Remove untgz from contrib.
* Vectorize the CRC-32 calculation on the s390x.
* Remove vstudio projects in lieu of cmake-generated projects.
* Add zipAlreadyThere() to minizip zip.c to help avoid duplicates.
* Add deflateUsed() function to get the used bits in the last byte.
* Fix bug in inflatePrime() for 16-bit ints.
* Add a "G" option to force gzip, disabling transparency in gzread().
* Return all available uncompressed data on error in gzread.c.
* Support non-blocking devices in the gz* routines.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 13 Feb 2026 17:56:18 +0000 (17:56 +0000)]
systemd: Stop supporting sysvinit compatibility
Systemd has worked with sysvinit compatibility but upstream plans to remove
this and hence we will no longer be able to support it. We need to remove this
before the LTS since the support will certainly not be there for the lifetime
of the LTS.
This patch disables that usage mode and removes some of the compatibility logic.
There is more that can be removed, this is meant just to signal to people it is
no longer supported and start that process. Further cleanup can be made over time
in later commits.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add packageconfig option to enable legacy support (disabled by default).
The legacy module includes deprecated and unmaintained OpenSSL
components. Drops openssl-oss-module-legacy from a runtime depends to a
runtime recommends for ptest.
Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
TLS 1.0 and TLS 1.1 have been deprecated by the IETF since 2021.
Disables support by default in packageconfig, requiring users to
explicitly opt-in for these deprecated protocols.
Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Fix issue with number of retries on authentication failures.
- Fix issue with G.722 @ 16 kHz codec ID value reported by transport.
- Add support for Telephony interface.
- Add support for Ranging profile.
- Add support for GMAP service.
- Add support for TMAP service.
Full changelog:
https://github.com/bluez/bluez/compare/5.85...5.86
Changes relevant for the build:
- mcaptest tool has been removed
- sap and health profiles have been removed from the code base
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 13 Feb 2026 17:45:55 +0000 (17:45 +0000)]
mirrors: Drop obsolete/inappropriate OE/YP mirror entries
These fetchers aren't used by code that would end up on these mirrors and are about
to be removed anyway in some cases. Drop the pointless/obsolete entries.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Zhang Peng [Fri, 13 Feb 2026 08:10:03 +0000 (16:10 +0800)]
libxkbfile: upgrade 1.1.3 -> 1.2.0
Changelog:
- libxkbfile is used by the X servers and utilities to parse the XKB
configuration data files.
- This release adds a new XkbRF_FreeVarDefs() API, and brings over many
fixes from the other copies of XKB code in the various X.Org repos.
- Since no complaints were received about the added meson build system
in the 1.1.3 release (February 2024), the autoconf build system has been
removed in this release.
projects / thirdparty / openembedded / openembedded-core.git / log
