# Commit summaries (start not end) from release-0.28-default.lock.xml vs release-0.26-default.lock.xml ## asyncapi-spec-obj --------------------------- Commit: 9a969e5 --------------------------- ValidationError: Prevent error generator exhaustion This changeset fixes a bug which caused some ValidationError exceptions to be raised containing no validation errors. This happened because the generator of error messages being passed to the ValidationError constructor was being exhausted before the exception message could be created. This change prevents that from happening by storing a list of validation error messages in the ValidationError instance instead of the original generator object, allowing the list of messages to be iterated over multiple times. --------------------------- Commit: f451e08 --------------------------- .gitignore: ignore build and reports folders ## cfg-mgr --------------------------- Commit: a16b400 --------------------------- CSNMR-4816: Increase timeout value for entitlement checks due to increased traffic --------------------------- Commit: 2ba6e90 --------------------------- CSNMR-4816: Add startup check to cache role entitlement * This enables async updates to the role entitlements and prevents thread blocking caused timeout errors on entitlement checks --------------------------- Commit: caf2f23 --------------------------- CSNMR-4816: Allow license timeouts to trigger activation and expiration timeouts --------------------------- Commit: 66d169e --------------------------- CSNMR-4816: Remove hash check for license flag * This change makes it easier for users to add opt out flags via serial, as they do not need a specific file to trigger the flag, any file in the expected location will trigger the opt out --------------------------- Commit: 51b8ab3 --------------------------- CSNMR-4963: Add a timestamp to all outgoing event messages All agents that rely on the BaseCfgEvent and BaseEventEmitter classes will now get a timestamp field in the outgoing messages. If the agent already includes a timestamp field in the payload's top level, then that will be the one that is kept in the final published message since it is closer to the actual event. The asyncapi base_event_msg spec defines the timestamp as optional, so the transition to adding this timestamp will be seamless. Applications will work for older versions that don't have a timestamp, and this version will begin producing it. Unit tests are updated. ## judo-api-specs --------------------------- Commit: 8860f14 --------------------------- CSNMR-5490: add first pass of API conventions docs Added a note on conventions and link to syntax conventions doc. --------------------------- Commit: a936f19 --------------------------- CSNMR-5490: add first pass cfg/event API template Added first pass template-cfg-event.yml file. Using this file as a base for new APIs will help keep API additions in line with the syntax conventions. --------------------------- Commit: 7e91a20 --------------------------- fixup: remove unused tag from asyncapi.yml --------------------------- Commit: 6d6fcab --------------------------- CSNMR-5498: fix statusCode and casing in gnss_reset messages --------------------------- Commit: 7018613 --------------------------- CSNMR-5567: remove x-channel-name from asyncapi spec Removed x-channel-name extensions from all asyncapi definitions. This extension is deprecated and now unused. --------------------------- Commit: fba598f --------------------------- CSNMR-5302: Add signalBars to the wifi diagnostic spec In addition to the rssi signal strength, this adds signalBars for ease of displaying signal strength. The version is updated to 0.64.0. --------------------------- Commit: 80a7854 --------------------------- CSNMR-5523: Add minLength and maxLength to ssid field of 80211 spec The 80211 radios may have a SSID field 0 to 32 octets (bytes), so this change helps document the allowable size. --------------------------- Commit: ee6df44 --------------------------- CSNMR-5534: Change name of license_source to source to match spec conventions --------------------------- Commit: c920c83 --------------------------- CSNMR-5534: Add license source field to license status update --------------------------- Commit: f395c2b --------------------------- CSNMR-5363: Add system time message to the asyncapi spec A diagnostic system time event is added with the path {groupId}/event/diag/sys/time. This message uses the base_event_msg properties and the timestamp comes for free. There are no additional properties. The message will be produced once per minute. The version is updated to 0.62.0. --------------------------- Commit: 96f7528 --------------------------- CSNMR-4963: Add timestamp spec for all outgoing event messages By adding timestamp to the base_event_msg spec, all outgoing event messages may now have a timestamp with a defined format. It is optional so that the spec is compatible with older versions of the spec and code implementations. A corresponding change is expected to be made in the cfg-mgr base classes to automatically add a timestamp. Although agents can optionally add this timestamp to get a slightly more accurate time for when the event took place. The timestamp has date-time format (ISO 8601) like produced by the Python datetime.now().isoformat() function. --------------------------- Commit: 35dc80c --------------------------- CSNMR-5424: add soft_reset level to the sys cmd api Added soft_reset to the system command enum. This reset is not deleting data so was not included in the reset to defaults api enum. CTCT needs this to refresh the config agents without the overhead of a full reboot. --------------------------- Commit: 1625193 --------------------------- CSNMR-5424: add reply event for system commands topic Added event_device_sys_cmd channel so that system commands have a reply mechanism. --------------------------- Commit: 6cd1670 --------------------------- CSNMR-5427: add gnss reset API definition Added ctrl_gnss_reset and event_gnss_reset channels to the gnss manager APIs. These were asked for by CTCT to allow respins of the Titan engine when corrections sources change, and other levels of reset for troubleshooting. --------------------------- Commit: 7c08883 --------------------------- CSNMR-5424: move system commands into control.yml Moved the system command api into sys/control. Any control topics in sys/sys.yml are eventually destined for sys/control for smaller chunks of yaml to work on. --------------------------- Commit: b445cbe --------------------------- Add initial CODEOWNERS file Signed-off-by: Theodore A. Roth --------------------------- Commit: c5eab46 --------------------------- CSNMR-5362: Add temperature diagnostic API This temperature diagnostic API is intended to provide current temperatures from the /sys/devices/virtual/thermal folder. The message includes the sensor names and the temperature values in celsius as key-value pairs. It will be published on startup and at regular intervals. ## judo-auto-test --------------------------- Commit: 61d072d --------------------------- CSNMR-5622 Improve canbus tests and fix failures - Unskip test for CSNMR-5621: fix root cause of failure. A single shared buffer holds incoming MQTT messages; each new subscribe replaced it, so tests sometimes read from the previous subscribe’s (empty) buffer. Fix by aligning subscribe/listen usage so the correct buffer is used. - Improve canbus test flow and robustness. --------------------------- Commit: a4c4c31 --------------------------- CSNMR-5621 Skip canbus test --------------------------- Commit: ec85a83 --------------------------- CSNMR-5590 Remove duplicate ping tests - Multiple ping tests were imlemented in RF. eth_4we_1, eth_2we_1, eth_2we_2, and eth_bd992. Remove these tests from Slash as they are no longer needed there. --------------------------- Commit: 13445d0 --------------------------- CSNMR-5585 Unskip Reboot Initiates License Refresh RF testcase - CSNMR-5534 was implemented so unskip the reboot. test. After the reboot completes and the License Process State reaches complete. There is an additional check to verify that the source of the restored license is from the cloud. --------------------------- Commit: 8310ed5 --------------------------- CSNMR-5578 Fix can_bus.robot test - The CI fails the mp1010_mqtt_api/canbus.robot tests. Root cause is the enable parameter for the publish message is set to a RF ${True}/${False} and not true/false as required by in the payload. The fix is to set the values correctly --------------------------- Commit: 9fa319f --------------------------- CSNMR-5395 Add CANBus robot test CSNMR-5395 Version of canbus robot test CSNMR-5395-CANBus Robot test --------------------------- Commit: 19916a6 --------------------------- CSNMR-5393 - Implement CAN bus configuration handling keywords - Add keywords to enable/didable can interface and get can interface setting using MQTT --------------------------- Commit: 72f9b67 --------------------------- CSNMR-4816 Skip licensing test for CSNMR-5534 - Skipped the licensing->Reboot Initiates License Refresh test due to tests inablilty to detect if the license was updated via cloud. --------------------------- Commit: 3c92cef --------------------------- CSNMR-4816 Fix test Reboot Initiates License Refresh - A bug was introduced with CSNMR-4816 updates that caused a race condition in the test where after reboot the payload used to validate the entitlements could be stale and cause a false result. New keywords where added to the library to wait for certain conditions are met before doing the validation --------------------------- Commit: 848d8b7 --------------------------- CSNMR-4816 Add new keywords - Added 3 new keywords: - is_license_process_state - get_diag_license_process_state - wait_for_license_process_state --------------------------- Commit: 9b10ab0 --------------------------- CSNMR-5515 Remove depricated keywords - Removed the depricated keywords from the judo_mqttlibrary --------------------------- Commit: 03ba649 --------------------------- CSNMR-5515 Fix lint problems in RF tests - Fixed multiple lint problems in the RF test suites. --------------------------- Commit: b5097e5 --------------------------- CSNMR-5493 Add Install New Licence test cases - New test case that test the ability to obtain licenses from the license server if no licenses are currently applied to the device. --------------------------- Commit: 4183750 --------------------------- CSNMR-5493 Add Delete All Licenses keyword - Added a keyword called Delete All Licenses which publishes a remove_licenses topic to the Judo device --------------------------- Commit: 36b40c4 --------------------------- Fixed __init__.py SystemControlLib misspelling The spelling for SystemContrlLib in __init__.py did not match the class name trying to import the library as systemcntl_lib.SystemControlLib --------------------------- Commit: 5587434 --------------------------- CSNMR-5331 Add GNSS lease keep-alive to test cases - Added GNSS keep-alive to test cases to keep the GNSS lease from expiring prematurely before the HF GSOF check can be completed --------------------------- Commit: 38b2413 --------------------------- Skip GNSS UHF radio test cases - Skipping the test_feed_correction_data_from_uhf_to_gnss tests are failing Error: AssertionError: GNSS receiver fix mode is not RTKFixed after 60 seconds. See CSNMR-4669 --------------------------- Commit: d1bcf48 --------------------------- CSNMR-5068: Remove issue from tests/test_wifi.py:test_default_wifi_configuration skip marker This changeset removes CSNMR-5068 from the list of issues causing this test to be skipped. Note that CSNMR-5069 has not been completed, so this test will not run yet. --------------------------- Commit: ef07358 --------------------------- CSNMR-4238: Remove stray dependence on separate uut_mqtt_id fixture --------------------------- Commit: d0a908e --------------------------- CSNMR-4669: Remain in RTKFixed mode for non-zero time Removing the UHF correction stream from the GNSS receiver as soon as it reports RTKFixed position mode causes the receiver to get stuck in that mode even when the correction stream is removed. Having the test maintain the correction stream to the receiver for 20 seconds after it enters RTKFixed position mode fixes this behaviour. --------------------------- Commit: ad16040 --------------------------- CSNMR-4669: Ensure UUT is not in RTKFixed mode before test If this not done, the UHF radio could be enabled before checking that the BD992 is not in RTKFixed mode, making the test invalid (as the BD992 is not switching to RTKFixed mode as a result of receiving valid correction data). Ensuring that the UUT is not in RTKFixed mode is more correct than ensuring that it is in GNSS mode, as the UUT is not guaranteed to return to GNSS mode when the UHF correction data stream is lost, depending on how it is configured and which other correction sources are available. --------------------------- Commit: 3a62040 --------------------------- CSNMR-4669: Add useful error message to test_feed_correction_data_from_uhf_to_gnss --------------------------- Commit: 92f95f0 --------------------------- CSNMR-4669: Reinstate skipped test --------------------------- Commit: c31e770 --------------------------- CSNMR-5324: Reinstate skipped test --------------------------- Commit: b036731 --------------------------- CSNMR-5479 Increase timeout for SUB Event Diag Sys Resource test - Fix the intermittent timeout that occurs when sending 'event/diag/sys/resources' toping and waiting for a response. The was increased from 30s to 45s --------------------------- Commit: 06f9f1d --------------------------- CSNMR-5434 Refactor judmwttlibrary featurelibs for new keywords - Refactor all of the feature libs to use the new refactored single word keywords --------------------------- Commit: ec26b88 --------------------------- CSNMR-5434 Refactor judomqttlibrary single word keywords - Refactored single word keywords in mqttcommand.py and abstract_device_lib.py to be multi-word and more descriptive of what the keyword actually does. The keywords affected were connect(), disconnect(), publish(), and subscribe(). Additionally this resolves issues with linter warning that Robot Framework keywords are not to spec. - Retained origial single work keywords for backward compatibility and marked as depricated. Then from these each old keyword calls the new improved keyword name - Updated incorrect keyword examples --------------------------- Commit: 1f786bb --------------------------- CSNMR-5444 Add repeating pub gnss lease keyword - Added keywords gnss.resource file which contains keywords to support GNSS operations - Added Repeat Publish GNSS Lease keyword. This keyword basically allows GNSS Lease keep-alive by sending a gnss lease publish for some number times with a wait period between each send. --------------------------- Commit: aae40d2 --------------------------- CSNMR-5420: Switch WCO roof 450MHz UHF base station This changeset changes the base station used for 450MHz UHF reception tests from 464.55MHz to 469.55MHz, as the base station on 469.55MHz has a more stable configuration. --------------------------- Commit: a84c502 --------------------------- test_uhf.py: Remove test_correction_data_available_externally case This test case causes problems because its criteria are more strict than required for a listening GNSS receiver to maintain an RTK Fixed position, and it is more difficult to implement the criteria used by a GNSS receiver in this test than it is to simply _use_ a GNSS receiver to decide if the correction stream is acceptable or not. This sort of testing is already done by test_gnss.py:test_feed_correction_data_from_uhf_to_gnss, so there is no need for this test case to exist any more. ## judo-bd992-fw --------------------------- Commit: e86f0c1 --------------------------- CSNMR-5600: update BD images for stella Update BD images for stella to 6.60-0.27 Stella Checksum = 0x3EFE8B8D --------------------------- Commit: fc7599b --------------------------- CSNMR-5214: update BD images for stella Update BD images for stella to 6.60-0.24 Stella Checksum = 0x179D32E4 ## judo-cfg-agents --------------------------- Commit: b14dfc7 --------------------------- CSNMR-5428: Add support for GNSS Reset GNSS supports the following GNSS reset levels: * PVT: The PVT Engine (RTK/RTX) is restarted without restarting tracking or rebooting the GNSS subsystem. * SV_DATA: Clears stored ephemeris and almanac data and reboots the GNSS subsystem. * FULL: Restores the receiver to factory state. This will clear Ephemeris and Almanac data, clear all logged data, reformat storage, restore factory settings and reboot the GNSS subsystem. For each of the reset levels, the following steps are taken: 1. GNSS Manager Agent stops bd992-handler 2. Perform BD reset a. bd992-handler reset [serial_port] [reset_level] b. Where reset_level is PVT, SV_DATA, or FULL c. Wait for reset to complete 3. GNSS Manager Agent starts bd992-handler --------------------------- Commit: 1eea9e8 --------------------------- CSNMR-5564: Change firmware_ota_agent to check internet connectivity This changes the agent to only access the internet for identity certificates and firmware updates when there is internet connectivity. The reason for this is the cloud access functions can take a long time and might interfere with local firmware updates. Once internet is available, those cloud checks are usually fast and take a few seconds. In agent.py: It adds a new class to receive internet diagnostic messages to notify the manager when internet is available. The call to device_update_identity_cert() is removed where the environment is updated. Instead, the manager gets the cert when it needs to check for firmware so that both operations are controlled by the same logic. The class SetEnvCfgEvent is instatiated after the FirmwareOtaUpdateManager so that internal settings do not get overridden with defaults in the manager. In manager.py The function setDeviceParams is broken into two parts. It still sets the environment _device_params for stage or prod. But the cloud_params are extracted in the new _extract_base_url() after the certificate is downloaded. Finally, the check_update has two new additions. 1. It tests if the _internet_connected flag is set. If not it schedules another try for later. 2. It downloads the identity certificate if it is the first try or if the environment has changed. If that download fails, it schedules another try. --------------------------- Commit: cee59f6 --------------------------- CSNMR-5564: Fix local firmware update to not check for certificates This is the main fix for the local updates that were timing out because the call to update_env() was taking a long time. Now it does not check for a certificate when stop_cloud_update and install_update commands are sent. --------------------------- Commit: 837fdda --------------------------- CSNMR-5564: Check for firmware update after broker connection This change moves the initial firmware check to after the agent is connected to zenoh to enable it to check internet status. It also has the benefit of making the initial startup faster. --------------------------- Commit: a9b04bd --------------------------- CSNMR-5426: Add soft_reset to system_control_agent Add soft reset to system_control_agent using systemd stop and start commands from a soft_reset.sh script. system_control_agent sends the SUCCESS_COMMAND_EXECUTED event notification on accepted soft_reset command start. --------------------------- Commit: 6a8c581 --------------------------- CSNMR-5214: Add support for Stella firmware update Check for Stella or BD992 to determine static GNSS configuration file. Generate GNSS configuration adjusting the Stella firmware image and firmware checksum on a unit with Stella. Add GNSS Mgr check for cfg change. To avoid unnecessary GNSS restarts, GNSS configuration does the following: 1. Update and merge GNSS configurations 2. get current GNSS configuration 3. compare merged and current configuration 4. restart GNSS handlers if configuration has changed. --------------------------- Commit: 77ab641 --------------------------- CSNMR-5572: add MP1087 model support to system properties Added a duplication of the MP1086 component sets for MP1087. MP1087 hardware is essentially the same as MP1086, we just need to accept both models. Potential refactor of variant and suffix is a later question for Sumo development. --------------------------- Commit: dd1c520 --------------------------- CSNMR-4051: Add 80211/Wifi/Halow diagnostics info implementation Diagnostic code is implemented in the ieee80211_agent to produce the event_diag_80211_info message. The reason it is in the agent and not in the diags_agent is to keep this code close to the agent it monitors. The diagnostic class could be moved to the diags agent easily if needed. Messages are published for wifi and halow radios. At the moment, the halow message is mostly blank unless the halow radio gets turned on with "sudo modprobe nrc". This diagnostic code does a lot of command line queries to gather information with parsing steps. The unit tests cover all the conditionals so there are a lot of tests. --------------------------- Commit: c4357b0 --------------------------- CSNMR-5462: extend cell service stops in MFG API Added a restart of the ModemManager service just after the MFG API modem AT command handler takes down a bunch of cell services. Added celldiags_agent and NetworkManager to the stop list. In the last OS release to the CM the first issued modem AT command was failing 40 % of the time. Stopping celldiags and Network manager reduced the occurences. Restarting ModemManager after killing cell services fully resolved the issue. Serial port conflicts and half finishing ModemManager interactions were likely the cause. --------------------------- Commit: ec6e9cd --------------------------- CSNMR-5002: Add Logging to GNSS Mgr Add GNSS Logging support to GNSS Manager Agent to control BD Logging with "schedule" support of Disabled, Always, and Continuous. Add runtime generation of GNSS configuration files. The generated GNSS configuration file (.toml) will be located in '/cfg/sysconfig'. The generated configuration is a merge of the static base GNSS configuration files in '/etc/gnss' and the GNSS logging runtime configuration parameters The static GNSS base files are selected as before from the GNSS machine type cfg and GNSS lease cfg. The GNSS runtime cfg is generated from the GNSS logging cfg. The runtime configuration "wins" over the static GNSS cfg files if there are any commen keys. --------------------------- Commit: af5bc45 --------------------------- CSNMR-5534: Add tracked source of refresh request to license process state message --------------------------- Commit: 969efb1 --------------------------- CSNMR-4816: Check access token on connect before confirming remote connection --------------------------- Commit: 9401cae --------------------------- CSNMR-4816: Fix UHF agent licensing issue * UHF agent was not checking license validation on startup, which caused the check to not be properly cached * This caused subsequent misses checking UHF entitlement status --------------------------- Commit: b88e219 --------------------------- CSNMR-4816: Increase the license forced refresh period for internal testing purposes --------------------------- Commit: 5f1fd74 --------------------------- CSNMR-4816: Enable stage env by default for licensing * This is a temporary change to make the early phase of testing easier until the prod lms env is ready for use * This removes the requirement that users manually set the environment --------------------------- Commit: 5e5feff --------------------------- CSNMR-5478: Remove required id field from license xml schema --------------------------- Commit: ef63e7d --------------------------- CSNMR-5363: Add system time message emitter to the diags_agent This change produces the asyncapi message for event_diag_sys_time. It is a simple message with just a timestamp field and deviceId. The code publishes an empty dict and the base class adds the required fields. A unit test is included. --------------------------- Commit: a4d141a --------------------------- CSNMR-4963: Update unit tests to handle the new timestamp field Cfg-mgr now adds a timestamp field to all messages published with the BaseEventEmitter and BaseCfgEvent classes. The unit tests failed when comparing expected output with actual output payloads. This change is to fix the unit tests to drop the timestamp before doing the comparisons. --------------------------- Commit: fb0cbb4 --------------------------- CSNMR-4963: Update reference to cfg-mgr The cfg-mgr libraries are updated and this changes pyproject.toml to reference the updated hash. The cfg-mgr base BaseEventEmitter class now adds a timestamp to outgoing event messages. --------------------------- Commit: caf9ffb --------------------------- CSNMR-5407: Fix the snapshot tar to keep going on errors A case was found where the tar.add function could not open a listed file and cancelled the snapshot. Since we want to get the snapshot even if a file could not be read, it now continues after logging a warning with an error message. Unit tests are updated to test the new exception handler. Some redundant unit tests are removed. --------------------------- Commit: 1318ee2 --------------------------- CSNMR-5362: Add temperature reporting to the diags_agent This implements the api message for event_diag_temperatures by adding temperatures.py to the diags_agent. It reads the temperatures from /sys/devices/vertual/thermal/thermal_zone* folders. It publishes the message every 5 minutes or whenever a change greater than 2 deg C is detected at the regular check interval of 30 sec. The file diags_agent/agent.py is updated to import the new class and run it. Unit tests are added. ## judo-design-docs --------------------------- Commit: b4b328d --------------------------- CSNMR-5428: Update GNSS Manager Docs for GNSS Reset Update GNSS Manager design documentation for GNSS Reset. --------------------------- Commit: 5b71ecd --------------------------- CSNMR-5214 Update GNSS Design Documentation Updated the GNSS Manager design documentation to support dynamic runtime parameter changes. The system now generates a unified configuration by merging static base files, runtime-generated logging settings, and optional manual overrides using a "last-one-wins" priority hierarchy for matching keys. ## judo-radio-utils --------------------------- Commit: e9f54c3 --------------------------- CSNMR-5628: Remove functional test start and stop scripts The setup and teardown actions performed by these scripts are now performed by the MQTT test console. --------------------------- Commit: 3046c99 --------------------------- CSNMR-5628: Add Phoenix functional test service This changeset adds a service which runs the Phoenix handler, receiving data on the frequency used in the functional test and publishing that data on the port used for observable data output, so that the data can pass through the firewall and be received by the test monitor/controller. --------------------------- Commit: 703f44e --------------------------- CSNMR-5628: run-phoenix-suhf.py: Allow configuring output address The firewall allows outgoing traffic on port 12101 for observables data from the UHF radio. This changeset allows the output address to be configured for this port so that observable data can be received by the functional test controller, while retaining the default behaviour of sending observable data on 0.0.0.0:1234. --------------------------- Commit: d43e789 --------------------------- CSNMR-5628: Add send-observables systemd service Making send-observables a systemd service avoids the complexity of managing the process directly in tests. --------------------------- Commit: afc66c6 --------------------------- SUMO-553: Add read-5v-psu-amps.py and run-phoenix-suhf.py helpers With some minor modifications, these scripts have been copied from the attachments to SUMO-553. --------------------------- Commit: a8fcdd0 --------------------------- CSNMR-5538: Fix HaLow subnet The default HaLow subnet is 192.168.44.0/24, not 192.168.200.0/24. --------------------------- Commit: 4a096b7 --------------------------- CSNMR-5538: Remove HaLow AP/STA setup scripts Setting up the HaLow AP and STA can now be done using the MQTT API. --------------------------- Commit: 460c5cb --------------------------- CSNMR-4649 Functional Test Updates for Swift Modify halow-test-us-*-open.sh to add arguments for not running wpa_supplicant or hostapd. Create a systemd service file for managing these services. ## judo-rest-api --------------------------- Commit: 645a0b6 --------------------------- CSNMR-5448: Add file patch REST service This new patch service runs as a separate process from the Judo-rest-api. The reason is so it can be started and stopped on its own. Later, a license check may be done to enable the service. The new patch service takes a file and attempts to uncompress it. It returns error messages and logs activity to a file in /cfg/patch/mp_patch_history.log. Unit tests are added for basic functionality. ## judo-security --------------------------- Commit: 4488171 --------------------------- Replace jabil references with mfg and/or manufacturing ## judo-web-ui --------------------------- Commit: 378e08f --------------------------- Hide the API Debug section with a toggle button on the v0 page The Judo API Debug section is now hidden because it is rarely used. It can be shown with a toggle button. It is still useful for testing communication with the back end. --------------------------- Commit: a3eb190 --------------------------- CSNMR-5448: Add a File Patch Service section to the v0 web UI A new section is added to the v0 web UI to allow a patch zip file to be sent to the device. It shows a panel with patch log file contents. A test folder is created with a simple test zip file that can be used to test the service. --------------------------- Commit: c9af362 --------------------------- CSNMR-5002: Add v0 web UI dialog for gnss logging configuration The v0 web page has index.html and judo.js updated and gnss_log.js added to include a form for gnss logging configuration. It sends a message to the Judo that will be picked up the the gnss_manager agent. The agent will pass the information to the bd922-handler to configure the BD GNSS receiver logging settings. ## manifest-judo --------------------------- Commit: 026dc59 --------------------------- CSNMR-5428: Freeze manifest for release 0.28 This changeset freeze the manifest using the layer hashes from https://bamboo.trimble.tools/browse/CC-JUDO899-2/artifact --------------------------- Commit: 22e57f3 --------------------------- CSNMR-5483: Setup for release 0.28 --------------------------- Commit: d34f237 --------------------------- SUMO-552 commit message summaries for builds All of these scripts are designed for stand-alone use. They are **not** part of the build process (at least not yet). All of these scripts scrape the git history of all the Judo repositories, to list commits used for a build. The repositories must already checked out or updated (using the Android repo tool). - buildinfo_summaries.py uses the `/etc/os-release` and `etc/buildinfo` from an live Judo/Timo/Sumo, to get the messages. This script will grab the necessary files from the DUT, via ssh. - xml_lock_summaries.py uses a default.lock.xml from the Bamboo artifacts, to get the messages. The default.lock.xml must be manually downloaded. - xml_lock_summary_diff.py uses two default.lock.xml from the Bamboo artifacts, to get the messages for all commits called out by hashes in the two default.lock.xml files. The default.lock.xml files must be manually downloaded. - scripts/bamboo_fw_download.py: download Bamboo firmware artifacts (.raucb, optional .wic.xz) via REST API and PAT; supports multiple plan keys (Judo-HS-Prod, RPi, Sumo), label expansion from HTML browse pages, pre-signed S3 URLs, --force, -v/--verbose. - scripts/*.md: requirements for the script (purpose, inputs, core behavior, CLI, constants, dependencies, etc). Note: All the scripts in this commit were created with AI, which is why the scripts/*.md files have been included, even though they are not directly used. --------------------------- Commit: b4b9ea3 --------------------------- CSNMR-5203: Propagate build errors up to bamboo We are not properly propagating yocto build errors up to bamboo from the docker containers. As such, bamboo always thinks the build succeeded and then tried to run the regression tests when it should not and the tests fail. This is confussing since it looks like the tests failed, when that is not actually where the failure was. Signed-off-by: Theodore A. Roth --------------------------- Commit: 12b5296 --------------------------- CSNMR-5413: OS snapshot capture after test jobs Add pull-dut-os-snapshot.py to capture the DUT OS snapshot via MQTT after each test run. The script subscribes to system_properties for the device ID, triggers a snapshot, waits for completion, and downloads the resulting archive to the Bamboo workspace. Each test wrapper (firmware, radio/GNSS, cell) now calls the snapshot script inside the TEST_CORE_IMAGE block. The snapshot exit code is ignored; a required Bamboo artifact enforces that the snapshot was produced, failing the job at artifact collection if missing. Signed-off-by: Brady Hill --------------------------- Commit: 7625499 --------------------------- scripts: Remove judo-build hash server from configuration The hash server on the judo-build server no longer exists, and attempting to contact it generates warning messages in the build log. This change fixes the following warnings in the build output (and other similar warnings in specific recipes): WARNING: Error contacting Hash Equivalence Server judo-build.ap.trimblecorp.net:8686: [Errno -2] Name or service not known --------------------------- Commit: 2d54883 --------------------------- New kernel lock on builds to help with ec2 scaling Signed-off-by: Brady Hill --------------------------- Commit: 4d1783c --------------------------- SUMO-483: Update notes on enabling compliance feature --------------------------- Commit: 0a7c2fc --------------------------- BEDROCK-194 yocto mirrors used in manifest-judo Signed-off-by: Brady Hill --------------------------- Commit: 5fe14e4 --------------------------- Remove sumo logic from bamboo-build There was previous logic that pinned sumo to only build a couple images instead of what was passed into the script arguments. That logic has been removed and it will build anything passed in as an argument Signed-off-by: Brady Hill --------------------------- Commit: cefa5d6 --------------------------- CI: bugfix: artifact Sumo full bundles --------------------------- Commit: 9a2ad42 --------------------------- Switch to github mirrors for upstream The Yocto project repositories are running extremely slowly which is causing numerous build failures. To be reverted if/when the Yocto upstream issues are resolved. --------------------------- Commit: 39b46dc --------------------------- SUMO-539: CI: Artifact OPTEE TA public signing key ## meta-bedrock --------------------------- Commit: dee7577 --------------------------- BEDROCK-191: certmgmt: Update recipe to support 0.0.8 and 0.1.2 Between 0.0.8 and 0.1.1 of device-id-cert-tools, there was a major refactoring of the code base to add support for IAM as the future of profiles and bootstrap. Instead of just updating the recipe from 0.0.8 to 0.1.2, we need to continue to support the 0.0.8 code base as Judo should not consume the refactored code since it has not been tested on devices yet. We need to integrate the new code base into bedrock first to facilitate testing on RPI devices. For now, the default behavior will see builds getting the 0.0.8 code base unless the following is set in `local.conf` or `user.conf`: PREFERRED_VERSION_device-id-cert-tools = "0.1.2%" This will force using the `device-id-cert-tools_git.bb` version of the recipe. We will be doing that for bedrock builds so that we can test the new code base on real devices. Signed-off-by: Theodore A. Roth --------------------------- Commit: 435e3fb --------------------------- BEDROCK-191: certmgmt: Fix adding hsm-init-yubikey.py When setting the FILES variable for the device package, need to append instead of assign in the .bbappend so as not to clobber the value set in the main recipe. This was causing the files defined in the main recipe to not be included in the device sub-package. Signed-off-by: Theodore A. Roth --------------------------- Commit: 77281fb --------------------------- BEDROCK-183: Force setting adminuser password on first login Signed-off-by: Theodore A. Roth --------------------------- Commit: dc50134 --------------------------- BEDROCK-183: openssh: Remove debug-tweaks Upstream has removed `debug-tweaks` as allowed value of `IMAGE_FEATURES`. Signed-off-by: Theodore A. Roth --------------------------- Commit: 7843d41 --------------------------- packagegroup-bedrock-core: Remove openssl-ossl-module-legacy Upstream has disabled legacy-openssl by default, so the need to pull in the openssl-ossl-module-legacy-module for the python3-cryptography package is no longer needed. The upstream changes were breaking the bedrock builds. Signed-off-by: Theodore A. Roth --------------------------- Commit: d25d879 --------------------------- Add systemd-analyze to os images This enables the ability to analyze the boot sequence and timing on a device. Signed-off-by: Theodore A. Roth --------------------------- Commit: f3a0aa0 --------------------------- BEDROCK-195: hostapd: Fix to avoid invalid long SSIDs The hostapd daemon will fail to start if the SSID is set to a value longer than 32 characters. Example failure: Feb 11 13:47:30 bedrock-f60d58706fb34fc3-x1 hostapd[635]: Line 1: invalid SSID 'bedrock-f60d58706fb34fc3-x1-7c7749' Feb 11 13:47:30 bedrock-f60d58706fb34fc3-x1 hostapd[635]: 1 errors found in configuration file '/tmp/hostapd.conf' If the SSID is too long, it will be truncated to 32 characters. Signed-off-by: Theodore A. Roth --------------------------- Commit: 4ce9cb2 --------------------------- crun: Fix QA error which is breaking the builds Quells the following QA error: ERROR: crun-v1.24.0+git-r0 do_package_qa: QA Issue: crun: recipe doesn't inherit features_check [unhandled-features-check] This needs to be submitted to upstream meta-virtualization. Signed-off-by: Theodore A. Roth --------------------------- Commit: 24fb9e3 --------------------------- BEDROCK-190: Use nginx instead of lighttpd The nginx http server supports openssl engines and providers for pkcs#11 storage/access of privates keys for https. This also introduces a basic bedrock-web-ui package to install static web pages for the server to host. The web ui package uses a virtual webserver config dependency to decouple it from a specific web server, so in theory, end users can select which web server to use via setting `PREFERRED_RPROVIDER_virtual-webserver-config`. Signed-off-by: Theodore A. Roth ## meta-judo --------------------------- Commit: 559b07b --------------------------- CSNMR-5483: Set version number for release 0.28 --------------------------- Commit: 41dab7e --------------------------- CSNMR-4696: recovery: Fix DHCP server race on boot When booting into recovery mode, there is a race condition with starting the dhcp server and the mounting of the `/var/lib` path. The `/var/lib` must be read-write before the DHCP server can be started. There are multiple services that rely on `/var/lib` being read/write, so improving the startup service dependencies allows the system to boot up into recovery and provide DHCP services to connected devices. Signed-off-by: Theodore A. Roth --------------------------- Commit: 34694d1 --------------------------- CSNMR-5600: Add GNSS stella firmware update Update stella firmware GNSS override configuration to 6.60-0.27 --------------------------- Commit: 7c99eca --------------------------- CSNMR-5538: Add halow-uhf-rf-path-ctl utility to Sumo image The halow-uhf-rf-path-ctl utility configures the RF path shared by the HaLow and UHF radios on Sumo hardware. --------------------------- Commit: d266da2 --------------------------- CSNMR-5538: Enable load-nrc service on boot Running the load-nrc service to load the HaLow driver on boot seems to produce reliable results, and is simpler than running the service manually. --------------------------- Commit: 98fe292 --------------------------- CSNMR-5588: Update the Judo web UI to version 0.24.10 The recipes are renamed with the new version and the Artifactory checksums are changed to match the new files. --------------------------- Commit: f8eab82 --------------------------- Fix judo-web-ui.conf to not cache v0 pages There can be times when the v0 web UI displays cached versions of files. This change adds the necessary header to v0 responses to avoid caching. It may still be necessary to hit Ctrl-F5 to do a hard reload if an older version was installed that did not have this caching fix. --------------------------- Commit: 150049c --------------------------- CSNMR-5214: Add GNSS auto stella firmware update Add GNSS automatic firmware update for stella. If unit has a stella, then the GNSS Manager will read a stella configuration override file to generate a GNSS configuration with the stella firmware image file and firmware checksum. If there is a stella firmware checksum mismatch, the bd992-handler will automatically update the stella firmware. --------------------------- Commit: 6b5b9a9 --------------------------- CSNMR-5567: update SRCREV judo-api-specs --------------------------- Commit: e4af1da --------------------------- CSNMR-5302: Update SRCREV for judo-api-specs --------------------------- Commit: b195607 --------------------------- CSNMR-5448: Add Judo Patch Service files and update SRCREV This change brings in a service file named judo-patch.service to start the judo-patch service. Even though it is part of the judo-rest-api, the patch service runs independently because later there may be a license check before the service will start. The patch service allows .tar.gz patch files to be installed on the device. The judo-web-ui.conf file modifies lighttpd to send the api call to the patch service instead of the standard judo-rest-api. It also provides an alias for the mp_patch_history.log file so that the web UI can load the log file. The judo-web-ui and pythong-judo-rest-api SRCREV is updated to get the corresponding change for the v0 web UI. --------------------------- Commit: 05328a1 --------------------------- CSNMR-5514: Update Judo web UI to version 0.24.7 The recipes for the web UI and the recovery web UI are renamed with the new version and the Artifictory check sums are updated. --------------------------- Commit: 85bb68d --------------------------- BEDROCK-191: device-id-cert-tools: Set preferred version Judo should not yet use the latest version of device-id-cert-tools (`0.1.2+git`), so we need to explicitly select the older version. Before we switch to the latest version (which we need for IAM support), more testing of it is needed. Signed-off-by: Theodore A. Roth --------------------------- Commit: b1788c7 --------------------------- CSNMR-5523: Update SRCREV for judo-api-specs --------------------------- Commit: 202d645 --------------------------- CSNMR-5002 Move judo-web-ui SRCREV to an include file Both judo-web-ui and judo-web-ui-recovery rely on the same SRCREV, so it is now moved to an include file so that it is updated once. The judo-api-specs SRCREV is also updated. --------------------------- Commit: c191789 --------------------------- CSNMR-5534: Update SRCREV --------------------------- Commit: 1b13fa3 --------------------------- CSNMR-5534: Update SRCREV --------------------------- Commit: 71f969b --------------------------- Bugfix: Use correct nrc7394 halow module FW file The `nrc7394` module fails to initialise with the default FW file, so install/deploy `nrc7394_cspi_eeprom.bin` and update the driver to load that file by default. --------------------------- Commit: 5ae3694 --------------------------- CSNMR-4649: Add openssh-misc package to CI image This package provides the ssh-agent and ssh-add utilities which allow setting up SSH connections to the UUT and secondary unit for tests which are not yet supported by the MQTT API. --------------------------- Commit: bbf9402 --------------------------- CSNMR-4649: Add Sumo test setup RPi to hostname lookup --------------------------- Commit: 9474a6b --------------------------- Bugfix: Store container data in /data partition Was previously trying to store in the user home, but that only worked for non-root users as the root users home is now `/root` and there is no R/W overlay for it. --------------------------- Commit: 1bab4a6 --------------------------- SUMO-483: Add bluetooth CW recipe when compliance feature present Convert compliance feature from a MACHINE feature to a DISTRO feature. --------------------------- Commit: 68d26bb --------------------------- CSNMR-5363: Update SRCREV for judo-api-specs --------------------------- Commit: bc0ece9 --------------------------- CSNMR-5340: Set version of main to 0.27 --------------------------- Commit: ab0f466 --------------------------- SUMO-279: ms9xx-bridge -> rust-gnss refactor Handle the renamed packages in the packagegroups, and only include the command-line tools in -devel images. --------------------------- Commit: 6dcf9b4 --------------------------- CSNMR-4963: Update SRCREV for judo-api-specs --------------------------- Commit: 4f9f09c --------------------------- CSNMR-5424: update SRCREV --------------------------- Commit: 8d37995 --------------------------- CSNMR-5208: put mfg partition write/clear script in prod Put recipe mfgfs-create into the base judo packagegroup so that write-clear-mfg-partition.sh is available in devel and prod builds. The system control reset API depends on this script being present for the manufacturing level reset to work. We want the API to work in prod, so the script is being made available there. --------------------------- Commit: a9e8595 --------------------------- SUMO-481: minicom: Fix setting of serial port baud rates Required for glibc 2.42+ support which Yocto has recently updated to. --------------------------- Commit: fdb51a1 --------------------------- Bugfix: Define device variant for Sumo --------------------------- Commit: 9d23dd3 --------------------------- SUMO-276: Add Bluetooth FW updater recipe to Sumo --------------------------- Commit: ec2d454 --------------------------- CSNMR-5198: Add model suffix to systemd environment Adding the model suffix (500, 510, etc) to the systemd environment allows services to be started based on this value. For example, the enable-uhf service which controls the power supply for the Satel radio should only be enabled on -510 Judo units. --------------------------- Commit: e87054e --------------------------- CSNMR-5362: Update SRCREV for judo-api-specs ## meta-judo-bsp --------------------------- Commit: c31c1c9 --------------------------- CSNMR-5628: judo-radio-utils: Update SRCREV This changeset also adds systemd services for running the secondary Judo unit's Mikimoto UHF transmitter and the UUT's Phoenix UHF receiver. These are used during functional testing of the UUT's Phoenix UHF receiver. --------------------------- Commit: cbd8df9 --------------------------- CSNMR-5628: gpioset-services: Enable Sumo UHF LNA on boot --------------------------- Commit: ea481c9 --------------------------- SUMO-553: judo-radio-utils: update SRCREV This changeset also adds the python3-smbus2 dependency to the judo-radio-utils recipe, as it is required by the read-5v-psu-amps.py script. --------------------------- Commit: 7ae5eac --------------------------- CSNMR-5538: Configure Sumo HaLow/UHF shared RF path on boot This changeset adds a service which configures the shared HaLow/UHF RF path on Sumo when the device boots. This service is a temporary solution to configuring this part of the hardware, and this commit should be reverted once the RF path is configured via the MQTT API. --------------------------- Commit: 67197f2 --------------------------- CSNMR-5538: Add Sumo HaLow/UHF shared RF path config utility --------------------------- Commit: f210b3b --------------------------- CSNMR-5538: judo-radio-utils: update SRCREV This changeset also removes the HaLow AP and STA services used by the functional test, as HaLow is now configured using the MQTT API. --------------------------- Commit: 9e25513 --------------------------- CSNMR-5454: program-uhf-fpga: Update FPGA image --------------------------- Commit: ab82d76 --------------------------- CSNMR-4649: judo-radio-utils: Package systemd service directories The systemd service directories need to be packaged by this recipe because they now contain services for starting the HaLow AP and STA for functional testing. --------------------------- Commit: 18a12f7 --------------------------- CSNMR-4649: judo-radio-utils: Update SRCREV --------------------------- Commit: aab6bc5 --------------------------- Bugfix: Set radio regulator to a fixed voltage Defining a 'fixed' regulator with differing min and max voltages is not supported and was preventing the radio and all derived regulators (Wi-Fi regulators in particular) from being initialized properly, this does not affect the HW in any way as the regulators are not SW controlled, just cleaning up a harmless warning. --------------------------- Commit: 83f4dc9 --------------------------- DeviceTree: remove non-removable property from Wi-Fi With a GPIO-controlled power supply (`WF_BT_PWR_EN` GPIO) the Wi-Fi module is effectively removable and removing the `non-removable` property ensures the kernel will detect and initialize the Wi-Fi interface whenever it is powered up. --------------------------- Commit: 4248776 --------------------------- Wifi Silex SDMAC: configurable IO voltages Ongoing issues are preventing the Wi-Fi module from operating at 1v8 IO voltages, but there is still a need to be able to test fixes. Allow Wi-Fi IO voltages to be configured via the presence of a `enable_wifi_1v8` file in the boot partition, (i.e `/boot/enable_wifi_1v8`) that results in an overlay being applied to the kernel DeviceTree by U-boot. --------------------------- Commit: 8a67899 --------------------------- SUMO-483: Convert ath10k_compliance feature to compliance the `compliance` feature now enables compliance FW and scripts for more than just the Wi-Fi module, currently adds support for running BT in compliance modes too. --------------------------- Commit: bc33235 --------------------------- program-uhf-fpga: Remove references to Jenkins --------------------------- Commit: cf28d45 --------------------------- CSNMR-5436: program-uhf-fpga: Update to latest nightly FPGA build --------------------------- Commit: 70286cb --------------------------- CSNMR-5454: suhf-sword: reset FPGA on driver startup This changeset updates the SRCREV for Scabbard to integrate control of the FPGA_RESET line into suhf_driver, and adds the libgpiod dependency to the recipe. --------------------------- Commit: 0f13d92 --------------------------- CSNMR-5454: Mark FPGA_RESET pin as active high The FPGA_RESET pin is actually active high, so the 'n' at the start of the pin name is not correct. --------------------------- Commit: d66b514 --------------------------- SUMO-491: GNSS: use internal TCXO Stella receivers have an upgraded internal TCXO and do not require the external one (that is being de-popped) to meet our accuracy requirements. Can force all devices to use the internal TCXO (including devices with BD992 receivers) as all MP10XX devices are going to be upgraded to Stella receivers before release to customers. Legacy/development devices with BD992 receivers will still function fine for development purposes, but will suffer performance issues in extreme conditions (mainly temperature extremes?). --------------------------- Commit: 9cfc28e --------------------------- SUMO-491: Refactor GNSS power management service Properly sequence GNSS power/reset and bootstrap option GPIOs on device startup. Ensure the receiver is powered up before starting the GNSS 'handler' service and ensure restarts of this service propagate out to the handler service. --------------------------- Commit: 1d66513 --------------------------- CSNMR-5250: suhf-sword: update Sword SRCREV --------------------------- Commit: 36bab3c --------------------------- CSNMR-5250: suhf-sword: Recover suhf_driver service on failure Previously, the suhf_driver service would stop when the suhf_driver binary failed for any reason. Because the driver should not stop unless it is ordered to by the UHF configuration agent, this changeset makes systemd restart the suhf_driver service automatically when it fails. --------------------------- Commit: 4cdb3aa --------------------------- SUMO-276: Add instructions for building bt_host_uart_dfu --------------------------- Commit: 6c2c221 --------------------------- SUMO-276: Bluetooth: Firmware update Add firmware and programmer for Lyra24 Bluetooth module. `bt_host_uart_dfu` requires the Silicon Labs IDE and tools to build so the binary is checked in. `write_bt_firmware.sh` wraps the programmer binary and sequences the device-specific GPIOs. --------------------------- Commit: b25f479 --------------------------- CSNMR-5198: Enable Satel radio power only on 510 variant Power to the Satel radio is enabled by the enable-uhf service, which is now only started on the -510 variant of Judo as this is the only variant which has the Satel radio installed. --------------------------- Commit: 6899700 --------------------------- SUMO-539: Improve OPTEE signing reliability Make the kernel fitimage recipe depend on the OPTEE recipe, rather than relying on inter-task-dependencies alone. In the `optee-os` recipe, deploy the public key that can be used to check/verify the OPTEE TA signatures - using the script from: https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_encrypt.py Note: neither the public key nor the above script are included in the OS image - must be copied around manually when testing TA signatures. TA signing key is deployed to a fixed filename for ease of artifacting in CI/Bamboo. ## meta-judo-proprietary --------------------------- Commit: 702f8c4 --------------------------- CSNMR-5428: Update SRCREV Update SRCREV for judo-cfg-agents --------------------------- Commit: 4f72db8 --------------------------- CSNMR-5428: Update SRCREV for rust-gnss Update rust-gnss SRCREV to add GNSS reset support to 4c0485a14818bd315b6043e059ab6c4340d97642 --------------------------- Commit: 874ba56 --------------------------- CSNMR-5628: python3-mqtt-api: Manage run-phoenix-suhf in functional tests using systemd service --------------------------- Commit: 4cd307c --------------------------- CSNMR-5628: python3-mqtt-api: Manage send-observables in functional tests using systemd service --------------------------- Commit: 72579a7 --------------------------- CSNMR-5628: python3-mqtt-api: Use enable-uhf service to sequence TR49 power in functional tests --------------------------- Commit: 6ac2412 --------------------------- CSNMR-5564: Update SRCREV for judo-cfg-agents --------------------------- Commit: d442f89 --------------------------- CSNMR-5600: update SRCREV Update SRCREV for bd992-fw-update repo which holds stella 6.60-0.27 image. --------------------------- Commit: a444478 --------------------------- CSNMR-5600: update Stella firmware from 6.60-0.24 to 6.60-0.27 Install Stella firmware image 6.60-0.27 --------------------------- Commit: bab1362 --------------------------- CSNMR-5426: Update SRCREV soft_reset for system_control Update SRCREV for soft_reset support in system_control_agent. Add bash script that needs to run as a separate process to perform a system control soft_reset. Services being restarted are all cfg-agent agents except for licensing. Do not restart licensing agent as it needs to start and be ready before the other agents start. --------------------------- Commit: 5d3d493 --------------------------- CSNMR-5538: Minimise restarting of UUT MQTT brokers This changeset adds code to start-tmux-monitor-controller which avoids restarting the MQTT brokers on the UUT and secondary unit if the associated bridge is already configured. --------------------------- Commit: 7a1a406 --------------------------- CSNMR-5538: Fix HaLow subnet The default HaLow subnet is 192.168.44.0/24, not 192.168.200.0/24. --------------------------- Commit: 4d6d4d1 --------------------------- CSNMR-5538: Initialize HaLow in emc-test-monitoring This changeset reinstates the HaLow initialization in the emc-test-monitoring script and removes the associated code from start-tmux-monitor-controller.sh. It also tears down the HaLow AP and STA when the test console is shut down. --------------------------- Commit: 617f1d8 --------------------------- CSNMR-5214: Add SRCREV for Stella auto fw update GNSS Manager agent checks for Stella or BD992 to determine generate GNSS configuration overriding the Stella firmware image and firmware checksum on a units with Stella. --------------------------- Commit: 0104484 --------------------------- CSNMR-5214: Add Stella firmware image to Judo OS Add Stella 6.60_0.24 firmware image to Judo OS --------------------------- Commit: ef76cd6 --------------------------- CSNMR-5214 Update to latest rust-gnss Update rust-gnss to SRCREV_rust-gnss = "bd4b506b1a9ced7cbba19c33ff44736dbf1e94dc" which includes: bd4b506b1 Add HL_nGPIO_CTL to phoenix-handler 8d433fcc0 Try harder to get fw checksum to avoid unnecessary installs --------------------------- Commit: 404ce47 --------------------------- CSNMR-5572: update SRCREV --------------------------- Commit: a4e402a --------------------------- CSNMR-4051: Update SRCREV for judo-cfg-agents --------------------------- Commit: 80fcc22 --------------------------- CSNMR-5537: Initialize Wi-Fi in emc-test-monitoring This changeset reinstates the Wi-Fi initialization in the emc-test-monitoring script and removes the associated code from start-tmux-monitor-controller.sh. It also tears down the Wi-Fi AP and STA when the test console is shut down. --------------------------- Commit: 70d69a0 --------------------------- CSNMR-5462: update SRCREV --------------------------- Commit: 896d158 --------------------------- CSNMR-5002: Add GNSS Logging support to GNSS Mgr Add GNSS Logging support to GNSS Manager Agent. --------------------------- Commit: 2a0f2d2 --------------------------- CSNMR-5534: Update SRCREV --------------------------- Commit: 3532a4b --------------------------- CSNMR-4649: Bridge UUT and secondary unit MQTT brokers to RPi broker This change is necessary because the test controller and monitor expect to receive messages from both units on the RPi broker and send commands to both units using the same broker. --------------------------- Commit: 5d463af --------------------------- CSNMR-4649: Tweak keyfile name in ssh-add helper message --------------------------- Commit: 0c262ed --------------------------- CSNMR-4649: python3-mqtt-api: update SRCREV --------------------------- Commit: 56aef79 --------------------------- CSNMR-4649 Functional Test Updates for Swift - emc-test-monitoring: - update IP addresses to match compliance scripts (we will want to revert the ip address changes long term) - change the cell ping interval to 3, to cut down on bandwidth usage - start-tmux-monitor-controller: - Configure UHF, Halow, and WiFi - Check for ssh agent to be running, which is recommended for ssh config of UHF, Halow and WiFi. - Don't run mqtt-select-device-id.py, if uut_id.env file exists - tweak the tmux window split ratios --------------------------- Commit: 13a689a --------------------------- CSNMR-4816: Update SRCREV for judo-cfg-agent and cfg-mgr --------------------------- Commit: c3ca1e7 --------------------------- CSNMR-4816: Fix list formatting in judo-cfg-agent --------------------------- Commit: 62ceaaa --------------------------- Bugfix: Install Wi-Fi certification scripts to root home Install into where-ever the `ROOT_HOME` variable points rather than a hard-coded `/home/root` path (as the root home is now `/root` by default). --------------------------- Commit: baeef89 --------------------------- SUMO-483: BT compliance tools and script Leverages work done for ORCA/Porpoise and modifies it to work on MP10XX devices. --------------------------- Commit: 5aeace2 --------------------------- CSNMR-5265: Update rust-gnss for Stella and Sumo Update Judo rust-gnss SRCREV from: ef2f9dff19cef99d63e19c1a5fbbded18bb46296 to: d9360226a12947b7dd8035f2d9b83ee929a0540a CSNMR-5265: Add support for timo/sumo/kendo RxIDs SUMO-493 : Add sumo board ref to pinmux hardware check --------------------------- Commit: 3e1cc76 --------------------------- CSNMR-5478: Update SRCREV --------------------------- Commit: 4fc9bfc --------------------------- CSNMR-5363: Update SRCREV for judo-cfg-agents --------------------------- Commit: da5089d --------------------------- SUMO-279: Disable UHF agent on Sumo Support for configuring Phoenix radio to be added in SUMO-540. --------------------------- Commit: f6862e6 --------------------------- SUMO-279: ms9xx-handler -> rust-gnss refactor Renames/replaces the existing `ms9xx-bridge` recipe as that builds many more binaries than just the MS9xx bridge, including `phoenix-handler`. Split artifacts into individual packages so they can be individually selected/installed. Remove the unused patch that was fixed in the latest `rust-gnss` update, see meta-judo-proprietary commit `a5cc084602f80c72f21a0d97f1efd5d43de0dc31` --------------------------- Commit: fede53b --------------------------- CSNMR-4963: Update SRCREV for cfg-mgr and judo-cfg-agents --------------------------- Commit: a002332 --------------------------- CSNMR-5407: Update SRCREV for judo-cfg-agents --------------------------- Commit: 265e8b2 --------------------------- CSNMR-5208: add mfgfs-create dependency to cfg agents Added mfgfs-create runtime dependency to cfg agents recipe. The system reset agent depends on the write/clear mfg partition script that mfgfs-create installs. --------------------------- Commit: f0f1049 --------------------------- CSNMR-5410: update SRCREV --------------------------- Commit: de6c1ba --------------------------- CSNMR-5362: Update SRCREV for judo-cfg-agents ## mqtt-api --------------------------- Commit: 55244de --------------------------- CSNMR-5538: Set up and tear down HaLow interface in controller scripts --------------------------- Commit: 95b7aa1 --------------------------- CSNMR-5537: Add functional test teardown script This script currently only disables the Wi-Fi interfaces on the UUT and secondary unit. It will be extended to disabling the HaLow interfaces on these units as part of CSNMR-5538, and can be used for any other teardown that may be required in future. --------------------------- Commit: 7507c7c --------------------------- CSNMR-5537: Add wait_for_net_interface_state to controller console This is used to ensure that wireless IP connections (Wi-Fi and HaLow) are disestablished before exiting the test console following a test session, by waiting for the interface to go down. --------------------------- Commit: 3f9ec82 --------------------------- CSNMR-5537: Add wait_for_dhcp_address_in_range to controller console This is used to ensure that wireless IP connections (Wi-Fi and HaLow) are established during setup before starting the test session, by waiting for the access point to issue an IP address to the station via DHCP. --------------------------- Commit: 3401cff --------------------------- CSNMR-5537: Set up secondary unit as Wi-Fi AP in EMC tests --------------------------- Commit: 1808b88 --------------------------- CSNMR-4649: mqtt-api-controller.py: Enable functional test service on UUT at startup --------------------------- Commit: 3e6fdfb --------------------------- CSNMR-4649: mqtt-select-device-id.py: Allow selecting Sumo device IDs --------------------------- Commit: 88dde3e --------------------------- CSNMR-4649: mqtt-api-monitor: Use event_diag_gnss_data for GNSS tests --------------------------- Commit: 015cdc4 --------------------------- CSNMR-4649: mqtt-api-controller: Allow exiting session without stopping existing requests --------------------------- Commit: 26d382a --------------------------- CSNMR-4649: scripts: Add scripts for setting up HaLow and Wi-Fi STAs --------------------------- Commit: 5e1aeec --------------------------- CSNMR-4649: scripts: Exit after setting up Wi-Fi/HaLow AP This change makes the controller shell scripts for setting up Wi-Fi and HaLow APs exit after the AP is set up. --------------------------- Commit: 8f7bc09 --------------------------- fixup: remove mfg api hard coded addresses --------------------------- Commit: 3ad734f --------------------------- CSNMR-4928: swap MFG API wifi config for systemctl/pkill Swapped DISABLED agent config call for systemctl disable and pkill hostapd. The DISABLED command started intermittently failing at Jabil and is now non functional. This method continues to work for getting rid of hostapd and halow-ap processes. ## nrc7394_sw_pkg --------------------------- Commit: 7068a25 --------------------------- Bugfix: Fix default FW file The default non-EEPROM FW fails to initialise the Halow module with the below error (has a HW revision 0f 0x0000). ``` Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: size of bd file is 8464 Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: Major 01 Minor 04 Total len 2100 Num_Data_Groups 0024 Checksum B3FF Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: target version is not matched(0 : 2) Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: target version is not matched(0 : 3) Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: target version is not matched(0 : 1) Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: target version is not matched(0 : 4) Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: BD file is invalid! Stop loading FW ``` ## scabbard-judo --------------------------- Commit: 1b859e3 --------------------------- CSNMR-5454: Toggle FPGA_RESET line on suhf_driver startup ## sword --------------------------- Commit: 134072a --------------------------- CSNMR-5250: Report hardware error if FIFO cannot be flushed On the unit which fails to start suhf_driver, suhf_driver gets into an infinite loop flushing the FPGA's FIFO buffer because the FIFO never becomes empty, probably because there is an issue with the FPGA hardware. This changeset sets a hard limit of 4096 bytes that may be flushed out of the FIFO before the driver stops with an error code. TO-DO: The value of 4096 was chosen because that is the value used for Judo's version of Scabbard, but Sword needs to get this value from its host's version of Scabbard. --------------------------- Commit: 6dfe5ed --------------------------- CSNMR-5250: Reduce duplication of FIFO empty detection code ## yocto-docs --------------------------- Commit: f2811603d --------------------------- set_versions.py: fix codestyle/formatting issues Fix issues reported by pycodestyle (long lines, spurious or missing whitespaces, underindented lines), and add the missing description of the get_abbrev_hash() function. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 6c8961015 --------------------------- set_versions.py: move the poky_mapping dict where it is used The poky_mapping dict isn't used until after the replacements dict is created. Move it's definitions to where it's used. Also fix a codestyle issue while we're at it (whitespace before ":"). Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 98815cee1 --------------------------- set_versions.py: use bitbake mappings from remote releases.json After [1] we can now use the bitbake version mappings maintained in the remote releases.json file, allowing to reduce maintenance effort here. [1]: Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 5d711350a --------------------------- ref-manual/system-requirements: add fedora 43 as supported distro Fedora 43 is now properly tested for Poky[1], so let's add it to the list of supported distros. [1] https://git.yoctoproject.org/meta-yocto/commit/?id=4c156ef673f8ff7c967b2b34dd1d366e1b74d41c Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: b92cffd3e --------------------------- ref-manual/system-requirements: update list of EoL distros we still test Fedora 41 is EoL since end of 2025[1] and Ubuntu 25.04 since mid January 2026[2], so let's add them to the list of distros we're testing but don't receive updates for. [1] https://docs.fedoraproject.org/en-US/releases/eol/#_unsupported_fedora_linux_releases [2] https://documentation.ubuntu.com/project/release-team/list-of-releases/#end-of-life Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 5afd21a88 --------------------------- overview-manual/concepts: list other possible class directories Classes can be located in three different directories since Langdale (4.1), so let's update which directories you can find in a distribution layer. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0d05dedd6 --------------------------- ref-manual: delete claim PACKAGE_EXCLUDE does not support .deb The current explanation of "PACKAGE_EXCLUDE" claims that this variable does not support .deb packaging; this is incorrect. Signed-off-by: Robert P. J. Day Tested-by: Antonin Godard Signed-off-by: Antonin Godard --------------------------- Commit: 73b3beb99 --------------------------- overview-manual: escape wildcard in inline markup This change escapes the wildcard in 'recipes-*' to properly italicize the string Signed-off-by: Kristiyan Chakarov Signed-off-by: Antonin Godard --------------------------- Commit: 5bebe38a8 --------------------------- set_versions.py: build with versions from releases.json Build using the releases.json file obtained from https://dashboard.yoctoproject.org/releases.json. If this file is already downloaded, don't fetch it again. If we fail fetching the file, use default values (and print a warning). Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: d97cfeaa5 --------------------------- tools/containerfiles: fix docker warning The current Containerfiles produce the following warning with docker: 1 warning found (use docker --debug to expand): - UndefinedVar: Usage of undefined variable '$PWD' (line 12) Remove $PWD and set the WORKDIR so that our pip3_docs.sh script finds the virtual env. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ba351b354 --------------------------- convert SVGs to PDF and PNG using sphinxcontrib.rsvgconverter plugin The sphinxcontrib.rsvgconverter plugin allows to generate a PDF or PNG from an SVG. This is what we already do manually via Make targets but it isn't good enough. Sphinx generates a cache upon first parsing and stores it in a doctrees directory. Sphinx claims that it can be shared between all builders[1]. For glob patterns in image or figure directives, Sphinx will look for all possible matches in the source tree and store those in a "candidates" map for each file, along with the associated mimetype. When building, Sphinx will then look in this map to try to find a match in the current builder's supported_image_types. If none is found, the build will fail. The latexpdf (using the LaTeXBuilder) target does not support SVGs by default[2]. We used Make to generate PDFs from them before generating the doc PDF though (see PDFs variable and %.pdf in Makefile) and that type is supported by default[2]. The epub (via the Epub3Builder) target does support SVGs by default[3] but we disabled their support in commit ff3876ca4910 ("conf.py: use PNG first in EPUB output"). We used Make to generate PNGs from them before generating the doc epub though (see PNGs variable and %.png in Makefile) and that type is supported (c.f. Epub3Builder.supported_image_types in our conf.py). The issue is that this is done transparently from Sphinx. When we generate the PDFs or PNGs variants of the SVGs, we put them in-tree directly along their source file. Then, when caching, Sphinx will find both the source file and the appropriate variant. However, the cache isn't updated if there are new files in the tree and the source rST files aren't modified. So, the cache will not have its map updated and we won't be able to find the new variant when building for a non-SVG-compatible builder. Take the following scenario: - start from a clean source file (fresh clone or git clean -ffdx) - build the html target (which supports SVGs by default[4]) - sphinx will find all the files in the source tree matching the glob pattern in ".. image:: test.*", in our case only an SVG since the PDFs and PNGs are only generated for the latexpdf and epub targets respectively. The cache will only store the path to the SVG file because it is the only source file that matches the glob, - attempt to build the epub target (which doesn't support SVGs, only PNGs) - Sphinx checks for the file to include for '.. image:: test.*' and finds an SVG in the cache map and then check the list of supported image types for the Epub3Builder and find that it doesn't support that. It cannot find anything satisfying the dependency and thus fails to build. This scenario can easily be reproduced by running the `make all` command since the html builder will be used first, then epub and finally latexpdf. The `make publish` target works by chance, because the epub builder is built first and will cache SVG + PNG for each glob, then the latexpdf builder is built and supports PNGs so that's fine and then html, which supports SVG as well. To fix this issue, we could simply always generate PDFs and PNGs of all SVGs in the source tree, but this isn't ideal. Instead, let's use an ImageConverter from a Sphinx plugin. This allows to map a plugin as being able to generate a file of type Y from a file of type X. When Sphinx wants to build an image, it'll try to find the image with the type the current builder supports in the cache. If it cannot, it's going to try to find an ImageConverter plugin that is able to convert one of the image types in cache with one of the image types the current builder supports. Then Sphinx will call this plugin to generate the file and put it into the build directory (not in the source!). This allows to simplify the Makefile as well and is a much cleaner approach. The epub target is removed as the catch-all target contains the same instructions as the epub target we remove in this commit. sphinxcontrib.rsvgconverter is a plugin from sphinxcontrib-svg2pdfconverter python module. SVGs to PNGs is only supported since 2.0.0. [1] https://www.sphinx-doc.org/en/master/man/sphinx-build.html#cmdoption-sphinx-build-d [2] https://www.sphinx-doc.org/en/master/usage/builders/index.html#sphinx.builders.latex.LaTeXBuilder.supported_image_types [3] https://www.sphinx-doc.org/en/master/usage/builders/index.html#sphinx.builders.epub3.Epub3Builder.supported_image_types [4] https://www.sphinx-doc.org/en/master/usage/builders/index.html#sphinx.builders.html.StandaloneHTMLBuilder Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 4fbae0147 --------------------------- consistently use pip packages for all distros Until now, Debian and Ubuntu had special instructions for installing Python packages to build the docs. Specifically, the packages that all other distros are installing via pip were installed from the package feed (apt). In the next commit, a new Python module will be required, which isn't available in the package feed. We thus have two options, have a pip3 Debian/Ubuntu-specific set of instructions to install this one package, or migrate packages currently installed through the package manager to use pip like other distros. To lower maintenance burden and the possibility of missing to update both "generic" and "Debian/Ubuntu" variants of pip instructions, the latter was chosen. Suggested-by: Antonin Godard Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 16599c4f6 --------------------------- use a venv for installing packages with pip In a few commits, we'll migrate Debian/Ubuntu to use pip packages. However, Debian rejects pip commands outside of virtual environments. It is generally best practice to use virtual environments with pip, so let's migrate distros that currently use pip to use virtual environments as well. Because BitBake is a Python project and requires a few Python packages that we currently install with distro package managers, it would be best to also include system packages via --system-site-packages when creating the virtual environment such that the user would either be able to build the docs or run BitBake, from the same venv. Unfortunately, one of the packages[1] we'll include in an upcoming commit breaks sphinxcontrib namespace package and thus we cannot have a mix of sphinxcontrib-namespaced packages in and outside the venv. Let's create a completely empty venv for now until the offending package is fixed (see pending merge request[2]). Let's instruct the user to install the docs venv in a relative directory (likely the root of the yocto-docs git repo) instead of guessing a safe location (/tmp may or may not be an actual volatile directory depending on the distro). [1] https://github.com/missinglinkelectronics/sphinxcontrib-svg2pdfconverter/ [2] https://github.com/missinglinkelectronics/sphinxcontrib-svg2pdfconverter/pull/34 Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 8354f3b5b --------------------------- Makefile: use python3 -m sphinx instead of sphinx-build sphinx-build is a "script"[1][2] which is then made available on the system as a binary, upon installing the sphinx package. You can have multiple instances of sphinx installed, e.g. system-wide via the traditional distro package manager or in a venv. In the case of a venv, if you have sphinx already installed in your host system, source the venv activate script and then install sphinx via pip inside the venv, sphinx-build command will still point at the sphinx from the host system. The work-around is either to run the venv activate script again, run `hash -r` or `rehash` in your current shell, or call python3 -m sphinx instead of the Python script. Let's do the latter as it's the easiest/least-user-facing solution. This works because python3 interpreter will be the one from the venv, and it sets the appropriate paths for loading modules (use only packages from the venv by default, or prefer them if --system-site-packages is passed). [1] https://github.com/sphinx-doc/sphinx/blob/v9.1.0/pyproject.toml#L99 [2] https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#creating-executable-scripts Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 8cc5a1302 --------------------------- qemu.rst: parsing of the code-block was not done Because the '::' at the previous line starts a literal block. Signed-off-by: Jan Vermaete Signed-off-by: Antonin Godard --------------------------- Commit: ff3cfb0ed --------------------------- ref-manual: add SPDX_INCLUDE_KERNEL_CONFIG and SPDX_INCLUDE_PACKAGECONFIG Adding documentation for the new variables to export the Linux kernel configuration and recipe PACKAGECONFIG features into the SPDX document. Signed-off-by: Kamel Bouhara (Schneider Electric) [AG: fix variable ordering https://lore.kernel.org/r/DGO3PZFM5WDO.3C92IW83D5RXA@bootlin.com] Signed-off-by: Antonin Godard --------------------------- Commit: 6ab93e2eb --------------------------- dev-manual: delete references to "tar" package format There is no "tar" packaging format anymore, so delete these references. Signed-off-by: Robert P. J. Day Signed-off-by: Antonin Godard --------------------------- Commit: 3f4ed1d41 --------------------------- Makefile: pass -silent to latexmk This should drastically decrease the number of lines in the docs build logs, which currently can go up to 1700000 lines on the Autobuilder[1]. [1]: https://autobuilder.yoctoproject.org/valkyrie/#/builders/34/builds/400/steps/6/logs/stdio Signed-off-by: Antonin Godard --------------------------- Commit: 538b55418 --------------------------- what-i-wish-id-known.rst: replace figure by the new SVG We have a new SVG figure for the Yocto Project workflow figure, which was updated with d2aaf54bee49 ("overview-manual: convert YP-flow-diagram.png to SVG"). The one in the "What I wish I’d known about Yocto Project" is the same. Remove the PNG and make a reference to the new one. Signed-off-by: Antonin Godard --------------------------- Commit: 2817a9077 --------------------------- tools/host_packages_scripts/tlmgr_docs_pdf.sh: install perl Fix an issue reported by Quentin on IRC: The LaTeX files are in _build/latex. Run 'make' in that directory to run these through (pdf)latex (use `make latexpdf' here to do that automatically). make[1]: Entering directory '/docs/documentation/_build/latex' latexmk -pdf -dvi- -ps- 'theyoctoproject.tex' Can't locate Time/HiRes.pm in @INC (you may need to install the Time::HiRes module) (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /opt/docs-build-tex-tools/tl/bin/x86_64-linux/latexmk line 97. BEGIN failed--compilation aborted at /opt/docs-build-tex-tools/tl/bin/x86_64-linux/latexmk line 97. make[1]: *** [Makefile:28: theyoctoproject.pdf] Error 2 make[1]: Leaving directory '/docs/documentation/_build/latex' make: *** [Makefile:74: latexpdf] Error 2 make: Leaving directory '/docs/documentation' We require perl for the latexpdf target to complete successfully. Add it to the tlmgr_docs_pdf.sh script. Tested-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 3f052ae60 --------------------------- docs-wide: remove Bazaar fetcher references Remove the Bazaar fetcher references as it was deprecated in [1]. This fixes the following build issue on master: .../ref-manual/variables.rst:1506: WARNING: term not in glossary: 'bitbake:BZRDIR' [ref.term] [1]: https://git.openembedded.org/bitbake/commit/?id=8e057d54f09ca0a1fb64c716da6b66f0ce4555b0 Signed-off-by: Antonin Godard --------------------------- Commit: c9f83bb2e --------------------------- ref-manual/classes.rst: fix broken links to U-Boot documentation In the chapter describing the "uboot-sign" class Signed-off-by: Michael Opdenacker Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 7570d210e --------------------------- _templates/footer.html: show a dynamically created id of the docs Since we have switched to branch tips for all versions of the active releases, having the information of which commit id of yocto-docs was built is useful. Show it in the footer as a link to git.yoctoproject.org/yocto-docs. When a tag is built, create a link to the tag instead. When building on a floating commit, this will create an invalid link, but this never happens when publishing the documentation, only for local development. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 065e70a62 --------------------------- set_versions.py: set a more accurate DISTRO value The changes from the previous commit make the current value inaccurate in some situations, especially since this variable is used in some commands. Take these situations into account and compute a more accurate value for DISTRO. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: a8749670e --------------------------- switchers.js: rework the logic and improve it Rework the generation of the switcher menu, and also fix it. It's not obvious how this could be split for easier review, as many parts depend on one another, so this is what this patch changes and fixes: - The menu only contains branch tips versions of the documentation for supported releases now - even though the latest tag is displayed in the menu. This approach will fix the lack of release notes for the latest version of an active branch, as release notes are always published after the yocto-docs repository is tagged. - Show a commit id when building on a separate commit that is not a branch tip or not a tag. This should only ever happen when building locally (not for the published version). - All stable/LTS versions are displayed in the menu UNLESS the current version for which we are viewing is part of them, in which case it's shown last in the menu. - Rework the logic to show outdated or obsolete versions to conform with the above changes, but overall it behaves the same: - granted that Kirkstone is an active release, and 4.0.32 is the latest tag for this release, the "outdated" banner is displayed if we browse any version of Kirkstone inferior to 4.0.32. - browsing any version not part of the active releases (all LTS versions + the stable branch) will show the "obsolete" banner. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b0a9cf917 --------------------------- set_versions.py: remove duplicate and unneeded logic The following commit will make it unneeded to pass the version to the script directly, as it will be automatically deduced no matter which branch we're on. We can therefore the ourversion assignment. We still want the "getlatest" special argument, so read it from sys.argv directly. Add a comment mentioning that the order here is important for getlatest to work. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 98840d241 --------------------------- migration-guides/migration-5.3.rst: add note on *FLAGS behavior change Add a note on how existing *FLAGS += assignments can lead to unexpected behavior in the 5.3 release notes. Cc: Richard Purdie Signed-off-by: Antonin Godard --------------------------- Commit: f40dc0b42 --------------------------- set_versions.py: check that we build from the git repository Check that we are building from a Git clone of yocto-docs, not a bare directory, which is not supported as we need to tags to be fetched. Inform the user how to clone the documentation too. Fixes [YOCTO #15834] Signed-off-by: Antonin Godard --------------------------- Commit: 095981c08 --------------------------- migration-guides: add release notes for 4.0.32 Signed-off-by: Lee Chee Yang Signed-off-by: Antonin Godard --------------------------- Commit: e95e60ef8 --------------------------- migration-guides: add release notes for 5.3.1 Signed-off-by: Lee Chee Yang [AG: oecore -> openembedded-core https://lore.kernel.org/r/DGAAISXQEM8B.1JQP7X9NMQ5HA@bootlin.com] Signed-off-by: Antonin Godard --------------------------- Commit: 5fd9d1602 --------------------------- document the OPENSSH_HOST_KEY_DIR and OPENSSH_HOST_KEY_DIR_READONLY_CONFIG variable Added by commit addd80ddfd89 ("openssh: add variable for key path") in OE-Core. Signed-off-by: Patrick Vogelaar Signed-off-by: Antonin Godard --------------------------- Commit: 749b79b1a --------------------------- ref-manual/variables.rst: document new FIT image variables - FIT_MKIMAGE_EXTRA_OPTS: new variable to pass extra mkimage options - FIT_CONF_MAPPINGS for flexible DTB mappings Signed-off-by: Adrian Freihofer Signed-off-by: Antonin Godard --------------------------- Commit: 37667bcc6 --------------------------- brief-yoctoprojectqs/index.rst: remove extra word from text The sentence in brief-yoctoprojectqs/index.rst contained a duplicated word ("dependencies it"). This change removes the extra word to improve clarity for new users following the quick start guide. Signed-off-by: Mohammad Rahimi Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 411122812 --------------------------- dev-manual/packages.rst: fix example recipe version The example recipe taken above is hello-world on version 1.0 (because PV equals "1.0+git". Fix this issue. Signed-off-by: Antonin Godard --------------------------- Commit: 7a0324b6a --------------------------- dev-manual/packages.rst: rename r0.0 to r0 when PR server is not enabled When we don't have a PR server enabled, we don't have leading ".0" to the PKGR variable, as this is added by the PR server. Signed-off-by: Antonin Godard --------------------------- Commit: 09f0430bc --------------------------- dev-manual/packages.rst: pr server: fix and explain why r0.X increments on SRCREV change The current example of the SRCREV change triggering a gitX bump is wrong, as both gitX and r0.X get incremented. Why this is happening is explained in bug 15729, which I copy here: > +gitX+ is indeed related to changes in the source code. > > r0.X is bumped each time the checksum of the do_package task of the > simple-hello-world-git recipe changes. This happens here: > https://git.openembedded.org/openembedded-core/tree/meta/classes-global/package.bbclass?id=235e6d49e5888ad04416219e10b6df91a738661a#n306 > > This line sets the value of PRAUTO and represents the number X found in > r0.X. It will in the end make it into EXTENDPRAUTO, which itself makes > to PKGR == r0.X. > > This line calls getPR(version, pkgarch, checksum). Between test case 5 > and 6, only the checksum changes. This checksum is the checksum of the > do_package task (gotten from get_do_package_hash() above). > > Now, let's dump what changed with regards to this task between two > consecutive runs, using the sigdata file in build/tmp/stamps/: > > ``` > [...] > Variable fetcher_hashes_dummyfunc value changed from '2650ad6714c3f3248abfe9d3daf1196f307ed494' to '4af682a50174f5deb0397847da97d7cdba4ad067' > ``` > > The last line shows that the value of fetcher_hashes_dummyfunc changed > from '2650ad6714c3f3248abfe9d3daf1196f307ed494' to > '4af682a50174f5deb0397847da97d7cdba4ad067'. Those are the commit hashes > in the git history of the simple-hello-world-git repository. > > Now you can see why this 0.X gets bumped, is because of the SRCREV change. Fix the example, and detail what gets changed and why. [YOCTO #15729] Cc: Robert Berger Signed-off-by: Antonin Godard --------------------------- Commit: d3f9b0a5a --------------------------- ref-manual: Document updated UBOOT_CONFIG flow The UBOOT_CONFIG flow was updated in oe-core [1]. Document all of the new variables and preferred method of specifying the various controls for each config. [1] https://git.openembedded.org/openembedded-core/commit/?id=cd9e7304481b24b27df61c03ad73496d18e4d47c Signed-off-by: Ryan Eatmon [AG: Typo fixes https://lore.kernel.org/r/DG1YKKEBYK3R.1RDFPILOIHIOP@bootlin.com] Signed-off-by: Antonin Godard --------------------------- Commit: 3ec23e9fb --------------------------- what-i-wish-id-known.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: b0eed805b --------------------------- test-manual/understand-autobuilder.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: dfe9140b6 --------------------------- test-manual/reproducible-builds.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 783aa4d14 --------------------------- ref-manual/yocto-project-supported-features.rst: remove obsolete poky repo reference Poky -> meta-yocto link replacement. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 805b666f0 --------------------------- ref-manual/system-requirements.rst: fix wrong path to install-buildtools Reported-by: Quentin Schulz Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ca6a30277 --------------------------- ref-manual/system-requirements.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 66fb4d577 --------------------------- ref-manual/release-process.rst: remove repeated "in the" Reported-by: Quentin Schulz Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: e7231e74a --------------------------- ref-manual/release-process.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: a2e67529c --------------------------- ref-manual/features.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 173edb82b --------------------------- ref-manual/faq.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Rework the difference between Poky and OpenEmbedded. Copy the note from terms.rst regarding the now obsolete Poky repository. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 1923550cd --------------------------- ref-manual/devtool-reference.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 91605ea5c --------------------------- dev-manual/vulnerabilities.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Mention that only vulnerabilities in OpenEmbedded-Core are tracked as that's where the packages are. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0bcfcf8c7 --------------------------- dev-manual/upgrading-recipes.rst: move meta-openembedded to bitbake-builds/layers It makes more sense as we expect the layout to be that way. Suggested-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 67ae0525f --------------------------- dev-manual/upgrading-recipes.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: f0c6ba3f4 --------------------------- dev-manual/qemu.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: faf322d8d --------------------------- dev-manual/python-development-shell.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d2cddd8c5 --------------------------- dev-manual/packages.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 1820232eb --------------------------- dev-manual/licenses.rst: instruct to use git-archive instead of removing .git Removing .git directories is destructive. Instruct to use git archive instead. Suggested-by: Quentin Schulz Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: f0b3659e6 --------------------------- dev-manual/licenses.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 6ec9ce47f --------------------------- dev-manual/init-manager.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 04af92638 --------------------------- dev-manual/custom-template-configuration-directory.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Adapt paths to match to encouraged Source Directory layout. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 421ec4742 --------------------------- dev-manual/custom-distribution.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 6e440c9ae --------------------------- dev-manual/build-quality.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 6c8d49202 --------------------------- contributor-guide/identify-component.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0cb6e102f --------------------------- README: replace obsolete substitution variables Replace obsolete substitution variables by current ones from poky.yaml.in. Suggested-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d95db54e4 --------------------------- README: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 29bd24aee --------------------------- test-manual/runtime-testing.rst: remove obsolete poky repo references Remove reference to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d26aab08b --------------------------- sdk-manual/intro.rst: remove obsolete poky repo references Remove the mention of the Poky git repository. Refer to the existing setup instructions. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d7ce0ad51 --------------------------- sdk-manual/appendix-obtain.rst: remove obsolete poky repo references Rename the source directory to project, as specified in its new definition in terms.rst. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 4c0e97afe --------------------------- ref-manual/variables.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 89818234a --------------------------- ref-manual/tasks.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 83d88fa2c --------------------------- ref-manual/structure.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases. Add a introductory directory layout at the top that is reflected in the following section. This document no longer uses Poky as its source directory, so all paths are explicitly mentioned, to highlight the separation between core components. This lead to some re-organization of some sections. Signed-off-by: Antonin Godard --------------------------- Commit: 63d0fc075 --------------------------- ref-manual/images.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 864a7ec1e --------------------------- ref-manual/classes.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 178d31924 --------------------------- overview-manual/yp-intro.rst: remove obsolete poky repo references Remove references to the Poky repository. This document had a lot of reference to it, so a lot was removed. The "Reference Distribution (Poky)" section was removed as there already was a "Reference Embedded Distribution (Poky)" below. This section was simplified as now Poky is just a distro, not a repo. The historical section was also updated to mention the obsolete Poky repo. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 345003a75 --------------------------- overview-manual/development-environment.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Replace the poky examples for the Git section by yocto-docs. Signed-off-by: Antonin Godard --------------------------- Commit: 91e96f5c0 --------------------------- overview-manual/concepts.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Signed-off-by: Antonin Godard --------------------------- Commit: 2a2de4da9 --------------------------- migration-guides/migration-1.4.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: bedbbb69a --------------------------- kernel-dev/common.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: e8b03ddb0 --------------------------- dev-manual/wic.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: de6d0a16d --------------------------- dev-manual/wayland.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 71f9a3f78 --------------------------- dev-manual/temporary-source-code.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: b184acb48 --------------------------- dev-manual/securing-images.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0dceb6dd9 --------------------------- dev-manual/new-recipe.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 3da2e7bb3 --------------------------- dev-manual/libraries.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ff8595ec8 --------------------------- dev-manual/layers.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Signed-off-by: Antonin Godard --------------------------- Commit: 40af24177 --------------------------- dev-manual/layers.rst: re-organize the document The first section of the layers document shows how to manually create a layer step-by-step, and references bitbake-layers create-layer at the end. Change the approach of this section to show how to use the bitbake-layers create-layer command to create a layer, and then explain how a layer is organized and configured. This avoids repetition, and we should encourage users to use pre-built tools when they can do things in a less error-prone way. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d96a93b1c --------------------------- dev-manual/external-toolchain.rst: remove obsolete poky repo references Remove the single poky repository reference in this document, after the poky repository was obsoleted. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 8a8a4d77e --------------------------- dev-manual/error-reporting-tool.rst: remove obsolete poky repo references Remove the single poky repository reference in this document, after the poky repository was obsoleted. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 27cfed1fc --------------------------- dev-manual/debugging.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 2c45968fd --------------------------- dev-manual/building.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 472a5c353 --------------------------- contributor-guide/submit-changes.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases. Signed-off-by: Antonin Godard --------------------------- Commit: b47987aba --------------------------- kernel-dev/advanced.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases, and refer to bitbake-setup or the manual setup in the intro. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 05a506686 --------------------------- bsp-guide/bsp.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases, and refer to bitbake-setup or the manual setup in the intro. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 68586e603 --------------------------- dev-manual/start.rst: remove obsolete poky repo references The Poky repository has stopped being updated in favor of bitbake-setup or manual clones of the required repositories. Simplify the document by making references to these guides as well as removing sections that are covered in the references documents. Keep a "Initializing the Build Environment" as this task is common and referenced in different places in the documentation. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: a7c169229 --------------------------- dev-manual/poky-manual-setup.rst: remove obsolete poky repo references The commit "dev-manual/start.rst: simplify the document after poky obsolescence" removed some of the information related to source archives published on downloads.yoctoproject.org. Mention it in this document as it makes sense to use those when manually setting up a Poky build. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0b909e6c8 --------------------------- transitioning-to-a-custom-environment.rst: remove obsolete poky repo references - Use :term: for Poky. - Mention use of fragments instead of local.conf. - Remove Yocto < 2.4 reference. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d7d5ddeda --------------------------- tree-wide: figures: remove title PNGs We used to have banners at the top of each main section before we migrated to Sphinx and those aren't used anymore, so let's remove them from the tree. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: fdc14a205 --------------------------- ref-manual/terms.rst: refresh the OpenEmbedded build system definition Remove the mention of Poky containing BitBake, just mention BitBake. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: b42c033bf --------------------------- dev-manual/poky-manual-setup.rst: mention the Source Directory After switching to the new definition of "Source Directory", i.e. the base directory for your project (which used to be poky), mention it in this document on manually setting up the layers for a project. As stated in terms.rst, use "project" for the directory name. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 9ad8a0aa7 --------------------------- ref-manual/terms.rst: simplify the Source Directory definition Now that we no longer have Poky around, simplify the Source Directory definition: - Make references to existing documents that show how to create this Source Directory. - This directory contains sources, the layout in which they are presented does not matter so much, as it can be different and/or freeform depending on whether we use bitbake-setup or not. The definition chooses "bitbake-builds" as the name of the source directory and is the one that should be used when showing examples in the documentation. A typical Source Directory would look like the following: bitbake-builds/ ├── build/ └── layers/ Other parts of the documentation referencing to this as the Poky repository still have to be updated. This will also mean that this definition will be used a lot less across the documentation: in most cases, when the "Source Directory" is referenced as the Poky repository, it can be replaced by OpenEmbedded-Core, Bitbake, the documentation, or meta-yocto. We'll keep this definition around regardless, as it can be useful to denote this group of directories in a more general sense. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: dd328b79a --------------------------- ref-manual/terms.rst: refresh the OpenEmbedded-Core definition After the Poky repository obsolescence, refresh the OpenEmbedded-Core definition. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 476780d77 --------------------------- ref-manual/terms.rst: refresh the Build Directory definition After the Poky repository obsolescence, refresh the build directory definition. Fix the formatting and indenting issues while at it. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 6256a73d7 --------------------------- migration-guides: add release notes for 5.0.15 Signed-off-by: Lee Chee Yang Signed-off-by: Antonin Godard --------------------------- Commit: 52ec12522 --------------------------- sdk-manual: appendix-obtain: fix default path for eSDK installer script The eSDK installer script installs in poky_sdk directory but under the user's home directory so let's make that explicit. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ede411d70 --------------------------- sdk-manual: using: fix SDK filename example I'm pretty sure we meant to use the DISTRO poky.yaml.in placeholder which can only be replaced when surrounding by & and ; characters. Therefore let's fix this oversight. Also, the example isn't actually pointing at the snapshot, but the actual release, so let's reword that as well so it matches the example. I decided to do that instead of adding +snapshot to the filename because the example in the next section is actually using that same filename so for consistency it seemed more appropriate. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 41ee642c3 --------------------------- sdk-manual: appendix-obtain: use parsed-literal block for naming convention of the installer scripts It's easier on the eye to use a parsed-literal block for highlighting things that must be changed than simply stating the word, so this makes use of a parsed-literal block instead of a simple inline code-block and also highlight in italic which words are placeholders. Also make the explanation below the literal-block use the same highlighting (italic). Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ffaea8391 --------------------------- sdk-manual: delete sdk-title PNG It hasn't been used since the migration to Sphinx so let's remove it. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 39fb14879 --------------------------- sdk-manual: replace sdk-environment PNG with SVG This replaces the PNG figure with an SVG. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 77b24b4a8 --------------------------- sdk-manual: appendix-obtain: replace eSDK directory structure PNG with a parsed-literal block This PNG is totally unnecessary and makes accessibility much worse, so let's simply replace the PNG with a parsed-literal block showing the same directory layout with the same highlighted placeholders. While at it, update the layout to match the more recent one (5.0.15) and have it alphabetically sorted (mixed files and directories). The placeholders are highlighted the same way inside and outside the parsed-literal block for consistency. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0c68497ec --------------------------- sdk-manual: appendix-obtain: replace directory structure PNG with a parsed-literal block This PNG is totally unnecessary and makes accessibility much worse, so let's simply replace the PNG with a parsed-literal block showing the same directory layout with the same highlighted placeholders. While at it, update the layout to match the more recent one (5.0.15) and have it alphabetically sorted (mixed files and directories). The placeholders are highlighted the same way inside and outside the parsed-literal block for consistency. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d682bce63 --------------------------- sdk-manual: appending-customizing: use none lexer for BitBake code blocks No lexer exists for BitBake right now, so let's simply disable the lexer entirely by using the "none" lexer. I'm using "none" instead of "text" to be able to "easily" replace none code blocks the day a BitBake lexer exists. I "reserve" "text" for actual text content (e.g. a filename, or the output of a command line without the command line). Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 10d40604c --------------------------- sdk-manual: working-projects: properly highlight code code-blocks There are some blocks containing C code so highlight them as C with the "c" lexer. For autotool'ed files, there's no lexer available so "none" will do just fine. Finally, there's one Makefile code block so highlight it with the "makefile" lexer. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 04c883216 --------------------------- sdk-manual: fix improper indent of general form of tarball installer scripts poky-glibc-host_system-image_type-arch-toolchain-ext-release_version.sh is in a code-block and thus requires to be indented (it is). Sphinx knows a block has ended when the indentation of the next line is smaller than in the block, otherwise it's all in the same block. The explanation of the replaceable parts in the tarball installer script filename should be text and not part of the block, so let's do that. While at it, reformat by putting each replaceable part in a bullet list, highlight the replaceable part or what it can replaced with as well as putting the replacement on the same line instead of making it a quote by having them indented in the bullet list. Finally, replace the literal block (::) with a parsed-literal block so we can highlight the placeholders appropriately. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: c6039ce11 --------------------------- sdk-manual: fix incorrect highlight language for console code-blocks When unspecified in conf.py via the highlight_language variable (and highlight variable for code-blocks), the lexer used for literal blocks is "default" which tries to highlight the block as Python code. These blocks aren't Python but simple command lines prefixed by a prompt so let's use the "console" lexer to properly highlight. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 72354c270 --------------------------- sdk-manual: fix incorrect highlight language for text code-blocks When unspecified in conf.py via the highlight_language variable (and highlight variable for code-blocks), the lexer used for literal blocks is "default" which tries to highlight the block as Python code. These blocks aren't Python but either simply the console output or a file name (which we should probably just double tick-quote instead), so let's render those blocks with the "text" lexer. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard # Commit summaries (start not end) from release-0.26-default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-832_default.lock.xml ## manifest-judo --------------------------- Commit: c1fce22 --------------------------- Switch to github mirrors for upstream The Yocto project repositories are running extremely slowly which is causing numerous build failures. To be reverted if/when the Yocto upstream issues are resolved. --------------------------- Commit: f575c70 --------------------------- Freeze manifest for release 0.26 This changeset freezes the manifest using the layer hashes from https://bamboo.trimble.tools/browse/CC-JUDO819-4/artifact --------------------------- Commit: d14ac97 --------------------------- CSNMR-5340: Setup for release 0.26 ## meta-judo --------------------------- Commit: e732ab0 --------------------------- CSNMR-5340: Update version info # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-832_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-831_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-831_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-830_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-830_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-829_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-829_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-828_default.lock.xml ## manifest-judo --------------------------- Commit: c07e3c0 --------------------------- MQTT command to clear /var/log before OTA install Add a clear_var_log.json payload and corresponding MQTT RPC step in install_firmware.py that wipes /var/log on the DUT before the OTA service starts. This ensures the OS snapshot only contains logs from the OTA install and test cycle, not stale logs from prior runs. Uses find -mindepth 1 -delete to preserve the directory itself. Also removes numbered step prefixes from comments to reduce churn on future edits. Signed-off-by: Brady Hill # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-828_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-827_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-827_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-826_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-826_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-824_default.lock.xml ## cfg-mgr --------------------------- Commit: 134f9ad --------------------------- CSNMR-4816: Remove requirement to pre-load entitlement checks and reduce timeout for licensing * The queueing of licensing checks at zenoh client connection was slowing down the licensing checks for the system on boot, requiring longer timeouts * Queueing was needed to avoid a hard lock scenario during a check that prevented licensing checks from succeeding * This change removes licensing checks from the main client queue, creating a client for licensing interactions specifically that only exists if a licensing check is invoked * This should reduce overheard for clients that only need to check licensing info for specific clients ## judo-auto-test --------------------------- Commit: ad7a514 --------------------------- CSNMR-4816: Disable tests that delete licenses from device ## manifest-judo --------------------------- Commit: b9197c6 --------------------------- CSNMR-4816: Update last known good to include fix for LMS file schema * This change is needed to prevent licenses from being wiped from the device on an update to the last known good * The 0.26.1 branch is the same as the 0.26 branch, with the fix for the schema included ## meta-judo --------------------------- Commit: 3cd57c0 --------------------------- CSNMR-4816: Disable MQTT unlock and ssh access by default --------------------------- Commit: 99c9da4 --------------------------- CSNMR-5486: Update web UI to 0.30.6 The judo-web-ui recipes are renamed to get the new version. The Artifactory file hashes are updated after getting new hashes from test builds. ## meta-judo-proprietary --------------------------- Commit: 29e3221 --------------------------- CSNMR-4816: Remove licensing checks opt-out by default --------------------------- Commit: 9e62b79 --------------------------- CSNMR-4816: Update SRCREV ## yocto-docs --------------------------- Commit: 09943cbed --------------------------- set_versions.py: fix get_latest_tag and milestone tags Milestone tags have a different format, e.g. 6.0_M1. This was breaking this algorithm with: File ".../yocto-docs/documentation/./set_versions.py", line 277, in get_latest_tag branch_versions = sorted( [v.replace("yocto-" + release_series[branch] + ".", "") .replace("yocto-" + release_series[branch], "0") for v in branch_versions], key=int) ValueError: invalid literal for int() with base 10: '0_M1' Signed-off-by: Antonin Godard --------------------------- Commit: 39dac34c7 --------------------------- set_versions.py: skip laverne branch for closest branch The laverne branch was created but never branched off, which breaks the algorithm trying to determine the closest branch as it always gets count 0. Skip this branch as it is old and we'll never branch off of it now. This fixes the following issue: Branch laverne has count 0 Nearest release branch estimated to be laverne Traceback (most recent call last): File "/data/yoctoproject/ws/repos/yocto-docs/documentation/./set_versions.py", line 167, in bitbakeversion = bitbake_mapping[ourseries] ~~~~~~~~~~~~~~~^^^^^^^^^^^ KeyError: 'laverne' Signed-off-by: Antonin Godard --------------------------- Commit: 465651641 --------------------------- contributor-guide/submit-changes.rst: Added missing word Signed-off-by: Yanis BINARD Signed-off-by: Antonin Godard # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-824_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-822_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-822_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-821_default.lock.xml ## judo-cfg-agents --------------------------- Commit: 3fcb651 --------------------------- CSNMR-5715: Add machine type cfg log message Machine Type configuration sends should be rare, but has been difficult to extract from the logs. Add log to help in debugging GNSS. --------------------------- Commit: 3320f3a --------------------------- CSNMR-5715: Remove unused variables --------------------------- Commit: 66cc16c --------------------------- CSNMR-5715: Fix gnssMachineConfig 'none' and 'single' Fix the GNSS Manager to use gnssMachineConfig as the source of truth for if the ms9xx-handler should be started. To avoid unnecessary restarts, the GNSS Manager still checks for MS configuration changes; however, the handler will now correctly stop if gnssMachineConfig is 'none' or 'single'. Only gnssMachineConfig='dual' will result in the ms9xx-handler starting. ## meta-judo-proprietary --------------------------- Commit: 516ecfd --------------------------- CSNMR-5715: Update SRCREV Fix GNSS Manager Agent to stop ms9xx-handler on gnssMachineConfig="none" or "single" # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-821_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-820_default.lock.xml ## judo-auto-test --------------------------- Commit: 09093a8 --------------------------- CSNMR-5702-Delete-default-values # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-820_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-819_default.lock.xml ## yocto-docs --------------------------- Commit: dc1574b9f --------------------------- ref-manual: document the usage of FIT_LOADABLES Add documentation for the new logic and variables that can be used to add additional arbitrary loadables to a FIT image. Signed-off-by: Francesco Valla Signed-off-by: Antonin Godard --------------------------- Commit: b8502b2ba --------------------------- ref-manual/dev-manual: document new SPDX variables and capabilities Signed-off-by: Stefano Tondo [AG: syntax fixes https://lore.kernel.org/r/DHCKLP69J7YE.1Y7HHPEXU80KI@bootlin.com] Signed-off-by: Antonin Godard --------------------------- Commit: 198df015c --------------------------- ref-manual/faq.rst: remove the CVS proxy note Support for the CVS fetcher was removed with 5427500e4f23 ("fetch: Drop CVS fetcher module") in BitBake. Remove the CVS proxy mention. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ef0c14d9f --------------------------- docs-wide: add warning on disabled NPM fetcher The NPM fetcher was disabled with 355cd226e072 ("fetch2/npm/npmsw: Disable npm and npmsw fetchers due to security concerns") in BitBake. Add warning notes throughout the documentation to let readers know. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 365945c51 --------------------------- migration-guides: update 6.0 (Wrynose) release notes Update documentation/migration-guides/migration-6.0.rst and documentation/migration-guides/release-notes-6.0.rst to include important changes between: - bitbake: 8b02d65a6439 and bc8be83aef0a - openembedded-core: 545e43a7a45b and be8cdcf13a65 - meta-yocto: 632d10b28141 and 2486ce288906 Signed-off-by: Antonin Godard --------------------------- Commit: a907e04a5 --------------------------- ref-manual/variables.rst: document the SPDX_CONCLUDED_LICENSE variable Document the SPDX_CONCLUDED_LICENSE variable, added by commit bb21c6a429a2 ("spdx30_tasks: Add concluded license support with SPDX_CONCLUDED_LICENSE") in OE-Core. Signed-off-by: Antonin Godard --------------------------- Commit: 6299419c7 --------------------------- ref-manual/variables.rst: document the LTO variable Added by 228b5a91516c ("lto: Add global LTO distro policy file") in OE-Core. Signed-off-by: Antonin Godard --------------------------- Commit: 0ecc893dc --------------------------- ref-manual/variables.rst: SPDX_PACKAGE_URL: add missing parenthesis Fixes: 108549dae76a ("ref-manual/variables.rst: document SPDX_PACKAGE_URL") Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 392ef512b --------------------------- ref-manual/variables.rst: document qemuboot variables Document the variables in qemuboot.bbclass that allow customizing how the QEMU guest is instantiated. Signed-off-by: Antonin Godard --------------------------- Commit: 79552b4a7 --------------------------- conf.py: define new {oecore,bitbake,meta_yocto}_rev roles Use the extlinks extension to create new roles to quickly reference a commit from openembedded-core, bitbake, or meta-yocto. For example, use as: :oecore_rev:`437e0419608e`. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-819_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-818_default.lock.xml ## judo-cfg-agents --------------------------- Commit: 342c4d0 --------------------------- CSNMR-5249: Set GNSS halow_unit based on model Currently both MP1086-450 and MP1086-500 units have halow_unit = true in their bd992-handler .toml files. We need to set halow_true base on the contents of /mfg/model so that halow_unit = true for -500 halow_unit = false for -450 For the case of an invalid model or model variant, the BD and MS handlers will not be started. ## meta-judo-proprietary --------------------------- Commit: ed729f9 --------------------------- CSNMR-5249: Update SRCREV GNSS Manager Agent sets halow_unit based on a -500 or -450 part in model. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-818_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-817_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-817_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-816_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-816_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-815_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-815_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-814_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-814_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-813_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-813_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-812_default.lock.xml ## judo-auto-test --------------------------- Commit: 5dea247 --------------------------- Remove Defaults from method docstrings - Removed the Default value mentions from all method docstrings. This information is redundant. When the docs are generated RF automatically includes the default values of optional params. Also hardcodeing the values in docstring is error prone and requires manual update if default values change. --------------------------- Commit: 19749dc --------------------------- CSNMR-5655 Add wait gnss lease expire to Should Be Disabled HF GSOF - Fixed bug in Should Be Disabled HF GSOF where the code didn't wait for the Lease to expire. This caused the check to fail because it is the state change in the lease that causes the HF GSOF value to enable/disable --------------------------- Commit: 708c180 --------------------------- CSNMR-5655 Add keywords for lease management gnss_lib: - Add new keyword is_gnss_lease_expired. This checks if the GNSS lease is expired and return true if so - Add new keyword wait_gnss_lease_expired. This waits for a given period of time to allow the GNSS lease to expire. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-812_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-811_default.lock.xml ## meta-judo --------------------------- Commit: 075d041 --------------------------- CSNMR-5685: journald.conf: Set Storage to volatile When unset, the `Storage=` config defaults to `persistent` which writes it to disk which is not what we want. From the release notes for systemd-259: The default storage mode for the journal is now 'persistent'. Previously, the default was 'auto', so the presence or lack of /var/log/journal determined the default storage mode, if no overriding configuration was provided. The default can be changed with -Djournal-storage-default=. Signed-off-by: Theodore A. Roth # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-811_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-810_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-810_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-808_default.lock.xml ## judo-auto-test --------------------------- Commit: 74894e3 --------------------------- Add --tag-name for gitBranchManifest Introduce optional --tag-name (e.g. Bamboo TAG_NAME) so post-install validation compares UUT system_properties['gitBranchManifest'] to the manifest string the image actually reports, while assign_build_to_target still uses --firmware-branch. Signed-off-by: Brady Hill ## judo-cfg-agents --------------------------- Commit: 48b7713 --------------------------- CSNMR-5602: Move service connectivity history to /var/log To allow the diagnostic internet service connectivity history to be loaded in the mpSnapshot file, the persistent history file is moved from /data/diagnostics/net_service_statuses to /var/log/connectivity_history.json. For existing units to not lose their diagnostic history, a function is added to move the old file to the new location. --------------------------- Commit: 0f11347 --------------------------- CSNMR-5602: Only request HEAD for internet connectivity check In the diags_agent, the file net_connectivity now only requests the headers for a connectivity endpoint. The request uses less data and the test for captive portal is simplified. The unit tests are simplified and some tests were deleted since the code was simplified. --------------------------- Commit: f8db46b --------------------------- CSNMR-5602: Add more test endpoints to the connectivity checker To aid reliability of internet connectivity checking, the list of endpoints is changed. The gradecontrol.net URL is removed because that server is not specifically designed for lots of hits, and there could be a thundering herd problem where all units attempt to contact it at once. It would take more planning to make it work reliably. The primary endpoint is a Google URL which has shown to provide the smallest payload. Microsoft, Apple, and Cloudflare URLs are added in order of payload size. The code stops at the first successful check, so it should normally be only the Google endpoint that gets hit. The Microsoft endpoint was found at https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-ncsi-guidance It can potentially change and the new location would be found in the Windows registery of a current PC under: HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet Look in ActiveWebProbeHost and ActiveWebProbePath under that section The Cloudflare and Apple endpoints were found by AI suggestion and recommendations online. If those endpoints become invalid, new URLs would need to be found. Since no endpoints require limiting the amount of data they send back, the header section that requests reduced data is removed from the request. --------------------------- Commit: 1151f74 --------------------------- CSNMR-5602: Add service history reporting in the net_connectivity.py file The NetConnectivity class that reports internet status now also reports to the service history status. This allows the Service History class to produce a report about internet connectivity changes that will show up on the web UI under the Internet Service diagnostic page. The nice thing is this is the only change needed because the Service History class is already set up to collect statistics and report them when it receives these messages. ## manifest-judo --------------------------- Commit: c700c8c --------------------------- Pass Bamboo TAG_NAME into HS-Prod install jobs for Slash validation - Export TAG_NAME in judo_firmware_build.yaml for all four install-and-test jobs (core, radio/GNSS, RF, cell). - When TAG_NAME is non-empty, append --tag-name to slash run so post-install checks match DUT gitBranchManifest on release/customized builds; Firmware Manager still uses BUILD_BRANCH_NAME and BUILD_NUMBER. Requires judo-auto-test support for --tag-name (manifest_expectation). ## meta-judo --------------------------- Commit: 40e97d0 --------------------------- CSNMR-5651: Do not cache web UI permalink destination paths Previously the destinations of permalinks could be cached because they did not match the pattern of URL paths that get No-Cache headers. This change detects that a permalink is used and produces a Cache-Control header to avoid caching. Since the permalink destination paths get used twice, each path is stored in a variable so that the path can be maintained in one place. --------------------------- Commit: 247194f --------------------------- CSNMR-5651: Change web UI permalinks to use temporary redirects Previously the web server reported a permanent redirect with status 301 or 308 for permalinks. Now it reports status 307 to indicated a temporary redirect. This way the browser will check the original path every time a permalink is used in case the destination path changes down the road. ## meta-judo-proprietary --------------------------- Commit: 30f2b7a --------------------------- CSNMR-5602: Update SRCREV for judo-cfg-agents # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-808_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-807_default.lock.xml ## yocto-docs --------------------------- Commit: 5bfe4f9ae --------------------------- ref-manual/system-requirements.rst: remove Fedora 41 from supported distros Fedora 41 has been disabled on the Autobuilder and is being removed from poky.conf in meta-poky[1]. [1]: https://lore.kernel.org/r/20260319-mathieu-remove-fedora-41-v1-1-996d227abe2e@bootlin.com Signed-off-by: Antonin Godard --------------------------- Commit: ca057a6b4 --------------------------- recipe-style-guide: Drop obsolete EXTRA_QMAKEVARS_POST ref The use of the variable ceased already in 2015, since openembedded-core commit cb89d2b25b4e ("qt4: remove recipes and classes"). Signed-off-by: Niko Mauno Signed-off-by: Antonin Godard --------------------------- Commit: 47411fd29 --------------------------- migration-guides: add release notes for 5.0.16 Signed-off-by: Lee Chee Yang [AG: apply suggestions/fix formatting, see https://lore.kernel.org/r/DH5U04M8BZDA.18K1BLZXWXIZS@bootlin.com] Signed-off-by: Antonin Godard --------------------------- Commit: afb874956 --------------------------- migration-guides: add release notes for 5.3.2 Signed-off-by: Lee Chee Yang Reviewed-by: Antonin Godard Signed-off-by: Antonin Godard # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-807_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-806_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-806_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-804_default.lock.xml ## manifest-judo --------------------------- Commit: 74a59e3 --------------------------- Move Aggregate Test Results from Pi to Bedrock Main Retarget the Aggregate Test Results job to run on Bedrock Main (AMD) instead of a Pi (ARM). Since Bedrock Main is already inside the AWS VPC, the SSH tunnel through the jump server is no longer needed — the script now connects directly to the RDS endpoint. Removes SSH key management and tunnel plumbing from upload-junit-results-to-dashboard.sh. Signed-off-by: Brady Hill # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-804_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-803_default.lock.xml ## meta-judo-proprietary --------------------------- Commit: 1290fb3 --------------------------- CSNMR-5605: Update rust-gnss SRCREV The handler should now wait until the receiver has rebooted after the firmware upgrade before continuing on. ## mqtt-api --------------------------- Commit: a750b41 --------------------------- CSNMR-5410: fix result print for run_gnss_tracking --------------------------- Commit: ed28292 --------------------------- CSNMR-5653: move MFG API simulator mode enable to webUI Changed the programmatic interface URL for simulator mode enable back to a webUI URL. There is a new Time/RTC Reset option which simulator mode cannot work without. This option is in the webUI only today. There is a FENI ticket open to add Time/RTC Reset to the programmatic interface. --------------------------- Commit: f241b89 --------------------------- CSNMR-5558: update MFG API installer yubikey list Removed 3x key SNs and added 1 so that only BEI key params are checked out. The removed keys are either lost or were not transferred from Jabil. Only key params needed for BEI should be included with the MFG API installer. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-803_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-802_default.lock.xml ## meta-judo --------------------------- Commit: 60c92fc --------------------------- SUMO-569: Add picocom to devel- images --------------------------- Commit: 16ec43c --------------------------- CSNMR-5483: Set main branch to version 0.29 # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-802_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-800_default.lock.xml ## meta-judo-proprietary --------------------------- Commit: f8aea39 --------------------------- CSNMR-2544: python3-mqtt-api: update SRCREV # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-800_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-799_default.lock.xml ## manifest-judo --------------------------- Commit: 734c636 --------------------------- CSNMR-5654: Reinstate BUILD_SDK environment variable The code which injected this variable into the Build Judo-HS-Prod Firmware task was removed in 5fe14e45de8d114089b81b275c568a6b672b1ac1, preventing Bamboo from archiving the SDK. --------------------------- Commit: f9a6172 --------------------------- get-branch-info.sh: Include repo name on each line Including the repo name on each line makes it easier to filter the output to include only a particular user's branches, as each line of output includes the name of the repo the branch is associated with. For example, `grep` and `git config` can be used to find branches which were last committed to by the current user: BPOWELL@BPOWELL-NZ-DL:~/Code/yocto-judo$ repo forall -c $PWD/scripts/get-branch-info.sh | grep $(git config --get user.email) manifest-judo | 2026-03-18T08:59:59+13:00 | 3 hours ago | Ben Powell | ben_powell@trimble.com | 2abf26a | origin/feature/CSNMR-2544, feature/CSNMR-2544 meta-judo-proprietary | 2026-03-18T09:28:36+13:00 | 3 hours ago | Ben Powell | ben_powell@trimble.com | 4fda1bb | origin/feature/CSNMR-2544, feature/CSNMR-2544 mqtt-api | 2026-03-18T10:09:40+13:00 | 2 hours ago | Ben Powell | ben_powell@trimble.com | 2a07cd6 | origin/feature/CSNMR-2544, feature/CSNMR-2544 BPOWELL@BPOWELL-NZ-DL:~/Code/yocto-judo$ ## mqtt-api --------------------------- Commit: c0e984b --------------------------- CSNMR-2544: Add UHF tests to monitor console # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-799_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-797_default.lock.xml ## bitbake --------------------------- Commit: e7d5e1562 --------------------------- fetch/git: Add an 'update' unpack mode to the fetchers (git only for now) We need a way to allow the git fetcher to update data in place rather than remove and replace. This change adds an unpack_update() function which can be used in place of the usual unpack() call. This will attempt to rebase changes on top of the upstream changes. It will raise an error if any local uncommitted changes are present. The implementation adds a "dldir" origin to the list of origins in the git repo which we can then fetch from and update against. This origin may be of use to users accessing the git repo outside the fetcher too. unpack_update() should never delete existing data in the way unpack() does but can error out in many more different ways due to the number of possible input states. Currently only git is supported. The intention is for this to use used by bitbake-setup instead of unpack. Signed-off-by: Richard Purdie --------------------------- Commit: a631efbbd --------------------------- taskexp_ncurses: update tests for new spdx tasks Some new tasks have been added to handled SPDX 3.0 [1], changing a bit the test output: some small changes are needed to account for these changes. [1]: https://lore.kernel.org/all/20260220154123.376880-1-JPEWhacker@gmail.com/ Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 76b6edbd3 --------------------------- doc/setversions.py: fix an f-string without placeholders This f-string does not have any placeholders. Turn it into a regular string. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 02cebba47 --------------------------- doc: generate the releases.rst file Use the information we gather from releases.json to automatically create the supported and outdated releases document. The older releases do not follow the same linking scheme, so add them statically at the bottom of the file from script. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b55497ab7 --------------------------- doc: build using remote releases.json Like what was done for yocto-docs[1], build using the remote releases.json file we can fetch from [2]. The file is downloaded if not present, and not re-downloaded for subsequent builds. In case of fetch failure, fallback to default values. [1]: https://git.yoctoproject.org/yocto-docs/commit/?id=5bebe38a808a33fea3deefc21dda39a35d90a7dd [2]: https://dashboard.yoctoproject.org/releases.json Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 2f07c60e5 --------------------------- doc/setversions.py: simplify the get_current_version() function While this was inspired with yocto-docs' set_versions.py file[1], some of the logic here can be simplified with early returns. As a consequence of these early returns, move the print() call showing the computed version to the conf.py file. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 240ae9a7d --------------------------- doc: move the Git repo check to the conf.py file This check can be done earlier when building the documentation, and does not need any version information. Move it to the beginning of conf.py. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: e8ace6e16 --------------------------- fetch/wget: Improve connection error handling We see occasional connection errors in wget testing of sstate mirrors. It appears there is a case where http.client.RemoteDisconnected is returned against getrepsonse() which the current code doesn't handle well. Rather than trying to handle very specific error cases, catch any errors and drop the cached connection in those cases in the do_open() code. Similarly, try again in a more complete set of error cases (all of OSError instead of special cases and RemoteDisconnected). [YOCTO #15945] The traceback from the logs is included below for reference. Traceback (most recent call last): File "/srv/pokybuild/yocto-worker/a-full/build/layers/bitbake/lib/bb/fetch2/wget.py", line 415, in checkstatus with opener.open(r, timeout=100) as response: ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/urllib/request.py", line 519, in open response = self._open(req, data) ^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/urllib/request.py", line 536, in _open result = self._call_chain(self.handle_open, protocol, protocol + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/urllib/request.py", line 496, in _call_chain result = func(*args) ^^^^^^^^^^^ File "/srv/pokybuild/yocto-worker/a-full/build/layers/bitbake/lib/bb/fetch2/wget.py", line 178, in http_open return self.do_open(HTTPConnectionCache, req) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/srv/pokybuild/yocto-worker/a-full/build/layers/bitbake/lib/bb/fetch2/wget.py", line 249, in do_open r = h.getresponse() ^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/http/client.py", line 1374, in getresponse response.begin() File "/usr/lib/python3.11/http/client.py", line 318, in begin version, status, reason = self._read_status() ^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/http/client.py", line 287, in _read_status raise RemoteDisconnected("Remote end closed connection without" http.client.RemoteDisconnected: Remote end closed connection without response During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/srv/pokybuild/yocto-worker/a-full/build/layers/bitbake/lib/bb/fetch2/wget.py", line 228, in do_open h.request(req.get_method(), req.selector, req.data, headers) File "/usr/lib/python3.11/http/client.py", line 1282, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/lib/python3.11/http/client.py", line 1328, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/lib/python3.11/http/client.py", line 1277, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/lib/python3.11/http/client.py", line 1037, in _send_output self.send(msg) File "/usr/lib/python3.11/http/client.py", line 998, in send self.sock.sendall(data) OSError: [Errno 9] Bad file descriptor During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/srv/pokybuild/yocto-worker/a-full/build/layers/bitbake/lib/bb/fetch2/wget.py", line 415, in checkstatus with opener.open(r, timeout=100) as response: ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/urllib/request.py", line 519, in open response = self._open(req, data) ^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/urllib/request.py", line 536, in _open result = self._call_chain(self.handle_open, protocol, protocol + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/urllib/request.py", line 496, in _call_chain result = func(*args) ^^^^^^^^^^^ File "/srv/pokybuild/yocto-worker/a-full/build/layers/bitbake/lib/bb/fetch2/wget.py", line 178, in http_open return self.do_open(HTTPConnectionCache, req) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/srv/pokybuild/yocto-worker/a-full/build/layers/bitbake/lib/bb/fetch2/wget.py", line 246, in do_open raise urllib.error.URLError(err) Signed-off-by: Richard Purdie --------------------------- Commit: b59bdcf81 --------------------------- tests/fetch: Drop github url from testing This was introduced as a test for the fix in 6ec70d5d2e330b41b932b0a655b838a5f37df01e however the way github works has changed in the decade since and this test is no longer testing what was intended. The test is failing intermittently on our infrastructure thanks to spam and IP block throttling restrictions which lead to occasional failures. At this point it is probably simplest just to drop the url from testing. Signed-off-by: Richard Purdie --------------------------- Commit: ead5e02ad --------------------------- bitbake-setup: correctly determine latest revision in status/update when it is fixed to a commit id The code was relying on git fetcher's latest_revision() method, which works properly if the revision in the json config template is set to a branch or a tag, but does not work if it is set to a fixed revision (the method will return the latest revision on the respective branch, and bitbake-setup will incorrectly determine that the layer needs to be updated to that revision). Add a guard to check if the revision is a fixed commit id, and do a direct revision comparison if so, skipping the fetcher query. [YOCTO #16190] Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: da479ccf5 --------------------------- bitbake-setup: are_layers_changed(): calculate local_revision only once There's no need to repeatedly do it in the loop, as it doesn't change. Also reposition 'remotes' and 'changed' variables assignments, as this will aid the code readability after the following commit. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a01be6f0e --------------------------- bitbake-setup: ensure that config_id is always an absolute path If config_id (given on command line in 'init' operation) is provided and interpreted as a relative path to a local file (by checking for the file existence), it should be recorded into configuration instance as an absolute path. Otherwise status/update operations will fail if executed from a different directory that the template file was in, as they won't be able to find the file. Note that the patch context doesn't show where having the absolute path actually matters: further down in the function, config_id is used to set a 'non-interactive-cmdline-options' property in configuration instance dictionary. This property is used by status/update operations. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b54600e37 --------------------------- bitbake-worker: Use Lock from bb.multiprocessing bitbake-worker relies on multiprocessing using the "fork" method to pass data to the child process. Starting in Python 3.13 the default changed to "forkserver", so the bb.multiprocessing context needs to be used in order to preserve the "fork" method. Note that bb.multiprocessing is a context, so Lock can't be imported from it; instead a local alias for Lock must be used Signed-off-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 35866d559 --------------------------- runqueue.py: make sure we use bb multiprocessing Otherwise, we see errors like: |ERROR: An uncaught exception occurred in runqueue |Traceback (most recent call last): | File "/srv/pokybuild/yocto-worker/check-layer/build/layers/bitbake/lib/bb/runqueue.py", line 1663, in execute_runqueue | return self._execute_runqueue() | ~~~~~~~~~~~~~~~~~~~~~~^^ | File "/srv/pokybuild/yocto-worker/check-layer/build/layers/bitbake/lib/bb/runqueue.py", line 1607, in _execute_runqueue | retval = self.dump_signatures(dumpsigs) | File "/srv/pokybuild/yocto-worker/check-layer/build/layers/bitbake/lib/bb/runqueue.py", line 1718, in dump_signatures | p.start() | ~~~~~~~^^ | File "/usr/lib64/python3.14/multiprocessing/process.py", line 121, in start | self._popen = self._Popen(self) | ~~~~~~~~~~~^^^^^^ | File "/usr/lib64/python3.14/multiprocessing/context.py", line 224, in _Popen | return _default_context.get_context().Process._Popen(process_obj) | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^ | File "/usr/lib64/python3.14/multiprocessing/context.py", line 300, in _Popen | return Popen(process_obj) | File "/usr/lib64/python3.14/multiprocessing/popen_forkserver.py", line 35, in __init__ | super().__init__(process_obj) | ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^ | File "/usr/lib64/python3.14/multiprocessing/popen_fork.py", line 20, in __init__ | self._launch(process_obj) | ~~~~~~~~~~~~^^^^^^^^^^^^^ | File "/usr/lib64/python3.14/multiprocessing/popen_forkserver.py", line 47, in _launch | reduction.dump(process_obj, buf) | ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^ | File "/usr/lib64/python3.14/multiprocessing/reduction.py", line 60, in dump | ForkingPickler(file, protocol).dump(obj) | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^ |_pickle.PicklingError: Can't pickle local object . at 0x7f7925667d70> |when serializing tuple item 0 |when serializing collections.defaultdict reconstructor arguments |when serializing collections.defaultdict object |when serializing dict item 'rundeps' |when serializing bb.cache.CacheData state |when serializing bb.cache.CacheData object |when serializing dict item '' |when serializing dict item 'recipecaches' |when serializing bb.cooker.BBCooker state |when serializing bb.cooker.BBCooker object |when serializing dict item 'cooker' |when serializing bb.runqueue.RunQueue state |when serializing bb.runqueue.RunQueue object |when serializing tuple item 0 |when serializing method reconstructor arguments |when serializing method object |when serializing dict item '_target' |when serializing multiprocessing.context.Process state |when serializing multiprocessing.context.Process object Fixes: [YOCTO #16184] Signed-off-by: Trevor Gamblin Signed-off-by: Richard Purdie --------------------------- Commit: 48efc36b4 --------------------------- lib/bb/tests/fetch.py: add test case to ensure no FetchData attribute error When using git:// -> file:// in PREMIRRORS and we have the same url in SRC_URI twice, we reveal the following error: AttributeError: 'FetchData' object has no attribute 'shallow' Add a test case to ensure future changes don't introduce the error back. Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fb1289d0b --------------------------- fetch2/git.py: fix update_mirror_links We cannot assume ud has the same fetcher with origud. For example, if we set map git:// to file:// in PREMIRRORS, ud is using local fetcher and origud is using git fetcher. In such case, the ud does have the 'shallow' attribute. And we'll see the following error: Exception: AttributeError: 'FetchData' object has no attribute 'shallow' Looking at the logic of this function, I think it's the origud's shallow that should be checked. So the logic becomes: if origud is using shallow and its full shallow tarball does not exist yet, symlink to ensure it exists. This should make more sense. Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4c3784459 --------------------------- fetch: Add GIT_CONFIG_GLOBAL to FETCH_EXPORT_VARS Many CI setups rely on the GIT_CONFIG_GLOBAL environment variable to define project-specific gitconfigs, often to inject credentials using git's url..insteadOf configuration. However, BitBake restricts the environment variables passed to the fetch task to a fixed list (FETCH_EXPORT_VARS). Because GIT_CONFIG_GLOBAL is missing from this default list, the variable is stripped from the environment. Add GIT_CONFIG_GLOBAL to FETCH_EXPORT_VARS to natively support this credential injection method (and GIT_CONFIG_GLOBAL in general). This also eliminates confusion for users who expect the variable to propagate after adding it to `BB_ENV_PASSTHROUGH_ADDITIONS`, only to find it has no effect during the fetch task. Signed-off-by: Florian Schmaus Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6b91f4ff3 --------------------------- doc: bitbake-user-manual-metadata: list known limitations for shell tasks Javier Tia reported[1] they keep forgetting `[[` conditional isn't supported and scouring our BugZilla, I found[2] another "bug" where arithmetic expansion isn't supported either. Let's add a subsection of the shell tasks with the known limitations. [1] https://lore.kernel.org/bitbake-devel/20250320003358.977774-1-javier.tia@linaro.org/ [2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=11314 Reported-by: Javier Tia Suggested-by: Javier Tia Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 30b88fb06 --------------------------- doc: bitbake-user-manual-metadata: promote inherit_defer directive to subsection Out of all the directives listed in this document, only inherit_defer is documented in a subsubsection rather than in a subsection. Therefore, let's be consistent and make inherit_defer documentation into a subsection. Fixes: eb10df5a9619 ("doc: bitbake-user-manual: document inherit_defer") Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a3ad57743 --------------------------- correct small number of "Bitbake" to "BitBake" Use correct spelling of "BitBake" in a few places. Signed-off-by: Robert P. J. Day Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bc8be83ae --------------------------- doc: bitbake-user-manual-ref-variables: BB_ENV_PASSTHROUGH is not in default BB_ENV_PASSTHROUGH_ADDITIONS (anymore) BB_ENV_PASSTHROUGH_ADDITIONS variable doesn't contain BB_ENV_PASSTHROUGH anymore since commit 0a33b560233b ("utils: remove BB_ENV_PASSTHROUGH from preserved_envvars()") so let's fix this oversight. Reported-by: Robert P. J. Day Suggested-by: Richard Purdie Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1f8fa7c25 --------------------------- tinfoil: show close matches when no providers are found When calling 'bitbake-getvar -r somerecipe FOO', show close matches when 'somerecipe' doesn't exist but close matches are found. This replicates the behavior of 'bitbake -e'. Example output: $ bitbake-getvar -r binutils-cross FOO Unable to find any recipe file matching "binutils-cross". Close matches: binutils-cross-aarch64 binutils util-macros Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2fde7821f --------------------------- cookerdata: Include "originating" recipe name when parsing When a bbappend file is parsed, the FILE variable is set to the name of the actual file being parsed (e.g. the name of the bbappend). Since PN/PV etc. are derived from FILE, this means that they can be misleading in the event that bbappend is using wildcards (e.g. PV might have the value of "%" instead of the actual version number). In order to allow bbappends to derived the actual information of the recipe, capture the name of the original recipe being parsed as __BB_RECIPE_FILE when parsing a new recipe. The value of this variable doesn't change when parsing .bbappend or .inc file associated with the recipe Signed-off-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2408492f9 --------------------------- bitbake-setup: print colored diffs Define a get_diff_color_param() function that returns the --color value for diff commands. It function also uses color_enabled() to force showing color or not in the spawned subprocess (--color=auto would never show color). Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1d0d4a006 --------------------------- doc: fix the switchers menu Fix the switchers.js script of Bitbake to show what are the supported versions and be able to switch between them. The default landing page is the stable branch and shows the BitBake version along with the corresponding Yocto Project codename. This hopefully makes it easier to remember the correspondance between the BitBake version and the Yocto Project version. This works thanks to a setversions.py script, imported and executed in conf.py, which is largely inspired from the one in yocto-docs. It reads the tags from the repository and tries to guess the currently checked out version of BitBake on which we are. The "obsolete" warning is now also shown when browsing outdated manuals, meaning any version not part of activereleases in setversions.py and "dev"/"next". Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d9700632b --------------------------- bitbake-setup: improve readability of choices Bold the configuration names and align the descriptions for improved readability. For this, define a print_configs() function which should also help factorizing the code as this is done in multiple places. If color_enabled() is false, keep the text plain. Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 787053384 --------------------------- bitbake-setup: define a color_enabled() helper function This will be re-used in the next commits to force subprocess commands to color their outputs, as passing --color=auto in them always render without coloring. Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 47e4a24cb --------------------------- doc: bitbake-user-manual-ref-variables: update Python re doc link to HTTPS It's 2026, use HTTPS for the link. Signed-off-by: Quentin Schulz Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4c2a5d4e1 --------------------------- doc: bitbake-user-manual-ref-variables: update BBMASK example with current meta-ti meta-ti git repo now has multiple layers in it since kirkstone, so let's update the examples to match the current state of meta-ti by using meta-ti-bsp. Signed-off-by: Quentin Schulz Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ee3b2e0b7 --------------------------- doc: bitbake-user-manual-ref-variables: expand and reorganize BBMASK explanations The documentation doesn't explain the side-effect of putting a leading slash, only the trailing slash. The leading slash is not for making the regular expression match an absolute path, but to force the match on the directory or file that exactly starts (and ends if there is a trailing slash) with the specified string. So let's explain that. This also explains that this doesn't prevent more than the intended path to be caught, specifically because it is NOT a regular expression matching an absolute path. Because any pattern not starting with a ^ character can match multiple directories from multiple layers, let's make the usage of BBFILE_PATTERN_my-layer the recommended one. Keep the rest as hints at what can happen when not using the variable but reiterate that users should be really be using that variable. Reported-by: Robert P. J. Day Signed-off-by: Quentin Schulz Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 3831d4813 --------------------------- doc: bitbake-user-manual-ref-variables: have BBMASK directory examples be consistent It's a bit confusing to have a mix of paths with and without a leading slash. The behavior is actually different. The next commit will explain when/why to add a leading slash. Reported-by: Robert P. J. Day Signed-off-by: Quentin Schulz Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c5311e24c --------------------------- doc: bitbake-user-manual-ref-variables: clarify BBMASK directory matching BBMASK matches files in the directories matching the regex, and also in their respective subdirectories, so make that clear in the wording leading to the example. Signed-off-by: Quentin Schulz Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 171aa68fc --------------------------- utils: is_path_on_nfs: strip not existing path When the user provide a path that does not exist it fails with: | stat: cannot read file system information for '/path/to/my/hashserve': No such file or directory We can strip the non exising part in the path and pass just that to the stat. Signed-off-by: Jose Quaresma Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 563851083 --------------------------- fetch2/svn: Use server certificates going forward In the past, broken SSL certificates were common on subversion servers. As such, the subversion fetcher used to ignore these issues. Cert infrastructure has massively improved since that decision was made and things like self signed certificates should no longer be common place. We should follow good security practises and not have this as a default anymore, remove the --trust-server-cert commandline option by default. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5427500e4 --------------------------- fetch: Drop CVS fetcher module CVS is extremely dated technology and is not used anywhere significant/public any more. The existing code is not well maintained and is hard to test without any public CVS repositories. To be honest, if you're still using CVS you really shouldn't be. Remove the fetcher as obsolete and a generally bad idea now. Signed-off-by: Richard Purdie --------------------------- Commit: 99497c131 --------------------------- fetch: Drop osc (OpenSUSE Build Service) fetcher The OpenSUSE Build Service fetcher was for a specialist niche usecase which never went into production use as far as I know. At this point it makes sense to remove it as it is unused and bitrotted. Signed-off-by: Richard Purdie --------------------------- Commit: 8e057d54f --------------------------- fetch: Drop Bazaar/bzr fetcher Bazaar has been of limited use outside of Launchpad for a while. Most uses within launchpad now use git. The original bazaar client was also replaced by breezy, which whilst supporting the bazaar repositories, mostly works with git as the backend now too. The existing code has been broken for a while and nobody seems to be using it, lets remove the obsolete technology. Signed-off-by: Richard Purdie --------------------------- Commit: 8b635a400 --------------------------- fetch2/wget: Add debugging for bad file descriptor We see errors on the autobuilder which imply we migtht be running out of file descrptors. Add some debugging to try and determine if this really is the case. For example the garbage collection may not be running quickly enough to keep up with the code. Count up the open files from /proc/self/fd, list them and then also try and run lsof (which might fail if no file descriptors are available). Signed-off-by: Richard Purdie --------------------------- Commit: d9e136baf --------------------------- bitbake-setup: Add strip to value from settings.conf If user add "" to dl-dir as DL_DIR, it will show FetchError as following. raise FetchError("Unable to fetch URL from any source.", u) bb.fetch2.FetchError: Fetcher failure for URL: 'git://git.openembedded.org/bitbake;protocol=https;rev=master;branch=master;destsuffix=bitbake'. Unable to fetch URL from any source. But from this log, user can't locate the real reason which is that the path "/aa/bb" is invalid. So I make this fix, even if user add "" to dl-dir, the dl-dir will be the valid path. Other settings value also need this fix. Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 561c3d19c --------------------------- default-registry: update fragments choices with descriptions Give descriptions to the fragment choices to help the user know what to pick during 'bitbake-setup init'. These descriptions were based on the descriptions found in the corresponding configuration files in OE-Core/meta-yocto. Also while we're at it, s/Distributions/distributions/ as "machines" is lowercase in "Target machines" above. Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2834c4dfa --------------------------- bin: Hide os.fork() deprecation warning at module level Add the message filtering directly in the python module where the error happens, so we do not need to repeat the filter in all consumers. This will also make sure the filter is applied in any user of createDaemon(). Fixes [YOCTO #16080] Suggested-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 054171ce0 --------------------------- lib/bb/tests/setup.py: add tests for oe-fragments-one-of There were no tests of oe-fragments-one-of so modify gizmo-notemplate to gizmo-notemplate-fragments-one-of, and test both formats for the options (with or without a description). In get_setup_path(), if the configuration specified on the command-line contains fragments, join everything with "-" as this is what will be the final directory name of the setup. This does not affect other current variants. Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 87be7f97c --------------------------- bitbake-setup: tests: add a test for getting configs over http Configs from registry, and configs on local filesystem were tested, but not configs obtained over http URIs. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: af9dd012e --------------------------- bitbake-layers: layerindex-fetch: Fix branch detection method Replace fragile parsing of 'git branch' output with the more reliable 'git name-rev --name-only HEAD' command to get the current branch name. This avoids parsing issues and is the recommended way to get the current branch name. Signed-off-by: Osama Abdelkader Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7381f92ef --------------------------- doc: bitbake-user-manual-intro: improve bbappend file matching doc The recipe name matching wasn't fully explained and were missing a few important corner cases such as recipes without a version, or using the % character outside of the version part of the filename for example. This adds the last missing bits to cover every append naming scenario that exist today. This was derived from lib/bb/cooker.py:get_file_appends(). Reported-by: Robert P. J. Day Signed-off-by: Quentin Schulz Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a30ac2f54 --------------------------- bitbake-setup: _has_local_modifications fix user case when add/remove/add layer While develop a registry configuration adding a new layer and then back to previous configuration without the _has_local_modifications breaks because the code expects the layer to be in sources-fixed-revisions.json. This can be reproduced with next steps: - Call bitbake-setup with configX. - Remove a LayerY from the configX. - Call bitbake-setup with configX. - Add the layerY again to configX. - Call bitbake-setup with configX (break). Fixes: ``` File "/workspaces/ls/meta-ls/bitbake/bin/bitbake-setup", line 1137, in main() ~~~~^^ File "/workspaces/ls/meta-ls/bitbake/bin/bitbake-setup", line 1130, in main args.func(top_dir, all_settings, args, d) ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ls/meta-ls/bitbake/bin/bitbake-setup", line 735, in build_update build_status(top_dir, settings, args, d, update=True) ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ls/meta-ls/bitbake/bin/bitbake-setup", line 719, in build_status update_build(new_upstream_config, confdir, setupdir, layerdir, d, ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ update_bb_conf=args.update_bb_conf) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ls/meta-ls/bitbake/bin/bitbake-setup", line 408, in update_build sources_fixed_revisions = checkout_layers(layer_config, confdir, layerdir, d) File "/workspaces/ls/meta-ls/bitbake/bin/bitbake-setup", line 184, in checkout_layers elif _has_local_modifications(r_name, repodir_path): ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ls/meta-ls/bitbake/bin/bitbake-setup", line 143, in _has_local_modifications rev = fixed_revisions['sources'][r_name]['git-remote']['rev'] ~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^ KeyError: 'meta-freescale' ``` Signed-off-by: Anibal Limon Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b339d05ad --------------------------- cooker: use BB_HASHSERVE_DB_DIR for hash server database location If unset, the existing behavior is preseved. The use case is sharing the database in bitbake-setup's driven builds without having to set up/start/stop a common single server shared between them (this is added to bitbake-setup in the next commit). Also create the specified directory if it doesn't yet exist. Add a check that the directory is not on a NFS path, and error out then, guiding the user to set up a standalone hash equivalency server. Note: the check runs 'stat' executable with a format string parameter, ensuring it prints only the filesystem type and nothing else. Python's standard library does not have a statfs() wrapper, and using ctypes to call into it would've required delicate, crash-prone data type definitions, full of magic numbers. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 29f2cee65 --------------------------- bin/bitbake-setup: add descriptions for fragment choices Make it possible to give fragments descriptions as it can help users determine which fragments to pick during bitbake-setup init. It is still possible to provide a list (with no descriptions) for backwards-compatibility. Update the documentation accordingly. Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 82f594e7f --------------------------- docs: Fix sources as required If sources is empty, nothing happens. So let's just not say it's optional, and let's say the minimum is bitbake source code. Signed-off-by: Daiane Angolini Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: abd7ad5e7 --------------------------- docs: Fix leading text for bitbake-setup init If we use the default of bitbake-setut init we may not create anything (as the first default for an empty directory is N). If user does not chose a number, the script asks again for a number. Signed-off-by: Daiane Angolini Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 726947ec7 --------------------------- bitbake-setup: Change the output to match the terminology in the docs Make the output to match the terminology used in the documentation for some terms. Signed-off-by: Daiane Angolini Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c95ddf54d --------------------------- doc: change some terminology around bitbake-setup Change some terms to use more specific wording: Generic Configuration -> Configuration Template Specific Configuration -> Configuration Instance Signed-off-by: Daiane Angolini Reviewed-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 142c981db --------------------------- bitbake-setup: tests: use a tuple for iterating over configurations This prepares the data for the next commit. Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: e5577c336 --------------------------- bitbake-setup: tests: avoid repeating the list of config variants Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 0301466c7 --------------------------- bitbake-setup: sort configurations before printing a list of them The order was non-deterministic which did not help finding the number for the right one in the list. Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 18d46a170 --------------------------- bitbake-setup: do not print a premature notice about renaming bitbake configuration This was done before setting up a new bitbake configuration, so that it does not write over the old one, comparing the old and the new bitbake configurations, and taking one of three possible actions: - no changes, no need to keep a backup; - changes exist, do not replace existing config - changes exist, replace existing config. All three options correctly print the eventual outcome, so this early print is unnecessary and confusing. Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 6b4589955 --------------------------- bitbake-setup: use correct registry in status/update status/update operations should be using the registry that was used in initializing a setup, but they've been using the registry from settings. This is now corrected. Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 57087fd1c --------------------------- bitbake-setup: pass only the registry settting into obtain_config(), not the whole settings This will help the following commit. Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: ab06edae8 --------------------------- bitbake-setup: fail if the url is not a json In those cases when the user enters a URL that points to the html representation of a json file, and not the actual json file, we can at least let them know that the URL point to a file which is not a json. It will help when a user copy and paste a URL from a browser and the tool cannot parse it as json. Signed-off-by: Daiane Angolini Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: e9327cd27 --------------------------- bitbake-setup: ensure 'list' does not write anything into top dir The goal for the 'list' command is to not leave any files or directories behind, as it may be issued before the user has decided where to place the top directory. 'list' redirects the top directory to a temporary location, but it didn't do the same for the downloads, which led to the default top directory being polluted with them. This has now been fixed. Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 675e9076a --------------------------- bitbake-setup: use internal registry if run from git checkout, bitbake repo otherwise If bitbake-setup is packaged and obtained from pypi, or another package feed it needs to be able to find standard configurations. It is not impossible to package configurations into some location inside the package and add logic to find them, but it is much easier to just fetch the bitbake repo and use that as a configuration registry. The other benefit is that such packaged/installed bitbake-setup will not have to be updated in order to obtain latest configurations: it will simply check the registry and fetch them as needed, which is the original intent of config registries as repos. Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 068eaf5ea --------------------------- bitbake-setup: correctly deduce top directory from BBPATH environment variable This fixes running 'bitbake-setup init' in an active bitbake session when a top dir settings file is absent. In this case, bitbake-setup was trying to make a whole new top directory under the current directory. It will will now use the existing top directory, deducing it from BBPATH (similar to status and update operations), which was always the intent. The code was relying on an existence of a top directory settings file, which was always present in earlier prototypes, but is currently created only when a setting is explicitly written into it. This logic is changed to use the bitbake-setup's cache directory, which is also explicitly created. Signed-off-by: Alexander Kanavin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 921e4ce1e --------------------------- bitbake: also hide os.fork() deprecation warning Copied from bitbake-server/worker/layers. This is seen also for bitbake command invocations. Signed-off-by: Peter Marko Signed-off-by: Richard Purdie --------------------------- Commit: 6d28e92ef --------------------------- doc/bitbake-setup: document "uri" property The property 'uri' is a simplification of the property 'remotes'. It is used to provide only one URI. Signed-off-by: Corentin Guillevic Signed-off-by: Richard Purdie --------------------------- Commit: 6a8350d75 --------------------------- bitbake-setup: use URI shortcut for 'master' configuration Currently, no source has several remotes. So we can replace their entire structure 'remote' -> 'origin' -> 'uri' with a shorter one (property 'uri' only). Signed-off-by: Corentin Guillevic Signed-off-by: Richard Purdie --------------------------- Commit: 0c6f24efc --------------------------- layers.schema.json: support 'uri' The property 'uri', which is a shortcut for 'remotes/origin/uri', is now supported under 'git-remote'. Signed-off-by: Corentin Guillevic Signed-off-by: Richard Purdie --------------------------- Commit: 7941a5dc4 --------------------------- bitbake-setup: add inline URI Most of the time, when we describe a remote, a bitbake-setup source looks like this: "bitbake": { "git-remote": { "remotes": { "origin": { "uri": "https://git.openembedded.org/bitbake" } }, ... } } i.e. an URI with the common name 'origin'. Alternatively, we could simplify this, by using a shorter structure with the property 'uri' only: "bitbake": { "git-remote": { "uri": "https://git.openembedded.org/bitbake", ... } } These properties can be used together. Signed-off-by: Corentin Guillevic Signed-off-by: Richard Purdie --------------------------- Commit: cdd79c176 --------------------------- tests/fetch: Disable npm tests Since the npm fetcher is disabled, we should skip the npm tests too. Signed-off-by: Richard Purdie --------------------------- Commit: 355cd226e --------------------------- fetch2/npm/npmsw: Disable npm and npmsw fetchers due to security concerns We've been made aware that are security issues within the npm/npmsw fetchers. The issue is that the code accepts data like checksums from the upstream servers, rather than verifying it against local data from the recipes. This means the upstream servers could feed aritrary data into the build. There have been maintainance issues on these fetchers for a while and despite asking in multiple forums, we've been unable to find anyone to help fix the issues. Until that issue is resolved and we can be convinced the fetcher is secure and modelling best practices for reproduciblity (inc. mirroring), this patch disables the fetchers. This has been discussed and agreed by the OE TSC. Parsing will not show errors but the recipes using these fetchers will not be available. Recipes will be skipped at parsing and will show an error if a user tries to build a recipe using them. The import is local to the function to avoid circular dependencies within the hashserv selftests. [YOCTO #16105] Signed-off-by: Richard Purdie --------------------------- Commit: 5127faf98 --------------------------- doc: remove problematic '_' in reference that breaks the build Delete pesky underscore in :ref:`_ref-bbsetup-source-overrides` Signed-off-by: Robert P. J. Day Signed-off-by: Richard Purdie --------------------------- Commit: d48c93e13 --------------------------- doc/bitbake-setup: add example of ssh:// uri For private git repositories, we often need to use the ssh git fetcher; add a hypothetical example to Generic Configuration Files Reference. Signed-off-by: Tim Orling Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b76e12974 --------------------------- doc: bitbake-user-manual-metadata: expand locating files example for include_all directive This adds a separate example for the include_all directive which also highlights that the current directory isn't searched (unlike when using the include or require directive). Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: c2289bac0 --------------------------- doc: bitbake-user-manual-metadata: expand on search paths for include directive While it is made somewhat explicit in the require and include directive sections, I believe we should provide an example as to which relative directory the include/require directives apply to when in a bbappend. Let's provide some example to make this even clearer as it wasn't what I thought would happen. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: a52015218 --------------------------- doc: bitbake-user-manual-metadata: fix incorrect path in example for locating files The paths listed in the example are missing an "example" subdirectory to match the searched paths in the example, let's fix this oversight. Fixes: 7bd36f6c6d33 ("doc: extend classes and include/require documentation") Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: eeb85dd6c --------------------------- doc: bitbake-user-manual-metadata: add missing highlight for BBPATH and PATH We typically highlight (via a :term: directive or with double tick quotes if there's no entry in the glossary or it is inappropriate) variables, and here it was missed so let's fix that oversight. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 49211d94e --------------------------- doc: bitbake-user-manual-metadata: specify that current dir won't be searched for include_all We've forgotten to make it explicit that include_all differs from the include directive also by the fact it doesn't look for the file relatively to the file with the include_all directive, so let's make that clear. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: bf45c5492 --------------------------- doc: bitbake-user-manual-metadata: use a cross-reference for addfragments We use cross-reference links for all but addfragments so let's fix that inconsistency. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b0d4c193a --------------------------- doc: bitbake-user-manual-metadata: highlight configuration fragment differently We typically reserve the monospace font (used when highlighting with two tick quotes) for inline code examples or non-English words, but "configuration fragments" is neither. Instead, let's assume the intended style effect was to highlight the term as a two-word term and only use single tick quotes to make the text look italic. Reported-by: Robert P. J. Day Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 0cced087f --------------------------- doc: bitbake-user-manual-metadata: list (in order) all sharing directives The Sharing Functionality section has multiple subsections each representing a way to share code. Let's list all directives listed in the subsections (we were missing inherit_defer and include_all) and provide a link for each subsection. This also fixes the link to INHERIT to point to the subsection where it is explained instead of to the variable glossary. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 1c8ac1459 --------------------------- doc/releases.rst: add whinlatter, move walnascar to EOL Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bffb03a31 --------------------------- doc: bitbake ch 2: use example of nginx to explain DEFAULT_PREFERENCE At the moment, the section on explaining DEFAULT_PREFERENCE uses an example of busybox, which does not even use this feature anymore. Replace this with an example using "nginx", which does. Signed-off-by: Robert P. J. Day Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 58e93b1fa --------------------------- doc: use monospaced font for visual clarity of options Use monospaced font for command options, to make it clear when double dashes are being used. Signed-off-by: Robert P. J. Day Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c396c6b9b --------------------------- doc: fix a couple minor typos in Chapter 1 Just some verb tense stuff. Signed-off-by: Robert P. J. Day Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8177479e1 --------------------------- gitignore: Ignore bitbake-builds directory Running `./bin/bitbake-setup init ...` in the bitbake directory with the default bitbake-setup configuration creates a bitbake-builds directory. Add this to .gitignore with a wildcard so that any such directory is not tracked. Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c16e7ba20 --------------------------- bitbake-setup: add tests for update scenarios fixed in the previous commit This adds tests for the issues fixed in the previous commits: - transitions in sources from remote to local, from local to local and from local to remote - ensuring that local commits in sources are restricted - ensuring that source backups do happen when that is expected. Add a helper function that adds a test configuration with a local source in it. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: aa15cc7bd --------------------------- bitbake-setup: correct several scenarios in layer updates There were untested scenarios in layer updates which did not work properly. The most serious of them is updating a remote layer which had user-made local modifications (e.g. newly made local commits or edited files without a commit). Bitbake-setup relies on git fetcher's unpack operation which simply wipes it all out. Yes, the user should've used -L option to symlink a local clone from elsewhere; this advice doesn't help when their work is gone. To address this, a git hook is added that prevents making commits in checkouts under layers/ that are managed by bitbake-setup. The hook directs users to clone the layer they'd like to modify separately and then use 'init -L' option. (note: later on this workflow can be streamlined by converting parts of an existing setup to local sources, or perhaps ability to 'detach' parts of layers/ from bitbake-setup's modifications, so that it's not necessary to do a full re-init). This still does not cover local modifications without making commits, so there's also a function that checks if such modifications have been made, and a code that moves the layer into a backup location if the function returns true. I considered asking the user what to do (similar to bitbake config handling), but this would've resulted in a half-updated, possibly broken layer set which ultimately just would be more confusing. The local modification check is a part of a broader newly added logic block that handles already existing sources, and in particular addresses yet another issue: when a local source replaces a git remote or another local source, this scenario failed with 'file exists' errors (thanks to Anibal Limon for spotting that). In this case the original symlink is removed first. If the original is a git checkout, it is backed up if there are local modifications, or simply removed otherwise. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 77e86f9c8 --------------------------- bitbake-setup: allow empty commits in configuration history repo This can happen when a user has checked out a different commit in a component under layers/. 'bitbake-setup update' will reset to the commit in the configuration, but there will be no changes to it, and so no difference in the config history repo to be committed. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: e96b97e17 --------------------------- bitbake-setup: ensure paths with timestamps in them are unique There have been instances where directories with timestamps in them are created within the same second, and their paths clash as the timestamp in them is the same for both, as the timestamp is accurate to 1 second. This adds a check for the directory existence and then adds an ever-increasing counter until there's a path that isn't yet created. [YOCTO #16121] Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: ef807662f --------------------------- doc: document fixed revisions override in bitbake-setup manual Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: f23e186a7 --------------------------- bitbake-setup: symlink json with fixed revisions into layers/ This makes the file more visible for users, and allows easier checks of layers current content against what was checked out by bitbake-setup (to ensure local modifications aren't wiped out). Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 05829df3d --------------------------- bitbake-setup: in tests, refactor the config writer to allow variable sources This will be used to make configs that use local sources instead of git-remotes. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8caad7452 --------------------------- bitbake-setup: extend the tests for local sources with status/update sequence This checks for both issues fixed in two previous commits. Split common local source checks into a function and extend it with a call to status/update checker. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4bded0fc5 --------------------------- bitbake-setup: fix are_layers_changed when use local source When use local source the git-remote isn't set causing exception because takes repodir as default value. Fixes: ``` NOTE: Looking up config ls-master in configuration registry Traceback (most recent call last): File "/home/workspaces/ls/bitbake/bin/bitbake-setup", line 1042, in main() ~~~~^^ File "/home/workspaces/ls/bitbake/bin/bitbake-setup", line 1035, in main args.func(top_dir, all_settings, args, d) ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/workspaces/ls/bitbake/bin/bitbake-setup", line 667, in build_update build_status(top_dir, settings, args, d, update=True) ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/workspaces/ls/bitbake/bin/bitbake-setup", line 658, in build_status if are_layers_changed(current_upstream_config["data"]["sources"], layerdir, d): ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/workspaces/ls/bitbake/bin/bitbake-setup", line 627, in are_layers_changed changed = changed | _is_git_remote_changed(git_remote, repodir) ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^ File "/home/workspaces/ls/bitbake/bin/bitbake-setup", line 601, in _is_git_remote_changed rev = r_remote['rev'] ~~~~~~~~^^^^^^^ TypeError: string indices must be integers, not 'str' ``` Signed-off-by: Anibal Limon Alex: remove the default '' value from get() as None is used otherwise, which is also suitable. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 92bc3b2b5 --------------------------- bitbake-setup: consider overrides when checking whether layers have changed in 'status'/'update' This was erroneusly not done, and the original layer spec was used. Make a function out of the code that overlayes overrides onto the base layer spec, so the code doesn't have to be repeated. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9adb99d0d --------------------------- bitbake-setup: test after every update that config hasn't changed This would catch situations where update hasn't run through to completion even though bitbake-setup finished without error, such as the one fixed in the previous commit. Also unset BBPATH from environment so that it doesn't leak out of the function where it's used. Adjust buildtools test to pass setup dir explicitly, as it was previously relying on BBPATH being set. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 3a9f9d85c --------------------------- bitbake-setup: consistently add configuration commits at the end of updates bitbake-setup tracks configuration history under setup directory in config/. Making commits in there wasn't consistently done in all init/update scenarios sometimes leaving uncommitted files. Move the commit creation to the end of update_build() function, ensuring it always happens. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ea760cda2 --------------------------- bitbake-setup: move the local source tests to the end They are not a part of the main testing sequence, and logically should not be in the middle of it. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie ## manifest-judo --------------------------- Commit: 6426546 --------------------------- CSNMR-5656: Lock down upstream meta layers Locking down upstream meta layers to commits that have generated a successful CI build. Signed-off-by: Theodore A. Roth --------------------------- Commit: 8d0b577 --------------------------- bamboo: Use set -x in scripts for running unit tests Give us more visibility in the bamboo logs as to what commands are getting run to aid in debugging failures. Signed-off-by: Theodore A. Roth ## meta-arm --------------------------- Commit: 930a6557 --------------------------- layer.conf: update compatibility to wrynose The oe-core master branch just switched from whinlatter to wrynose[1] so follow this change in our layers. [1] oe-core cd1179544d7 ("layer.conf: Update to wrynose") Signed-off-by: Ross Burton --------------------------- Commit: f4118f9b --------------------------- arm-bsp/trusted-firmware-m: corstone1000: Add AO lock write barrier Add the corstone1000 patch that inserts a compiler barrier before the first HOST_AO_LOCK_BITS write in CC_LibInit(). On corstone1000-mps3 with GCC 15.x, TF-M can HardFault on that first AO lock register update. Adding the barrier avoids the fault. Signed-off-by: Michael Safwat Signed-off-by: Jon Mason --------------------------- Commit: 3afd7461 --------------------------- arm-bsp/edk2-firmware: fix build on newer hosts Compiles of edk2-firmware with GCC 15 on the host will fail: main.c: In function ‘ProcessArgs’: | main.c:163:42: error: too many arguments to function ‘p->process’; expected 0, have 2 | 163 | (*p->process)( *argv, *(argv+1) ); | | ~^~~~~~~~~~~~ ~~~~~ We actually already had the fix for this, but were doing SRC_URI += _before_ the include file did SRC_URI =, so the patch was never applied. Move the require to the top of the recipe so this ordering problem does not happen, and fix the line-endings in the patch that never got applied. [ YOCTO #16116 ] Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: df572b4d --------------------------- CI: allow hashserver to be specified in environment If the sstate is being mounted into the container then the hashserver also needs to be shared, and not stored inside the build tree. Mark BB_HASHSERVE as being set via an environment variable so the GitLab runner environment can set the correct location. This fixes a long-standing problem causing substandard reuse, which now is detected and causes a warning in oe-core[1]. [1] oe-core 491de0db64a ("sanity.bbclass: warn when sstate is outside of build dir, but hash equiv database is inside it") Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: 2f6824dd --------------------------- CI: remove last traces of TOOLCHAIN_DIR When the binary toolchain support was removed[1] we no longer used this variable, but a few instances of it was left behind. [1] meta-arm 03af0c72f1 ("arm-toolchain: remove external-arm-toolchain") Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: 6182cec8 --------------------------- arm/qemuarm64-secureboot: get edk2 and trusted-firmware a working Do the changes necessary to get qemuarm64-secureboot to work with edk2 firmware, and add it to CI. The CI changes needed to make it dynamic based on edk2.yml or u-boot.yml required moving the relevant parts into inc files. Signed-off-by: Jon Mason --------------------------- Commit: 53ccc1ba --------------------------- arm/qemuarm64: fix edk2 and test it edk2 has been broken on qemuarm64 for an unknown amount of time. Add it to CI to prevent this from happening (until edk2 works on qemuarm64-secureboot). Signed-off-by: Jon Mason --------------------------- Commit: 65c98dfe --------------------------- arm-bsp/sbsa-ref: fix qemu warning Make the relevant correction for the following warning in qemu: warning: short-form boolean option 'readonly' deprecated Please use readonly=on instead Signed-off-by: Jon Mason --------------------------- Commit: 0e7aa859 --------------------------- arm-bsp/trusted-firmware-a: remove unnecessary FILESEXTRAPATHS Signed-off-by: Jon Mason --------------------------- Commit: 7f7b065c --------------------------- CI/uefi-secureboot: remove duplicate entry Signed-off-by: Jon Mason --------------------------- Commit: a4a555ef --------------------------- arm/fvp-corstone-1000-a320: trim Python install instead of using INSANE_SKIP The INSANE_SKIPs were not sufficient because the chrpath code used in nativesdk builds still warns, so instead of hiding the warnings fix them instead: remove the pointless RPATHs in the embedded Python libaries, and delete the static libraries. Signed-off-by: Ross Burton --------------------------- Commit: 8c6b5e41 --------------------------- arm/trusted-services: upgrade in-tree nanopb Trusted Services uses nanopb 0.4.8 but this imports pkg_resources from setuptools, which has been deprecated since 2023[1] and was finally removed in setuptools 82. This was fixed in nanopb some time ago[2] so upgrade the recipe from nanopb 0.48 to 0.49.1. [1] https://setuptools.pypa.io/en/latest/deprecated/pkg_resources.html [2] https://github.com/nanopb/nanopb/commit/7961a939ebeeb27631c6def44f3452522264c64b Signed-off-by: Ross Burton --------------------------- Commit: 8a5b2d5e --------------------------- arm/trusted-services: update documentation Change the layout to enhance readability and add TS fTPM related information. Signed-off-by: Gyorgy Szing Signed-off-by: Jon Mason --------------------------- Commit: 315d4e13 --------------------------- arm/trusted-services: Enable tpm2-tool self tests Enable execution of the tpm2-tools self-test against the Trusted Services fTPM SP. The test is integrated into OEQA but is disabled by default due to its long execution time (over three hours on fvp-base) and inconsistent results. While individual tests pass when run in isolation, running the full suite results in failures. Despite this, it remains the most comprehensive verification currently available. Testing can be enabled by setting the RUN_TPM2_TESTS variable. Signed-off-by: Gabor Toth Signed-off-by: Gyorgy Szing Signed-off-by: Jon Mason --------------------------- Commit: 7601b7e0 --------------------------- arm/trusted-services: Enable the fTPM SP Trusted Services has introduced a Firmware TPM (fTPM) secure partition. This change enables building and deploying the fTPM SP through meta-arm. The secure partition is based on the TPM2 reference implementation, msp-tpm20-ref, which has been patched to use MbedTLS as its crypto backend and psa-its for non-volatile storage. Signed-off-by: Gabor Toth Signed-off-by: Gyorgy Szing Signed-off-by: Jon Mason --------------------------- Commit: 4e94b90c --------------------------- arm-bsp/corstone1000: Rebase TS patches. Remove patches merged upstream and rebase remaining patches. Signed-off-by: Gyorgy Szing Signed-off-by: Jon Mason --------------------------- Commit: 0646047f --------------------------- arm/trusted-services: Update to v1.3.0 Update to latest TS release. Signed-off-by: Gyorgy Szing Signed-off-by: Jon Mason --------------------------- Commit: 2027a7a0 --------------------------- arm/python3-pydevicetree: don't install non-namespaced tests The wheel includes the tests which are in a non-namespaced module, and will then conflict with other recipes (such as python3-cryptography) that also install non-namespaced tests. Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: 1eec18f8 --------------------------- optee-client: Make include reusable outside of meta-arm Set FILESEXTRAPATHS so that artifacts that meta-arm injects can still be found when using the include from a different layer. Signed-off-by: Jan Kiszka Signed-off-by: Jon Mason --------------------------- Commit: dcc34c19 --------------------------- CI: add LTS versions for testing Add a CI test for the LTS versions of recipes currently supported. Use fvp-base, since that provides good coverage and is being used for the latest version testing. Signed-off-by: Jon Mason --------------------------- Commit: b5207f77 --------------------------- arm/trusted-firmware-a: update LTSes Update the TF-A recipes to the latest stables/LTS versions. Not all of the versions updated the version of mbedtls being used (and even the updates didn't update to the latest stable version of mbedtls). We're using the mbedtls version specified in docs/getting_started/prerequisites.rst, not the latest available. Also, update the related fiptools and tf-a-tests (which don't map to the same releases, but were all verified to be at the latest versions). No real change in cot-dt2c code, but updating the SHA to the latest. Signed-off-by: Jon Mason --------------------------- Commit: 46e0a21b --------------------------- arm/classes: fix quilt-native dependency quilt-native is required by do_apply_local_src_patches task. Signed-off-by: Clement Faure Signed-off-by: Jon Mason --------------------------- Commit: b00fe886 --------------------------- arm/trusted-firmware-m: workarounds for new(er) toolchains GCC 15 (and GCC 14, and probably others) are finding new problems in trusted-firmware m, and these cannot simply be ignored (as they are fatal build errors). Clear the ld security flags to get around those issues, backport a couple of patches for fixes that have been addressed upstream, and create a patch to work around some casting issues in functions that are removed in newer versions of the code. This refactoring caused some minor clean up of existing corstone1000 tfm patches. Also, use size based optimization for corstone1000. With this, the bl1 is too big to fit into flash. The correct way to solve this would be to remove TFA_DEBUG, but that causes a rabbit hole of problems related to heap being enabled or not. This works around the issue until it can be resolved properly. Signed-off-by: Jon Mason --------------------------- Commit: 40d015d7 --------------------------- arm/edk2-firmware: Update to 202602 Update edk2, edk2-platforms, and sbsa-acs to the latest versions/SHAs. A bleeding edge patch from upstream is needed to correct a build race in antlr, and the latest SHA for edk2-platforms is needed to work around some compilation issues with ENABLE_TPM in fvp-base. Signed-off-by: Jon Mason --------------------------- Commit: c0416d74 --------------------------- arm-toolchains: Update to 15.2 Update the pre-build Arm GNU toolchain to 15.2 (from 13.3) Signed-off-by: Jon Mason --------------------------- Commit: 3c92c995 --------------------------- CI: don't testimage core-image-initramfs-boot A recent change to image dependencies in oe-core master[1] means that TESTIMAGE_AUTO tries to test more images than before. Explicitly reset TESTIMAGE_AUTO for core-image-initramfs-boot so that it doesn't try to testimage an initramfs. [1] oe-core b75c21fb950 ("image_types_wic.bbclass: add depend on initramfs") Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: be647726 --------------------------- arm/trusted-services: clone dependencies under ts source tree Clone all trusted-services dependencies into the TS source tree under ts-external/ instead of ${UNPACKDIR} This alignes the layout with devtool git-submodule handling. NOTICE: we can't clone in external as TS already contains files there and it would conflict. Signed-off-by: Arthur Cassegrain Signed-off-by: Jon Mason --------------------------- Commit: d5b265ec --------------------------- arm-bsp/trusted-firmware-m: fix psa-adac patch paths for corstone1000 Update the corstone1000 variant to apply its psa-adac patches against the new external/ directory. Signed-off-by: Clement Faure Signed-off-by: Arthur Cassegrain Signed-off-by: Jon Mason --------------------------- Commit: f0cd8c56 --------------------------- arm/trusted-firmware-m: clone dependencies under tfm source tree Clone all trusted-firmware-m dependencies into the tfm source tree under external/ instead of ${UNPACKDIR}. This aligns the layout with devtool git-submodule handling, ensuring the recipe sees a consistent source tree at build time and allowing dependencies to be patched via devtool in the same way as the main tf-m repository. (reworked to avoid use internal variables for checkout) to clone tf-m dependencies use hardcoded path for reproductibility and avoid using BB_GIT_DEFAULT_DESTSUFFIX which may depend on yocto version. Signed-off-by: Clement Faure Signed-off-by: Arthur Cassegrain Signed-off-by: Jon Mason --------------------------- Commit: 1aed8156 --------------------------- CI/musca-b1: use LTS tf-m We currently don't have coverage for trusted-firmware-m 2.1.x, which is the LTS. Since musca-b1 and musca-s1 are essentially the same, use b1 for the LTS coverage. Signed-off-by: Jon Mason --------------------------- Commit: 907645a0 --------------------------- arm*/layer.conf: drop walnascar walnascar compatibility isn't tested and isn't supported with whinlatter or later, drop it. Signed-off-by: Jon Mason --------------------------- Commit: 1e3d3f8b --------------------------- arm-bsp/sgi575: change target image for CI For some reason, sgi575 won't boot to shell with core-image-full-cmdline, but it will with other images. Since we're going to drop this machine soon (as it has been EOL'ed), modify the image type for CI to core-image-base (As that one appears to boot faster). Signed-off-by: Jon Mason --------------------------- Commit: 8ef2258e --------------------------- arm-bsp/linux-yocto: corstone1000: Update to v6.18 * Set Linux kernel preferred version for Corstone-1000 to 6.18 * Update Corstone-1000 user guide. * Recent kernel versions removed the deprecated CONFIG_LIBCRC32C Kconfig symbol as part of the CRC library cleanup. Replace CONFIG_LIBCRC32C with CONFIG_CRC32, which provides the generic CRC32/CRC32C library support used by in-kernel consumers. * The ext3 driver was removed historically and ext4 carries compatibility for ext3 on-disk format. * Amend External System patch to adhere to Kernel v6.18 RemoteProc API. * Add #address-cells and #size-cells parameters to ethosu dts node No functional change intended. Signed-off-by: Hugues KAMBA MPIANA Signed-off-by: Jon Mason --------------------------- Commit: ad92b476 --------------------------- Remove meta-arm-systemready meta-arm-systemready was intended to allow people writing BSPs to run the SystemReady Architecture Compliance Suite[1] within the Yocto build environment. However, whilst this seems like a good idea, there are several problems: - This layer only supports the IR band and v2 of the ACS. The ACS is now at v3 and the bands altered, so there is no value in running obsolete tests. - Execution of the tests takes a long time, we have integration to run the tests on a virtual fvp-base machine but execution takes many tens of hours (our CI times out after 12, on a high-performance worker). Running the tests in CI, and in particular inside BitBake, isn't obviously the right thing to do. - Execution on the tests on real hardware is not trivial, as testimage has virtual targets as a primary usecase. It is unclear if anyone has managed to use this layer on physical hardware. Because of these issues, remove the layer. There are better integration points for automated ACS testing, and this integration is obsolete. [1] https://github.com/ARM-software/arm-systemready Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: 98b105ce --------------------------- arm/fvps: reorganize CI into segments The downloads page for FVPs is broken down into sub-pages for each "Ecosystem". Organize this file to match that. Also, rename fvp-v3-r1 to "rd" to make more obvious what this refers to. Signed-off-by: Jon Mason --------------------------- Commit: d8c879b9 --------------------------- arm/corstone1000-a320: split off FVP into a unique file and add to CI The corstone1000-a320 FVP is a unique download and should be treated as such in our CI. Split the relevant parts off, add it to the fvps.yml file, workaround the staticdev and useless-rpath errors that were present in the FVP tarball, and the correct depends in the machine config file. Also, add this machine to the CI so that any issues can be found with this unique configuration. Signed-off-by: Jon Mason --------------------------- Commit: 832ce9bc --------------------------- CI/fvp: made the default target core-image-full-cmdline No need to have the full graphics stack for FVP images. Slim the image down by default. Signed-off-by: Jon Mason --------------------------- Commit: f87babe3 --------------------------- lib/fvp: remove FVP buit-in portion of the terminal name This patch ignores the built-in FVP UART name when setting the terminal names on tmux. The rationale is that appending FVP UART name takes a lot of space making it unusable on complex platforms with many terminals. Signed-off-by: Filipe Rinaldi Signed-off-by: Jon Mason --------------------------- Commit: 8c8e2a5d --------------------------- arm-bsp/u-boot: Remove v2025.04 recipe Signed-off-by: Frazer Carsley Signed-off-by: Jon Mason --------------------------- Commit: 7ab5353f --------------------------- arm-bsp/u-boot:cs1k: Remove broken patch The removed patch file breaks the U-Boot efi_selftest utility and has been denied by upstream in any event. All subsequent patches renumbered. Signed-off-by: Frazer Carsley Signed-off-by: Jon Mason --------------------------- Commit: 0a8d300b --------------------------- arm-bsp/u-boot:cs1k: Upgrade to v2025.10 All patches have been rebased onto the v2025.10 release branch, with the changes primarily being updating of offsets and surrounding code in each hunk. One minor change between v2024.04 and v2025.10 is that a CONFIG_BOARD_INIT option was added and must be enabled in order to link in the `board_init()` symbol. As such, the firmware update patch adding `board_init()` has been modified to enable this option as well. The patch that enabled OF_UPSTREAM has been modified slightly in order to incorporate upstream changes between versions: the SMP changes to the Corstone1000 FVP device tree were incorporated into the Linux kernel so are no longer needed in the U-Boot specific device tree. As such, the patch adding A320 support adds these CPU nodes in order to override them where appropriate. In the process, signatures are removed from each patch. Beyond this, the directory in which U-Boot searches for the EFI capsule CRT file changed from object tree to source tree, so the recipe is updated to reflect that. Signed-off-by: Frazer Carsley Signed-off-by: Jon Mason --------------------------- Commit: 50f14fa9 --------------------------- arm-bsp/fvp-base: add MMC and 9P to kernel config Signed-off-by: Jon Mason --------------------------- Commit: fbb2c0f7 --------------------------- arm/arm-bsp: optee-examples: drop patch included in 4.9.0 This fixes a build error due to: patching file Makefile Hunk #1 FAILED at 12. 1 out of 1 hunk FAILED -- rejects in file Makefile Patch 0001-Makefile-Avoid-variable-override.patch can be reverse-applied Signed-off-by: Jan Luebbe Signed-off-by: Jon Mason --------------------------- Commit: 320301be --------------------------- arm-bsp/external-system: remove redundant DEBUG_PREFIX_MAP fiddling We have a newer gcc-arm-none-eabi now, so this can be removed. Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: be599f95 --------------------------- arm-bsp: corstone1000: Swap GIC-600 for GIC-700 for Cortex-A320 variant Make changes across U-Boot, and OP-TEE OS to swap the GIC-600 for GIC-700 as the latest version of the FVP swaps the GIC. Signed-off-by: Hugues KAMBA MPIANA Signed-off-by: Jon Mason --------------------------- Commit: 38d20465 --------------------------- arm/arm-bsp: optee: drop version 4.7.0 Drop support for OP-TEE version 4.7.0 from the layer as version 4.9.0 is present. Signed-off-by: Hugues KAMBA MPIANA Reviewed-by: Quentin Schulz Signed-off-by: Jon Mason --------------------------- Commit: 955cd40e --------------------------- arm-bsp/corstone1000: move to support OP-TEE version 4.9 Bump Corstone-1000 machine OP-TEE version from 4.7.0 to version 4.9.0. Signed-off-by: Hugues KAMBA MPIANA Signed-off-by: Jon Mason --------------------------- Commit: 4981dca1 --------------------------- arm/arm-bsp: optee: add version 4.9.0 OP-TEE version 4.9.0 has been released on 2026-01-16 [1]. Add OP-TEE recipes to point to version 4.9.0 Link: [1]: https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md#op-tee---version-490-2026-01-16 Signed-off-by: Hugues KAMBA MPIANA Tested-by: Quentin Schulz # xtest on PX30, RK3399, RK3588 Signed-off-by: Jon Mason --------------------------- Commit: d9eac47e --------------------------- arm-bsp/docs:corstone1000: Update copyright and host tool versions Update Corstone-1000 documentation to reflect 2026 copyright and current supported host environment. Signed-off-by: Michael Safwat Signed-off-by: Jon Mason --------------------------- Commit: c3c97a6b --------------------------- arm-bsp/trusted-firmware-a: ensure native tools respect BUILD_LDFLAGS TF-A has a number for variables to control how host binaries are built: - Our BUILD_CC is HOSTCC; this is set in the recipes - Our BUILD_CFLAGS is HOSTCCFLAGS; this is not set - Our BUILD_LDFLAGS has no corresponding variable However when uninative is enabled we really need to pass BUILD_LDFLAGS as otherwise there can be link problems: ld: libcrypto.so: undefined reference to `__isoc23_strtol@GLIBC_2.38' Patch into the TF-A makefiles support for HOSTLDFLAGS and ensure that we set all three of the relevant BUILD_ variables. Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: de6e6fe7 --------------------------- arm-bsp/docs:corstone1000: Update copyright notice Update the copyright notice year. Signed-off-by: Jon Mason --------------------------- Commit: 755287ed --------------------------- arm-bsp/u-boot: remove upstreamed fvp-base patches 2 of the fvp-base specific u-boot patches were merged in the 2026.01 release. Remove those, as they are no longer necessary. Signed-off-by: Jon Mason --------------------------- Commit: f36c9add --------------------------- Revert "CI: work around xen failures until fixed upstream" The kernel upgrades are now in oe-core, so we can drop this workaround. This reverts commit 341a0fd9762012622699aa1431b96a50a65bf16c. Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: 6aef0d46 --------------------------- arm-bsp/linux-yocto: disable kconfig checking for sbsa-ref and sgi575 The linux-yocto kernel has strict configuration warnings enabled and this often causes warning, for example with 6.18.3: [INFO]: the following symbols were not found in the active configuration: - CONFIG_SND_SOC_ROCKCHIP - CONFIG_SLIM_QCOM_CTRL For these machines we're using the upstream defconfig and not a config file that we're maintaining, so fixing these problems upstream is slower than one would like. As we don't maintain the config, we can disable the checker for these two machines. This is _not_ precedence for disabling the audit for any machines where we're not simply using the upstream defconfig without any changes. Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: 568b3622 --------------------------- arm-bsp/conf:corstone1000: update bl1.bin path The path changed when the trusted-firmware-m recipe began to inherit firmware.bbclass. Signed-off-by: Frazer Carsley Signed-off-by: Jon Mason --------------------------- Commit: 514061a3 --------------------------- arm-bsp/docs:corstone1000: update paths The paths for these files has changed due to the change to the trusted-firmware-m recipe now using the custom firmware.bbclass. Signed-off-by: Frazer Carsley Signed-off-by: Jon Mason --------------------------- Commit: 604c7e9a --------------------------- arm/images: ensured consistent firmware deployment For builds using multiconfig, all of the firmware binaries listed were being placed in the ${DEPLOYDIR} directly without preserving their directory hierarchy. This meant that paths to firmware binaries relative to the ${DEPLOYDIR} differed between builds depending on whether multiconfig was enabled or not. Signed-off-by: Frazer Carsley Signed-off-by: Jon Mason --------------------------- Commit: f6c78d27 --------------------------- arm/edk2-firmware: update to edk2-stable202511 Update edk2-firmware and edk2-basetools to the 202511 stable release. Patches from upstream were needed to get it compiling with clang. edk2 dropped support for 32bit arm and x86, see https://edk2.groups.io/g/devel/topic/rfc_remove_ovmf_ia32_and/114152215 Therefore, we're dropping qemuarm edk2 testing and relevant bits Signed-off-by: Jon Mason --------------------------- Commit: a9504082 --------------------------- arm/trusted-firmware-a: add v2.14.0 support Add support for v2.14.0, and update corstone1000 config and patches to use it. TF-A seems to have changed their poetry settings from POETRY to host-poetry (when specifying an alternative location/disabling). So, it is necessary to modify that for all platforms using COT and v2.14.0 NOTE: sbsa-ref is having issues with fip.bin being too large. So, set the version to the LTS until that is resolved. Signed-off-by: Jon Mason --------------------------- Commit: 341a0fd9 --------------------------- CI: work around xen failures until fixed upstream In master, xen images fail to build as the xt-masquerade module is not built by the kernel. This has been fixed in the linux-yocto 6.18.3 upgrade but that is not yet merged. Until it is merged, we can temporarily update the kmeta in our CI. Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: 955b1d8e --------------------------- arm/boot-wrapper-aarch64: update to latest commit Signed-off-by: Jon Mason --------------------------- Commit: fbf30c96 --------------------------- arm/machine-summary: remove gn gn was moved to oe-core. So, we no longer need to track it as part of the meta-arm CI machine-report Signed-off-by: Jon Mason --------------------------- Commit: 0d8f1d5f --------------------------- arm/opencsd: update to 1.7.1 Signed-off-by: Jon Mason --------------------------- Commit: 767839df --------------------------- arm/hafnium: update to 2.14.0 Signed-off-by: Jon Mason --------------------------- Commit: ae8bf497 --------------------------- arm/trusted-firmware-m: drop unreferenced patch Forgot to remove this patch in the previous commit. Removing now. Signed-off-by: Jon Mason --------------------------- Commit: 9d3e85c7 --------------------------- docs:corstone1000: Update user guide - Replace openSUSE Tumbleweed with openSUSE Leap. - Ensure correct component versions are listed. - Update changelog and release notes for C25Q4 release. - Add Positive partial capsule update test. - Improve user guide for consistency and clarity. Signed-off-by: Hugues KAMBA MPIANA Signed-off-by: Jon Mason --------------------------- Commit: e8ffad9e --------------------------- arm-bsp: corstone1000: Enable secure debug on TF-M v2.2.x Allow TF-M v2.2.2 to boot with Secure Debug enabled on Corstone-1000 and align the driver implementation with the current psa-adac library. - Add missing DRBG macros to fix the "Failed to generate challenge!" error during Secure Debug. - Fix an unintended platform reset occurring immediately after setting the debug enable bits in the dcu_en register while in SE LCS. Signed-off-by: Devaraj Ranganna Signed-off-by: Harsimran Singh Tungal Signed-off-by: Jon Mason --------------------------- Commit: d908c2bc --------------------------- meta-arm-bsp/oeqa: ignore new PCI warnings The PCI subsystem with 6.18 is now warning on boot: PCI: OF: of_root node is NULL, cannot create PCI host bridge node Until this can be root-caused, ignore it. Signed-off-by: Ross Burton Signed-off-by: Jon Mason --------------------------- Commit: 54d84b79 --------------------------- meta-arm/oeqa: ignore initrd warning in qemuarm64-secureboot With kernel 6.18 the kernel will now warn if it tries to run a command from a ramdisk but it cannot be found[1]. This happens with the qemuarm64-secureboot machine (but not qemuarm64) because u-boot appears to be populating the devicetree with a ramdisk entry: loading kernel to address 40400000 size 1702a00 1 qfw ready qfw 0 qfw ** Booting bootflow 'qfw' with qfw ## Flattened Device Tree blob at 7e659890 Booting using the fdt blob at 0x7e659890 Working FDT set to 7e659890 Loading Ramdisk to 7bcfd000, end 7d3ffa00 ... OK Loading Device Tree to 000000007d621000, end 000000007d626534 ... OK Working FDT set to 7d621000 Starting kernel ... The kernel tries to mount and boot this ramdisk but fails because it isn't a valid initrd or initramfs. The boot continues as usual, but this warning in the logs triggers parselogs. Until the boot flow is properly resolved, ignore the message. [1] linux 98aa4d5d242d ("init/main.c: add warning when file specified in rdinit is inaccessible") Signed-off-by: Ross Burton Signed-off-by: Jon Mason ## meta-clang --------------------------- Commit: b044647 --------------------------- layer.conf: Add wrynose (yocto 6.0) to compatible layers Signed-off-by: Khem Raj --------------------------- Commit: 6d818ef --------------------------- conf/nonclangable: Remove conflicting definition with OE-Core for vulkan-samples This is different to the setting in OE-Core and is causing failures with yocto-check-layer. The referenced bug was closed a while ago so the issue is likely fixed, remove the conflicting definition. Signed-off-by: Richard Purdie --------------------------- Commit: 7abda05 --------------------------- conf/nonclangable: Remove conflicting definition with OE-Core for valgrind This is different to the setting in OE-Core and is causing failures with yocto-check-layer. The referenced bug was closed a while ago so the issue is likely fixed, remove the conflicting definition. Signed-off-by: Richard Purdie ## meta-judo --------------------------- Commit: ad0dc63 --------------------------- CSNMR-5656: Change layer compat from whinlatter to wrynose Upstream has changed the LAYERSERIES_CORENAMES from whinlatter to wrynose on the master branch. Dropping whinlatter since we do not intend to support that release once wrynose is released. Signed-off-by: Theodore A. Roth --------------------------- Commit: d2d0441 --------------------------- CSNMR-5656: python-zenoh: Update from 1.3.0 to 1.7.2 Need to update to support python-3.14 which is now what is used by upstream Yocto. Updating is simpler than trying to port 1.3.0 use python-3.14 since upstream zenoh has already done that work. Signed-off-by: Theodore A. Roth --------------------------- Commit: c05a0f1 --------------------------- CSNMR-5656: zenoh-backend-filesystem: Update from 1.3.0 to 1.7.2 1.7.2 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.7.1 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.7.0 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.6.2 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.6.1 What's Changed New features * update plugin api by @DenisBiryukov91 in #429 Dependencies * Sync Cargo.lock with Zenoh 1.5.1 What's Changed Documentation * Update adminspace keyexprs format in README by @oteffahi in #379 Dependencies * Sync Cargo.lock with Zenoh * chore: pin librocksdb-sys 1.75 compatible version by @diogomatsubara in #407 1.5.0 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.4.0 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.3.4 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.3.3 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.3.2 What's Changed Dependencies * Sync Cargo.lock with Zenoh 1.3.1 What's Changed Dependencies * Sync Cargo.lock with Zenoh Signed-off-by: Theodore A. Roth --------------------------- Commit: 335f151 --------------------------- CSNMR-5656: zenoh: Update from 1.3.0 to 1.7.2 1.7.2 What's Changed New features * liveliness token support in adminspace by @milyin in #2294 Bug fixes * Handle wrapping of sequence numbers in advanced pub/sub by @wyfo in #2318 * Use weak session in cancel token callback by @DenisBiryukov91 in #2315 * fixed crash on get @/** by @milyin in #2324 * [ZEN-641] Fix verbatim ke resource matching by @DenisBiryukov91 in #2339 * [ZEN-641] Undeclare key expression on drop by @DenisBiryukov91 in #2341 * Fix bugs in gossip by @OlivierHecart in #2347 Documentation * Document LivelinessSubscriberBuilder::history by @fuzzypixelz in #2289 Dependencies * Pin async-lock version by @wyfo in #2330 1.7.1 What's Changed New features * expose node current locators by @wyfo in #1966 * Do not report per_link metric without per-link data by @wyfo in #2308 * Reduce contention on stats keys computation by @wyfo in #2305 Bug fixes * Fix downsampling metric label by @wyfo in #2304 * Fix multicast stats initialization by @wyfo in #2307 * Count payloads stats at routing level by @wyfo in #2310 Dependencies * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2302 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2303 * Pin unzip-n version by @wyfo in #2311 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2309 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2313 1.7.0 What's Changed Breaking changes * Turn source info into option instead of a pair of optional id and sn by @DenisBiryukov91 in #2288 New features * Reorg lazy shm provider by @yellowhatter in #2221 * [ZEN-688] Query cancellation by @DenisBiryukov91 in #2223 * Bump the version of the crates by @evshary in #2261 * Add Query::source_info method by @DenisBiryukov91 in #2290 * Metrics per key by @wyfo in #2284 * Gzip metrics by default by @wyfo in #2297 Bug fixes * Bypass commit check if it is unspecified for plugin or host by @DenisBiryukov91 in #2225 * Fix aggregate subscriber and queryable interests by @DenisBiryukov91 in #2210 * Fix Encoding::with_schema to work correctly with custom encodings by @DenisBiryukov91 in #2230 * Handle ignored cases in Interest::options by @fuzzypixelz in #2256 * Fix ACL delete egress decision based on cache content by @oteffahi in #2295 * Fix RX stats being counted twice by @wyfo in #2299 Documentation * Fix the invalid link of Zenoh-ext. by @evshary in #2287 Dependencies * chore: pin dependencies for 1.7.5 by @diogomatsubara in #2222 * chore: update petgraph to 0.8.3 by @diogomatsubara in #2218 * Pin 1.75 deps for valgrind check by @DenisBiryukov91 in #2226 * Recreate Cargo.lock by @eclipse-zenoh-bot in #2228 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2236 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2244 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2249 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2250 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2252 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2254 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2257 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2259 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2262 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2265 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2266 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2270 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2271 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2274 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2277 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2286 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2291 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2296 * chore: recreate Cargo.lock by @eclipse-zenoh-bot in #2298 1.6.2 What's Changed New features * Take zenoh version from CARGO_PKG_VERSION instead of git tag by @DenisBiryukov91 in #2203 * Add to_string method and make IConfig Send+Sync by @DenisBiryukov91 in #2207 * Precommit SHM pages by @yellowhatter in #2175 * Bug fixes * Fix queryable info update in case of connection loss by @DenisBiryukov91 in #2205 Documentation * ci: add job to build docs similar to docs.rs by @diogomatsubara in #2206 1.6.1 What's Changed New features * Shm allocators by @yellowhatter in #2117 * implement Error for ZLayoutError by @wyfo in #2132 * add missing error implementations for shared memory by @wyfo in #2134 * use dynamic runtime in plugins by @DenisBiryukov91 in #2013 * rework shm API and implementation by @wyfo in #2136 * Improve scalability by @OlivierHecart in #2174 * expose the EntityGlobalId of the session by @wyfo in #2182 * Add shm infos in adminspace and stats by @OlivierHecart in #2193 Bug fixes * fix(links): correct IPv6 address parsing for TLS and QUIC locators by @steils in #2138 * Fix declaration propagation to avoid infinite loop in p2p by @OlivierHecart in #2140 * fix: narrow SessionState lock guard scope when MatchingListener drop by @passchaos in #2101 * Fix propagated final interest id by @fuzzypixelz in #2144 * Fix get_interface_names_by_addr implementation for IPv4-mapped IPv6 addresses by @oteffahi in #2149 * fix liveliness query and liveliness subscriber id overlapping by @wyfo in #2156 * Fix bug leading to reliable messages drop when sent along best effort messages by @wyfo in #2152 * fix client mode with multiple connect endpoints by @DenisBiryukov91 in #2158 * Respect liveliness subscriber history when processing token declarations by @oteffahi in #2160 * Fix declares race condition by @OlivierHecart in #2179 * Fix treatment of complete field for same ke queryable on the same face by @DenisBiryukov91 in #2135 * Fix multlink reconnect by @DenisBiryukov91 in #2173 * Fix ACL subject matching by @oteffahi in #2141 Documentation * Fix backend example in docs by @DenisBiryukov91 in #2154 * readme rewrite by @milyin in #2170 * update Rust documentation by @milyin in #2145 * unicast max_links doc update by @milyin in #2190 1.5.1 What's Changed Breaking changes * fix: consistently use the snake case by @YuanYuYuan in #2093 Note : In all configuration_control configurations, the "blockfirst" value is no longer valid and must be replaced by "block_first". * SHM typed API by @yellowhatter in #2034 New features * Add put and delete downsampling message types by @DenisBiryukov91 in #2115 Note : In downsampling/messages configuration: "push" is now deprecated and may not be supported in future versions, use "put" and/or "delete" instead. * Implicit SHM optimization by @yellowhatter in #2113 * Optimize SHM metadata storage (adds ~300k msgs\sec) by @yellowhatter in #2116 Bug fixes * Fix multicast transports cleanup on Session:close by @oteffahi in #2075 * Fix client and peer queryable distance by @fuzzypixelz in #2073 * Use inline tables for package.metadata.deb.assets by @fuzzypixelz in #2084 * Fix the typos in the configuration. by @evshary in #2091 * Comment-out logging in cleanup (causes logger panic in atexit()) by @yellowhatter in #2094 * Do not allow links between instances with the same zid by @DenisBiryukov91 in #2110 Documentation * README.md: add gpg key installation to Debian instructions by @JEnoch in #2092 Dependencies * chore(deps): bump crossbeam-channel from 0.5.14 to 0.5.15 by @dependabot[bot] in #1985 * chore(deps): bump dependencies for license compatibility by @YuanYuYuan in #2126 Other changes * Revert "cache pipeline selection" by @yellowhatter in #2119 1.5.0 What's Changed Breaking changes * SHM API improvement: ProtocolID and others... by @yellowhatter in #1975 * [ZEN-587] Make Reply::replier_id() return an EntityGlobalId by @oteffahi in #2052 New features * Allow to make get request without payload in the example by @milyin in #1972 * add missing clone/debug implementations by @wyfo in #1974 * fix RecoveryConfig by @wyfo in #1973 * add internal set_background method to advanced sub by @wyfo in #1976 * Optimize shm watchdog storage by @yellowhatter in #1869 * Improve shm api by @yellowhatter in #1950 * [ZEN-557] do not set zenohid in the config if it is unset, do it in the runtime builder instead by @DenisBiryukov91 in #1978 * Fix shm api reexports by @yellowhatter in #2003 * Polish shm by @yellowhatter in #2023 * Polish z_pub_shm.rs by @yellowhatter in #2007 * add CongestionControl::BlockFirst by @wyfo in #2014 * Improve error message when opening an empty file by @patrickelectric in #2006 * Avoid key expression checks in local query handling by @OlivierHecart in #2035 * Add more options to QoSOverwrite interceptor by @OlivierHecart in #2030 * Make qos/network/key_expr conf field optional by @OlivierHecart in #2049 * stabilize querier and matching status/listener by @DenisBiryukov91 in #2051 * optimize hashmap for integer keys by @wyfo in #2046 * use vector instead of hashmap for routes by @wyfo in #2047 * Add matching listener handler getters by @DenisBiryukov91 in #2059 * Improve interceptors performances by @OlivierHecart in #2053 * Report multicast sessions in Adminspace by @OlivierHecart in #2042 * Support QUIC unreliable datagrams by @fuzzypixelz in #2045 * Add ZID subject property to ACL by @oteffahi in #2015 * Refactor KeyExpr::try_from<&str> and add some tests by @evshary in #2025 * feat: make CongestionControl and Priority hashable by @alokpr in #2060 Bug fixes * fix Encoding structure to allow to pass custom encoding string by @milyin in #1964 * Fix bug querying with Target AllComplete on local queryables by @OlivierHecart in #1998 * Make untimestamped replies ordered by arrival by @OlivierHecart in #1999 * Make untimestamped replies ordered by arrival in monotonic case by @milyin in #2000 * [ZEN-557] Extract udp socket source address via PKTINFO by @DenisBiryukov91 in #1980 * Read the gossip autoconnect config from the GossipConf instead of the ScoutingMulticastConf by @Hugal31 in #2011 * fix handling of port 0 on multicast locator by @wyfo in #1968 * Accept a boolean value for the complete field of storage_manager config by @evshary in #1991 * Update the zenohd config in the Debian package. by @evshary in #1992 * fix unstable features requirements introduced by #2014 by @wyfo in #2040 * fix IntHashMap::contains_key by @wyfo in #2058 * Fix Session::close timeout while client attempts to reconnect by @oteffahi in #2012 * Report proper whatami for adminspace entities by @OlivierHecart in #2061 Documentation * Polish shm (for zshm examle) by @yellowhatter in #2024 * Update README how to avoid an out-of-memory error by @evshary in #1993 Dependencies * chore: unpin home dependency by @simpleton in #1963 1.4.0 What's Changed New features * add Queryable::key_expr() method by @DenisBiryukov91 in #1917 * Derive Debug and Clone for SampleFields by @fuzzypixelz in #1923 * [ZEN-547] Add support for link weights by @DenisBiryukov91 in #1914 * Allow providing a full configuration through --cfg argument (#1935) by @kydos in #1936 * feat: add hash support for Encoding by @alokpr in #1912 * enumerate IP interface names for WebSocket link by @yellowhatter in #1943 * adminspace: Set proper encoding by @anassinator in #1934 * support DSCP link config by @wyfo in #1937 Bug fixes * remove todo! from zenoh_backend_traits::config::VolumeConfig::try_from by @DenisBiryukov91 in #1918 * Properly set Reply::replier_id by @OlivierHecart in #1928 * fix incorrectly set edge weight upon new transport creation by @DenisBiryukov91 in #1946 * Fix wrong error log in linkstate peers by @OlivierHecart in #1951 Documentation * Document callback drop on subscriber undeclaration by @fuzzypixelz in #1590 * Doc: fix SeqNum and SeqNumGenerator documentation (fix #1949) by @JEnoch in #1952 1.3.4 What's Changed New features * deny unknown config fields by @wyfo in #1865 * [ZEN-548]add zids config parameter to qos_overwrite by @wyfo in #1908 * [ZEN-548]allow inserting config list item with its id by @wyfo in #1909 1.3.3 What's Changed New features * Bug/fix batching wait regression by @yellowhatter in #1881 * [ZEN-526] Add Bind config option by @OlivierHecart in #1892 * Maintain keyexpr type in interceptors by @fuzzypixelz in #1851 * [ZEN-529], [ZEN-534] Add number of downsampled messages and blocked bytes to stats by @DenisBiryukov91 in #1873 Bug fixes * Lowlatency async finalize by @yellowhatter in #1894 1.3.2 What's Changed Bug fixes * Revert "Improve batching wait on multifragment messages" by @yellowhatter in #1875 1.3.1 What's Changed New features * Nolocal close by @yellowhatter in #1632 * [ZEN-532] Cache invalidation by @DenisBiryukov91 in #1849 * Improve batching wait on multifragment messages by @yellowhatter in #1843 * add qos overwrite interceptor by @DenisBiryukov91 in #1825 * Cache ACL interceptor results by @DenisBiryukov91 in #1821 * [ZEN-530] Add link protocols subject to interceptors by @oteffahi in #1850 * qos overwriter no longer checks ke of message types that should not be affected by @DenisBiryukov91 in #1862 * Add new non periodic last sample miss detection mechanism by @OlivierHecart in #1861 * Add log for better trace by @evshary in #1844 * Make SHM segment cleanup routine more robust by @yellowhatter in #1866 * Add low pass filter by @OlivierHecart in #1868 Bug fixes * Fix bug with wait_before_close by @OlivierHecart in #1855 * Fix memory leak in shm segment cleanup by @yellowhatter in #1867 * Fix identation in rustdoc comments by @fuzzypixelz in #1874 Documentation * Fixes #1820 by @Mallets in #1858 Signed-off-by: Theodore A. Roth --------------------------- Commit: d8b3e04 --------------------------- CSNMR-5656: zenoh: Drop DDS plugin recipe We are not using DDS, so instead of porting the plugin to 1.7.2, we will drop the recipe for now. If/when we need it, we will do the port then. Signed-off-by: Theodore A. Roth ## meta-judo-bsp --------------------------- Commit: dd92498 --------------------------- CSNMR-5656: Change layer compat from whinlatter to wrynose Upstream has changed the LAYERSERIES_CORENAMES from whinlatter to wrynose on the master branch. Dropping whinlatter since we do not intend to support that release once wrynose is released. Signed-off-by: Theodore A. Roth --------------------------- Commit: 9dc5938 --------------------------- CSNMR-5656: trimble-optee-fitimage: Fix args to ItsNodeRootKernel Upstream added a new `mkimage_extra_opts` keyword argument to the ItsNodeRootKernel class __init__() method. This caused our builds to fail because we were passing all of the kwargs by position. Rework how we instantiate the ItsNodeRootKernel class to pass all keyword arguments using `key=value` wkargs style instead of by position. Signed-off-by: Theodore A. Roth --------------------------- Commit: eefb30a --------------------------- CSNMR-5656: Fix path to SPL binary when signing The path the SPL binary now depends on config values in ${UBOOT_CONFIG}. Signed-off-by: Theodore A. Roth --------------------------- Commit: 569ba29 --------------------------- CSNMR-5656: u-boot: Rework recipes to use new UBOOT_CONFIG mechanisms Upstream oe-core has refactored how UBOOT_CONFIG works. Without these changes, the bitbake build would fail to respect the PREFERRED_VERSION of uboot (set to 2024.04) and use 2025.01 or 2026.01 instead which would cause our builds to break. We're not ready to move 2025.01 or 2026.01 yet, so need to stay on 2024.04. Signed-off-by: Theodore A. Roth --------------------------- Commit: a0171e0 --------------------------- CSNMR-5656: optee-os: Drop upstreamed patches These patches have been applied by upstream optee project and we no longer need to provide them. Signed-off-by: Theodore A. Roth ## meta-judo-proprietary --------------------------- Commit: 7478c09 --------------------------- CSNMR-5656: Change layer compat from whinlatter to wrynose Upstream has changed the LAYERSERIES_CORENAMES from whinlatter to wrynose on the master branch. Dropping whinlatter since we do not intend to support that release once wrynose is released. Signed-off-by: Theodore A. Roth ## meta-openembedded --------------------------- Commit: 6b55bede28 --------------------------- luaposix: Upgrade to 36.3 Fix build with lua 5.5 License-Update: bump copyright years to 2025 [1] [1] https://github.com/luaposix/luaposix/commit/07cf96f23c10ad01736205e6ca18375a208d05bf Signed-off-by: Khem Raj --------------------------- Commit: fdb49727a7 --------------------------- links,links-x11: Upgrade to 3.20 Fix build with glibc 2.43+ Signed-off-by: Khem Raj --------------------------- Commit: a68f03454b --------------------------- libfaketime: Upgrade to 0.9.11 Fix build with glibc 2.43+ Changes: Fixed various cross-platform compile-time issues Honor nanosecond parameters/fields in relevant system calls Limited improvements to enhance compatibility with other LD_PRELOAD libraries Added selected more intercepted system calls Unset FAKETIME_SHARED automatically for child processes when enabling FAKETIME_FLSHM=1 Disable shared memory for child processes through FAKETIME_DISABLE_SHM=1 Signed-off-by: Khem Raj --------------------------- Commit: a75c2f0b6f --------------------------- layers: update for wrynose release series Drop walnascar from supported release series Signed-off-by: Khem Raj --------------------------- Commit: 5925a61082 --------------------------- pipewire: update 1.6.0 -> 1.6.2 - remove two backport patches PipeWire 1.6.2 (2026-03-16) This is a bugfix release that is API and ABI compatible with the previous 1.6.x releases. Highlights - Fix a potential crash when the wrong memory was freed. - Fix a optimization with shared memory over some links that could cause errors later on. - Fix SOFA filter and default control input in LADSPA and LV2. - Some other small fixes and improvements. PipeWire - Remove an optimization to skip share mem in links, it causes problems later on. (#5159) Modules - Don't try to free invalid memory or close invalid fds when the client aborted before allocating buffer memory. (#5162) SPA - support ACP_IGNORE_DB in udev. - Use 0x as a prefix for hex values. - Mark Props as write-only in libcamera. - Small optimization in the audio mixer. - Fix initialization of control properties for SOFA and biquads in the filter-graph. (#5152) - Fix min/max default values for LADSPA and LV2. JACK - Fix jack_port_type_id(). Return values that are compatible with JACK1/2. Older versions: PipeWire 1.6.1 (2026-03-09) This is a bugfix release that is API and ABI compatible with the previous 1.6.x releases. Highlights - Fix socket activation, which could cause a failure to start PipeWire in some setups. - Fix crashes in many JACK apps when nodes/ports are quickly added/removed such as when there are notifications (like when changing the volume in KDE). - Fix playback of encoded formats in pw-cat again. - Some other smaller fixes and improvements. Modules - Fix socket activation. (#5140) - Remove node.link-group from driver nodes. SPA - Fix the libcamera stop sequence. JACK - Never return NULL from jack_port_by_id(). (#3512) GStreamer - Improve the timestamps on buffers. Tools - Fix playback of encoded formats. (#5155) Signed-off-by: Khem Raj --------------------------- Commit: 216b1c7cb2 --------------------------- libgpiod: fix gpio-tools tests failure with new coreutils openembedded-core updated to coreutils v9.10 in which commit 8c2461933411 ("timeout: honor ignored signal dispositions") changed the behavior of timeout. It will no longer propagate SIGINT to background shell jobs which breaks test-cases for gpio-tools which verify that they exit correctly after receiving SIGINT. This backports the patch sent upstream that removed the offending test-cases as we already have a similar set of tests for SIGTERM. Signed-off-by: Bartosz Golaszewski Signed-off-by: Khem Raj --------------------------- Commit: d875c64da1 --------------------------- wireshark: Add xxhash to DEPENDS Currently, the build of wireshark fails with ERROR: wireshark-1_4.6.3-r0 do_package_qa: QA Issue: /usr/lib/libwsutil.so.17.0.0 contained in package wireshark requires libxxhash.so.0()(64bit), but no providers found in RDEPENDS:wireshark? [file-rdeps] ERROR: wireshark-1_4.6.3-r0 do_package_qa: Fatal QA errors were found, failing task. ERROR: Logfile of failure stored in: /build/tmp/work/core2-64-poky-linux/wireshark/4.6.3/temp/log.do_package_qa.302606 ERROR: Task (/build/../work/layers-3rdparty/openembedded/meta-networking/recipes-support/wireshark/wireshark_4.6.3.bb:do_package_qa) failed with exit code '1' Signed-off-by: Jörg Sommer Signed-off-by: Khem Raj --------------------------- Commit: 0001e284a9 --------------------------- dlt-daemon: upgrade 2.18.10 to 3.0.0 Changes: https://github.com/COVESA/dlt-daemon/releases Remove patches already in 3.0.0: 544.patch 567.patch 0001-CMakeLists-txt-make-DLT_WatchdogSec-can-be-set-by-user.patch 0003-allow-build-with-cmake-4.patch Add patches to fix build failures 0001-Fix-compile-failure-related-to-gzlog.patch 0001-Fix-kinds-of-build-failure.patch 0001-Fix-build-failures.patch 0001-fix-build-failure-when-systemd-is-enabled.patch 0001-Fix-build-failure-with-glibc-2.43.patch Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: cf4788c916 --------------------------- python3-redis: upgrade 5.3.1->7.3.0 Switch build system from setuptools3 to python_hatchling Changelog: https://github.com/redis/redis-py/releases Signed-off-by: Jiaying Song Signed-off-by: Khem Raj --------------------------- Commit: d62b06c427 --------------------------- python3-paramiko: upgrade 3.5.1->4.0.0 Changelog: https://www.paramiko.org/changelog.html Signed-off-by: Jiaying Song Signed-off-by: Khem Raj --------------------------- Commit: ad2a5ac0a0 --------------------------- android-tools-conf-configfs: make USB gadget IDs configurable The android-gadget-setup script currently hardcodes the USB vendor ID, product ID, and configuration string. This makes it difficult for BSP layers to customize USB gadget identity with platform specific values. Introduce variables for the vendor ID, product ID, and configuration string when populating the configfs attributes. This allows machine or distro specific overrides via `/etc/android-gadget-setup.machine`, while preserving the existing default values. Signed-off-by: Viswanath Kraleti Signed-off-by: Khem Raj --------------------------- Commit: 62b17d2806 --------------------------- python3-m2crypto: fix do_compile error using clang erre message: | INFO:mkpath:creating build/temp.linux-aarch64-cpython-314/src/SWIG | INFO:spawn:aarch64-yoe-linux-clang -mcpu=cortex-a57+crc --dyld-prefix=/usr -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/srv/build/yoe/build/tmp/work/cortexa57-yoe-linux/python3-m2crypto/0.47.0/recipe-sysroot -O2 -g -ffile-prefix-map=/srv/build/yoe/build/tmp/work/cortexa57-yoe-linux/python3-m2crypto/0.47.0/sources/m2crypto-0.47.0=/usr/src/debug/python3-m2crypto/0.47.0 -ffile-prefix-map=/srv/build/yoe/build/tmp/work/cortexa57-yoe-linux/python3-m2crypto/0.47.0/sources/m2crypto-0.47.0=/usr/src/debug/python3-m2crypto/0.47.0 -ffile-prefix-map=/srv/build/yoe/build/tmp/work/cortexa57-yoe-linux/python3-m2crypto/0.47.0/recipe-sysroot= -ffile-prefix-map=/srv/build/yoe/build/tmp/work/cortexa57-yoe-linux/python3-m2crypto/0.47.0/recipe-sysroot-native= -pipe -fPIC -I/srv/build/yoe/build/tmp/work/cortexa57-yoe-linux/python3-m2crypto/0.47.0/recipe-sysroot/usr/include/python3.14 -I/srv/build/yoe/build/tmp/work/cortexa57-yoe-linux/python3-m2crypto/0.47.0/sources/m2crypto-0.47.0/src/SWIG -c src/SWIG/_m2crypto_wrap.c -o build/temp.linux-aarch64-cpython-314/src/SWIG/_m2crypto_wrap.o -DTHREADING -Wno-deprecated-declarations | src/SWIG/_m2crypto_wrap.c:4455:1: error: unknown type name 'PRAGMA_IGNORE_UNUSED_LABEL' | 4455 | PRAGMA_IGNORE_UNUSED_LABEL | | ^ | src/SWIG/_m2crypto_wrap.c:4456:30: error: expected ';' after top level declarator | 4456 | PRAGMA_WARN_STRICT_PROTOTYPES | | ^ | | ; | 2 errors generated. Add patch 0001-fix-swig-avoid-clang-GNUC-pragma-block-before-_lib.h.patch to avoid clang GNUC pragma block before _lib.h Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 01d347f0bc --------------------------- opensaf: upgrade 5.22.01 -> 5.26.02 1.Add new patch 0001-To-fix-Werror-discarded-qualifiers-error.patch to fix build error 2.Remove following patches as merged upstream 0001-Fix-build-with-fno-common.patch 0001-include-missing-array-header.patch 0001-include-cstdint-for-uintXX_t-types.patch 0002-Fix-Werror-enum-int-mismatch-with-gcc13.patch Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 0270b1c372 --------------------------- fd-find: update 10.3.0 -> 10.4.2 Changes are here: https://github.com/sharkdp/fd/compare/v10.3.0...v10.4.2 Signed-off-by: Deepesh Varatharajan Signed-off-by: Khem Raj --------------------------- Commit: fd7d73eb8a --------------------------- libde265: upgrade 1.0.16 -> 1.0.17 Also fix packaging QA errors about staticlibs and dev-so Release Notes: https://github.com/strukturag/libde265/releases/tag/v1.0.17 Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: 260662ca32 --------------------------- libheif: CVE-2026-3949 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3949 Backport the patch that is referenced by the NVD report (in the description) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: e673a4cd8e --------------------------- unixodbc: mark CVE-2024-1013 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2024-1013 The vulnerability has been patched since 2.3.13[1], however NVD tracks it without version info. Due to this, mark it patched explicitly. [1]: https://github.com/lurcher/unixODBC/commit/249bfcc511e89431b910ce2c62ae0b62bb9cc214 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 0abb9a484e --------------------------- python-pyjwt: upgrade 2.11.0 -> 2.12.1 Contains fix for CVE-2026-32597. Since NVD tracks this CVE without version info, mark the CVE explicitly patched. Changes: 2.12.1: Add typing_extensions dependency for Python < 3.11 2.12.0: chore(docs): fix docs build Annotate PyJWKSet.keys for pyright fix: close HTTPError to prevent ResourceWarning on Python 3.14 chore: remove superfluous constants chore(tests): enable mypy Bump actions/download-artifact from 7 to 8 fix: do not store reference to algorithms dict on PyJWK Use PyJWK algorithm when encoding without explicit algorithm Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. (CVE-2026-32597) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 96fa70cddf --------------------------- ettercap: fix typo in CVE ID The CVE fix is correct, but the CVE ID contains a typo. The correct ID is CVE-2026-3606. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: b81ba45156 --------------------------- exiv2: mark CVE-2026-27631 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631 Though NVD indicates that 0.28.8 is still vulnerable, that does not seem to be the case: the fix that is referenced by the advisory has been backported[1] to this verison. Due to this, mark this CVE as patched. [1]: https://github.com/Exiv2/exiv2/commit/21d129c842212c198dd887dbaafc5ce734e9dfad Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 1cad6f53a4 --------------------------- libsodium: mark CVE-2025-69277 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69277 The vulnerability has been fixed[1] since version 1.0.20, but NVD tracks it without version info. Mark it patched explicitly. [1]: https://github.com/jedisct1/libsodium/commit/f2da4cd8cb26599a0285a6ab0c02948e361a674a Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2184766a34 --------------------------- gimp: update 3.0.8 -> 3.2.0 - remove a backport patch - rework the fix for host systems that dont provide iso-codes - update mypaint-brushes dependency to 2.x Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: e8ba93418e --------------------------- libwebsockets: upgrade 4.5.2 -> 4.5.7 Update to latest v4.5-stable patch level. Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: fe64fb0496 --------------------------- ntfs-3g-ntfsprogs: update UPSTREAM_CHECK_GITTAGREGEX Update UPSTREAM_CHECK_GITTAGREGEX to check the correct latest stable verison. Before the patch: $ devtool latest-version ntfs-3g-ntfsprogs INFO: Current version: 2022.10.3 INFO: Latest version: 20070925 INFO: Latest version's commit: e859b1b1099d6fb8080f84db7f3790ab2bdc92e4 $ devtool latest-version ntfs-3g-ntfsprogs INFO: Current version: 2022.10.3 INFO: Latest version: 2022.10.3 INFO: Latest version's commit: 78414d93613532fd82f3a82aba5d4a1c32898781 Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 87e26e4769 --------------------------- freerdp3: upgrade 3.23.0 -> 3.24.0 Contains many bugfixes and CVE fixes: https://github.com/FreeRDP/FreeRDP/releases/tag/3.24.0 Added build option to use internal rc4 and md4 ciphers: this is due to a recent change in oe-core. OpenSSL's legacy ciphers (like RC4 and MD4) are now disabled by default (with 'legacy' PACKAGECONFIG), however FreeRDP3 relies on them. To ensure that the required ciphers are available, build the recipe with this ciphers' internal implementations instead of expecting OpenSSL to support them. Ptests passed successfully. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9a3f58742f --------------------------- imagemagick: upgrade 7.1.2-16 -> 7.1.2-17 Contains bugfixes and a couple of CVE fixes: https://github.com/ImageMagick/ImageMagick/compare/7.1.2-16...7.1.2-17 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5f1c8e7461 --------------------------- glibmm-2.68: upgrade 2.80.0 to 2.86.0 License-Update: Remove obsolete FSF address NEWS: https://gitlab.gnome.org/GNOME/glibmm/-/blob/2.86.0/NEWS [1] https://github.com/GNOME/glibmm/commit/727b086bc5bc29fbbfb3fb90198499364cc65dac Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: f9406a6c8e --------------------------- kronosnet: upgrade 1.31 -> 1.33 Changelog https://github.com/kronosnet/kronosnet/releases/tag/v1.33 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 2735729989 --------------------------- squid: upgrade 7.4 -> 7.5 License-Update: updated to latest GPLv2 text version [1] Changelog [2] - Bug 5501: Squid may exit when ACLs decode an invalid URI - ICP: Fix HttpRequest lifetime for ICP v3 queries - ICP: Fix validation of packet sizes and URLs - Do not escape malformed URI twice when sending ICP errors - ... and some code, CI, and documentation cleanups [1] https://github.com/squid-cache/squid/commit/765c7f4e7fa45ce87134b4a38ad175db4bda06dd [2] https://github.com/squid-cache/squid/releases/tag/SQUID_7_5 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: a28c68436e --------------------------- squid: fix UPSTREAM_CHECK_REGEX Squid tags are in form SQUID__. This can also be seen in SRC_URI download link. This change will make "devtool latest-version squid" correctly show 7.5 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 0a364d9c82 --------------------------- opengl-es-cts: upgrade 3.2.13.0 -> 3.2.14.0 Upgrade OpenGL ES CTS to the last release, mostly bringing up fixes for the existing tests. Signed-off-by: Dmitry Baryshkov Signed-off-by: Khem Raj --------------------------- Commit: 5a0b443018 --------------------------- vulkan-cts: upgrade 1.4.5.1 -> 1.4.5.2 Upgrade Vulkan CTS, fixing several small issues in the tests. Signed-off-by: Dmitry Baryshkov Signed-off-by: Khem Raj --------------------------- Commit: 4a0fb4e6c5 --------------------------- spice-gtk: enable libva-x11 and drop gstreamer1.0-vaapi OE-Core has dropped gstreamer1.0-vaaapi, breaking spice-gtk. Drop the dependency and, while we are at it, enable libva as a dependency, making sure VA-API is enabled. Signed-off-by: Dmitry Baryshkov Signed-off-by: Khem Raj --------------------------- Commit: 0530bb6f6c --------------------------- redis 8: Update licence Redis 8.0 and later are tri-licensed, the licence options are: * Redis Source Available License v2 * Server Side Public License v1.0 * GNU Affero GPL v3.0 Signed-off-by: Daniel McGregor Signed-off-by: Khem Raj --------------------------- Commit: 3792b7902a --------------------------- libfido2-initial: new recipe Use this recipe to break a circular dependency between libfido2 and systemd when systemd's fido PACKAGECONFIG is enabled. systemd depends on libfido2, and libfido2 depends on udev provided by systemd. However, systemd only depends on the headers provided by libfido2 and its pkgconf data. systemd uses only the datatypes provided, and opportunistically enables fido support if libfido2 is found. This recipe provides only the headers and pkgconf data. This is sufficient to allow systemd to build support for libfido2. It only works with a related change I've submitted to openembedded core. Signed-off-by: Dan McGregor Signed-off-by: Khem Raj --------------------------- Commit: e585da399f --------------------------- bpftrace: Update the runtime dependencies * bash and python3 are only needed by the ptest package. * xz appears to not be needed at all. Signed-off-by: Peter Kjellerstedt Signed-off-by: Khem Raj --------------------------- Commit: cdb5d4c3e7 --------------------------- python3-tornado: upgrade 6.5.4 -> 6.5.5 Security fixes including CVE-2026-31958 https://www.tornadoweb.org/en/stable/releases/v6.5.5.html Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: 701a1df07c --------------------------- perfetto: Don't copy gn native binary With the current recipe I am getting ``` gn: error while loading shared libraries: libc++abi.so.1: cannot open shared object file: No such file or directory ``` on my aarch64 machine This is due to gn having a relative library runpath causing the interpreter not finding the shared libraries Instead of copying the binary just directly execute it Additionally remove the unnecessary download of the prebuilt gn binary Signed-off-by: Willi Ye Signed-off-by: Khem Raj --------------------------- Commit: 00616ccdaf --------------------------- refpolicy-targeted: Added sepolicy for adb service - Labeled adb binary - Moved adb shell from initrc_t to unconfined_t - meta-selinux does not provide adb domain added policy in meta-oe instead of refpolicy: SELinuxProject/refpolicy#1085 Signed-off-by: Gargi Misra Signed-off-by: Khem Raj --------------------------- Commit: 786f3323d7 --------------------------- pipewire: enable aptX Bluetooth codec support Enable aptX/aptX-HD codec support in PipeWire's Bluetooth A2DP codec. This allows A2DP streaming with aptX-capable headsets when libfreeaptx is available. Signed-off-by: Shuai Zhang Signed-off-by: Khem Raj --------------------------- Commit: d44ea32dba --------------------------- libfreeaptx: add aptX/aptX-HD codec library Add a libfreeaptx recipe (LGPL-2.1+) to provide aptX/aptX-HD codec support for Bluetooth A2DP audio codec. Signed-off-by: Shuai Zhang Signed-off-by: Khem Raj --------------------------- Commit: 001d503fe7 --------------------------- python3-nltk: mark CVE-2026-0846 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0846 It has been fixed in version 3.9.3, however NVD tracks it without CPE/version info. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 94990de736 --------------------------- python3-grpcio: upgrade 1.76.0 -> 1.78.0 Change build tools from setuptools3 to python_setuptools_build_meta Add cython depends and change cython requirement from cython==3.1.1 to cython>=3.1.1. Currently we use cython version 3.2.4 Changelog: https://github.com/grpc/grpc/releases/tag/v1.78.0 Changes for python: - aio: fix race condition causing asyncio.run() to hang forever during the shutdown process. - Migrate to pyproject.toml build system from setup.py builds. - Log error details when ExecuteBatchError occurs (at DEBUG level). - Update setuptools min version to 77.0.1. Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 04ef8fb242 --------------------------- libsodium: upgrade 1.0.20 -> 1.0.21 License-Update: copyright years refreshed Removed patch included in this release Add path to fix compilation with gcc on aarch64 Changelog: https://github.com/jedisct1/libsodium/releases/tag/1.0.21-RELEASE Changes: Version 1.0.21 - security fix for the crypto_core_ed25519_is_valid_point() function - new crypto_ipcrypt_* functions - sodium_bin2ip and sodium_ip2bin helper functions - XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions Version 1.0.20-stable - XCFramework: cross-compilation is now forced on Apple Silicon to avoid Rosetta-related build issues - The Fil-C compiler is supported out of the box - The CompCert compiler is supported out of the box - MSVC 2026 (Visual Studio 2026) is now supported - Zig builds now support FreeBSD targets - Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers - Android binaries have been added to the NuGet package - Windows ARM binaries have been added to the NuGet package - The Android build script has been improved. The base SDK is now 27c, and the default platform is 21, supporting 16 KB page sizes. - The library can now be compiled with Zig 0.15 and Zig 0.16 - Zig builds now generate position-independent static libraries by default on targets that support PIC - arm64e builds have been added to the XCFramework packages - XCFramework packages are now full builds instead of minimal builds - MSVC builds have been enabled for ARM64 - iOS 32-bit (armv7/armv7s) support has been removed from the XCFramework build script - Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options. - Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup - ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero - A cross-compilation issue with old clang versions has been fixed - JavaScript: support for Cloudflare Workers has been added - JavaScript: WASM_BIGINT is forcibly disabled to retain compatibility with older runtimes - A compilation issue with old toolchains on Solaris has been fixed - crypto_aead_aes256gcm_is_available is exported to JavaScript - libsodium is now compatible with Emscripten 4.x - Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete - Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation. Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 510ea4db57 --------------------------- luajit: Update to latest on v2.1 branch License-Update: copyright year updated Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: 6e45ada388 --------------------------- atkmm: upgrade 2.28.2 to 2.28.4 NEWS: https://gitlab.gnome.org/GNOME/atkmm/-/blob/atkmm-2-28/NEWS Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: a813457aab --------------------------- glibmm: upgrade 2.66.7 to 2.66.8 NEWS: https://gitlab.gnome.org/GNOME/glibmm/-/blob/2.66.8/NEWS Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: c407d8669c --------------------------- capnproto: upgrade 1.0.2 -> 1.4.0 Contains fix for CVE-2026-32239 and CVE-2026-32240 Also, mark these CVEs explicitly patched, because NVD tracks them without version info at this time. Shortlog: https://github.com/capnproto/capnproto/compare/v1.0.2...v1.4.0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 32eb632648 --------------------------- hstr: upgrade 3.1.0 to 3.2.0 Full Changelog: https://github.com/dvorka/hstr/compare/3.1...v3.2 Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: 16a72067f5 --------------------------- python3-ninja: upgrade 1.11.1.1 -> 1.13.0 Changelog: https://github.com/scikit-build/ninja-python-distributions/releases Upstream commit [1] switched build system from scikit-build to scikit-build-core, which changed pyproject.toml structure and rewrote __init__.py. Update patches accordingly: - no-scikit-build.patch: rewrite for new pyproject.toml structure, replace scikit-build-core with setuptools, and remove 'readme' from dynamic fields as setuptools cannot handle the fancy-pypi-readme plugin. - run-ninja-from-path.patch: drop. Old version imported skbuild modules in __init__.py which caused ImportError in OE since scikit-build is not installed. New version replaced these imports with stdlib sysconfig, so the patch is no longer needed. - CMakeLists.txt: drop. This was a stub file added to prevent scikit-build from failing when it could not find CMakeLists.txt. Since we now use setuptools which does not require it, the file can be removed. [1] https://github.com/scikit-build/ninja-python-distributions/commit/f3b4a786be Signed-off-by: Jiaying Song Signed-off-by: Khem Raj --------------------------- Commit: f75f4164fd --------------------------- python3-gpiod: update to v2.4.1 Bug-fix release addressing a memory leak and a couple minor issues. We now ship the license file with the dist tarball so update the recipe to take this into account. While at it: trim the LICENSE value to only include LGPL-v2.1-or-later as the other two licenses cover tests and text files. Signed-off-by: Bartosz Golaszewski Signed-off-by: Khem Raj --------------------------- Commit: 2c74fbff25 --------------------------- librust-cxx: Add librust-cxx recipe Add a recipe for the cxx crate, which provides a safe and efficient bridge for interoperability between Rust and C++ code. It allows defining the FFI boundary in a shared Rust module and generates compatible bindings for both languages during the build process. The crate is implemented in Rust and supports zero-overhead FFI with common Rust and C++ standard library types. More information: https://crates.io/crates/cxx Signed-off-by: Deepesh Varatharajan Signed-off-by: Khem Raj --------------------------- Commit: 5610dcfffc --------------------------- libnice: make crypto library configurable via PACKAGECONFIG Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting to gnutls. This allows users to select openssl as an alternative crypto library by setting PACKAGECONFIG. Signed-off-by: Nguyen Dat Tho Signed-off-by: Sujeet Nayak Signed-off-by: Khem Raj --------------------------- Commit: 0f18a8f9e0 --------------------------- spawn-fcgi: upgrade 1.6.5 -> 1.6.6 Changelog: * Use meson instead of autotools and cmake * Simplify/reduce configure checks and #ifdefs Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: 757cf70943 --------------------------- nginx: upgrade 1.29.5 -> 1.29.6 Changelog: * Feature: session affinity support; the "sticky" directive in the "upstream" block of the "http" module; the "server" directive supports the "route" and "drain" parameters. * Change: now nginx limits the size and rate of QUIC stateless reset packets. * Bugfix: receiving a QUIC packet by a wrong worker process could cause the connection to terminate. * Bugfix: "[crit] cache file ... contains invalid header" messages might appear in logs when sending a cached HTTP/2 response. * Bugfix: proxying to scgi backends might not work when using chunked transfer encoding and the "scgi_request_buffering" directive. * Bugfix: in the ngx_http_mp4_module. * Bugfix: nginx treated a comma as separator in the "Cookie" request header line when evaluating "$cookie_..." variables. * Bugfix: in IMAP command literal argument parsing. Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: e69af2bc14 --------------------------- webmin: upgrade 2.520 -> 2.621 https://github.com/webmin/webmin/releases/tag/2.600 https://github.com/webmin/webmin/releases/tag/2.610 https://github.com/webmin/webmin/releases/tag/2.620 https://github.com/webmin/webmin/releases/tag/2.621 Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: 7a3ce6a063 --------------------------- python3-cassandra-driver: upgrade 3.29.2 -> 3.29.3 Also, add a patch to be able to build with Setuptools 82. This patch is oe-specific, but upstream has already merged[1] a patch that should make it compatible with the latest Setuptools. It however seems to require multiple patches to apply clean. The patch in this change is expected to be a short term workaround until the next version is released. Changelog: Features - Upgraded cython to 3.0.x - Add support for DSE 6.9.x and HCD releases to CI - Add execute_concurrent_async and expose execute_concurrent_* in Session Bug Fixes - Update geomet to align with requirements.txt - Connection failure to SNI endpoint when first host is unavailable - Maintain compatibility with CPython 3.13 Others - Remove duplicated condition in primary key check - Remove Python 3.8 which reached EOL on Oct 2024, update cryptography lib to 42 - Remove obsolete urllib2 from ez_setup.py - Remove stale dependency on sure - Removed 2.7 Cpython defines [1]: https://github.com/apache/cassandra-python-driver/pull/1268 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 4ac220373b --------------------------- python3-xstatic: add patch to build w/ Setuptools 82 Setuptools 82 dropped pkg_resources module. It is not used by the setup script, nevertheless, it is imported, and this missing module fails compilation. This patch removes this import. Upstream started to work on refactoring their setup scripts, so this patch is not appropriate to them - once/if they release, most likely this patch can be dropped. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 8193a3c0ef --------------------------- python3-httptools: allow building with latest setuptools By default this recipe requires Setuptools with strictly version 80.9.0. oe-core has updated Setuptools to 82.0, and this recipe failed to build. This patch relaxes the Setuptools version requirements. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9a40804aa8 --------------------------- gd: Add patch to fix compiler error about missing const Gcc complains about: | ../../sources/gd-2.3.3/src/gd_filename.c: In function 'ftype': | ../../sources/gd-2.3.3/src/gd_filename.c:99:9: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] | 99 | ext = strrchr(filename, '.'); | | ^ | cc1: all warnings being treated as errors Even the newest git master commit does not fix this. Signed-off-by: Jörg Sommer Signed-off-by: Khem Raj --------------------------- Commit: 991ce2b4cb --------------------------- multimedia/fswebcam: New recipe for a webcam image grabber Taken from https://github.com/linux4sam/meta-atmel/blob/master/recipes-multimedia/fswebcam/fswebcam_git.bb and amended. Signed-off-by: Jörg Sommer Signed-off-by: Khem Raj --------------------------- Commit: 5540083053 --------------------------- nftables: build with native python instead of host python Using old Python on the build host with SetupTools 82 results in an error message during building: | error: invalid command 'egg_info' | | ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel | WARNING: exit code 1 from a shell command. To avoid it, use the native Python environment built by OE. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 8ceaab26fb --------------------------- gnome-settings-daemon: add alsa as a mandatory dependency In case the recipe is compiled without alsa DISTRO_FEATURE, compilation fails with the following error: ../sources/gnome-settings-daemon-49.1/meson.build:132:0: ERROR: Assert failed: ALSA is not optional on Linux platforms This change makes alsa a standard non-optional dependency. Alsa is enabled by default in the upstream meson config, it is not enabled explicitly in the recipe. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 84d6a691c8 --------------------------- ncdu: New recipe for ncurses disk usage Signed-off-by: Jörg Sommer Signed-off-by: Khem Raj --------------------------- Commit: d8bc478d9c --------------------------- python3-html5lib: fix build with setuptools 82 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: c823746d7e --------------------------- ntp: fix build with glibc 2.43 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: cce9a3b937 --------------------------- bcc: add missing build dependency Without xz present, compilation fails with the following error: | <...>/x86_64-oe-linux-ld: warning: liblzma.so.5, needed by <...>/libbcc.so, not found (try using -rpath or -rpath-link) | <...>/x86_64-oe-linux-ld: <...>/libbcc.so: undefined reference to `lzma_code@XZ_5.0' | <...>/x86_64-oe-linux-ld: <...>/libbcc.so: undefined reference to `lzma_end@XZ_5.0' | <...>/x86_64-oe-linux-ld: <...>/libbcc.so: undefined reference to `lzma_stream_decoder@XZ_5.0' | collect2: error: ld returned 1 exit status Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9f5c6b28e3 --------------------------- android-tools: add fix for strchr() conformance to C23 Building android-tools v29.0.6.r14 with glibc 2.43 fails due to ISO C23 changes to strchr(). Add a patch to update the affected libunwind sources to use const pointer types to fix this build failure. Signed-off-by: Viswanath Kraleti Signed-off-by: Khem Raj --------------------------- Commit: c40a15d924 --------------------------- fastfetch: add recipe fastfetch is a customisable tool for displaying system information in a terminal. Signed-off-by: Tafil Avdyli Signed-off-by: Khem Raj --------------------------- Commit: 4953fd5a87 --------------------------- multimedia/spandsp: Update HOMEPAGE + remove obsolete comment The domain soft-switch.org is no longer registered. So, switch to the GitHub page. It seams Clang had implemented the compile time functions, because the build of the newer commit with Clang works. So, drop the comment. Signed-off-by: Jörg Sommer Signed-off-by: Khem Raj --------------------------- Commit: afbc56ae3c --------------------------- krb5: backport additional fixes to build with glibc 2.43 Building krb5 with glibc 2.43 fails due to ISO C23 changes to strchr() and related search functions. Backport the upstream fix that updates code to use correct pointer types and adjusts function signatures accordingly. Signed-off-by: Viswanath Kraleti Signed-off-by: Khem Raj --------------------------- Commit: 65b7f7330e --------------------------- php: upgrade 8.5.3 -> 8.5.4 This is a bug fix release. Changelog: https://www.php.net/ChangeLog-8.php#8.5.4 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: 8b67fc44ff --------------------------- yavta: update to latest git rev Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 6ed795e4fd --------------------------- v4l-utils: upgrade 1.28.1 -> 1.32.0 ChangeLog: https://git.linuxtv.org/v4l-utils.git/tree/ChangeLog?h=v4l-utils-1.32.0 License-Update: Remove FSF address[1]. [1] https://git.linuxtv.org/v4l-utils.git/commit/?id=dc81a361e22ce71a454ad63a6ede725b97cc26ce Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 67a35406cb --------------------------- fltk: upgrade 1.3.9 -> 1.3.11 ChangeLog: https://github.com/fltk/fltk/releases/tag/release-1.3.10 https://github.com/fltk/fltk/releases/tag/release-1.3.11 Update SRC_URI as the source repository has been moved to github. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: e5026ce126 --------------------------- cmocka: upgrade 1.1.7 -> 1.1.8 ChangeLog: https://gitlab.com/cmocka/cmocka/-/blob/cmocka-1.1.8/ChangeLog Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 3a696c4152 --------------------------- gnulib: upgrade 202401 -> 202601 License-Update: Remove statements that are not true any more since 2021-06-04[1]. [1] https://gitweb.git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=5e1283bb13d74c6619afb71c6a322c648a8cc91e Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 3fa1ef9051 --------------------------- gosu: upgrade from 1.17 to 1.19 Upgrade gosu from 1.17 to 1.19. Add extra tag=${PV} parameter in SRC_URI to ensure we're at the correct srcrev. Signed-off-by: Chen Qi Signed-off-by: Khem Raj --------------------------- Commit: 302d136dd9 --------------------------- libinih: upgrade from 58 to 62 Upgrade libinih from 58 to 62. Signed-off-by: Chen Qi Signed-off-by: Khem Raj --------------------------- Commit: 3ca4583515 --------------------------- lockfile-progs: upgrade from 0.1.19 to 0.2.0 In this new version, we need to 'rewrite-time' first as it's a build host tool that is used during the actual build. Signed-off-by: Chen Qi Signed-off-by: Khem Raj --------------------------- Commit: 964cd113ad --------------------------- unixodbc: upgrade from 2.3.12 to 2.3.14 The following two patches are dropped as they have already been in the new version: - 0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch - CVE-2024-1013.patch Signed-off-by: Chen Qi Signed-off-by: Khem Raj --------------------------- Commit: 3f468ccce0 --------------------------- libcbor: upgrade 0.12.0 -> 0.13.0 Remove patch, the change is already in code. Changelog: https://github.com/PJK/libcbor/releases/tag/v0.13.0 Changed: - Fix small typo in release script - Fix failing 32 bit tests due to cmocka macro repeating stack pushes - Set cmake_minimum_required to 3.5 - Fix float_ctrl ctrl assertions failing in debug mode - Check in vscode setup - Add CBOR sequences example - Add riscv64 config to CircleCI - Add a test for malformed definite maps - Add [[nodiscard]] support and auto-update to C23 in cmake - Configure ctest on to export the test results to CircleCI - Revamp the introduction doc into a more useful crash course - Add OSX asan/lsan supression config - Add cbor_copy_definite - Improve handling and coverage reporting of exhaustive enum switches - Add references to readme - Update python deps and related docs - Link tutorial in readme (and fix embedded RST formatting) - Add a doc note on lto linking - Add a doc for the reference count in cbor_array_set(). - Add gh link to docs - Add #355 to changelog - Bump version to 0.13.0 Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 1fa24a2136 --------------------------- conntrack-tools: upgrade 1.4.8 -> 1.4.9 Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: f2d8476ca2 --------------------------- hiawatha: upgrade 11.8 -> 12.0 Changelog: * mbed TLS updated to 4.0.0. * Replaced strcpy() with strlcpy() and sprintf() with snprintf(). * Added OS sandbox. * Removed DHsize option. * Known bug: mbed TLS v4.0.0 doesn't compile in Cygwin, so building a Windows package is not possible. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 6d6c0b99d3 --------------------------- rocksdb: upgrade 9.10.0 -> 10.10.1 Remove not exist PACKAGECONFIG option `lite` Add new PACKAGECONFIG option liburing Changelog: v10.10.1 https://github.com/facebook/rocksdb/releases/tag/v10.10.1 Bugs: - Fixed a bug in best-efforts recovery that causes use-after-free crashes when accessing SST files that were cached during the recovery. - Fix resumable compaction incorrectly allowing resumption from a truncated range deletion that is not well handled currently. - Fixed a bug in PosixRandomFileAccess IO uring submission queue ownership & management. Fix eliminates the false positive 'Bad cqe data' IO errors in PosixRandomFileAccess::MultiRead when interleaved with PosixRandomFileAccess::ReadAsync on the same thread. - Fix Windows VS 2022 build errors. v10.9.1: https://github.com/facebook/rocksdb/releases/tag/v10.9.1 v10.8.3: https://github.com/facebook/rocksdb/releases/tag/v10.8.3 v10.7.5: https://github.com/facebook/rocksdb/releases/tag/v10.7.5 v10.6.2: https://github.com/facebook/rocksdb/releases/tag/v10.6.2 v10.5.1: https://github.com/facebook/rocksdb/releases/tag/v10.5.1 v10.4.2: https://github.com/facebook/rocksdb/releases/tag/v10.4.2 v10.2.1: https://github.com/facebook/rocksdb/releases/tag/v10.2.1 v10.1.3: https://github.com/facebook/rocksdb/releases/tag/v10.1.3 v10.0.1: https://github.com/facebook/rocksdb/releases/tag/v10.0.1 Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: fc1549090f --------------------------- networkmanager: upgrade 1.52.2 -> 1.56.0 Create path to fix `meson` build errors Add missing dependencies. Disables man page generation. The build was using xsltproc to try downloading http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl from the network, which fails in embedded build environments. Changelog: v1.56.0 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.56.0/NEWS?ref_type=tags Changed: - Unify the versioning to use everywhere the scheme with the -rcX or -dev suffixes when appropriate. This affects, for example, the URL and filename of the release tarball and the version reported by nmcli and the daemon. As an exception, the C API will continue to use the 90+ scheme for RC versions. - nmcli now supports viewing and managing WireGuard peers. - Support reapplying the "sriov.vfs" property as long as "sriov.total-vfs" is not changed. - Support reapplying "bond-port.vlans". - Accept hostnames longer than 64 characters from DNS lookup. - Make that global-dns configuration overwrites DNS searches and options from connections, instead of merging all together. - Add support for a new rd.net.dhcp.client-id option in nm-initrd-generator. - Add gsm device-uid setting to restrict the devices the connection applies to. - Support configuring the HSR protocol version via the "hsr.protocol-version" property. - Fix a bug that makes broadband connections auto-connect getting blocked if the connection tries to reconnect when modem status is "disconnecting" / "disconnected". - Treat modem connection not having an operator code available as a recoverable error. - Add support for configuring systemd-resolved's DNSSEC option per-connection via the "connection.dnssec" connection property. - Support configuring the HSR interlink port via the "hsr.interlink" property. - Fix some connection properties not being applied to vpn connections (connection.mdns, connection.llmnr, connection.dns-over-tls, connection.mptcp-flags, ipv6.ip6-privacy) - Update n-acd to always compile with eBPF enabled, as support for eBPF is now detected at run time. - Add new MPTCP 'laminar' endpoint type, and set it by default alongside the 'subflow' one. - For private connections (the ones that specify a user in the "connection.permissions" property), verify that the user can access the 802.1X certificates and keys set in the connection. - Introduce a libnm function that can be used by VPN plugins to check user permissions on certificate and keys. v1.54.0 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.54.0/NEWS?ref_type=tags Changed: - Add support for configuring per-device IPv4 forwarding via the "ipv4.forwarding" connection property. - Add a new "prefix-delegation" setting containing a "subnet-id" property that specifies the subnet to choose on the downstream interface when using IPv6 prefix delegation. - Support OCI baremetal in nm-cloud-setup - When activating a WireGuard connection to an IPv6 endpoint, now NetworkManager creates firewall rules to ensure that the incoming packets are not dropped by kernel reverse path filtering. - Add support for configuring the loopback interface in nmtui. - Most of the properties of ovs-bridge and ovs-port connections can now be reapplied at runtime without bringing the connection down. - Add a new "sriov.preserve-on-down" property that controls whether NetworkManager preserves the SR-IOV parameters set on the device when the connection is deactivated, or whether it resets them to their default value. - Introduce a new "ovs-dpdk.lsc-interrupt" property to configure the Link State Change (LSC) detection mode for OVS DPDK interfaces. - The initrd-generator now can parse the NVMe Boot Firmware Table (NBFT) to configure networking during early boot. - Add systemd services to provide networking in the initrd. Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 1e52242e56 --------------------------- libcpr: upgrade 1.13.0 -> 1.14.2 The tag is not on any branch. Changelog: 1.14.2: https://github.com/libcpr/cpr/releases/tag/1.14.2 Changed: - test: don't reflect Content-Length from request - Fixed curlholder Double Free - Fix error when running CMake configure multiple times with CPR_BUILD_TESTS, bump CMake min version to 3.18 - fix: replace curl_error_map with switch to fix Static Initialization Order Fiasco - Updated Bazel Instructions - Bump actions/upload-artifact from 5 to 6 - Bump actions/checkout from 5 to 6 - Bump jwlawson/actions-setup-cmake from 1.14 to 2.1 v1.14.1: https://github.com/libcpr/cpr/releases/tag/1.14.1 Changed: - Fixed SSE Windows string parsing v1.14.0 https://github.com/libcpr/cpr/releases/tag/1.14.0 Changed: - fix: Crash when building with /MT in MSVC (double-destructor) #1276 - 1.14.0 Release Preparation - NuGet Release Build Fixes - Add support for Server Sent Events (SSE) Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 84e05a05d9 --------------------------- nss: upgrade 3.119 -> 3.121 Adapt patch 0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch to new version of the code. Remove code which not exist and adapt to new code. Changelog: v3.121: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html Bugs: - update vendored zlib to v1.3.2. - Revert the unnecessary changes to intel-gcm-wrap.gyp. - Use C fallback for AES-GCM on MinGW builds. - fix ML-KEM PCT. - Extend NSS Fuzzing docs. - avoid integer overflow in platform-independent ghash. - Fix errant whitespace in OISTE Server Root RSA G1 nickname. - fix build with glibc-2.43 assignment discards ‘const’ qualifier from pointer. - add gcm.gyp dependency for Solaris SPARC builds. - Set nssckbi version to 2.84. - Add e-Szigno TLS Root CA 2023 to NSS. - allow manual selection of CPU_ARCH=x86_64 and ppc64 in coreconf/Darwin.mk. - Update cryptofuzz version. - Paranoia assert. - Darwin compatibility for intel-aes.S and intel-gcm.S. - rename intel-{aes,gcm}.s to .S. - rename C files for platform-specific ghash implementations. - simplify compilation of platform-specific GCM and GHASH. - FORWARD_NULL null deref of worker in p7decode.c (sec_pkcs7_decoder_abort_digests). - Out-of-Bounds Read in ML-DSA Private Key Parsing (zero-length privateKey). v3.120: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_120.html Bugs: - Fix docs generation bug. - CID 1678226: Dereferencing null pointer plaintext.data(). - Run PKCS12 fuzz target with –fuzz=tls in CI. - Allowing RT be started several times. - move linux decision and build tasks to d2g worker pools. v3.119.1: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119_1.html Bugs: - restore coreconf/Darwin.mk behavior for intel archs. Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 4dc8384995 --------------------------- weechat: upgrade 4.8.1 -> 4.8.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 361c25fc20 --------------------------- uftrace: upgrade 0.18.1 -> 0.19 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 3eff6000e4 --------------------------- swagger-ui: upgrade 5.31.2 -> 5.32.0 Changelog: oas32: add basic OpenAPI 3.2.0 support Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6c508b1fb3 --------------------------- rtorrent: upgrade 0.16.6 -> 0.16.7 Changelog: ============ - Added a buffer that limits/deduplicates active dns requests - Properly handle libcurl reuse of sockets - Added SocketManager to handle reuse of uninterested fd's by the kernel - Removed old work-arounds in epoll and force stricter handling of errors - Allow disabling of stream buffering for plaintext logs - Fix some compile warnings - Fix use after free in UdnsResolver::try_resolve_numeric - Fix crash in DhtRouter::bootstrap - Fix key/value pairs in Lua - Expand '~/' to $HOME in session path. - dht_add_peer_node is empty, use dht_add_bootstrap_node instead - Re-send smkx on SIGWINCH to fix arrow keys after terminal reattach - Allow dht bootstrap nodes to be added when dht is off. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 32a81707a9 --------------------------- python3-wrapt: upgrade 2.1.1 -> 2.1.2 Changelog: =========== - Building of Python wheels for riscv64 Linux platform had been accidentally removed from the build configuration. This has now been added back in. - When a weak function proxy was created for a bound method and the instance it was bound to was garbage collected, calling the proxy would silently call the function as unbound instead of raising a ReferenceError. - When deleting an attribute named __annotations__ on an object proxy, the attribute was only being deleted from the proxy and not also from the wrapped object. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 614a18cfeb --------------------------- python3-whitenoise: upgrade 6.11.0 -> 6.12.0 Changelog: ======== - Drop Python 3.9 support. - Fix potential unauthorised file access vulnerability in "autorefesh" mode. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 69aeb4598a --------------------------- python3-wheezy-template: upgrade 3.2.4 -> 3.2.5 Changelog: Added wheezy.html 3.2.1 as a development dependency. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ac23a9f78e --------------------------- python3-tqdm: upgrade 4.67.2 -> 4.67.3 Changelog: fix py3.7 dependencies Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: fd40cda1b2 --------------------------- python3-tox: upgrade 4.36.1 -> 4.49.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a3ff8e2027 --------------------------- python3-tabulate: upgrade 0.9.0 -> 0.10.0 Changelog: =========== - Add support for Python 3.11, 3.12, 3.13, 3.14. - Drop support for Python 3.7, 3.8, 3.9. - PRESERVE_STERILITY global is replaced with preserve_sterility function argument. - New formatting options: headersglobalalign, headersalign, colglobalalign. - New output format: "colon_grid" (Pandoc grid_tables with alignment) - Various bug fixes. - Improved error messages. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6fd6dbec63 --------------------------- python3-sqlalchemy: upgrade 2.0.46 -> 2.0.48 Changelog: https://docs.sqlalchemy.org/en/21/changelog/changelog_20.html#change-2.0.48 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4d59761490 --------------------------- python3-snagboot: upgrade 2.5 -> 2.6 treewide: Migrate documentation to readthedocs Emit more specific error messages for USB permission-based access issues Add unit tests snagflash: Support compressed input files, e.g. *.wic.bz2 Refactor fastboot-uboot logic to factor out common code and improve logging Automatically detect when oem_run isn't supported by U-Boot, and fallback to ucmd snagrecover: Support Renesas RZ/N1 platforms Support SoC model aliases, and add i.MX8MP alias Handle relative path prefixes with the -F syntax Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ba180ee148 --------------------------- python3-scikit-build-core: upgrade 0.11.6 -> 0.12.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ab8740596c --------------------------- python3-robotframework: upgrade 7.3.2 -> 7.4.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b11e4f37b9 --------------------------- python3-regex: upgrade 2026.2.19 -> 2026.2.28 Changelog: ========== - Replaced atomic operations with mutex on pattern object for free-threaded Python. - PR #598: Fix race condition in storage caching with atomic operations. - Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b18308ffad --------------------------- python3-pytest-env: upgrade 1.2.0 -> 1.5.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f4e786b322 --------------------------- python3-pymisp: upgrade 2.5.32.3 -> 2.5.33.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 1b9ecb7c78 --------------------------- python3-pyephem: upgrade 4.2 -> 4.2.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 513344d14c --------------------------- python3-pyais: upgrade 2.15.0 -> 2.20.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ff7f74b88e --------------------------- python3-platformdirs: upgrade 4.9.2 -> 4.9.4 Changelog: ============ - Fix test failures on BSD for runtime directory defaults - Respect XDG_CONFIG_HOME in _get_user_dirs_folder - Add missing _optionally_create_directory in Android user_log_dir and user_runtime_dir - Add permissions to workflows - Move SECURITY.md to .github/SECURITY.md - Standardize .github files to .yaml suffix - docs: add project logo to documentation Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ae831ade44 --------------------------- python3-pkgconfig: upgrade 1.5.5 -> 1.6.0 Changelog: ============ - Drop support for Python < 3.9, support 3.9 .. 3.14. - README: clarify pkg-config and pkgconf, #75 - Switch CI from Travis to GitHub Actions; test on all supported Python versions. - Use src/ layout for project, fixes #36. Also move tests and test data to tests/. - Replace deprecated distutils with setuptools to make tests work on Python 3.12; fixes #64. - Fix configure_extension for empty cflags or libs. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 67b858ec99 --------------------------- python3-orjson: upgrade 3.11.6 -> 3.11.7 Changelog: ============== - Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant. - ABI compatibility with CPython 3.15 alpha 5 free-threading. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 1698357b41 --------------------------- python3-nanobind: upgrade 2.11.0 -> 2.12.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 3e26e7be3c --------------------------- python3-mmh3: upgrade 5.2.0 -> 5.2.1 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 87a90b48ac --------------------------- python3-luma-oled: upgrade 3.14.0 -> 3.15.0 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 86f1d18f3f --------------------------- python3-isort: upgrade 8.0.0 -> 8.0.1 Changelog: ============ - Fix #2461: Added compression to stdlibs for Python 3.14 in isort/stdlibs/py314.py - Fix unindented comments being corrupted in indented blocks Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9a70c6235c --------------------------- python3-ipython: upgrade 9.10.0 -> 9.11.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 5b8beefb32 --------------------------- python3-inline-snapshot: upgrade 0.30.1 -> 0.32.4 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 467c80b32d --------------------------- python3-h5py: upgrade 3.15.0 -> 3.16.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 5a9aaa2416 --------------------------- python3-filelock: upgrade 3.24.3 -> 3.25.0 Changelog: ============ - Suppress ValueError in _try_break_stale_lock for corrupted lock files - Fix ValueError in _acquire_transaction_lock when blocking=False with timeout - Add permissions to check workflow - Move SECURITY.md to .github/SECURITY.md - Standardize .github files to .yaml suffix - feat(async): add AsyncReadWriteLock Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7bebedee61 --------------------------- python3-fastapi: upgrade 0.133.1 -> 0.135.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 41df7fdb20 --------------------------- python3-faker: upgrade 40.1.2 -> 40.8.0 Changelog: =========== - Add free email domains to hu_HU locale. - Improve Polish address grammar: categorize street types and prefixes. - Add country names to he_IL locale. - Fix _get_local_timezone() missing return statement. - Add missing formats and remove duplicates in user_name_formats. - Add passport and cie for it_IT. - Add major Greek banks to el_GR bank provider. - Update internet pt_bR provider (domains, tlds, slugify). - fix pyfloat TypeError when combining positive=True with max_value. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0cf92875b2 --------------------------- python3-configargparse: upgrade 1.7.1 -> 1.7.3 Changelog: ============ - Fix TOML parser to read all matching sections instead of only the first - Fix SyntaxError leak from ast.literal_eval in INI-style config parsers - Fix -- separator, nargs=REMAINDER, and empty value handling - Fix critical bugs and add Python 3.11+ tomllib support - Remove dead comment-processing code in default config parser - Add test status badge to README - CI, linting, and test improvements Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b9f166eb8d --------------------------- python3-cmd2: upgrade 3.2.2 -> 3.4.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: bc39c58a3d --------------------------- python3-cmake: upgrade 4.2.1 -> 4.2.3 Changelog: =========== - fix: drop manylinux1 workaround - fix: more readable error on missing ccmake - chore(deps): update clang to 21.1.8.1 - [Bot] Update to OpenSSL 3.5.5 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4ea186465e --------------------------- python3-charset-normalizer: upgrade 3.4.4 -> 3.4.5 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 19da1ac62a --------------------------- python3-cachetools: upgrade 7.0.0 -> 7.0.4 Changelog: =========== - Fix and properly document @cachedmethod.cache_key behavior. - Minor documentation improvements. - Fix DeprecationWarning when creating an autospec mock with @cachedmethod decorations. - Provide more efficient clear() implementation for all support Cache classes - Various test improvements. - Update Copilot Instructions. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 3c6203e895 --------------------------- python3-bumble: upgrade 0.0.225 -> 0.0.226 Changelog: ============= - Bump bytes from 1.5.0 to 1.11.1 in /rust in the cargo group across 1 directory - Connecting multiple times to a LE device is working correctly again - Replace long if-else with match-case - AVRCP: More delegation and bugfix - Migrate most enums - Remove bumble.gap - Controller: Use new return parameter types and add _send_hci_command_status - use tomllib from standard library on Python3.11+ - HFP: Fix response handling - Emulation: Support LE Read features Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 8a7b296aef --------------------------- python3-black: upgrade 26.1.0 -> 26.3.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 5639fb9a9c --------------------------- python3-apispec: upgrade 6.9.0 -> 6.10.0 Changelog: ========== - Support links (#615). Thanks @kingdomOfIT - MarshmallowPlugin: Handle DateTime fields with the "iso8601" and "rfc822" formats Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: adedb2ccc6 --------------------------- python3-alembic: upgrade 1.18.3 -> 1.18.4 Changelog: - Reverted the behavior of Operations.add_column() that would automatically render the "PRIMARY KEY" keyword inline when a Column with primary_key=True is added. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 66c524b5de --------------------------- passwdqc: upgrade 2.0.3 -> 2.1.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b6136de3a9 --------------------------- nbdkit: upgrade 1.47.3 -> 1.47.5 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: cd6887451a --------------------------- memcached: upgrade 1.6.40 -> 1.6.41 Changelog: =========== - tests: make slabs-reassign2 test more resilient - proxy: reduce flakiness in t/proxyunits.t - proxy: fix off by one in temp string with 250b key - slabs: fix hang and crash. - Fix failing proxy*.t tests on some systems like OL8 - Account for absent 'ssl_proto_errors' in stats during SSL tests - Fix test compatibility on IPv6-only systems. - Use SSLv23 method when TLSv1.3 is unsupported (e.g., macOS) - extstore: more compaction write patience - parser: fix lru command regression - Fix: avoid null print for slab busy reason - extstore: testing around rescued compaction items - extstore: fix compaction checks wrong refcount - proto: armor against empty commands Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 243f1e97c1 --------------------------- libxmp: upgrade 4.6.3 -> 4.7.0 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 924f84bbb2 --------------------------- libtorrent: upgrade 0.16.6 -> 0.16.7 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 414e79166c --------------------------- libsdl3: upgrade 3.4.0 -> 3.4.2 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9ff86991af --------------------------- libp11: upgrade 0.4.17 -> 0.4.18 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f738b5785b --------------------------- libio-compress-perl: upgrade 2.217 -> 2.218 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0f8125783c --------------------------- libdaq: upgrade 3.0.23 -> 3.0.25 Changelog: api: update dioctl daqSnort latency common changes Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 51b90b90a1 --------------------------- libcurses-perl: upgrade 1.45 -> 1.46 Changelog: - Add BUTTON5 constants: BUTTON5_RELEASED, BUTTON5_PRESSED, BUTTON5_CLICKED, BUTTON5_DOUBLE_CLICKED, and BUTTON5_TRIPLE_CLICKED. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 909ce63d35 --------------------------- libcompress-raw-zlib-perl: upgrade 2.217 -> 2.222 License-Update: zlib updated to 1.3.2 Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 74f7001ed5 --------------------------- libcompress-raw-lzma-perl: upgrade 2.217 -> 2.221 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 82417023a3 --------------------------- libcompress-raw-bzip2-perl: upgrade 2.217 -> 2.218 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 330ecdd2ad --------------------------- jasper: upgrade 4.2.8 -> 4.2.9 Changelog: - Fixed a bug in the JP2 encoder that caused incorrect handling of opacity components in some cases. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 89b961c889 --------------------------- imapfilter: upgrade 2.8.3 -> 2.8.5 License-Update: copyright year updated to 2026. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0985c5c84e --------------------------- imagemagick: upgrade 7.1.2-15 -> 7.1.2-16 Changelog: =========== * client: Fix use-after-free when creating async proxy failed * daemon: Fix race on subscribers list when on thread * ftp: Validate fe_size when parsing symlink target * ftp: Check localtime() return value before use * CVE-2026-28295: ftp: Use control connection address for PASV data * CVE-2026-28296: ftp: Reject paths containing CR/LF characters * gphoto2: Use g_try_realloc() instead of g_realloc() * cdda: Reject path traversal in mount URI host * client: Fail when URI has invalid UTF-8 chars * Some other fixes Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e52dfaeb4f --------------------------- graphviz: upgrade 14.1.2 -> 14.1.3 ### Changed -------------- - Using long node names in combination with the fdp layout algorithm no longer results in truncated generated names. - Vertical centering of text within HTML-like table cells has been improved. - The existing ability to provide a numeric parameter to '-v' to specify verbosity level are newly documented in 'dot --help'. ### Fixed ------------ - 'gvmap' no longer dereferences a null pointer when reading position-less graphs. - 'gvmap' no longer crashes when adding coordinate data. - 'mm2gv' no longer accepts input matrices with non-'real' element type. Previously these would be accepted but processed incorrectly leading to out-of-bounds memory reads and writes. - The 'Tcldot_Init', 'Tcldot_builtin_Init', and 'Tcldot_SafeInit' symbols in 'tcldot.dll' are externally visible on Windows. #2809 - The 'Tclpathplan_Init' and 'Tclpathplan_SafeInit' symbols in 'tclpathplan.dll' are externally visible on Windows. #2809 - The Autotools build system more consistently uses '$PYTHON3' instead of 'python3' when invoking Python. This ensures developers are more easily able to control the Python installation in use from the top level. - The Autotools build system explicitly links against libglu libraries when linking against libglut. - Corrected time formatting in verbose info/debug messages (enabled by -v). Previously, minutes was missing, showing HH:SS instead of HH:MM:SS. - Further parts of the network simplex algorithm have been rewritten in a non-recursive style. This allows processing larger graphs that previously caused stack overflows. #2782 - Canonicalizing an empty string or a string entirely made up of characters needing escaping no longer triggers an out-of-bounds memory write. This was a regression in Graphviz 13.0.1. #2743 - An off-by-one error in the network simplex algorithm has been corrected. This could have led to suboptimal layout in some edge cases. This was a regression in Graphviz 13.0.0. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a3966a6b8e --------------------------- gperftools: upgrade 2.18 -> 2.18.1 Changelog: fix for compilation failure on PPC. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7a84f78832 --------------------------- glaze: upgrade 7.0.2 -> 7.1.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ea42cd076a --------------------------- driverctl: upgrade 0.115 -> 0.121 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 13dd3dada8 --------------------------- ctags: upgrade 6.2.20260222.0 -> 6.2.20260308.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4af1af7b4f --------------------------- castxml: upgrade 0.6.13 -> 0.7.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: cf17d746d2 --------------------------- python3-snagboot: enable building -native and nativesdk- variants It can be useful to include snagboot in the SDK, so allow building that variant. While I don't see a use case for it during build, there's no reason not to also allow building the -native variant while at it. Signed-off-by: Rasmus Villemoes Signed-off-by: Khem Raj --------------------------- Commit: 87c4aaa3aa --------------------------- tnftp: Add HOMEPAGE Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 964cbd0107 --------------------------- tmux: upgrade 3.6 -> 3.6a 1. Change log: https://raw.githubusercontent.com/tmux/tmux/3.6a/CHANGES 2. Change HOMEPAGE to github. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 99e9d4aba1 --------------------------- libssh: upgrade 0.11.3 -> 0.11.4 Signed-off-by: Gijs Peskens Signed-off-by: Khem Raj --------------------------- Commit: 70e27af4fc --------------------------- python3-scikit-build: Upgrade 0.18.1->0.19.0 Changelog: https://scikit-build.readthedocs.io/en/latest/history.html Signed-off-by: Jiaying Song Signed-off-by: Khem Raj --------------------------- Commit: f0603d90c9 --------------------------- mypaint-brushes: add recipe for v2 This recipe is required to build the upcoming gimp-3.2.0 update Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: ceb6cf32d0 --------------------------- gtkmm4: add x11 back to REQUIRED_DISTRO_FEATURES x11 is moved in comit [1], but when DISTRO_FEATURES contains opengl, but not contains x11, bitbake gtkmm4 reports: ERROR: Nothing PROVIDES 'atkmm' (but /build/layers/meta-openembedded/meta-oe/recipes-gnome/gtk+/gtkmm4_4.20.0.bb DEPENDS on or otherwise requires it) atkmm was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES [1] https://git.openembedded.org/meta-openembedded/commit/?id=2cd317e9551492a64fddf2fb535333eb7e3f7fef Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: 2ce0a1d262 --------------------------- thermald: backport support for non-Intel platforms Backport three upstream patches that refactor thermald to support non-Intel architectures, including ARM platforms. These commits were merged upstream after the 2.5.11 release and are required to enable correct thermal management on non-x86 SoCs. Also update COMPATIBLE_HOST to allow building thermald on both Intel and ARM hosts. Upstream patches: - Backport from commit 4cf42fc89ccdbcecdcd30b32a7ca8040be55c253 - Backport from commit 857fbdf3e9079cec04bfa5fe7a93a432485b5cab - Backport from commit 1931a12e7e44b6b85a02a5d8158829eff4b9cc92 Signed-off-by: Priyansh Jain Signed-off-by: Khem Raj --------------------------- Commit: f71a12fb70 --------------------------- atop: upgrade 2.12.0 -> 2.12.1 Version 2.12.1 Bug solution: tests during append of existing raw log are less strict now. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 5dd79230ea --------------------------- bit7z: upgrade 4.0.9 -> 4.0.11 1. Changelog: https://github.com/rikyoz/bit7z/releases/tag/v4.0.11 2. Drop following patches as they were merged upstream. 0001-Fix-reinterpret-cast-compiler-errors.patch 0001-Fix-int8_t-storage-in-BitPropVariant-on-Arm-architec.patch 0001-Allow-running-tests-on-target-when-cross-compiling.patch 0001-Allow-specifying-path-to-7z-library-in-tests.patch 0001-Fix-tests-with-musl.patch 3. Adjust Ptest SRCREV to adopt to latest bit7z SRCREV_filesystem refer to bit7z-4.0.11/cmake/Dependencies.cmake SRCREV_catch2 refer to bit7z-4.0.11/tests/CMakeLists.txt SRCHASH_CPM and TAG_CPM refer to bit7z-4.0.11/cmake/Dependencies.cmake 4.cmake/Dependencies.cmake has redefined to check and download CPM_${CPM_DOWNLOAD_VERSION}.cmake file to CPM_SOURCE_CACHE, so it will show error in do_configure as ./build/cpm_cache/cpm/CPM_0.42.0.cmake is empty | -- Downloading CPM.cmake to ...bit7z/4.0.11/build/cpm_cache/cpm/CPM_0.42.0.cmake | CMake Error at cmake/Dependencies.cmake:15 (file): | file DOWNLOAD cannot compute hash on failed download | | from url: "https://github.com/cpm-cmake/CPM.cmake/releases/download/v0.42.0/CPM.cmake" | status: [6;"Could not resolve hostname"] So change ${B}/cmake to ${B}/cpm_cache/cpm/ to fix this issue. ./build/cpm_cache/cpm/CPM_0.42.0.cmake 5. Add 0001-cmake-disable-filesystem-gitclone.patch to fix filesystem git clone error Fix error log as following: | fatal: unable to access 'https://github.com/rikyoz/filesystem.git/': Could not resolve host: github.com | Had to git clone more than once: 3 times. | CMake Error at bit7z/4.0.11/build/_deps/ghc_filesystem-subbuild/ghc_filesystem-populate-prefix/tmp/ghc_filesystem-populate-gitclone.cmake:50 (message): | Failed to clone repository: 'https://github.com/rikyoz/filesystem.git' Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: c0a3c429f1 --------------------------- thunar-plugin.bbclass: add x11 to REQUIRED_DISTRO_FEATURES thunar requires x11 Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: 939000f1c3 --------------------------- thunar: add x11 to REQUIRED_DISTRO_FEATURES thunar depends on xfce4-panel, xfce4-panel requires x11 Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: 16027d4c7d --------------------------- gtk-vnc: add x11 to REQUIRED_DISTRO_FEATURES Fix world build failure: ERROR: Nothing PROVIDES 'libx11' (but /build/layers/meta-openembedded/meta-gnome/recipes-connectivity/gtk-vnc/gtk-vnc_1.5.0.bb DEPENDS on or otherwise requires it) libx11 was skipped: using DISTRO 'poky', which is missing required DISTRO_FEATURES: 'x11' Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: 4cb76735a5 --------------------------- libxfce4ui: update REQUIRED_DISTRO_FEATURES Refer [1], when DISTRO_FEATURES contains opengl, but not x11, world build will report: ERROR: Nothing PROVIDES 'libice' (but /build/layers/meta-openembedded/meta-xfce/recipes-xfce/libxfce4ui/libxfce4ui_4.20.2.bb DEPENDS on or otherwise requires it) libice was skipped: using DISTRO 'poky', which is missing required DISTRO_FEATURES: 'x11' [1] https://git.openembedded.org/meta-openembedded/commit/?id=bd206048b6fabe22a67058aaf250a28d00d92135 Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: bd98b8e5cd --------------------------- xfce4-panel: add x11 to REQUIRED_DISTRO_FEATURES xfce4-panel depends on libwnck3, which only support x11 Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: 2608fb9d2d --------------------------- xfce4-pulseaudio-plugin: require x11 distro feature When DISTRO_FEATURES contains pulseaudio, but not x11, world build will report error: pavucontrol was skipped: using DISTRO 'poky', which is missing required DISTRO_FEATURES: 'x11' Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'xfce4-pulseaudio-plugin', 'pavucontrol'] Refer [1], conditionally add x11 to REQUIRED_DISTRO_FEATURES [1] https://git.openembedded.org/meta-openembedded/commit/?id=3a57e5274540a2b4b6d6a1d9808d0c9783f250a7 Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: acc562d488 --------------------------- gimp: add x11 to REQUIRED_DISTRO_FEATURES When DISTRO_FEATURES only contains wayland, but not x11, world build will report: ERROR: Nothing PROVIDES 'libxmu' (but /build/layers/meta-openembedded/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb DEPENDS on or otherwise requires it) libxmu was skipped: using DISTRO 'poky', which is missing required DISTRO_FEATURES: 'x11' Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: aa96ff9526 --------------------------- libwnck3: add x11 to REQUIRED_DISTRO_FEATURES Refer [1], but when DISTRO_FEATURES only container wayland, but not x11, do_configure will failed with error: | ../sources/libwnck-43.2/meson.build:55:8: ERROR: Dependency "x11" not found, tried pkgconfig | ERROR: meson setup failed Besides, refer the following source code, seems libwnck3 only support x11. libwnck/util.c:248: g_warning ("libwnck is designed to work in X11 only, no valid display found"); [1] https://git.openembedded.org/meta-openembedded/commit/?id=abdb05b6b4b31ff40c4219336b7096db014284f1 Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: cd0431d03a --------------------------- uutils-coreutils: upgrade 0.6.0 -> 0.7.0 Release notes: https://github.com/uutils/coreutils/releases/tag/0.7.0 Changes are here: https://github.com/uutils/coreutils/compare/0.6.0...0.7.0 Signed-off-by: Deepesh Varatharajan Signed-off-by: Khem Raj --------------------------- Commit: b4dd2c4363 --------------------------- modemmanager: fix EXTRA_OEMESON Do not pass qrtr=false explicitly since recipe enables or disables it based on the PACKAGECONFIG value. Also, use += with EXTRA_OEMESON. Signed-off-by: Anuj Mittal Signed-off-by: Khem Raj --------------------------- Commit: d4a6857b40 --------------------------- python3-websocket-client: Upgrade 1.70 -> 1.9.0 Upgrade to release 1.9.0: - 1.9.0 - Remove Python 3.8 support (EOL), add Python 3.13 (5f25030) - Remove localhost and 127.0.0.1 from default NO_PROXY list (#994) - Support IPv6 CIDRs in the no_proxy option (#1033) - Fix thread safety condition in `teardown()` to improve `run_forever()` (#1015) - Fix #1024 by chunking data, recursion in on_error callback, thread leak in `_stop_ping_thread()`, avoid implicit None in `recv()` (#1036) - Avoid bare except clauses for better error handling (#1036) - Fix async (#983) - Resolve mypy type errors (#996, #1006, 813d570) - Test coverage improvements (#1035, #1036) - flake8 linting improvements (#1034) - 1.8.0 - Added `on_reconnect` parameter to WebSocketApp to handle callback ambiguity (#972) - Improve handling of SSLEOFError and use reconnect bool (#961) - Minor linting and docs CI build upgrades (981c00e, 75ba91a, bec2608) License-Update: copyright years refreshed Signed-off-by: Ryan Eatmon Signed-off-by: Khem Raj --------------------------- Commit: 1e7ca582a6 --------------------------- python3-redis: upgrade 5.2.1 -> 5.3.1 Allow newer PyJWT versions for branch 5.3 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: c1c7af9680 --------------------------- python3-xmodem: upgrade 0.4.7 -> 0.5.0 bugfix: retry_limit was never actually triggered during the data transfer phase because errors never accumulated, and enhancement: replace 3x getc() calls with a single recv() call, reducing timing and failed packets when using fast serial lines without flow control. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 8ea57b9143 --------------------------- spdm-emu: add recipe for SPDM emulator SPDM emulator implementation based on libspdm. It provides requester and responder tools used for testing SPDM protocol communication. Upstream: https://github.com/DMTF/spdm-emu Signed-off-by: Jino Abraham Signed-off-by: Khem Raj --------------------------- Commit: 2273ed31cf --------------------------- grpc: upgrade 1.76.0 -> 1.78.1 Removed patch included in this release Changelogs v1.78.1: https://github.com/grpc/grpc/releases/tag/v1.78.1 v1.78.0: https://github.com/grpc/grpc/releases/tag/v1.78.0 C++: - adding address_sorting dep in naming test build Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 4f28b16edd --------------------------- zchunk: upgrade 1.5.2 -> 1.5.3 The tag is not on any branch. Add tag to SRC_URI. Changelog: https://github.com/zchunk/zchunk/compare/1.5.2...1.5.3 Changes: - update to 1.5.3 - rename internal close() functions to close_zck_component to avoid POSIX conflict on AIX Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 43e38ada0f --------------------------- libmodbus: upgrade 3.1.11 -> 3.1.12 Add 'tag' to SRC_URI Changelog: https://github.com/stephane/libmodbus/releases/tag/v3.1.12 Changes: - Fix FD_SET overflow when socket fd >= FD_SETSIZE. - Check dest pointer not null and nb in read functions. - NULL check for src and nb < 1 validation in write functions. - modbus_reply: don't compute address for FC 0x07/0x11. - Use O_NONBLOCK instead of deprecated O_NDELAY - Explicit cast for Coverity CID 416366. - Document required buffer size of modbus_receive. - Document macros for error codes corresponding to Modbus exceptions - Fix example of modbus_rtu_set_serial_mode - Test filesystem provides symlink in autogen.sh - Sync API signatures with the documentation. - Many documentation fixes and typo corrections. - Add coverage target and helper script. Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 4e9bdb5256 --------------------------- syslog-ng: upgrade 4.10.2 -> 4.11.0 Changelog: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.11.0 Highlights - kafka-source(): The new kafka() source can directly fetch log messages from the Apache Kafka message bus using the librdkafka client. Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 3cd347cb2a --------------------------- squid: upgrade 7.3 -> 7.4 License-Update: update GPLv2 COPYING document Some terminology and FSF address changes since the GPLv2 https://github.com/squid-cache/squid/commit/4c5fbc7e8db25352722de4ebe7fe1cab904b62b6 Remove lines from patch, which modify not exist code. Changelog: https://github.com/squid-cache/squid/releases/tag/SQUID_7_4 Changes: - Do not create world-readable directories - digest_edirectory_auth: Fix LDAPS memory leaks - snmplib: Improve handling of zero-length ASN OCTET STRINGs - Debug tls_read_method()/tls_write_method() errors - ICMP: Harden echo paths, fix overflows, UB, and leaks - Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers - security_file_certgen: Fix OPENSSL_malloc()/free(3) mismatch - Detect FreeBSD ports Heimdal package - Remove SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H macro - Remove SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H macro - ext_kerberos_ldap_group_acl: Do not prohibit all LDFLAGS - negotiate_sspi_auth: Respond with ERR when FormatMessage() fails - ... and some code cleanups - ... and some CI improvements Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: a05464f133 --------------------------- poco: upgrade 1.14.2 -> 1.15.0 Changelog: https://github.com/pocoproject/poco/releases/tag/poco-1.15.0-release Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 5ac7358b85 --------------------------- paho-mqtt-cpp: upgrade 1.5.3 -> 1.6.0 Changelog: https://github.com/eclipse-paho/paho.mqtt.cpp/releases/tag/v1.6.0 Changes: - Bumped Paho C submodule to v1.3.16 and updated directory name to externals/paho.mqtt.c - Some significant performance increases (lower latency) for connect and publish - Fixed topic_matcher and topic_filter to properly match parent with multi-level ('#') wildcard. - Slight optimization of topic_filter to do simple string comparison if the filter does not contain wildcards. - Set a minimum version for Paho C in the CMake file. Report the version found. - .deb version properly set, and add architecture name to .deb file - remove const from connect_options_builder 'move' constructor - fix potential deadlock in thread_queue on capacity increase. - Incorrect default retain value in a will options constructor - prevent undefined behaviour on empty topic matching - Sync reconnect example crashes on first reconnect Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 7a367dc9a8 --------------------------- paho-mqtt-c: upgrade 1.3.15 -> 1.3.16 Changelog: https://github.com/eclipse-paho/paho.mqtt.c/releases/tag/v1.3.16 Changes: - Bumped minimum CMake to v3.12 - Consolidated "Event" thread signaling object. - Reduce latency on connect #1430 - Fixed warning in Window build for TCP_NODELAY - Added a .clang-format file and bash script to run it Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: f9f18709bc --------------------------- libnetfilter-conntrack: upgrade 1.1.0 -> 1.1.1 Changelog: https://git.netfilter.org/libnetfilter_conntrack/log/?h=libnetfilter_conntrack-1.1.1 Changes: - libnetfilter_conntrack: bump version to 1.1.1 - src: add support for CTA_TIMESTAMP_EVENT Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 50ac24430d --------------------------- jansson: upgrade 2.14.1 -> 2.15.0 Removed patch included in this release Changelog: https://github.com/akheron/jansson/releases/tag/v2.15.0 Features: - Add support for realloc by adding json_set_alloc_funcs2, json_get_alloc_funcs2 Fixes: - Optimize serializatio - Fix docstrings in hashtable.h Build: - Use target-based cmake settings Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 2979300f99 --------------------------- fluentbit: upgrade 4.2.2 -> 4.2.3.1 The tag is not on any branch. Changelog: https://github.com/fluent/fluent-bit/releases?q=4.2.3.1 Changes: - release: update to 4.2.3 - copyright: update year to 2026 - filter_kubernetes: fix parser annotation leak - github: scripts: commit_linter: Handle bin prefix for fluent-bit.c - bin: Handle CONT signal properly under leaks command - filter_wasm: Handle group metadata - cmake: kafka: fix OAuth Bearer detection on Windows - maintenance: update branch and security EOL info - github: scripts: commit_prefix_check: add config format rules on linter - readme: update active branch 4.2 - out_opentelemetry: on HTTP/2, read and process gRPC status code - config_format: cf_yaml: Align the behavior of dirname against POSIX [Backport to 4.2] - filter_log_to_metrics: fix initialization and exception cleanup - out_stackdriver: clean up oauth2 cache lifecycle - filter_kubernetes: Adjust cleanup ordering to avoid use-after-free [4.2 backport] - in_winevtlog: Add text format for event rendering [Backport to 4.2] - in_tail: Add skipped_lines counter [Backport to 4.2] - in_splunk: Implement handling remote addr feature [Backport to 4.2] - aws: switch AWS Endpoints for European Souvereign Cloud [4.2 backport] - plugin_proxy: enable event_type specification for proxy plugins (4.2 Backport) - in_splunk: Plug memory issues [Backport to 4.2] - dockerfiles: install minimum components and avoiding to use includeRecommended Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: fe4c5cadca --------------------------- asio: upgrade 1.30.2 -> 1.36.0 License-Update: copyright years refreshed Changelogs: Asio 1.36.0: https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_36_0 - Fixed an issue, introduced in Asio 1.35.0, that prevented the creation of internal threads required for running some asynchronous operations on a thread_pool. - Fixed co_spawn to adhere to the asynchronous operation requirement for non-reentrant invocation of the completion handler. - Added the [[noreturn]] attribute to asio::detail::throw_exception. - Fixed compilation errors in channel and concurrent_channel. - Fixed a compilation issue with the Bullseye compiler. - Fixed an awaitable coroutine compile error with the clang shipped with MSVC. - Fixed support for platforms that don't define SA_NOCLDWAIT. - Worked around a warning that occurs when building with _FORTIFY_SOURCE on recent g++. - Added a documentation note on basic_signal_set async signal safety. Asio 1.35.0: https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_35_0 Asio 1.34.2: https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_34_2 Asio 1.34.1: https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_34_1 Asio 1.34.0: https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_34_0 Asio 1.33.0: https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_33_0 Asio 1.32.0: https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_32_0 Asio 1.31.0: https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_31_0 Signed-off-by: Andrej Kozemcak Signed-off-by: Khem Raj --------------------------- Commit: 5bca83cd50 --------------------------- ettercap: patch CVE-2026-3603 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606 Pick the commit that is marked to solve the related Github issue[1]. Its commit message also references the CVE ID explicitly. [1]: https://github.com/Ettercap/ettercap/issues/1297 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 1b1c258172 --------------------------- gnome-shell: update 48.3 -> 48.7 48.7 ==== * Fix wrong network icon on connectivity loss [Antoine; !3910] * Sort session list on login screen by display name [Balló; !3920] * Add extended OSK layouts for German and Austrian [Leonidas; !3923] * Fix leaving VPN auth helper zombie processes [Michael; !3926] * Fix freeze on modifier-only layout switch shortcut [Sebastian; !3939] * Fix glitch in list search results [Florian; !3951] * Fix swipe gestures behaving erroneously in RTL locales [Florian; !3967] * Fix misplaced separator in dash after unpinning running app [Raghuveer; !1973] * Fixed crash [Sebastian; !3933] * Misc. bug fixes and cleanups [Sebastian, Leonidas, Florian, Jonas, ClarityStorm, Alessandro, Marco, Adrian, Carlos; !3922, !3925, !3931, !3927, !3932, !3924, !3937, !3940, !3942, !3946, !3943, !3950, !3708, !3917, !3971] Contributors: Leonidas Adaktylos, Alessandro Bono, Michael Catanzaro, ClarityStorm, Carlos Garnacho, Balló György, Raghuveer Kasaraneni, Sebastian Keller, Antoine Lassagne, Florian Müllner, Marco Trevisan (Treviño), Adrian Vovk, Jonas Ådahl Translators: Antonio Marin [ro] 48.6 ==== * Fix key focus on choice list on login screen [Marco; !3849] * Fix animation glitch when cancelling overview search [Noam; !3888] * Also send activation token for notifications without app [Marco; !3891] * Update keyboard indicator on modifier-only layout switches [Carlos; !3895] * Improve accessibility of screenshot UI [Lukáš; !3908] * Improve Hindi bolnagri input with on-screen keyboard [Mike; !3911] * Do not expire notifications that are about to show [Marco; !3905] * Misc. bug fixes and cleanups [SimonMaracine, Daniel, Marco; !3894, !3892, !3907, !3904] Contributors: Mike FABIAN, Carlos Garnacho, Noam Raz, SimonMaracine, Marco Trevisan (Treviño), Lukáš Tyrychtr, Daniel van Vugt Translators: Abduqadir Abliz [ug] 48.5 ==== * Fix connecting to WPA(2) Enterprise networks [Mitchell; !3834] * Improve order in which extensions are enabled/disabled [Kyrill; !3835] * Account for scaling when setting cursor location from ibus [Takao; !3729] * Do not reset the unlock prompt on every tap [Marco; !3852] * Improve legacy tray icon support [Marco; !3818] * Fix misplaced background menu [Jonas; !3863] * Fix layout of app search results in RTL locales [Khalid; !3851] * Fix notification banners sometimes getting stuck [everyx; !3861] * Fixed crashes [Johannes, Daniel, Jonas, Alessandro; !3839, !3809, !3872] * Plugged leak [Sebastian; !3854] * Misc. bug fixes and cleanups [Michael, Marco, Philip, Jonas; !3813, !3846, !3853, !3220, !3850, !3855, !3869] Contributors: Khalid Abu Shawarib, Alessandro Astone, Mitchell Augustin, Michael Catanzaro, Jonas Dreßler, everyx, Takao Fujiwara, Sebastian Keller, Johannes Maibaum, Marco Trevisan (Treviño), Daniel van Vugt, Philip Withnall, Kyrill Zorin, Jonas Ådahl Translators: Cheng-Chia Tseng [zh_TW], Philipp Kiemle [de], Aefgh Threenine [th], Jiri Grönroos [fi] 48.4 ==== * Fix taking interactive screenshots via D-Bus [Florian; !3803] * Fix pointer scaling glitches in magnifier [Marco; !475] * Fix drawing glitch in sliders in RTL locales [Sebastian, Khalid; !3817] * Misc. bug fixes and cleanups [Marco, Sebastian, Florian, Mike, Jonas; !3785, !3798, !3799, !3816, !3796, !3750] Contributors: Khalid Abu Shawarib, Jonas Dreßler, Mike FABIAN, Sebastian Keller, Florian Müllner, Marco Trevisan (Treviño) Translators: Aefgh Threenine [th] Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: ebe36f3a2d --------------------------- gdm: conflict with dbus-broker gdm requires dbus-run-session and fails to run org.freedeskktop.systemd1 if using dbus-broker Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 4882932910 --------------------------- nopoll: upgrade 0.4.7.b429 -> 0.4.9.b462 0.4.9 ----- Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.9.txt 0.4.8 ----- Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.8.txt Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: a4705e2cab --------------------------- zabbix: mark CVE-2026-23925 as patched Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23925 The vulnerability has been fixed since 7.0.18[1], however NVD tracks this CVE without version information. [1]: https://github.com/zabbix/zabbix/commit/89dec866ec7f8230b25f06ac000575e3b7bd4025 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 56106a0cfb --------------------------- zabbix: upgrade 7.0.19 -> 7.0.23 This update contains many bugfixes. Changelog: https://github.com/zabbix/zabbix/blob/7.0.23/ChangeLog Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: eea3a14193 --------------------------- libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474 https://nvd.nist.gov/vuln/detail/CVE-2026-1837 Both CVEs have been fixed in v0.11.2, but NVD tracks these vulnerabilities without version information. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 39318cebcb --------------------------- pipewire: Fix socket activation Backport an upstream PipeWire fix into meta-multimedia to correct UNIX socket path comparison in is_socket_unix() and to preserve LISTEN_FDS when using sd_listen_fds(). The previous behavior could mis-detect valid systemd-activated sockets and break subsequent invocations because LISTEN_FDS was unset, even though the code path can be executed more than once. Link: https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/f4e174870eb8cbe60c922d3bf181f3eb2347523c Signed-off-by: Sairamreddy Bojja Signed-off-by: Mohammad Rafi Shaik Signed-off-by: Khem Raj --------------------------- Commit: 19af995bc1 --------------------------- aom: add bindir to SYSROOT The cmake files files installed by this recipe check the existence of the binaries in ${bindir}, and throw a fatal error in case it cannot find the expexted files. Due to this, it is not possible to include aom in other cmake project, because it errors out: The imported target "AOM::aomdec" references the file | | ".../recipe-sysroot/usr/bin/aomdec" | | but this file does not exist. Possible reasons include: ... To avoid this error, incldue the content of bindir in the sysroot. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d4bc3fe962 --------------------------- libheif: upgrade 1.20.2 -> 1.21.2 Changelog: 1.21.2: - build script for JS/WASM now supports building with JPEG2000 and "ISO23001-17 Uncompressed" support. - image sequence SAI data now works when using the OpenH264 decoder plugin 1.21.1: - This patch release only fixes a build error with some GCC versions because of a missing #include. 1.21.0: - CVE-2025-68431 fixed - This release adds full support for reading and writing HEIF image sequences. - libheif will now encode HEIF image sequences with all included codecs. - Since HEIF image sequences are very similar to MP4 videos, this new version is also capable of decoding most MP4 videos (without audio, of course). - Support for image sequences with alpha channels. For most codecs, the alpha channel will be stored in a separate, auxiliary, monochrome track. For ISO/IEC 23001-17 (uncompressed) streams, the alpha channel is stored in the main video track. - Support for sequence track edit lists to define the number of sequence repetitions (without actually repeating the video data). - New encoder plugin using x264 to write H.264-compressed video streams and images. - The FFmpeg decoder plugin will now decode both H.265 and H.264. - Support for HEIF text items and language properties Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 57045ecd65 --------------------------- gvfs: upgrade 1.58.1 -> 1.58.2 Major changes in 1.58.2 ======================= * client: Fix use-after-free when creating async proxy failed (Ondrej Holy) * daemon: Fix race on subscribers list when on thread (Ondrej Holy) * ftp: Validate fe_size when parsing symlink target (Ondrej Holy) * ftp: Check localtime() return value before use (Ondrej Holy) * CVE-2026-28295: ftp: Use control connection address for PASV data (Ondrej Holy) * CVE-2026-28296: ftp: Reject paths containing CR/LF characters (Ondrej Holy) * gphoto2: Use g_try_realloc() instead of g_realloc() (Ondrej Holy) * cdda: Reject path traversal in mount URI host (Ondrej Holy) * client: Fail when URI has invalid UTF-8 chars (Ondrej Holy) * Some other fixes (correctmost, Ondrej Holy) Signed-off-by: Zhang Peng Signed-off-by: Khem Raj --------------------------- Commit: 06aea3f734 --------------------------- libwnck3: BPN -> GNOMEBN The BPN = libwnck is confusing since it should be libwnck3, use GNOMEBN to replace BPN to make the SRC_URI work. Signed-off-by: Robert Yang Signed-off-by: Khem Raj --------------------------- Commit: 53e8f46ff7 --------------------------- redis: remove unneeded CVE_STATUS tags These CVEs were ignored because they were tracked by NVD using incorrect version information. Since then this information seems to be reflected correctly, it is not needed to ignore them explicitly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 81250fb6c3 --------------------------- vlc: ignore CVE-2026-26227 and CVE-2026-26228 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26227 https://nvd.nist.gov/vuln/detail/CVE-2026-26228 Both vulnerabilities affect only the Android version of VLC, not the other ones. Because of this, ignore these CVEs. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: ec741a75f0 --------------------------- redis: upgrade 8.0.0 -> 8.0.6 License-Update: - Upstream has removed incorrect gplv3 text from the license (because agplv3 is the correct), which changed the checksum - The recipe had incorrect license indication. Redis 8 is not BSD licensed, but depending on the user's choice, it's agplv3 or sspl (or custom redis license, which is not added to the list) Changelogs: 8.0.6: - Security fix: A user can manipulate data read by a connection by injecting \r\n sequences into a Redis error reply 8.0.5: Bugfixes: - HGETEX - potential crash when FIELDS is used and numfields is missing - Potential crash on HyperLogLog with 2GB+ entries - Cuckoo filter - Division by zero in Cuckoo filter insertion - Cuckoo filter - Counter overflow - Bloom filter - Arbitrary memory read/write with invalid filter - Bloom filter - Out-of-bounds access with empty chain - Bloom filter - Restore invalid filter [We thank AWS security for responsibly disclosing the security bug] - Top-k - Out-of-bounds access 8.0.4: Security fixes - (CVE-2025-49844) A Lua script may lead to remote code execution - (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE - (CVE-2025-46818) A Lua script can be executed in the context of another user - (CVE-2025-46819) LUA out-of-bound read New Features - VSIM: new EPSILON argument to specify maximum distance Bug fixes - Potential use-after-free after pubsub and Lua defrag - Potential crash on Lua script defrag - HINCRBYFLOAT removes field expiration on replica - Prevent CLIENT UNBLOCK from unblocking CLIENT PAUSE - Endless client blocking for blocking commands - Vector sets - RDB format is not compatible with big endian machines - EVAL crash when error table is empty - Gracefully handle short read errors for hashes with TTL during full sync 8.0.3: Security fixes - (CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands - (CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error New Features - VSIM: Add new WITHATTRIBS to return the JSON attribute associated with an element Bug fixes - A short read may lead to an exit() on a replica - db->expires is not defragmented 8.0.2: Security fixes - (CVE-2025-27151) redis-check-aof may lead to stack overflow and potential RCE Bug fixes - Cron-based timers run twice as fast when active defrag is enabled Other general improvements - LOLWUT for Redis 8 8.0.1: Performance and resource utilization improvements - Vector sets - faster VSIM FILTER parsing Bug fixes - Query Engine - revert default policy search-on-timeout to RETURN - Query Engine - @__key on FT.AGGREGATE used as reserved field name preventing access to Redis keyspace - Query Engine - crash when calling FT.CURSOR DEL while retrieving from the CURSOR Notes - Fixed wrong text in the license files Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 75e14941ba --------------------------- exiv2: upgrade 0.28.7 -> 0.28.8 Contains fixes for CVE-2026-27596, CVE-2026-25884 and CVE-2026-27631. Ptests passed successfully. Changelog: Fix leak CI: update mac runner for 0.28.x branch Add some new cameras and lenses Make DataValue::value_ public fix reading mp4 url box nested in non video/audio track fix: do not add target exiv2lib if the target already exists Add size checks to avoid large memory allocations Fix size calculation in XmpTextValue::size() Avoid calling std::find or std::string with an invalid range Backport all changes in .github/workflows from main to 0.28.x Fix out-of-bounds read in CrwMap::decode0x0805 Fix UBSAN false positive Upload crash files when fuzzing fails Remove nightly release Fix regression in Canon lens detection fix wrong timescale used to calculate fps Remove nightly release vestiges conan: update dependencies Add Tamron 18-400mm on Nikon D90 Add Ricoh GR IV HDF and Monochrome IDs Refresh translations Add build provenance attestation Add fuzz target for previews Align some docs to main Update README.md add enforce to prevent integer overflow Add enforce to check for integer overflow Release Exiv2 version 0.28.8 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 0934de7a60 --------------------------- exiftool: upgrade 13.48 -> 13.52 Also fixes CVE-2026-3102 Changelog: 13.52: - Added a number of new XMP tags written by Adobe software - Added UTF-16 support for a few different metadata types in which only UCS-2 was previously implemented - Added a few more Canon FlashModel values and decode FlashModel for the 5DmkII - Added a new Canon LensType - Added some missing file attribute bits to two of the new LNK tags - Decode internal serial number for the 5DmkII - Decode another OwnerName for the 5DmkII - Decode some timed GPS for a couple of new DJI drones - Enable WindowsLongPath by default only if Win32::API is available - Renamed the Pentax K3III AFInfo tag to AFInfoK3III 13.51: - Added a new Nikon LensID - Decode more tags from Windows LNK files - Decode another LIGOGPSINFO variant - Decode some new Canon tags - Decode some new Nikon tags - Split decoding on Nikon BurstGroupID into separate tags - Fixed round-off error in GPSDateTime seconds for camm6 metadata in MP4 videos introduced in 13.45 - Fixed bug generating the default-language version of QuickTime:LocationInformation 13.50: - Added a few new Sony lenses - Added a couple of new Canon lenses - Decode another Samsung trailer tag - Decode BlackLevels from some Canon CRW files - Updated Sony maker note decoding for the ILCE-7M5 - Patched potential MacOS security issue - Fixed -list options so reading image files beforehand doesn't add tags to the output when running multiple commands using the -execute feature 13.49: - Decode a couple of new Samsung trailer tags - Disabled decoding of MenuSettings for the Nikon Z6III firmware 2.0 until the changes can be worked through in detail - Fixed problem where Google Photos had problems displaying ExifTool-edited HEIC MotionPhoto images. Files written by older versions of ExifTool may be repaired by re-writing with 13.49 or later Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 50e7b3e5ea --------------------------- python3-protobuf: mark CVE-2026-0994 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994 It is fixed already in the currently used version, however NVD tracks it without any version info, so it still shows up in CVE reports. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 717d124c2d --------------------------- freerdp3: upgrade 3.22.0 -> 3.23.0 Contains many CVE and bugfixes. Changelog: https://github.com/FreeRDP/FreeRDP/releases/tag/3.23.0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 4937ed55d8 --------------------------- bcc: Add ARM and AArch64 support to static tracepoints This resolves USDT probe test failures on ARM64 platforms. Without these changes, the .note.stapsdt section containing probe information was missing entirely on ARM64, causing test failures when attempting to find and attach to USDT probes in the BCC test suite. Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5491] Signed-off-by: Harish Sadineni Signed-off-by: Khem Raj --------------------------- Commit: cdf9d099b9 --------------------------- bcc: Add riscv syscall prefix detection in C++ API Fixes issue where bpf.get_syscall_fnname() on riscv64 returns bare syscall name instead of the prefixed _riscv_sys variant, causing kprobe attachment failures. Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5490] Signed-off-by: Harish Sadineni Signed-off-by: Khem Raj --------------------------- Commit: eed01e5cc0 --------------------------- bcc: Add ARM64 syscall prefix detection in C++ API Fixes issue where bpf.get_syscall_fnname() on ARM64 returns bare syscall name instead of the prefixed _arm64_sys variant, causing kprobe attachment failures. Now detects ARM64 prefix alongside x64 (x64_sys) and generic (sys) prefixes. Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5489] Signed-off-by: Harish Sadineni Signed-off-by: Khem Raj --------------------------- Commit: db05f827bb --------------------------- nodejs: upgrade 22.22.0 -> 22.22.1 License Update: Add sorttable.js under the MIT license - https://github.com/nodejs/node/pull/61348/files Update minimatch to the Blue Oak Model License - https://github.com/nodejs/node/commit/e72da8c7544727f90b857ba86b8c7755e631fe96 Changelog: https://github.com/nodejs/node/releases/tag/v22.22.1 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: 6b443c2b7c --------------------------- emlog: bump to latest revision Drop the patch that is included in this release. Actually that is also the changelog since the previous version - there were no other changes beside the accepted patch. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 40ceaf426d --------------------------- dropwatch: upgrade 1.5.4 -> 1.5.5 Changes: - Added abilty to build and run in a docker container - kas is the default symbol lookup method now - Fix building without libtool installed - Misc fixes for kas lookup logic Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 69f1a41a94 --------------------------- curlpp: upgrade to latest revision The last release was almost a decade ago, but there are quite a few commits that were added to the project since that. Instead of waiting for a new release, use the tip of the repository. Changelog: https://github.com/jpbarrette/curlpp/compare/v0.8.1...ec1b66e699557cd9d608d322c013a1ebda16bd08 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 37b9749f24 --------------------------- arptables: remove unused checksums It is fetched from git, so the checksums are not doing anything. While touching it, switch to the project's own license file instead of using a generic one from the COMMON_LICENSE_DIR. The license itself has not changed, still gpl 2.0, only. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9df85b55dc --------------------------- rdma-core: upgrade 51.0 -> 62.0 v51 series will get support only for about 2 more years, but v62 just started its ~4 years long support cycle. Drop patches that are included in this release, or were solved on another way by upstream. Changelog: 62.0: https://github.com/linux-rdma/rdma-core/releases/tag/v62.0 61.0: https://github.com/linux-rdma/rdma-core/releases/tag/v61.0 60.0: https://github.com/linux-rdma/rdma-core/releases/tag/v60.0 59.0: https://github.com/linux-rdma/rdma-core/releases/tag/v59.0 58.0: https://github.com/linux-rdma/rdma-core/releases/tag/v58.0 57.0: https://github.com/linux-rdma/rdma-core/releases/tag/v57.0 56.0: https://github.com/linux-rdma/rdma-core/releases/tag/v56.0 55.0: https://github.com/linux-rdma/rdma-core/releases/tag/v55.0 54.0: https://github.com/linux-rdma/rdma-core/releases/tag/v54.0 53.0: https://github.com/linux-rdma/rdma-core/releases/tag/v53.0 52.0: https://github.com/linux-rdma/rdma-core/releases/tag/v52.0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2b444cfaa4 --------------------------- tinyproxy: drop obsolete patch The patch removed manual generation completely from the build scripts, however upstream has added a configure option in version 1.11.0[1] to do it in a more gentle way. Drop the patch, and use the configure option instead. [1]: https://github.com/tinyproxy/tinyproxy/commit/5ba958829f73ecc02658a46f5b1bba5ffed2281d Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 629bb51b14 --------------------------- tunctl: update patch status Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 1bf78542f0 --------------------------- udpcast: update patch status Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: be6b26e92c --------------------------- wireshark: upgrade 4.6.3 -> 4.6.4 This is a bugfix release. Changes: - USB HID dissector memory exhaustion. CVE-2026-3201. - NTS-KE dissector crash. CVE-2026-3202. - RF4CE Profile dissector crash. CVE-2026-3203. - Wireshark doesn’t start if Npcap is configured with "Restrict Npcap driver’s Access to Administrators only" - PQC signature algorithm not reported in signature_algorithms. - Unexpected JA4 ALPN values when space characters sent. - Expert Info seems to have quadratic performance (gets slower and slower) - IKEv2 EMERGENCY_CALL_NUMBERS Notify payload cannot be decoded. - TShark and editcap fails with segmentation fault when output format (-F) set to blf. - Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee Direct Tunneling Zigbee NWK PDUs NULL hash table] - Wiretap writes pcapng custom options with string values invalidly. - RDM status in Output Status (GoodOutputB) field incorrectly decoded in Art-Net PollReply dissector. - Wiretap writes invalid pcapng Darwin option blocks. - TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to incorrect expectation of TYPE_VARLEN (MaxLen) - Only first HTTP POST is parsed inside SOCKS with "Decode As". - TShark: Bogus "Dissector bug" messages generated in pipelines where something after tshark exits before reading all its input. - New Diameter RAT-Types in TS 29.212 not decoded. - Malformed packet error on Trigger HE Basic frames. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 154c462c59 --------------------------- ntpsec: upgrade 1.2.2a -> 1.2.4 Upgrade to latest upstream release 1.2.4. Release notes: https://blog.ntpsec.org/2025/04/18/version-1.2.4.html Signed-off-by: G B Signed-off-by: Khem Raj --------------------------- Commit: 4c98e54b65 --------------------------- fio: fix musl builds fio 3.40 added the commit 4175f4dbec5d ("oslib: blkzoned: add blkzoned_move_zone_wp() helper function") which uses FALLOC_FL_ZERO_RANGE which in a musl build is undefined without including its header. Backport the upstream fix. Signed-off-by: Max Krummenacher Signed-off-by: Khem Raj --------------------------- Commit: 46ae413c63 --------------------------- rtla: add recipe for real-time linux analysis tool rtla source code is present in the kernel source tree at tools/tracing/rtla. There is another build option for rtla to enable bpf bindings, this was not a quick one to get working and left as a future improvement. Makefile for rtla has evolved in newer kernels (v6.9). Some fixes needed for support with older kernels. This commit was tested against 6.18 and 6.8. Also add rtla to packagegroup-meta-oe-benchmarks. Signed-off-by: Peter Bergin Signed-off-by: Khem Raj --------------------------- Commit: d6815efa84 --------------------------- cpupower: keep header files for other packages and package systemd service When having a DEPENDS against cpupower it need to leave its header files. Remove that cleanup that has been present since the beginning of the recipe without any (to me) known reason. cpupower ship a systemd service and config file in kernel source tree since kernel 6.16. Package them as a separate package cpupower-systemd to be installed if wanted. Add cpupower to packagegroup-meta-oe to be included in builds of all packages. Signed-off-by: Peter Bergin Signed-off-by: Khem Raj --------------------------- Commit: e8be5452b6 --------------------------- pipewire: backport fix for build with glibc-2.43 Fixes: ../sources/pipewire-1.6.0/spa/plugins/support/logger.c:121:5: error: assigning to 'char *' from 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] 121 | s = strrchr(file, '/'); | ^ ~~~~~~~~~~~~~~~~~~ 1 error generated. Signed-off-by: Martin Jansa Signed-off-by: Khem Raj --------------------------- Commit: 0541742ec0 --------------------------- ngtcp2: add recipe ngtcp2 project is an effort to implement IETF QUIC protocol It is a dependency of the new Samba recipe. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 822634e849 --------------------------- nghttp3: add recipe HTTP/3 library written in C A new dependency for Samba recipe. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5a7a1a643e --------------------------- python3-django: upgrade 5.2.11 -> 5.2.12 Ptests passed successfully. Changelog: https://docs.djangoproject.com/en/6.0/releases/5.2.12/ - Fixed CVE-2026-25673 and CVE-2026-25674 - Fixed NameError when inspecting functions making use of deferred annotations in Python 3.14. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 1960f33a61 --------------------------- python3-django: upgrade 6.0.2 -> 6.0.3 Ptests passed successfully. Changelog: https://docs.djangoproject.com/en/6.0/releases/6.0.3/ - Fix CVE-2026-25673 and CVE-2026-25674 - Fixed NameError when inspecting functions making use of deferred annotations in Python 3.14 - Fixed AttributeError when subclassing builtin lookups and neglecting to override as_sql() to accept any sequence - Fixed TypeError when deprecation warnings are emitted in environments importing Django by namespace - Fixed a visual regression where fieldset legends were misaligned in the admin. - Prevented the django.tasks.signals.task_finished signal from writing extraneous log messages when no exceptions are encountered Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 58a0bbec39 --------------------------- redis: drop recipe for v7.2.12 This version has been EOL since the end of February. There is a recipe available for v8, which is still supported. Drop this version. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5899a5e6ff --------------------------- meta-oe: libcppconnman: add recipe libcppconnman is a C++ library to control ConnMan via D-Bus. It exposes simple aync methods to perform all the controls that ConnMan allow via D-Bus. Signed-off-by: Andrea Ricchi Signed-off-by: Khem Raj --------------------------- Commit: 9dff889e43 --------------------------- mariadb: Upgrade 11.4.9 -> 11.4.10 Remove 0001-Remove-x86-specific-loop-in-my_convert.patch as it's fixed in new version [1]. Remove 0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch as its logic is included in new version [2]. Release note: https://mariadb.com/docs/release-notes/community-server/11.4/11.4.10 [1] https://github.com/MariaDB/server/commit/470487c [2] https://github.com/MariaDB/server/commit/a61a746 Signed-off-by: Mingli Yu Signed-off-by: Khem Raj --------------------------- Commit: 8b9b789542 --------------------------- signing.bbclass: add signing_create_uri_pem helper function The PKCS#11 provider has a mechanism [1] to support older applications which have not yet migrated to the OSSL_STORE API [2]. It works by encoding the 'pkcs11:' URI into a PEM file and passing that to an application as a file. From the application's perspective it loads the private key from a file, but OpenSSL will transparently use select the provider to access it via PKCS#11 instead. Instead of upstream's Python-based tool [3] (which would pull in asn1crypto as a dependency), we just generate the ASN.1 for the PEM using OpenSSL's 'asn1parse -genconf'. It has been tested with RAUC, U-Boot's mkimage (for signed FITs) and NXP's CST. [1] https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md#use-in-older-applications-uris-in-pem-files [2] https://docs.openssl.org/master/man7/ossl_store/ [3] https://github.com/latchset/pkcs11-provider/blob/main/tools/uri2pem.py Signed-off-by: Jan Luebbe Signed-off-by: Fabian Pflug Signed-off-by: Khem Raj --------------------------- Commit: f75a2ab194 --------------------------- signing.bbclass: add support for OpenSSL PKCS#11 provider OpenSSL 4.0 will drop support for engines and use providers instead. To access SoftHSM and other PKCS#11 modules via the provider API, we rely on https://github.com/latchset/pkcs11-provider, which is already available as via pkcs11-provider recipe. We enable this provider by using a specific OpenSSL config when signing. This means that recipes inheriting this class can decide whether they want to use the engine or provider to access the key. SoftHSM seems to produce broken keys when calling the C_CopyObject, so disable caching in the provider for now. Signed-off-by: Jan Luebbe Signed-off-by: Fabian Pflug Signed-off-by: Khem Raj --------------------------- Commit: 40a1825c95 --------------------------- signing.bbclass: remove trailing white space Signed-off-by: Jan Luebbe Signed-off-by: Khem Raj --------------------------- Commit: c427a6dfc0 --------------------------- python3-m2crypto: upgrade 0.46.2 -> 0.47.0 0001-fix-allow-64-bit-time_t-on-32-bit-systems-in-test_is.patch 0002-fix-correct-struct-packing-on-32-bit-with-_TIME_BITS.patch removed since they're included in 0.47.0 Signed-off-by: Wang Mingyu MAIL: wangmy@fujitsu.com Signed-off-by: Khem Raj --------------------------- Commit: 0bc67b61ca --------------------------- wowlan-udev: add udev rule to enable WoWLAN magic-packet On some platforms (for example, QCx6490), XO (Crystal Oscillator) shutdown is prevented by Wireless Processor Subsystem votes on interconnect bandwidth and XO unless the WoWLAN magic-packet trigger is enabled. These votes are released only after running: iw phy0 wowlan enable magic-packet Add an udev rule to automatically enable WoWLAN magic-packet support when a Wi-Fi PHY is registered. This rule is provided via a dedicated wowlan-udev package and is not enabled by default. Integrators should include this package only if their platform requires automatic WoWLAN magic-packet enablement. Signed-off-by: Miaoqing Pan Signed-off-by: Khem Raj --------------------------- Commit: 6bce0aedab --------------------------- python3-can: remove python3-pkg-resources from runtime depends Due to setuptools removes and deprecates pkg_resources in 82.0.0 [1], python3-can does not import `pkg_resources` in [2], then python3-pkg-resources is not necessary for us, remove it from runtime depends [1] https://setuptools.pypa.io/en/stable/history.html#v82-0-0 [2] https://github.com/hardbyte/python-can/commit/1a3f5e3769aa565ada8c27177a94f7db43d019dc Signed-off-by: Hongxu Jia Signed-off-by: Khem Raj --------------------------- Commit: dae627f632 --------------------------- audit: upgrade 4.1.2 -> 4.1.3 ChangeLog: https://github.com/linux-audit/audit-userspace/releases/tag/v4.1.3 Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 874af51714 --------------------------- brotli: update 1.1.0 -> 1.2.0 [1.2.0] - 2025-10-27 SECURITY python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan) Added decoder / encoder: added static initialization to reduce binary size python: allow limiting decoder output (see SECURITY section) CLI: brcat alias; allow decoding concatenated brotli streams kt: pure Kotlin decoder cgo: support "raw" dictionaries build: Bazel modules Removed java: dropped finalize() for native entities Fixed java: in compress pass correct length to native encoder Improved build: install man pages build: updated / fixed / refined Bazel buildfiles encoder: faster encoding cgo: link via pkg-config python: modernize extension / allow multi-phase module initialization Changed decoder / encoder: static tables use "small" model (allows 2GiB+ binaries) Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 13b791e31d --------------------------- hplip: upgrade 3.22.10 -> 3.25.8 Contains fix for CVE-2025-43023, and support for many new printers. Drop patches that are included in this release (or the underlying problem was solved on another way) Changelog: https://developers.hp.com/hp-linux-imaging-and-printing/release_notes Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 7125b918bd --------------------------- nushell: Add nushell recipe Nushell is a modern, cross-platform shell and programming language. It is designed to work with structured data rather than plain text, and takes inspiration from traditional shells like bash, object-based shells like PowerShell, gradually typed languages such as TypeScript, functional programming, and systems programming. Add recipe for the latest release - Written in Rust - Combines a full-featured shell with a rich, structured programming language - Operates on structured data instead of plain text - Provides clear error messages and strong IDE support - Designed for modern, cross-platform workflows More information: https://crates.io/crates/nu Signed-off-by: Deepesh Varatharajan Signed-off-by: Khem Raj --------------------------- Commit: 42ea269266 --------------------------- librelp: update PACKAGECONFIG setting related to valgrind The riscv64 is now in COMPATIBLE_HOST of valgrind. The armv4/armv5/armv6 are not in COMPATIBLE_HOST of valgrind. Update the settings accordingly. Signed-off-by: Chen Qi Signed-off-by: Khem Raj --------------------------- Commit: 1e824240fb --------------------------- rrdtool: takes graph only with x11 or wayland rrdtool package configuration 'graph' relies on graphical support. Ignore it if none of x11 org wayland is in the distro features. Signed-off-by: Louis Rannou Signed-off-by: Khem Raj --------------------------- Commit: bb5f304e15 --------------------------- nodejs: fix NEON llhttp ctzll undefined behavior The NEON SIMD fast path in the bundled llhttp calls __builtin_ctzll(match_mask) without checking if match_mask is zero. When all 16 bytes in a NEON register are valid header value characters, match_mask is 0. Calling __builtin_ctzll(0) is undefined behavior. GCC at -O2 exploits this by optimizing "if (match_len != 16)" to always-true, causing HTTP 400 Bad Request for any header value longer than 16 characters on ARM targets with NEON enabled. Fix by explicitly checking for match_mask == 0 and setting match_len = 16. This bug affects both aarch64 and armv7 NEON targets. The code this patch modifies is generated, so the patch itself isn't suitable for upstream submission, as the root cause of the error is in the generator itself. The fix has been merged upstream[1] in llparse 7.3.1 and is included in llhttp 9.3.1. This patch can be dropped when nodejs updates its bundled llhttp to >= 9.3.1. [1]: https://github.com/nodejs/llparse/pull/83 Signed-off-by: Telukula Jeevan Kumar Sahu Signed-off-by: Khem Raj --------------------------- Commit: c3e16d369d --------------------------- python3-identify: Upgrade 2.6.16 -> 2.6.17 Upgrade to release 2.6.17: - Add support for sconstruct and sconscript extensions - Add support for 'slnx' file extension - Add 'escript' file type for Erlang - Add support for HLSL - Add jbuilder extension as ruby text files - Add support for *.diff - Add support for *.cmd - Add support for *.entitlements - Add support for *.xaml - Add support for uv.lock - Add support for Fastfile - Add support for Brewfile - Add support for xcodebuild file formats Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 74895a2031 --------------------------- python3-yarl: Upgrade 1.22.0 -> 1.23.0 Upgrade to release 1.23.0: - Added support for pydantic, the :class:~yarl.URL could be used as a field type in pydantic models seamlessly. - The CI has been set up to notify Codecov about upload completion - The in-tree build backend allows the end-users appending CFLAGS and LDFLAGS by setting respective environment variables externally. - The :pep:517 build backend now supports a new config setting for controlling whether to build the project in-tree or in a temporary directory. It only affects wheels and is set up to build in a temporary directory by default. It does not affect editable wheel builds - they will keep being built in-tree regardless. - Starting this version, when building the wheels is happening in an automatically created temporary directory, the build backend makes an effort to normalize the respective file system path to a deterministic source checkout directory. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 5de756cffa --------------------------- python3-rich: Upgrade 14.3.2 -> 14.3.3 Upgrade to release 14.3.3: - Fixed infinite loop with cells.split_graphemes Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: a22fe21c59 --------------------------- ceres-solver: Don't fail if .git/hooks/commit-msg can't be touched The .git/hooks/commit-msg Git hook may already exist and not be writable. E.g., in our environment it is a symbolic link to a script in /usr/share. Signed-off-by: Peter Kjellerstedt Signed-off-by: Khem Raj --------------------------- Commit: 7bc5268662 --------------------------- onig: Add CVE_PRODUCT to support product name - Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE reporting. Signed-off-by: Het Patel Signed-off-by: Khem Raj --------------------------- Commit: 9b69587ecb --------------------------- open-vm-tools: Add entry to CVE_PRODUCT to support the product name - Added 'vmware:open_vm_tools' to CVE_PRODUCT to align with the NVD CPE and ensure accurate CVE reporting. Signed-off-by: Het Patel Signed-off-by: Khem Raj --------------------------- Commit: a428ea90c0 --------------------------- abseil-cpp: Add CVE_PRODUCT to support product name - Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE reporting. Signed-off-by: Het Patel Signed-off-by: Khem Raj --------------------------- Commit: cc29ac4fea --------------------------- pangomm: remove x11 from REQUIRED_DISTRO_FEATURES Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 2cd317e955 --------------------------- gtkmm4: remove x11 from REQUIRED_DISTRO_FEATURES Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 645c82e60b --------------------------- tnftp: upgrade 20230507 -> 20260211 1.Changelog: * tnftp.h: improve compat. * Sync inet_pton.c to lib/libc/inet/inet_pton.c 1.8, via othersrc/libexec/tnftpd/libnetbsd/inet_pton.c 1.5: * Lint issues. * Hex formatting change from bind 9.4.0. * Sync inet_ntop.c to lib/libc/inet/inet_ntop.c 1.12, via othersrc/libexec/tnftpd/libnetbsd/inet_ntop.c 1.5: * Always set errno when returning NULL. * Sync fgetln.c to tools/compat/fgetln.c 1.12: * Switch to a version that does not suffer from reporting the wrong length if the file contains NULs. From OpenBSD. * Fix -Wformat-overflow issues detected by gcc 11 in fetch.c. (Also fixed in upstream NetBSD ftp, will be part of next import.) 2. LICENSE checksum has changed as Copyright year changed Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: b114f9080d --------------------------- python3-uefi-firmware: upgrade 1.12 -> 1.13 Changelog: https://github.com/theopolis/uefi-firmware-parser/releases/tag/v1.13 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 8e94c3a2a8 --------------------------- python3-send2trash: upgrade 2.0.0 -> 2.1.0 1.Changelog https://github.com/arsenetar/send2trash/releases/tag/2.1.0 2.Remove 0001-add-missing-conftest.py.patch as it was merged upstream. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: bc5bfbb4ec --------------------------- python3-uvicorn: upgrade 0.40.0 -> 0.41.0 1.Changelog: https://github.com/Kludex/uvicorn/releases/tag/0.41.0 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 012b5306a2 --------------------------- python3-wxgtk4: upgrade 4.2.4 -> 4.2.5 Remove customization of ${S} as package name has restored to wxpython-${PV}. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 550fec593a --------------------------- xdebug: upgrade 3.5.0 -> 3.5.1 Changelog: https://github.com/xdebug/xdebug/releases/tag/3.5.1 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: b4e2194a37 --------------------------- python3-gmpy2: upgrade 2.2.2 -> 2.3.0 1.Changelog: https://github.com/gmpy2/gmpy2/releases/tag/v2.3.0 2.Add python3-setuptools-scm-native as depend to satisfy require check of setuptools_scm 3.Add 0001-Avoid-do_configure-requires-check-error.patch to fix require check error of setuptools | ERROR Missing dependencies: | setuptools_scm[toml]>=6.0 | setuptools<80,>=77 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: f66593bab7 --------------------------- live555: set CVE_PRODUCT live555 is an old project, it has multiple CPEs associated with. Set the ones in CVE_PRODUCT that are still active. See CVE db query: sqlite> select vendor, product, count(*) from products where vendor like '%live555%' or product like '%live555%' group by 1, 2; live555|liblivemedia|1 live555|live555|7 live555|live555_media_server|2 live555|media_server|1 live555|streaming_media|160 All of them are relevant to this recipe, although media_server hasn't been used since 2007, that one wasn't set. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 60ff931fe7 --------------------------- pavucontrol: add x11 to REQUIRED_DISTRO_FEATURES pavucontrol depends on gtkmm4, which require x11, so add x11 to REQUIRED_DISTRO_FEATURES for pavucontrol, refer [1] [1] https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=aed20cd843fb00726d7c8da1aa19d238c2f9f195 Signed-off-by: Changqing Li Signed-off-by: Khem Raj --------------------------- Commit: 7adb1a61d2 --------------------------- btrfsmaintenance: upgrade 0.5 -> 0.5.2 1.Changelog: fix syntax error in run_task, preventing jobs to start start scrub jobs sequentially if RAID5 or RAID6 data profile is found fix btrfsmaintenance-refresh.service description 2.Update 0001-change-sysconfig-path-to-etc-default.patch for 0.5.2 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 1a9744b3ca --------------------------- bluealsa: fix QA issue staticdev When building bluealsa with building static libraries NOT disabled, you get the following error: ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package contains static .a library: bluealsa path '/usr/lib/alsa-lib/libasound_module_pcm_bluealsa.a' [staticdev] ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package contains static .a library: bluealsa path '/usr/lib/alsa-lib/libasound_module_ctl_bluealsa.a' [staticdev] ERROR: bluealsa-4.3.0-r0 do_package_qa: Fatal QA errors were found, failing task. Fix this by explicitly putting these files in the -staticdev package. Signed-off-by: Matthias Proske Signed-off-by: Khem Raj --------------------------- Commit: d20dff364d --------------------------- python3-bandit: Upgrade 1.9.3 -> 1.9.4 Upgrade to release 1.9.4: - chore: fixed some typos in comments - Fix B613 crash when reading from stdin - Include filename in nosec 'no failed test' warning - Fix B615 false positive when revision is set via variable - Lower version guard in check_ast_node to Python 3.12 - Fix B106 reporting wrong line number on multiline function calls Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: a4b7568e50 --------------------------- python3-fastapi: Upgrade 0.128.0 -> 0.133.1 Upgrade to release 0.133.1: - Add FastAPI Agent Skill. - Fix all tests are skipped on Windows. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: f6eb6e8680 --------------------------- yaml-cpp: upgrade 0.8.0 -> 0.9.0 Changelog: ============ - Increase minimum required CMake version to 3.5, update Googletest to 1.13 - Bazel module builds - node/convert: Enable the template specialization for std::string_view properly when the library is compiled by MSVC on Windows - CMake: Allow to disable uninstall - Update cmakelists to use system googletest if available - Fix indentation of empty flow sequences - Add option YAML_ENABLE_PIC - fix: use C locale by default - Use FetchContent_MakeAvailable - fix: parse files with '\r' symbols as line ending correctly - fix(src): avoid possible infinite loop in LoadAll() - missing keys should throw InvalidNode, not BadConversion - fix: prettier floating point numbers - Optimization of merge memories Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ac02b5a6f3 --------------------------- xterm: upgrade 404 -> 407 License-Update: Copyright year upted to 2026. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e19a4f4bd5 --------------------------- wireguard-tools: upgrade 1.0.20250521 -> 1.0.20260223 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 67947560bd --------------------------- wavemon: upgrade 0.9.6 -> 0.9.7 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c1318861f1 --------------------------- valkey: upgrade 9.0.2 -> 9.0.3 Security fixes ----------------- (CVE-2025-67733) RESP Protocol Injection via Lua error_reply (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message (CVE-2026-27623) Reset request type after handling empty requests Bug fixes ------------ Avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand Fix server assert on ACL LOAD when current user loses permission to channels Fix bug causing no response flush sometimes when IO threads are busy Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f10cc4806b --------------------------- utf8proc: upgrade 2.10.0 -> 2.11.3 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7194bb5535 --------------------------- upower: upgrade 1.91.0 -> 1.91.1 Changelog: ============ - Fix: a resource leak (!294) - Fix: a NULL exception caused by a Non-NULL GError pointer - Fix client API: crashing when printing the error message from a NULL GError pointer - Fix: ACPI reports -NaN capacity value - Feature: Skip CriticalPowerAction when performing battery recalibration - Deprecate: capacity_level and luminosity property - CI: Add a tartan LLVM static analysis - Feature: History supports voltage item Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 8941d7c480 --------------------------- thingsboard-gateway: upgrade 3.8.0 -> 3.8.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 307d03fa9c --------------------------- tftpy: upgrade 0.8.6 -> 0.8.7 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 3556286880 --------------------------- swagger-ui: upgrade 5.30.3 -> 5.31.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0ab79a9176 --------------------------- stunnel: upgrade 5.76 -> 5.77 Changelog: =========== * Security bugfixes - OpenSSL DLLs updated to version 3.5.5. * Bugfixes - Avoid attempting to fetch OCSP stapling for PSK-only configuration sections. * Features - Merged applicable patches from Fedora and Debian: - Use SOURCE_DATE_EPOCH for reproducible builds. - Skip the OpenSSL version check when AUTOPKGTEST_TMP is set. - Enable PrivateTmp in the stunnel.service template. - Clarify the manual page for the "curves" option. - Log client IP addresses on TLS errors. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 513dcb0d08 --------------------------- smarty: upgrade 5.7.0 -> 5.8.0 Changelog: ============= - Document missing inline implementation. Fixed #1152 - Fix static analysis warnings for isDot() and remove deprecated APC support - Support for Laravel Collections style object chaining - Regex matches operator - Add support for Backed Enums Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 23d4ba6b96 --------------------------- ser2net: upgrade 4.6.6 -> 4.6.7 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 30c229c111 --------------------------- rdfind: upgrade 1.7.0 -> 1.8.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 85efcd8a93 --------------------------- python3-wrapt: upgrade 2.0.1 -> 2.1.1 License-Update: Copyright year updated to 2026. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0ee8e25476 --------------------------- python3-typer: upgrade 0.21.1 -> 0.24.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 5c076ebf62 --------------------------- python3-typeguard: upgrade 4.5.0 -> 4.5.1 Changelog: - Fixed iterable unpacking incorrectly calculating the cut-off offset of the item list when assigning remaining values to the star variable Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: be1e06c6cc --------------------------- python3-tenacity: upgrade 9.1.2 -> 9.1.4 Changelog: ========== - Apply formatting to num seconds in before_sleep_log - Support Python 3.14 - Typing: Accept non-standard logger in helpers logging something - feat(wait): add wait_exception strategy - docs: fix syntax error in wait_chain docstring example - chore: drop Python 3.9 support (EOL) - Support async sleep for sync fn-to-retry - Fix retry() annotations with async sleep= function Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 48617f7032 --------------------------- python3-sqlparse: upgrade 0.5.4 -> 0.5.5 Changelog: ========== * Fix DoS protection to raise SQLParseError instead of silently returning None when grouping limits are exceeded * Fix splitting of BEGIN TRANSACTION statements Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e56bce849b --------------------------- python3-responses: upgrade 0.25.8 -> 0.26.0 Changelog: =========== * When using 'assert_all_requests_are_fired=True', assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called. * Consider the 'Retry-After' header when handling retries Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: d239449f83 --------------------------- python3-reportlab: upgrade 4.4.9 -> 4.4.10 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4fe27e1804 --------------------------- python3-regex: upgrade 2026.1.15 -> 2026.2.19 Changelog: ========== - Added \z as alias of \Z, like in re module. - Added prefixmatch as alias of match, like in re module. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 525d170581 --------------------------- python3-pytokens: upgrade 0.4.0 -> 0.4.1 Changelog: =========== - Avoid emitting dedents after an escaped new line - Add --json support to the CLI - Fix quiet mode in the CLI Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c47a60b80c --------------------------- python3-pystemd: upgrade 0.15.1 -> 0.15.3 Changelog: ============ - Fix type invariance causing too strict typing - Add E2E testing infrastructure using mkosi for running tests in a real systemd environment - Improve type annotations throughout pystemd, modernizing to Python 3.10+ syntax - Add AmbientCapabilities to systemd1 KNOWN_UNIT_SIGNATURES - Improve README.md clarity, spelling, and grammar Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e6e12396bd --------------------------- python3-pymodbus: upgrade 3.11.4 -> 3.12.1 Changelog: ============ - SimDevice / SimRuntime fixes. - No inter_frame_time check for baudrate > 38000. - Fix smaller bugs in test, part 2. - simulator startup armoring and update 3.x docs - Fix smaller bugs in test, part 1. - Update README.rst. - Coverage limit is 99.95% (to allow a little margin). - Removed simulator README, due to unused. - fix: add warning log when using internal default simulator config - Document simulator entrypoint in README - Upgrade library versions installed by pip. - SimData/Device integrate in server. - Add bind to ModbusUdpClient. - Solve Zuban problem. - Fix wrong parameter name in function docstring. Fix set_values does not accept tuple. - Add context.async_get/setValues with device_id. - SimData/SimDevice ready for server integration. - Reactivate pytest coverage. - No blank issue template. - Update issue templates - Fix ReadFifoQueueResponse count - Limited support for multiple devices on RS485. - Simulator DataBlock docstring corrections - fix README.rst and troubleshooting - Solve DoS vulnerability. - server handle_local_echo only in comm_params. - di is for discrete input - Allow any dev_id, when requesting dev_id 0. - Allow response transaction_id 0. - Use relative import. - ModbusServerContext.device_ids() docstring - Include ModbusSequentialDataBlock into the documentation - Fix Modbus TCP protocol ID validation in FramerSocket - Remove idle_time() from sync client, which anyhow was void. - Correct check_ci.sh. - Replace mypy with zuban - Fix monitoring of functions - Improve types - dicts have preserved insertion order since 3.7 - asyncio.iscoroutinefunction() is deprecated - Remove pypi-alias. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 01168ffb6f --------------------------- python3-pymisp: upgrade 2.5.32 -> 2.5.32.3 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 83b6f6fab5 --------------------------- python3-pylint: upgrade 4.0.4 -> 4.0.5 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0dc1a2f40e --------------------------- python3-psycopg: upgrade 3.3.2 -> 3.3.3 Changelog: ============ - Retain Error.pgconn when raising a single exception for multiple connection attempt errors - Return a proper error when server sends ErrorResponse for a Sync after a Parse Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7e096b339c --------------------------- python3-parse: upgrade 1.20.2 -> 1.21.1 Changelog: =========== - Fix microsecond precision loss in timestamp parsing - allow triggering CI manually - Actually raise exception - readme: Clarify 'd' type - Bump actions/checkout from 5 to 6 in the actions-infrastructure group - Allow grouping char (,_) in decimal format string Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0bbfdd698b --------------------------- python3-pandas: upgrade 3.0.0 -> 3.0.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 49d16df754 --------------------------- python3-moteus: upgrade 0.3.98 -> 0.3.99 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 680e6f63f0 --------------------------- python3-ipython: upgrade 9.9.0 -> 9.10.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 604b8ac0a0 --------------------------- python3-icu: upgrade 2.16 -> 2.16.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f6e5dd4059 --------------------------- python3-greenlet: upgrade 3.3.1 -> 3.3.2 Changelog: Fix a crash on Python 3.10 if there are active greenlets during interpreter shutdown. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 263194d7a3 --------------------------- python3-google-auth: upgrade 2.47.0 -> 2.48.0 Features ---------- - honor NO_GCE_CHECK environment variable - add configurable GCE Metadata Server retries - add cryptography as required dependency - Support the mTLS IAM domain for Certificate based Access Bug Fixes ---------- - resolve circular imports - Use user_verification=preferred for ReAuth WebAuthn challenge - removes content-header from AWS IMDS get request - detect correct auth when ADC env var is set but empty - replace deprecated utcfromtimestamp Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4eda10a4ed --------------------------- python3-gcovr: upgrade 8.5 -> 8.6 Changelog: ============ - Drop support for Python 3.9.Add support for Python 3.14. - To avoid merge errors, add the line number to the name of the unknown function. - If intermediate files are kept, rename the gcov files before processing them to log the final filename. - Use the first line after a function definition and not the first line which is hit. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 5e59d1806e --------------------------- python3-fsspec: upgrade 2025.12.0 -> 2026.2.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6f4bcc14d4 --------------------------- python3-filelock: upgrade 3.24.2 -> 3.24.3 Changelog: ========== - fix(ci): add trailing blank line after changelog entries - fix(unix): handle ENOENT race on FUSE/NFS during acquire Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 62afcf971e --------------------------- python3-fastapi: upgrade 0.128.0 -> 0.133.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b293419af6 --------------------------- python3-drgn: upgrade 0.0.33 -> 0.1.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: eae503c929 --------------------------- python3-dateparser: upgrade 1.2.2 -> 1.3.0 New features: -------------- - search_dates() can now detect time spans from expressions like "past - month", "last week", etc. For details, see the "Time Span Detection" section - and the RETURN_TIME_SPAN, DEFAULT_START_OF_WEEK and - DEFAULT_DAYS_IN_MONTH settings in the documentation. Fixes: -------- - Assume the current year if not specified - Support expressions like "yesterday +1h" - English: Support most 2-letter day-of-the-week names - English: Support "in N weeks' time" - Finnish: Support dates with "klo" - Russian: Support compound ordinals Cleanups and internal improvements: ------------------------------------- - Fixed year expectation issues in tests. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 45e3541b9a --------------------------- python3-cssselect2: upgrade 0.8.0 -> 0.9.0 Changelog: ========== - Drop support of Python 3.9, support 3.14 - Support :host Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a0b58d6ca0 --------------------------- python3-coverage: upgrade 7.13.2 -> 7.13.4 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: d608e61c82 --------------------------- python3-cmd2: upgrade 3.1.0 -> 3.2.2 License-Update: Updated copyright to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f60e9e1624 --------------------------- frr: upgrade 10.5.1 -> 10.5.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 83ca373577 --------------------------- thermald: upgrade to 2.5.11 Upgrade thermald to release 2.5.11. This update includes the following changes: - Clang-tidy fixes - Added support for Wildcat Lake platform - Fixes for CVE related to symbolic link exploitations - D-Bus interface fixes - Removal of power group handling after Thermal Monitor support deprecation Signed-off-by: Priyansh Jain Signed-off-by: Khem Raj --------------------------- Commit: 4b50ae5383 --------------------------- 7zip: upgrade 25.01 -> 26.00 Release notes [1]: * improved code for ZIP, CPIO, RAR, UFD, QCOW, Compound. * 7-Zip File Manager: improved sorting order of the file list. It uses file name as secondary sorting key. * 7-Zip File Manager: improved Benchmark to support systems with more than 64 CPU threads. * the bug was fixed: 7-Zip could not correctly extract TAR archives containing sparse files. * some bugs were fixed. License-Update: copyright years refreshed [1] https://github.com/ip7z/7zip/releases/tag/26.00 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 321112dd2e --------------------------- jwt-cpp: Add native class to support Add also native class to support building the library for the host system to use it e.g. with the newer dynamic SDK. Signed-off-by: Adrian Freihofer Signed-off-by: Khem Raj --------------------------- Commit: f1920a8760 --------------------------- bcu: upgrade 1.1.115 -> 1.1.128 1. Changelog: Support i.MX952 15x15 EVK with Power group updated. 2. Update 0001-CMakeLists-do-not-use-vendored-libcurl.patch for 1.1.128 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 7f55d23e65 --------------------------- ifuse: upgrade 1.1.4 -> 1.2.0 Changes: - Switch to libfuse 3 - Require libimobiledevice 1.4.0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 58259850fe --------------------------- owfs: upgrade 3.2p3 -> 3.2p4 Drop patch that's included in this release. Changelog: v3.2p4 is mainly a bugfix & cleanup release. Enhancements Add support for InfernoEmbedded soft-devices (GH-21) Bug fixes Fix bug (GH-55) related to split packet (GH-64) Fix copy paste bug (474f06d) Add \r to Http header to satisfy RFC2616 specification (GH-20) Maintenance build system cleanup (GH-72, GH-27, GH-16) Fix missing files in source distribution (GH-70, GH-69) Fix compilation with GCC10 (GH-62) Minor fixes Fix typos (GH-43 GH-23) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 93e33ae809 --------------------------- packagegroups: fix foldername The correct folder name is "packagegroups", not "packageconfigs". Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: b52fbf590f --------------------------- zfs: upgrade 2.2.8 -> 2.4.1 Changelogs: https://github.com/openzfs/zfs/releases Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 17866b5617 --------------------------- remmina: upgrade 1.4.36 -> 1.4.43 While touching this recipe, also switch to FreeRDP3 dependency, which is still maintained, opposed to v2. Changelogs: https://gitlab.com/Remmina/Remmina/-/releases 1.4.43: Add minimal macOS build support Revert "Added kerberos-config plug" Fix issue preventing SPICE plugin from being loaded Do not calculate monitor shift if using freerdp_settings_set_monitor_def_array_sorted 1.4.42: add option to enforce IPvX preference Fix ssh x11 forwarding crashing in nixos Add support for smartcard authentication Add option to delay floating toolbar popup Update FreeRDP checks to newer version Fix typo Update AppStream metadata !2684 update ffmpeg Create named SPICE connection Fix session stuck problem with KeePassXC default dynamic resolution when supported issue toolbar disappearance in some multi-monitor situations Enable AAD support in Flatpak build Create viewonly mode button on rcw toolbar Permit css customization in scrolled window mode src/remmina_ssh.c: zero-initialize RemminaSFTP structs [plugins/rdp] fix memory leaks Strip whitespace from quickconnect [cmake] mark include_directories SYSTEM [rdp] fix FreeRDP_MonitorLocalShift[XY] fix various compiler warnings UI: move view_toggle_button on the left bug: double free on remmina_string_array_free run update-translations.sh Avoid Gettext incorrectly considering c-format Disable save password prompt on quick connect authentication prompts fix UB when connecting by link-local address Added kerberos-tickets plug Added kerberos-config plug Fix floating toolbar popup regression in multimonitor 1.4.41: Update keyboard mapping Fix segfault that could happen when attempting to save a connection profile Add ifdef to allow compilation without libssh Add environment variable to prevent openssl config issue Update snap to latest FreeRDP version Toggle sending null or empty password when field is left blank Add checks to allow FreeRDP2 compatibility Fix KeyStroke function for SPICE plugin Raise max length of username field to 300 from 100 Allow use of ssh command line arguments to create ssh connections Fix use of default_value in remmina_file_get_int Implement VNC connection timeout Fix warnings Prevent crash when pasting an image using RDP if gdk_pixbuf_save_to_buffer fails Properly save and load color themes !2662 Fix Flatpak crash when moving floating tool bar Save unlock password when set outside of the preferences menu Update CMAKE_PREFIX_PATH in snapcraft.yaml Properly implement keyboard interactive ssh authentication Made hiding connection profile name on floating toolbar optional Add a local terminal plugin Allow Flatpak build to run commands Allow users to connect to multiple connections or groups of connects at once Create autostart directory if it does not exist. Fix autostart directory create for flatpak. Python Wrapper plugin: Fix typo + add comment for edge-case hinting that the plugin needs to be installed Several small fixes and improving group connections 1.4.40: Fix invalid free causing crash with sending keystrokes and clipboard contents Fix SEGV when removing a non-exitend connection Adjust floating toolbar to take up less space Fix issue with multimonitor configuration needed for FreeRDP versions after 3.10.x Add option to allow ssh-rsa keys to be used for ssh connections Only set the max width and height to full monitor if using multimonitor Fix typo Revert calls back to uint Fix issue with RDP scaling on connect Add option to force multimonitor mode Added the options to start connections in fullscreen mode and/or with dynamic resolution enabled for protocols that support the options Allow empty passwords to be passed to FreeRDP Allow import/export of ssh tunnel settings hide local cursor when showing remote cursor 1.4.39: Fix bug passing wrong value in SPICE plugin (Breaking compilation on some distributions) 1.4.38: Add option to automatically copy ssh text when selected Allow -c to work with www plugin Don't prompt about closing connections with no connections Mainly fixing memory leaks and some small bugs 1.4.37: Implement horizontal smooth scrolling in RDP Allow -c to work with www plugin Add ability to lock message panels to one side of the window fix dangling pointer in ssh_options_get_port invocation Revert "[REM-2854] Add timeout option to handle VNC disconnects" Fix OpenSSL include dir Revert "[REM-3121] Handle GotFrameBufferUpdate on its own thread to prevent freeze" fix compile warning that is failure with newer gcc versions Add null check to prevent crash when pasting empty clipbaord [REM-3086] Remove support for FreeRDP_SupportMonitorLayoutPdu to prevent loss of keyboard with xrdp Don't rely on padding characters to be present to try decrypting passwords Add option to immediately close VNC windows when they fail to... Allow Remmina to use plugins immediately on download without needing a restart Add plugin api to allow Remmina to display if a profile is... Fix error message for failed RDP connection Add more detail to bug report to make certain issues easier to solve Resize icons to fit flatpak specifications Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2b86f1b03c --------------------------- vlc: remove broken PACKAGECONFIGs opencv: VLC fails to compile[1] with opencv 4. freerdp: this version of VLC requires freerdp v1, however the layer only provides v2 and v3. (For the next major, currently in-development release, VLC 4, they have migrated to freerdp2, thought it also just got EOL) Due to these, remove these PACKAGECONFIGS< and explicitly disable these features. [1]: https://code.videolan.org/videolan/vlc/-/issues/22016 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: b648cfc9dd --------------------------- redis: drop recipe for v6.2.21 This version has been EOL for a year now. There are recipes for two other, still maintained versions in the layer. Drop this version. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 91fcee9f10 --------------------------- README.md: fix typos Correct a couple of typos in the various readme files. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 948b1f751b --------------------------- python3-autoflake: upgrade 2.3.1 -> 2.3.3 Changelog: =========== - Update README.md - Drop Python 3.8 - pre-commit-config: --py39-plus - github/workflows: add Python 3.13 to the test matrix - Fix TypeError in is_literal_or_name on unhashable set literals - Fix IndexError in extract_package_name on malformed import lines - pre-commit: update hooks and formatting - github/workflows/upload-to-pypi: oidc - pyproject: fix packaging Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f3602add3b --------------------------- python3-asyncinotify: upgrade 4.3.2 -> 4.4.0 Changelog: Add support for FreeBSD Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: de15d2844d --------------------------- python3-astroid: upgrade 4.0.3 -> 4.1.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 82672eebc0 --------------------------- python3-asgiref: upgrade 3.11.0 -> 3.11.1 Changelog: ============ - SECURITY FIX CVE-2025-14550 - Fixed a regression in 3.11.0 in "sync_to_async" when wrapping a callable with an attribute named "context". Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 09cc9579d4 --------------------------- postfix: upgrade 3.10.6 -> 3.10.8 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 470d42d9d4 --------------------------- pcsc-tools: upgrade 1.7.3 -> 1.7.4 Changelog: =========== - 282 new ATRs - pcsc_scan: display what the program expect from the user Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0079965ede --------------------------- parallel: upgrade 20251122 -> 20260222 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7d09cfdb84 --------------------------- nautilus: upgrade 49.3 -> 49.4 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7a2ecc36be --------------------------- nano: upgrade 8.7 -> 8.7.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 74f444bd34 --------------------------- mstpd: upgrade 0.1.0 -> 0.1.1 Changelog: =========== - mstpctl: add showportparams cmd - bridge-stp.in: use short-hand arguments for logger command - bridge-stp.in: support different versions of pidof - mstpctl-utils-functions.sh: fix shellcheck warnings - Update bridge_track.c - netif_utils: fix speeds > 65G - ifupdown.sh.in: fix new shellcheck warnings - libnetlink: fix socket file descriptor leak on error paths - fix compilation for with GCC 15 / C23 - do not leak stack memory via struct holes Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7a9fc125a6 --------------------------- mpich: upgrade 4.3.2 -> 5.0.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4c59be8493 --------------------------- mctp: upgrade 2.4 -> 2.5 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 430ff5e8a9 --------------------------- libspdm: upgrade 3.8.1 -> 3.8.2 Changelog: ============ - os_stub/openssllib: Allow building with older OpenSSL versions - Ignore MSVC warning when compiling OpenSSL - Bring fixes from main to 3.8 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c5e970cb1e --------------------------- libpanel: upgrade 1.10.3 -> 1.10.4 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f15907b0c1 --------------------------- libgsf: upgrade 1.14.54 -> 1.14.55 Changelog: ========= * Reduce stack usage. * Documentation fixes. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c47bc6df08 --------------------------- libdnet: upgrade 1.18.0 -> 1.18.2 Changelog: =========== - fix copyright typo - Fix encoding (iso-8859 -> utf-8) and add GL CI config - config.h.in: Fix wrong return type - Update master from devel branch - Pull in latest development changes Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 549e005d20 --------------------------- jwt-cpp: upgrade 0.7.1 -> 0.7.2 Changelog: =========== - Improve as_date narrowing conversion from C4244 warning - update trait dependencies to support CMake v4 - Fix linter error - Update workflows for new GitHub Action Runner Images - Support passing ssl library key handles to algorithms - Update CMP0135 to new behaviour - Fix error in CMake config-file package - CMake: synchronize cmake_minimum_required from main CMakeLists.txt - Reduce usage of std::time_t, std::chrono::system_clock::to_time_t and system_clock::from_time_t in order to get correct dates when working with a 32bit application - Fix set_expires_in not accepting non-default Period - AppVeyor Warnings Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 853aecb2f9 --------------------------- imagemagick: upgrade 7.1.2-13 -> 7.1.2-15 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 8f1cc0e211 --------------------------- gtksourceview5: upgrade 5.18.0 -> 5.19.0 Changelog: ========= * Annotations: draw a background behind annotations; align to the right when they fit (e.g. for diagnostics) * GObject Introspection: fix nullable and callback destroy annotations (get_location, get_match_style, scheduler, callbacks) * Fix gutter text renderer text layout snapshot deprecation * PHP language: highlight PHP 8.0 attributes and add new keywords * New language: Cornish * Translation updates Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 43d33eb4bb --------------------------- gensio: upgrade 3.0.1 -> 3.0.2 Changelog: ========= - Fix afskmdm shutdown issues - Fix a crash if gensio_acc_disable() is called more than once. - Allow the pcre2 package to be used. - Fix a locking issue in cm108gpio. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 5174bfeacb --------------------------- feh: upgrade 3.11.2 -> 3.11.3 Changelog: ========== * Support DOS-style \r\n line breaks when loading filelists. Note that they will be saved with UNIX-style \n line breaks regardless of input format. This is intentional. * Fix --action, --info, --title and similar commands hard-coding the maximum length of the formatted output to 4095 characters. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 8d4b22bf08 --------------------------- ctags: upgrade 6.2.20260125.0 -> 6.2.20260222.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 43109b9265 --------------------------- cmark: upgrade 0.31.1 -> 0.31.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 052eca7394 --------------------------- catch2: upgrade 3.12.0 -> 3.13.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 61f8a5e8e5 --------------------------- byacc: upgrade 20241231 -> 20260126 License-Update: Copyright year updated to 2026. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9704626d52 --------------------------- bdwgc: upgrade 8.2.10 -> 8.2.12 License-Update: Copyright year updated to 2025. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0a67fd110b --------------------------- asyncmqtt: upgrade 10.2.6 -> 10.3.0 Changelog: ============= - Added Share Name character check. - Implemented cmake package version checking. - Fixed broker tool not delivering all retained messages when wildcard subscription matches multiple topics. - Added get_qos2_publish_handled_pids(), restore_qos2_publish_handled_pids(), restore_packets(), and get_stored_packets() to client for convenient. - get_endpoint() can be omitted now. - Refined reconnect examples. - Added websocket async_close timeout. - Added documentation regarding stream reuse restrictions for TLS-related streams. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 935b8c85a9 --------------------------- abseil-cpp: upgrade 20260107.0 -> 20260107.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ea7946e205 --------------------------- libsdl3-image: update 3.2.6 -> 3.4.0 - Fix license checksum: Copyright year has been changed - Add support for av1 and jxl - libavif is in meta-multimedia -> disable av1 by default Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: dbc8163677 --------------------------- tigervnc: Fix do_rootfs Error Fix the following error: ERROR: core-image-minimal-1.0-r0 do_rootfs: Postinstall scriptlets of ['tigervnc'] have failed. If the intention is to defer them to first boot, then please place them into pkg_postinst_ontarget:${PN} (). Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 1dd10406bd --------------------------- iperf2: Update CVE_PRODUCT CPEs are registered for iperf_project2:iperf2 in addition to iperf_project:iperf. By changing CVE_PRODUCT to an appends, this ensures that both iperf and iperf2 CPEs are used for CVE matching. Signed-off-by: Colin Pinnell McAllister Signed-off-by: Khem Raj --------------------------- Commit: 14d464c150 --------------------------- python3-nltk: upgrade 3.9.2 -> 3.9.3 Contains fix for CVE-2026-14009. Changelog: * Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader * Block path traversal/arbitrary reads in nltk.data for protocol-less refs * Block path traversal/abs paths in corpus readers and FS pointers * Validate external StanfordSegmenter JARs using SHA256 * Add optional sandbox enforcement for filestring() * Maintenance: downloader/zipped models, CI/tooling updates Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d79130035f --------------------------- freerdp: patch CVE-2026-23532 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23532 The related Github advisory[1] contains a detailed analysis about the vulnerability. Pick the patch that describes the same issue in its description. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: df8905be0f --------------------------- freerdp: patch CVE-2026-23530 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23530 The related Github advisory[1] contains an amalysis of the vulenrability, describing the issue and the root cause also. Backported the commit that implemented the solution described in the advisory. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 64c630c0cb --------------------------- python3-flask-jwt-extended: Upgrade 4.6.0 -> 4.7.1 Upgrade to release 4.7.1: - Add controls for verify_sub option in PyJWT From release 4.7.0: - Drop support for python 3.7 and 3.8, add 3.13 - Fix documentation around identity needing to be a string Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 7895e2db32 --------------------------- python3-flask-pymongo: Upgrade 2.3.0 -> 3.0.1 Upgrade to release 3.0.1: - Fix link rendering in readme - Fix handling of _version.py file From release 3.0.0: - Support Flask 3.0+ and PyMongo 4.0+. - Support Python 3.9-3.13. - Support MongoDB 4.4+. - Add support for ~flask.json.jsonify(). Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 9ade3594a1 --------------------------- python3-flask-socketio: Upgrade 5.6.0 -> 5.6.1 Upgrade to release 5.6.1: - Session fixes for Flask >= 3.1.3 - Update SocketIO constructor documentation - Switch to the Furo documentation template Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: a260bd01ac --------------------------- python3-flask-cors: Upgrade 5.0.0 -> 6.0.2 Upgrade to release 6.0.2: - Update license pyproject.toml From 6.0.1: - Invert regex sorting to make it correctly match the intent (sorting by specificity descending) - Fix README file extension in pyproject.toml From 6.0.0: - [CVE-2024-6839] Sort Paths by Regex Specificity - [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote - [CVE-2024-6866] Case Sensitive Request Path Matching License-Update: Use line 6 from PKG-INFO Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: fcee74c421 --------------------------- python3-flask-marshmallow: Upgrade 1.3.0 -> 1.4.0 Upgrade to release 1.4.0: - Add missing commas in error message for validate.FileType - Support Python 3.10-3.14 Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 0badc6de53 --------------------------- python3-flask: Upgrade 3.1.2 -> 3.1.3 Upgrade to release 3.1.3: - The session is marked as accessed for operations that only access the keys but not the values, such as in and len. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: a8151a256d --------------------------- python3-flask-migrate: Upgrade 4.0.7 -> 4.1.0 Upgrade to release 4.1.0: - Accept arguments such as --directory in environment variables - Fix minor typos in documentation Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 3eb08d69ef --------------------------- python3-flask-mail: Upgrade 0.9.1 -> 0.10.0 Upgrade to release 0.10.0: - Drop support for Python < 3.8. - Use pyproject.toml for packaging metadata. - Use flit_core as build backend. - Apply code formatting and linting tools. - Add static type annotations. - Deprecate the __version__ attribute. Use feature detection or importlib.metadata.version("flask-mail") instead. - Indicate that the deprecated is_bad_headers will be removed in the next version. - Fix the email_dispatched signal to pass the current app as the sender and message as an argument, rather than the other way around. - Attachment.data may not be None. - Attachment.content_type will be detected based on filename and data and will not be None. License-Update: Use LICENSE.txt Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: eebcb01ee4 --------------------------- blueprint-compiler: remove recipe The recipe has been moved to oe-core[1]. [1] https://git.openembedded.org/openembedded-core/commit/?id=4212392ca7ebf890e1e192ddd0e7dbe1f8dabcf2 Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 9eb1053a39 --------------------------- python3-appdirs:Add HOMEPAGE Add HOMEPAGE in python3-appdirs. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 1571c1a8e5 --------------------------- streamripper: ignore CVE-2020-37065 Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065 The vulnerability is about a 3rd party Windows-only GUI frontend for the streamripper library, and not for the CLI application that the recipe builds. Due to this ignore this CVE. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9cbc4befe5 --------------------------- python3-werkzeug: upgrade 3.1.5 -> 3.1.6 Contains fix for CVE-2026-27199 Changelog: safe_join on Windows does not allow special devices names in multi-segment paths Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: b76163f1bb --------------------------- python3-pillow: upgrade 12.1.0 -> 12.1.1 Contains fix for CVE-2026-25990 Ptests passed successfully: Testsuite summary TOTAL: 5024 PASS: 4587 SKIP: 434 XFAIL: 3 FAIL: 0 XPASS: 0 ERROR: 0 Changelog: Patch libavif for svt-av1 4.0 compatibility Fix OOB Write with invalid tile extents Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 23ac8a6f36 --------------------------- live555: upgrade 20210824 -> 20260112 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 398fa05aa8 --------------------------- protobuf: ignore CVE-2026-0994 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994 The vulnerability impacts only the python bindings of protobuf, which is in a separate recipe (python3-protobuf, where it is patched). Ignore this CVE in this recipe due to this. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 70a90d49b9 --------------------------- polkit: add info about CVE-2016-2568 Details: https://nvd.nist.gov/vuln/detail/CVE-2016-2568 This commit mostly just tries to add some info to this issue, in the hope that it will save some time for others who try to investigate it. This CVE most probably will stay open in meta-oe in the foreseeable future, although it can be mitigated reasonably easily by the users of the layer. The description of the vulnerability is short enough that it can be reproduced here: "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer." The general consensus amongst developers/major distros[1][2][3] seems to be that it should be mitigated on the kernel side, to not allow non-privileged users to fake input. To this end, the kernel has introduced a new config in v6.2, called CONFIG_LEGACY_TIOCSTI - when it is enabled, non-privileged used can also fake input. It is however by default enabled (and it is also enabled in the kernels shipped in oe-core, at least at the time of writing this). Disabling this kernel config is considered to be the mitigation, to allow input-faking only by privileged users. [1]: https://security-tracker.debian.org/tracker/CVE-2016-2568 [2]: https://bugzilla.suse.com/show_bug.cgi?id=968674 [3]: https://marc.info/?t=145694748900001&r=1&w=2 / https://marc.info/?l=util-linux-ng&m=145702209921574&w=2 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: f059dcebc3 --------------------------- openjpeg: patch CVE-2023-39327 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327 Take the patch that is used by OpenSUSE to mitigate this vulnerability. Upstream seems to be unresponsive to this issue. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 1f70d339eb --------------------------- minidlna: ignore CVE-2024-51442 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-51442 The description of the vulnerability says "attacker [...] execute arbitrary OS commands via a specially crafted minidlna.conf configuration file". There is no official fix for this CVE, and upstream seems to be inactive for the past 3 years. The reason for ignoring this CVE is that the referenced minidlna.conf file is in the /etc folder, and the file is not world-writable. Which means that this vulnerability can be exploited only when someone is root - but if the attacker is already root, they don't need to resort to minidlna config-file modifications to execute any command they want. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: a4583e0e80 --------------------------- libcdio: mark CVE-2024-36600 fixed Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36600 The vulnerability is fixed since 2.2.1.rc1[1], and officially since v2.3.0. However NVD tracks it like v2.3.0 was still vulnerable. Mark the CVE explicitly patched. [1]: https://github.com/libcdio/libcdio/blob/master/NEWS.md Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 4d6e24106c --------------------------- gnome-shell: ignore CVE-2021-3982 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-3982 The vulnerability is about a privilege escalation, in case the host distribution sets CAP_SYS_NICE capability on the gnome-shell binary. OE distros don't do that, and due to this this recipe is not affected by this issue. The CVE is ignored. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9dec2c8aef --------------------------- gimp: ignore already fixed CVEs Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0797 https://nvd.nist.gov/vuln/detail/CVE-2026-2044 https://nvd.nist.gov/vuln/detail/CVE-2026-2045 https://nvd.nist.gov/vuln/detail/CVE-2026-2047 https://nvd.nist.gov/vuln/detail/CVE-2026-2048 All these CVEs are already fixed in the recipe version, however NVD tracks them currently without CPE info. Ignore them. Relevant upstream commits: CVE-2026-0797: https://gitlab.gnome.org/GNOME/gimp/-/commit/ca449c745d58daa3f4b1ed4c2030d35d401a009d Note that the commit referenced by NVD is incorrect. This commit was identified from the relevant upstream Gitlab issue: https://gitlab.gnome.org/GNOME/gimp/-/issues/15555 CVE-2026-2044: https://gitlab.gnome.org/GNOME/gimp/-/commit/3b5f9ec2b4c03cf4a51a5414f2793844c26747e5 CVE-2026-2045: https://gitlab.gnome.org/GNOME/gimp/-/commit/bb896f67942557658b3fbfc67a1c073775c002c7 CVE-2026-2047: https://gitlab.gnome.org/GNOME/gimp/-/commit/5873e16f80cf4152d25a4c86b08553008a331e90 CVE-2026-2048: https://gitlab.gnome.org/GNOME/gimp/-/commit/fa69ac5ec5692f675de5c50a6df758f7d3e45117 Signed-off-by: Khem Raj --------------------------- Commit: 3cabaa4ee7 --------------------------- freerdp: ignore CVE-2026-22853 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22853 The vulnerable feature was introduced in v3.9.0[1], the recipe version is not affected. Ignore this CVE. [1]: https://github.com/FreeRDP/FreeRDP/commit/a4bd5ba8863c0959501d4604159042a311dae85a Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: e3fbcd0250 --------------------------- freerdp: patch CVE-2026-22852 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22852 The related github advisory[1] comes with an analysis of the vulnerability, including pointing to the vulnerable code snippet. Backported the commit that touched the mentioned code part in the fixed version, and is in line with the description of the issue. Ptests passed successfully. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 3e32683d88 --------------------------- python3-gunicorn: Upgrade 24.1.1 -> 25.1.0 Upgrade to release 25.1.0: - Control Interface (gunicornc): Add interactive control interface for managing running Gunicorn instances, similar to birdc for BIRD routing daemon - Unix socket-based communication with JSON protocol - Interactive mode with readline support and command history - Commands: show all/workers/dirty/config/stats/listeners - Worker management: worker add/remove/kill, dirty add/remove - Server control: reload, reopen, shutdown - New settings: --control-socket, --control-socket-mode, --no-control-socket - New CLI tool: gunicornc for connecting to control socket - Dirty Stash: Add global shared state between workers via dirty.stash - In-memory key-value store accessible by all workers - Supports get, set, delete, clear, keys, and has operations - Useful for sharing state like feature flags, rate limits, or cached data - Dirty Binary Protocol: Implement efficient binary protocol for dirty arbiter IPC using TLV (Type-Length-Value) encoding - More efficient than JSON for binary data - Supports all Python types: str, bytes, int, float, bool, None, list, dict - Better performance for large payloads - Dirty TTIN/TTOU Signals: Add dynamic worker scaling for dirty arbiters - Send SIGTTIN to increase dirty workers - Send SIGTTOU to decrease dirty workers - Respects minimum worker constraints from app configurations - ASGI Worker: Promoted from beta to stable - Dirty Arbiters: Now marked as beta feature License-Update: Update years Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 05308bb72d --------------------------- python3-isort: Upgrade 7.0.0 -> 8.0.0 Upgrade to release 8.0.0: - Update CHANGELOG for version 8.0.0 - Fix edge case of __future__ import - Fix the Plone profile to be compatible with black - Remove the setuptools plugin - Turn some warnings into errors in test suite - chore: replace black with ruff in clean.sh - feat!: remove old finders flag and legacy finder logic - Fix whitespace insensitive check triggering on tabs - Fix line separator detection not considering form feed as white space Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 53636bd5f2 --------------------------- python3-mpmath: Upgrade 1.3.0 -> 1.4.0 Upgrade to release 1.4.0: - Support underscores as digit separators per PEP 515 - Add rationals converter for mpf's - Rewrite bernpoly/eulerpoly to avoid dependency on bernoulli(1) convention - Support base kwarg for from_str() - Support randmatrix() for mp.iv and mp contexts - Added rank() function for matrices - Add plus flag to select the B_1 sign convention for bernoulli/bernfrac - Add mpf.as_integer_ratio() method, support construction of mpf from Decimal objects - Expose lower/upper_gamma functions - Support mpc initialization from string - Support asinh/acosh/atanh in the fp context - Support binary/octal/hexadecimal string output - Support pickling for matrices and mpi - Support matrix.__array__() dunder method - Support more number syntaxes - Run mpmath as a module for interactive work - Add signed option to to_man_exp() - Add fp.hypot - Support inf/nan's in ctx.almosteq() - Implement mpf.__format__() - Support conversion from scalar ndarray's - Support rounding modes in mpf.__format__ - Support '%' presentation type for mpf - Support gmpy2-like rounding modes in to_str() - Implement 'a'/'A' formating types for mpf.__format__ - Add mpc.__format__() - Now mpf.__round__() returns mpf - Support 'b' (binary) format type for mpf/mpc - Implement mpf.__floordiv__() and mpf.__divmod__() - Add parameters for MPContext constructor - Add MPFR-compatible aliases for rounding modes - Support negative indexes in matrix - Better introspection support for decorated functions - Add moving sofa demo - Support spherical Bessel functions (jn/yn) - Add pretty_dps context property to control number of printed digits - Support thousands separators for formatting of fractional part - Use PyREPL, as fallback (no IPython) - Add exp2() and log2() - Support rounding property for the mp context - Add Fox H-function with rational A/B parameters (foxh()) - Provide experimental support for free-threading builds License-Update: Update years Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 172c473caf --------------------------- libgpiod: update to v2.2.3 Bug-fix release addressing a couple problems in gpio-manager and tests. Signed-off-by: Bartosz Golaszewski Signed-off-by: Khem Raj --------------------------- Commit: e3b6caa4f1 --------------------------- webmin: upgrade 2.501 -> 2.520 Changelog: https://github.com/webmin/webmin/releases/tag/2.520 Changelog: https://github.com/webmin/webmin/releases/tag/2.510 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: 6ba45c1f94 --------------------------- Revert "libsdl3-image: update 3.2.6 -> 3.4.0" This reverts commit 0d686b2c5bbe92f4acadb2547b6fc81bf21979de. --------------------------- Commit: 7bc93734b8 --------------------------- hplip: set CVE_PRODUCT This recipe gets CVEs with two CPEs: hplip and linux_imaging_and_printing. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from PRODUCTs where PRODUCT in ('hplip', 'linux_imaging_and_printing'); CVE-2009-0122|hp|hplip|2.7.7|=|| CVE-2009-0122|hp|hplip|2.8.2|=|| CVE-2015-0839|hp|linux_imaging_and_printing|||3.17.7|<= CVE-2025-43023|hp|linux_imaging_and_printing|||3.25.2|< Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 40cef597b4 --------------------------- python3-evdev: Upgrade 1.9.2 -> 1.9.3 Upgrade to release 1.9.3: - Drop support for Python 3.8 and raise setuptools version to 77.0 - Use an SPDX license - Fix memory leaks Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 79845f8552 --------------------------- python3-stevedore: Upgrade 5.6.0 -> 5.7.0 Upgrade to release 5.7.0: - Add typing classifier - Enable logging related ruff checks to extend the enforced format rules related to logging. - Delay string interpolations at logging calls - Remove reference to tag framework because the framework was removed. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 8c2f53cd0b --------------------------- pipewire: update 1.4.10 -> 1.6.0 PipeWire 1.6.0 (2026-02-19) This is is the 1.6 release that is API and ABI compatible with previous 1.4.x releases. This release contains some of the bigger changes that happened since the 1.4 release last year, including: * An LDAC decoder was added for bluetooth. * SpanDSP for bluetooth packet loss concealment. * Safe parsing and building of PODs in shared memory. * Added support for metadata features. This is used to signal that the sync_timeline metadata supports the RELEASE operation. * Node commands and events can contain extra user data. * Support for more compressed format helper functions to create and parse formats. * Support for compile time max channels. The max channels was increased to 128. * Support for audio channel layouts was added. This makes it possible to set "audio.layout" = "5.1" instead of the more verbose audio.position = [ FL, FR, FC, LFE, SL, SR ] * Support for Capability Params was added. This can be used to negotiate capabilities on a link before format and buffer negotiation takes place. * More HDR colortypes are added. * Loops now have locking with priority inversion. Most code was adapted to use the faster locks instead of epoll/eventfd to update shared state. * Channel position are parsed from EDID data. * Channel maps are now set on ALSA. * The resampler now supports configurable window functions such as blackman and kaiser windows. The phases are now also calculated with fixed point math, which makes it more accurate. * Many bluetooth updates and improvements. * The filter-graph has an ffmpeg and ONNX plugin. The ffmpeg plugin can run an audio AVFilterGraph. The ONNX plugin can run some models such as the silero VAD. * Many AVB updates. Work is ongoing to merge the Milan protocol. * Support for v0 clients was removed. * The jack-tunnel module can now autoconnect ports. * ROC support multitrack layouts now. * Many RTP updates. * rlimits can now be set in the config file. * Thread reset on fork can now be configured. JACK clients expect this to be disabled. * node.exclusive is now enforced. * node.reliable enables reliable transport. * pw-cat supports sysex and midiclip as well as some more uncompressed formats. Options were added to set the container and codec formats as well as list the supported containers, codecs, layouts and channel names. * Documentation updates. Highlights (since the previous 1.5.85 prerelease) - Fix a 64 channel limit in the channel mixer. - Fix an fd leak in pulse-server in some error cases. - Some small fixes and improvements. PipeWire - Fix Capability leaks. - Return an error in pw-stream get-time when not STREAMING. - Set the current time in the driver position before starting. Some followers might look at it. Modules - Improve default channel handling in module-filter-chain. - Support source and sink only module-filter-chain. - Tweak the filter-chain spatializer example gains. - Handle new snapcast service type. (#5104) - Implement socket activation without depending on libsystemd. - Support ipv4 link-local addresses in RAOP and snapcast. (#4830) - Forward ROC-toolkit logs to pipewire. SPA - Improve default channel handling in filter-graph. (#5084) - Clamp control values to min/max. (#5088) - Support mode JBL gaming headsets. - Handle some SOFA errors and add gain option. - Really handle more than 64 channels in the channelmixer. (#5118) - Allow removal in ALSA-udev of ignored cards. pulse-server - Fix mono mixdown query. - Expose headset autoswitch message. - Handle EPROTO errors by disconnecting. - Handle timeouts in play-sample streams. (#5099) GStreamer - Fix crop metadata. - Fix a race in the buffer release function. Tools - Improve format support and detection in pw-cat. - Add some more options to pw-cat to list supported containers and formats. (#5117) Older versions: PipeWire 1.5.85 (2026-01-19) This is the fifth and hopefully last 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. Highlights - Fix errors in older clients that blindly mmap buffer data. - ALSA channel mapping should work in more cases. - Fix an overflow in the resampler with some sample rates. - Device ID negotiation for DMABUF was added. - The channelmixer can now also downmix most REAR and TOP channel positions. - Various small fixes and improvements. PipeWire - Avoid doing flushing invoke in pw-stream. (#5010) - Fix stream time delay calculations in some cases. (#4957) - Avoid suspending a node when the ports are busy. Modules - Mode AVB module updates. - Remove MAPPABLE flag from memptr data in client-node. This avoids errors in older clients that blindly map buffers. (#5003) - Don't leak the filter-chain module in module-parametric-equalizer. (#5045) - make it possible to run pulse tunnel sink and source with the same name. (#5079) SPA - The delay filter in filter-graph now has feedback and feedforward options to make it possible to implement comb and allpass filters. - The resampler can be compiled with a custom default quality. - Firewire latency is scaled correctly now. (#4977) - The mixer will only passthrough dynamic data. - Fix filter-graph state in audioconvert after flush. - Set the channel map in ALSA nodes to tell ALSA our channel layout and avoid wrong channels. - Fix AVX2 function, make sure they don't run on AVX-only CPUs. (#5072) - Fix an overflow and crash when too many phases are used in the resampler. (#5073) - Add some more channel downmix positions, mostly REAR and TOP channels. pulse-server - Add a message to enable mono mixdown. Tools - Support filenames in raw mode in pw-cat. (#5012) - Enable clipping in spa-resample. examples - Update device ID negotiation examples. Docs - Document the resampler properties better. PipeWire 1.5.84 (2025-11-27) This is the fourth 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. Changes since the last pre-release: Highlights - Capabilities wer added to improve negotiation over links. - The audio resampler now has a configurable window function to better tune the resampler quality. A kaiser and blackman window was added and the default parameters were tuned. - Various small fixes and improvements. PipeWire - Capabilities and PeerCapabilities were added to exchange key/value pairs between consumer and producer right after a link is made. This can be used to detect how the negotiation of formats and buffers should be done. Modules - Avoid segfaults in RTP source. (#4970) - The AVB module has seen some improvements. Pulse-server - @NONE@ can now be used to clear the default sink/source. SPA - Support longer convolver filenames and also support inline IRs. - The audio resampler window function is now selectable and configurable. A kaiser window and blackman window was added and the default qualities were tweaked to improve quality. - The filter-graph convolver latency is now set by default to something more sensible. (0 by default and N/2 for hilbert). (#4980) Bluetooth - Better xrun and error handling for iso streams. - The +CNUM reply was fixed. - The CIEC call status was fixed. (#1744) - Add BAP context metadata to improve compatibility. - Improve compatiblity with Creative Zen Hybrid Pro by releasing transports simultaneously. PipeWire 1.5.83 (2025-11-06) This is the third 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. Changes since the last pre-release: Highlights - Include the NEWS and updated version number. PipeWire 1.5.82 (2025-11-06) This is the second 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. Changes since the last pre-release: Highlights - The max channel limit is now a compile time option. - The SAP and RTP module have seen some robustness improvements. - Add audio.layout propperty. - Cleanups to the code here and there. PipeWire - Handle Tags more like Latency with a NULL param when no ports are linked and some sort of (empty) Tag when the ports are linked. Modules - Improve the echo-cancel module to keep the streams more aligned and cause less latency. - Improve format parsing errors in most modules. - The RTP module now has extra code for better network robustness, including cases when network interfaces are not yet up and running, and multicast sockets are silently kicked out of IGMP groups. - The direct timestamp mode in the RTP module was effectively broken and is now fixed. - Add support for audio.layout. - Add multichannel support to ROC. SPA - Rework the maximum number of channel handling. Because this is a potential ABI break, it is now a compile time option with new functions to handle more than the previous 64 channels. - The 64 channel limit was removed from the noise shaper. - spa_strbuf is used in more places instead of custom snprintf code. - The volume ramp code was simplified. - The driver node now has properties to configure the clock. - The adapter will try to renegotiate when the driver changes. - Fix relaxed array parsing with od number of elements. (#4944) - audio.layout was added to set the channel positions to some predefined layouts. - Added more POD choice checks to ensure the right amount of values are present in the choice. - Fix __has_attribute usage. (#4962) - Thread RESET_ON_FORK is now disabled for JACK application so that forking will preserve any real-time thread priorities, like JACK. (#4966) - Fix some compilation issues. (#4960 and #4961). Pulse-server - Fix missing subscription events on device port changes. - Increase min.quantum to 256/48000. (#4875) GStreamer - Avoid overflow in clock time calculations. - Fix renegotiation. Docs - Swap the name and id of device.product PipeWire 1.5.81 (2025-10-16) This is the first 1.6 release candidate that is API and ABI compatible with previous 1.4.x, 1.2.x and 1.0.x releases. In addition to all the changes backported to 1.4.x, this release also contains some new features: Highlights - The link negotiation code was refactored and improved. Applications now have more options for selecting the default values and restricting the available options. The default negotiation code will now attempt to better match the application suggested values. - The loop now has support for locking with priority inversion. Most of the code was updated to use the locks instead of invoke to get proper concurrent updates with the loop. The Thread loop functionality of locks, signal and wait was moved to the SPA loop. This guarantees better real-time behaviour because inter-thread synchronization does not have to pass eventfd/epoll. - The control stream parser was rewritten to be safe against concurrent updates while parsing, which can occur when parsing shared memory. It also has extra checks to avoid integer overflows and undefined behaviour. - MIDI 2.0 clip support was added to the tools. - Bluetooth ASHA (Audio Streaming for Hearing Aid) support was added. - The ALSA node setup was tweaked to provide low latency with the ALSA Firewire driver. - Better support for explicit sync. It is now possible to negotiate extra features to know if a consumer will signal the sync objects and implement a fallback using a reliable transport. - Many bug fixes and improvements. PipeWire - Avoid process calls in disconnect in pw-stream. (#3314) - Disable PipeWire services for root. - The link negotiation was refactored and improved. Drivers now always have a lower priority in deciding the final format. - Backwards compatibility with the v0 protocol was removed. - pw-stream and pw-filter will now refuse to queue a buffer that was not dequeued before. - Object properties will now be updated on the global as well. - The priority of config overrides is correct now. (#4816) - Async links now correctly report 1 extra quantum of latency. - node.exclusive and the new port.exclusive flag are now enforced by PipeWire itself. - A new timer-queue helper was added to schedule timeouts. - node.terminal and node.physical properties are now copied to the ports to make it possible to create virtual sources and sinks for JACK applications. - Port properties will now be dynamically updated when the node properties they depend on are updated. - Passive leaf nodes are now handled better. Now they will also run when the peer is active. (#4915) - Reliable transport has been added for output ports. This can be used in some cases if the producer wants to ensure buffers are consumed by a consumer. (#4885) - Context properties now support rlimit. properties to configure rlimits. (#4047) Modules - Close SyncObj fds. - module-combine-stream has better Latency reporting. - The JACK tunnel can now optionally connect ports. - module-loopback has better Latency reporting. - A Dolby Surround and Dolby Pro Logic II example filter config was added. - Filter-chain can now resample to a specific rate before running the filters. This is useful when the filter-graph needs to run at a specific rate. - Avahi-poll now uses the timer-queue to schedule timeouts. - Modules are ported to timer-queue instead of using timerfd directly for non-realtime timers. SPA - The loop now has support for locking with priority inversion. Most of the code was updated to use the locks instead of invoke to get proper concurrent updates with the loop. The Thread loop functionality of locks, signal and wait was moved to the SPA loop. - UMP to Midi 1.0 conversion was improved, some UMP events are now converted to multiple Midi 1.0 messages. (#4839) - The POD filter was refactored and improved. It is now possible to use the default value of the output by specifying an invalid input default value. - The POD parser was made safe for concurrent updates of the memory it is parsing. This is important when the POD is in shared memory and the parser should not access invalid memory. - Some hardcoded channel limits were removed and now use the global channel limit. More things can dynamically adapt to this global limit. The max number of channels was then bumped to 128. - The POD builder is safe to use on shared memory now and tries to avoid many integer overflows. - Most debug functions are safe to be used on shared memory. - User specified Commands and Events are now possible. - The SPA_IO_CLOCK_FLAG_DISCONT was added to spa_io_clock to signal a discont in the clock due to clock change. - AC3, DTS, EAC3, TRUEHD and MPEGH now have helper parser functions. - H265 was added as a video format. (#4674) - SPA_PARAM_PeerFormats was added to let a port know about its peer formats in order to better filter possible conversions. - More color matrices, transfer functions and color primaries. - The echo-canceler is enabled now. - Pro-Audio mode now uses 3 periods by default. This lowers the latency on some drivers (Firewire). The latency of Firewire is also reported correctly now. - The ALSA DLL bandwidth is configurable now. - The resampler now uses fixed point for the phases and is a little faster when updating adaptive rates. - The convolver is a little faster by swapping buffers instead of copying samples. - Latency and ProcessLatency support was added to filter-graph. (#4678) - Audio channel position support was added to filter-graph. - A new ffmpeg avfilter plugin was added to filter-graph. - A new ONNX filter was added to filter-graph. - A debug, pipe, zeroramp and noisegate filter was added to the filter-graph. (#4745) - The filter-graph lv2 plugin now supports options and state. - videoconvert was greatly improved. - The v4l2 plugin can negotiate DMABUF with modifiers. - Colorimetry information was added to v4l2 and libcamera. - Audioconvert can handle empty buffers more efficiently. - Improve the POD compare functions for Rectangle. - There is now a SPA_POD_PROP_FLAG_DROP flag to drop the property when the property is missing from one side. - A new FEATURE choice was added that is basically a flags choice with a FLAG_DROP property. - Metadata features were added. This is a way to negotiate new features for the metadata. (#4885) - DSD playback with pw-cat has been improved. - Compatibility and xrun prevention for the SOF driver has been improved. (#4489) - The filter-graph max plugin can now have 8 input channels. - Buffer Negotiation between the mixer port and the node ports is much improved. (#4918) - An offline AEC benchmark was added. - Channel positions are now read from HDMI ELD when possible. - Audioconvert and filter-graph now also support properties of Long and String types. ACP - It's possible to disable the pro-audio profile. - Support for Logitech Z407 PC Speakers was improved. - Support for Razer BlackShark v3. - Fix volume rounding down causing mute. (#4890) Tools - pw-cat can now play and record MIDI 2.0 Clips, which is the official format for storing MIDI 2.0 UMP data. pw-midi2play and pw-midi2record were added as aliases. - pw-cat can now upload sysex files. The pw-sysex alias was added for this. - The pw-link tool now has a -t option to list port latencies. It also has better monitor support. - pw-top can now clear the ERR column with the c key. - pw-cli now keeps the types of the variables it stores and avoid using wrongly typed variables that can crash things. It can now also list the available variables. - pw-dump can now output raw JSON and SPA JSON. - pw-dump has configurable indentation level. - pw-mididump can be forced to output MIDI 1.0 messages. - pw-profiler now uses doubles for extra precision. - pw-top now marks the async nodes with =. Bluetooth - Telephony improvements. - ASHA support was added. - Packet loss concealment was added. - Improved synchronisation between LE Audio streams in the same group. - Improved LE Audio device compatibility. - LC3-24kHz voice codec was added (used by Airpods) - LDAC decoding support added (requires separate decoder library) Pulse-server - The SUSPEND event is now correctly generated. fail-on-suspend is now implemented. - PA_STREAM_DONT_INHIBIT_AUTO_SUSPEND is now implemented. (#4255) (#4726) - RTP streams now have stream.properties for extra configuration. - Timed out streams are now destroyed instead of lingering. (#4901) - A new help and pipewire-pulse:list-modules core message was added. JACK - Port rename callbacks are now emitted correctly. - Use safe POD parsing for the control sequences. V4l2 - The wrapper now avoids a race while initializing PipeWire. (#4859) GStreamer - Colorimetry support was added. - Cursor metadata is now exposed as ROI metadata. - Many more updates. Docs - Document the client-node flow a bit more. Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: be28379a19 --------------------------- can-isotp: drop recipe This out-of-tree kernel module was mainlined in Linux 5.10. The previous LTS kernel, 5.4 is EOL, and oe-core ships with newer kernels - there is no need to keep this recipe around. It also has an explicit SKIP_RECIPE tag, it wasn't tested since a long time. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: c1693752d7 --------------------------- python3-m2crypto: fix python3-m2crypto-native do_configure:prepend() The recent workaround for https://github.com/swiftlang/swift/issues/69311 breaks python3-m2crypto-native, with error about missing e_os2.h file in recipe-sysroot-native. Apply do_configure:prepend to class-target only to fix. Signed-off-by: Geoff Parker Signed-off-by: Khem Raj --------------------------- Commit: 22c702491a --------------------------- python3-matplotlib: Fix TMPDIR in debug binaries, [buildaths] errors Fix errors like: ERROR: python3-matplotlib-3.10.8-r0 do_package_qa: QA Issue: File /usr/lib/python3.14/site-packages/matplotlib/backends/.debug/ _backend_agg.cpython-314-arm-linux-gnueabihf.so in package python3-matplotlib-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Geoff Parker Signed-off-by: Khem Raj --------------------------- Commit: 95e4da06e4 --------------------------- cfengine: upgrade 3.21.0 -> 3.26.0 Changelog: https://github.com/cfengine/core/blob/3.26.0/ChangeLog License-Update: The project switched from pcre to pcre2. This small change is incorporated in the license, where the dependencies are listed. libpcre2 and OpenSSL is now a mandatory dependencies, the corresponding PACKAGECONFIGs are dropped. Patch that was incorporated in this release is also dropped. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 68c5fd3d85 --------------------------- cfengine: remove SKIP_RECIPE tag The recipe compiles fine with OpenSSL 3, compatibility has been added in version 3.20. While here, fix some broken PACKAGECONFIGs too. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: ced0eeb223 --------------------------- thermald: fix upstream check Look at the correct URL for new tags and exclude incorrectly tagged [1] 2.15.10 release. [1] https://github.com/intel/thermal_daemon/issues/504 Signed-off-by: Anuj Mittal Signed-off-by: Khem Raj --------------------------- Commit: 7e94be1f7b --------------------------- thermald: include the correct HOMEPAGE Signed-off-by: Anuj Mittal Signed-off-by: Khem Raj --------------------------- Commit: 6b77c52b0a --------------------------- thermald: import from meta-intel thermald now supports ARM platforms [1], so move it out of meta-intel to allow broader reuse. This version remains compatible only with x86 but a future recipe upgrade should fix COMPATIBLE_MACHINE. [1] thermal_daemon 1931a12e7e ("Add ARM backend and enable ARM platform detection") Signed-off-by: Anuj Mittal Signed-off-by: Khem Raj --------------------------- Commit: 16fb872ad6 --------------------------- vlc: upgrade 3.0.21 -> 3.0.23 Vlc can be compiled again against modern ffmpeg - the SKIP_RECIPE tag is removed. Drop patches that became obsolete, because the underlying problems were solved. Was able to build it successfully with meta-qt5, and also play a video in core-image-sato. Some (opt-in) PACKAGECONFIGs are broken (not removed as part of this patch): - freerdp - it requires a too old freerdp codebase - opencv - it requires a too old opencv codebase - vdpau - compilation fails (undefined symbol av_vdpau_get_surface_parameters), not really sure about the reason Changelog: https://github.com/videolan/vlc/blob/3.0.23/NEWS Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 6de011f520 --------------------------- open62541: update to v1.4.16 Important changes from the v1.4.16 patch release notes: - server: Block transfer of subscriptions between anonymous users - server: Track transferred subscriptions for correct diagnostics counter update - client: Don't close the SecureChannel when the servers sends a late async response - pubsub: Add null check after UA_Array_new in addDataSetReaderConfig - pubsub: Prevent NULL dereference in UA_DataSetMessage_decodeBinary - pubsub: Initialize value in UA_NetworkMessage_decodePayload to avoid undefined behavior Signed-off-by: Johannes Kauffmann Signed-off-by: Khem Raj --------------------------- Commit: ca43e2b187 --------------------------- python3-flask-socketio: Upgrade 5.3.6 -> 5.6.0 Upgrade to release 5.6.0: - Use Flask test client's own environ dict if it is available - Add Python 3.13, 3.14 and pypy-3.11 to CI builds, drop 3.8 and 3.9 - Documentation: Added an example using the init_app() method Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: c291a7c266 --------------------------- python3-socketio: Upgrade 5.11.2 -> 5.16.1 Upgrade to release 5.16.1: - Use configured JSON module in managers - Admin UI fixes: remove duplicate tasks, report transport upgrades - Switch to Furo documentation template - Add Python free-threading to CI Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 00c0a6966c --------------------------- python3-engineio: Upgrade 4.9.0 -> 4.13.1 Upgrade to release 4.13.1: - Document that a process can have only one custom JSON module - Switch to Furo documentation template Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 85fa691790 --------------------------- sessreg: upgrade 1.1.3 -> 1.1.4 Drop 0001-Makefile.am-Error-Fix.patch - the error doesn't seem to happen anymore. License-Update: Removed the words "All rights reserved" from Oracle copyright notices. Shortlog: Remove "All rights reserved" from Oracle copyright notices meson: Add option to build with meson Add --help and --version options Improve man page formatting man pages: fix warnings from `mandoc -T lint` and `groff -rCHECKSTYLE=10` Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 19ae3c84e2 --------------------------- redis: Add redis 8.0.0 recipe Adding base 8.0.0 recipe for redis without any module configuration. See https://github.com/redis/redis/tree/8.0.0?tab=readme-ov-file#redis-data-types-processing-engines-and-capabilities for more details. Signed-off-by: Eric Meyers Signed-off-by: Khem Raj --------------------------- Commit: 8da0f12830 --------------------------- python3-bumble: Upgrade 0.0.223 -> 0.0.225 Upgrade to release 0.0.225: - Fix wrong LE event codes Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 97f1988367 --------------------------- python3-astroid: Upgrade 4.0.3 -> 4.1.0 Upgrade to release 4.1.0: - Add support for equality constraints (``==``, ``!=``) in inference. - Ensure ``ast.JoinedStr`` nodes are ``Uninferable`` when the ``ast.FormattedValue`` is ``Uninferable``. This prevents ``unexpected-keyword-arg`` messages in Pylint where the ``Uninferable`` string appeared in function arguments that were constructed dynamically. - Add support for type constraints (`isinstance(x, y)`) in inference. - Make `type.__new__()` raise clear errors instead of returning `None`. - Move object dunder methods from ``FunctionModel`` to ``ObjectModel`` to make them available on all object types, not just functions. - ``lineno`` and ``end_lineno`` are now available on ``Arguments``. - Add helper to iterate over all annotations nodes of function arguments, ``Arguments.get_annotations()``. - Skip direct parent when determining the ``Decorator`` frame. - Add simple command line interface for astroid to output generated AST. Use with ``python -m astroid``. - Fix incorrect type inference for ``super().method()`` calls that return ``Self``. Previously, astroid would infer the parent class type instead of the child class type, causing pylint E1101 false positives in method chaining scenarios. - Add missing ``dtype`` and ``casting`` parameters to ``numpy.concatenate`` brain. - Fix ``random.sample`` inference crash when sequence contains uninferable elements. - Fix ``random.sample`` crash when cloning ``ClassDef`` or ``FunctionDef`` nodes. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 7578aa0b30 --------------------------- python3-bitstruct: Upgrade 8.21.0 -> 8.22.1 Upgrade to release 8.22.1: - Fix float16 pack/unpack on big-endian systems - Compile wheels for Inten macOS and Windows ARM Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 37ddc1b433 --------------------------- python3-telnetlib3: Upgrade 2.0.8- > 2.6.0 Upgrade to release 2.6.0: - new: TLS support (TELNETS). open_connection() accepts an ssl parameter (True, or an ssl.SSLContext). create_server() accepts an ssl parameter (ssl.SSLContext). New CLI options: --ssl, --ssl-cafile, --ssl-no-verify for telnetlib3-client; --ssl-certfile, --ssl-keyfile and --tls-auto for telnetlib3-server - new: the default server shell now displays Ready (secure: TLSv1.3) for TLS connections (the protocol version shown is negotiated dynamically). - bugfix: telnetlib3-client now sets terminal mode to the server's preference via WILL ECHO and WILL SGA negotiation. Use --raw-mode to restore legacy raw mode for servers that don't negotiate. - bugfix: telnetlib3-client declines MUD protocol options (GMCP, MSDP, MSSP, MSP, MXP, ZMP, AARDWOLF, ATCP) by default. Use --always-do or --always-will to opt in. - bugfix: log output "staircase text" in raw terminal mode. - bugfix: graceful EOF handling - connection close no longer prints a traceback. Fixes: WARNING: python3-telnetlib3-2.6.0-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with hatchling.build, use the correct class [pep517-backend] License-Update: Remove garbage characters from ISC license text Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 0ffe63d46d --------------------------- python3-parso: Upgrade 0.8.5 -> 0.8.6 Upgrade to release 0.8.6: - Switch the type checker to Zuban. It's faster and now also checks untyped code. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 920fd295d6 --------------------------- gpiod-sysfs-proxy: update to v0.1.4 This update fixes a couple problems with the proxy daemon but also addresses local issues with the recipe: modifies the systemd service to pass attr_timeout=0 for better reliability and updates the test script. Signed-off-by: Bartosz Golaszewski Signed-off-by: Khem Raj --------------------------- Commit: 1596998582 --------------------------- python3-multiprocess: new package Add a recipe for a for of python's multiprocessing package that uses dill for data marshalling. Signed-off-by: Bartosz Golaszewski Signed-off-by: Khem Raj --------------------------- Commit: d3a8ddcaaa --------------------------- snapper: update 0.12.2 -> 0.13.0 - Remove 0001-Fix-build-with-boost-1.89.patch. Seems to be fixed upstream - Use manpages class Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 87a9e44a8d --------------------------- dav1d: update 1.5.2 -> 1.5.3 Changes for 1.5.3 'Sonic': -------------------------- 1.5.3 is a minor release of dav1d, focused on RISC-V and maintenance: - Misc small optimizations - RISC-V assembly optimizations for ipred, emu_edge and w_mask, and VLEN 512 for blend functions - Fix issue with ivf files with 0 frames in tools Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 051eaf06fd --------------------------- libsdl3: update 3.2.30 -> 3.4.0 - dont explicitly disable xinput support to fix compilation if x11 support is enabled (error: unknown type name 'XIRawEvent') - add missing dependencies for libxcursor, xtst, xinput In addition to lots of bug fixes and general system improvements, this release has some major themes of improved interoperability between the 3D GPU API and the 2D rendering API, improved Emscripten support, improved pen handling, and native support for PNG images. Here is a full list of the API changes since the last release: General: Added SDL_CreateAnimatedCursor() to create animated color cursors Added SDL_HINT_MOUSE_DPI_SCALE_CURSORS to automatically scale cursors based on the display scale Added SDL_SetWindowProgressState(), SDL_SetWindowProgressValue(), SDL_GetWindowProgressState(), and SDL_GetWindowProgressValue() to show progress in the window's taskbar icon on Windows and Linux Added GPU device creation properties to enable the GPU API on older hardware if you're not using these features: SDL_PROP_GPU_DEVICE_CREATE_FEATURE_CLIP_DISTANCE_BOOLEAN SDL_PROP_GPU_DEVICE_CREATE_FEATURE_DEPTH_CLAMPING_BOOLEAN SDL_PROP_GPU_DEVICE_CREATE_FEATURE_INDIRECT_DRAW_FIRST_INSTANCE_BOOLEAN SDL_PROP_GPU_DEVICE_CREATE_FEATURE_ANISOTROPY_BOOLEAN SDL_PROP_GPU_DEVICE_CREATE_D3D12_ALLOW_FEWER_RESOURCE_SLOTS_BOOLEAN Added SDL_PROP_GPU_DEVICE_CREATE_VULKAN_OPTIONS_POINTER to enable configuring Vulkan features when creating a GPU device Added SDL_PROP_GPU_DEVICE_CREATE_VULKAN_REQUIRE_HARDWARE_ACCELERATION_BOOLEAN to allow requiring Vulkan hardware acceleration when creating a GPU device Added SDL_GetGPUDeviceProperties() to query information from a GPU device: SDL_PROP_GPU_DEVICE_NAME_STRING SDL_PROP_GPU_DEVICE_DRIVER_NAME_STRING SDL_PROP_GPU_DEVICE_DRIVER_VERSION_STRING SDL_PROP_GPU_DEVICE_DRIVER_INFO_STRING Added SDL_GetPixelFormatFromGPUTextureFormat() and SDL_GetGPUTextureFormatFromPixelFormat() Added SDL_CreateGPURenderer() and SDL_GetGPURendererDevice() to create a 2D renderer for use with GPU rendering. Added SDL_CreateGPURenderState(), SDL_SetGPURenderStateFragmentUniforms(), SDL_SetGPURenderState(), and SDL_DestroyGPURenderState() to use fragment shaders with a GPU 2D renderer Added SDL_PROP_TEXTURE_CREATE_GPU_TEXTURE_POINTER to create a 2D texture from an existing GPU texture Added SDL_PROP_TEXTURE_GPU_TEXTURE_POINTER to get the GPU texture from a 2D texture when using the GPU 2D renderer Added support for YUV textures and HDR colorspaces to the GPU 2D renderer Added support for textures with palettes, and SDL_GetTexturePalette() and SDL_SetTexturePalette() to interact with them Added SDL_RenderTexture9GridTiled() to do tiled instead of stretched 9-grid texture rendering Added SDL_GetDefaultTextureScaleMode() and SDL_SetDefaultTextureScaleMode() to set the texture scale mode for new textures Added SDL_GetRenderTextureAddressMode() and SDL_SetRenderTextureAddressMode() to change the texture addressing mode Added SDL_TEXTURE_ADDRESS_WRAP to allow wrapping of textures if the renderer has SDL_PROP_RENDERER_TEXTURE_WRAPPING_BOOLEAN set The default YUV colorspace is BT.601 limited range, for compatibility with SDL2 Added SDL_SCALEMODE_PIXELART as an improved scaling algorithm for pixel art without introducing blurring Added SDL_FLIP_HORIZONTAL_AND_VERTICAL to flip a surface both horizontally and vertically Added SDL_LoadPNG(), SDL_LoadPNG_IO(), SDL_SavePNG(), and SDL_SavePNG_IO() to load and save PNG images Added SDL_LoadSurface() and SDL_LoadSurface_IO() to detect BMP and PNG formats and load them as surfaces Added SDL_PROP_SURFACE_ROTATION_FLOAT to indicate the rotation needed to display camera images upright Added SDL_RotateSurface() to create a rotated copy of a surface SDL_EVENT_WINDOW_EXPOSED now sets data1 to true if it is sent during live resizing Added SDL_EVENT_DISPLAY_USABLE_BOUNDS_CHANGED, which is sent when the usable desktop bounds change Added SDL_EVENT_SCREEN_KEYBOARD_SHOWN, which is sent when the on-screen keyboard has been shown Added SDL_EVENT_SCREEN_KEYBOARD_HIDDEN, which is sent when the on-screen keyboard has been hidden Added pinch gesture events: SDL_EVENT_PINCH_BEGIN, SDL_EVENT_PINCH_UPDATE, SDL_EVENT_PINCH_END SDL_EVENT_AUDIO_DEVICE_ADDED will be sent during initialization for each audio device SDL_GetCameraPermissionState() returns SDL_CameraPermissionState instead of int Added SDL_PutAudioStreamDataNoCopy() to do more efficient audio stream processing in some cases Added SDL_PutAudioStreamPlanarData() to add planar audio data instead of interleaved data to an audio stream Added SDL_HINT_AUDIO_DEVICE_RAW_STREAM to signal that the OS shouldn't do further audio processing, useful for applications that handle noise canceling, etc. Added SDL_PROP_AUDIOSTREAM_AUTO_CLEANUP_BOOLEAN to allow streams that persist beyond the audio subsystem lifetime. Added enhanced support for 8BitDo controllers Added enhanced support for FlyDigi controllers Added enhanced support for Hand Held Legend SInput controllers Added support for wired Nintendo Switch 2 controllers when built with libusb Added SDL_hid_get_properties() to associate SDL properties with HID devices Added SDL_PROP_HIDAPI_LIBUSB_DEVICE_HANDLE_POINTER to query the libusb handle from an SDL_hid_device, if it's been opened with libusb Added SDL_SetRelativeMouseTransform() to add custom mouse input transformation Added SDL_GetPenDeviceType() to determine whether a pen is on the screen or on a separate touchpad SDL_HINT_MAIN_CALLBACK_RATE may be set to a floating point callback rate Added SDL_GetEventDescription() to get an English description of an event, suitable for logging Added SDL_PROP_IOSTREAM_MEMORY_FREE_FUNC_POINTER to allow custom freeing of the memory used by SDL_IOFromMem() and SDL_IOFromConstMem() Added SDL_PROP_PROCESS_CREATE_WORKING_DIRECTORY_STRING to set the working directory for new processes Added verbose log output when the DEBUG_INVOCATION environment variable is set to "1" Added SDL_AddAtomicU32() Added SDL_GetSystemPageSize() to get the system page size Added SDL_ALIGNED() to signal that data should have a specific alignment Windows: Added SDL_HINT_RENDER_DIRECT3D11_WARP to enable D3D11 software rasterization Using SDL_InsertGPUDebugLabel(), SDL_PushGPUDebugGroup(), and SDL_PopGPUDebugGroup() requires WinPixEventRuntime.dll to be in your PATH or in the same directory as your executable Added SDL_PROP_DISPLAY_WINDOWS_HMONITOR_POINTER so you can query the HMONITOR associated with a display SDL_HINT_AUDIO_DEVICE_STREAM_ROLE is used by the WASAPI audio driver to set the audio stream category Added SDL_HINT_AUDIO_DEVICE_RAW_STREAM to signal whether the OS audio driver should do additional signal processing Added SDL_HINT_WINDOWS_RAW_KEYBOARD_EXCLUDE_HOTKEYS to allow disabling some system hotkeys when in raw input mode SDL_HINT_WINDOWS_GAMEINPUT is disabled by default macOS: Added SDL_HINT_MAC_PRESS_AND_HOLD to control whether holding down a key will repeat the pressed key or open the accents menu Linux: Added atomic support for KMSDRM Added SDL_HINT_KMSDRM_ATOMIC to control whether KMSDRM will use atomic functionality Added SDL_PROP_DISPLAY_WAYLAND_WL_OUTPUT_POINTER so you can query the wl_output associated with a display Emscripten: Added SDL_WINDOW_FILL_DOCUMENT to indicate that windows expand to fill the whole browser window Added SDL_SetWindowFillDocument() to change whether windows expand to fill the whole browser window Added SDL_PROP_WINDOW_CREATE_EMSCRIPTEN_CANVAS_ID_STRING to allow setting the SDL canvas ID, and SDL_PROP_WINDOW_EMSCRIPTEN_CANVAS_ID_STRING to query it on existing windows Added SDL_PROP_WINDOW_CREATE_EMSCRIPTEN_KEYBOARD_ELEMENT_STRING to specify where keyboard input is bound, and SDL_PROP_WINDOW_EMSCRIPTEN_KEYBOARD_ELEMENT_STRING to query it on existing windows iOS: SDL now supports window scenes, fixing the warning "CLIENT OF UIKIT REQUIRES UPDATE" Added SDL_PROP_WINDOW_CREATE_WINDOWSCENE_POINTER to specify the window scene for a window visionOS: The default refresh rate has been increased to 90Hz SDL_SetWindowSize() changes the size of the window on Vision Pro headsets PlayStation 2: Added the following hints to control the display parameters: SDL_HINT_PS2_GS_WIDTH, SDL_HINT_PS2_GS_HEIGHT, SDL_HINT_PS2_GS_PROGRESSIVE, SDL_HINT_PS2_GS_MODE Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: eb4dab9818 --------------------------- libsdl2-compat: update 2.32.62 -> 2.32.64 - fix license checkksum: Copyright year has been changed This is a stable bugfix release, with the following changes: Fixed surface memory leak in some circumstances Fixed mouse grab not persisting past window recreation Fixed picking the correct fullscreen resolution Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 0d686b2c5b --------------------------- libsdl3-image: update 3.2.6 -> 3.4.0 - Fix license checksum: Copyright year has been changed - Add support for av1 and jxl Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 87f62c8910 --------------------------- postgresql: upgrade 17.7 -> 17.8 License-Update: Update license year to 2026 Refreshed patches for version 17.8 Includes fix for CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006 Release Notes: https://www.postgresql.org/docs/release/17.8/ Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: 7f3d7b7adb --------------------------- libjxl: upgrade 0.11.1 -> 0.11.2 - fix tile dimension in low memory rendering pipeline (CVE-2025-12474) - fix number of channels for gray-to-gray color transform (CVE-2026-1837) - djxl: reject decoding JXL files if "packed" representation size overflows size_t https://github.com/libjxl/libjxl/releases/tag/v0.11.2 Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: ff397db3d1 --------------------------- dbus-cxx: update 2.6.0 -> 2.6.1 Changelog from upstream: Some minor fixes for code generation. Qt6 is now properly detected. Signed-off-by: Frede Hoey Braendstrup Signed-off-by: Khem Raj --------------------------- Commit: e19775fba8 --------------------------- libtoml11: move SRCREV below SRC_URI According to the recipe style guide, SRCREV should be placed below SRC_URI. Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 4e105b2749 --------------------------- libtoml11: add a BBCLASSEXTEND A native version of libtoml11 may be needed for recipes such as dnf5 in the future. Add it now. Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 4eefeb3357 --------------------------- libtoml11: add a cve_product Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 4c7aaad52d --------------------------- libtoml11: Add a bugtracker url Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: ce96911f68 --------------------------- libtoml11: check PTEST_ENABLED instead of DISTRO_FEATURES Checking for PTEST_ENABLED 1 is the preferred method for enabling and disabling ptests for packages. Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 6a5cb4697b --------------------------- libtoml11: use gitsm for SRC_URI Using gitsm also allows for the revmoval of SRCREV_json and SRCREV_doctest. Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 2681b16e8a --------------------------- libtoml11/files/0001-Remove-whitespace-in-operator.patch: change upstream-status Change "Submitted" in 0001-Remove-whitespace-in-operator.patch to "Backport" with the appropraite link to the relevant commit hash. Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: e1d3b9598e --------------------------- libtoml11/files/run-ptest: cleanup Shellcheck -oall warnings fixed: - exit 1 if `cd tests` failes (SC2164) - Double quote `./${atest}` to prevent globbing and word splitting. (SC2086) - Check the test exit code directly intead of using $? (SC2181) Other fixes: - The shebang sould traditionally be /usr/bin/env sh in case sh is not located in /bin. - Do not remove tests.log for every test. Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: fddb601320 --------------------------- python3-flask-limiter: Add recipe Rate limiting for flask applications. Add recipe for release 4.1.1: - Ensure cli commands fail gracefully when cli dependencies are not installed. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 8d589e0705 --------------------------- python3-limits: Add recipe Rate limiting utilities. Add recipe for release 5.8.0: - Allow explicit keyword arguments for storage options for username & password for storages that support it. - Allow explicitly specifying startup_nodes through keyword arguments for all redis cluster storages. - Support IPv6 addresses in cluster locators in storage URI Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 62f73c9b4f --------------------------- ifenslave: update link to homepage The old link does not work anymore. New page found based on other linuxfoundation.org link redirects. Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 98576ba53f --------------------------- bridge-utils: update link to homepage The old link does not work anymore. New page found based on other linuxfoundation.org link redirects. Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 63e4dfcbc9 --------------------------- cups-filters: update link to homepage The old link redirects here now. Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 0b3cc61e2a --------------------------- thunar: upgrade 4.20.5 -> 4.20.7 Changelog: https://gitlab.xfce.org/xfce/thunar/-/tags/thunar-4.20.7 Changelog: https://gitlab.xfce.org/xfce/thunar/-/tags/thunar-4.20.6 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: a310ed6fdb --------------------------- python3-pyperf: Upgrade 2.9.0 -> 2.10.0 Upgrade to release 2.10.0: - ReadTheDocs: use latest Ubuntu and Python - Add BSD support for track-memory - Docs: Update minimum Python version. Add matching badge - Remove fallbacks for unsupported Python versions (< 3.9) - Setup Dependabot for Github actions, bump checkout and setup-python actions - Recognise CPython as a JIT implementation Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 49b9d21b2e --------------------------- python3-platformdirs: Upgrade 4.5.1 -> 4.9.2 Upgrade to release 4.9.2: - docs(platforms): fix RST formatting and TOC hierarchy - docs: restructure following Diataxis framework Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 05e9b81873 --------------------------- python3-tox: Upgrade 4.27.0 -> 4.36.1 Upgrade to release 4.36.1: - ci(workflows): add explicit permissions to workflows - Add architecture documentation - docs(man): add Unix man page and composable CLI argument inheritance - Add new logging section in documentation - Report TOML parse errors during config discovery instead of silently ignoring them - fix(execute): adopt CPython subprocess stream handling Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 08e0930e72 --------------------------- python3-filelock: Upgrade 3.20.3 -> 3.24.2 Upgrade to release 3.24.2: - docs: restructure using Diataxis framework - fix(test): resolve flaky write non-starvation test - fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race License-Update: Move from Unlicense to MIT Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 83c76a57b0 --------------------------- kmscon: bump version to 9.3.2 Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: a38acde2a9 --------------------------- python3-lief: Upgrade 0.17.2 -> 0.17.3 Upgrade to release 0.17.3: - Fix bug with resources - Fix VA/RVA confusion in the PE's builder This work was sponsored by GOVCERT.LU. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: bd9d6239fd --------------------------- yelp: add opengl to REQUIRED_DISTRO_FEATURES webkitgtk3 requires this feature. Also add wayland as an optional required feature, to match the requirements of webkitgtk3. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: e71b4eae2e --------------------------- python3-trio: Upgrade 0.32.0 -> 0.33.0 Upgrade to release 0.33.0: Bugfixes: - Start supporting Android's new "android" sys.platform. Deprecations and removals: - Both trio.testing.RaisesGroup and trio.testing.Matcher have been deprecated. Pytest alternatives pytest.RaisesGroup and pytest.RaisesExc (respectively) are considered correct replacement. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 949c02c02e --------------------------- python3-langtable: Upgrade 0.0.69 -> 0.0.70 Upgrade to release 0.0.70: - Add a few dz keyboards - Add more translations from CLDR - Get translation changes from CLDR - Add GS, ady, bqi, isv, kbd, kek, lzz, mww, oka, pi, pms, suz, Suni, si_ID.UTF-8 zgh_MA.UTF-8 - Add mdf_RU.UTF-8 to RU Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 31b49687df --------------------------- python3-pyee: Upgrade 13.0.0 -> 13.0.1 Upgrade to release 13.0.1: - Check for listener's existence before attempting to remove it - Update pytest configuration to support pytest 9 Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: d33bd19955 --------------------------- python3-pyrad: Upgrade 2.5.2 -> 2.5.4 Upgrade to release 2.5.4: - Remove python2 leftovers - Add support for Ascend-Data-Filter "delete" keyword Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 450dd90aab --------------------------- python3-typeguard: Upgrade 4.4.4 -> 4.5.0 Upgrade to release 4.5.0: - Restored the check_argument_types() and check_return_type() functions that were dropped in v3.0.0, for users who want more fine-grained control over run-time type checking - Added support for extra_items in TypedDict, allowing users to specify the types for the values of "leftover" keys in a typed dict (keys that weren't explicitly defined in the TypedDict subclass) - Fixed NameError when evaluating forward references on Python 3.14 - Fixed protocol check incorrectly rejecting inherited classmethods and staticmethods - Fixed missing TypeCheckError when checking TypedDict with Required[...] annotations - Fixed type aliases (e.g. type Foo = list[int]) not being resolved during type checking - Fixed type-checked assignments to a single tuple target (e.g. x, = ("foo",)) falsely raising TypeCheckedError Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 27edae565f --------------------------- webkitgtk3: upgrade 2.48.7 -> 2.50.5 Includes fixes for CVE-2025-13502, CVE-2025-13947, CVE-2025-43421, CVE-2025-43458 and CVE-2025-66287. Drop libsoup2 support. Even though this particular version still supports it, this is the last major version that is not libsoup3-only. Starting with version 2.52 (which is only 3-4 weeks away at the time of writing this message) upstream is dropping libsoup2 support completely[1]. This is a proactive removal of this feature, the sooner users start the migration, the better. Made opengl a mandatory DISTRO_FEATURE: libepoxy requires it, which is both a direct dependency, and an indirect one from gtk+3. Changelogs: https://webkitgtk.org/2026/02/09/webkitgtk2.50.5-released.html https://webkitgtk.org/2025/12/16/webkitgtk2.50.4-released.html https://webkitgtk.org/2025/12/04/webkitgtk2.50.3-released.html https://webkitgtk.org/2025/11/19/webkitgtk2.50.2-released.html https://webkitgtk.org/2025/10/10/webkitgtk2.50.1-released.html https://webkitgtk.org/2025/09/17/webkitgtk2.50.0-released.html [1]: https://webkitgtk.org/2025/10/07/webkitgtk-soup2-deprecation.html Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5b830f4539 --------------------------- wxwidgets: enable webkit PACKAGECONFIG only when opengl is available The latest version of webkitgtk3 requires opengl DISTRO_FEATURE, so the webkit PACKAGECONFIG should be enabled only when opengl is available. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 4d60ca97ec --------------------------- ttf-sazanami: fix SRC_URI The original SRC_URI became inaccessible a while ago. Switch to a working source. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: be6714fb7f --------------------------- ntfs-3g-ntfsprogs: fix SRC_URI The SRC_URI has became inaccessible some time ago, falling back to the Yocto mirror. Instead use the Github mirror. I ran a diff on the files of this revision and the files of the original tarball, and the contents were bit-identical. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: ac9041ed3e --------------------------- iwd: update 3.10 -> 3.11 ver 3.11: Fix issue with interface registration before acquiring name. Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 6efa5edcf2 --------------------------- hotdoc : Add new recipe 1. Backport following patch to solve build and runtime issue 0001-c_comment_scanner-fix-function-prototypes.patch 0002-avoid-third-party-backports-dependency-on-sufficient.patch 0003-CMake-4-compatibility.patch 2. Add do_configure:prepend() to solve buildpaths QA check do_package_qa: QA Issue: File /usr/lib/python3.14/site-packages/hotdoc/parsers/cmark.cpython-314-x86_64-linux-gnu.so in package hotdoc contains reference to TMPDIR [buildpaths] 3. Add 0004-Use-flex-with-noline-option-to-prevent.patch to solve buildpaths QA check do_package_qa:QA Issue: File /usr/src/debug/hotdoc/0.17.4/hotdoc/parsers/c_comment_scanner/scanner.c in package hotdoc-src contains reference to TMPDIR [buildpaths] 4. Add clang as RDEPENDS for following reason Hotdoc has some Extensions including c-Extension. The c-Extension needs llvm and clang in runtime as introduced in doc of hotdoc. https://hotdoc.github.io/c-extension.html#c-extension "The extension uses Clang to build and walk an AST from the source code" Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e7517b1d4c --------------------------- python3-dbus-deviation: Add new recipe Add this new recipe for runtime dependence of hotdoc. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: e2c07e4eb9 --------------------------- python3-wheezy-template: Add new recipe Add this new recipe for runtime dependence of hotdoc. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 9afc2b6323 --------------------------- python3-toposort: Add new recipe Add this new recipe for runtime dependence of hotdoc. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 3803910a75 --------------------------- python3-schema: Add new recipe Add this new recipe for runtime dependence of hotdoc. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: d3c431d669 --------------------------- vulkan-cts: upgrade 1.4.5.0 -> 1.4.5.1 Bump Vulkan CTS revision, picking up fixes for sevaral Vulkan tests (and updating VVS to 0.3.9). Signed-off-by: Dmitry Baryshkov Signed-off-by: Khem Raj --------------------------- Commit: a68047d226 --------------------------- vk-gl-cts: ensure that the SRCREV is correct Use tag=${BP} in SRC_URI in order to ensure that the SRCREV is correctly updated together with the package version. Signed-off-by: Dmitry Baryshkov Signed-off-by: Khem Raj --------------------------- Commit: 9437a35434 --------------------------- php: upgrade 8.5.2 -> 8.5.3 This is a bug fix release. Changelog: https://www.php.net/ChangeLog-8.php#8.5.3 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: 81d1e5c9ac --------------------------- waylandpp: Move wayland-scanner++ to -dev package wayland-scanner++ is only used during development so it's not usually required to be installed on the target. wayland-scanner++.pc is already in the -dev package. Signed-off-by: Mike Crowe Signed-off-by: Khem Raj --------------------------- Commit: 1a6ceb010a --------------------------- redis: add back DEBUG_PREFIX_MAP to LDFLAGS Without this redis embeds absoute build paths in the binaries, failing qa check. These LDFLAGS were recently removed from oe-core[1] - this change adds it back to this recipe. The qa error was not showing with redis 6 recipe, so it is added only to redis 7. [1]: https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 1de433f8bb --------------------------- valkey: remove TMPDIR truncation in binaries These seds were added to remove reproducibility QA errors about TMPDIR being present in the binaries. The root of the problem was changed LDFLAGS in oe-core, and after adding back these LDFLAGS to this recipe[1], the QA error is also gone - the binaries require no changes due to this. Also remove the INSANE_SKIP, which was most likely fixed by the same LDFLAGS issue - it doesn't happen anymore. [1]: https://git.openembedded.org/meta-openembedded/commit/?id=e8981bf43163d2fe90ea28b2952a2443ceaea934 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 0332dae9bb --------------------------- python3-pybind11-json: fix Targets.cmake trying to reference host The resulting pybind11_jsonTargets.cmake in the dev-package adds an absolute path to python include directories in the target properties: set_target_properties(pybind11_json PROPERTIES INTERFACE_INCLUDE_DIRECTORIES "/usr/include/python3.13;${_IMPORT_PREFIX}/include" ) The patch removes ${PYTHON_INCLUDE_DIRS} which is set by pybind11 from set_target_properties to remove the poisonous host path. Signed-off-by: Tafil Avdyli Signed-off-by: Khem Raj --------------------------- Commit: cd0a0f605e --------------------------- nginx: upgrade 1.29.1 -> 1.29.5 License-Update: copyright year bump. Changelog: 1.29.5: - Security: an attacker might inject plain text data in the response from an SSL backend (CVE-2026-1642). - Bugfix: use-after-free might occur after switching to the next gRPC or HTTP/2 backend. - Bugfix: an invalid HTTP/2 request might be sent after switching to the next upstream. - Bugfix: a response with multiple ranges might be larger than the source response. - Bugfix: fixed setting HTTP_HOST when proxying to FastCGI, SCGI, and uwsgi backends. - Bugfix: fixed warning when compiling with MSVC 2022 x86. - Change: the logging level of the "ech_required" SSL error has been lowered from "crit" to "info". 1.29.4: - Feature: the ngx_http_proxy_module supports HTTP/2. - Feature: Encrypted ClientHello TLS extension support when using OpenSSL ECH feature branch; the "ssl_ech_file" directive. Thanks to Stephen Farrell. - Change: validation of host and port in the request line, "Host" header field, and ":authority" pseudo-header field has been changed to follow RFC 3986. - Change: now a single LF used as a line terminator in a chunked request or response body is considered an error. - Bugfix: when using HTTP/3 with OpenSSL 3.5.1 or newer a segmentation fault might occur in a worker process; the bug had appeared in 1.29.1. Thanks to Jan Svojanovsky. - Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. 1.29.3: - Feature: the "add_header_inherit" and "add_trailer_inherit" directives. - Feature: the $request_port and $is_request_port variables. - Feature: the $ssl_sigalg and $ssl_client_sigalg variables. - Feature: the "volatile" parameter of the "geo" directive. - Feature: now certificate compression is available with BoringSSL. - Bugfix: now certificate compression is disabled with OCSP stapling. 1.29.2 - Feature: now nginx can be built with AWS-LC. Thanks Samuel Chiang. - Bugfix: now the "ssl_protocols" directive works in a virtual server different from the default server when using OpenSSL 1.1.1 or newer. - Bugfix: SSL handshake always failed when using TLSv1.3 with OpenSSL and client certificates and resuming a session with a different SNI value; the bug had appeared in 1.27.4. - Bugfix: the "ignoring stale global SSL error" alerts might appear in logs when using QUIC and the "ssl_reject_handshake" directive; the bug had appeared in 1.29.0. Thanks to Vladimir Homutov. - Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. - Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. - Bugfix: in SSL certificate caching during reconfiguration. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: f2be1069f1 --------------------------- nginx: upgrade 1.28.1 -> 1.28.2 Changelog: - Security: an attacker might inject plain text data in the response from an SSL backend (CVE-2026-1642). - Bugfix: use-after-free might occur after switching to the next gRPC or HTTP/2 backend. - Bugfix: fixed warning when compiling with MSVC 2022 x86. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: de20532a75 --------------------------- nodejs: detect NEON correctly for aarch64 The llhttp vendored dependency of nodejs takes advantage of Arm NEON instructions when they are available, however they are detected by checking for an outdated CPU feature macro: it checks for __ARM_NEON__, however it is not defined by new compilers for aarch64, rather they set __ARM_NEON. The Arm C extension guide[1] refers to __ARM_NEON macro aswell. This patch changes the detection to check for both macros when detecting the availability of NEON instructions. The code this patch modifies is generated, so the patch itself isn't suitable for upstream submission, as the root cause of the error is in the generator itself. A PR has been submitted[2] to the generator project to rectify this issue. [1]: https://developer.arm.com/documentation/ihi0053/d/ - pdf, section 6.9 [2]: https://github.com/nodejs/llparse/pull/84 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d3fbcf8700 --------------------------- nodejs: patch incorrect NEON intrinsics The llhttp dependency of nodejs uses NEON intrinsics when they are available, however some of these calls are incorrect: they the call they use don't match the parameters passed, and so the compilation fail (unless the error is suppressed): | ../deps/llhttp/src/llhttp.c: In function 'llhttp__internal__run': | ../deps/llhttp/src/llhttp.c:2645:9: note: use '-flax-vector-conversions' to permit conversions between vectors with differing element types or numbers of subparts | 2645 | ); | | ^ | ../deps/llhttp/src/llhttp.c:2643:11: error: incompatible type for argument 1 of 'vandq_u16' | 2643 | vcgeq_u8(input, vdupq_n_u8(' ')), There is a patch upstream that fixes it (though it is not merged yet). This patch is a port of that fix. This allows us to remove the extra CFLAGS also from the recipe that suppressed this error. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2296bdb6c1 --------------------------- rsyslog: fix incorrect install -d usage in do_install The rsyslog recipe incorrectly passes the permission mode as a positional argument to install -d. In this form, the value is treated as a directory name rather than as a mode, which will create an additional directory and may result in unexpected behavior during installation. Use the -m option to ensure the directory is created with the intended permissions. Signed-off-by: Mikhail Anikin Signed-off-by: Khem Raj --------------------------- Commit: bf898320ec --------------------------- rocksdb: support pkg-config based zstd detection In Yocto builds, zstd is built via Makefile and does not install CMake package configuration files. As a result, Findzstd.cmake fails to detect ZSTD_INCLUDE_DIRS. Add pkg-config based detection as a fallback to properly locate zstd headers and libraries. Signed-off-by: Minjae Kim Signed-off-by: Khem Raj --------------------------- Commit: add2d94ab7 --------------------------- nbench-byte: Fix sysinfo generation in parallel build The project Makefile uses a script (sysinfo.sh) to non-atomically generate two .c files (sysinfo.c, sysinfoc.c) which are then included in the build. Since the script always overwrites both .c files, the Makefile should only invoke it once, not twice in parallel. Otherwise the .c files may be corrupted and cause random build failures in parallel builds. Requires at least GNU make 4.3, for Grouped Targets support [1]. [1] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html Reviewed-by: Silvio Fricke Signed-off-by: Daniel Klauer Signed-off-by: Khem Raj --------------------------- Commit: 476b723696 --------------------------- python3-django: upgrade 6.0.1 -> 6.0.2 Some new tests expect the PWD to be writable, however this is not the case when running the tests in $PTEST_PATH with a non-root user. This patch makes it writable. Ptests passed, however there is a flaky test. Upstream has a bug[1] about it: Ran 18651 tests in 144.573s OK (skipped=1396, expected failures=5) Changes: Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-2187 and CVE-2026-1312 [1]: https://code.djangoproject.com/ticket/36770 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 8fdf6a64c0 --------------------------- python3-django: upgrade 5.2.9 -> 5.2.11 Dropped patch that is included in this release. Ptests passed: Ran 18131 tests in 450.882s OK (skipped=1389, expected failures=5) Changelog: 5.2.11: Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287 and CVE-2026-1312 5.2.10: * Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create on PostgreSQL. * Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 12deb70ea8 --------------------------- open-vm-tools: upgrade 13.0.5 -> 13.0.10 ChangeLog: https://github.com/vmware/open-vm-tools/blob/stable-13.0.10/ReleaseNotes.md Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: bc6370efb6 --------------------------- lmdb: upgrade 0.9.31 -> 0.9.35 Drop CVE-2026-22185.patch as it was merged upstream Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 48dc68c366 --------------------------- freerdp: patch CVE-2026-22855 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22855 The related Github advisory[1] describes the problem along with analyzing where the vulnerability is in the codebase. I looked up the commit that recently performed the changes from the analysis, and backported it. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rwp3-g84r-6mx9 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 0b61ca3355 --------------------------- freerdp: patch CVE-2026-22854 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22854 Backport the patch that is referenced by the relevant Github advisory[1]. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47vj-g3c3-3rmf Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d4c3fdca5f --------------------------- nodejs: add missing native nghttp2 and libuv dependencies In case nghttp2 and/or libuv PACKAGECONFIGs are enabled, nodejs will build some binaries for the build system also, linking to native binaries and using headers from the native sysroot. However in case the dependencies are missing from the native sysroot, then it falls back to the build system's sysroot, and use the files that it can find there. If the build system doesn't have nghttp2/libuv installed, then compilation fails: libuv: ../tools/executable_wrapper.h:5:10: fatal error: uv.h: No such file or directory ngtthp2: <...snip...>/build/tmp/hosttools/ld: cannot find -lnghttp2: No such file or directory To avoid falling back to the build system's sysroot, add the missing libuv-native and nghttp2-native dependencies. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: f9d3d703ca --------------------------- drm-framebuffer: new recipe Signed-off-by: Frede Hoey Braendstrup Signed-off-by: Khem Raj --------------------------- Commit: bd832a8962 --------------------------- opencv: correct FastCV dependencies The FastCV stub dlopen()'s libfastcvopt.so.1, but if it is not present, it is not a fatal error for the rest of the plugins. Downgrate RDEPENDS to RRECOMMENDS. While we are at it, drop the dependency from the PACKAGECONFIG, it is handled in the python code. Fixes: b77403017b5e ("opencv: fill in missing FastCV gaps") Signed-off-by: Dmitry Baryshkov Signed-off-by: Khem Raj --------------------------- Commit: 7f621262df --------------------------- gnome-tweaks: upgrade 40.0 -> 40.10 Drop patch that is included in this release. Changes (note that there were no intermediate releases): 40.10: This release includes a fix for the broken GNOME Extensions link and several translation updates. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: bdf3e0387e --------------------------- gnome-commander: upgrade 1.16.1 -> 1.16.2 Drop patch that's included in this release. Changes: - Fix double g_error_free call in remote_close_callback - Fix build with taglib 2.0 - Set project gnu++11 c++ language version explicitely Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: e94e5ec1ee --------------------------- python3-pychromecast: allow building with newer version of python3-wheel Signed-off-by: Tom Geelen Signed-off-by: Khem Raj --------------------------- Commit: fa53982588 --------------------------- python3-sqlalchemy: add python3-greenlet as RDEPENDS as pip check does report this as a missing dependency Signed-off-by: Tom Geelen Signed-off-by: Khem Raj --------------------------- Commit: 90cae902ec --------------------------- python3-mypy: when checking the package in an image `pip check` reports python3-pathspec as a missing dependency Signed-off-by: Tom Geelen Signed-off-by: Khem Raj --------------------------- Commit: bb5dfc426c --------------------------- python3-pytest-env: new recipe. pytest plugin that allows you to add environment variables. Signed-off-by: Tom Geelen Signed-off-by: Khem Raj --------------------------- Commit: efc80673fd --------------------------- gnome-desktop: upgrade 44.1 -> 44.4 Changes: Version 44.4 - Support TryExec for thumbnailers - Translation updates Version 44.3 - Fix CI regression for release upload Version 44.2 - Stop using ratio character for time in the wall-clock - Fix variable initialization - General CI cleanups - Only parse XML files as slideshows - Translation updates Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d96fec1f6e --------------------------- netperf: Fix compile error with --enable-intervals Submitted fix: https://github.com/HewlettPackard/netperf/pull/94 Fix for multiple definition error: | /ld: nettest_omni.o:/src/nettest_omni.c:233: multiple definition of `signal_set'; nettest_bsd.o:/src/nettest_bsd.c:302: first defined here | /ld: nettest_omni.o:/src/nettest_omni.c:191: multiple definition of `interval_count'; nettest_bsd.o:/src/nettest_bsd.c:289: first defined here | /ld: nettest_omni.o:/src/nettest_omni.c:233: multiple definition of `signal_set'; nettest_bsd.o:/src/nettest_bsd.c:302: first defined here | /ld: nettest_omni.o:/src/nettest_omni.c:191: multiple definition of `interval_count'; nettest_bsd.o:/src/nettest_bsd.c:289: first defined here Signed-off-by: Ryan Eatmon Signed-off-by: Khem Raj --------------------------- Commit: 7302c3ef24 --------------------------- obconf: fix SRC_URI The old SRC_URI has became inaccessible a while ago. This patch switches to Debian mirror. The file contents are identical to the previous source, except for the top level debian folder, which is not present in the new tarball (but it is mostly useful for Debian packagers, and not used for compilation). Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9209caae62 --------------------------- wireshark: Fix do_compile error If there is no mate_grammar.c, it will cause exit code 1 by "test -e" as following: WARNING: exit code 1 from a shell command. So use "if" instead of "test" Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 8837d163ab --------------------------- glaze: Update to 7.0.2 Changes since 7.0.1: 459946d3 version 7.0.2 bump 8879dd5e two element id optimization (#2264) ecfc63b4 Committing clang-format changes e0d153e9 Enum search for when hashing fails (#2263) fc169a51 enum reflection documentation 3d8354a6 Committing clang-format changes f3fc73cc Allow to construct a glz::http_server instance using an asio::io_executor (#2258) 625b6ddd Update README.md 56d20086 Update README.md d3b51565 Update glaze_DISABLE_SIMD_WHEN_SUPPORTED documentation 77fb1384 Update README.md f17d17ca Committing clang-format changes 69eed8c2 YAML support (#2243) 5d652476 Update json-schema.md (#2254) 04883eb1 BEVE and CBOR std::expected support (#2253) 8555337e FEATURE: [json] Add special handling for std::expected (#2251) ddea99c5 Simple float (#2248) Signed-off-by: Peter Kjellerstedt Signed-off-by: Khem Raj --------------------------- Commit: 6be7812f7c --------------------------- glaze: include cmake files in glaze-dev package The cmake files should be included in the glaze-dev package. Without this patch, an application using the following find_package(glaze) target_link_libraries(myprogram PUBLIC glaze::glaze) Would fail with the following error (with tmpdir redacted) CMake Error in deps/vesl/src/Platform/CMakeLists.txt: Imported target "glaze::glaze" includes non-existent path "$TMPDIR/recipe-sysroot/usr/share/include" in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include: * The path was deleted, renamed, or moved to another location. * An install or uninstall procedure did not complete successfully. * The installation package was faulty and references files it does not provide. Signed-off-by: Frede Hoey Braendstrup Signed-off-by: Khem Raj --------------------------- Commit: 8a0162969c --------------------------- open62541: add historizing PACKAGECONFIG Release v1.4.15 fixes building without the historizing option. Signed-off-by: Johannes Kauffmann --------------------------- Commit: 97ef9cc3b8 --------------------------- open62541: update to v1.4.15 The patch has been applied upstream. Signed-off-by: Johannes Kauffmann --------------------------- Commit: 3c81ff5859 --------------------------- transmission: upgrade 4.0.6 -> 4.1.0 1.ChangeLog https://github.com/transmission/transmission/releases/tag/4.1.0 2. Remove following patches as they were merged upstream 0001-build-bump-CMake-version-to-3.10-4.patch 0001-miniupnpc-bump-CMake-version-to-3.14.patch 0001-build-set-minimum-required-CMake-to-3.5.patch 3. Change LICENSE Checksum as Copyright year has changed. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: d0aadb1f35 --------------------------- ettercap: 0.8.3.1-> 0.8.4 1. Changelog https://github.com/Ettercap/ettercap/releases/tag/v0.8.4 2. Remove following patches as they were merged upstream 0001-sslstrip-Enhance-the-libcurl-version-check-to-consid.patch 0002-allow-build-with-cmake-4.patch Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 6a900d8190 --------------------------- pax-utils: upgrade 1.3.3 -> 1.3.10 Update the SRC_URI also, the previous one became inaccessible a while ago. This is an official mirror[1]. Since the last update the project switched to meson build system. Changes: https://github.com/gentoo/pax-utils/compare/v1.3.3...v1.3.10 [1]: https://packages.gentoo.org/packages/app-misc/pax-utils Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 727a216363 --------------------------- packagegroup-meta-oe: add media-types Also remove the old mime-types recipe, which is the old name of media-types. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: e5cd8b0c37 --------------------------- media-types: fix RPROVIDES Instead of PROVIDING mime-support, it should RPROVIDE the same package. It allows adding "mime-support" to IMAGE_INSTALL to get a similar behavior than before mime-support recipe was split into two differently named recipes. Also, rename the recipe's folder to match the recipe name. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 1608ba5b9d --------------------------- mailcap: drop recipe (debian version) The same recipe is already provided, sourced from Fedora. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: aa9215d831 --------------------------- pipewire: fix runtime dependency when multilib is enabled Without ${MLPREFIX} in the PACKAGECONFIG runtime field, building the multilib variant forms a dependency to the non-multilib variant of certain packages. Signed-off-by: Jaeyoon Jung Signed-off-by: Khem Raj --------------------------- Commit: 9a954a0ed0 --------------------------- python3-marshmallow: Upgrade 4.2.1 -> 4.2.2 Upgrade to release 4.2.2: - Fix behavior of fields.Contant(None) Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 02768cd67e --------------------------- python3-dbus-fast: Upgrade 2.44.5 -> 4.0.0 Upgrade to release 4.0.0: - Chores - Apt-get update before apt-get install - Fix unix_fds parameter types - Wrap lines in docs - Annotated types for D-Bus signatures Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 23f8119aa7 --------------------------- python3-vector: Upgrade 1.7.0 -> 1.8.0 - chore: rm support for Python 3.9+ bump Numba - feat: numba on python 3.14 - fix: pass atol, rtol and equal_nan as kwargs to awkward's isclose method - docs: copyright should only include the year of creation - chore: pytest log_level is better than log_cli_level - chore: test on python 3.14 - chore: test on free-threaded Python License-Update: Include the year of creation only Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 52d56293d6 --------------------------- python3-pyrad: upgrade 2.4-> 2.5.2 1.ChangeLog Fix readthedocs 2.Remove following patches as they were merged upstream use-poetry-core.patch 208.patch 3.Change license checksum as position of License Info has changed in PKG-INFO file. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 1b820b98af --------------------------- valkey: Upgrade 9.0.1 -> 9.0.2 Upgrade to release 9.0.2: - Avoid memory leak of new argv when HEXPIRE commands target only non-exiting fields - Fix HINCRBY and HINCRBYFLOAT to update volatile key tracking - Avoid empty hash object when HSETEX added no fields - Fix case-sensitive check for the FNX and FXX arguments in HSETEX - Prevent assertion in active expiration job after a hash with volatile fields is overwritten - Fix HRANDFIELD to return null response when no field could be found - Fix HEXPIRE to not delete items when validation rules fail and expiration is in the past - Fix how hash is handling overriding of expired fields overwrite - HSETEX - Always issue keyspace notifications after validation - Make zero a valid TTL for hash fields during import mode and data loading - Trigger prepareCommand on argc change in module command filters - Restrict TTL from being negative and avoid crash in import-mode - Fix chained replica crash when doing dual channel replication - Skip slot cache optimization for AOF client to prevent key duplication and data corruption - Fix used_memory_dataset underflow due to miscalculated used_memory_overhead - Avoid duplicate calculations of network-bytes-out in slot stats with copy-avoidance - Fix XREAD returning error on empty stream with + ID - Track reply bytes in I/O threads if commandlog-reply-larger-than is -1 - This makes it possible to mitigate a performance regression in 9.0.1 caused by the related bug fix Fixes references to TMPDIR [buildpaths] and avoids [already-stripped]. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 800998234a --------------------------- kmscon: bump version to 9.3.1 - Remove upstreamed patch (commit ID: a1fc510a) - backspace_sends_delete is now a runtime option as of commit 0d6d85a8b865cac17529d049ae9a561db782ac59 - The kmscon.conf file in the source is renamed to kms.conf.example To keep the same behavior as the previous versions, kms.conf.example is moved to ${sysconfdir}/kmscon/kmscon.conf before running sed. - The render-engine config option has been removed as of commit 59eef2a154f78101195ad8ff08376e2418e773f0. Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 83bf29198b --------------------------- libtsm: upgrade 4.4.0 -> 4.4.2 Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 808e3f9ebc --------------------------- xorgxrdp: upgrade 0.10.4 -> 0.10.5 Changelog: ========== - Fix bug in Chrome pointer detection - CI: Update FreeBSD xrdp dependency Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 08ad9a079e --------------------------- tree: upgrade 2.2.1 -> 2.3.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c722b24d38 --------------------------- python3-types-psutil: upgrade 7.2.1.20260116 -> 7.2.2.20260130 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6fcbb71032 --------------------------- python3-tqdm: upgrade 4.67.1 -> 4.67.2 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a02df1adbd --------------------------- python3-rich: upgrade 14.3.1 -> 14.3.2 Changelog: ========== - Fixed solo ZWJ crash - Fixed control codes reporting width of 1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 49bf96259e --------------------------- python3-pikepdf: upgrade 10.2.0 -> 10.3.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6a74749569 --------------------------- python3-nanobind: upgrade 2.10.2 -> 2.11.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 1b1bae9811 --------------------------- python3-icontract: upgrade 2.7.2 -> 2.7.3 Changelog: Treat __setstate__ as constructor Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4f1090a998 --------------------------- python3-cachetools: upgrade 6.2.5 -> 7.0.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 267d59ca60 --------------------------- python3-alembic: upgrade 1.18.1 -> 1.18.3 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e27ed6de73 --------------------------- python3-aiohue: upgrade 4.8.0 -> 4.8.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6c54894209 --------------------------- openldap: upgrade 2.6.10 -> 2.6.12 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 755d7c5449 --------------------------- nbdkit: upgrade 1.47.1 -> 1.47.3 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9c989a5ea2 --------------------------- libvpx: upgrade 1.15.2 -> 1.16.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ee20888c3f --------------------------- libspelling: upgrade 0.4.9 -> 0.4.10 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 66afdc82af --------------------------- libp11: upgrade 0.4.16 -> 0.4.17 Changelog: ============ * Ed25519 and Ed448 support (PKCS#11 v3.2) * Fixed OPENSSL_NO_EC builds * Reverted RSA public exponent change from PR #474 * Fixed crash on module initialization failures * Ignoring trailing newlines in pin-source files * Initial build fixes for the upcoming OpenSSL 4.x Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c2bf93c8d0 --------------------------- libio-compress-perl: upgrade 2.214 -> 2.217 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 3faa41265d --------------------------- libio-compress-lzma-perl: upgrade 2.214 -> 2.217 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: d40d4ddc9c --------------------------- libcompress-raw-zlib-perl: upgrade 2.214 -> 2.217 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c37e050575 --------------------------- libcompress-raw-lzma-perl: upgrade 2.214 -> 2.217 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 1424870f1f --------------------------- libcompress-raw-bzip2-perl: upgrade 2.214 -> 2.217 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: bf0ea3fc28 --------------------------- libcacard: upgrade 2.8.1 -> 2.8.2 Changelog: ========== - Sort certificates by underlying objects CKA_ID to provide deterministic object order - Avoid using uninitialized memory - Improve test coverage and build scripts - Improve compatibility with modern compilers (avoid strict warnings) Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a216ab3f76 --------------------------- gvfs: upgrade 1.58.0 -> 1.58.1 Major changes in 1.58.1 ======================= * cdda: Fix duration of last track for some media * build: Fix build when google option is disabled * Fix various memory leaks * Some other fixes * Translation updates Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b2a9e3fefc --------------------------- gparted: upgrade 1.7.0 -> 1.8.0 Key changes ============= * Fix crash due to not checking for failure to load icon * Fix hangs setting FAT label when matches a root folder entry * Erase file system signatures before all FileSystem copies Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 625a2be8a8 --------------------------- libde265: upgrade 1.0.15 -> 1.0.16 Also included tag in the SRC_URI. This release fixes some rare decoding errors and some build issues. Changelog: https://github.com/strukturag/libde265/compare/v1.0.15...v1.0.16 Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: dc3791d2c4 --------------------------- gimp: patch libunwind detection Gimp 3.0.8's meson file detects the presence of libunwind incorrectly, making it fail on some platforms (e.g. x86 + musl + clang), even when libunwind is explicitly disabled: | i686-oe-linux-musl-ld: app/core/libappcore.a.p/gimpbacktrace-linux.c.o: in function `gimp_backtrace_get_address_info': | /usr/src/debug/gimp/3.0.8/../sources/gimp-3.0.8/app/core/gimpbacktrace-linux.c:708:(.text+0xbd7): undefined reference to `_ULx86_init_local' This backported patch fixes this. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d3cdd51235 --------------------------- agent-proxy: Restore DEBUG_PREFIX_MAP in TARGET_LDFLAGS oe-core has removed DEBUG_PREFIX_MAP from TARGET_LDFLAGS [1], restore it to fix the below error. ERROR: agent-proxy-1.97-r0.wr2600 do_package_qa: QA Issue: File /usr/bin/.debug/agent-proxy in package agent-proxy-dbg contains reference to TMPDIR [buildpaths] ERROR: agent-proxy-1.97-r0.wr2600 do_package_qa: Fatal QA errors were found, failing task. [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Mingli Yu Signed-off-by: Khem Raj --------------------------- Commit: a4d79609a4 --------------------------- tunctl: Restore DEBUG_PREFIX_MAP in TARGET_LDFLAGS oe-core has removed DEBUG_PREFIX_MAP from TARGET_LDFLAGS [1], restore it to fix the below error. ERROR: tunctl-1.5-r0.wr2401 do_package_qa: QA Issue: File /usr/sbin/.debug/tunctl in package tunctl-dbg contains reference to TMPDIR [buildpaths] ERROR: tunctl-1.5-r0.wr2401 do_package_qa: Fatal QA errors were found, failing task. [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Mingli Yu Signed-off-by: Khem Raj --------------------------- Commit: 57eca6e20b --------------------------- memstat: Restore DEBUG_PREFIX_MAP in TARGET_LDFLAGS oe-core has removed DEBUG_PREFIX_MAP from TARGET_LDFLAGS [1], restore it to fix the below error. ERROR: memstat-1.0-r0.wr2401 do_package_qa: QA Issue: File /usr/bin/.debug/memstat in package memstat-dbg contains reference to TMPDIR [buildpaths] ERROR: memstat-1.0-r0.wr2401 do_package_qa: Fatal QA errors were found, failing task. [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Mingli Yu Signed-off-by: Khem Raj --------------------------- Commit: e8981bf431 --------------------------- valkey: Restore DEBUG_PREFIX_MAP in TARGET_LDFLAGS oe-core has removed DEBUG_PREFIX_MAP from TARGET_LDFLAGS [1], restore it to fix the below error. ERROR: valkey-9.0.1-r0.wr2600 do_package_qa: QA Issue: File /usr/bin/.debug/valkey-cli in package valkey-dbg contains reference to TMPDIR [buildpaths] ERROR: valkey-9.0.1-r0.wr2600 do_package_qa: QA Issue: File /usr/bin/.debug/valkey-server in package valkey-dbg contains reference to TMPDIR [buildpaths] ERROR: valkey-9.0.1-r0.wr2600 do_package_qa: QA Issue: File /usr/bin/.debug/valkey-benchmark in package valkey-dbg contains reference to TMPDIR [buildpaths] ERROR: valkey-9.0.1-r0.wr2600 do_package_qa: Fatal QA errors were found, failing task. [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Mingli Yu Signed-off-by: Khem Raj --------------------------- Commit: 6c462c4d55 --------------------------- freerdp3: upgrade 3.20.2 -> 3.22.0 Ptests passed successfully. Dropped manpages PACKAGECONFIG: when it is enabled, it requires an executable that is compiled from the project's source, but since it is cross-compiled, it is not usable. The cmakefile also started to explicitly disable generating this tool when cross-compiling is enabled. Since this recipe has no native counterpart, and the manpages can't be generated in this state, this option was removed. Changes: 3.22.0: - Complete overhaul of SDL client - Introduction of new WINPR_ATTR_NODISCARD macro wrapping compiler or C language version specific [[nodiscard]] attributes - Addition of WINPR_ATTR_NODISCARD to (some) public API functions so usage errors are producing warnings now - Add some more stringify functions for logging - CVE fixes: CVE-2026-23948, CVE-2026-24682, CVE-2026-24683, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24684, CVE-2026-24679, CVE-2026-24681, CVE-2026-24675, CVE-2026-24491, CVE-2026-24680 - [core,info] fix missing NULL check - [gateway,tsg] fix TSG_PACKET_RESPONSE parsing - Allow querying auth identity with kerberos when running as a server - Sspi krb heimdal - Tsg fix idleTimeout parsing - [channels,smartcard] revert 649f7de - [crypto] deprecate er and der modules - [channels,rdpei] lock full update, not only parts - [winpr,platform] add WINPR_ATTR_NODISCARD macro - Wlog cleanup - new stringify functions & touch API defines - Add support for querying SECPKG_ATTR_PACKAGE_INFO to NTLM and Kerberos - [channels,video] measure times in ns - [utils] Nodiscard - Error handling fixes - [channels,drdynvc] check pointer before reset - Winpr api def - [winpr,platform] drop C23 [[nodiscard]] - [gdi] add additional checks for a valid rdpGdi - Sdl3 high dpiv2 - peer: Disconnect if Logon() returned FALSE - [channels,rdpecam] fix PROPERTY_DESCRIPTION parsing - [channel,rdpsnd] only clean up thread before free - [channels,rdpei] add RDPINPUT_CONTACT_FLAG_UP 3.21.0: - CVE fixes: CVE-2026-23530, CVE-2026-23531, CVE-2026-23532, CVE-2026-23533, CVE-2026-23534, CVE-2026-23732, CVE-2026-23883, CVE-2026-23884 - [client,sdl] fix monitor resolution - [codec,progressive] fix progressive_rfx_upgrade_block - Krb cache fix - Rdpdr improved checks - Codec advanced length checks - Glyph fix length checks - Wlog printf format string checks - [warnings,format] fix format string warnings - Double free fixes - [clang-tidy] clean up code warnings Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: ac9cddac40 --------------------------- python3-orjson: use git fetcher; enable ptest The majority of the ptests require the data/ directory, so switch to using the git fetcher. Testsuite summary TOTAL: 1632 PASS: 1627 SKIP: 5 XFAIL: 0 FAIL: 0 XPASS: 0 ERROR: 0 DURATION: 268 Signed-off-by: Tim Orling Signed-off-by: Khem Raj --------------------------- Commit: c6a7350f7c --------------------------- python3-pendulum: add at v3.2.0 Python datetimes made easy. * Add patch to not strip .so * Enable ptests * Use git fetcher so we have tests/ Testsuite summary TOTAL: 1835 PASS: 1832 SKIP: 3 XFAIL: 0 FAIL: 0 XPASS: 0 ERROR: 0 DURATION: 102 Dependency for python3-orjson ptest. Signed-off-by: Tim Orling Signed-off-by: Khem Raj --------------------------- Commit: 8dd259ff4d --------------------------- python3-time-machine: add at v3.2.0 Travel through time in your tests. https://time-machine.readthedocs.io/en/latest/ Dependency for python3-pendulum ptests. Based on the recipe in meta-homeassistant. Enable ptests. Use git fetcher so that we have tests/ for ptest. Signed-off-by: Tim Orling Signed-off-by: Khem Raj --------------------------- Commit: 73dbdc65fc --------------------------- python3-tokenize-rt: add at v6.2.0 A wrapper around the stdlib `tokenize` which roundtrips. Dependency for python3-time-machine ptests. Use git fetcher so we have tests/ and testing/resources/ for ptest. Testsuite summary TOTAL: 45 PASS: 45 SKIP: 0 XFAIL: 0 FAIL: 0 XPASS: 0 ERROR: 0 DURATION: 8 Signed-off-by: Tim Orling Signed-off-by: Khem Raj --------------------------- Commit: 64139e703b --------------------------- python3-faker: add v40.1.2 Faker is a Python package that generates fake data for you. Whether you need to bootstrap your database, create good-looking XML documents, fill-in your persistence to stress test it, or anonymize data taken from a production service, Faker is for you. * Skip tests/pytest as this causes the 'pytests --automake' parser to fail for some reason [1] and the handful of tests are of questionable extra value. Testsuite summary TOTAL: 2151 PASS: 2146 SKIP: 5 XFAIL: 0 FAIL: 0 XPASS: 0 ERROR: 0 DURATION: 39 Dependency for python3-orjson ptest. [1] https://gitlab.com/rossburton/python-unittest-automake-output/-/issues/9 Signed-off-by: Tim Orling Signed-off-by: Khem Raj --------------------------- Commit: 5ccbf5d552 --------------------------- python3-orjson: upgrade 3.10.17 -> 3.11.6 Update python3-orjson-crates.inc Add patches to fix compilation for arm64/riscv64 by gating x86/x86_64 only AVX512 feature(s). The approach has thus far been rejected by upstream: https://github.com/ijl/orjson/pull/609. Release Notes: https://github.com/ijl/orjson/blob/master/CHANGELOG.md#3116---2026-01-29 * orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0). * Drop support for Python 3.9. * ABI compatibility with CPython 3.15 alpha 5. * Build now depends on Rust 1.89 or later instead of 1.85. * Fix sporadic crash serializing deeply nested list of dict. * Show simple error message instead of traceback when attempting to build on unsupported Python versions. * ABI compatibility with CPython 3.15 alpha 1. * Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x. * Build now requires a C compiler. * Fix PyPI project metadata when using maturin 1.9.2 or later. * Fix build using Rust 1.89 on amd64. * Build now depends on Rust 1.85 or later instead of 1.82. * Publish PyPI wheels for CPython 3.14. * Fix str on big-endian architectures. This was introduced in 3.11.0. * Use a deserialization buffer allocated per request instead of a shared buffer allocated on import. * ABI compatibility with CPython 3.14 beta 4. * Fix incorrect escaping of the vertical tabulation character. This was introduced in 3.10.17. Comparing changes: https://github.com/ijl/orjson/compare/3.10.17...3.11.6 Signed-off-by: Tim Orling Signed-off-by: Khem Raj --------------------------- Commit: bfbd962813 --------------------------- nodejs: extend libatomic patch to x86 This patch isn't intended to introduce new behavior, rather it changes the order of some existing LDFLAGS to fix a workaround that stopped working at some point in the past. LDFLAGS:x86 contains libatomic, because linking with this library is required for this platform. However when gyp links, it invokes the following (pseudo-)command: $LD $LDFLAGS $RESOURCES_TO_LINK $EXTRA_LIBS $EXTRA_LDFLAGS The EXTRA* arguments are coming from the gyp config. Since LDFLAGS appears very early in the command, libatomic also appears early amongst the resources, and the linker couldn't find the relevant symbols when compiled for x86 platform (as it was processed the very last): | [...] undefined reference to `__atomic_compare_exchange' Using this patch the library appears at the end, along with the other EXTRA_LIBS, after the list of linked resources, allowing linking to succeed. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5ff9251b94 --------------------------- uutils-coreutils: upgrade 0.5.0 -> 0.6.0 See https://github.com/uutils/coreutils/releases/tag/0.6.0 Signed-off-by: Etienne Cordonnier Signed-off-by: Khem Raj --------------------------- Commit: 04ce4bf518 --------------------------- vboxguestdrivers: Upgrade to 7.2.6 Signed-off-by: Gianfranco Costamagna Signed-off-by: Gianfranco Costamagna Signed-off-by: Khem Raj --------------------------- Commit: 0feab39283 --------------------------- abseil-cpp: Set CMAKE_CXX_STANDARD to 17 The compiler defaults to C++ < 17 which causes build failures. Abseil requires C++17 or higher, so explicitly set CMAKE_CXX_STANDARD=17 to ensure the build uses the correct C++ standard. Error: CMake Error at CMake/AbseilDll.cmake:745 (message): The compiler defaults to or is configured for C++ < 17. C++ >= 17 is required and Abseil and all libraries that use Abseil must use the same C++ language standard Signed-off-by: Yogesh Tyagi Signed-off-by: Khem Raj --------------------------- Commit: 7c54c935cb --------------------------- xrdp: upgrade 0.10.4.1 -> 0.10.5 Contains fix for CVE-2025-68670. Drop patch that is included in this release. Changelog: Security fixes: - CVE-2025-68670 New features: - It is now possible to start the xrdp daemon entirely unprivileged from the service manager. If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details. - TLS pre-master secrets can now be recorded for packet captures - Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers - Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control - Updated Xorg paths in sesman.ini to include more recent distros - Add Slovenian keyboard - xrdpapi: Add a way to monitor connect/disconnect events Bug fixes: - Allow an empty X11 UTF8_STRING to be pasted to the clipboard - Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding - Fix a regression introduced in v0.10.x related to PAM groups handling - Inconsistencies with [MS-RDPBCGR] have been addressed - A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed - Prevent some possible crashes when the RFX encoder is resized - Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly - Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly - Do not overwrite a VNC port set by the user when not using sesman - Fix regression from 0.9.x when freerdp client uses /workarea - Fixes a crash where a resize is attempted with drdynvc disabled - getgrouplist() now compiles on MacOS - Various Coverity warnings have been addressed - Documentation improvements Internal changes: - An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9205d2c95e --------------------------- python3-pyjwt: upgrade 2.10.1 -> 2.11.0 Changelog: https://github.com/jpadilla/pyjwt/releases/tag/2.11.0 - Fixed type error in comment - Make note of use of leeway with nbf - Validate key against allowed types for Algorithm family - Add iterator for PyJWKSet - Add iss, issuer type checks - Improve typing/logic for options in decode, decode_complete; Improve docs - Map algorithm=None to "none" - Correct PyJWKClient.get_signing_key_from_jwt annotation - Fixed doc string typo in _validate_jti() function - Update SECURITY.md - Typing fix: use float instead of int for lifespan and timeout - Fix TYP header documentation - doc: Document claims sub and jti - Resolve package build warnings - Support Python 3.14, and test against PyPy 3.10+ - Fix a SyntaxWarning caused by invalid escape sequences - Standardize CHANGELOG links to PRs - Migrate from pep517, which is deprecated, to build - Fix incorrectly-named test suite function - Fix Read the Docs builds - Escalate test suite warnings to errors - Add pyupgrade as a pre-commit hook - Simplify the test suite decorators - Improve coverage config and eliminate unused test suite code - Build a shared wheel once in the test suite - Thoroughly test type annotations, and resolve errors - Fix leeway value in usage documentation Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 3988e13c0a --------------------------- python3-pyjwt: ignore CVE-2025-45768 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-45768 The CVE is disputed: though the vulnerability is there, but it comes from incorrect configuration of the library by the main application. Due to this, ignore this CVE. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2865b67e29 --------------------------- proftpd: ignore CVE-2021-47865 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865 This CVE was opened based on a 5 years old Github issue[1], and has been made public recently. The CVE wasn't officially disputed (yet?), but based on the description and the given PoC the application is working as expected. The vulnerability description and the PoC basically configures proftpd to accept maximum x connections, and then when the user tries to open x + 1 concurrent connections, it refuses new connections over the configured limit. See also discussion in the Github issue. It seems that it won't be fixed, because there is nothing to fix. [1]: https://github.com/proftpd/proftpd/issues/1298 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: c08c81ae29 --------------------------- ndpi: ignore CVE-2025-25066 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066 The vulnerable code was introduced in version 4.12[1], and the recipe version is not vulnerable yet. Due to this, ignore this CVE for now, until the recipe is upgraded. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5a74edf28b --------------------------- libcupsfilters: patch CVE-2025-64503 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503 Pick the patch that explicitly refernces the CVE ID in its message. (The NVD advisory mentions only the cups-filters patch, but the developer indicated the CVE ID in the libcupsfilters patch also) Between this recipe version and the patch the project has decided to eliminate c++ from the project, and use c only. The patch however is straightforward enough that it could be backported with very small modifications. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 1a31d20cea --------------------------- libcdio: upgrade 2.2.0 -> 2.3.0 Includes fix for CVE-2024-36600 Changelog: https://github.com/libcdio/libcdio/releases/tag/2.3.0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d92fa873e5 --------------------------- hiawatha: upgrade 11.7 -> 11.8 Drop patches that are included in this release. Changes: * mbed TLS updated to 3.6.4. * Small bugfixes. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 14f88522a1 --------------------------- gimp: mark CVE-2025-15059 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059 The patch that is referenced by the NVD report has been backported[1] to the recipe version, and is included already. [1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/c9eb407485f6c085adf70c8a334f75ea31565c60 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 713739da29 --------------------------- fontforge: patch CVE-2025-15270 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15270 Pick the patch that mentions this vulnerbaility explicitly in its description. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: dd81ffdb68 --------------------------- ez-ipupdate: patch CVE-2003-0887 Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887 The vulnerability is about the default (example) configurations, which place cache files into the /tmp folder, that is world-writeable. The recommendation would be to place them to a more secure folder. The recipe however does not install these example configurations, and as such it is not vulnerable either. Just to make sure, patch these folders to a non-tmp folder (and also install that folder, empty). Some more discussion about the vulnerability: https://bugzilla.suse.com/show_bug.cgi?id=48161 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: e39458314e --------------------------- exiftool: upgrade 13.46 -> 13.48 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9111684d67 --------------------------- cryptsetup: upgrade 2.8.3 -> 2.8.4 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 94e431dfa1 --------------------------- babl: upgrade 0.1.120 -> 0.1.122 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ec5cbced92 --------------------------- unicode-ucd: rename license file After the previous hash update the license file was not renamed, which causes it to clash in the DL_DIR if it was already downloaded with the previous hash. This change renames the file to avoid this clash. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: e0839aed46 --------------------------- libsdl2-compat: update 2.32.58 -> 2.32.62 - Starting with [https://github.com/libsdl-org/sdl2-compat/pull/536], it is possible to compile without x11. Remove x11 from REQUIRED_DISTRO_FEATURES Changelog: 2.32.62: This is a stable bugfix release, with the following changes: Improved support for GNU/Hurd Fixed crash if hidapi strings are not available 2.32.60: This is a stable bugfix release, with the following changes: Fixed crash at startup in Dwarf Fortress Fixed crash at startup in Stellaris Fixed mouse stuttering in Amiberry Fixed the viewport not being reset when the window is resized Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 19fdc49db3 --------------------------- libx86-1: upgrade 1.1 -> 1.1.1 Bugfix release, mostly with patches applied from other distros. Also fixes the SRC_URI which became inaccessible over time. Drop patches that are included in this release. Shortlog: https://gitlab.archlinux.org/grawlinson/libx86/-/compare/v1.1...v1.1.1 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: ad890c16e8 --------------------------- protobuf: upgrade 6.31.1 -> 6.33.5 * rebase existing patches * drop mips clang patch as this was fixed upstream via [1] to build only for platforms supporting it. * add PV to SRC_URI * add variables to automatically calculate branch and tag * fix includedir for utf8_range in ptest compilation [1] https://github.com/protocolbuffers/protobuf/commit/719f3037032b2e952afe7fc49152cc4be38fa7a3 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 5eab3aebe2 --------------------------- python3-protobuf: upgrade 6.33.4 -> 6.33.5 Solves CVE-2026-0994. Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 3a8beb7eef --------------------------- media-types: add recipe This recipe is one of the successors of mime-support, which provided mailcap and mime.types files. This recipe contains only the mime.types portion. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 10f3a928ab --------------------------- mailcap: add recipe This recipe is one of the successors of the mime-support, which provided mailcap and mime.types files. This recipe contains only the mailcap portion. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 25eab2bf01 --------------------------- mime-support: drop recipe Debian has split this package into two sepatare packages: media-types and mailcap. This package hasn't been updated since 2020 (but the other two packages are regularly updated). Beside this the SRC_URI has been inaccessible since a while also. Drop this recipe (and substitute it with the up to date packages in followup patches). Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2fafea2aa7 --------------------------- krb5: upgrade 1.21.3 -> 1.22.2 Drop the patches that are included in this release. License-Update: copyright year bump Changelog: 1.22.2: Fix a SPNEGO packet parsing bug which could cause GSS mechanism negotiation failure. 1.22.1: Fix a vulnerability in GSS MIC verification [CVE-2025-57736] 1.22.0: User experience - The libdefaults configuration variable "request_timeout" can be set to limit the total timeout for KDC requests. When making a KDC request, the client will now wait indefinitely (or until the request timeout has elapsed) on a KDC which accepts a TCP connection, without contacting any additional KDCs. Clients will make fewer DNS queries in some configurations. - The realm configuration variable "sitename" can be set to cause the client to query site-specific DNS records when making KDC requests. Administrator experience - Principal aliases are supported in the DB2 and LMDB KDB modules and in the kadmin protocol. (The LDAP KDB module has supported aliases since release 1.7.) - UNIX domain sockets are supported for the Kerberos and kpasswd protocols. - systemd socket activation is supported for krb5kdc and kadmind. Developer experience - KDB modules can be be implemented in terms of other modules using the new krb5_db_load_module() function. - The profile library supports the modification of empty profiles and the copying of modified profiles, making it possible to construct an in-memory profile and pass it to krb5_init_context_profile(). - GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to gss_init_sec_context() to request strict enforcement of channel bindings by the acceptor. Protocol evolution - The PKINIT preauth module supports elliptic curve client certificates, ECDH key exchange, and the Microsoft paChecksum2 field. - The IAKERB implementation has been changed to comply with the most recent draft standard and to support realm discovery. - Message-Authenticator is supported in the RADIUS implementation used by the OTP kdcpreauth module. Code quality - Removed old-style function declarations, to accomodate compilers which have removed support for them. - Added OSS-Fuzz to the project's continuous integration infrastructure. - Rewrote the GSS per-message token parsing code for improved safety. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 8ba0a9e49a --------------------------- libimobiledevice: upgrade to 1.4.0 Delete patch that's included in this release. Changelog: - Add support for MbedTLS - Add Reverse Proxy implementation - Add support for wireless pairing (AppleTV) - Embed 3rd party libraries for ed25519 and SRP6a - Fixes in idevicedebug - idevicecrashreport: Allow filtering crash reports by filename - Add idevicedevmodectl tool - Fixes for idevicebackup2 - Add property_list_client_get_service_client() and service_get_connection() functions - Add idevicebtlogger - Add new idevice_events_subscribe/unsubscribe API - Move LIBIMOBILEDEVICE_API to public headers - Add afc_strerror function - Add libimobiledevice_version() function - Use libimobiledevice-glue's SHA1 implementation - Add support for iOS 17+ Personalized Developer Disk image mounting - Fix compilation on MSVC - Add idevice_strerror() to interface - Add new idevice_get_device_version() to interface - Add os_trace_relay service implementation - Fixes for idevicesyslog - afc: Add afc_get_file_info_plist and afc_get_device_info_plist functions ... and several other internal changes Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: cb9d043f46 --------------------------- paho-mqtt-c: upgrade 1.3.14 -> 1.3.15 Drop patch to fix gcc15 compatibility - the problem has been solved by upstream. Changelog: - Update getaddrinfo options to support IPv6 hostname resolution - Removed unnecessary _WIN64 conditional checks - Fixed condition variable timed wait - Support tls:// prefix Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 4323fc8507 --------------------------- libtorrent-rasterbar: upgrade 2.0.10 -> 2.0.11 Changelog: https://github.com/arvidn/libtorrent/releases/tag/v2.0.11 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2b4ea93889 --------------------------- qpdf: upgrade 12.3.0 -> 12.3.2 ChangeLog https://github.com/qpdf/qpdf/releases/tag/v12.3.2 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 785336405d --------------------------- python3-sqlalchemy: upgrade 2.0.45 -> 2.0.46 1.Changelog: https://github.com/sqlalchemy/sqlalchemy/releases/tag/rel_2_0_46 2.LICENSE checksum has changed as Copyright year changed: https://github.com/sqlalchemy/sqlalchemy/commit/997cdf9cadafd0ed54943f35f1add195ab2b31b7 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 5f6dbb284a --------------------------- minizip-ng: 4.0.8 -> 4.0.10 1.Changelog: https://github.com/zlib-ng/minizip-ng/releases/tag/4.0.10 2.Remove 0001-crypt.h-Remove-register-keyword.patch as it was merged upstream. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 6605c61301 --------------------------- python3-pywbem: 1.7.3 -> 1.9.0 Changelog: https://pywbem.readthedocs.io/en/1.9.0/changes.html Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: dfd6cf901a --------------------------- fwupd: upgrade 2.0.16 -> 2.0.19 Ptests passed. Note: plugin_uefi_capsule_splash PACKAGECONFIG is broken, it fails to configure: | ../sources/fwupd-2.0.16/plugins/uefi-capsule/meson.build:83:4: ERROR: Problem encountered: Error: missing dependency python gobject introspection (python3-gi) | Error: missing dependency python cairo (python3-cairo) This doesn't seem to be a regression from this update, was present before the upgrade also. (The PACKAGECONFIG is disabled by default) Changelogs: 2.0.19: This release adds the following features: Add two commands to fwupdtool to calculate and find CRCs Allow systems to use the udev event source without using systemd This release fixes the following bugs: Always show the correct new firmware version in 'fwupdmgr get-history' Fix an integer underflow when parsing a malicious PE file Fix a regression when enumerating the dell-dock status component Fix the fuzzer timeout when parsing a synaptics-rmi SBL container Fix updating the Intel GPU FWDATA section Respect 'fwupdmgr --force' when installing firmware This release adds support for the following hardware: Lenovo Sapphire Folio Keyboard 2.0.18: This release adds the following features: Add a MOTD message for devices needing reboot after staged updates Create the reboot-required file when a firmware update requires reboot Record the system state for each composite emulation Update USI docking station firmware without requiring a manual replug This release fixes the following bugs: Add a MTD device problem if the Intel SPI BIOS lock is set Allow changing the child name when using PARENT_NAME_PREFIX Allow UpdateCapsule to work on systems that do not support SecureBoot Correctly parse the EFI_CAPSULE_RESULT_VARIABLE_HEADER Fall back to the SMBIOS version for BIOS MTD devices Fix a crash when trying to record an i2c emulation Fixed Huddly upgrade problems with major version changes Fix man page compatibility with apropos and whatis Fix parsing USB BOS descriptors Fix up the x86_64-specific capsule flags when deploying UEFI firmware Improve firmware stream searching speed by a huge amount Only convert the release uint32_t to device version format for UEFI devices Only handle SIGINT in fwupdtool when required Refactor the hypervisor and container detection to be usable from plugins Set PlatformArchitecture as the CPU architecture for RISC-V machines Use a sensible timeout when doing qc-s5gen2 HID requests This release adds support for the following hardware: HP Portable USB-C 4K HDMI Hub Lenovo Legion Go 2 (as a HID device) Synaptics HapticsPad 2.0.17: This release adds the following features: Add support for client-side phased update deployment Add support for post-quantum signatures Allow clearing the cache dirirectory Allow fwupdtpmevlog to dump the raw eventlog data Build a NVMe GUID derived from the serial number Make fwupdtool extract work with deeply nested images Parse VSS and FTW variable stores from EFI volumes Reintroduce the FreeBSD CI target Support very old versions of UDisks This release fixes the following bugs: Add 'fwupdmgr hwids' by exposing another daemon property Add offline hashes for the Microsoft 20250902 dbx Add the Framework-specific KEK and db hashes Allow updating IFD BIOS region via parent MTD Avoid showing reinstall prompts for composite devices Clean up the fwupdtool lock file in all cases Correctly match the correct historical composite component Do not allow PK or KEK updates when system has a test key installed Do not allow reinstalling when using ONLY_VERSION_UPGRADE Do not require AC power to run the installed tests Do not scan EFI volumes when constructing MTD BIOS devices Ensure REGION is always set for MTD IFD children Ensure SCSI instance IDs are valid ASCII values Fix a critical warning when parsing invalid Jabra firmware Fix an Ilitek parsing crash found when fuzzing Fix an inotify race when refreshing metadata Fix a pending-activation problem with Dell docking stations Fix a potential hang when creating a chunk array with aligned sizes Fix MTD emulation recording for PCI-backed devices Fix the device order when the parent specifies install-parent-first Fix the FLMSTR layout when reading IFD partitions Fix the thunderbolt controller rushing to finalize before onlining retimers Fix writing Intel GPU OptionROM data and OptionROM code Flush stale events to make the Logitech Rallybar more reliable Ignore all the Intel GPU MTD devices Ignore errors when writing the last page of Dell dock firmware Make an error message more specific Modify the Dell dock needs-activation flag after updates are installed Only add one devlink device for each PCI card Parse the FMAP SBOM area as uSWID when required Relax the USI dock DMC child device checks for new firmware Revert back to the flashrom deprecated API as the new API is unusable Rewrite the fwupdmgr manpage to be more useful Use higher delay when update status for Logitech peripheral devices This release adds support for the following hardware: ASUS CX9406 (touch controller) Framework Copilot keyboard Genesys GL352530 and GL352360 Huddly C1 Lexar and Maxio NVMe SSDs Primax Ryder mouse 2 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 92c8880aa3 --------------------------- nvme-cli: upgrade 2.12 -> 2.16 Changelogs: https://github.com/linux-nvme/nvme-cli/releases/tag/v2.16 https://github.com/linux-nvme/nvme-cli/releases/tag/v2.15 https://github.com/linux-nvme/nvme-cli/releases/tag/v2.14 https://github.com/linux-nvme/nvme-cli/releases/tag/v2.13 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: c7ec976a3c --------------------------- dediprog-flasher: upgrade 1.14.20 -> 1.14.21 Drop the patches that are included in this release. Changelog: https://github.com/DediProgSW/SF100Linux/compare/V1.14.20.x...V1.14.21,x Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d30eb4156b --------------------------- edac-utils: bump to latest revision Changelog: Add loongarch64 support Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 35bc104317 --------------------------- iozone3: upgrade 507 -> 508 Changelog: - Put an end to the (&*% stupid GCC breaking builds for no valid reason. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 444f704d03 --------------------------- fio: upgrade 3.39 -> 3.41 Changelog: 3.41: - engines/io_uring: remove unnecessary SQ full check - io_uring: ensure accurate real_file_size setup for full device access with PI enabled - Fix: parse.c opt_len() to use minimal distance to delimiter to determine option length - io_u: fix offset calculation in randtrimwrite - engines/http: fix file name - engines/http: Add S3 security token support - io_u: get io_u from io_u_freelist when TD_FSYNCING - io_uring CQ reap cleanup - Add 'filetype' option - handle out-of-order write completions in verify state (Issue #1950) - engines/http: Add support for range reads - Makefile: fix man and share install paths on MacOS - Sprandom - Fix mandoc warnings - fio: fix formats under MIPS64/PPC - sprandom: Fix several issues found in the sprandom implementation - t/verify-state.c fixes/improvements 3.40: - t/read-to-pipe-async: fix -DNDEBUG support - docs: update docs for verify_mode=compare of io_uring_cmd - dfs: fix fail to load dfs engine - Fix spelling error in IO uring engine. - Fix hang on Windows when multiple --client args are present - Add important info about http_host and file formatting to s3 example - oslib: blkzoned: add missing blkzoned_move_zone_wp() stub Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 52b76013e8 --------------------------- tigervnc: upgrade 1.15.0 -> 1.16.0 1.ChangeLog https://github.com/TigerVNC/tigervnc/releases/tag/v1.16.0 2.Update 0002-add-missing-dynamic-library-to-FLTK_LIBRARIES.patch for 1.16.0 3.Update xorg-server to 21.1.21 4.Fix do_install error Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 6354dcfaa8 --------------------------- multipath-tools: upgrade 0.12.1 -> 0.12.2 1. Changelog https://github.com/opensvc/multipath-tools/releases/tag/0.12.2 2. Update 0004-RH-use-rpm-optflags-if-present.patch for 0.12.2 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 1b4b952b51 --------------------------- freerdp: ignore CVE-2025-68118 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118 The vulnerability is specific to the usage of Microsoft specific sprintf implementation. Because of this, ignore this vulnerability. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: c0af251f34 --------------------------- wireshark: upgrade 4.2.14 -> 4.6.3 Contains fix for CVE-2025-0962. Removed CVE-2025-9817.patch because it is included in this release. Add a patch that allows it building for native: it is looking for iconv.h header as a new dependency for (optional) zlib-ng support, however it is not installed in the sysroot for native builds. Add a patch that removes this hard dependency for native builds. Changelogs: https://www.wireshark.org/docs/relnotes/wireshark-4.6.3.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.2.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.1.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html Overall changelogs (including 4.4 also): https://www.wireshark.org/docs/relnotes/ Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2ce95a4d88 --------------------------- fbida: upgrade 2.14 -> 2.15 1. Changelog https://gitlab.com/kraxel/fbida/-/commit/a0d75fbab3ea01bf5b36f813f0ec0d1bfa2db745 2. Drop following patches as they were merged upstream. fbida-gcc10.patch 0001-meson.build-install-fbgs-shell-script.patch 0001-fbida-Include-missing-sys-types.h.patch 0002-meson.build-add-features-options-for-png-gif-tiff-we.patch 0001-meson.build-make-fbpdf-build-optional.patch 3. Drop 0003-meson.build-do-not-require-xkbcommon.patch as xkbcommon was added as DEPEND. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: c276518790 --------------------------- android-tools-conf-configfs: remove this recipe without selinux dependency For the boards with multiple UDC ports, when compiling with meta-selinux layer adb funtion will be impacted due to below error. Remove the recipe under dynamic-layers/selinux/ as it's not required anymore, and ensure adb work normally on the boards with multiple UDC ports. ls /sys/class/udc/ > /sys/kernel/config/usb_gadget/adb/UDC ls: write error: Device or resource busy Signed-off-by: Shoudi Li Signed-off-by: Khem Raj --------------------------- Commit: 8089168196 --------------------------- Use https when accessing archive.xfce.org While using devtool to check available versions, I noticed a 301 http error. Specifically : $ devtool latest-version libxfce4ui Resolving archive.xfce.org (archive.xfce.org)... 217.70.191.87 Connecting to archive.xfce.org (archive.xfce.org)|217.70.191.87|:80... connected . HTTP request sent, awaiting response... 301 Moved Permanently Location: https://archive.xfce.org/src/xfce/libxfce4ui/4.20/ [following] With this patch, we change to make the SRC_URI an https request. Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: f0f02434c8 --------------------------- hdf5: fix shasum, downloadfilename Fixes: #1023 Upstream seems to have regenerated the archive, as the checksum no longer matches the one specified in the recipe: |WARNING: hdf5-2.0.0-r0 do_fetch: Checksum failure encountered with download of https://support.hdfgroup.org/releases/hdf5/v2_0/v2_0_0/downloads/hdf5-2.0.0.tar.gz - will attempt other sources if available |WARNING: hdf5-2.0.0-r0 do_fetch: Checksum mismatch for local file /buildcache/downloads/hdf5-2.0.0.tar.gz |Cleaning and trying again. |WARNING: hdf5-2.0.0-r0 do_fetch: Renaming /buildcache/downloads/hdf5-2.0.0.tar.gz to /buildcache/downloads/hdf5-2.0.0.tar.gz_bad-checksum_a7a8f43e76e825ea22234bc735d5b184e880d305e33e4c9bb93a3912421c9973 |ERROR: hdf5-2.0.0-r0 do_fetch: Checksum failure fetching https://support.hdfgroup.org/releases/hdf5/v2_0/v2_0_0/downloads/hdf5-2.0.0.tar.gz |ERROR: hdf5-2.0.0-r0 do_fetch: Bitbake Fetcher Error: ChecksumError('Checksum mismatch!\nFile: \'/buildcache/downloads/hdf5-2.0.0.tar.gz\' has sha256 checksum \'a7a8f43e76e825ea22234bc735d5b184e880d305e33e4c9bb93a3912421c9973\' when \'6e45a4213cb11bb5860) |ERROR: Logfile of failure stored in: /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/hdf5/2.0.0/temp/log.do_fetch.2054297 However, the tarballs look identical. Update the hash and be explicit about downloadfilename to avoid any mirroring issues. A note has been left that this measure can be removed with a future upgrade. Signed-off-by: Trevor Gamblin Reviewed-by: Yoann Congal Signed-off-by: Khem Raj --------------------------- Commit: b43a9e6897 --------------------------- mutter: fix build without x11 in DISTRO_FEATURES Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 049c89877c --------------------------- fontforge: patch CVE-2025-15269 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15269 Pick the patch that refers to this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5dddc4f520 --------------------------- fontforge: patch CVE-2025-15275 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275 Pick the patch that mentions this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 922de306a6 --------------------------- fontforge: patch CVE-2025-15279 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15279 Pick the patch that mentions this vulnerability ID explicitly. Also, this patch has caused some regression - pick the patch also that fixed that regression. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: c42dac1f08 --------------------------- fontforge: upgrade 20230101 -> 20251009 Drop patches that are inluded in this release. libxi has been removed as a dependency, because the project has dropped the x11 drawing backend, it implements everything in gtk. Changelog: https://github.com/fontforge/fontforge/releases/tag/20251009 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: ee064972a0 --------------------------- liboauth2: Add recipe at 2.2.0 V3: adds fixes for building with clang V4: removes default PACKAGECONFIG used for testing builds V5: fixes Upstream-Status in patch Signed-off-by: Frede Hoey Braendstrup Signed-off-by: Khem Raj --------------------------- Commit: c1f2aeb030 --------------------------- softhsm: upgrade 2.6.1 -> 2.7.0 0001-avoid-unnecessary-check-for-sqlite3-binary.patch removed since it's included in 2.7.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c8e0deb564 --------------------------- python3-ukkonen: upgrade 1.0.1 -> 1.1.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 702b08355b --------------------------- python3-python-multipart: upgrade 0.0.21 -> 0.0.22 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ccc5fd9e78 --------------------------- python3-pytest-html: upgrade 4.1.1 -> 4.2.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e86ca5c544 --------------------------- python3-multidict: upgrade 6.7.0 -> 6.7.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9d39ccf76a --------------------------- python3-marshmallow: upgrade 4.2.0 -> 4.2.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 95e2afb5e0 --------------------------- python3-icecream: upgrade 2.1.9 -> 2.1.10 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a0f8399ae6 --------------------------- python3-httplib2: upgrade 0.31.1 -> 0.31.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 38d438b403 --------------------------- python3-gunicorn: upgrade 23.0.0 -> 24.1.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b9f1c502bd --------------------------- python3-greenlet: upgrade 3.3.0 -> 3.3.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 5e043092ac --------------------------- python3-elementpath: upgrade 5.1.0 -> 5.1.1 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b62af48a2d --------------------------- python3-dill: upgrade 0.4.0 -> 0.4.1 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b13522054b --------------------------- python3-coverage: upgrade 7.13.1 -> 7.13.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 23f7bc3344 --------------------------- python3-cachetools: upgrade 6.2.4 -> 6.2.5 Licensse-Update: copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7ad9ca5fd8 --------------------------- python3-bandit: upgrade 1.9.2 -> 1.9.3 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6a610e9f08 --------------------------- libtdb: upgrade 1.4.14 -> 1.4.15 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e9f677ac51 --------------------------- libtalloc: upgrade 2.4.3 -> 2.4.4 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9801afd278 --------------------------- iotop: upgrade 1.30 -> 1.31 License-Update: Copyright year updated to 1.31 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: c2b4809fe8 --------------------------- imagemagick: upgrade 7.1.2-12 -> 7.1.2-13 License-Update: change license url to https://imagemagick.org/license/ Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 8147911cc0 --------------------------- graphviz: upgrade 14.0.4 -> 14.1.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f74dd7b6e5 --------------------------- gperftools: upgrade 2.16 -> 2.18 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 53f62e7e2e --------------------------- googlebenchmark: upgrade 1.9.4 -> 1.9.5 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 55261904d3 --------------------------- exiftool: upgrade 13.45 -> 13.46 Changelog: ============= - Added a new Pentax LensType - Decode some new Canon tags - Renamed a newly added Canon tag - Improved identification of Canon RF lenses in edited images when an extender was used - Changed description of FocalLength35efl to add "35mm Equiv" - Patched -validate option to recognize DNG 1.7.1 tags - Patched to remove maker note error/warning when writing files from some Google phones - Patched to improve warning for corrupted HEIC files downloaded from heic.digital, and added ability to delete this garbage when writing - Fixed minor error when writing some DJI DNG files - API Changes: - Added GeoUserTag option Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f2db94640a --------------------------- ctags: upgrade 6.2.20260118.0 -> 6.2.20260125.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 3223f320ce --------------------------- bindfs: upgrade 1.18.3 -> 1.18.4 Changelog: ========== - Merged build fix for MacFUSE - Populate user and group cache eagerly on startup, if the cache is needed Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 112b473a7f --------------------------- python3-path: Upgrade 17.1.0 -> 17.1.1 Upgrade to release 17.1.1: - Feed the hobgoblins (delint) - Supply the types, irrespective of platform - Ignore the arg type License-Update: Update years Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 71285e9807 --------------------------- python3-jmespath: Upgrade 1.0.1 -> 1.1.0 Upgrade to release 1.1.0: - Fix concurrency issue with cache - Added support for Python 3.12-3.14 - Removed support for Python 3.7-3.8 License-Update: Use file LICENSE Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: a960796c9e --------------------------- openl2tp: Fix do_package_qa Issue Fix following issue when using customized kernel without kernel-module-l2tp-ppp enabled. ERROR: openl2tp-1.8-r0 do_package_qa: QA Issue: openl2tp-ptest rdepends on kernel-module-l2tp-ppp, but it isn't a build dependency? [build-deps] Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: d648916239 --------------------------- openhpi: remove snmp-bc from default packageconfig Disable snmp_bc plugin build by default as net-snmp no longer supports DES by default. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: f8fcc9ccf5 --------------------------- gimp: update 3.0.6 -> 3.0.8 - remove cve fixes which are included in this release - remove the fix for bzip2. meson.build was improved so this is not required anymore - inherit bash-completion This releases contains a lot of bugfixes. The below list is not exhaustive. Core: - Font handling improvements: * Font loading on start massively sped up. * As an exception, Skia font family (apparently quite common on macOS) is special-cased because it behaves weirdly and was not working with current font handling. * Various other fixes related to font handling. * We now wait for fonts to be fully loaded before loading any file. - Command Line Interface: * Option -i / --no-interface is not shown anymore on `gimp-console` binary (it can still be used — it does nothing there anyway —, which allows to use the same sets of option with the GUI binary, and also so that existing shell scripts don't break). * Option --show-debug-menu is not hidden anymore for discoverability. * The `gimp-3.0` executable can now run with --no-interface even when no display is available (ex: virtual terminal with no window manager/compositor, containers, etc.). This used to only work with `gimp-console-3.0` executable. - Windows: * output CLI messages to the parent console like Linux and macOS. * Ctrl+C signals are now correctly handled in the attached console. * The attached console supports color too. * Interpreters are run conditionally if running in console. - macOS: default to "quartz" Input Method for emoji keyboard support. - Wayland: wait before we get our first surface before listing input devices to work around a Wayland limitation and GTK bug. - Default "Search" feature in GTK3 is now disabled in the component editor in the Channels dockable. - Several fixes related to Quick Mask handling. - Fixed some cases where config migration from GIMP 2 to GIMP 3 was problematic. - Several buggy undo cases were fixed. - Several fixes related to pass-through group layers. - Export will now be properly triggered even if no drawables are selected (this is not a requirement anymore with GIMP 3 API). - Path import and export respectively from and to SVG improved. - Serialize colors in legacy GimpRGB format into a XCF when the XCF version is older than GIMP 3 for backward compatibility. Tools: - Symmetry: fix initial stroke symmetry when using pixmap brushes. - Move tool: fixed weird position jumps in some cases. Graphical User Interface: - Center buttons in overlay dialogs. - Headerbar's (when titlebar and menubar are merged) button colors now match our theme. - Dialogs' header icon and view will now scale based on custom icon size. - Resize dialog: Canvas Size fill combo set to insensitive if layers won't be resized. - Navigation and Selection editor will now properly match the theme (in particular, in dark mode, they won't show large bright area). - Do not show outlines when hovering the absent "Fx" icon anymore, which was confusing people into making it look like you could click and interact with this empty area. Plug-ins: - Fixes on: OpenRaster export, TIFF import, Map Object, PDF export, Gradient Flare, ANI export, Script-Fu, DDS export, Fractal Explorer, PSP import, ICO import, XWD import, PSD import, WebP export, ICNS import, Gimpressionist, JPEG 2000 import, Busy Dialog. - Scale entries have been replaced by spin scale widgets in a bunch of plug-ins. - Fixed vulnerabilities: ZDI-CAN-28376, ZDI-CAN-28311, ZDI-CAN-28273, ZDI-CAN-28158, ZDI-CAN-28232, ZDI-CAN-28265, ZDI-CAN-28530, ZDI-CAN-28248, PSP issue 15732. - Script-Fu improved to not initialize UI code unnecessarily (and therefore make it unusable on systems without a display). API: - libgimp: * Fixes where made in libgimp metadata object. * Make GExiv2Metadata as parent of GimpMetadata visible to Gobject-Introspection tools (bindings were missing this information). * Fixes made on: gimp_drawable_get_thumbnail(), gimp_drawable_get_sub_thumbnail(), gimp_drawable_filter_new(), gimp_proc_view_new(), gimp_procedure_set_sensitivity_mask(), gimp_procedure_dialog_get_spin_scale(). * Remove thumbnail metadata before writing it on export, to make sure we don't cary on metadata written by other software in thumbnails. - libgimpconfig: * Improve error messaging on config deserialization. * Fix gimp_config_serialize_value() when serializing file objects. * New functions: gimp_config_get_xcf_version() and gimp_config_set_xcf_version(). - libgimpcolor: * gimp_color_is_perceptually_identical() docs clarified. - libgimpbase: * The host config directory is now shown in MSIX. * The host config directory is now shown in flatpak. - libgimpwidgets: * Fixes made on: GimpLabelEntry, gimp_widget_free_native_handle(). - libgimpcolor: * New function: gimp_cairo_surface_get_buffer() * Deprecated function: gimp_cairo_surface_create_buffer() in favor of gimp_cairo_surface_get_buffer(). The function implementation was also changed so that it does not necessarily return a linear-memory backed buffer anymore (it might, but developers should not have any expectation about this). Build: - Third-party binary plug-in support in the Snap backported from the original third-party snap. - Snap package for release is now created and submitted on a release pipeline. - Release URLs added to AppStream metadata. - We do not build GEGL with Matting Levin for Windows builds anymore because of crashes. - Flatpak nightly builds will now show a pseudo-release visible with `flatpak list`, showing proper version information. - Windows installer now has a dark mode. - Update changelog on MS Store (MSIX) releases. - AppImage now ships with full MIDI support. - Make it clearer that GExiv2 0.15.0 and over are incompatible (because of API breakage). - Improve build to ensure that the language list (shown in Preferences) is localized during compilation. This also means that a build machine should be set up for localization at build time when optional language selection is enabled. - We now require the generic C++14 standard, and not the GNU variant anymore. - MSVC support added. - Various tweaks which used to be required to make packages work as relocatable builds were dropped since babl and GEGL now have a relocatable option working also on Linux. - The `man` page of GIMP binaries was updated. - The `gimp-console` binary is now shipped in the Flatpak. - macOS pipeline added in our Gitlab CI. - Make sure that harfbuzz is built with libgraphite2 shaper on macOS. - Generate file associations for macOS automatically. - A Bash completion file was added for `gimp` and `gimp-console` binaries. Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: e854d8b7f6 --------------------------- glaze: add recipe at 7.0.1 Signed-off-by: Khem Raj --------------------------- Commit: 48dd13d374 --------------------------- python3-pandas: Upgrade 2.2.3 -> 3.0.0 Upgrade to release 3.0.0: - Dedicated string data type by default - Consistent copy/view behaviour with Copy-on-Write (CoW) (a.k.a. getting rid of the SettingWithCopyWarning) - New default resolution for datetime-like data - Initial support for the new pd.col syntax License-Update: Update license year to 2026 Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 9769266642 --------------------------- python3-rich: Upgrade 14.2.0 -> 14.3.1 Upgrade to release 14.3.1: - Fixed characters out of unicode range reporting a cell size if 0 From release 14.3.0: - IPython now respects when a Console instance is passed to pretty.install - Fixed extraneous blank line on non-interactive disabled Progress - Fixed extra padding on first cell in columns - Fixed trailing whitespace removed when soft_wrap=True - Fixed style new-lines when soft_wrap = True and a print style is set Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 74c3a218fd --------------------------- net-snmp: Add PACKAGECONFIG for aes Allows for net-snmp to be build with support for AES-192 and AES-256 Signed-off-by: Benjamin B. Frost Signed-off-by: Khem Raj --------------------------- Commit: 8692164ccb --------------------------- libgedit-gtksourceview: upgrade 299.2.1 -> 299.4.0 Also update the SRC_URI. The original upstream Github repos have been deleted. Switched to Gnome servers to fetch the sources from. Changelog: 299.4.0: - Remove the background-pattern (with the grid) feature. - Fix some crashes. - Fix GI annotation warnings. - Translation updates. 299.3.0: Style schemes: - Remove GtkSourceStyleSchemeChooser interface. - Add light-only and dark-only kinds. - Mark classic and tango as light-only kind (so they are unsupported with dark theme variants). Syntax highlighting: - New *.lang file: Nix. For packagers: - Build: add the 'tests' option. Misc: - Documentation updates and improvements. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: bb1f6db52c --------------------------- libgedit-amtk: upgrade 5.8.0 -> 5.9.0 Also, update the SRC_URI - the original github repos have been deleted completely. Fetch it from the Gnome servers instead. Changelog: * Adopt new versioning scheme (this version is a stable one). * Move the project to: https://gitlab.gnome.org/World/gedit/libgedit-amtk * Use GtkImageMenuItem even if deprecated. * Build: add the 'tests' option. * Translation updates. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 47efd1f9b8 --------------------------- sblim-sfcc: fix SRC_URI The old URL is gone - set a working mirror. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: fd562c65c6 --------------------------- anthy: fix SRC_URI The old URL is gone - switch to a working mirror. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: d99c82c088 --------------------------- ttf-vlgothic: fix SRC_URI The old URL is inoperable since a while - switch to Ubuntu's mirror. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: a1baa1c027 --------------------------- linux-atm: fix SRC_URI The original SRC_URI's certificate has expired - change it to a working URL. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 6564176004 --------------------------- cjose: Add recipe at 0.6.2.4 Signed-off-by: Frede Hoey Braendstrup Signed-off-by: Khem Raj --------------------------- Commit: 0e0b43c4b9 --------------------------- libsigrokdecode: add Python 3.14 support Refresh a patch to include python-3.14-embed in the configure.ac file, so that libsigrokdecode (and by extension, libsigrok, sigrok-cli, etc.) can build. Signed-off-by: Trevor Gamblin Signed-off-by: Khem Raj --------------------------- Commit: 6d9c1d30e7 --------------------------- python3-geojson: fix build with python 3.14 Backport parts of an upstream PR that enables 3.14 in setup.py. ptests look OK: |============================================================================ |Testsuite summary |# TOTAL: 68 |# PASS: 68 |# SKIP: 0 |# XFAIL: 0 |# FAIL: 0 |# XPASS: 0 |# ERROR: 0 |DURATION: 0 |END: /usr/lib/python3-geojson/ptest |2026-01-23T18:03 |STOP: ptest-runner |TOTAL: 1 FAIL: 0 Signed-off-by: Trevor Gamblin Signed-off-by: Khem Raj --------------------------- Commit: e0719a3497 --------------------------- libtsm: drop BBCLASSEXTEND = "native nativesdk" BBCLASSEXTEND = "native nativesdk" isn't needed and is producing the following warning: ``` WARNING: Nothing PROVIDES 'nativesdk-xkeyboard-config' (but libtsm_4.4.0.bb DEPENDS on or otherwise requires it). Close matches: nativesdk-gnu-config nativesdk-pkgconfig xkeyboard-config ``` Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 5aca0a216d --------------------------- usbids: upgrade 2025.09.15 -> 2025.12.13 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: fb974db2c4 --------------------------- python3-pydantic: Upgrade 2.12.4 -> 2.12.5 Upgrade to release 2.12.5: - Fix pickle error when using model_construct() on a model with MISSING as a default value - Several updates to the documentation Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 5d40ca9cdf --------------------------- python3-reportlab: Upgrade 4.4.5 -> 4.4.9 Upgrade to release 4.4.9: - Remove unwanted debug Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 4f5846a280 --------------------------- libnma: remove x11 from REQUIRED_DISTRO_FEATURES Signed-off-by: Khem Raj --------------------------- Commit: fa3d891a25 --------------------------- libgtop: fix build without x11 add PACKAGECONFIG for xauth and make it dependent on x11 in DISTRO_FEATURES Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: e8dbc52097 --------------------------- net-snmp: remove des from default packageconfig The DES algorithm is considered weak and outdated. Remove des from default PACKAGECONFIG to disable it. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: e1ee8beb12 --------------------------- xmlsec1: remove des from default packageconfig The DES algorithm is considered weak and outdated. Remove des from default PACKAGECONFIG to disable it. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 720b60ac39 --------------------------- onboard: add recipe Onboard is an onscreen keyboard useful for everybody that cannot use a hardware keyboard; for example Tablet-PC users or mobility impaired users. It has been designed with simplicity in mind and can be used right away without the need of any configuration, as it can read the keyboard layout from the X server. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: ba35086082 --------------------------- pahole: upgrade 1.29 -> 1.31 0001-btf_encoder-Fix-elf_functions-cleanup-on-error.patch revemoed since it's included in 1.31 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 884a81d886 --------------------------- mcelog: upgrade 208 -> 210 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: dc5132edf7 --------------------------- unicode-ucd: adjust to correct checksum values. The checksums are wrong and thus this fails to build. Signed-off-by: Tom Geelen Signed-off-by: Khem Raj --------------------------- Commit: 834988cae3 --------------------------- mozjs-128: update 128.5.2 -> 128.14.0 - add a patch to fix build with python 3.14 Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 33f450b627 --------------------------- gnome-shell: fix build without x11 in DISTRO_FEATURES Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 67430e2a67 --------------------------- gnome-settings-daemon: fix build without x11 xwayland requires x11, build only if x11 is in DISTRO_FEATURES Signed-off-by: Khem Raj --------------------------- Commit: b7e757dc8f --------------------------- gnome-control-center: remove x11 from REQUIRED_DISTRO_FEATURES Signed-off-by: Khem Raj --------------------------- Commit: 0218bdaaf0 --------------------------- gnome-bluetooth: remove x11 from REQUIRED_DISTRO_FEATURES Signed-off-by: Khem Raj --------------------------- Commit: 4d7d48aaa3 --------------------------- libde265: dont select sld2 support by default libsdl2 requires x11 and should not be selected by default anyway Signed-off-by: Khem Raj --------------------------- Commit: 7e761cb2d1 --------------------------- rygel: add x11 to REQUIRED_DISTRO_FEATURES x11 is required Signed-off-by: Khem Raj --------------------------- Commit: e14371aa26 --------------------------- libcanberra: fix build without x11 gtk3-module and xwayland require x11 Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 6c1f371ed4 --------------------------- mutter: update 48.5 -> 48.7 48.7 ==== * Still constrain fullscreen wayland windows with size limits [Jonas Å.; !4587] * Fixed crashes [Jonas, Marco; !4643, !4705] Contributors: Marco Trevisan, Jonas Ådahl 48.6 ==== * Fix DND actions not working reliably in some X11 clients [Jonas; #4288] * Fix presentation timings with commit-timing-v1 [Mario; !4645] * Fixed crashes [Sebastian, Milan; !4682, !4592] * Misc. bug fixes and cleanups [Carlos, Raihan; !4697, !4688] Contributors: Raihan Ahamed, Milan Crha, Carlos Garnacho, Sebastian Keller, Mario Kleiner, Jonas Ådahl Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: c3754d7d90 --------------------------- minicoredumper: Add HOMEPAGE variable Add HOMEPAGE variable to minicoredumper recipe. Signed-off-by: Weisser, Pascal Signed-off-by: Khem Raj --------------------------- Commit: 7c65b0bccb --------------------------- freerdp: add ptest support The test suite takes about 50s to execute. Sample output: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-22T12:58 BEGIN: /usr/lib/freerdp/ptest PASS: TestClient TestClientRdpFile PASS: TestClient TestClientChannels PASS: TestClient TestClientCmdLine [...many lines...] PASS: TestWtsApi TestWtsApiSessionNotification PASS: TestWtsApi TestWtsApiShutdownSystem PASS: TestWtsApi TestWtsApiWaitSystemEvent DURATION: 48 END: /usr/lib/freerdp/ptest 2026-01-22T12:59 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: b7bd06e9b4 --------------------------- pipewire: update 1.4.9 -> 1.4.10 PipeWire 1.4.10 (2026-01-16) This is a small bugfix release that is API and ABI compatible with previous 1.x releases. Highlights - Fix a regression in restoring volumes on nodes. - Clean up timed out stream on pulse-server. - Backport filter-graph channel support. - More small fixes and improvements. PipeWire - Backport the timer queue from 1.5. modules - Fix module leak in module-eq. (#5045) - Fix profiling of multiple drivers when profile.interval.ms is set. (#5061) - Allow both sink and source pulse tunnels with the same name. (#5079) SPA - Emit props events in all cases. (#4610) - Backport some filter-graph changes to make it adapt better to the number of channels of the stream. - Fix some port errors in filter-graph. (#4700) - Avoid a memcpy in the convolver. - Handle some DBus errors better instead of crashing. - Fix AVX2 functions and flags. (#5072) - Limit resampler phases to avoid crashes (#5073) - Support some more channel downmix positions. pulse-server - Clean up timed out streams. (#4901) - Add message to force mono mixdown. GStreamer - Avoid scaling overflow in the clock. Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 37f675a8bc --------------------------- chrony: Ensure /var/lib/chrony belongs to correct user/group Signed-off-by: Andreas Schulz Signed-off-by: Khem Raj --------------------------- Commit: 9650622e07 --------------------------- grilo: upgrade 0.3.16 -> 0.3.19 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: d5128c8dbc --------------------------- gpsd: upgrade 3.27.3 -> 3.27.5 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 12eaeb566b --------------------------- gnome-text-editor: upgrade 48.3 -> 49.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4c95273fd5 --------------------------- geos: upgrade 3.13.1 -> 3.14.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 838d7e506f --------------------------- folks: upgrade 0.15.9 -> 0.15.12 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 3140029280 --------------------------- evince: upgrade 48.0 -> 48.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 11838942fd --------------------------- dnsmasq: upgrade 2.91 -> 2.92 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: d913f625cc --------------------------- ctags: upgrade 6.2.20260111.0 -> 6.2.20260118.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f2c2e4d50c --------------------------- catch2: upgrade 3.8.1 -> 3.12.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0eea1151a2 --------------------------- weechat: upgrade 4.6.0 -> 4.8.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 65eab60c93 --------------------------- wavpack: upgrade 5.8.1 -> 5.9.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 06028612e9 --------------------------- rdfind: upgrade 1.6.0 -> 1.7.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 68a249df75 --------------------------- python3-xmlschema: upgrade 4.3.0 -> 4.3.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e288070514 --------------------------- python3-types-psutil: upgrade 7.2.1.20251231 -> 7.2.1.20260116 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: fa3ce8c42a --------------------------- python3-starlette: upgrade 0.51.0 -> 0.52.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f84f881351 --------------------------- python3-soupsieve: upgrade 2.8.1 -> 2.8.2 License-Update: Copyright year updted to 2026. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b9bd8426db --------------------------- python3-regex: upgrade 2025.11.3 -> 2026.1.15 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 65c850da4f --------------------------- python3-pymisp: upgrade 2.5.17 -> 2.5.32 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0ee36e8e5a --------------------------- python3-py7zr: upgrade 1.1.0 -> 1.1.2 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a462432b6a --------------------------- python3-protobuf: upgrade 6.33.2 -> 6.33.4 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 2a8b4c695e --------------------------- python3-moteus: upgrade 0.3.97 -> 0.3.98 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: da80db34b6 --------------------------- python3-identify: upgrade 2.6.15 -> 2.6.16 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 2746a0ad19 --------------------------- python3-httplib2: upgrade 0.31.0 -> 0.31.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 70b10d77bb --------------------------- python3-alembic: upgrade 1.18.0 -> 1.18.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 2d21040385 --------------------------- pure-ftpd: upgrade 1.0.52 -> 1.0.53 License-Update: Copyright year updated to 2026. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4e8339716a --------------------------- plocate: upgrade 1.1.23 -> 1.1.24 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b26eda545e --------------------------- msgraph: upgrade 0.3.3 -> 0.3.4 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e6cb0aa585 --------------------------- babl: upgrade 0.1.118 -> 0.1.120 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7476295bea --------------------------- python3-wsproto: Upgrade 1.2.0 -> 1.3.2 Upgrade to release 1.3.2: - Fix type hints to allow BytesMessage to accept bytes again, as well as bytearray. Release 1.3.1: - Add additional license identifier to pyproject.toml. - Use Python 3.13 to build the docs to match ReadTheDocs build environment. Release 1.3.0: - Require h11>=0.16 dependency. - Fix "Upgrade" header value to match RFC. - Add reason "Switching Protocols" to handshake response. - Add docs for wsproto.Connection - Add support for Python 3.12, 3.13, and 3.14. - Drop support for Python 3.7, 3.8, and 3.9. - Improve Python typing, specifically bytes vs. bytearray. - Various linting, styling, and packaging improvements. Fixes: WARNING: python3-wsproto-1.3.2-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: a25b352d19 --------------------------- python3-pyperclip: Upgrade 1.9.0 -> 1.11.0 Upgrade to release 1.11.0: - Mention Wayland in error message - Update __init__.py License-Update: Use LICENSE.txt Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 61f918dbbf --------------------------- python3-bumble: Upgrade 0.0.221 -> 0.0.223 Upgrade to release 0.0.223: - Add annotation for Heart Rate and Battery Service - Add test for Heart Rate and Battery Service - Add support for RTL8761CU - feat: Add filtering options for usb probe - Fix GATT TemplateSerivce annotations - Improve Address type annotations - Replace send_pdu() with write() - GATT: Support Multiple Requests - Correct ATT_MTU in enhanced bearers - Add HCI Packets annotations and send_sco_sdu - Return 'invalid handle' for malformed read by type request Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 96a6c18a8c --------------------------- gtkmm3/gtkmm4: not set BPN Set BPN in gtkmm3 and gtkmm4 recipes is to inherit gnomebase.bbclass properly. But it uses variable GNOMEBN rather than BPN for SRC_URI and S in gnomebase.bbclass now, update in the recipes accordingly. Signed-off-by: Kai Kang Signed-off-by: Khem Raj --------------------------- Commit: 461e5620bc --------------------------- tmon: add a new recipe to generate tmon tmon is a monitoring and testing tool for Linux kernel thermal subsystem, it help visualize, tune, and test this complex system. Signed-off-by: Liwei Song Signed-off-by: Khem Raj --------------------------- Commit: def8784b1d --------------------------- tinycompress: install compress_ops.h as public header Add a patch to install compress_ops.h as a public header for tinycompress, and update the recipe to apply it. This is required for users that need access to compress_ops from external components. Upstream-Status: submitted Signed-off-by: Pratyush Meduri Signed-off-by: Khem Raj --------------------------- Commit: 7bbe4a4e20 --------------------------- php: upgrade 8.5.1 -> 8.5.2 This is a bugfix release. Integer underflows, memory leaks, null pointer dereferences and more. Changelog: https://www.php.net/ChangeLog-8.php#8.5.2 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: d2539548d0 --------------------------- python3-backports-zstd: Delete It conflicts with standard library with python 3.14+ Signed-off-by: Khem Raj --------------------------- Commit: 5731669e86 --------------------------- tumbler: Split plugins into own packages Signed-off-by: Khem Raj --------------------------- Commit: 36d480b9e1 --------------------------- python3-icecream: Upgrade 2.1.8 -> 2.1.9 Upgrade to release 2.1.9: - Removed support for Python 3.8. - Fixed issues to improve lists output. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 6c439b75a9 --------------------------- python3-tomlkit: Upgrade 0.13.3 -> 0.14.0 Upgrade to release 0.14.0: - fix: Add DottedKey to a super table gives wrong output - feat: enhance custom encoders to accept _parent and _sort_keys parameters Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: e102cccecf --------------------------- python3-pynacl: Upgrade 1.5.0 -> 1.6.2 Upgrade to release 1.6.2: - Updated libsodium to 1.0.20-stable (2025-12-31 build) to resolve CVE-2025-69277. From 1.6.1: - The MAKE environment variable can now be used to specify the make binary that should be used in the build process. From 1.6.0: - BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7. - Added support for the low level AEAD AES bindings. - Added support for crypto_core_ed25519_from_uniform. - Update libsodium to 1.0.20-stable (2025-08-27 build). - Added support for free-threaded Python 3.14. - Added support for Windows on ARM wheels. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: df2ac27812 --------------------------- kmscon: Add recipe Provide sane defaults that do not have dependencies, such as a dummy and terminal session support and basic fbdev support. kmsconvt@.service must be added separatly or else do_rootfs fails with the following error: ``` do_rootfs: Postinstall scriptlets of ['kmscon'] have failed. If the intention is to defer them to first boot, then please place them into pkg_postinst_ontarget:${PN} (). Deferring to first boot via 'exit 1' is no longer supported. ``` Add a small patch to fix a compiling error when using LLVM as the preferred toolchain. Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 200f48d774 --------------------------- libtsm: add recipe for kmscon dependency Signed-off-by: Adam Duskett Signed-off-by: Khem Raj --------------------------- Commit: 4350c04949 --------------------------- python3-html5lib: Fix build with python 3.14 Signed-off-by: Khem Raj --------------------------- Commit: 498b49d2a4 --------------------------- python3-lief: mark CVE-2025-15504 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15504 The vulnerability is patched in v0.17.2, however NVD is currently tracking the CVE without any version info (or more like with out any CPE info) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: cc4aa9b9d0 --------------------------- python3-lief: upgrade 0.17.1 -> 0.17.2 Contains fix for CVE-2025-15504 Changelog: - Differentiate Mach-O FAT magic bytes and Java class - Fix MinGW compilation for some configuration - Fix alignment issue when rebuilding PE relocations - Fix infinite loop when processing v2 dynamic relocation - Ensure that added DYN ELF sections are properly aligned - Fix GnuHash null dereference - Fix strong performance issue when parsing certain Mach-O Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 91f6b85b36 --------------------------- python3-py: ignore CVE-2022-42969 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-42969 Upstream could not reproduce the issue. The vulnerability has currently the "disputed" flag in the NVD database, and Github has revoked their related advisory[1]. Ignore this CVE due to this. [1]: https://github.com/advisories/GHSA-w596-4wvx-j9j6 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: ecf359d256 --------------------------- python3-werkzeug: upgrade 3.1.4 -> 3.1.5 Contains fix for CVE-2026-21860 Changelog: - safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. - The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. - Fix AttributeError when initializing DebuggedApplication with pin_security=False. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 3cd47f72ad --------------------------- frr: patch CVE-2025-61099..61107 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61099 https://nvd.nist.gov/vuln/detail/CVE-2025-61100 https://nvd.nist.gov/vuln/detail/CVE-2025-61101 https://nvd.nist.gov/vuln/detail/CVE-2025-61102 https://nvd.nist.gov/vuln/detail/CVE-2025-61103 https://nvd.nist.gov/vuln/detail/CVE-2025-61104 https://nvd.nist.gov/vuln/detail/CVE-2025-61105 https://nvd.nist.gov/vuln/detail/CVE-2025-61106 https://nvd.nist.gov/vuln/detail/CVE-2025-61107 The NVD advisory refernces a PR[1] that contains only an unfinished, and ultimately unmerged attempt at the fixes. The actual solution comes from a different PR[2]. These patches are 3 commits from that PR. The last commit wasn't backported, because it is just code formatting. [1]: https://github.com/FRRouting/frr/pull/19480 [2]: https://github.com/FRRouting/frr/pull/19983 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: b8b3ab6048 --------------------------- freerdp3: upgrade 3.20.0 -> 3.20.2 Contains fixes for the following vulnerabilities: CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859 Changelogs: https://www.freerdp.com/2026/01/14/3_20_1-release https://www.freerdp.com/2026/01/14/3_20_2-release Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: dc2c6a514e --------------------------- raptor2: patch CVE-2024-57822 and CVE-2024-57823 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-57822 https://nvd.nist.gov/vuln/detail/CVE-2024-57823 Pick the patches mentioned in the github issue[1] mentioned in the NVD advisories (both of them are covered by the same issue) [1]: https://github.com/dajobe/raptor/issues/70 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 43dbdb9c57 --------------------------- python3-watchdog: Remove obsolete dependencies Python watchdog has removed all dependencies except optional `pyyaml` dependency for `watchmedo` utility, like follows [1]: * pathtools dependency was removed in 1.0.0 * python-argh dependency removed in 2.1.6 * requests was never a dependency * pyyaml only needed for extras (`watchmedo`) and may not be strictly necessary [1] https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst Signed-off-by: Tero Kinnunen Signed-off-by: Khem Raj --------------------------- Commit: cc0c4a6e34 --------------------------- python3-black: Upgrade 25.12.0 -> 26.1.0 Upgrade to release 26.1.0: Introduces the 2026 stable style, stabilizing the following changes: - always_one_newline_after_import: Always force one blank line after import statements, except when the line after the import is a comment or an import statement - fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations, such as def foo(): return "mock" # fmt: skip, where previously the declaration would have been incorrectly collapsed - fix_module_docstring_detection: Fix module docstrings being treated as normal strings if preceded by comments - fix_type_expansion_split: Fix type expansions split in generic functions - multiline_string_handling: Make expressions involving multiline strings more compact - normalize_cr_newlines: Add \r style newlines to the potential newlines to normalize file newlines both from and to - remove_parens_around_except_types: Remove parentheses around multiple exception types in except and except* without as - remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting - standardize_type_comments: Format type comments which have zero or more spaces between # and type: or between type: and value to # type: (value) The following change was not in any previous stable release: - Regenerated the _width_table.py and added tests for the Khmer language Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 65a66a5dde --------------------------- python3-pytokens: Add recipe Add pytokens release 0.4.0: - Various packaging and dev improvements - Just avoid using uv - Move setup.cfg to pyproject.toml - Use mypyc for compilation Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 525281669b --------------------------- blueprint-compiler: upgrade 0.18.0 -> 0.19.0 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: cc932562d4 --------------------------- liblognorm: upgrade 2.0.8 -> 2.0.9 - fix build issue on some platforms - guard compile pragma use - remove unneeded variable - fix memory leak when a custom type in rules does not match Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: b80cb54dc6 --------------------------- adcli: upgrade 0.9.2 -> 0.9.3.1 1. Add pkgconfig to solve following configure error: ../sources/adcli-0.9.3.1/configure: line 15340: syntax error near unexpected token `LIBSELINUX,' ../sources/adcli-0.9.3.1/configure: line 15340: `PKG_CHECK_MODULES(LIBSELINUX, libselinux, found_libselinux=yes, found_libselinux=no)' 2. Add PACKAGECONFIG[selinux] for new selinux support in 0.9.3.1. 3. Add 0001-configure.ac-Fix-selinux-error-for-cross_compiling.patch to fix SELINUX_MAKEFILE file check in 0.9.3.1. 4. Add --disable-offline-join-support to solve following configure error configure: error: Couldn't build offline join support, Samba version too old or libnatapi devel package is missing Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: a3b7809b38 --------------------------- xdg-desktop-portal-wlr: update 0.7.0 -> 0.8.1 Remove patch that downgraded gbm_bo_create_with_modifiers. Meanwhile gbm_bo_create_with_modifiers2 should be save to use? Fix to work with manpages class Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: b2766ba3ce --------------------------- python3-django: add recipe for version 6.0.1 New, non-LTS version. Release notes: https://github.com/django/django/blob/main/docs/releases/6.0.txt New features in a nutshell: - Content Security Policy support - Template Partials - Background Tasks - Adoption of Python's modern email API Ptest summary: Ran 18643 tests in 164.287s OK (skipped=1404, expected failures=5) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2106c5238c --------------------------- python3-django: consolidate dependencies in .inc file Django 4.2.x recipe has been deleted, the dependencies that were specific to version 5.x can be moved to the common .inc file. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 96392e8231 --------------------------- python3-django: add ptest support Execute the standard, non-selenium tests. The execution is on the slower side: on my idle machine, KVM enabled it takes a bit more than 2.5 minutes to execute it (executing tests with 4 threads parallel, 1/core, the default configuration). If the machine is under load, it easily grows to over 10 minutes. Added two backported patches for Django 5.2 to fix some tests that would otherwise fail: 0001-Fix-test_strip_tags-test.patch: tag stripping tests failed due to changed Python behavior 0001-fix-test_msgfmt_error_including_non_ascii-test.patch: tests were updated to work with msgfmt 0.25 Most of the skipped tests require some specific database backend (Postgres, MySQL, Oracle...) or are Selenium tests. The output is very long (the suite contains way over 15k tests), so I omit the example output here. The current summary (for v5.2.9): Ran 18121 tests in 140.891s OK (skipped=1394, expected failures=5) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: be4a258073 --------------------------- python3-django: drop recipe for version 4.2 Though the version is not EOL yet, it doesn't support the Python that comes with oe-core. The last version is supports is 3.12[1], however oe-core comes with Python 3.13. [1]: https://docs.djangoproject.com/en/6.0/faq/install/ Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5f21627f68 --------------------------- python3-tblib: add recipe Serialization library for Exceptions and Tracebacks. It is a runtime dependency for python3-django ptests. The ptests for this recipe run under a second. Sample output: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-15T19:37 BEGIN: /usr/lib/python3-tblib/ptest PASS: tests/test_issue30.py:test_30 PASS: tests/test_issue65.py:test_65 PASS: tests/test_perf.py:test_perf [...many passing lines...] PASS: tests/test_tblib.py:test_parse_traceback PASS: tests/test_tblib.py:test_large_line_number PASS: tests/test_tblib.py:test_pytest_integration ============================================================================ Testsuite summary DURATION: 1 END: /usr/lib/python3-tblib/ptest 2026-01-15T19:37 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 04370ef56c --------------------------- xdg-user-dirs: Fix packaing location of systemd unit file systemd_user_unitdir is the right variable to use Fixes ERROR: xdg-user-dirs-0.19-r0 do_package: QA Issue: xdg-user-dirs: Files/directories were installed but not shipped in any package: /usr/lib /usr/lib/systemd /usr/lib/systemd/user /usr/lib/systemd/user/xdg-user-dirs.service Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. xdg-user-dirs: 4 installed and not shipped files. [installed-vs-shipped] Signed-off-by: Khem Raj --------------------------- Commit: 27385bb7b2 --------------------------- gnome-settings-daemon: update 48.0 -> 49.1 PACKAGECONFIG for wayland,nm have been removed upstream PACKAGECONFIG for x11,xwayland have been added upstream Add a patch to fix reproducibility in gnome-settings-daemon-src ============ Version 49.1 ============ - Translation updates Power: - Avoid xext dependency Xsettings: - Build only if X11 or Xwayland are enabled ============ Version 49.0 ============ - Translation updates Power: - Avoid polling light sensor if ambient light setting is disabled ============= Version 49.rc ============= - Translation updates - Update to GNOME Session changes Power: - Fix check for shell-managed brightness - Refactor light sensor enablement A11y-settings: - Manage Orca lifetime =============== Version 49.beta =============== - Translation updates - Drop dependency on GTK4 - Add xwayland/x11 build options Power: - Do not treat all notifications as critical - Let backlight auto-dimming in control of GNOME Shell Housekeeping: - Add new donation reminder notification ================== Version 49.alpha.1 ================== Keyboard: - Drop keyboard bell GSettings schema leftovers ================ Version 49.alpha ================ - Translation updates - Update to GTK4 Power: - Use new Mutter backlight D-Bus interface Wacom: - Drop support to update per-button OLED screens in Wacom Intuos 4 model with descriptive actions. This tablet model will still be functional, but the tiny screens besides the pad buttons will remain blank. ============ Version 48.1 ============ - Translation updates - Cleanups and fixes Power: - Ensure the backlight interface signal gets emitted on startup - Avoid using uninitialized value when restoring brightness Sharing: - Fixes to shutdown of sharing services Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: c14b2ad4a9 --------------------------- gnome-session: update 47.0.1 -> 49.2 - update dependencies - inherit manpages mime - build x11 depending on DISTRO_FEATURES - rename packageconfig man->manpages to work with manpages class ============ Version 49.0 ============ - Translation updates - Fixed build with musl libc - Fixed some memory corruption bugs that led to gnome-session-init-worker crashing on logout - Fixed a memory leak in gnome-session-init-worker - Allowed Qt apps to use the Wayland text-input protocol, instead of forcing them to use the direct ibus integration plugin ============= Version 49.rc ============= - Disabled the org.freedesktop.ScreenSaver proxy service on the login screen - Separated out the systemd-specific code from the gnome-session leader process into a dedicated executable. This makes it easier to integrate distributions that use alternative init systems with gnome-session (though note that this is still a usecase we don't officially support upstream) - Translation updates =============== Version 49.beta =============== - gnome-session is no longer started via a shell script, and instead all of the necessary setup is done in C. - gnome-session's builtin service manager has been completely removed. Service management will now be handled entirely by the operating system's native service manager (i.e. systemd). See the following blog post for more information: https://blogs.gnome.org/adrianvovk/2025/06/10/gnome-systemd-dependencies - The "fail whale" dialog has been removed - Various unused APIs and interfaces were removed, including: - The org.gnome.SessionManager.Client and o.g.SM.App D-Bus interfaces - Various D-Bus APIs related to the service manager - Various .desktop and .session file keys that were used only by the builtin service manager - Fallback sessions, since there's no way to fall back anymore - The code was significantly refactored - gnome-session now provides a gnome-session-basic-services.target, that sessions like the GDM greeter and gnome-initial-setup can use to avoid listing all of the basic GNOME session services (like all the gnome-settings-daemon plugins) - The --autostart command line option was removed, and instead kiosk sessions should set Kiosk=true in their session definition file. - Updated GNOME's mimetype defaults to drop Evince (which was replaced with Papers) - Translation updates ================== Version 49.alpha.1 ================== Fix POTFILES to stop listing deleted files Stop requiring the gnome-settings-daemon Wacom plugin, which doesn't exist anymore Ensure that we start localsearch when starting a GNOME session via systemd Translation updates ================== Version 49.alpha.0 ================== Removed XSMP Removed session restore functionality X11 sessions are disabled by default Added a default mimeapps list for GNOME's core apps gsd-xsettings now starts on demand in Wayland Dropped gnome-dummy session Allow Inhibit() with no app ID Unset all LC_* variables that are bound to REGION Ported fail whale to gtk4 Dropped session selector GUI Dropped the hardware acceleration check gnome-session-inhibit: Propagate parent death gnome-session-inhibit: Fixup terminal handling Contributors: Benjamin Berg, Alessandro Bono, Matthias Clasen, gnome-build-meta-bot, Neal Gompa, Sophie Herold, Javier Jardón, Chris Mayo, Simon McVittie, Jordan Petridis, Ray Strode, Joan Torres, Adrian Vovk, Chris Williams Translators: Марко Костић [sr], Aefgh Threenine [th], A S Alam [pa], Baxrom Raxmatov [uz], Ekaterine Papava [ka], Martin [sl], Quentin PAGÈS [oc], Vasil Pupkin [be] ============ Version 48.0 ============ The gnome-session script no longer re-runs itself as a subprocess GNOME OS CI was ported to use a CI template Integrated new CI-based release process Fix bugs caused by systemd v257's inhibitor behavior changes Make `gnome-session --version` print to stdout rather than syslog Translation updates README updates Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 20a7a38e43 --------------------------- gdm: update 48.0 -> 49.2 - build x11 support depending on DISTRO_FEATURES - add runtime path for nologin to fix reproducibility - remove backport patch - use gtk4 49.2 ========== * Translation updates * Fixed bug that prevented X11 fallback whenever autologin fails * Introduced CI tests built around GNOME OS 49.1 ========== * Translation updates * Hotfixed a bug that leaves gnome-shell in a locked up state * Fixed implementation of userdb, so we don't list our users when asked about UID 0 (root) * Switched safety check that avoids accidentally deleting / and /home from an assertion to an error, so the check always runs even in production builds * Fixed bug where gnome-initial-setup's configuration (i.e. input methods) failed to migrate to the final user session * Fixed bug where GDM assumed that Wayland is unavailable if Xwayland wasn't installed on the system 49.0.1 ========== * Follow-up for permissions issue fix, making the fix work in more environments 49.0 ========== * Translation updates * Fix build failures when built without plymouth support * Fix permissions issue on the GDM work dir (/var/lib/gdm) that broke settings persistence 49.rc ========== * Translation updates * Fixed a bug in PAM config files, introduced by transition to dynamic users * Added logic to retry preferred display server (usually Wayland) before falling back (usually to X11) * Fixed a bug where Plymouth keeps running if not display is plugged into the system. This would prevent bootup from completing and would prevent the user from logging in on a serial console * Fixed GDM's session file loading logic to search directories in correct precedence order * Fix simpledrm device detection to match the kernel's new device naming scheme * Re-enabled X11 support by default. We found it difficult to cleanly separate GDM's ability to launch modern X11 sessions (which we intended to keep enabled in GNOME 49) from the rest of GDM's X11 integration (which we intended to disable but leave intact for GNOME 49). We still plan to remove GDM's full X11 integration in a future version, and leave only the ability to launch modern X11 sessions. * Worked around a regression introduced by the switch to dynamic users, where the login screen no longer persists any settings 49.beta ========== * Translation updates * Switch to using dynamic users for greeter sessions. This enables systemd-based session management on the greeter, removes GDM's dependency on dbus-daemon, and frees us to drop gnome-session's builtin service manager. * Adapt to changes in gnome-session 49, which dropped the builtin service manager code and now exclusively relies on systemd for session startup. This means that GDM now depends on gnome-session 49. 49.alpha.1 ========== * Drop dependency on Wacom g-s-d plugin [Jordan; !301] * Drop leftover udev rules [Alessandro; !299] * Fix warning when building without libxdmcp support [Florian; !300] * Add polkit rules to allow access to smartcards [David, !287] * Misc [Joan; !298] Contributors: Alessandro Astone, David Härdeman, Joan Torres López, Florian Müllner, Jordan Petridis Translators: Takayuki Kusano [ja], Aefgh Threenine [th] ================== Version 49.alpha.0 ================== - meson: Change x11-support default value to false - Disable Xorg session by default - udev: Drop disable_wayland overrides - Fix build with gcc 15 - Translation updates Contributors: Zbigniew Jędrzejewski-Szmek, Florian Müllner, Jordan Petridis, Ray Strode, Joan Torres, Adrian Vovk, Alynx Zhou Translators: Antonio Marin [ro], Baxrom Raxmatov [uz], Cheng-Chia Tseng [zh_TW], Andi Chandler [en_GB], Peter Mráz [sk], Rūdolfs Mazurs [lv] Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: e9624913ed --------------------------- xfce4-notifyd: upgrade 0.8.2 -> 0.9.4 Changelog: https://gitlab.xfce.org/apps/xfce4-notifyd/-/tags/xfce4-notifyd-0.9.4 Changelog: https://gitlab.xfce.org/apps/xfce4-notifyd/-/tags/xfce4-notifyd-0.9.3 Changelog: https://gitlab.xfce.org/apps/xfce4-notifyd/-/tags/xfce4-notifyd-0.9.2 Changelog: https://gitlab.xfce.org/apps/xfce4-notifyd/-/tags/xfce4-notifyd-0.9.1 Changelog: https://gitlab.xfce.org/apps/xfce4-notifyd/-/tags/xfce4-notifyd-0.9.0 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: 531e60c906 --------------------------- libjxl: allow native build Signed-off-by: Khem Raj --------------------------- Commit: b7e2956e40 --------------------------- highway: allow native build Signed-off-by: Khem Raj --------------------------- Commit: e8e6a1a829 --------------------------- libcoap: set CVE version suffix CVE metrics currently report CVE-2025-34468 as open. CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher version, however by default cve-check only compares numbers. Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 3e3f0eac0f --------------------------- open62541: update to v1.4 Use the latest commit from the 1.4 branch; the last 1.4 release was 3 months ago so it contains important fixes. - The contents of /usr/share/ are slightly different, so change the path slightly. - The new patch fixes the .pc file generation (it also ensures that there are no references to absolute paths in the .pc file which would need to be removed again). - PubSub information model is now enabled by default, add a new option to disable it (disabling only pubsub isn't enough). Signed-off-by: Johannes Kauffmann Signed-off-by: Khem Raj --------------------------- Commit: 121b5f89c8 --------------------------- libbxfce4windowing: switch to meson buildsystem Motivation for this is to get vapi files created which are required to e.g. build the budgie desktop -Add PACKAGECONFIG for x11 and build depending on DISTRO_FEATURES -Build vala by default Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 24e14063f5 --------------------------- libxfce4windowing: upgrade 4.20.4 -> 4.20.5 Changelog: https://gitlab.xfce.org/xfce/libxfce4windowing/-/tags/libxfce4windowing-4.20.5 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: bdff8df409 --------------------------- grpc: Upgrade to 1.76.0 Backport a fix to build with latest gcc and clang Signed-off-by: Khem Raj --------------------------- Commit: 60c3b8fb4f --------------------------- nodejs: Make prune_sources execute at do_patch phase Fixes: ERROR: nodejs-22.21.1-r0 do_patch: Applying patch '0001-deps-disable-io_uring-support-in-libuv.patch' on target directory '/build/tmp/work/core2-32-poky-linux/nodejs/22.21.1/sources/node-v22.21.1' CmdError('quilt --quiltrc /build/tmp/work/core2-32-poky-linux/nodejs/22.21.1/recipe-sysroot-native/etc/quiltrc push', 0, "stdout: Applying patch 0001-deps-disable-io_uring-support-in-libuv.patch can't find file to patch at input line 27 The sources which related to libuv as deps/uv/ are removed in prune_sources when depends on libuv. So postpone prune_sources execute at do_patch phase to fix the gap. Signed-off-by: Mingli Yu Signed-off-by: Khem Raj --------------------------- Commit: bc312fe13b --------------------------- adcli: Fix OECONF Remove "--disable-static" as it's not needed for default option. ./configure --help --enable-static[=PKGS] build static libraries [default=no] Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 0bb156371e --------------------------- nodejs: upgrade 22.21.1 -> 22.22.0 This is the December 2025 security release that the nodejs team released January 13, 2026. 3 high severity issues. 4 medium severity issues. 1 low severity issue. High priority fixes: CVE-2025-55131 CVE-2025-55130 CVE-2025-59465 Medium priority fixes: CVE-2025-59466 CVE-2025-59464 CVE-2026-21636 * CVE-2026-21637 Low priority fixes: CVE-2025-55132 * note that this medium priority CVE only effects Nodejs v25. https://nodejs.org/en/blog/vulnerability/december-2025-security-releases Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: 589f461dbf --------------------------- re2: Upgrade to 2025.11.05 release Update fixes: | /home/flk/bitbake-builds/poky/build/tmp/work/corei7-64-poky-linux/re2/2024.03.01/sources/re2-2024.03.01/re2/prog.h:25:1: note: 'memchr' is defined in header ''; this is probably fixable by adding '#include ' | 24 | #include "re2/sparse_set.h" | +++ |+#include Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 5e234700b9 --------------------------- imagemagick: add packageconfigs for raw,jxl,heic Dont add them by default Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 3729c20b69 --------------------------- qpdf: upgrade 12.2.0 -> 12.3.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9ced05b9d9 --------------------------- python3-virtualenv: upgrade 20.35.4 -> 20.36.1 Changelog: ============== - fix: resolve TOCTOU vulnerabilities in app_data and lock directory creation - fix: Prevent NameError when accessing _DISTUTILS_PATCH during file overwrite - Upgrade pip and fix 3.15 picking old wheel - fix: wrong path on migrated venv - test_too_many_open_files: assert on errno.EMFILE instead of strerror - fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 - fix: resolve EncodingWarning in tox upgrade environment - Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 - Add support for PEP 440 version specifiers in the --python flag. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a724174ae8 --------------------------- python3-tomli: upgrade 2.3.0 -> 2.4.0 Changelog: =========== - Add TOML v1.1.0 compatibility - Add binary wheels for Windows arm64 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 67972a72ec --------------------------- python3-starlette: upgrade 0.50.0 -> 0.51.0 Changelog: ============== - Add allow_private_network in CORSMiddleware - Increase warning stacklevel on DeprecationWarning for wsgi module Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 88dc78a457 --------------------------- python3-pywbemtools: upgrade 1.3.0 -> 1.3.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: b51cdb7f01 --------------------------- python3-pystemd: upgrade 0.14.0 -> 0.15.1 Changelog: ========== - Add wait_for_activation parameter to pystemd.run to wait only for service activation without blocking until completion - Document cwd and wait_for_activation parameters in pystemd.run - Drop support for Python 3.6-3.10, now requires Python 3.11+ - Add unit property and unit_name to TransientUnitProcess for easy access to the running unit - Change development tooling to use uv for package management - Change lint/format stack from black/mypy to ruff/pyrefly - Add a lot of typing Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 719fba40ee --------------------------- python3-pymongo: upgrade 4.15.5 -> 4.16.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 950e4abfc9 --------------------------- python3-pyasyncore: upgrade 1.0.4 -> 1.0.5 Changelog: =========== - Make sure tests/__init__.py is included in sdist - Fix compatibility with pytest - Explicitly tag Python 3.14 compatibility Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 355668de1d --------------------------- python3-pyais: upgrade 2.14.0 -> 2.15.0 Changelog: AISTracker.update now accepts raw sentences as well as decoded messages Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ceb26ff276 --------------------------- python3-pikepdf: upgrade 10.1.0 -> 10.2.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f6a4aee942 --------------------------- python3-ipython: upgrade 9.8.0 -> 9.9.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 23be3d56d1 --------------------------- python3-alembic: upgrade 1.17.2 -> 1.18.0 License-Update: copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: d06825b105 --------------------------- openfortivpn: upgrade 1.24.0 -> 1.24.1 Changelog: fix regression where the 'plugin' was not passed to pppd Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ec8cdac89c --------------------------- nautilus: upgrade 49.2 -> 49.3 Changelog: ========= - Don't waste resources on images with extreme dimensions - Consider thumbnailing finished at correct time - Redraw view when screen scale factor changes - Fix potential outdated view item usage - Correctly close mime type program chooser dialog Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6a358195b0 --------------------------- libcloudproviders: upgrade 0.3.6 -> 0.4.0 Changelog: =========== * Add dependencies to the pkg-config file * Replace gtk-doc with gi-docgen * Require meson 1.9.0 * Plug tiny memory leaks and reduce memory footprint of the library Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 062fb8ae3d --------------------------- lcms: upgrade 2.17 -> 2.18 Changelog: ============ - Add an extra check for completeness only. - Fix a signed integer overflow which could trigger a FPE_INTOVF - Fix Microsoft'2 MHC2 private tag - Added projects for XCode 26 & Visual Studio 2026 - Added documentation for PCS illuminants and chromatic adaptation - Check for a possible out-of-bounds in softproofing transforms when using cmsCreateExtendedTransform - Fix for a out-of-bound read, issue #522 - Add an extra check for out-of-bounds read when misusing a support function - avoid divide by zero, special case from spec. notes on CAM02 - Fix CGATS parser bug when number has a "+" sign - Fix a typo when handling a special case for BPC - Fixed a loss of precision when Lab16 is used as input color space on integer transforms - Fixes hypotetical corrupted pointer in non-happy path. Cannot happen in real world - Fix a theoretical memory leak. - Add support of localized descriptions in v2 profiles for MacOS - Mark some tables as const - Make the param of cmsCreateLab4Profile() to refer to the media white instead of the illuminant - fix a warning in unit tests - Remove redundant check. Fixes #497 - Update autotools - fix plugins soname + add oklab to transicc (experimental) - meson: ability to disable .so.version libraries - Fix black point detection when using darker colorant. - testcms2.c: Fix incorrect string comparisons - Fix CICp tag size. - Fix broken linkicc - meson: Bump minimum Meson version to 0.52 for visibility:hidden - meson: Disable unused fs import - Add a guard against a wrong use of flags - Fix for #469 heap buffer overflow on convert_utf16_to_utf32() Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: e182774685 --------------------------- eog: upgrade 47.0 -> 49.1 Changelog: ============ - Fix frequent crashes when with gdk-pixbuf 2.44 - Add image/avif to the MimeType list in the .desktop - appdata: Add missing developer name - Set prgname to application ID - data: Rename appdata to metainfo and use rDNS app id - metadata: Hide unreachable help URL - desktop: Add more keywords - content type to mime type conversion - Official website has been retired - org.gnome.eog.desktop should list image/heic as MimeType - Segfault SIGSEGV when switching images Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 3d0353b00e --------------------------- doxygen: upgrade 1.15.0 -> 1.16.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 4493b8fd56 --------------------------- ctags: upgrade 6.2.20260104.0 -> 6.2.20260111.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 38bceffeae --------------------------- abseil-cpp: upgrade 20250814.1 -> 20260107.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 88ae17fd8f --------------------------- python3-libevdev: Upgrade 0.12 -> 0.13.1 Add ptest and upgrade to release 0.13.1: - pyproject.toml: add pytest as dev dependency - Import Self from type_checking if needed to be compat with 3.9 - CI: run pytest via uv - CI: test against multiple python versions Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 0c94f27fda --------------------------- python3-huey: Upgrade 2.5.5 -> 2.6.0 Upgrade to release 2.6.0: - "Modernize" build system to use pyproject.toml and github actions. Fixes: WARNING: python3-huey-2.6.0-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: ded508de23 --------------------------- python3-filelock: Upgrade 3.20.2 -> 3.20.3 Upgrade to release 3.20.3: - Fix TOCTOU symlink vulnerability in SoftFileLock Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 7a273013c7 --------------------------- python3-aenum: Upgrade 3.1.15 -> 3.1.16 Upgrade to release 3.1.16: - standardized handling of negative numbers in flags - support dictionary-like key access to NamedTuple - remove newer setup.py option include_package_data Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 50f0473ee1 --------------------------- python3-pylint: Upgrade 4.0.3 -> 4.0.4 Upgrade to release 4.0.4: - Fixed false positive for ``invalid-name`` where module-level constants were incorrectly classified as variables when a class-level attribute with the same name exists. - Fix a false positive for ``invalid-name`` on an UPPER_CASED name inside an ``if`` branch that assigns an object. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 66454fe57f --------------------------- frr: upgrade 10.5.0 -> 10.5.1 ChangeLog: https://github.com/FRRouting/frr/releases/tag/frr-10.5.1 Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 993fc63f43 --------------------------- tumbler: upgrade 4.20.0 -> 4.20.1 Changelog: https://gitlab.xfce.org/xfce/tumbler/-/tags/tumbler-4.20.1 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: 764f459fef --------------------------- xdg-user-dirs: upgrade 0.18 -> 0.19 1. Changelog Features: * Add a systemd service to run xdg-user-dirs-update * Add initial Meson buildsystem support Bugfixes: * Fix autopoint invocation Miscellaneous: * Updated translations * Update automake boilerplate * Update information in README 2. Add pkgconfig to solvo following configure error: ../sources/xdg-user-dirs-0.19/configure: line 9319: syntax error near unexpected token `systemd,' ../sources/xdg-user-dirs-0.19/configure: line 9319: `PKG_CHECK_EXISTS(systemd,' Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 6ad8b50af8 --------------------------- python3-google-auth: upgrade 2.45.0 -> 2.47.0 1. Changelog https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md 2. Drop 0001-make-the-TLS-tests-skip-when-pyopenssl-isn-t-availab.patch as it was merged upstream. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: 584e70ca72 --------------------------- gtksourceview*: fix build issue related to S Source code for gtksourceview will be unpacked to a directory called 'gtksourceview-${PV}'. But as the recipes have added part of PV to the name of the recipe the default setting of variable S will be wrong. This is fixed by explicitly setting it. Fixing issues like: WARNING: gtksourceview3-3.24.11-r0 do_unpack: gtksourceview3: the directory ${UNPACKDIR}/${BP} (/gtksourceview3/3.24.11/sources/gtksourceview3-3.24.11) pointed to by the S variable doesn't exist - please set S within the recipe to point to where the source has been unpacked to WARNING: gtksourceview3-3.24.11-r0 do_populate_lic: Could not copy license file /gtksourceview3/3.24.11/sources/gtksourceview3-3.24.11/COPYING to /gtksourceview3/3.24.11/license-destdir/corei7-64/gtksourceview3/COPYING: [Errno 2] No such file or directory: '/gtksourceview3/3.24.11/sources/gtksourceview3-3.24.11/COPYING' ERROR: gtksourceview3-3.24.11-r0 do_populate_lic: QA Issue: gtksourceview3: LIC_FILES_CHKSUM points to an invalid file: /gtksourceview3/3.24.11/sources/gtksourceview3-3.24.11/COPYING [license-checksum] ERROR: gtksourceview3-3.24.11-r0 do_populate_lic: Fatal QA errors were found, failing task. WARNING: gtksourceview4-4.8.4-r0 do_unpack: gtksourceview4: the directory ${UNPACKDIR}/${BP} (/gtksourceview4/sources/gtksourceview4-4.8.4) pointed to by the S variable doesn't exist - please set S within the recipe to point to where the source has been unpacked to ERROR: gtksourceview4-4.8.4-r0 do_patch: Applying patch '0001-remove-pointless-check.patch' on target directory '/gtksourceview4/4.8.4/sources/gtksourceview4-4.8.4' WARNING: gtksourceview5-5.18.0-r0 do_unpack: gtksourceview5: the directory ${UNPACKDIR}/${BP} (/gtksourceview5/5.18.0/sources/gtksourceview5-5.18.0) pointed to by the S variable doesn't exist - please set S within the recipe to point to where the source has been unpacked to WARNING: gtksourceview5-5.18.0-r0 do_populate_lic: Could not copy license file /gtksourceview5/5.18.0/sources/gtksourceview5-5.18.0/COPYING to /gtksourceview5/5.18.0/license-destdir/corei7-64/gtksourceview5/COPYING: [Errno 2] No such file or directory: '/gtksourceview5/5.18.0/sources/gtksourceview5-5.18.0/COPYING' ERROR: gtksourceview5-5.18.0-r0 do_populate_lic: QA Issue: gtksourceview5: LIC_FILES_CHKSUM points to an invalid file: /gtksourceview5/5.18.0/sources/gtksourceview5-5.18.0/COPYING [license-checksum] ERROR: gtksourceview5-5.18.0-r0 do_populate_lic: Fatal QA errors were found, failing task. Signed-off-by: Peter Bergin Signed-off-by: Khem Raj --------------------------- Commit: e071ea3c65 --------------------------- btop: update 1.4.5 -> 1.4.6 Disable build-testing for now, as this would require 'googletest' dependency v1.4.6 References | Description | Author(s) Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 0b2deaab02 --------------------------- acpitool: update SRC_URI The old SRC_URI stopped working (its certificate expired), and the recipe defaulted to OE mirrors. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 4fdeb484c2 --------------------------- gnome-keyring: set CVE_PRODUCT The underscores and hyphens in the product name are used randomly in the CVE database: sqlite> select * from PRODUCTs where vendor = 'gnome' and product like '%keyr%'; CVE-2012-3466|gnome|gnome-keyring|3.4.0|=|| CVE-2012-3466|gnome|gnome-keyring|3.4.1|=|| CVE-2012-6111|gnome|gnome_keyring|3.2|=|| CVE-2012-6111|gnome|gnome_keyring|3.4|=|| CVE-2018-19358|gnome|gnome-keyring|||3.28.2|<= CVE-2018-20781|gnome|gnome_keyring|||3.27.2|< Set CVE_PRODUCT so that both versions are matched. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 29a272744a --------------------------- xerces-c: set CVE_PRODUCT The related CVEs are tracked with "xerces-c\+\+" (sic). See CVE db query: sqlite> select vendor, product, count(*) from PRODUCTs where product like '%xerces%' group by 1, 2; apache|xerces-c\+\+|29 apache|xerces-j|2 apache|xerces2_java|3 redhat|xerces|3 Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: e0f86a4a7f --------------------------- lmdb: patch CVE-2026-22185 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22185 Pick the patch that is mentioned as a solution in the related upstream bug[1]. [1]: https://bugs.openldap.org/show_bug.cgi?id=10421 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2a78ad8813 --------------------------- boinc-client: mark CVE-2013-2018 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2013-2018 According to oss-security email[1], version 7.0.45 included the fixes[2][3][4] [1]: https://www.openwall.com/lists/oss-security/2013/04/29/11 [2]: https://github.com/BOINC/boinc/commit/6e205de096da83b12ffb2f0183b43e51261eb0c4 [3]: https://github.com/BOINC/boinc/commit/e8d6c33fe158129a5616e18eb84a7a9d44aca15f [4]: https://github.com/BOINC/boinc/commit/ce3110489bc139b8218252ba1cb0862d69f72ae3 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2f1d7a8597 --------------------------- influxdb: ignore CVE-2024-30896 As mentioned in the comment[1], vulnerability is in /api/v2/authorizations API which only exists in 2.x, 1.x is not affected. Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30896 [1] https://github.com/influxdata/influxdb/issues/24797#issuecomment-2514690740 Signed-off-by: Ankur Tyagi Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 52c747c540 --------------------------- python3-aiodns: Upgrade 3.6.1 -> 4.0.0 Upgrade to release 4.0.0: - Added new query_dns() method returning native pycares 5.x DNSResult types - Deprecated query() method - still works with backward-compatible result types - Deprecated gethostbyname() method - use getaddrinfo() instead - Added compatibility layer for pycares 4.x result types to ease migration - Updated dependencies Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: c18c531c88 --------------------------- python3-pycares: Upgrade 4.11.0 -> 5.0.1 Upgrade to release 5.0.1: - Use Literal for type - Use CMake for compiling c-ares - Move project metadata to pyproject.toml - Remove gethostbyname - Remove getsock - Replace ares_{get,set}servers with ares_{get,set}_servers_csv - Remove ares_init and ares_mkquery, they are unused - Make c-ares thread-safety mandatory - Migrate API to c-ares' dnsrec variants - Build wheels in parallel - Update bundled c-ares to v1.34.6 - Make callback a mandatory kwarg-only argument - Return bytes data for TXT records - Add support for TLSA, HTTP and URI queries - Remove event_thread option, make it implicit - Fix IDNA 2008 test Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 4ca56224e6 --------------------------- python3-langtable: Upgrade 0.0.68 -> 0.0.69 Upgrade to release 0.0.69: - Add Georgian console fonts - Add Adlm script to SN - Add dra, Tutg, ath, cmc, Cham, tai - Remove License classifier (license tag with SPDX license expression is already there) Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: d58da103e1 --------------------------- python3-identify: Upgrade 2.6.13 -> 2.6.15 Upgrade to release 2.6.15: - Add .piskel extension - Fix: make PKGBUILD files a superset of .bash - [pre-commit.ci] pre-commit autoupdate Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 9b77eae698 --------------------------- opencv: upgrade 4.12.0 -> 4.13.0 1.Changelogs https://github.com/opencv/opencv/wiki/OpenCV-Change-Logs#version4130 2.Remove following patches as they have been merged in upstream. 27691.patch 0001-Renamed-templated-BlocksCompensator-feed-method-to-e.patch 3.After upgrading to 4.13.0, WITH_KLEIDICV is ON as default in aarch64, so build kleidicv along with openCV in aarch64. Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: f6506e8a65 --------------------------- menulibre: fix do_install failed Use pip 25.3 to install failed ... Traceback (most recent call last): File "menulibre-2.4.0/setup.py", line 245, in DistUtilsExtra.auto.setup( ~~~~~~~~~~~~~~~~~~~~~~~~~^ name='menulibre', ^^^^^^^^^^^^^^^^^ ...<12 lines>... cmdclass={'install': InstallAndUpdateDataDirectory} ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ) ^ File "recipe-sysroot-native/usr/lib/python3.13/site-packages/DistUtilsExtra/auto.py", line 98, in setup __requires(attrs, src_all) ~~~~~~~~~~^^^^^^^^^^^^^^^^ File "recipe-sysroot-native/usr/lib/python3.13/site-packages/DistUtilsExtra/auto.py", line 471, in __requires __add_imports(imports, s, attrs) ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^ File "recipe-sysroot-native/usr/lib/python3.13/site-packages/DistUtilsExtra/auto.py", line 405, in __add_imports if alias.name and __external_mod(cur_module, alias.name, attrs): ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "recipe-sysroot-native/usr/lib/python3.13/site-packages/DistUtilsExtra/auto.py", line 377, in __external_mod return 'dist-packages' in mod.__file__ or 'site-packages' in mod.__file__ or \ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: argument of type 'NoneType' is not iterable ... Refer [1] to correct one line in setup.py [1] https://github.com/epoptes/epoptes/commit/81be63961a428728601df6f442490638df3bd263 Signed-off-by: Hongxu Jia Signed-off-by: Khem Raj --------------------------- Commit: 3b5492f57f --------------------------- nng: add ptest Ptest results on genericx86-64 BSP: $ run-ptest PASS: compat_block PASS: compat_bug777 PASS: compat_bus PASS: compat_cmsg PASS: compat_device PASS: compat_iovec PASS: compat_msg PASS: compat_options PASS: compat_pair PASS: compat_pipeline PASS: compat_poll PASS: compat_reqrep PASS: compat_reqttl PASS: compat_shutdown PASS: compat_survey PASS: compat_surveyttl PASS: cplusplus_pair PASS: device PASS: files FAIL: httpclient PASS: httpserver PASS: inproc PASS: ipc PASS: ipcsupp PASS: multistress PASS: nonblock PASS: options PASS: pipe PASS: pollfd PASS: reqctx PASS: reqstress PASS: scalability PASS: synch PASS: tcp PASS: tcp6 PASS: tcpsupp PASS: tls PASS: ws PASS: wss The httpclient case attempts to retrieve the Content-Length field from HTTP header of http://example.com/, but because the site uses chunked transfer encoding, the Content-Length field is not present, leading to an assertion failure. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 31de060b48 --------------------------- boinc-client: set CVE_PRODUCT The relevant CVEs are tracked with underscore in their name. See CVE db query: sqlite> select vendor, product, count(*) from PRODUCTs where product like '%boinc%' group by 1, 2; berkeley|boinc_client|2 berkeley|boinc_forum|1 universityofcalifornia|boinc_client|165 universityofcalifornia|boinc_server|5 Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 4da079d7f5 --------------------------- asyncmqtt: set CVE_PRODUCT The CVEs are tracked with an underscore in the product name: sqlite> select * from PRODUCTs where product like '%async%mq%'; CVE-2025-65503|redboltz|async_mqtt|10.2.5|=|| This patch sets the correct CVE_PRODUCT. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 5d3936d5dd --------------------------- nginx: ignore CVE-2025-53859 for 1.28.1 Fix is included via commit [1]. [1] https://github.com/nginx/nginx/commit/fbbbf189dadf3bd59c2462af68c16f2c2874d4ee Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: 264d8acc92 --------------------------- libsodium: patch CVE-2025-69277 Pick patch per [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-69277 Signed-off-by: Peter Marko Signed-off-by: Khem Raj --------------------------- Commit: a1b9e6e4f2 --------------------------- libcanberra: add runtime recommendation for sound-theme-freedesktop Required to actually play event sounds Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 9e55e9f115 --------------------------- nng: upgrade 1.7.3 -> 1.11 ChangeLog: https://github.com/nanomsg/nng/releases/tag/v1.11 https://github.com/nanomsg/nng/releases/tag/v1.10 https://github.com/nanomsg/nng/releases/tag/v1.9.0 https://github.com/nanomsg/nng/releases/tag/v1.8.0 Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: 60e60fed31 --------------------------- nanomsg: add ptest Ptest results: $ run-ptest PASS: async_shutdown PASS: block PASS: bug328 PASS: bug777 PASS: bus PASS: cmsg PASS: device PASS: device4 PASS: device5 PASS: device6 PASS: device7 PASS: domain PASS: emfile PASS: hash PASS: inproc PASS: inproc_shutdown PASS: iovec PASS: ipc PASS: ipc_shutdown PASS: ipc_stress PASS: list PASS: msg PASS: pair PASS: pipeline PASS: poll PASS: prio PASS: pubsub PASS: reqrep PASS: reqttl PASS: separation PASS: shutdown PASS: stats PASS: survey PASS: surveyttl PASS: symbol PASS: tcp PASS: tcp_shutdown PASS: term PASS: timeo PASS: trie PASS: ws PASS: ws_async_shutdown PASS: zerocopy Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: fea43ed974 --------------------------- nanomsg: upgrade 1.2.1 -> 1.2.2 ChangeLog: https://github.com/nanomsg/nanomsg/releases/tag/1.2.2 Drop 0001-allow-build-with-cmake-4.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --------------------------- Commit: b891bc7cac --------------------------- python3-filelock: add ptest support The tests take <15s to execute. Sample output: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-09T18:00 BEGIN: /usr/lib/python3-filelock/ptest PASS: tests/test_async_filelock.py:test_simple[a-str-AsyncUnixFileLock] PASS: tests/test_async_filelock.py:test_simple[a-str-AsyncSoftFileLock] PASS: tests/test_async_filelock.py:test_simple[a-PurePath-AsyncUnixFileLock] PASS: tests/test_async_filelock.py:test_simple[a-PurePath-AsyncSoftFileLock] PASS: tests/test_async_filelock.py:test_simple[a-Path-AsyncUnixFileLock] PASS: tests/test_async_filelock.py:test_simple[a-Path-AsyncSoftFileLock] [...many lines...] PASS: tests/test_filelock.py:test_mtime_zero_exit_branch[SoftFileLock-TimeoutError] PASS: tests/test_filelock.py:test_mtime_zero_exit_branch[UnixFileLock-PermissionError] PASS: tests/test_virtualenv.py:test_virtualenv ============================================================================ Testsuite summary DURATION: 10 END: /usr/lib/python3-filelock/ptest 2026-01-09T18:00 STOP: ptest-runner TOTAL: 1 FAIL: 0 (There are 20 Windows-only tests, which are skipped) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 9291faa919 --------------------------- python3-send2trash: add ptest support The tests take less than a second to execute. The current source distribution is missing a test file, which I added with a patch. The problem is already solved by upstream just not tagged yet - the patch can be dropped with the next update. Sample output: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-09T17:11 BEGIN: /usr/lib/python3-send2trash/ptest SKIP: tests/test_plat_win.py:tests/test_plat_win.py # SKIP Skipping windows-only tests PASS: tests/test_plat_other.py:test_trash PASS: tests/test_plat_other.py:test_multitrash PASS: tests/test_plat_other.py:test_trash_bytes PASS: tests/test_plat_other.py:test_trash_unicode PASS: tests/test_plat_other.py:test_trash_topdir PASS: tests/test_plat_other.py:test_trash_topdir_fallback PASS: tests/test_plat_other.py:test_trash_topdir_failure PASS: tests/test_plat_other.py:test_trash_symlink PASS: tests/test_script_main.py:test_trash PASS: tests/test_script_main.py:test_no_args ============================================================================ Testsuite summary DURATION: 1 END: /usr/lib/python3-send2trash/ptest 2026-01-09T17:11 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 0ccf384c90 --------------------------- libcanberra: update 0.30 -> 0.30-19 Lennart Poettering stopped maintaining libcanberra over a decade ago but it is still maintained by the debian gnome-team. Most notable improvement is that building the libcanberra-gtk3-module doesn't depend on gtk2 anymore and thus libcanberra isn't dependent on x11 to build support for gtk3 - fetch source from salsa.debian.org, use git for it - remove outdated patches - dont build gtk+ module by default anymore - simplify packaging Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 56f4b30c99 --------------------------- python3-gcovr: Upgrade 8.3 -> 8.5 Upgrade to release 8.5: Breaking changes: - The option --lcov-test-name doesn't accept values with spaces anymore. - The option --lcov-format-1.x is deprecated and mapped to --lcov-format-version=1.x. - Changes to HTML templates. New features and notable changes: - Due to added support for LLVM source based code coverage format some configuration file keys got changed. The old gcov named options are still supported but they also affect the LLVM toolchain. Bug fixes and small improvements: - Fix coveralls report if there are several coverage elements per line. - Fix not excluded conditions if branches are excluded by comments. - Fix reported excluded branches in LCOV report. - Fix exclusion filter --gcov-exclude. - Add --json-trace-data-source to include the trace data source in the JSON report independent from --verbose. - Remove generated gcov files on error and catch additional gcov error message. - Change default HTML theme excluded line color. - Move theme colors to a separate CSS file so they can be overridden with a simple --html-template-dir directory with only the style.colors.css file. - Fix regular expression for detecting a version mismatch between gcc and gcov. - Improve logging messages for GCOV execution errors to not print information twice and add trace messages for gcov execution. - Fix handling of lines after function specialization. - Improve performance by changing logging messages (level and lazy interpolation). - Fix text report for covered decisions. - Fix runtime problem introduced with 8.4. - Fix wrong entries in data source attribute of JSON report. - Fix nested HTML report without coverage data. - Add warning if coverage data is empty. - Add warning if function lines are missing in external generated GCOV files. - Extend support for zipped reports. If last suffix is .xz then LZMA is used to compress the report. - Fix function exclusion in report generation. - Do not ignore lines without functions, e.g. from inlined code. - Ignore all whitespaces instead of only spaces for detection of noncode lines. - Add support for temporary merging line coverage objects without modifying the data model. - Change internal behavior of --exclude-function-lines to exclude the line of function definition instead of removing it completely. - Ensure that all functions have a line coverage element in LCOV report. License-Update: Update years Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 988b5182c9 --------------------------- python3-xmlschema: Upgrade 4.2.0 -> 4.3.0 Upgrade to release 4.3.0: - Add arguments validation for schemas and validation methods (by validation contexts) - Add custom XPath parser for find/findall/iterfind APIs on schemas for match singleton sequence also if position is a number greater than 1 in predicate expression - Improve build of XSD elements and groups, using a three-state built flag for components - Extend and fix memory tests (Python 3.14+ seems to consume more memory) - Drop support for Python 3.9 and add development support for Python 3.15 License-Update: Update years Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 26ef11eac6 --------------------------- python3-fsspec: Upgrade 2025.5.1 -> 2025.12.0 Upgrade to release 2025.12.0: - fsspec.parquet to support filters and multiple files - passing withdirs in aync _glob() - fix _rm_file/_rm redirection in async - allow arrowFile to be seekable - add size attribute to arrowFile - support py3.14 and drop 3.9 - avoid ruff warning Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: bcfeba2a13 --------------------------- python3-typer: Upgrade 0.21.0 -> 0.21.1 Upgrade to release 0.21.1: - Fix escaping in help text when rich is installed but not used. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 3ee544e759 --------------------------- python3-twitter: mark CVE-2012-5825 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2012-5825 The Debian bugtracker[1] indicated that the issue is tracked by upstream in github[2] (with a difference CVE ID, but same issue), where the vulnerability was confirmed. Later in the same github issue the solution is confirmed: the project switched to use the requests library, which doesn't suffer from this vulnerability. Due to this mark the CVE as patched. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692444 [2]: https://github.com/tweepy/tweepy/issues/279 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: a5ee234b8c --------------------------- python3-uvicorn: mark CVE-2020-7694 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2020-7694 The vulnerability was reported to the project[1], and the commit[2] that resolved the issue has been part of the project since version 0.11.7. Mark the CVE as patched due to this. [1]: https://github.com/Kludex/uvicorn/issues/723 [2]: https://github.com/Kludex/uvicorn/commit/895807f94ea9a8e588605c12076b7d7517cda503 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 93671dd613 --------------------------- python3-reportlab: mark CVE-2020-28463 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2020-28463 According to Debian[1] it has been fixed since version 3.5.55[2] Mark is as patched. [1]: https://security-tracker.debian.org/tracker/CVE-2020-28463 [2]: https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 6e936626cb --------------------------- libcereal: set CVE_PRODUCT The relevant CVEs are associated with usc:cereal CPE. See CVE db query: sqlite> select * from PRODUCTS where PRODUCT like '%cereal%'; CVE-2020-11104|usc|cereal|||1.3.0|<= CVE-2020-11105|usc|cereal|||1.3.0|<= Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: ba92b3d7ac --------------------------- xfce4-settings: rename libcanberra rrecommends Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 4a81111ba2 --------------------------- gnome-disk-utility: remove outdated patch Dont remove libcanberra dependency. Meanwhile it can be built without pulling in gtk2 Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: baa3cc3df0 --------------------------- python3-aiohttp: upgrade 3.13.2 -> 3.13.3 Changelog:https://docs.aiohttp.org/en/stable/changes.html Signed-off-by: Jiaying Song Signed-off-by: Khem Raj --------------------------- Commit: b14d44612a --------------------------- fex: uodate 2511 -> 2601 FEX Release FEX-2601 ARM64Emitter Force NOP padding to be enabled (9e8915e) Arm64Emitter Initial work for LoadConstant padding audit (d582356) BranchOps Use RIP relocs for direct branch targets (c57df73) CMake Move CMakeModules to Data/CMake (651ef64) Fix mingw if host has libxxhash-dev installed (900c179) Support overriding version/hash via CMake args (19d3450) CodeCache Fix misparenthesized expression in SaveData() (9101e70) Rebase block entrypoint info (5747d1c) Make LoadData Thread argument an optional pointer (bc069f2) Implement automatic cache generation (eb425fe) Implement runtime cache validation (93f6a8c) Trigger delayed cache loading for the main executables and its interpreter (71c8436) Implement cache loading (ec67670) Common Use LOCALAPPDATA for GetCacheDirectory on WOW64/ARM64EC (499970d) Config Remove stdout from OutputLog (e1c6a91) Dispatcher Silence warning on ARM64EC (9a12868) FEXCore Cleanup pointers structure (b29a78c) Fixes circular dependency with thunk callback (5627ddf) Switch constant emission to default to NoPad (2b4492c) Revert literal optimization from #4884 (da46d51) FEXOfflineCompiler Implement SyscallHandler::LookupExecutableFileSection (5ca549e) FEXServer Add protocol interface to request code cache population (805a4c1) Frontend Only decode REX if it is at the correct location (c8d72ea) Also fetch relocations and section bounds when validating (0a18ea8) ImageTracker Load AOT images (a3779be) Load PE relocations when generating code caches (b87bb1d) Support codemap file generation (c54dfd9) Track loaded PE images for LookupExecutableFileSection (212a3f4) Interpreter Moves around the thread and ELF initialization code (ed1d495) JIT Fixes typo (c4258be) LinuxSyscalls x32 Fixes fcntl assert (6c06f47) LookupCache Fix mistake in nested CacheBlockMapping call (a957f1f) OpcodeDispatcher Explicitly calculate flags after _TelemetrySetValue (281981e) Relocations Disable 6-byte size optimization in InsertGuestRIPMove (c7eb4c8) Switch to robin_map to improve lookup perf (4889596) SHMStats Avoid ISB usage when stats are disabled (6a49b8c) Scripts Have InstallFEX check kernel version (b407688) Steam Don't let the FEXServer inherit FEXServerManager's original stdout (53925dc) Syscalls Fix DEBUG_STRACE printing (e859109) Thunks Vulkan Update for v1.4.337 (668e027) Tools pidof Fixes FEXpidof after #5097 (7e4e017) VDSO Forgot to remove a if check (144c4bf) WOW64 Lock the JIT context and block suspend during context operations (a25d90d) WinAPI Implement Sleep (37b0e9e) Windows Improve handling of RWX memory (d592e2a) Invalidate code in freed memory after the free syscall (cb7de45) Fix RtlWaitOnAddress signature (f098b41) Implement _[w]sopen file APIs (f819999) Introduce ImageTracker for tracking per-loaded-image data (dc764db) Switch GetSection/ExecutableFilePath to returning full paths (956f97e) Split out CRT/WinAPI reimplementation (ebdbf58) WritePriorityMutex Add some more documentation (9fa8148) Fix rare case of dropped read waiter wakes (ce9824a) Misc [cmake] explicit platform and bit-width checks (dbd802c) [cmake] more parenthesis cleanups, linker gc module, more same-line stuff (1f6b3d5) [cmake] refactor: compiler and architecture handling (51f6722) [cmake] better option descriptions + more consistent language (9c0c969) Constant audit (fd2ee4e) _Constant audit (851fbae) First round of LoadConstant auditing (5bbbe4d) [cmake] Use a Find module for xxhash (5a47565) [cmake] do not use uppercase command names (f24f88e) [cmake] reduce usage of trivial variables (0edf961) [cmake] prefer end parenthesis on same line, no space after some calls (b41b967) [cmake] FEXCore: further reduce library redundancy (f153d86) [cmake] propagate -ISource to all Tools (bd8f6f1) [cmake] use MINGW builtin rather than custom detection (7cdef04) Some minor NFC (974ba78) Guest relocation support (fef1993) Various trivial fixes for #5106 (296988b) code-format-helper: Update urllib3 dependency (2e2563a) github steamrt4 Additional comments (bf9ab7f) unittests ASM Adds test for flags clobber in TelemetrySetValue (eb27576) Test 32-bit displacement encoding (d197300) FEXLinuxTests Fix gcc build (fedebf4) Force clang building for tests (62383a1) Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 15aca0b2fa --------------------------- raptor2: set CVE_PRODUCT All relevant CVEs are files against these CPEs. See CVE db query (zediious vendor is not relevant): sqlite> select * from PRODUCTs where PRODUCT like '%raptor%' and vendor <> 'symantec' and product <> 'velociraptor'; CVE-2012-0037|librdf|raptor|||2.0.7|< CVE-2017-18926|librdf|raptor_rdf_syntax_library|2.0.15|=|| CVE-2020-25713|librdf|raptor_rdf_syntax_library|2.0.15|=|| CVE-2023-49078|zediious|raptor-web|0.4.4|=|| CVE-2024-57822|librdf|raptor_rdf_syntax_library|||2.0.16|<= CVE-2024-57823|librdf|raptor_rdf_syntax_library|||2.0.16|<= Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 2b499660d0 --------------------------- pavucontrol: update 5.0 -> 6.2 - switch to meson buildsystem - pavucontrol now requires gtk4 and thus requires gpu acceleration - remove patch. Meanwhile libcanberra is optional and build doesn't fail without anymore - pavucontrol was migrated from intltool to gettext - add packageconfigs for libcanberra and lynx to have both disabled by default Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: 3a57e52745 --------------------------- xfce4-pulseaudio-plugin: unbreak build with pavucontrol6 'pavucontrol-6' requires gtk4 and thus also needs gpu acceleration Only recommend to install pavucontrol if it would run - remove x11 from DISTRO_FEATURES. There's no direct dependency on it - add PACKAFECONFIG for libcanberra Signed-off-by: Markus Volk Signed-off-by: Khem Raj --------------------------- Commit: ddaf5e0f39 --------------------------- imlib2: upgrade 1.12.5 -> 1.12.6 Changelog: ========== - Y4M loader: add support for 10-bit 4:4:4 - Y4M loader: add support for 10-bit 4:2:2 - Y4M loader: add example for 8-bit mono - Y4M loader: add support for 10-bit mono - Y4M loader: fix support for full-range mono - Y4M loader: fix support for odd dimensions - Y4M loader: add support for 12/14/16-bit mono - test/images: Remove intermediate generated file - imlib2_view: Set title - imlib2_view: Scale image when resizing window - imlib2_view: A couple of fixes to previous commit - test_load_2: Add new y4m test images - test_load_2: Add more new y4m test images - test_load_2: Add more new y4m test images - autofoo: Use AM_LIBTOOLFLAGS, not LIBTOOLFLAGS - gradients: Fix rendering of gradients in larger images - imlib2_conv: Fix constness warning - gradients: Better gradients with angles - Compile cleanly with -Wdouble-promotion - XPM loader: Add missing progress callback on incomplete image data Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a524aaddac --------------------------- libsdl3: upgrade 3.2.28 -> 3.2.30 Changelog: https://github.com/libsdl-org/SDL/releases/tag/release-3.2.30 Signed-off-by: Liu Yiding Signed-off-by: Khem Raj --------------------------- Commit: bedcf6d226 --------------------------- xfce4-session: upgrade 4.20.0 -> 4.20.3 | checking for glib-compile-resources... configure: error: could not find glib-compile-resources. Fix configure failure by adding to EXTRA_OECONF parameters. ERROR: xfce4-session-4.20.2-r0 do_package: QA Issue: xfce4-session: Files/directories were installed but not shipped in any package: /usr/share/xfce4 /usr/share/xfce4/labwc /usr/share/xfce4/labwc/labwc-environment /usr/share/xfce4/labwc/labwc-rc.xml Update FILES to fix QA error. Changelog: https://gitlab.xfce.org/xfce/xfce4-session/-/tags/xfce4-session-4.20.3 Changelog: https://gitlab.xfce.org/xfce/xfce4-session/-/tags/xfce4-session-4.20.2 Changelog: https://gitlab.xfce.org/xfce/xfce4-session/-/tags/xfce4-session-4.20.1 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj --------------------------- Commit: b92c4e249b --------------------------- python3-h2: remove ptest execution deadline Hypothesis Python module applies a 200ms default timeout value on the tests, that can be violated too easily in qemu without kvm support. Hypothesis however also has a feature, that in case it is running in a CI environment, it expects that the host has more load, and it removes this deadline. To switch to the CI profile and relax the execution timeouts, this patch defines the "CI" environment variable in the run-ptest script. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 63ae47a70d --------------------------- libjxl: Fix build error with arm and musl Build fails for qemuarm with musl with following error: /build/tmp/work/cortexa15t2hf-neon-poky-linux-musleabi/libjxl/0.11.1/sources/libjxl-0.11.1/lib/jxl/convolve_separable5.cc | error: out of range pc-relative fixup value Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: 30942cebe8 --------------------------- mozjs-128: Fix build error with arm and musl Build fails for qemuarm with musl with following error: mozglue/misc/StackWalk.o: in function `unwind_callback(_Unwind_Context*, void*)': | /usr/src/debug/mozjs-128/128.5.2/mozglue/misc/StackWalk.cpp:810:(.text._ZL15unwind_callbackP15_Unwind_ContextPv+0x4): undefined reference to `_Unwind_GetIP' Referenced commit[1] for the fix, also refreshed patches. [1] https://github.com/OSSystems/meta-browser/commit/bb8662912354dae13634c0ec35c3803c344b1e72 Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj --------------------------- Commit: 38119992d8 --------------------------- python3-bleak: upgrade 2.0.0 -> 2.1.1 1. Changelog: https://github.com/hbldh/bleak/blob/v2.1.1/CHANGELOG.rst 2. Skip integration tests in ptest After upgrade to 2.1.1, a new test set integration was added. https://github.com/hbldh/bleak/tree/v2.1.1/tests/integration According to the description, the tests need kernel module hci_vhci, but hci_vhci is disabled in yocto, so skip these tests. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ba6468f7a0 --------------------------- python3-m2crypto: mark CVE-2020-25657 as patched Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657 The commit[1] that fixes the vulnerability has been part of the package since version 0.39.0 [1]: https://git.sr.ht/~mcepl/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: b46a5452a1 --------------------------- python3-m2crypto: ignore CVE-2009-0127 Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127 The vulnerability is disputed[1] by upstream: "There is no vulnerability in M2Crypto. Nowhere in the functions are the return values of OpenSSL functions interpreted incorrectly. The functions provide an interface to their users that may be considered confusing, but is not incorrect, nor it is a vulnerability." [1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 8f67ff2a34 --------------------------- tcpdump: upgrade 4.99.5 -> 4.99.6 add-ptest.patch refreshed for 4.99.6 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: a778ae59d9 --------------------------- spdlog: upgrade 1.16.0 -> 1.17.0 License-Update: updated contributors. Changelog: ========== - Bump bundled {fmt} library to 12.1.0 - Fix the %z formatter (UTC offset): - Windows: Replaced implementation for better accuracy and speed - FreeBSD: Fixed incorrect implementation - Fixed issue where the offset was not displaying as +00:00 when the formatter was configured to show UTC time. - Removed unreliable fallback for Unix systems lacking tm_gmtoff. If compilation fails on such platforms, use SPDLOG_NO_TZ_OFFSET=ON (%z will display +??:?? instead of compilation error). - Set CMAKE_BUILD_TYPE only in top-level project - Change access scope for ANSI target_file_ from private to protected - Fix UWP detection - Fix include in tcp_client.h to avoid compilation failures - Tests: Fix unit tests to respect default level names - Docs: Fix misleading comment in blocking_queue header - Fix sign-compare warning - Fix sign conversion warnings in qt_sinks.h Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 08302db298 --------------------------- rtorrent: upgrade 0.16.5 -> 0.16.6 Features --------- Added timestamp helper commands Use separate thread for saving session data Run multiple session save requests in parallel Changed magnet metadata handling and added 'magnet.path.set' Optimizations ------------- Use map rather than vector for Poll tables Bug Fixes ----------- Convert IPv4in6 addresses to IPv4 in outgoing handshakes Force clear bitfield ranges of downloads that get hashed Use CURLOPT_CLOSESOCKETFUNCTION to properly handle libcurl closing sockets before CURL_POLL_REMOVE Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 7db6f31b0f --------------------------- python3-types-psutil: upgrade 7.1.1.20251122 -> 7.2.1.20251231 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 65ed8861f7 --------------------------- python3-pillow: upgrade 12.0.0 -> 12.1.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 1b8c883667 --------------------------- python3-nocaselist: upgrade 2.1.0 -> 2.2.0 Changelog: https://nocaselist.readthedocs.io/en/2.2.0/changes.html Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 6a9c1e9114 --------------------------- python3-nocasedict: upgrade 2.1.0 -> 2.2.0 Changelog: https://nocasedict.readthedocs.io/en/2.2.0/changes.html Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 9206e31273 --------------------------- python3-moteus: upgrade 0.3.96 -> 0.3.97 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 86cabd1603 --------------------------- python3-marshmallow: upgrade 4.1.2 -> 4.2.0 Changelog: many argument of Nested properly overrides schema instance value. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0997a483e7 --------------------------- nbdkit: upgrade 1.46.0 -> 1.47.1 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0fbbddd537 --------------------------- libtracefs: upgrade 1.8.2 -> 1.8.3 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 72a9807f37 --------------------------- libtorrent: upgrade 0.16.5 -> 0.16.6 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 0991466b1e --------------------------- libsdl3-image: upgrade 3.2.4 -> 3.2.6 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: d7d45f20ef --------------------------- libmbim: upgrade 1.33.1 -> 1.34.0 Changelog: ========== * Build: ** New "-Dmbim_groupname=" meson build option to restrict MBIM kernel device access to a given Unix group and root. The access check works in parallel to the "-Dmbim_username" option; passing either check allows access to the kernel device (eg, logical OR). * New Intel AT Tunnel service, including the following operations: * MBIM_CID_INTEL_AT_TUNNEL_AT_COMMAND * Extended the SMS service: * MBIM_CID_SMS_CONFIGURATION now supports notifications * mbimcli: ** New '--sms-query-configuration' and '--sms-query-message-store-status' actions ** New '--atds-query-rat' and '--atds-query-operators' actions Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 60106a8990 --------------------------- libio-socket-ssl-perl: upgrade 2.095 -> 2.096 Changelog: - Allow stacking TLS layers with SSL_usebio This also allows LWP (after patches) to access https site through TLS enabled proxy Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 8142a5dad4 --------------------------- libdbd-sqlite-perl: upgrade 1.76 -> 1.78 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: be1b0daac0 --------------------------- gpsd: upgrade 3.27.2 -> 3.27.3 Changelog: Fix API major value. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: ebf2be3435 --------------------------- fping: upgrade 5.4 -> 5.5 Changelog: =========== - New option -J / --json for JSON output. See doc/fping-json.md for the JSON schema. This feature is still in alpha and the schema might change in future releases - The -g, --generate option now also supports IPv6 addresses - New option --seqmap-timeout to control the time after which sequence numbers can be used again - Fix OpenBSD sprintf() warning - Fix fallback to SO\_TIMESTAMP if SO\_TIMESTAMPNS is not available - When reading target names from file or standard input, lines longer than the static buffer are no longer interpreted as more than one line - Typo fix in error message when SO\_BINDTODEVICE fails - Options --print-tos and --print-ttl now also work for IPv6, and no longer require privileges - Report received ICMPv6 error messages - Suppress duplicate reports in count mode with -q, --quiet or -Q, --squiet - Switch to alpine-based multi-stage Docker build to reduce image size and improve build performance; add OpenContainers-compatible labels - Print receive ping moved to new functions - Avoid unsigned overflow when determining the memory size to save response times on systems where size\_t is the same as unsigned int - Document the new minimum value for the -p option - Fix build without IPv6 support - Fix debug build use of dbg_printf in fping.c - Remove MacOS-specific test for -I option - GitHub Actions fixes - Fix measurement of time for timed reports (-Q) to start after DNS name resolution. - Updated autoconf from 2.71 to 2.72 - Updated automake from 1.16.5 to 1.18.1 - Updated libtool from 2.4.6 to 2.5.4 - Implemented verification of autotools tarballs in Github actions. - Implemented stricter flag value checking (e.g. -c 10xyz is not accepted anymore). Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: f0db676880 --------------------------- ddrescue: upgrade 1.29.1 -> 1.30 Changelog: =========== * Replace pass 5 of copying with a sweeping phase after trimming. * New option '-N, --no-sweep' to disable reading of skipped areas. Reassign short name '-N' from option '--no-trim' to '--no-sweep'. * main.cc. Make '--size=output' use the size of outfile. (do_rescue): Make '-x 0' extend outfile to size of infile. * main_common.cc (strtoll_): New function accepting underscores. * rescuebook.cc (fcopy_non_tried, rcopy_non_tried): Limit pass 2 to blocks adjacent to a finished block. (Delimit bad area as a whole). (trim_errors): Trim only edges adjacent to a finished block. Initial skip size now defaults to (infile_size / 32_768). Only retrim blocks adjacent to a non-tried or finished block. (update_rates): Don't force update of a_rate, c_rate, ts. (Rescuebook): Estimate remaining time from last 60 seconds. * genbook.cc (format_time), loggers.cc (format_time_dhms): Add years. * loggers.cc (Event_logger): Add finished_size, a_rate, read errors. * ddrescuelog.cc: New option '-H, --make-test'. * ddrescue.texi: Document rescue with lziprecover's recovery record. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: af8315f17b --------------------------- ctags: upgrade 6.2.20251130.0 -> 6.2.20260104.0 Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --------------------------- Commit: 38eaab2241 --------------------------- python3-waitress: add ptest support It takes <10s to execute. Some (54) tests are not compatible with musl[1] - due to this the tests are on the problem-list. Sample output snippet: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-07T09:57 BEGIN: /usr/lib/python3-waitress/ptest PASS: tests.test_adjustments.TestAdjustments.test_bad_port PASS: tests.test_adjustments.TestAdjustments.test_badvar PASS: tests.test_adjustments.TestAdjustments.test_default_listen [...many lines...] PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_in_disconnected PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_not_in_disconnected PASS: tests.test_wasyncore.Test_write.test_gardenpath PASS: tests.test_wasyncore.Test_write.test_non_reraised PASS: tests.test_wasyncore.Test_write.test_reraised ============================================================================ Testsuite summary \# TOTAL: 783 \# PASS: 775 \# SKIP: 8 \# XFAIL: 0 \# FAIL: 0 \# XPASS: 0 \# ERROR: 0 DURATION: 7 END: /usr/lib/python3-waitress/ptest 2026-01-07T09:57 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --------------------------- Commit: 096f14d0b9 --------------------------- modemmanager: upgrade 1.22.0 -> 1.24.2 Changelog: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/blob/mm-1-24/NEWS Signed-off-by: Viswanath Kraleti Signed-off-by: Khem Raj --------------------------- Commit: bf2fa106d6 --------------------------- libqmi: upgrade 1.34.0 -> 1.38.0 Changelog: https://gitlab.freedesktop.org/mobile-broadband/libqmi/-/blob/qmi-1-38/NEWS Signed-off-by: Viswanath Kraleti Signed-off-by: Khem Raj --------------------------- Commit: b6ddf00e8c --------------------------- python3-termcolor: Upgrade 3.2.0 -> 3.3.0 Upgrade to release 3.3.0: - Add support for italic - can_colorize: Expect fileno() to raise OSError, as documented Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 312155a7d6 --------------------------- python3-behave: Upgrade 1.3.2 -> 1.3.3 Upgrade to release 1.3.3: - FIXED: Broke Python 2.7 support Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: d2501971b2 --------------------------- python3-astroid: Upgrade 4.0.2 -> 4.0.3 Upgrade to release 4.0.3: - Fix inference of IfExp (ternary expression) nodes to avoid prematurely narrowing results in the face of inference ambiguity. - Fix base class inference for dataclasses using the PEP 695 typing syntax. Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 5ff2ec190a --------------------------- python3-anyio: Upgrade 4.12.0 -> 4.12.1 Upgrade to release 4.12.1: - Changed all functions currently raising the private NoCurrentAsyncBackend exception (since v4.12.0) to instead raise the public NoEventLoopError exception - Fixed anyio.functools.lru_cache not working with instance methods Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 7721e7a6fc --------------------------- python3-bumble: Upgrade 0.0.220.bb -> 0.0.221 Upgrade to release 0.0.221: - Cancel l2cap connection result future on abort - Implement extended advertising emulation - Rust: Fix cargo-all-features to 1.11.0 - L2CAP Enhanced Retransmission mode - Add some docs about Android and Hardware - bump pdl dependencies versions - android-netsim transport enhancements - Upgrade GitHub Actions for Node 24 compatibility - Upgrade GitHub Actions to latest versions - GATT: fix redefinition of GATT_CONTENT_CONTROL_ID_CHARACTERISTIC - Remove unused imports - Fix missing type hints on Device.notify_subscribers() - L2CAP: Enhanced Credit-based Flow Control Mode - use ruff for linting and import sorting - hot fix: remove unused import - Ruff: Add and fix UP rules - add support for multiple concurrent broadcasts - Add EATT Support - Fix some typos and annotations Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 254f1285e8 --------------------------- net-snmp: Update to 5.9.5.2 5.9.5.1: * Only a version numbering fix. 5.9.5.2: * Fix an issue with needing limits.h included. Signed-off-by: Peter Kjellerstedt Signed-off-by: Khem Raj --------------------------- Commit: bc8066fd7f --------------------------- python3-fastapi: Upgrade 0.124.4 -> 0.128.0 Upgrade to release 0.128.0: - Drop support for pydantic.v1 - Run performance tests only on Pydantic v2 Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 656bbf2c70 --------------------------- python3-networkx: Upgrade 3.6 -> 3.6.1 Upgrade to release 3.6.1: API Changes - Add spectral bipartition community finding and greedy bipartition using node swaps Enhancements - Nodelists for from_biadjacency_matrix - Add spectral bipartition community finding and greedy bipartition using node swaps - Fix draw_networkx_nodes with list node_shape and add regression test Bug Fixes - Fix: allow graph subclasses to have additional arguments Documentation - DOC: Improve benchmarking readme - DOC: More details re: RC releases in the release process devdocs - DOC: clarify difference between G.nodes/G.nodes() and G.edges/G.edges() in tutorial - DOC: Add blurb to contributor guide about drawing tests - DOC: Fix underline lens in docstrings - Rolling back shortest paths links Maintenance - MAINT: Replace string literal with comment - Bump actions/checkout from 5 to 6 in the actions group - pin python 3.14 to be version 3.14.0 until dataclasses are fixed - Blocklist Python 3.14.1 Other - TST: add tests for unsupported graph types in MST algorithms - TST: clean up isomorphism tests Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 382e4de7d8 --------------------------- python3-brotli: Upgrade 1.1.0 -> 1.2.0 Upgrade to release 1.2.0: SECURITY - python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan) Added - decoder/encoder: added static initialization to reduce binary size - python: allow limiting decoder output (see SECURITY section) - CLI: brcat alias; allow decoding concatenated brotli streams - kt: pure Kotlin decoder - cgo: support "raw" dictionaries - build: Bazel modules Removed - java: dropped finalize() for native entities Fixed - java: in compress pass correct length to native encoder Improved - build: install man pages - build: updated / fixed / refined Bazel buildfiles - encoder: faster encoding - cgo: link via pkg-config - python: modernize extension / allow multi-phase module initialization Changed - decoder / encoder: static tables use "small" model (allows 2GiB+ binaries) Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: 768a039171 --------------------------- python3-parse-type: Upgrade 0.6.3 -> 0.6.6 Upgrade to release 0.6.6: - Disable setuptools-scm: Too many side-effects Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --------------------------- Commit: b248542954 --------------------------- python3-pyro5: Upgrade 5.15 -> 5.16 Upgrade to release 5.16: - project going into super low maintenance mode, I don't plan on working on it any longer unless nasty bugs are reported. - properties can now be a streaming generator too - loopCondition is relayed from start_ns_loop() to its daemon - removed Python 3.8 and 3.9 from the support list (they are EOL). Now supported on Python 3.10 or newer. - docs: clarify @expose on a class not automatically exposing base class(es). Signed-off-by: Leon Anavi Signed-off-by: Khem Raj ## meta-raspberrypi --------------------------- Commit: 9720dc6 --------------------------- yocto-builder/entrypoint-build.sh: Remove init configuration The init configuration is usually taken care of by setting INIT_MANAGER and systemd is the default since: https://git.openembedded.org/openembedded-core/commit/?id=0b4061c5d50261f826d0edb4b478d2d305274b7c so none of this should be needed, hopefully it will fix CI runs which currently fail with: https://github.com/agherzan/meta-raspberrypi/actions/runs/23234236947/job/67698405693 ERROR: Nothing PROVIDES 'systemd' (but /tmp/tmp.aSbUL7oQb7/openembedded-core/meta/recipes-core/psplash/psplash_git.bb DEPENDS on or otherwise requires it) systemd was skipped: conflicting distro feature 'sysvinit' (in DISTRO_FEATURES) NOTE: Runtime target 'psplash' is unbuildable, removing... Missing or unbuildable dependency chain was: ['psplash', 'systemd'] ERROR: Required build target 'rpi-test-image' has no buildable providers. Missing or unbuildable dependency chain was: ['rpi-test-image', 'psplash', 'systemd'] Summary: There was 1 WARNING message. Summary: There were 2 ERROR messages, returning a non-zero exit code. But I don't see where sysvinit would be getting into DISTRO_FEATURES here. Signed-off-by: Martin Jansa --------------------------- Commit: 1e4a992 --------------------------- layer.conf: Update to wrynose release series Changed in: https://git.openembedded.org/openembedded-core/commit/?id=cd1179544d74026c99a4938824146cec4f5acfca Signed-off-by: Martin Jansa --------------------------- Commit: 046a238 --------------------------- rpidistro-ffmpeg: upgrade to latest upstream, 7.1.13 Upgrade rpidistro-ffmpeg to the latest upstream, some changes were made in the recipe to better match the OE recipe of the same version, x264 disabled by default due to cyclic dependency Signed-off-by: Gijs Peskens --------------------------- Commit: cc66524 --------------------------- rpidistro-ffmpeg: Fix compilation on Whinlatter Backport ffmpeg patch fixing assembler syntax Signed-off-by: Gijs Peskens --------------------------- Commit: e00b8ea --------------------------- rpidistro-vlc: Fix compilation on Whinlatter Various backports (i.e.: taglib), casts, etc. to fix compilation on Whinlatter against rpidistro-ffmpeg (upstream ffmpeg changes not backported) Signed-off-by: Gijs Peskens --------------------------- Commit: b9d649e --------------------------- Fix compilation of RPI-Userland on Whinlatter Imports patch also used in Buildroot Signed-off-by: Gijs Peskens ## meta-rauc --------------------------- Commit: 5e1db9d --------------------------- openssl-ca.sh: remove unused variable Signed-off-by: Trevor M <45127883+tream2001@users.noreply.github.com> --------------------------- Commit: 9d33476 --------------------------- layer.conf: set LAYERSERIES_COMPAT to 'wrynose' This follows openembedded-core master commit cd117954 ("layer.conf: Update to wrynose "). We have a dedicated 'whinlatter' branch and don't intend to test and maintain compatibility with whinlatter on master. Thus just replace it. Signed-off-by: Enrico Jörns --------------------------- Commit: 745cb82 --------------------------- linux-yocto: add needed options for squashfs support Without CONFIG_MISC_FILESYSTEMS the kernel will lack support for squashfs even though CONFIG_SQUASHFS is already enabled in the config fragment, as the CONFIG_SQUASHFS option is only available with CONFIG_MISC_FILESYSTEMS enabled and will otherwise be silently dropped during config merging. Signed-off-by: Daniel Wagenknecht Signed-off-by: Enrico Jörns --------------------------- Commit: f00fed1 --------------------------- rauc-target.inc: refactor logic for determining "bootloader tool" dependency When using a custom mechanism for communication with the bootloader, but still with U-Boot as the actual bootloader, it may be inappropriate for this to inject an rdepends on u-boot-fw-utils. So instead of an anonymous python function which unconditionally appends to RDEPENDS:${PN}, create an overridable variable RAUC_BOOTLOADER_RDEPENDS which can be set empty or even better to the package actually providing the userspace side of the custom mechanism. Signed-off-by: Rasmus Villemoes --------------------------- Commit: b614931 --------------------------- bundle.bbclass: drop obsolete clean before fetch We have observed occasional errors during do_fetch: ERROR: bundle-dev-1.0-r0 do_fetch: CalledProcessError(1, ['rm', '-rf', '[..]/build/tmp/work/x86-oe-linux/bruker-bundle-dev/1.0']) ERROR: Task ([..]/recipes-core/bundles/bundle-dev.bb:do_fetch) failed with exit code '1' The line in question is probably a remnant of f8f0589 classes: bundle: move manifest writing to do_unpack which moved functionality from do_fetch to do_unpack Signed-off-by: Torben Hohn Signed-off-by: Thomas Albrecht --------------------------- Commit: d8d5566 --------------------------- bundle.bbclass: add support for 'emptyfs' image type This image type[1] is special, since it does not allow providing a filename. [1] https://rauc.readthedocs.io/en/latest/reference.html#supported-image-types Signed-off-by: Lars Schmidt Signed-off-by: Enrico Jörns --------------------------- Commit: 31b3591 --------------------------- bundle.bbclass: create image type in manifest This adds the [imagetype] varflag, which allows specifying the explicit image 'type=' manifest option as supported since RAUC v1.15 [1][2]. Unfortunately, the more intuitive [type] varflag is already leveraged by the meta-rauc internal recipe-handling heuristic. The explicit image 'type=' option allows replacing the previously used filename extension–based detection of the image type, which is then (together with the slot type) used to select the appropriate slot update handling method. [1] https://github.com/rauc/rauc/releases/tag/v1.15 [2] https://rauc.readthedocs.io/en/latest/reference.html#image-sections Signed-off-by: Lars Schmidt Signed-off-by: Enrico Jörns --------------------------- Commit: f2e763d --------------------------- dt-utils: add udev as runtime dependency for barebox-state At least barebox-state actually requires udev rules to be available at runtime since its device resolution relies on udev names and symlinks. Signed-off-by: Enrico Jörns --------------------------- Commit: 7f271fe --------------------------- dt-utils: add PACKAGECONFIG option for barebox-state This is more for documentation and follow-up runtime dependency handling. Note that dt-utils 2023.11 cannot actually be build with -Dbarebox-state=false due to missing conditionals in meson.build. Signed-off-by: Enrico Jörns --------------------------- Commit: fb86757 --------------------------- dt-utils: switch from autotools to meson dt-utils supports meson since v2023.08.0 already. So switch to it instead of using ancient autotools. The only difference is that the meson-based package doesn't install any headers, yet. But since dt-utils is rarely used as a library, thus should be fine for now. Signed-off-by: Enrico Jörns --------------------------- Commit: 2343a55 --------------------------- dt-utils: remove .inc remnant from recipe merge All its content but the file itself wasn't deleted in ea8eeae4 ("dt-utils: merge .bb with .inc"). Signed-off-by: Enrico Jörns --------------------------- Commit: 3d4a466 --------------------------- README.rst: fix typo Signed-off-by: Fabian Pflug --------------------------- Commit: d0bac6c --------------------------- bundle.bbclass: add support for encrypting bundles Add support for encrypting bundles after creating them. This requires the usage of the "crypt" bundle format and a recipient certificate for encrypting the signed bundle manifest. To encrypt the bundle, set RAUC_ENCRYPTED_CRYPT_BUNDLE to 1 and RAUC_RECIPIENTS_CERT_FILE to the path of the recipient certificate, as well as the keyring: RAUC_ENCRYPTED_CRYPT_BUNDLE ?= "1" RAUC_RECIPIENTS_CERT_FILE ?= "path/to/recipient-certs.pem" RAUC_KEYRING_FILE ?= "path/to/ca.cert.pem" The encrypted bundle will be deployed with the prefix "encrypted-" in the DEPLOY_DIR. Note, that the bundle with the unencrypted manifest is also still being deployed and can be used for manual encryption for other recipients as well. Signed-off-by: Martin Schwan --------------------------- Commit: c319a46 --------------------------- python3-gbulb: remove recipe With commit 1a9a22d ("rauc-hawkbit: remove recipe and references") the only reference we had to the python3-gbulb package went away, which means we can now safely remove it. This is a good thing, because the upstream repository was archived in 2024 and deprecated in favour of PyGObject. Signed-off-by: Leonard Göhrs --------------------------- Commit: a0db357 --------------------------- .github/workflows/build: run yocto-check-layer This is useful for maintaining layer quality and compatibility according to Yocto Project compatible requirements. Signed-off-by: Enrico Jörns --------------------------- Commit: d9f66ec --------------------------- casync: mark as excluded from world builds casync is no longer actively maintained and is only an optional component for RAUC. Exclude it from world builds to avoid pulling in several additional layer dependencies such as meta-filesystems, meta-networking, meta-oe and meta-python. Signed-off-by: Enrico Jörns --------------------------- Commit: 1a9a22d --------------------------- rauc-hawkbit: remove recipe and references Also remove the references in documentation, CI, etc. The project was mainly intended for demo purposes and has been archived since 2022. If you intend to use RAUC with hawkBit, consider using the C-based rauc-hawkbit-updater project instead [1]. A recipe for it is available in this layer. If you still need the Python-based rauc-hawkbit client, please copy the recipe into your own layer. [1] https://github.com/rauc/rauc-hawkbit-updater Signed-off-by: Enrico Jörns --------------------------- Commit: d004ffa --------------------------- README: replace walnascar build status badge with whinlatter Signed-off-by: Enrico Jörns --------------------------- Commit: c135de5 --------------------------- .github/workflows/schedule-builds: replace walnascar by whinlatter walnascar has reached end-of-life. Update the scheduled builds to use whinlatter, the latest stable Yocto Project release. Signed-off-by: Enrico Jörns --------------------------- Commit: 18c253c --------------------------- drop SRCPV from recipes SRCPV is deprecated since nanbield and can safely be removed. https://docs.yoctoproject.org/dev/migration-guides/migration-4.3.html#versioning-changes Signed-off-by: Enrico Jörns --------------------------- Commit: f74404a --------------------------- Add SECURITY.md Document how to report security vulnerabilities. Signed-off-by: Enrico Jörns --------------------------- Commit: b60b073 --------------------------- casync: update to latest master Note that this adds only two commits to the master branch since the latest changes in 2022. The current release is still from 2017, which strongly indicates that the project is actually dead. Signed-off-by: Enrico Jörns --------------------------- Commit: 96d6e24 --------------------------- bundle.bbclass: add support for 'none' type when no file is needed RAUC has supported omitting the filename when an 'install' slot hook is used since commit 8a9c9213 ("src: support omitting filename when 'install' slot hook is used"), introduced in RAUC v1.6 [1]. However, this use case has not been supported by bundle.bbclass and previously required workarounds using dummy files to satisfy file expectations. This commit introduces a new 'none' type that: - Does not require a reference recipe name - Skips generating dependencies - Omits the 'filename' field in the manifest - Avoids copying any image file This allows cleaner integration when no actual image file is needed. [1] rauc/rauc@8a9c9213 Signed-off-by: Enrico Jörns Signed-off-by: Lars Schmidt Signed-off-by: Enrico Jörns --------------------------- Commit: 3c09bf5 --------------------------- bundle.bbclass: use bb.fatal for parsing error It does not make sense to proceed parsing for unparseable manifests. This also avoids repeated error messages. Signed-off-by: Enrico Jörns --------------------------- Commit: e70bbfe --------------------------- bundle.bbclass: refactor: move unrelated flags out of image handling Move processing of 'hooks', 'adaptive', and 'convert' varflags before any image-specific logic to keep those separated. This improves readability and maintainability and adds the possibility to skip image handling in cases where a slot does not contain any image. Signed-off-by: Lars Schmidt --------------------------- Commit: e2686d3 --------------------------- bundle.bbclass: refactor: remove local 'img_fstype' variable The local variable 'img_fstype' was only used once when constructing the image fallback variable. Its value is now read directly at the point of use to simplify the code and improve readability. Signed-off-by: Lars Schmidt --------------------------- Commit: cb113e2 --------------------------- bundle.bbclass: fix vardeps handling for RAUC_BUNDLE_HOOKS Adding RAUC_BUNDLE_HOOKS to 'vardeps' was made to properly rebuild the manifest if the hooks configuration in the recipe changes. However, in the current implementation, the RAUC_BUNDLE_HOOKS variable is never used itself. It only serves for specifying the [file] and [hooks] varflags. But bitbake (at least currently) does not seem to include a variables varflags into the signature generation. As a result, the added vardep on RAUC_BUNDLE_HOOKS is completely useless. Testing showed that explicitly adding the variable with their varflag works. Thus we use this mechanism instead. While at it, also move this out of the anonymous python block (which isn't really required here) to improve parsing. Signed-off-by: Enrico Jörns --------------------------- Commit: d165fef --------------------------- linux-yocto: add support for dm-crypt into kernel config To support encrypted bundles, device mapper crypto support is required. Add CONFIG_DM_CRYPT=y and CONFIG_CRYPTO_AES=y according to documentation [1]. [1] https://rauc.readthedocs.io/en/latest/integration.html#kernel-configuration Signed-off-by: Andreas Pretzsch ## meta-ti --------------------------- Commit: 10a5021d --------------------------- CI/CD Auto-Merger: cicd.master.202603191530 Updated the value(s) for: ti-linux-fw: TI_LINUX_FW_SRCREV atf: SRCREV_tfa:am62lxx u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=a85ebd5c5b216646779b3d34efa09f0a7d818d62..aaa3d54aaa9e837834fa6b6dd99e9fefdfcf7949 u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=81a97a3303f8c786014d8644d185a368fba902c5..a46241db71e383bb6dda103ecad12b13e7af3c38 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=d6380d740b3af3be9a9ebbd347b5b0c34cd82e81..fa0fe817f5ee1b0542f757abaded245c6e5a1321 Signed-off-by: LCPD Automation Script --------------------------- Commit: 5aa1c6ef --------------------------- meta-beagle: Fix TF-A machine name for badge BeagleBadge board has been renamed to am62l3-badge in the new TFA ti-tfa-2.14.y branch [0], so update recipe TFA_BOARD accordingly. [0] https://github.com/TexasInstruments/arm-trusted-firmware/commit/d203b8453905178252094416448de009931087e0 Signed-off-by: Judith Mendez Signed-off-by: Ryan Eatmon --------------------------- Commit: 9dc647e5 --------------------------- k3: set console parameter to KERNEL_CONSOLE Set the default value of TI_WKS_BOOTLOADER_APPEND to "console=${KERNEL_CONSOLE}" to populate the kernel cmdline console variable for all k3 devices. Also define SERIAL_CONSOLES for am64xx.inc, since it was previously overriding TI_WKS_BOOTLOADER_APPEND directly for this functionality. The KERNEL_CONSOLE variable provided by openembedded-core is a sane default console parameter automatically populated by the first value in the SERIAL_CONSOLES variable. Their UKI and EFI flows already use this variable to ensure the kernel cmdline console value is set to something machine appropriate. Signed-off-by: Randolph Sapp Signed-off-by: Ryan Eatmon --------------------------- Commit: 7eaa6ae2 --------------------------- linux-bb.org_6.12: Backport C23 compile fix from linux-stable A recent change in oe-core [1] to glibc 2.43 has introduced a build error with 6.12 kernels. Backport a patch [2] from linux-stable to address this. [1] https://git.openembedded.org/openembedded-core/commit/?id=f791d6c52870f3571e740ff7818d45bb0a717934 [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.12.y&id=3dedeeecd1ae42a751721d83dc21877122cc1795 Signed-off-by: Ryan Eatmon --------------------------- Commit: 204dbf80 --------------------------- u-boot-bb.org: Add a tick-timer for PocketBeagle Add a chosen tick-timer in version 2025.10 to boot on PocketBeagle. Fixes: CPU : AM335X-GP rev 2.1 Model: TI AM335x PocketBeagle DRAM: 512 MiB Core: 155 devices, 16 uclasses, devicetree: separate Could not initialize timer (err -19) The patch is based on the following related discussions: - arm: dts: am335x-*-u-boot: Add chosen tick-timer https://lists.denx.de/pipermail/u-boot/2026-January/608684.html - pocketbeagle stuck in boot loop with timer error https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269124 Signed-off-by: Leon Anavi Signed-off-by: Ryan Eatmon --------------------------- Commit: ee4b9d90 --------------------------- conf: machine: am62-lp: Package ECAP Capture overlay Package k3-am62x-sk-ecap-capture.dtbo for AM62 LP SK to enable ECAP in capture mode. Signed-off-by: Judith Mendez Signed-off-by: Ryan Eatmon --------------------------- Commit: 237d409a --------------------------- conf: machine: am62a: Fix overlays in KERNEL_DEVICETREE_PREFIX There have been changes in k3-am62x* overlays due to conflicts in DT, so update KERNEL_DEVICETREE_PREFIX for AM62A SK appropriately. Signed-off-by: Judith Mendez Signed-off-by: Ryan Eatmon --------------------------- Commit: df378fdf --------------------------- ti-extras: Update SRCREV for Jailhouse Update SRCREV for Jailhouse-enabled U-Boot and Linux kernel and ti-jailhouse for the bsp-ti-6_18 Changes include: - u-boot/ti-extras.inc: Update to latest SRCREV - linux/ti-extras.inc: Update to latest SRCREV - linux/ti-extras-rt.inc: Update to latest SRCREV - jailhouse/ti-jailhouse: Update to latest SRCREV Signed-off-by: Mahammed Sadik Shaik Signed-off-by: Ryan Eatmon --------------------------- Commit: 732327f1 --------------------------- layer.conf: Update the layers to support wrynose Signed-off-by: Ryan Eatmon --------------------------- Commit: 81cd032c --------------------------- CI/CD Auto-Merger: cicd.master.202603161800 Updated the value(s) for: ti-linux-fw: PRUETH_FW_AM65X_SR2_VERSION,TI_LINUX_FW_SRCREV,TI_SYSFW_VERSION atf: SRCREV_tfa:am62lxx u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=58a8a47f9063cfcd9eebcfb2825b99a34ef19b80..a85ebd5c5b216646779b3d34efa09f0a7d818d62 u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=e585d2fccbb4c11389ecd9afb00ec5e707267afc..81a97a3303f8c786014d8644d185a368fba902c5 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=f13c6190c45bc24cc6640e39c36304bbc4ff22e7..d6380d740b3af3be9a9ebbd347b5b0c34cd82e81 Signed-off-by: LCPD Automation Script --------------------------- Commit: 88a85e81 --------------------------- u-boot-ti-staging_2025.01: Backport fix for python3-setuptools change A recent change in oe-core [1] to bump the python3-setuptools change introduced a build error with the 2025.01 version of u-boot in binman. Backport a fix from the master branch of u-boot [2] to address this. [1] https://git.openembedded.org/openembedded-core/commit/?id=ab6b2bf7b555d3516abea6255b800fe6f9673a69 [2] https://github.com/u-boot/u-boot/commit/538719cb6a77934d069e0e64f264457a59a9ebfc Signed-off-by: Ryan Eatmon --------------------------- Commit: b92d66ad --------------------------- linux-ti-staging_6.12: Backport C23 compile fix from linux-stable A recent change in oe-core [1] to glibc 2.43 has introduced a build error with 6.12 kernels. Backport a patch [2] from linux-stable to address this. [1] https://git.openembedded.org/openembedded-core/commit/?id=f791d6c52870f3571e740ff7818d45bb0a717934 [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.12.y&id=3dedeeecd1ae42a751721d83dc21877122cc1795 Signed-off-by: Ryan Eatmon --------------------------- Commit: a77f6ead --------------------------- mesa-pvr: fix compilation errors with c23 Pull a fix from mesa/main regarding C23/glibc's definition of once_init in stdlib.h. Signed-off-by: Randolph Sapp Signed-off-by: Ryan Eatmon --------------------------- Commit: c4f9ff1e --------------------------- recipes-ti: ti-librpmsg-dma: Update branch and disable example build Switch from scarthgap to main branch for ti-librpmsg-dma library. Also update SRCREV and add -DBUILD_SIGNAL_CHAIN_BIQUAD_EXAMPLE=OFF to cmake options to exclude building the sigchain example. Signed-off-by: Paresh Bhagat Signed-off-by: Ryan Eatmon --------------------------- Commit: 8eaa5cac --------------------------- ti-jailhouse: Fix buildpaths QA warning and cleanup Add -ffile-prefix-map flags to KCFLAGS to remove build path references from kernel module compilation, ensuring reproducible builds and preventing absolute path leakage in binaries. inherit module-base kernel-module-split for building kernel modules move V=1 into EXTRA_OEMAKE and remove overriding do_compile() This resolves buildpaths QA warnings during packaging. Signed-off-by: Mahammed Sadik Shaik Signed-off-by: Ryan Eatmon --------------------------- Commit: dbedef73 --------------------------- jailhouse-inmate: Inhibit debug package split Inmate binaries are bare-metal applications without standard debug symbols that can be meaningfully split. Inhibit debug package creation to avoid unnecessary packaging overhead and potential QA warnings. Signed-off-by: Mahammed Sadik Shaik Signed-off-by: Ryan Eatmon --------------------------- Commit: 6d51093a --------------------------- jailhouse: Fix JH_RAMFS image path Update JH_RAMFS_IMAGE references to use correct .cpio extension instead of .rootfs.cpio to match current image naming convention Signed-off-by: Mahammed Sadik Shaik Signed-off-by: Ryan Eatmon --------------------------- Commit: 9c336bc8 --------------------------- CI/CD Auto-Merger: cicd.master.202603091800 Updated the value(s) for: atf: SRCREV_tfa:am62lxx u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: SRCREV Changelogs: u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=8dedb46bfd7e7bba52cbedfbab10fe4383317b7b..e585d2fccbb4c11389ecd9afb00ec5e707267afc linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=1ae61a325571a4b242dac987edcbff0bf11cbd35..f13c6190c45bc24cc6640e39c36304bbc4ff22e7 Signed-off-by: LCPD Automation Script --------------------------- Commit: db4353bc --------------------------- CI/CD Auto-Merger: cicd.master.202603060742 Updated the value(s) for: ti-linux-fw: TI_LINUX_FW_SRCREV atf: SRCREV_tfa:am62lxx u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=cf4a45b898294c96af02a62b7321c35651b3fa67..58a8a47f9063cfcd9eebcfb2825b99a34ef19b80 u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=90e682a353fe494e4058068a02bd8ee9f7a1bbf2..8dedb46bfd7e7bba52cbedfbab10fe4383317b7b linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=30182cf3ac7db7fd66c36870f3fc5db91a32f36c..1ae61a325571a4b242dac987edcbff0bf11cbd35 Signed-off-by: LCPD Automation Script --------------------------- Commit: acea5fac --------------------------- ti-extras: Add Jailhouse support for bsp-ti-6_18 Add Jailhouse-enabled U-Boot and Linux kernel configurations for the bsp-ti-6_18 release to support AM62xx, AM62Pxx, and AM62Lxx platforms. Changes include: - u-boot/ti-extras.inc: Add ti-u-boot-2026.01-jailhouse branch - linux/ti-extras.inc: Add ti-linux-6.18.y-jailhouse branch - linux/ti-extras-rt.inc: Add ti-linux-6.18.y-jailhouse branch Signed-off-by: Mahammed Sadik Shaik Signed-off-by: Ryan Eatmon --------------------------- Commit: bf93262b --------------------------- meta-ti: optee: Update SHA in optee_os to integrate timeout increase optee_os has a driver for AM62L's mailbox. Recently it started timing out waiting for a response from TIFS. It seems that the timeout we had given was at the edge of what was acceptable, since unrelated changes to rest of the boot chain were breaking it. So a patch was sent to optee_os to fix this by increasing the timeout from 10ms to 1000ms. Update the optee_os recipe's SHA to integrate this change into the SDK. Signed-off-by: Suhaas Joshi Signed-off-by: Ryan Eatmon --------------------------- Commit: de85a85c --------------------------- CI/CD Auto-Merger: cicd.master.202603050509 Updated the value(s) for: atf: SRCREV_tfa:am62lxx linux-ti-staging_6.18: SRCREV Changelogs: linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=8f753312db559c2f1f0867030e5fb36b89f2ea05..30182cf3ac7db7fd66c36870f3fc5db91a32f36c Signed-off-by: LCPD Automation Script --------------------------- Commit: 563ffd7e --------------------------- CI/CD Auto-Merger: cicd.master.202603041808 Updated the value(s) for: ti-linux-fw: TI_LINUX_FW_SRCREV atf: SRCREV_tfa:am62lxx u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=c5eea0af8225334b1babfa750b329200dcee3d2b..cf4a45b898294c96af02a62b7321c35651b3fa67 u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=c42989009c209834eb512c065e283c492ec3dd50..90e682a353fe494e4058068a02bd8ee9f7a1bbf2 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=e9ebc825175636714e0ffa113133ef03879748df..8f753312db559c2f1f0867030e5fb36b89f2ea05 Signed-off-by: LCPD Automation Script --------------------------- Commit: 92c21982 --------------------------- beagle-bsp: unset TI_CORE_INITRAMFS_KERNEL_MODULES As BB.org kernel comes with own custom defconfig, there are no modules required to be loaded from initramfs in order to boot the platforms, as required drivers are built in. Unset the list of such modules to avoid breakage. Signed-off-by: Denys Dmytriyenko (TI) Signed-off-by: Ryan Eatmon --------------------------- Commit: 59af86a2 --------------------------- beagleplay-ti: use the am62xx.inc We should inherit the am62xx.inc and just override values as needed. Signed-off-by: Randolph Sapp Acked-by: Andrew Davis Signed-off-by: Ryan Eatmon --------------------------- Commit: cb50cbab --------------------------- beagley-ai: add beagley-ai-ti Split the existing config into a beagley-ai-ti and beagley-ai that includes it, like the existing beagleplay machine. Signed-off-by: Randolph Sapp Signed-off-by: Ryan Eatmon --------------------------- Commit: 87f5d17f --------------------------- meta-beagle: move all beagle board configurations Move all beagle board configurations to meta-beagle. There are 2 skews currently: 1. A base TI configuration setting all the default variables required to use the device with meta-ti-bsp provided packages. 2. An override that uses meta-beagle BSP components. This includes all the values defined in the TI skew as well as any meta-beagle specific configuration. Signed-off-by: Randolph Sapp Signed-off-by: Ryan Eatmon --------------------------- Commit: e9c04213 --------------------------- CI/CD Auto-Merger: cicd.master.202602271140 Updated the value(s) for: ti-linux-fw: TI_LINUX_FW_SRCREV atf: SRCREV_tfa:am62lxx u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: PV,SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=fc93d06371ec35ef634284748e8263907327d6fd..c5eea0af8225334b1babfa750b329200dcee3d2b u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=cb63a11faef453412da23e72c5e9b6782cf62274..c42989009c209834eb512c065e283c492ec3dd50 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=7e2c5ee21e318f67edb760f67fe16d41b1dc5a1e..e9ebc825175636714e0ffa113133ef03879748df Signed-off-by: LCPD Automation Script --------------------------- Commit: 74f14d87 --------------------------- conf: am62dxx-evm: Package k3-am62a7-sk-e3-max-opp overlay Package k3-am62a7-sk-e3-max-opp.dtbo for AM62D2-EVM to configure C7x DSP to run at its maximum supported frequency of 1GHz. Signed-off-by: Paresh Bhagat Signed-off-by: Ryan Eatmon --------------------------- Commit: c4caa380 --------------------------- optee: Update optee_os to integrate Firewall RNG changes Recently, a few commits were merged beyond the 4.9.0 tag in optee_os. These commits refactor some code in SA2UL, and add firewall configurations for RNG in AM62L. Therefore, to integrate these changes in the SDK, update the optee_os SHA. Signed-off-by: Suhaas Joshi Signed-off-by: Ryan Eatmon --------------------------- Commit: 15f5c84e --------------------------- trusted-firmware-a: Update to 2.14+ Updates trusted-firmware-a to a commit with the LPM patches and removes them from yocto. Signed-off-by: Manorit Chawdhry Signed-off-by: Ryan Eatmon --------------------------- Commit: e24a5376 --------------------------- ti-img-rogue-driver: Support for unified GPU bindings New sha brings support for unified GPU bindings. Signed-off-by: Antonios Christidis Signed-off-by: Ryan Eatmon --------------------------- Commit: 135dfe3f --------------------------- ti-bsp: Make ti-6_18 the default BSP Our initial testing is nearing completion and 6.18 is ready to be our default kernel along with 2026.01 uboot. Signed-off-by: Ryan Eatmon --------------------------- Commit: ddbc40d2 --------------------------- packagegroup-ti-core-initramfs: Add nfs-utils-mount When loading an initramfs, the kernel no longer provides functionality for mounting the rootfs. nfs-utils-mount is the minimal required packages to provide the needed tooling for the kernel to mount the rootfs over nfs when using an initramfs. Signed-off-by: Ryan Eatmon --------------------------- Commit: cd0391b2 --------------------------- gdbc6x: Tweak lcl_maybe_fortify security setting A change in oe-core [1] has turned on higher security checks, but gdbc6x will not build with FORTIFY_SOURCE turned on. Remove that setting to get it building again. [1] https://git.openembedded.org/openembedded-core/commit/?id=4c2d64c10a5b0437ab1ea04df22386f0f95124d1 Signed-off-by: Ryan Eatmon --------------------------- Commit: 03a7ad13 --------------------------- dsptop: Tweak SECURITY_STRINGFORMAT A change in oe-core [1] has turned on higher security checks, but dsptop will not build with all of them turned on. Remove a single setting to get it building again. [1] https://git.openembedded.org/openembedded-core/commit/?id=4c2d64c10a5b0437ab1ea04df22386f0f95124d1 Signed-off-by: Ryan Eatmon --------------------------- Commit: 38758c5d --------------------------- ti-ipc: Set DISABLE_STATIC = "" As of [1], static libs are disabled by default. But this package relies on static libs, so we need to allow for building them. [1] https://git.openembedded.org/openembedded-core/commit/?id=03fc931bfe9ea3fa9f33553e6020cbc067b24291 Signed-off-by: Ryan Eatmon --------------------------- Commit: bb64ebf3 --------------------------- ti-rpmsg-char: Set DISABLE_STATIC = "" As of [1], static libs are disabled by default. But this package relies on static libs, so we need to allow for building them. [1] https://git.openembedded.org/openembedded-core/commit/?id=03fc931bfe9ea3fa9f33553e6020cbc067b24291 Signed-off-by: Ryan Eatmon --------------------------- Commit: f60581dc --------------------------- *: Remove unused patches We have added checking for unused patches in our repo checking tool. Remove two patch files that it found. Signed-off-by: Ryan Eatmon --------------------------- Commit: fdca2e34 --------------------------- CI/CD Auto-Merger: cicd.master-ltsprep.202602191451 Updated the value(s) for: ti-linux-fw: TI_LINUX_FW_SRCREV u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=941e1f7a3b3f683a59a0e51fb78817eb31841430..fc93d06371ec35ef634284748e8263907327d6fd u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=0c5b72a0b975e5e01ed6164cc9547526c680fe95..cb63a11faef453412da23e72c5e9b6782cf62274 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=49a4f3a41af39ec952f7caadb856418e1b734449..7e2c5ee21e318f67edb760f67fe16d41b1dc5a1e Signed-off-by: LCPD Automation Script --------------------------- Commit: a8e59d34 --------------------------- conf: j722s: Add usbdfu tie-test-builds config Using the new UBOOT_CONFIG flow, enable a mode where additional uboot configurations can be built along side the main config. In this case, turning on USBDFU for a board for testing purposes. Signed-off-by: Ryan Eatmon --------------------------- Commit: 82f15401 --------------------------- trusted-firmware-a: Updates for am62l Change the branch for am62l to ti-tfa-2.14y and change the TFA_PLATFORM for am62l. License-Udpate: am62l branch is now in line with master, so the md5sum changed to match. Signed-off-by: Ryan Eatmon --------------------------- Commit: 65ba600b --------------------------- conf: am64: Add ECDSA key signing Add support for signing the u-boot files with an ECDSA key. Signed-off-by: Ryan Eatmon --------------------------- Commit: 135b7041 --------------------------- ti-img-rogue-*: Migrate GPU driver version 25.2 -> 25.3 New recipes for GPU DDK 25.3. Update BSP configuration file to package driver, which now supports kernel 6.18. Signed-off-by: Antonios Christidis Signed-off-by: Ryan Eatmon --------------------------- Commit: 4107d315 --------------------------- ipc: ti-rpmsg-char: Update library to 0.6.11 update ti-rpmsg-char library to 0.6.11 It brings the below fixes: dd4783422bf lib: Do not update local endpoint f26e4a30ca7 example: benchmark: move latencies array to data section. Signed-off-by: Hari Nagalla Signed-off-by: Ryan Eatmon --------------------------- Commit: ee9f5e1d --------------------------- CI/CD Auto-Merger: cicd.master-ltsprep.202602181811 Updated the value(s) for: ti-linux-fw: TI_LINUX_FW_SRCREV u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: PV,SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=3c35ffe92dd85b5acfcbf350cd1a6cc829994b20..941e1f7a3b3f683a59a0e51fb78817eb31841430 u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=65c7cac7324df20db0cfec1377fc3728018d5808..0c5b72a0b975e5e01ed6164cc9547526c680fe95 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=abdf4e7f1d6d22a2162c91baa1f2a32f8e7adf88..49a4f3a41af39ec952f7caadb856418e1b734449 Signed-off-by: LCPD Automation Script --------------------------- Commit: 123245b6 --------------------------- conf: Change weak assignment of IMAGE_BOOT_FILES Rather than using ?= to default the value of IMAGE_BOOT_FILES, instead use += to add the files we want to the probably empty value. We ran into an issue where the recent ti-core-initramfs changes used += and overrode the ?= in k3.inc, resulting in no boot files being packaged in the wic boot partition. This addresses the issue by ensuring that we never have a situation where the required files are not in the final list. Signed-off-by: Ryan Eatmon --------------------------- Commit: 1c2398c3 --------------------------- CI/CD Auto-Merger: cicd.master-ltsprep.202602130934 Updated the value(s) for: ti-linux-fw: TI_LINUX_FW_SRCREV u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=dfa62d2a6b9de71dc6fb682882834c9390324c42..3c35ffe92dd85b5acfcbf350cd1a6cc829994b20 u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=41842a7ccad599b3b5aa4500de859a0f01583a8c..65c7cac7324df20db0cfec1377fc3728018d5808 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=8210918c3b8678d9781cf982c86757705405bfb3..abdf4e7f1d6d22a2162c91baa1f2a32f8e7adf88 Signed-off-by: LCPD Automation Script --------------------------- Commit: dd883791 --------------------------- CI/CD Auto-Merger: cicd.master.202602130100 Updated the value(s) for: atf: SRCREV_tfa:am62lxx k3conf: SRCREV Changelogs: k3conf: https://git.ti.com/cgit/k3conf/k3conf/log/?qt=range&q=4e3a44c4b961831f2de80606942dd0d8eb508eca..c50875c7c4ad112d5e632bea3301e06a0aa8669f Signed-off-by: LCPD Automation Script --------------------------- Commit: 8a36d561 --------------------------- optee: Update to 4.9.0 tag Update optee_os, optee_client, optee_examples and optee_test to the newer 4.9.0 tag. Signed-off-by: Manorit Chawdhry Signed-off-by: Ryan Eatmon --------------------------- Commit: 77de8a11 --------------------------- ti-core-initramfs: Add TI_CORE_INITRAMFS_EXTRA_INSTALL Add TI_CORE_INITRAMFS_EXTRA_INSTALL variable that another layer can use to install additional packages/changes into the initramfs. Setting this variable will also turn on the initramfs even if the platform does not have kernel modules to include. Signed-off-by: Ryan Eatmon --------------------------- Commit: 300f2a8d --------------------------- ti-core-initramfs: Rework logic Clean up the logic of the new ti-core-initramfs to reduce the impact on downstream layers. - Flip the logic in the machine .conf files to track the list of required kernel modules for that platform, but if the variable is set to "" then the ti-core-initramfs will not be created. - Redo the logic of when we require creation/usage of the initramfs to just platforms that need it (ie that set TI_CORE_INITRAMFS_KERNEL_MODULES). - Add a big switch to disable the initramfs entirely. In that case, the user is on their own to make sure that the kernel has everything it needs to boot either via config fragments to turn on the needed modules, or by using the TI_CORE_INITRAMFS_KERNEL_MODULES variable to populate their own initramfs. Signed-off-by: Ryan Eatmon --------------------------- Commit: eb0d589b --------------------------- ti-core-initramfs: pull correct VIRTUAL_RUNTIME components Pull additional standard VIRTUAL_RUNTIME components to respect Distro configuration (e.g. systemd/udev, etc.) This only requires adjusting the size to 128MB. Signed-off-by: Denys Dmytriyenko (TI) Signed-off-by: Ryan Eatmon --------------------------- Commit: 220c16be --------------------------- recipes-bsp: Remove TI TAD5212 DAC firmware recipe TAD5212 now uses a dedicated driver instead of the PCM6240 driver, making the firmware files no longer needed. So remove the recipe and corresponding changes. Signed-off-by: Paresh Bhagat Signed-off-by: Ryan Eatmon --------------------------- Commit: 7e27e75a --------------------------- recipes-bsp: Add TI PCM6240 ADC firmware recipe Add PCM6240 ADC firmware recipe for am62dxx-evm to support 2 PCM6240 ADC's, each supporting 4 channel recording. Signed-off-by: Vishnu Singh Signed-off-by: Paresh Bhagat Signed-off-by: Ryan Eatmon --------------------------- Commit: a6bf8a8f --------------------------- CI/CD Auto-Merger: cicd.master-ltsprep.202602111800 Updated the value(s) for: ti-linux-fw: TI_LINUX_FW_SRCREV,TI_SYSFW_VERSION u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: PV,SRCREV Changelogs: ti-linux-fw: https://git.ti.com/cgit/processor-firmware/ti-linux-firmware/log/?qt=range&q=8ec0c42b8ccf2c9e8bebfd7c4e03d93fed555442..dfa62d2a6b9de71dc6fb682882834c9390324c42 u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=7db1482473e9a9562061c6f89e6d3cd86a17e616..41842a7ccad599b3b5aa4500de859a0f01583a8c linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=e36172c9eb8513198f33eee06b8cff28c6556e11..8210918c3b8678d9781cf982c86757705405bfb3 Signed-off-by: LCPD Automation Script --------------------------- Commit: c0e80f86 --------------------------- u-boot: Update ECDSA signing make option When the feature was sent to upstream, it was requested to change the command line option for specifying the key. Adapt to that change and ensure it still works as is for bsp-ti-6_12. Signed-off-by: Ryan Eatmon --------------------------- Commit: c79f7b83 --------------------------- CI/CD Auto-Merger: cicd.master-ltsprep.202602051800 Updated the value(s) for: atf: SRCREV_tfa:am62lxx u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: PV,SRCREV Changelogs: u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=0456d31970eeef8678fd20a6683d1acd9fc8da4a..7db1482473e9a9562061c6f89e6d3cd86a17e616 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=33b7bd36f11719837307a92818393608faafbc10..e36172c9eb8513198f33eee06b8cff28c6556e11 Signed-off-by: LCPD Automation Script --------------------------- Commit: 721c3380 --------------------------- CI/CD Auto-Merger: cicd.master.202602031100 Updated the value(s) for: atf: SRCREV_tfa:am62lxx Signed-off-by: LCPD Automation Script --------------------------- Commit: 634a30e2 --------------------------- conf: am62p: Add ECDSA key signing Use the new framework to add alternative key signing for the am62p platform as an example. Signed-off-by: Ryan Eatmon --------------------------- Commit: 507125ee --------------------------- u-boot: Add alternative key signing Provide framework for how to sign the uboot files with different keys so that customers can see how it is done. We have provided an ECDSA key and follow on patches will show how to point to it. Signed-off-by: Ryan Eatmon --------------------------- Commit: 22e889c2 --------------------------- CI/CD Auto-Merger: cicd.master-ltsprep.202602021018 Updated the value(s) for: u-boot-ti-staging_2025.01: SRCREV_uboot u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging-rt_6.12: SRCREV_ARM32 linux-ti-staging_6.12: SRCREV linux-ti-staging_6.18: PV,SRCREV Changelogs: u-boot-ti-staging_2025.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=42cf2abb5f42b4e8dca8b9df584b816d8a0da7fa..ef2eb76b650415637bd93b0eddfb1e31489117f9 u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=127a42c7257a6ffbbd1575ed1cbaa8f5408a44b3..0456d31970eeef8678fd20a6683d1acd9fc8da4a linux-ti-staging-rt_6.12: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=2bae13c52d344e96fce42ab8209c068d1e67c944..a3bc6dc973a99822f0707b1c9ba06b56bf142076 linux-ti-staging_6.12: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=8843c53f444321e22f1eaeec0478ffc0a6191203..da3c0f0a33ac00f7138c695a16d90301cf7ec02b linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=2d64b9f10d1d9e7cbd041d613b40222c11291f14..33b7bd36f11719837307a92818393608faafbc10 Signed-off-by: LCPD Automation Script --------------------------- Commit: 8529512d --------------------------- CI/CD Auto-Merger: cicd.master.202601292132 Updated the value(s) for: u-boot-ti-staging_2026.01: SRCREV_uboot Changelogs: u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=c5e6d2ab7eba68cbfb600cdc131c0c375ced2ec9..127a42c7257a6ffbbd1575ed1cbaa8f5408a44b3 Signed-off-by: LCPD Automation Script --------------------------- Commit: 6da71942 --------------------------- Revert "CI/CD Auto-Merger: cicd.master-ltsprep.202601290100" This reverts commit bb2c3dcb6c146a4c4e388e95c0a9c4c434b24351. There is something wrong withour CICD scripts. This should not have been promoted. --------------------------- Commit: bb2c3dcb --------------------------- CI/CD Auto-Merger: cicd.master-ltsprep.202601290100 Updated the value(s) for: u-boot-ti-staging_2026.01: SRCREV_uboot linux-ti-staging_6.18: PV,SRCREV Changelogs: u-boot-ti-staging_2026.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=c5e6d2ab7eba68cbfb600cdc131c0c375ced2ec9..677076fc270788c97e15cd5fc47b32d8a6bda672 linux-ti-staging_6.18: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=2d64b9f10d1d9e7cbd041d613b40222c11291f14..25e529b290fc89f777503b34100b2c8f5532b66b Signed-off-by: LCPD Automation Script --------------------------- Commit: 06144542 --------------------------- optee-ftpm: Adapt to meta-arm change meta-arm updated optee to 4.9.0 and added logic manage the tag=xx;nobranch=1 vs branch=master in the SRC_URI for all of the optee recipes except for optee-ftpm. Set the new variable to the same logic as the other optee recipes to fix an unpack error. Signed-off-by: Ryan Eatmon --------------------------- Commit: a546e95d --------------------------- linux-ti-staging: Update 6.18 SRCREV It looks like the ti-linux-6.18.y was force pushed. As we are still in the process of getting the LTA up and running, we need to update the SHA. Signed-off-by: Ryan Eatmon --------------------------- Commit: 69deabbd --------------------------- conf: am65: Add usbdfu tie-test-builds config Using the new UBOOT_CONFIG flow, enable a mode where additional uboot configurations can be built along side the main config. In this case, turning on USBDFU for a board for testing purposes. Signed-off-by: Ryan Eatmon --------------------------- Commit: bd7a32b6 --------------------------- conf: am62: Add usbdfu tie-test-builds configs Using the new UBOOT_CONFIG flow, enable a mode where additional uboot configurations can be built along side the main config. In this case, turning on USBDFU for a board for testing purposes. Signed-off-by: Ryan Eatmon --------------------------- Commit: 380d3e91 --------------------------- u-boot: Move ti-extras.inc into u-boot-ti.inc Since the extras stuff should "theoretically" apply to all u-boot versions, move the include out of each recipe and into the central include file. Signed-off-by: Ryan Eatmon --------------------------- Commit: 5470b4f4 --------------------------- ti-gc320-driver: Port module for kernel 6.18 Port the kernel module for gc320 driver to build on linux kernel 6.18. The overall version of the driver remains the same. Signed-off-by: Antonios Christidis Signed-off-by: Ryan Eatmon --------------------------- Commit: 85c3cc60 --------------------------- u-boot: Adapt to upstream change to UBOOT_CONFIG flow A recent change to the UBOOT_CONFIG flow in oe-core [1], introduced support for UBOOT_FRAGMENTS. We need to stop using our internal UBOOT_CONFIG_FRAGMENTS and start using the new UBOOT_FRAGMENTS. [1] https://git.openembedded.org/openembedded-core/commit/?id=cd9e7304481b24b27df61c03ad73496d18e4d47c Signed-off-by: Ryan Eatmon --------------------------- Commit: fc26d5dc --------------------------- CI/CD Auto-Merger: cicd.master.202601171053 Updated the value(s) for: atf: SRCREV_tfa:am62lxx u-boot-ti-staging_2025.01: SRCREV_uboot linux-ti-staging-rt_6.12: SRCREV_ARM32 linux-ti-staging_6.12: SRCREV Changelogs: u-boot-ti-staging_2025.01: https://git.ti.com/cgit/ti-u-boot/ti-u-boot/log/?qt=range&q=df1fe238230433ba3e5b731356156e145aa90917..42cf2abb5f42b4e8dca8b9df584b816d8a0da7fa linux-ti-staging-rt_6.12: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=1379a8eb9786e78509f67ff8eac658bde5ddc66d..2bae13c52d344e96fce42ab8209c068d1e67c944 linux-ti-staging_6.12: https://git.ti.com/cgit/ti-linux-kernel/ti-linux-kernel/log/?qt=range&q=15b58b1dcd0e0a79d83740b81da1a1367f6f3f68..8843c53f444321e22f1eaeec0478ffc0a6191203 Signed-off-by: LCPD Automation Script --------------------------- Commit: 48901ff2 --------------------------- j721e: Disable ti-vxe-vde-driver for 6.18 The ti-vxe-vxd-driver recipe is not building with the 6.18 kernel. Once a new version that addresses this is available we can turn this back on. Signed-off-by: Ryan Eatmon --------------------------- Commit: 4a36d60f --------------------------- ti-bsp: ti-img-encode-decode: Update SRCREV V4L2 API has been updated to remove the flags parameter from v4l2_m2m_buf_copy_metadata in the 6.19 stable kernel release. Driver has been updated to reflect these changes. Update SRCREV to pull these changes. Signed-off-by: Brandon Brnich Signed-off-by: Ryan Eatmon --------------------------- Commit: a051601c --------------------------- u-boot-ti-mainline: Update to version: v2026.01 Updated the value(s) for: u-boot-ti-mainline: PV,SRCREV_uboot Signed-off-by: LCPD Automation Script Signed-off-by: Ryan Eatmon --------------------------- Commit: bdcbe5d6 --------------------------- trusted-firmware-a: Clean up bbappend guard variables Rather than using shorthand variables for the guard, move to a longer more explicit naming. This is mostly a cosmetic change, but we might make a rule for it in the future so that we can check for it. Signed-off-by: Ryan Eatmon --------------------------- Commit: ce6dccea --------------------------- conf: Add support for bsp-ti-6_18 to ti-core-initramfs With the 6.18 we are moving to using an initramfs to provide non-default modules for booting. So add that override to the machines that need it. Signed-off-by: Ryan Eatmon --------------------------- Commit: 54ce94f5 --------------------------- ti-core-initramfs: Shrink size of initramfs It looks like we were modelling this initramfs off of the wrong example from poky. This setup produces a much smaller initramfs. Signed-off-by: Ryan Eatmon --------------------------- Commit: 270b7b64 --------------------------- u-boot-ti: Clean up config looping code Cleanup a few incorrect issues with the current file naming under the config looping code. 1) Since binman is creating the tiboot3 files and signing them, when we are trying to create the named version of the files, we do not want to link against the spl/uboot-spl.bin file. We need to figure out what the tiboot3.bin is pointing at and make this named version point at the same thing. 2) When deploying the tiboot3 files, if we are deploying something that is a link, then we should point the deployed link to the same named target. This should help with figuring out what all of the links actually point to from the build dir instead of running into .bin file that has lost the audit trail. Signed-off-by: Ryan Eatmon --------------------------- Commit: 3b7aad2f --------------------------- CI/CD Auto-Merger: cicd.master.202601090100 Updated the value(s) for: atf: SRCREV_tfa:am62lxx Signed-off-by: LCPD Automation Script ## meta-virtualization --------------------------- Commit: 475530ac --------------------------- layer: bump compatibility to wrynose Signed-off-by: Bruce Ashfield --------------------------- Commit: f505ae07 --------------------------- vcontainer-tarball: set S to UNPACKDIR for do_qa_unpack check The recipe only has file:// SRC_URI entries which unpack directly into UNPACKDIR, not a ${BP} subdirectory. The new do_qa_unpack QA check in insane.bbclass warns when S doesn't exist after unpack. Set S explicitly to satisfy the check. Signed-off-by: Bruce Ashfield --------------------------- Commit: 4162f898 --------------------------- container-dummy-provides: Update to match changes in oe-core OE-Core made changes to the way dummy providers work, update the container-dummy-provides to match them. It now needs a hint in layer.conf to make the core components aware of the presence of the dummy recipe. Signed-off-by: Richard Purdie Signed-off-by: Bruce Ashfield --------------------------- Commit: 8e609e01 --------------------------- lxc: update to v6.0.6 This fixes the build with recent glibc and picks up the following fixes: 2597434ae Release LXC 6.0.6 d128f134d cmd/lxc-user-nic: prevent OOB read in name_is_in_groupnames c43aeaaed lxc/network: define netlink uAPI constants for link properties 42b43b31c lxc/network: save/restore physical network interfaces altnames 810f44ba0 lxc/network: optimize netdev_get_mtu 5e68a7a63 meson.build: fix open_how include with glibc-2.43+ 540f9e2bc meson.build: fix openat2 include typo, fix with glibc-2.43 +FORTIFY 01b9e35a7 lxc: added support OpenRC init system 885496ccc src/confile: fix values of lxc.cap.keep and lxc.cap.drop 99c3206c7 tests/lxc-attach: ensure no data corruption happens during heavy IO on pts b964611b3 lxc/{terminal, file_utils}: ensure complete data writes in ptx/peer io handlers d6ccb9abe github: test io_uring-based event loop 0448c9dd2 build: update Makefile and meson.build aa4212023 Improve the dbus scope creation error handling f9e73517e cgfsng: fix reboots when using dbus 2072ea4c7 copy_rdepends: Don't fail on missing source file c7eac1180 start: Respect lxc.init.groups also in new user namespace 8ed8145d6 start: Remove outdated comment about group dropping e9921c3d7 build(deps): bump actions/upload-artifact from 5 to 6 97a2e4af5 Added documentation on unprivileged LXC containers 59a30025e added doc for --rbduser 54d323a2d added "--rbduser" option in "lxc-create -B rbd" a262afb5d Fallback to XDG_RUNTIME_DIR when /run not found d7068a338 checkonfig: Fixed compatible with toybox/gunzip 4cc343edf Initial changes without testing bdce7a634 Enumerated all values in array edc57196f meson: add meson option for running doxygen in build 058be42aa build: Check if P_PIDFD is defined 099089971 Ensure do_lxcapi_unfreeze returns false when getstate errors f9ff9ea2a build(deps): bump actions/checkout from 5 to 6 Signed-off-by: Bruce Ashfield --------------------------- Commit: a707a497 --------------------------- xen: update to RELEASE-4.21.0 -tip This fixes the build against the lastest glibc, and we get a few other bug fixes as well: 1c72306b1f domain: move vmtrace_alloc_buffer() invocation in vcpu_create() 999c6fadf7 vpci/msix: check for BARs enabled in vpci_make_msix_hole 8f3b637591 x86/ucode: Support discrete modules being CPIO archives 805e2b8ada x86/pv: Don't assume that INT $imm8 instructions are two bytes long 93614ffa48 x86/MCE: restore CPU vendor reporting to the outside world e10f3ad869 tools/ocaml: fix 32-bit truncation bug in stub_xc_domain_setmaxmem() 1879637505 tools/sd-notify.h: Include string.h too 76dc2d6071 systemd: fall back to default system-sleep dir without systemd-devel 52356ca655 xenstored: Add newline to error message 4a7d2f18e5 libxl: constify some local variables for building with glibc 2.43 8061625411 tools/xenstored: fix live update 6adc1004f7 libxl: Fix device_add QMP calls with QEMU 9.2 and newer 55bb6db081 xen/cpufreq: fix usages of align_timer() in the on-demand governor ae0708e940 xen/cpufreq: fix adjusting of sampling window on early exit 4778574053 common/domctl: xsm update for get_domain_state access 615199f05b VT-d: fix off-by-one when handling extra RMRR ranges a7380f1437 xen: add non-executable stack note uniformly 14db25be36 xen/x86: fix usage of [[:blank:]] with BSD grep 99bd17462d EFI: Fix relocating ESRT for dom0 afaf4e7b50 SUPPORT.md: extend "lifetime" Signed-off-by: Bruce Ashfield --------------------------- Commit: 8ebf75a1 --------------------------- xen-tools: update to RELEASE-4.21.0 -tip Bumping xen to version RELEASE-4.21.0-61-g1c72306b1f, which comprises the following commits: 1c72306b1f domain: move vmtrace_alloc_buffer() invocation in vcpu_create() 999c6fadf7 vpci/msix: check for BARs enabled in vpci_make_msix_hole 8f3b637591 x86/ucode: Support discrete modules being CPIO archives 805e2b8ada x86/pv: Don't assume that INT $imm8 instructions are two bytes long 93614ffa48 x86/MCE: restore CPU vendor reporting to the outside world e10f3ad869 tools/ocaml: fix 32-bit truncation bug in stub_xc_domain_setmaxmem() 1879637505 tools/sd-notify.h: Include string.h too 76dc2d6071 systemd: fall back to default system-sleep dir without systemd-devel 52356ca655 xenstored: Add newline to error message 4a7d2f18e5 libxl: constify some local variables for building with glibc 2.43 8061625411 tools/xenstored: fix live update 6adc1004f7 libxl: Fix device_add QMP calls with QEMU 9.2 and newer 55bb6db081 xen/cpufreq: fix usages of align_timer() in the on-demand governor ae0708e940 xen/cpufreq: fix adjusting of sampling window on early exit 4778574053 common/domctl: xsm update for get_domain_state access 615199f05b VT-d: fix off-by-one when handling extra RMRR ranges a7380f1437 xen: add non-executable stack note uniformly 14db25be36 xen/x86: fix usage of [[:blank:]] with BSD grep 99bd17462d EFI: Fix relocating ESRT for dom0 afaf4e7b50 SUPPORT.md: extend "lifetime" Signed-off-by: Bruce Ashfield --------------------------- Commit: 3f58e364 --------------------------- crun: set CLEANBROKEN to fix configure on rebuild crun ships a GNUmakefile that aborts with "You must run ./autogen.sh && ./configure" when make clean is invoked before configure has run. The autotools_preconfigure prefunc triggers this when rebuilding (e.g. via multiconfig where sstate hash changes cause reconfiguration). Set CLEANBROKEN = "1" to skip the make clean in autotools_preconfigure. Signed-off-by: Bruce Ashfield --------------------------- Commit: e3902238 --------------------------- container-bundle: add explicit do_fetch dependency on skopeo-native do_fetch_containers runs as a postfunc of do_fetch and needs skopeo from the native sysroot. However, DEPENDS only gates do_prepare_recipe_sysroot which runs after do_fetch, so with a clean tmp/ directory skopeo-native may not be built when do_fetch runs. Add an explicit do_fetch[depends] on skopeo-native:do_populate_sysroot when remote containers are configured so the ordering is correct. Signed-off-by: Bruce Ashfield --------------------------- Commit: 6240456e --------------------------- container-registry: use FEATURE_PACKAGES for IMAGE_FEATURES validation Move FEATURE_PACKAGES_container-registry from container-image-host.bb to meta-virt-container.inc so it is available to all image recipes. image.bbclass check_image_features() auto-discovers FEATURE_PACKAGES_* variables as valid image features (line 72), so defining the variable globally is sufficient — no IMAGE_FEATURES[validitems] needed. This avoids the signature pollution that IMAGE_FEATURES[validitems] causes when set globally, while allowing container-registry to be used as an IMAGE_FEATURES value in any image recipe. Signed-off-by: Bruce Ashfield --------------------------- Commit: c2eeba33 --------------------------- kernel: skip kcfg search path injection for kernels with kernel-cache The kcfg sysroot search path (type=kmeta) was being injected unconditionally, which caused fragment conflicts for linux-yocto kernels that already have their own kernel-cache meta branch. The injected search path would roll back fragments to an older set. Make the injection conditional and fix the root cause: - kernel_cache_feature() now checks SRC_URI for type=kmeta entries. Kernels with kernel-cache get short paths (e.g. cfg/container.scc) that resolve directly via the kernel-cache's search path. Kernels without kernel-cache get the sysroot-relative ../../ paths as before. - distro_cond_feature() now passes d.getVar('SRC_URI') instead of an empty string, so kernel_cache_feature() can actually see whether the kernel has a kernel-cache. - SRC_URI append and inject_kcfg_search_path prefunc skip when type=kmeta is already present. - Remove unused kernel_cache_cond_feature() which was the original conditional implementation but was never wired up. This restores the original design intent from commit 5c212911 ("allow conditional use of yocto-cfg-fragments"): kernel-cache is the first choice for fragment resolution, sysroot is the fallback. Signed-off-by: Bruce Ashfield --------------------------- Commit: d16110ae --------------------------- yocto-cfg-fragments: bump to -tip bc293057 bcm-2xxx-rpi: Fix configuration audit warnings (LEDS, BACKLIGHT) 8ef043d5 kver: bumping to v6.18.16 104a5c9d bcm-2xxx-rpi: Add raspberry pi5 config and add input feature by default 9b173d3a genericarm64: drop CONFIG_PINCTRL_SM8350_LPASS_LPI 0b1ea0e5 genericarm64.cfg: enable CONFIG_INTERCONNECT_QCOM_QCS8300 2fa1b419 genericarm64-pinctrl.cfg: enable CONFIG_PINCTRL_QCS8300 53f6a3a8 kver: bumping to v6.18.13 98a36302 cfgs/nfc: create an intel-nfc-vendor specific feature 6350b56a netfilter.cfg: enable NF_CONNTRACK_SNMP a425fdd0 pmem.cfg: enable DEV_DAX and DEV_DAX_HMEM 70eeaeff genericarm64.scc: enable TRANSPARENT_HUGEPAGE support d62a1267 security-arm64.cfg: rename CFI_CLANG to CFI b925ef94 security-arm64.cfg: correctly enable KASAN 1fdb98a4 security-arm64.cfg: add comment for ARM64_BTI_KERNEL 6d8bf6f0 security.cfg: move RANDOMIZE_MEMORY to x86_64 18fcb6dc arm.scc: move ARM_CPUIDLE to arm only 7e1d9b2b numa_x86_64.scc: move x86_64 config from numa.cfg to numa_x86_64.cfg e93e999e sound.cfg: split SND_SOC_WM8731 to I2C and SPI variants 5a567776 sound_x86.scc: take over x86 configs from sound.scc 1ae7ce94 genericarm64.cfg: enable MTD NAND ECC support 15d48f71 genericarm64.cfg: enable TI MTD NAND support 40a67254 genericarm64-serial.cfg: set SERIAL_8250_CONSOLE to y 5ee6148e qemu-kvm.cfg: remove extra space 9f780417 firmware.cfg: whitespace fixes bc221187 genericarm64.cfg: fix CONFIG_PM_DEVFREQ_EVENT aef69bf3 Revert "genericarm64.scc: enable OP-TEE support" 6f597e1a genericarm64.cfg: enable SCSI support for HiSilicon etc f1f313cf genericarm64.scc: enable RPMB support a4565911 genericarm64.scc: enable GNSS support 391566e2 gnss.scc: add feature d40a455d genericarm64.cfg: enable more bus drivers 20e41104 genericarm64.cfg: enable PCI_PASID support 0b2967f5 genericarm64.scc: enable NFC support 2643b37e nfc-vendor.scc: move Intel configs to nfc-vendor-intel.cfg b1d00b01 genericarm64.scc: enable RFKILL LED, INPUT and GPIO 92610953 rfkill-extra.scc: add fragment for RFKILL LEDs, input and GPIO support fc7d5f45 bluetooth.cfg: enable BT_LEDS support f18ec272 genericarm64.scc: enable HSR 79fa2c17 hsr.scc: add feature for High-availability Seamless Redundancy (HSR & PRP) 1313923a genericarm64.scc: enable Time Sensitive Networking e190eeff intel-x86.scc: enable hibernation with feature c941f4ee genericarm64.scc: enable hibernation support ce5c6d9d hibernation.scc: add feature 83620a7d bluetooth-usb.cfg: enable MediaTek and RealTek support cf6e1261 bluetooth-hw.cfg: enable BT_MTK ffdd0769 genericarm64.cfg: enable Microchip PHY support 9e9536d1 features/iommu: remove CONFIG_INTEL_IOMMU_FLOPPY_WA=y 61265288 genericarm64.cfg: enable CONFIG_QCA808X_PHY 8e6a09c7 kver: bumping to v6.18.11 Signed-off-by: Bruce Ashfield --------------------------- Commit: e5a04172 --------------------------- container-registry: make IMAGE_FEATURES local to image recipes Remove the global IMAGE_FEATURES[validitems] registration entirely. Setting it in layer.conf or a globally-inherited bbclass changes the varflag value, which gets pulled into the signature of every recipe that depends on IMAGE_FEATURES — causing yocto-check-layer signature change failures. Image recipes that use the container-registry feature already set IMAGE_FEATURES[validitems] locally (e.g. container-image-host.bb). Users who want the feature in their own images add the one-liner: IMAGE_FEATURES[validitems] += "container-registry" Signed-off-by: Bruce Ashfield --------------------------- Commit: c6b27a6b --------------------------- qemu-system-native: Tweak whitespace handling Avoid a yocto-check-layer issue: qemu-system-native:do_recipe_qa: 05c723e48cb4253cb80f1e5dcb63767b266c72cf8a83d3d7ff36a6622e43eb50 -> 7f42888db4f5572303288c58ad79c5267fa81da05a3a71288f91f309b50ed614 bitbake-diffsigs --task qemu-system-native do_recipe_qa --signature 05c723e48cb4253cb80f1e5dcb63767b266c72cf8a83d3d7ff36a6622e43eb50 7f42888db4f5572303288c58ad79c5267fa81da05a3a71288f91f309b50ed614 NOTE: Reconnecting to bitbake server... basehash changed from 1b770ad4a9b79d38c928331d17651d3d66a6ebc45822c336d7ab98bfa8ebfd94 to 6bc5e5507534603aa6f6ab862ab27ef9c0b9ffcfaa9922d7ef25cb563fab6ab9 Variable PACKAGECONFIG value changed: "fdt alsa kvm pie slirp png pixman sdl virglrenderer epoxy {++}" (whitespace changed) but moving the whitespace into the added option. Signed-off-by: Richard Purdie Signed-off-by: Bruce Ashfield --------------------------- Commit: 94767826 --------------------------- container-registry: make IMAGE_FEATURES conditional on distro features Move the container-registry IMAGE_FEATURES[validitems] registration from layer.conf into meta-virt-container-cfg.bbclass where it can be gated on DISTRO_FEATURES. The validitems varflag is now only registered when vcontainer or virtualization is in DISTRO_FEATURES. layer.conf is parsed before distro features are known, so inline Python cannot be used there. The bbclass is loaded via USER_CLASSES (deferred parsing) and already handles container profile configuration. Signed-off-by: Bruce Ashfield --------------------------- Commit: 09a89703 --------------------------- xen-guest-bundle: drop QA skip for installed-vs-shipped While we need the buildpaths QA skip due to the 3rd party nature of some bundles, we don't need the installed-vs-shipped. There's no reason why a bundled guest isn't packaging all its files (or deleting them). Signed-off-by: Bruce Ashfield --------------------------- Commit: aa18b46a --------------------------- container-registry: drop container-registry-populate Somehow we have two similar registry recipes that were developed from a different pont of view. We don't need both. container-registry-index is the mature, QA-compliant version that also generates the standalone container-registry.sh helper script. container-registry-populate is an older, simpler version that does only the push, so we drop it here Signed-off-by: Bruce Ashfield --------------------------- Commit: 21054f23 --------------------------- cockpit-machines: fix source specification and conditionally skip This recipe can't be built without the main recipe, which is in meta-oe meta-webserver. Fix a S assigment, so it'll parse And then skip if meta-webserver isn't in bblayers (not in collections). This will ensure that world builds don't try and pick it up when processing meta-virt. Signed-off-by: Bruce Ashfield --------------------------- Commit: 5f6b41e4 --------------------------- example-xen-guest-bundle: require xen and x11 in DISTRO_FEATURES to match the image recipe from XEN_GUEST_BUNDLES Fixes: ERROR: Nothing PROVIDES 'xen-guest-image-minimal' xen-guest-image-minimal was skipped: using DISTRO 'distro', which is missing required DISTRO_FEATURES: 'xen' in bitbake world builds Signed-off-by: Martin Jansa Signed-off-by: Bruce Ashfield --------------------------- Commit: ebe61f2a --------------------------- sanity: default virtualization distro check to false We've terrorized the users of meta-virt for long enough with the warning about the virtualization distro feature not being set. Modern OE has the features_check capability so recipes and functionality that need the distro feature to be set can just check it themselves. No need to warn over and over again. For now, it just default to off, but the check can be completely removed in the future (since it does cause some parse time overhead). Signed-off-by: Bruce Ashfield --------------------------- Commit: a1e1a021 --------------------------- xen/4.21: fix arm64 build with the most recent binutils The upgrade of binutils in OE core broke the xen build on arm64 due to unsupported instructions. We cherry-pick a patch from xen master to fix the issue. Signed-off-by: Bruce Ashfield --------------------------- Commit: a37eb96a --------------------------- conf/vruntime: exclude backfill distro features Block backfill features not needed by container runtime environments. OE-core's DISTRO_FEATURES_BACKFILL auto-appends these to DISTRO_FEATURES unless explicitly listed here. Without this, gobject-introspection-data enables python3-pygobject (which DEPENDS on cairo), and wayland enables pygobject's cairo PACKAGECONFIG — both are masked in vruntime builds. We are using: ISTRO_FEATURES_BACKFILL_CONSIDERED = "pulseaudio gobject-introspection-data opengl ptest multiarch wayland vulkan" Signed-off-by: Bruce Ashfield --------------------------- Commit: 5032403d --------------------------- xen-tools: update to RELEASE-4.21.0 -tip Bumping xen to version RELEASE-4.21.0-42-gafaf4e7b50, which comprises the following commits: afaf4e7b50 SUPPORT.md: extend "lifetime" 056103e7ad xen: Use MFLAGS for silent-mode detection 867b7d3f97 xen/kexec: return error code for unknown hypercalls d2a6413550 x86/domain: adjust limitation on shared_info allocation below 4G 6228ea8acd xen/mm: allow deferred scrub of physmap populate allocated pages 15cd2b8f1b xen/mm: remove aliasing of PGC_need_scrub over PGC_allocated 39c90c8dee PCI: handle PCI->PCIe bridges as well in free_pdev() 74b26c53d3 x86/EFI: correct symbol table generation with older GNU ld 3f4bf1e876 x86/amd: Fold another DE_CFG edit into amd_init_de_cfg() 8d7a0f8661 build/non-x86: fix symbol lookup in presence of build-id 25db82b062 symbols: don't omit "end" symbols upon mixed code / data aliases fc024ebf24 symbols: ensure sorting by value yields reproducible outcome b75f39c692 flask: fix gcov build with gcc14+ 8cb60ba236 PCI: handle PCI->PCIe bridges as well in alloc_pdev() 4e3c9c2eca x86/CPU: extend is_forced_cpu_cap()'s "reach" b3f59203a5 x86/time: deal with negative deltas in get_s_time_fixed() bc63b09ecc xen/domain: Disallow XENMEM_claim_pages on dying domains 97593f78ea symbols: don't use symbols-dummy ee66c42166 symbols: re-number intermediate files 3146587dbc x86/spec-ctrl: Fix incomplete IBPB flushing during context switch 41b9ae5d7e x86/shadow: don't overrun trace_emul_write_val 2872cd3121 cirrus-ci: introduce FreeBSD 15.0-RELEASE as "current" version c692a6786b x86: fix incorrect return value for has_if_pschange_mc fe0d896902 x86/PVH: mark pvh_setup_mmcfg() __init 82fe260552 xen/mm: move adjustment of claimed pages counters on allocation b579e832de x86/hvm: be more strict with XENMAPSPACE_gmfn source types e39831f590 xen/mm: reject XENMEM_claim_pages when using LLC coloring f805b61268 x86/AMD: avoid REP MOVSB for Zen3/4 11f9427100 vPCI: avoid bogus "overlap in extended cap list" warnings 7ab1f4939a xen/x86: Pass TPM ACPI table to PVH dom0 1cacccbace x86/mm: update log-dirty bitmap when manipulating P2M 7990330478 x86/pod: fix decrease_reservation() clearing of M2P entries 16e22efbde x86/amd: Fix race editing DE_CFG 81e71ef34f x86/amd: Stop updating the Zenbleed mitigation dynamically ba9142efd7 x86/vhpet: Fix sanitization of legacy IRQ route 747d10b76f x86/msix: fix incorrect refcount decrease in msixtlb c7e69564e5 x86/ucode: Fix error handling during parallel ucode load 5d002b7470 x86emul/test: correct compiler checking and avoid it when merely cleaning 6adf28094f xen: Fix EFI buildid alignment 653a3dd92a x86emul/test: extend cleaning of generated files 3d966b5f13 kconfig: remove references to docs/misc/kconfig{,-language}.txt files 14ad692e3b update Xen version to 4.21.1-pre 06af9ef229 Update to Xen 4.21 Signed-off-by: Bruce Ashfield --------------------------- Commit: c850e7dd --------------------------- xen: update to RELEASE-4.21.0 -tip Bumping xen to version RELEASE-4.21.0-42-gafaf4e7b50, which comprises the following commits: afaf4e7b50 SUPPORT.md: extend "lifetime" 056103e7ad xen: Use MFLAGS for silent-mode detection 867b7d3f97 xen/kexec: return error code for unknown hypercalls d2a6413550 x86/domain: adjust limitation on shared_info allocation below 4G 6228ea8acd xen/mm: allow deferred scrub of physmap populate allocated pages 15cd2b8f1b xen/mm: remove aliasing of PGC_need_scrub over PGC_allocated 39c90c8dee PCI: handle PCI->PCIe bridges as well in free_pdev() 74b26c53d3 x86/EFI: correct symbol table generation with older GNU ld 3f4bf1e876 x86/amd: Fold another DE_CFG edit into amd_init_de_cfg() 8d7a0f8661 build/non-x86: fix symbol lookup in presence of build-id 25db82b062 symbols: don't omit "end" symbols upon mixed code / data aliases fc024ebf24 symbols: ensure sorting by value yields reproducible outcome b75f39c692 flask: fix gcov build with gcc14+ 8cb60ba236 PCI: handle PCI->PCIe bridges as well in alloc_pdev() 4e3c9c2eca x86/CPU: extend is_forced_cpu_cap()'s "reach" b3f59203a5 x86/time: deal with negative deltas in get_s_time_fixed() bc63b09ecc xen/domain: Disallow XENMEM_claim_pages on dying domains 97593f78ea symbols: don't use symbols-dummy ee66c42166 symbols: re-number intermediate files 3146587dbc x86/spec-ctrl: Fix incomplete IBPB flushing during context switch 41b9ae5d7e x86/shadow: don't overrun trace_emul_write_val 2872cd3121 cirrus-ci: introduce FreeBSD 15.0-RELEASE as "current" version c692a6786b x86: fix incorrect return value for has_if_pschange_mc fe0d896902 x86/PVH: mark pvh_setup_mmcfg() __init 82fe260552 xen/mm: move adjustment of claimed pages counters on allocation b579e832de x86/hvm: be more strict with XENMAPSPACE_gmfn source types e39831f590 xen/mm: reject XENMEM_claim_pages when using LLC coloring f805b61268 x86/AMD: avoid REP MOVSB for Zen3/4 11f9427100 vPCI: avoid bogus "overlap in extended cap list" warnings 7ab1f4939a xen/x86: Pass TPM ACPI table to PVH dom0 1cacccbace x86/mm: update log-dirty bitmap when manipulating P2M 7990330478 x86/pod: fix decrease_reservation() clearing of M2P entries 16e22efbde x86/amd: Fix race editing DE_CFG 81e71ef34f x86/amd: Stop updating the Zenbleed mitigation dynamically ba9142efd7 x86/vhpet: Fix sanitization of legacy IRQ route 747d10b76f x86/msix: fix incorrect refcount decrease in msixtlb c7e69564e5 x86/ucode: Fix error handling during parallel ucode load 5d002b7470 x86emul/test: correct compiler checking and avoid it when merely cleaning 6adf28094f xen: Fix EFI buildid alignment 653a3dd92a x86emul/test: extend cleaning of generated files 3d966b5f13 kconfig: remove references to docs/misc/kconfig{,-language}.txt files 14ad692e3b update Xen version to 4.21.1-pre 06af9ef229 Update to Xen 4.21 Signed-off-by: Bruce Ashfield --------------------------- Commit: 6aef6e66 --------------------------- image-oci: update oci-iamge-tools + runc instructions Our runc is now sufficiently far ahead of the oci-image-tools such that they aren't compatible. But They can still be made to work with a runc generated spec. Update the comments to show a flow that works if using runc directly is desired. Signed-off-by: Bruce Ashfield --------------------------- Commit: 139cd8a4 --------------------------- buildah: update to v1.43.0 Bumping buildah to version v1.43.0-1-gbbc4bd12f, which comprises the following commits: 0158b5b31 [release-1.43] Bump Buildah to v1.43.0 f40d38a2f [release-1.43] fix source test 07b8495c8 [release-1.43] Bump common 0.67.0, image 5.39.1, storage 1.62.0 7178b10ac [release-1.43] Bump dest branch in cirrus to 1.43 acca15722 fix(build): make --tag oci-archive:xxx.tar work with simple images 40b5e371e test: do not untar archive into fs when checking file names 45b48af90 tests: use cached images instead of fedoraproject.org 662aa1598 chroot.bats(chroot with overlay root): ensure we can overlay 3877dc97d Run: don't try to encode SystemContext with json c0cc97255 [release-1.42] Bump Buildah to v1.42.2 307d1a3a4 [release-1.42] Bump runc to v1.3.4 de21106b6 [release-1.42] Bump Buildah to v1.42.1 f0700c546 [release-1.42] bump runc to v1.3.3 - CVE-2025-52881 22cd531e9 RPM: build with sequoia on F43+ 1ba41f035 Bump to Buildah v1.42.0 c23bf6bf1 Bump to storage v1.61.0, image v5.38.0, common v0.66.0 858a514ff fix(deps): update module github.com/openshift/imagebuilder to v1.2.19 a0bc52535 fix(deps): update module github.com/openshift/imagebuilder to v1.2.18 4caee77d1 copier: ignore user.overlay.* xattrs 5a849d176 commit: always return the config digest as the image ID 92b342392 fix(deps): update module golang.org/x/crypto to v0.43.0 114aa3d8c fix(deps): update module golang.org/x/sys to v0.37.0 58f0f862b fix(deps): update module github.com/docker/docker to v28.5.1+incompatible 65929b93a fix(deps): update module github.com/moby/buildkit to v0.25.1 31cb2af46 fix(deps): update module github.com/opencontainers/runc to v1.3.2 8efc91385 fix(deps): update module github.com/docker/docker to v28.5.0+incompatible ceff05295 fix(deps): update module github.com/moby/buildkit to v0.25.0 b7961ac34 fix(deps): update github.com/containers/luksy digest to 2cf5bc9 a654d3534 Make some test files different from each other 82702b493 Revert "fix(deps): update module github.com/cyphar/filepath-securejoin to v0.5.0" 3748cda03 Also run integration tests with the Sequoia backend c9c1d764c Allow users to build against podman-sequoia in non-default locations e3468665b fix(deps): update module github.com/cyphar/filepath-securejoin to v0.5.0 5bb6d9e48 .cirrus.yml: Test Vendoring bump golang e3f55fec6 vendor: bump go.podman.io/{common,image,storage} to main 6d0c9ed7e fix(deps): update module golang.org/x/crypto to v0.42.0 fbe61f730 fix(deps): update module github.com/docker/docker to v28.4.0+incompatible 881f14f01 fix(deps): update module github.com/moby/buildkit to v0.24.0 bea03a01d fix(deps): update module github.com/spf13/pflag to v1.0.10 dcb6da097 fix(deps): update module github.com/fsouza/go-dockerclient to v1.12.2 477dd3563 fix(deps): update module github.com/opencontainers/runc to v1.3.1 296a8f3eb fix(deps): update module github.com/opencontainers/cgroups to v0.0.5 1c384c959 fix(deps): update module golang.org/x/sync to v0.17.0 9cd4768bd tests/run.bats: "run masks" test: accept "unreadable" masked directories a18468f70 Run: create parent directories of mount targets with mode 0755 6e4d1ca83 tests/run.bats: "run masks" test: accept "unreadable" masked directories af18a2ea6 New VM images 42d6b68db Suppress a linter warning 7aedebdcc modernize: JSON doesn't do "omitempty" structs, so stop asking 802b06979 modernize: use maps.Copy() instead of iterating over a map to copy it 16680a4df modernize: use strings.CutPrefix/SplitSeq/FieldsSeq ebc9b4049 Update expected/minimum version of Go to 1.24 76c18c897 chroot: use $PATH when finding commands 02e42929f [skip-ci] Update actions/stale action to v10 95591dbc8 Update module github.com/ulikunitz/xz to v0.5.15 [SECURITY] dd4f9fcd6 Update go.sum 7c0c647d6 New VM images ac8573525 Update module github.com/openshift/imagebuilder to v1 3acceccf6 Update module github.com/spf13/cobra to v1.10.1 a0a9ac638 Switch common, storage and image to monorepo. c448438ef Update module github.com/stretchr/testify to v1.11.1 57c9d52c6 Update module go.etcd.io/bbolt to v1.4.3 c4cfbcda8 Handle tagged+digested references when processing --all-platforms fc8d43482 Update module github.com/stretchr/testify to v1.11.0 b436176d4 Add --transient-store global option fc748f85a Support "--imagestore" global flags a20e25136 Commit: don't depend on MountImage(), because .imagestore 13db28cdb Adding mohanboddu as community manager to MAINTAINERS.md 69a50588c Rework how we decide what to filter out of layer diffs bf2cbe164 Note that we have to build `true` first for the sake of its tests 473656b9d copier.Stat(): return owner UID and GID if available 738fa0d3c copier.Get(): ensure that directory entries end in "/" 9461dd61d copier.Get(): strip user and group names from entries fd498cbf5 imagebuildah.Executor/StageExecutor: check numeric --from= values fceb8d9ed Losen the dependency on go-connections/tlsconfig e78c0ad5a fix(deps): update module golang.org/x/crypto to v0.41.0 b49f0e2a5 fix(deps): update module golang.org/x/term to v0.34.0 494fd9dfa fix(deps): update module github.com/docker/go-connections to v0.6.0 4912cf45d fix(deps): update module golang.org/x/sys to v0.35.0 2ae2ec75b copy: assume a destination with basename "." is a directory e31b04729 generatePathChecksum: ignore ModTime, AccessTime and ChangeTime 3e92772f6 fix(deps): update module github.com/seccomp/libseccomp-golang to v0.11.1 11e32da8d fix(deps): update module github.com/containers/common to v0.64.1 70d0451b8 History should note unset-label, timestamp, and rewrite-timestamp 7cecaa79e pkg/cli.GenBuildOptions(): don't hardwire optional bools 7cf2b7fb7 fix(deps): update module github.com/containers/image/v5 to v5.36.1 fb6ce9d07 imagebuildah.StageExecutor.Execute: commit more "no instructions" cases 0d1d1a4df fix(deps): update module github.com/containers/storage to v1.59.1 87f60f60c Only suppress "noted" items when not squashing 27c40b3db Reap stray processes b271aecf4 fix(deps): update github.com/containers/luksy digest to 8fccf78 06207266f fix(deps): update module github.com/docker/docker to v28.3.3+incompatible f949a49ab Restore the default meaning of `--pull` (should be `always`). ff07ebc3e Test that pulled up parent directories are excluded at commit 7d302c38d Exclude pulled up parent directories at commit-time 95013b363 copier.Ensure(): also return parent directories 8807a0097 copier.MkdirOptions: add ModTimeNew e729f60d5 fix(deps): update module github.com/containers/common to v0.64.0 cce5f9c32 Bump to Buildah v1.42.0-dev 8b5354ee8 fix(deps): update module github.com/spf13/pflag to v1.0.7 7a986ebcf CI: make runc tests non-blocking 2df30a83c build,add: add support for corporate proxies Signed-off-by: Bruce Ashfield --------------------------- Commit: 506d5af2 --------------------------- xen: update documentation with vxn/containerd integration and runtime tests README-xen.md: - Add vxn and containerd integration section describing all execution paths (containerd, vxn standalone, vdkr/vpdmn, native Docker/Podman) - Add memory requirements section explaining QB_MEM_VALUE=1024 is insufficient for vxn/vctr and documenting qemuparams="-m 4096" - Add runtime tests section with build prerequisites, test commands, and skip behavior - Fix x86-64 runqemu command to include qemuparams="-m 4096" vxn/README.md: - Add testing section referencing the pytest runtime test suite Signed-off-by: Bruce Ashfield --------------------------- Commit: efccccda --------------------------- xen: add runtime boot tests for hypervisor, guest bundling, vxn and containerd New test_xen_runtime.py boots xen-image-minimal via runqemu and verifies: - Xen hypervisor running (xl list, dmesg, Dom0 memory cap) - Bundled guest autostart (alpine visible in xl list) - vxn standalone (vxn run --rm alpine echo hello) - containerd/vctr integration (ctr pull + vctr run) Uses pexpect-based XenRunner with module-scoped fixture (boot once, run all tests). TERM=dumb set after login to suppress terminal UI from ctr/vxn progress bars. Free memory check skips vxn/vctr tests gracefully when insufficient Xen memory available. Also registers 'boot' marker in conftest.py and documents build prerequisites, test options and skip behavior in README.md. Signed-off-by: Bruce Ashfield --------------------------- Commit: 90d6712b --------------------------- vcontainer: fix daemon mode missing shared directory for 9p DAEMON_SHARE_DIR was referenced in the CA certificate copy and idle watchdog paths but never assigned, causing 'cp: cannot create regular file /ca.crt: Permission denied' when starting the daemon. Create the share directory under DAEMON_SOCKET_DIR and register it as a 9p mount, matching the path expected by daemon_run(). Signed-off-by: Bruce Ashfield --------------------------- Commit: 6d94266a --------------------------- xen: add configuration tests and update documentation Add TestXenImageMinimalX86Config test class verifying: - QB_CPU_KVM host passthrough for Xen CPUID filtering - QB_MEM_VALUE override (not QB_MEM which can't override bbclass) - dom0_mem in both QB_XEN_CMDLINE_EXTRA and WKS syslinux config - vgabios SAVANNAH_GNU_MIRROR usage Update Alpine recipe tests for per-arch checksums (name=${ALPINE_ARCH}) and S variable. Add qemux86-64 build and boot section to README-xen.md. Signed-off-by: Bruce Ashfield --------------------------- Commit: 5c891aab --------------------------- xen: fix x86-64 boot and guest bundling issues Fix several issues found during x86-64 Xen testing: - xen-image-minimal: use -cpu host for KVM to avoid Xen CPUID filtering stripping AVX/AVX2 from x86-64-v3 builds, causing illegal instruction crashes in Dom0 - xen-image-minimal: use QB_MEM_VALUE (not QB_MEM) to properly override the hard assignment in qemuboot-xen-defaults.bbclass - xen-image-minimal: set dom0_mem=512M via QB_XEN_CMDLINE_EXTRA - qemuboot-xen-x86-64.cfg: add dom0_mem=512M to static syslinux config so guest autostart has memory available - vgabios: use ${SAVANNAH_GNU_MIRROR} for reliable downloads - alpine-xen-guest-bundle: add per-architecture checksums for aarch64 and x86_64 tarballs, fix S variable warning Signed-off-by: Bruce Ashfield --------------------------- Commit: c7346213 --------------------------- vxn: add host-side OCI image cache and fix Docker iptables conflict Add a host-side OCI image cache at ~/.vxn/images/ for the vdkr/vpdmn standalone Xen path. Images pulled via skopeo are stored in a content-addressed layout (refs/ symlinks + store/ OCI dirs) so subsequent runs hit the cache without network access. New commands on Xen: pull, images, rmi, tag, inspect, image . The run path is unchanged — cache integration into hv_prepare_container is deferred to a follow-up. Also fix Docker iptables conflict: when docker-moby and vxn-docker-config coexist on Dom0, Docker's default FORWARD DROP policy blocks DHCP for Xen DomU vifs on xenbr0. Adding "iptables": false to daemon.json prevents Docker from modifying iptables since VM-based containers manage their own network stack. Signed-off-by: Bruce Ashfield --------------------------- Commit: 035e0dae --------------------------- vxn: add Docker/Podman integration and CLI frontends Add vdkr/vpdmn as Dom0 target packages with Xen auto-detection, native Docker/Podman config sub-packages, and OCI runtime fixes for Docker compatibility (JSON logging, root.path, kill --all, monitor PID lifecycle). Signed-off-by: Bruce Ashfield --------------------------- Commit: bf5abfe3 --------------------------- vxn: add controlling terminal and clean up interactive output Use setsid -c to establish a controlling terminal for the container shell, fixing "can't access tty; job control turned off" and enabling Ctrl-C signal delivery. Run in a subshell so setsid() succeeds without forking (PID 1 is already a session leader). Remove [vxn] diagnostic markers from interactive output now that terminal mode is working. Suppress mount warning on read-only input disk. Signed-off-by: Bruce Ashfield --------------------------- Commit: 6fe3f4cd --------------------------- vxn: fix terminal mode hang and enable interactive container support The containerd shim's Create RPC hung indefinitely because go-runc captures the OCI runtime's stdout via a pipe, and cmd.Wait() blocks until all holders of the pipe's write end close it. The background monitor subshell inherited this pipe fd and held it open, preventing the shim from ever proceeding to ReceiveMaster() or calling Start. Fix by closing inherited stdout/stderr in the terminal-mode monitor with exec >/dev/null before entering the domain poll loop. Non-terminal mode is unaffected because the shim configures IO via FIFO dup2, where cmd.Wait() only waits for process exit. Additional changes for terminal mode support: - vxn-sendtty: set PTY to raw mode (cfmakeraw) before sending fd - vxn-oci-runtime: wait up to 5s for xenconsoled PTY, capture sendtty return code, write persistent debug file to /root/vxn-tty-debug, log every runtime invocation, remove stale debug logging - vxn-init.sh: add [vxn] diagnostic markers for terminal visibility, suppress kernel console messages early in interactive mode - vcontainer-preinit.sh: suppress kernel messages in quiet mode Signed-off-by: Bruce Ashfield --------------------------- Commit: ba23ccd3 --------------------------- runx, go-build: mark as deprecated in favor of vxn Update SUMMARY and DESCRIPTION to note that runx is unmaintained (upstream dormant since 2022) and that vxn provides the same Xen DomU container functionality with pluggable hypervisor backends. go-build is the serial FD handler companion to runx and is similarly superseded. Signed-off-by: Bruce Ashfield --------------------------- Commit: 31367839 --------------------------- linux-yocto: add vxn distro feature and Xen PV kernel config Add 'vxn' to DISTRO_FEATURES in vruntime.conf to enable Xen PV guest kernel configuration. When set, linux-yocto_virtualization.inc includes vxn.cfg which enables Xen PVH frontend drivers and the 9p Xen transport (NET_9P_XEN). The base 9p stack comes from the existing vcontainer feature via cfg/container.scc. Signed-off-by: Bruce Ashfield --------------------------- Commit: 1e88a57b --------------------------- xen: add guest bundling infrastructure with cross-install class Add xen-guest-cross-install.bbclass for bundling Xen guest images into Dom0 host images at build time. Supports per-guest configuration via varflags (memory, vcpus, vif, kernel extra), custom config files, external/pre-built guests, and autostart via /etc/xen/auto/ symlinks. Also add example-xen-guest-bundle recipe as a template, and simplify xen-guest-image-minimal by removing the old XEN_GUEST_AUTO_BUNDLE do_deploy mechanism in favor of the new class-based approach. Signed-off-by: Bruce Ashfield --------------------------- Commit: 7e8293ee --------------------------- vcontainer: inject vxn-init.sh into vdkr and vpdmn rootfs images Install vxn-init.sh alongside the existing init scripts in both vdkr and vpdmn rootfs images. The Xen backend selects it at boot via the vcontainer.init=/vxn-init.sh kernel command line parameter. Add file-checksums tracking so rootfs rebuilds when the script changes. Signed-off-by: Bruce Ashfield --------------------------- Commit: 05b30f9e --------------------------- vcontainer: add bundle command for OCI runtime bundle creation Add 'bundle' command to the vcontainer CLI for creating OCI runtime bundles from container images. Pulls the image via skopeo, extracts layers into rootfs/, resolves entrypoint/cmd/env from OCI config, and generates config.json. Supports command override via -- separator. Only available on the Xen (vxn) backend. Signed-off-by: Bruce Ashfield --------------------------- Commit: c118bfe7 --------------------------- vcontainer: generalize init scripts for pluggable hypervisor backends Make preinit and guest init scripts hypervisor-agnostic: - vcontainer-preinit.sh: add vcontainer.init= cmdline parameter for init script selection and vcontainer.blk= for block device prefix (QEMU uses /dev/vda, Xen uses /dev/xvda) - vdkr-init.sh, vpdmn-init.sh: use NINE_P_TRANSPORT variable for 9p mount transport (virtio for QEMU, xen for Xen) Signed-off-by: Bruce Ashfield --------------------------- Commit: 5c84f660 --------------------------- vcontainer: add QEMU hypervisor backend and register in recipes Add vrunner-backend-qemu.sh implementing the hypervisor interface for QEMU (arch setup, KVM detection, disk/network/9p options, VM lifecycle, QMP control). Register backend scripts in vcontainer-native and vcontainer-tarball recipes so they are available in both build-time and standalone tarball contexts. Signed-off-by: Bruce Ashfield --------------------------- Commit: 9377aede --------------------------- vxn: add containerd OCI runtime integration Add shell-based OCI runtime (vxn-oci-runtime) that enables containerd to manage Xen DomU containers through the standard runc shim. Non-terminal container output flows back to ctr via the shim's pipe mechanism. New files: - vxn-oci-runtime: OCI runtime (create/start/state/kill/delete/features/logs) - vxn-sendtty.c: SCM_RIGHTS helper for terminal mode PTY passing - containerd-shim-vxn-v2: PATH trick wrapper for runc shim coexistence - containerd-config-vxn.toml: CRI config (vxn default, runc fallback) - vctr: convenience wrapper injecting --runtime io.containerd.vxn.v2 Key design: - Monitor subprocess uses wait on xl console (not sleep-polling) for instant reaction when domain dies, then extracts output markers and writes to stdout (shim pipe -> containerd FIFO -> ctr client) - cmd_state checks monitor PID liveness (not domain status) to prevent premature cleanup race that killed monitor before output - cmd_delete always destroys remnant domains (no --force needed) - Coexists with runc: /usr/libexec/vxn/shim/runc symlink + PATH trick Verified: vctr run --rm, vctr run -d, vxn standalone, vxn daemon mode. Signed-off-by: Bruce Ashfield --------------------------- Commit: fa4b171a --------------------------- vxn: add per-container DomU lifecycle and memres persistent DomU Per-container DomU lifecycle: - run -d: per-container DomU with daemon loop and PTY-based IPC - ps: show Running vs Exited(code) via ===STATUS=== PTY query - exec/stop/rm: send commands to per-container DomU - logs: retrieve entrypoint output from running DomU - Entrypoint death detection with configurable grace period - Graceful error messages for ~25 unsupported commands - Command quoting fix: word-count+cut preserves internal spaces Memres (persistent DomU for fast container dispatch): - vxn memres start/stop/status/list for persistent DomU management - vxn run auto-dispatches to memres via xl block-attach + RUN_CONTAINER - Guest daemon loop handles ===RUN_CONTAINER===: mount hot-plugged xvdb, extract OCI rootfs, chroot exec entrypoint, unmount, report - Falls back to ephemeral mode when memres is occupied (PING timeout) - Xen-specific memres list shows xl domains and orphan detection Tested: vxn memres start + vxn run --rm alpine echo hello + vxn run --rm hello-world both produce correct output. Signed-off-by: Bruce Ashfield --------------------------- Commit: dec4b4df --------------------------- yocto-builder: require systemd To avoid check layer issues, and distros without systemd trying to build this package group, add a check and requirement for systemd to be defined. Signed-off-by: Bruce Ashfield --------------------------- Commit: 46450321 --------------------------- vxn: fix non-interactive mode for clean container output Fix several issues preventing non-interactive mode (vxn --no-daemon run) from showing clean container output: - Fix console capture: check DAEMON_MODE instead of DAEMON_SOCKET in Xen backend so ephemeral runs use xl console capture instead of the daemon socat bridge (DAEMON_SOCKET is always set, DAEMON_MODE is only "start" for actual daemon launches) - Fix race condition: add post-loop marker detection after VM exits, with 2s delay for xl console to flush its buffer - Add stdbuf -oL to xl console for line-buffered output - Suppress mke2fs stdout (was only redirecting stderr) - Suppress kernel console messages during VM lifecycle in non-verbose mode - Fix grep -P (Perl regex) for BusyBox compatibility in exit code parsing - Preserve temp directory on failure for debugging - Fix hardcoded "QEMU" in error messages to "VM" Signed-off-by: Bruce Ashfield --------------------------- Commit: 57d267db --------------------------- vxn: add Xen DomU container runtime with OCI image support vxn runs OCI containers as Xen DomU guests — the VM IS the container. No Docker/containerd runs inside the guest; the init script directly mounts the container rootfs and execs the entrypoint via chroot. Host-side (Dom0): - vxn.sh: Docker-like CLI wrapper (sets HYPERVISOR=xen) - vrunner-backend-xen.sh: Xen xl backend for vrunner - hv_prepare_container(): pulls OCI images via skopeo, resolves entrypoint from OCI config using jq on host - xl create for VM lifecycle (PVH on aarch64, PV on x86_64) - Bridge networking with iptables DNAT for port forwards - Console capture via xl console for ephemeral mode Guest-side (DomU): - vxn-init.sh: mounts container rootfs from input disk, extracts OCI layers, execs entrypoint via chroot - Supports containers with or without /bin/sh - grep/sed fallback for OCI config parsing (no jq needed) - Daemon mode with command loop on hvc1 - vcontainer-init-common.sh: hypervisor detection, head -n fix - vcontainer-preinit.sh: init selection via vcontainer.init= Build system: - vxn-initramfs-create.inc: assembles boot blobs from vruntime multiconfig, injects vxn-init.sh into rootfs squashfs - vxn_1.0.bb: Dom0 package with scripts + blobs - nostamp on install/package chain (blobs from DEPLOY_DIR are untracked by sstate) - vxn.cfg: Xen PV kernel config fragment Tested: vxn -it --no-daemon run --rm hello-world Signed-off-by: Bruce Ashfield --------------------------- Commit: 0fe8c444 --------------------------- xen: document guest import system and add tests Add 3rd-party guest import section to README-xen.md covering import types, kernel modes, Alpine example, and how to add custom import handlers. Add test_xen_guest_bundle.py with 46 pytest tests covering bbclass structure, import handlers, kernel modes, license warning, Alpine recipe, and README content. Signed-off-by: Bruce Ashfield --------------------------- Commit: 2f3dcd4e --------------------------- alpine-xen-guest-bundle: new recipe for Alpine Linux Xen guest Fetches Alpine Linux 3.23 minirootfs tarball and uses the xen-guest-bundle import system (rootfs_dir type) to create a 128MB ext4 disk image. Packages as an autostarting PV guest using the shared host kernel. Install into a Dom0 image with: IMAGE_INSTALL:append:pn-xen-image-minimal = " alpine-xen-guest-bundle" Signed-off-by: Bruce Ashfield --------------------------- Commit: 90ed995a --------------------------- xen-guest-bundle: add guest import system for 3rd-party images Add extensible import system to convert fetched source formats (tarballs, qcow2, etc.) into Xen-ready disk images at build time. Built-in import types: - rootfs_dir: extracted directory → ext4 via mkfs.ext4 -d - qcow2: QCOW2 → raw via qemu-img convert - ext4/raw: copy passthrough Per-guest varflags control the import: XEN_GUEST_SOURCE_TYPE[guest] = "rootfs_dir" XEN_GUEST_SOURCE_FILE[guest] = "alpine-rootfs" XEN_GUEST_IMAGE_SIZE[guest] = "128" Also adds three kernel modes for resolve_bundle_kernel(): - (not set): shared host kernel from DEPLOY_DIR_IMAGE - "path": custom kernel, checks UNPACKDIR then DEPLOY_DIR_IMAGE - "none": HVM guest, omits kernel= from config Native tool dependencies and fakeroot are resolved automatically at parse time. External guests emit a single license warning at do_compile time (prefunc, not parse-time). Signed-off-by: Bruce Ashfield --------------------------- Commit: ac150976 --------------------------- xen-guest-bundle: add bbclass for packaging Xen guest bundles New bbclass that creates installable packages bundling Xen guest images (rootfs + kernel + config). When installed via IMAGE_INSTALL into a Dom0 image that inherits xen-guest-cross-install, guests are automatically deployed by merge_installed_xen_bundles(). Features: - Parse-time dependency generation from XEN_GUEST_BUNDLES - Per-guest varflags for memory, vcpus, vif, extra, disk, name - Custom config file support via XEN_GUEST_CONFIG_FILE varflag - Explicit rootfs/kernel path overrides for external guests - Manifest-based packaging for cross-install integration Signed-off-by: Bruce Ashfield --------------------------- Commit: f7022507 --------------------------- crun: inherit features_check for REQUIRED_DISTRO_FEATURES The recipe sets REQUIRED_DISTRO_FEATURES:class-native but never inherits features_check, so the requirement was silently ignored. OE-core now has an unhandled-features-check QA test that catches this and fails the build. Signed-off-by: Bruce Ashfield --------------------------- Commit: 83b284dc --------------------------- kernel: drop 6.12 .inc and append 6.12 has been removed from OEcore, so we drop our appends as well. Signed-off-by: Bruce Ashfield --------------------------- Commit: 1be0a5e3 --------------------------- irqbalance: Fix QA error when sysvinit is used irqbalance: correct to install /etc/default for sysvinit 1.This commit uses option --with-pkgconfdir for sysvinit to correct to install /etc/default Without this fix, there will show do_package QA Issue when sysvinit is used ERROR: irqbalance-1.9.4+git-r0 do_package: QA Issue: irqbalance: Files/directories were installed but not shipped in any package: /usr/etc /usr/etc/default /usr/etc/default/irqbalance.env Previous PACKAGECONFIG[systemd] only works when systemd is used. So making this patch to fix it. 2.Merge DEPENDS for systemd into PACKAGECONFIG[systemd] Signed-off-by: Liu Yiding Signed-off-by: Bruce Ashfield --------------------------- Commit: 30c5d74d --------------------------- vcontainer-tarball: remove parse-time banner The anonymous python function prints a banner unconditionally at parse time, which means it appears when building any recipe (e.g. xen-image-minimal), not just vcontainer-tarball. Remove the parse-time banner since the post-build banner in do_populate_sdk:append() already provides the same information and only fires when actually building the tarball. Signed-off-by: Bruce Ashfield --------------------------- Commit: 2734c371 --------------------------- xen-tools: allow empty libxenmanage package for pre-4.21 libxenmanage was introduced in Xen 4.21, but its packaging was added to the shared xen-tools.inc. When building older versions (e.g. 4.20), the library is not produced and the empty package breaks the hard RDEPENDS from xen-tools, causing do_rootfs failures. Add ALLOW_EMPTY following the existing pattern used for other version/arch-conditional packages in this file. Signed-off-by: Bruce Ashfield --------------------------- Commit: 02773ef2 --------------------------- podman: update to v5.7.1 Bumping libpod to version v5.7.1-5-gec1b7c989f, which comprises the following commits: 2b52342af9 Use explicit download-artifact name and path for win-installer release 36c405582a Bump Podman to v5.7.2-dev f845d14e94 Bump to v5.7.1 6ecc622841 Final release notes update for v5.7.1 d0558385ec kube play: Fix fd leak when handling symlinks 214f5b2fd9 Update release notes for v5.7.1 678d1b4bfd avoid potential nil ptr deref in image rm ba6e527289 fix: check err returned by newGenericDecompressor 68022802fc pkg/specgen/generate: Fix adding host devices on FreeBSD a27cc24f80 Replace FindExecutablePeer with FindHelperBinary dc7509fe38 [v5.7] Bump common to v0.66.1 7ce2e00ab1 libpod: simplify resolveWorkDir() e576e002e9 libpod: fix workdir MkdirAll() all check f348d1bd5b [v5.7] Bump Buildah to v1.42.2, runc to v1.3.4 9538a7d976 rootless_linux.c: use shortcut for system commands 0647387bfe SetupRootless handle case where conmon pid are not valid 118ec04065 preallocate paths in SetupRootless 6a9ce66e5c fix noMoveProcess in SetupRootless 973ab34078 use return error handling in SetupRootless 363665a456 pkg/machine: make mount units hook into local-fs db82b92d0a docs: fix redoc swagger URL 9257ac4822 Bump Podman to v5.7.1-dev 0370128fc8 Bump to v5.7.0 84c31b8fae Create release notes for v5.7.0 b6b8d23abd hack/bats: port it to use the new remote support 129c344b49 test/system: fix broken podman_runtime 708f7a14f3 test/system: fix artifact test cleanup e737d75b2f test/system: merge artifact tests into single file 58733d714a test/system: rework artifact created test 372e142252 test/system: remove 701-artifact-created.bats bfddcb3384 test/system: do not run artifact test in parallel 199254f039 test/system: skip flaky restore test on debian 0c99f623aa test/e2e: try to fix clean up after terminated build flake ec1efdbdac [v5.7] Packit/TMT: remove podman-next repos from release branches 97ad660c0c [v5.7] fix lint issues with github.com/cyphar/filepath-securejoin e6deadcc34 [v5.7] Bump to runc v1.3.3 - CVE-2025-52881 cbda92e6b3 rotate aws meta_task keys 3d23aa4a6b rotate aws key da8d069e6a Bump Podman to v5.7.0-dev 85a6e7f8d7 Bump to v5.7.0-rc3 b7d1f77147 Update release notes for v5.7.0-rc3 fb8644d551 Fix cache misses when pulling WSL machine image c4357e7112 test: organize search tests with BeforeEach/AfterEach patterns 64fbc2557e test: refactor search_test.go to use helper functions and PodmanExitCleanly d6f660076b test: Replace external registry deps with mock server in search tests a59eaccbe2 Add tmt integration plan bfae53709c Bump bundled krunkit from 1.1.0 to 1.1.1 f12c838fb7 Allow RC Windows Installer to be built d0b45ff1f0 Allow failures on WSL machine tests e68cecbb60 Bump Podman to v5.7.0-dev fa892f1df0 Bump to v5.7.0-rc2 e16a54c6bc Add release notes for v5.7.0-rc2 667757583b Bump bundled krunkit from 0.2.2 to 1.1.0 537a0233ae Fix Windows Installer GH release 829864ba74 Add CreatedAt format option to podman artifact ls 7f780d866b Bump Podman to v5.7.0-dev 03f8a02983 Bump to v5.7.0-rc1 9b5751089b Add release notes for v5.7.0-rc1 61291e8c70 quadlet: add `cat` alias for `print` c72102d1b2 Bump Buidah to v1.42.0 for Podman v5.7 f957852e4a fix: failing tests 8e013c0012 feat(quadlet: kube): support multiple Yaml entries 9ea18b78fa Warn on boltdb use 339a432dd9 fix artifact inspect issues 9bda788edf feat(cmd): podman kube play support multiple arguments 0ea4eaee70 cmd/podman: add replace flag to quadlet install ca106301f8 fix: typo in uidmap option doc 0b1e9a76a5 RPM: build with sequoia for F43+ 1fbf24b65b feat: add `--format` flag to artifact inspect 538229da90 artifact: added CREATED column to artifact ls Fixes: #27314 bb4fa066b3 fix remote command parameters 43ff7a4c13 Add a test for containers.conf runtime options f87c8b9cba docs: introduce custom version selector in api.html f6dd05d9c4 add test for container name without Pod name prefix feature a27fd9bd89 Allow artifact add to override org.opencontainers.image.title annotation bc571ae542 Vendor in latest go.podman.io/common 74788a3fe1 fileperms: newer Go 1.13+ octal literal format 1800b34b51 Quadlet build - add support for IgnoreFile key 0a20e22384 Add default runtime flags in config cfd4cc0932 remove libartifact from podman b394fe1a87 chore: remove repetitive word in cmd/podman/README.md 098d8efecc add option to remove Pod name prefix in resulting container name 9dbc33bb25 Add a new Windows installer supporting user scope fa5d6cc103 docs: initialize redoc via JS API 858150288f docs: generate Reference version list from json file 56fee79d3c fix: system prune JSON unmarshalling error in remote client 73e42b3c9c [skip-ci] Update actions/setup-node action to v6 b2aefd4cf9 docs: add missing manifest parameter to build API endpoints 1e713c1a5f Add BuildArg example into documentation 34254cd1d0 Add artifact quadlet unit type support 6d63d165ef Fix flaky sysctl completion by handling /proc/sys errors gracefully b4d81c0338 Run `make validatepr` c0a09e7f10 Update docs/source/markdown/podman-systemd.unit.5.md 1656c90c6e Iterate through all machine providers in FindMachineByPort a1e7e9a46d Add local build API for direct filesystem builds on MacOS and Windows (only WSL) 1f1354c2a4 fix(deps): update module golang.org/x/term to v0.36.0 e3c9fa6ddd Update docs for StopTimeOut 6786f59648 SECURITY.md: point to container-libs a696f8bccb Update documentation to include BuildArg key 196be4b813 Test for multiple key/val arguments 720e263767 Add BuildArg key to quadlets aaf957edf9 fix(deps): update module golang.org/x/sys to v0.37.0 d1c43e3ae8 Fixed #27120: Pod Quadlet can configure podman pod stop --time 928a50d228 fix(deps): update module golang.org/x/net to v0.45.0 79ecc1d56b Fix --userns=ns: conflicting with runc 1.1.11+ 98cb7b75d9 quadlet: standardize Convert function signatures b765c91580 Add --replace option to podman artifact add command 3e774ee285 test/system: actually wait for container removal fdb5ac5e8f test/system: run_podman ? needs quoting 09e535fb46 quadlet: remove unused 'name' parameter from ConvertNetwork and ConvertVolume 4bd6aff4b6 fix: #23915 podman build is not parsing sbom command line arguments 3a98b6dc0e test: Wait for killed container to avoid leak b415b0ad3e Update pkg/api/server/register_artifacts.go fb3eaf0c87 [DOCS] Add missing stable swagger API links 72ffd00c5a fix(deps): update module github.com/onsi/ginkgo/v2 to v2.26.0 00309d3955 secret ls: align docs, completion, and tests; fix formatting 6405925f79 Add artifact fallback to podman inspect command a724fce8aa pkg/api: api list quadlets resource 3c3b805ea7 cmd/podman: --ignore errors flag to artifact rm 090304a054 lint: reenable revive unused-parameter check 88bca78c6e stop service instances 004e6ced76 test: remove outdated skip in podman run check personality support test 3b509022cd fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.9 83e65f91a4 Quadlet - Support template dependency 87b4f842de test: fix "run healthcheck" bindings test ebde5d1563 cmd: add auto completion for network create --interface-name e667532110 docs: point Go Report Card badge to v5 module path ef0a7dd486 pkg/api/handlers/compat: use strings.CutPrefix f198fe6b13 pkg/machine/wsl: use any instead of interface{} 5824197774 pkg/machine/e2e: remove obsoleted comment 8e55b67410 docs: fix Go Report Card badge to reference current repository b5de5efb3e cmd/podman/system: fix error handling in renumber and migrate commands 571866775d [compat api] Remove ContainerConfig field c11941eadb [DOCS] Update volume mount docs for subpath support feb36e4fe6 Implement TLS API Support a27929aaaf test/e2e: fmt artifact list with virtual size 32c962a177 Add Podman 6 HLD 9bca0d01d2 Add a design document for Conmon v3 4764b0e403 Add creation timestamp to podman artifacts 4652f5c3c6 docs: clarify that --userns=keep-id runs container as host UID 5ae0e0de3d cmd/podman: added virtual size option in artifact ls 63c40feb8c test: Fix test race in 030-run f0f05e22c6 cmd/podman: completion for --sysctl in create/run f26483ba7d fix: standardize casing for cgroups in documentation 15fdbe9442 test: remove hack workaround in 'use plugin in containers' 51f4e614e9 test: remove skip_if_remote from podman run - uidmapping has no /sys/kernel mounts 4b9be9c218 chore(deps): update dependency golangci/golangci-lint to v2.5.0 7c9aa72c55 add containerfile doc link a0238fb19f libpod: Fill out OnlineCPUs in the FreeBSD stats handler 602ba415c6 libpod: Implement getOnlineCPUs() on FreeBSD 39750faab3 test/system: fix test race in exec leak check b8258a53dd Update github action to use pull_request_target b24220b0a2 Revert "test/e2e: try debug potential pasta issue" ab5e400a9a docs: remove remote limitation note for --build-context option 8d06a9e9f7 fix: Correct typo in chrootdirs option 2702156bd7 pkg/bindings: on terminal attach always wait for stdout to be done 7ff07b6e0c pkg/bindings: use HTTP 101 upgrade request for attach 9e2850d0a8 Add --sign-by-sq-fingerprint to push operations 2f005b67f4 Exercise containers_image_sequoia in CI 070d7c3ad3 Revert "Rewrite the Quadlet documentation." bb422c8372 Revert "Change the syntax to not depend on jinja2." fd60d63bf4 Revert "Deduplicate more options." 4ae8e386ef Revert "docs: restore podman-systemd.unit.5" 04af9ae3fc fix(emulation): handle fs.ErrNotExist in registeredBinfmtMisc 80f1d48d44 [skip-ci] Update actions/setup-node action to v5 aa8bbbb1ff [skip-ci] Update actions/github-script action to v8 796be1e4bf troubleshooting: document lsetxattr error e1c1961d48 [skip-ci] Update actions/checkout action to v5 43a294fa94 vendor: update golang.org/x packages 4417e6269c use maps.Clone() over Copy() when possible 637de6022f libpod/oci_conmon_linux.go: fix false postive in linter 9e4fad8d06 pkg/systemd/quadletL silence one lint warning 78e5a521b0 inline some conditionals 8631032556 run modernize -fix ./... dc5a791f58 use bytes.SplitSeq where possible b97525a78d use strings.SplitSeq where possible 4e3e9bfb70 update to go 1.24 8537afca66 test/e2e: fix podman run default mask test with crun 1.24 3bb32d846b test/system: skip noswap memory mounts correctly 52fcdcf64c test/system: skip idmapped mount correctly bd7aada776 cirrus: update to freebsd 14.3 710e216390 cirrus: fix golangci-lint cache leak a720139dd8 New VM images 2025-09-10 5b10b51788 Add a directory for design documents 936a01e088 Quadlet build - consider File path that starts with a systemd specifier as absolute d0be0e9659 Makefile: restore HELPER_BINARIES_DIR 2bed9a40bc fix(deps): update module google.golang.org/protobuf to v1.36.9 c70c0ac13e refactor: Modularize binding build functions c38babff57 Adding github action to generate a badge for first time contributor 8566ef71c0 fix: set header fields before response status code to prevent missing fields 50a3e3cf8a fix(deps): update module github.com/opencontainers/cgroups to v0.0.5 6c4b98c940 test/e2e: add CVE-2025-9566 regression test cab3c6de6d docs: restore podman-systemd.unit.5 6756eb3412 Deduplicate more options. fdeaf2905f Update module github.com/onsi/ginkgo/v2 to v2.25.3 163bdf2df8 quadlet: fix runtime error for invalid Mount value 792bbd2046 [skip-ci] Update actions/labeler action to v6 853dd36da3 Update dependency pytest to v8.4.2 43fbde4e66 kube play: don't follow volume symlinks onto the host 4b66e5a27b Add R! to systemd-tmpfiles script for all /tmp dirs c2506656c4 spf13/pflag: replace deprecated ParseErrorsWhitelist ca9c8d104e update module github.com/spf13/pflag to v1.0.10 889a5fd0ac [skip-ci] Update actions/stale action to v10 f22506b74f [skip-ci] Update actions/setup-go action to v6 310f196aea fix(deps): update module github.com/docker/docker to v28.4.0+incompatible faceb67782 test/buildah-bud: enable one skipped test dbfddb82cb vendor: update go.podman.io/{common,image,storage} 2c6dadd724 Fix a locking bug in that could cause a double-unlock 5c810ea1c8 Makefile: add SOURCES dep to bin/podman.cross.% target b62f887fbd Makefile: add proper docs for bin/podman.cross.% 3633cd53e8 Revert "Remove bin/podman.cross Make target" 98072bfcea refactor: modularize build REST API with utility functions 2acf5c0119 libpod: Fix the jailName helper a250fee0ec libpod: Fix "top" support on FreeBSD 5ba23ccad5 compat: Deduplicate the Linux and FreeBSD containers/stats helpers a341a4ee24 compat: Add a stub container/stats handler for FreeBSD 9de737bf29 Change the syntax to not depend on jinja2. c12b1b32bc Rewrite the Quadlet documentation. 247a80db45 test/system: remove distro-integration bats tag ee45782079 test/system: fix podman load - from URL 20fb712872 test/system: do not connect to github server 59df0782f2 Handle SIGPIPE to prevent machine stuck in Starting state 9b8e785e3c fix(deps): update module github.com/spf13/cobra to v1.10.1 c65fd9a2c2 quadlet: add HttpProxy option for Container sections 26aafb21d2 fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.4.0 46d757501a do not pass [no]copy as bind mounts options to runtime 4e2a04dedc do not pass volume-opt as bind mounts options to runtime a98154a978 Switch common, storage and image to monorepo. c8681b6028 chore(deps): update module github.com/ulikunitz/xz to v0.5.15 [security] 0f477eaaa6 fix(deps): update module github.com/spf13/pflag to v1.0.9 573fd0d7eb fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.8 b9812e3d9e Mention zstandard tarball import support 80348a50d0 chore(deps): update module github.com/go-viper/mapstructure/v2 to v2.4.0 [security] 3d4f8153be fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.2 3effff42eb tests: Get rid of netcat on the host and use Bash's /dev/tcp 0ff079d320 tests: Replace ncat for socat 9c3652c188 Add support for criu's tcp-close functionality. e467439ab8 test/e2e: actually start container in startContainer 3a1ce1fb3d fix(deps): update module github.com/stretchr/testify to v1.11.1 8e59c948df test/buildah-bud: skip new failing test df80fbcab6 test/e2e: remove image diff test skips b172cf7475 vendor: update buildah to latest main e76b08394e vendor: update c/{common, image, storage} to latest main a5a00c1796 Add a release note for 5.6 Rosetta being disabled-by-default 413eea885b fix(deps): update module github.com/stretchr/testify to v1.11.0 2dd3111098 fix(libpod): truncate long hostnames to correct maximum length 18aa78a7e6 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.1 877e208820 fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.32 c51c6e58a7 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.0 4b835f36b9 fix(deps): update module github.com/coreos/go-systemd/v22 to v22.6.0 249fa21e8a Improve documentation wording 5a2098cf61 windows: do not convert unconfined seccomp path d267f8a3dd ci: log wsl --version output 40cd207437 Update module github.com/kevinburke/ssh_config to v1.4.0 fa5140771f Update module go.etcd.io/bbolt to v1.4.3 4b5ada39e4 Update release notes on main to reflect v5.6 release 514e686b4c podman events: show network create/remove event with journald 9d47477e82 cirrus: fix podman machine windows only_if condition 2c89069fa8 update tests duo to CRUN#1767 to support both values cfe4d46d89 Optimize image loading for Podman machines 0a9d5ca75d Skip JSON parsing for non-JSON error responses be0ad4a7aa [docs] Refactor Artifact API documentation 2e7d6135c6 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.24.0 96d9a00adb docs(run,create): note remote clients support only docker transport 10f9c9a7e8 Configurable GINKGOTIMEOUT in `winmake.ps1` e1d6dfd2c7 Fixes #26369 46ee62ca6a Fixes: #26353 4690bce8a8 2025 3Q Roadmap Update c33af3c8dd docs: add missing groups and hgroups descriptors to podman-top documentation fda74ee619 added system-connection-add options example 68ed0c08e6 fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.7 700351a813 test/buildah-bud/run-buildah-bud-tests: loosen the branch regexp 21f2128d79 added example for custom socket 599c635f9f chore(deps): update dependency golangci/golangci-lint to v2.4.0 6d54a298c9 chore(deps): update docker.io/library/golang docker tag to v1.25 3ca729a2fb fix: Correct small typo foce -> force f38e32760d feat: Add artifact remove --all option b0febf3336 Update ADOPTERS.md 5706d2a61e make machine --user-mode-networking docs more clear 4bb4cf62cb [skip-ci] Update actions/checkout action to v5 512e04946c remove outdated dependencies/analyses scripts 5f5519607b contrib: add script and docs to analyze dependency usage b6b8d05a52 Small changes suggested by markdown linter. a0e6396c43 Updated with Type descriptions. 9a2dccf4f4 Add a deprecation notice for users of BoltDB 9b62438ede test/buildah-bud: fix checkout to also handle go.mod replace 8633b5edeb Update module golang.org/x/net to v0.43.0 cc465e7227 Updated with badges for Type and no extra line. 930cd25739 Feat: Add log_path support in containers.conf e14b8acba8 Update vendor dependencies 1d6fda8eda New: initial ADOPTERS.md file. 7247d84fbe Fix typo a75f74b1d3 Fixes: #26691 2959d9f7ec fix: drop yearly contributor badge 8ef76a6933 [skip-ci] Update actions/download-artifact action to v5 b5fce87237 Manpages: Added --filter flag examples to all the relevant podman manpages 7c95ceae57 Manpages: podman container runlabel added example with --replace 67ec2037c0 Add support for configuring tls verification with machine init 69f8f26d98 pkg/machine/e2e: remove build context skip b8bba308b0 fix(deps): update common, image, and storage deps ca3347cc2b doc(podman-system.unit.5.md): clarify user/group 6c27165054 Packit: do not notify on podman-next failures 1001450d77 chore(deps): update dependency golangci/golangci-lint to v2.3.1 32ec523ef6 Makefile: Clarify different `binaries` targets f96eccb1ac docs: add examples with resource limits and mounts to podman pod create manpage b7b7839ad3 compat: remove deprecated VirtualSize a6fa3de870 fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.7 4a7974a7a8 [CI:DOCS] Remove Experimental from Artifacts man pages 0530a564a7 Fix: Improve error message for empty device modes in API requests 5ab92a7499 docs(kube play): clarify --annotation flag only affects containers, not pods 23ebb7d94c feat: add Podman artifact support to Go bindings and remote clients 0666b4ffbf events: add support for label filter with key only 610c4c7710 compat: GET /_ping return Builder-Version: 1 1963c6275e compat: remove GET /system/df BuilderSize b0e7a2ec9b compat: add shared-size par to GET /images/json e33d92ce9e docs: add LFX Insights badges b5d18e873f Fix ancestor filter to support Docker-compatible substring matching 924e03ac97 fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.30 88bb9daeab fix(deps): update module github.com/docker/docker to v28.3.3+incompatible [security] 0740b94fcd fix(deps): update module sigs.k8s.io/yaml to v1.6.0 003a4d44a1 docs: add resource limit examples to podman pod clone manpage 81d6d90195 Improve handling of --publish and incompatible NetNS modes df2862e72c Consolidate the definition and consumption of --sign* CLI options 426e787beb Fix (podman artifact push --creds) 67927715cf Remove unused CLI options dd8bc6ccb9 Bump main to v5.7.0-dev 7f2908afcf podman: add --creds and --cert-dir to create/run 31fafad0c1 Update module github.com/mattn/go-sqlite3 to v1.14.29 dcd187946d Skip rather than comment bad diff tests 4395ff1f25 Link to blog post 3ef33653ff compat: RepoTags and RepoDigest return [] and not null Signed-off-by: Bruce Ashfield --------------------------- Commit: 5ca92e99 --------------------------- container tasks: move network access out of build chain yocto-check-layer reports an error for any task between do_fetch and do_build that has network enabled. Two changes fix this: container-bundle.bbclass: Move do_fetch_containers from a standalone task into a do_fetch postfunc. When remote containers are configured, the anonymous function adds extend_recipe_sysroot as a do_fetch prefunc (so skopeo-native is available) and do_fetch_containers as a postfunc. Network access during do_fetch is permitted by the QA check. container-registry-index: Remove do_container_registry_index from the build dependency chain (drop "before do_build"). Registry push is a deployment action requiring explicit invocation: bitbake container-registry-index -c container_registry_index The default do_build task now prints usage instructions. Signed-off-by: Bruce Ashfield --------------------------- Commit: a4625a1f --------------------------- kernel: inject local search path to fragment processing Inject the kcfg sysroot root into the scc search path so compound .scc files (like container.scc) can resolve their include directives. kernel-yocto.bbclass adds type=kmeta directories to -I includes via find_kernel_feature_dirs/feat_dirs. The prefunc replaces the placeholder directory with a symlink to the kcfg sysroot so that spp can resolve include directives within scc files that reference other fragments by relative path (e.g. "include cfg/9p.scc" inside container.scc). Signed-off-by: Bruce Ashfield --------------------------- Commit: c25486a3 --------------------------- kernel: consolidate kernel configuration options Move from the meta-virt hosted fragments to common fragments that are in the kernel-cache. Signed-off-by: Bruce Ashfield --------------------------- Commit: ccb5d212 --------------------------- yocto-cfg-fragments: update to 6.18-tip In particular we pick up the consolidated container configuration options. Signed-off-by: Bruce Ashfield --------------------------- Commit: abfb05a3 --------------------------- kernel: drop 6.10, 6.16 and 6.17 support These kernels are EOL upstream and in OE core. Dropping their enablement in meta-virt. Signed-off-by: Bruce Ashfield --------------------------- Commit: 6f53d776 --------------------------- container-yocto-builder: add Yocto build container with systemd Multi-layer OCI container image that can compile the Yocto Project. Three layers: systemd-base, build-tools, yocto-extras. Features CROPS-style dynamic user creation matching /workdir volume owner UID/GID. Signed-off-by: Bruce Ashfield --------------------------- Commit: a71e7b04 --------------------------- container-systemd-base: replace ROOTFS_POSTPROCESS_COMMAND with package Factor systemd service masking into container-systemd-config package that installs mask symlinks via do_install. This replaces the ROOTFS_POSTPROCESS_COMMAND approach which is ignored in multi-layer OCI mode. The mask list is customizable via CONTAINER_SYSTEMD_MASK variable. Signed-off-by: Bruce Ashfield --------------------------- Commit: 56f78049 --------------------------- image-oci-umoci: create usrmerge symlinks in multi-layer mode ROOTFS_PREPROCESS_COMMAND creates usrmerge symlinks (/bin -> usr/bin, etc.) during do_rootfs, but multi-layer OCI mode installs packages to separate layer rootfs directories that bypass this step. Call the existing create_merged_usr_symlinks function on the first packages layer to fix this. Signed-off-by: Bruce Ashfield --------------------------- Commit: e115569b --------------------------- moby: update to docker-v29.2.1 One cli patch is refreshed, otherwise, no build changes required. Bumping moby to version docker-v29.2.1-34-g8abd12c5bb, which comprises the following commits: 7fef0b66f6 daemon/volume: don't print warnings for non-volume directories d809806f2f daemon/volume: Drop BindOptions for image mounts 8014653ecc fix(deps): update github.com/moby/policy-helpers digest to 77d5435 eb0a1bc455 integration: run more Buildkit tests on Windows 5fc3ea8426 .github: actually use snapshotter in Windows tests efc2f55cc1 .github: install buildx in Windows CI 5d963f26fe hack/make.ps1: respect $TEST_INTEGRATION_FAIL_FAST f889c34627 Dockerfile: upgrade Delve to v1.26.0 8f66e0c150 update to go1.25.7 897575142a gha/bin-image: Fix build not running for tags af18206630 daemon/command: add support for sd_notify "reload" notifications 0e523625f8 daemon/command: send notifyReady, notifyStopping synchronous 236fc46b5a daemon/command: don't make notifyReady(), notifyStopping() asynchronous ae7e72b626 gha: update OTEL collector to v0.144.0 f478a9212d go.mod: add back replace rules 899446ca81 fix(deps): update module code.cloudfoundry.org/clock to v1.60.0 a1056edad1 golangci-lint: make exclusions more specific, and combine some 8f45db8414 daemon/pkg/registry: use lazyregexp again 3f9885fa1f hack/validate: golangci-lint: rm deprecated --print-resources-usage flag 7648df07ad fix(deps): update module github.com/coreos/go-systemd/v22 to v22.7.0 3a583a570b c8d/system: Fix race between `df` and `prune` 4ec7c53f1f ci: renovate: replace uses of deprecated matchPaths option 3068dc540f chore(deps): update github/codeql-action action to v4 54501c09fc Bump go-tuf from v2.3.1 to v2.4.1 21dd960a73 d/libnetwork: fix (*Controller).getLBIndex panics 420cdd1737 ci: update docker/github-builder to v1 750a2014a5 vendor: update buildkit v0.27.1 b3babf3419 chore(deps): update docker/buildx-bin docker tag to v0.31.1 e396e5a6ea ci: renovate: tweak settings for golang.org/x/ c622002eb9 ci: renovate: group google.golang.org/genproto packages 2796980dbc vendor: github.com/theupdateframework/go-tuf/v2 v2.3.1 d5ddaeddce vendor: github.com/secure-systems-lab/go-securesystemslib v0.10.0 178106be33 daemon: shouldIgnoreExitEventWithLock: fix minor nits b0e62bdf59 vendor: github.com/moby/policy-helpers eeebf1a0ab2b d7218ec6c1 daemon/pkg/plugin/v2: use namespace consts 51664a25d7 libn/d/overlay: calculate SPI like older engines 13422acb53 renovate: ignore docker/github-builder-experimental 1200f5e45c daemon: Fix panic in shutdown after daemon init fails b7b572a3e0 vendor: github.com/moby/moby/client v0.2.2 655828b656 vendor: github.com/moby/moby/api v1.53.0 4fa326fa85 api: Cut v1.53 f9ed31aa95 Drop replace rules 59abc76746 daemon/pkg/opts: remove unused ParseHost 8afb45b42f loadDaemonCliConfig: explicitly set default host f6c0f41e6d api/pkg/authconfig: reject multiple JSON documents in Decode 62c1a719b3 api/types: use "omitzero" instead of "omitempty" for "netip" fields 9d839a236c chore(deps): update actions/checkout action to v6 7e8adf4d33 ci: renovate: disable for api and client modules f187929e87 retrigger github action 86fd73d8bc ci: renovate: fix regex escaping 8ff66aa5dc ci: renovate: add comment about Graylog2/go-gelf dependency c36b44b21a ci: rename renovate.json to renovate.json5 c75070b9b4 chore(deps): update actions/cache action to v5 ab3be3c68b typo: called to caller 5589d5a1ea fix(deps): update module code.cloudfoundry.org/clock to v1.59.0 2cafa78953 vendor: github.com/cloudflare/cfssl v1.6.5 3b5a0c1e4c vendor: github.com/zmap/zlint/v3 v3.5.0 35aa470f73 vendor: github.com/weppos/publicsuffix-go v0.30.0 d5e23b680c daemon: ignore duplicate task exit events in daemon state 7b38ece108 integration: gofumpt 17de27ffc2 daemon: gofumpt 5bde1565a6 client: gofumpt f3343bf846 api/types: gofumpt 3380c52740 vendor: github.com/klauspost/compress v1.18.3 0a3af47d89 vendor: golang.org/x/tools v0.41.0 2d5c1cdb02 vendor: golang.org/x/mod v0.32.0 818ec93592 vendor: golang.org/x/net v0.49.0 7a12d1bcea vendor: golang.org/x/crypto v0.47.0 d163d3326b vendor: golang.org/x/term v0.39.0 5b62347a5f vendor: golang.org/x/text v0.33.0 dceb87f58b vendor: golang.org/x/sys v0.40.0 4bc3a76891 daemon/command: slight cleanup of normalizeHosts 20c801f9e1 daemon/pkg/opts: export ParseDaemonHost 7f16c4fee0 vendor: github.com/sigstore/rekor v1.5.0 bb43161e2f vendor: google.golang.org/api v0.260.0 b21163a330 vendor: github.com/googleapis/enterprise-certificate-proxy v0.3.9 644af76187 vendor: github.com/googleapis/gax-go/v2 v2.16.0 a39cf56355 vendor: go.uber.org/zap v1.27.1 ca49081e4e vendor: cloud.google.com/go/auth v0.18.0 c7657f8d73 client: ResponseHook: remove error return 2bc7febeb6 client: implement WithResponseHook option 48bbed596e fix(deps): update module google.golang.org/grpc to v1.78.0 b30e701b73 vendor: update github.com/go-openapi dependencies fd1679ac13 vendor: github.com/sigstore/sigstore v1.10.4 b92173f68a fix(deps): update aws-sdk-go-v2 monorepo 5819d10989 client: deprecate ContainerListOptions.Latest d9cead55b2 client: deprecate ContainerListOptions.Since, ContainerListOptions.Before 311bfe9cc9 fix(deps): update module github.com/aws/smithy-go to v1.24.0 36b94c251c chore(deps): update tonistiigi/xx docker tag to v1.9.0 1b665b6af6 chore(deps): update lima-vm/lima-actions action to v1.1.0 edcbbba6d4 chore(deps): update docker/buildx-bin docker tag to v0.31.0 686c611b25 chore(deps): update alpine docker tag to v3.23 59083a9057 fix(deps): update module github.com/miekg/dns to v1.1.72 d204cc202e chore(deps): update docker/compose-bin docker tag to v5.0.2 9c2e4d9295 renovate: Always run go mod tidy 8a7e012563 renovate: Ignore go-gelf 695f158716 pkg/homedir: fix broken links to basedir specs fba5998d26 vendor: update buildkit v0.27.0 e8f088caf7 daemon: rename vars that shadowed imports 2f6011c05f daemon: daemon.registerMountPoints: use switch statement 26e8376a3c api: fix grammar: user defined / user specified -> user-(defined|specified) a10af4dc68 gha/labeler: Use "all" group for vendor exclusion 96df8d8a1f Add test case for ContainerList Latest option, use table-test d8e88a964b gha/labeler: Filter out vendor changes 1a75179857 daemon/volume/mounts: extract validation for extra fields 1f93820d1d vendor: github.com/miekg/dns v1.1.70 62cecee324 chore: Update outdated GitHub Actions versions 90c3f80735 go.mod: add back replace rules 86f122af27 Map nvidia --gpus request to CDI device requests 5961616a77 daemon/server/backend: ContainerListOptions: remove unused Latest field 3abbf46a6b daemon/server/backend: ContainerListOptions: remove unused Before and Since b0c8ff7d0c daemon: Check system requirements in newDaemonCLI 69d67e07fa vendor: github.com/moby/moby/client v0.2.2-rc.2 46ecbe09a9 vendor: github.com/containerd/stargz-snapshotter v0.18.1 bd660c390b api/docs: sync MountType to versioned swagger specs 721cb50a18 api: add MountType to definitions 2018b9e1f3 Use Debug instead of Debugf for device request logging 1b5b00c98c fix grammar: user defined / user specified -> user-(defined|specified) c1b3202150 integration/volume: Add test for image mount subpath daemon restart 1b427548b1 vendor: github.com/moby/moby/api v1.53.0-rc.2 6dac897ad4 daemon: Check system requirements before initialization ef5287fb08 migrate TestContainerAPIPostContainerStop to integration 89a04a8354 vendor: update buildkit to v0.27.0-rc2 26d292b3e4 inspect: add API-version gate for image identity 8890f815ca inspect: add signature identity support 0adfe6c856 inspect: add pull identity to track origin registry repo 3540989c71 inspect: add build identity support 7745b7135f api: add swagger definitions for new Identity type 1d4e04bed1 api: add inspect identity base type to expose trusted image origin bead7d7dd4 fix: goroutine leak in TestRingLogger 0100e94c49 renovate: Group golang/x packages 732379f8c2 renovate: Add git sign off e521c369e0 renovate: Move to .github 783d2fd8ce Add renovate.json 0408faabd6 vendor: github.com/moby/buildkit faed462a29ea (v0.27.0-rc2-dev) 2c66ddf907 vendor: github.com/moby/buildkit v0.27.0-rc1 cebb12ddaf update to go1.25.6 2fe5e8e04a vendor: github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 4a0f9759f9 vendor: github.com/jmoiron/sqlx v1.4.0 39e6e582c6 vendor: github.com/spdx/tools-golang v0.5.7 eb31710061 vendor: github.com/prometheus/procfs v0.17.0 3684a9cfc4 vendor: github.com/hashicorp/go-sockaddr v1.0.7 5ff9c6a9fd vendor: google.golang.org/genproto/xxx v0.0.0-20251103181224-f26f9409b101 09251e5855 vendor: github.com/googleapis/enterprise-certificate-proxy v0.3.7 184ee84190 vendor: github.com/containerd/nydus-snapshotter v0.15.10 25aec1f32d vendor: github.com/anchore/go-struct-converter v0.1.0 dc46ee9e1c vendor: github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 c7d9ac59c3 vendor: cloud.google.com/go/auth v0.17.0 54c9a0f6c4 vendor: github.com/aws/aws-sdk-go-v2/config v1.31.20 3ebfc369cb vendor: github.com/aws/aws-sdk-go-v2/credentials v1.18.24 2a87c9af9d vendor: github.com/aws/aws-sdk-go-v2 v1.39.6 18ea00a638 vendor: github.com/aws/smithy-go v1.23.2 6ff97c143b vendor: cloud.google.com/go/compute/metadata v0.9.0 8ff4021564 vendor: github.com/sirupsen/logrus v1.9.4 97ea303372 Dockerfile: update golangci-lint to v2.8.0 9ec65542a0 libnetwork: fix graceful service endpoint removal e709f27c80 ci: use docker github builder to build bin image 9f2faa5cec client: fix TestWithUserAgent fadd8dc47c daemon/libnetwork: Fix panic in findHNSEp when IP networks are nil cb88c6ba10 daemon/volumes: More fs friendly image mount layer names 9ebbf652bd client: do not modify user-provided HTTP client 41d19f6644 api/docs: backport assorted fixes and enhancements to older api versions f2f622ebf4 internal/testutil/daemon: fix minor linting issues 4bcf9665af vendor: cloud.google.com/go/logging v1.13.1 0d27c51913 hack/validate: only search repo-dir for modules 07e2a782c7 libnet/internal/resolvconf: Parse: improve error message 32d34c472c docs: fix type in comment 06704ef904 client: use stop function to deregister context.AfterFunc d85c1a258a daemon/server/httputils: remove badParameterError e529aa7d7c integration/container: TestStats: explicitly check zero-value 0fb55db037 docs: clarify healthcheck behavior dcb0149ee1 daemon: inline copyAttributes utilty 8a01dc2f90 daemon/cluster/executor/container: rename vars that shadowed 5c637b7209 fix: prevent potential panic in Shutdown when EventsService is nil 22345e3369 docs: improve description of image tag API endpoint 1b9f126ede docs: document healthcheck timeout termination behavior 955897fe21 docs: fix base64 encoding description for secrets and configs 917d66d833 docs: update stats API description for cgroups v2 compatibility 1fd2395cd3 docs: fix reversed descriptions of version.Arch and info.Architecture ae4c17fdb7 migrate TestAPIImageImportBadSrc to integration test 93afda3670 migrate TestAPINetworkInspectWithScope to integration test c8aaeea285 ci: run golangci-lint for each Go module e09afad3cb api/types/network: remove use of "reflect" in test 78c6b01902 api: add root doc.go to prevent fallback to github.com/moby/moby 9176746aba vendor: github.com/tetratelabs/wazero v1.11.0 2a9eb66ddc vendor: github.com/moby/go-archive v0.2.0 7239c72eca remove uses of deprecated go-archive consts 1a12717766 vendor: golang.org/x/oauth2 v0.34.0 595d00cb49 vendor: golang.org/x/tools v0.40.0 d9fa84260a vendor: golang.org/x/mod v0.31.0 98ec249d2b vendor: golang.org/x/net v0.48.0 e229e91247 vendor: golang.org/x/crypto v0.45.0 1a4e4dafe9 vendor: golang.org/x/text v0.32.0 e0795ef3ab vendor: golang.org/x/tools v0.39.0 48e96d4353 vendor: golang.org/x/sync v0.19.0 dccdb1b618 vendor: golang.org/x/sys v0.39.0 7ddc5f609a hack: add nri_no_wasm build tag to static builds 1175dd348e daemon/volume/mounts: Fix tests on Windows 6cbabb04b9 gha: Bump actions/download-artifact to v7 fae334b4c0 vendor: google.golang.org/protobuf v1.36.11 beeacde4b2 Remove restriction on anonymous read-only volumes 8452b64f32 Dockerfile: update containerd binary to v2.2.1 (static binaries and CI only) b293e73bdb vendor: github.com/containerd/containerd/v2 v2.2.1 01440122f2 vendor: github.com/containerd/nri v0.11.0 32d4f64a65 vendor: github.com/opencontainers/runtime-tools v0.9.1-0.20251114084447-edf4cb3d2116 6766ce7be2 vendor: tags.cncf.io/container-device-interface v1.1.0 2c533f9327 vendor: github.com/containerd/cgroup/v3 v3.1.2 4b4223a8d4 vendor: github.com/opencontainers/runtime-spec v1.3.0 9ae239e654 golangci-lint: iface: ignore identical interfaces in client module 7b74376ff1 client: testRoundTripper: remove unused skipConfigureTransport method 34ee29ceaa client: use errors.New (revive) e254a9f0f1 client: containerDiskUsageFromLegacyAPI: make switch exhaustive f39912a30e client: fix some missing error checks in tests (ineffassign) 8f3bfa3f34 client: fix missing import aliases (importas) 0fd5cc134b api/types/jsonstream: Message: fix godoc 6c845ded18 api/types/swarm: ResourceRequirements.MemorySwappiness: fix json tag f005e1cb73 vendor: update buildkit to d1e5d1a8f771 (master / v0.27.0-dev) 8c0e404f6f vendor: go.opentelemetry.io/contrib/* v0.63.0 c88c8a6547 Dockerfile: update RootlessKit to v2.3.6 307bcec726 vendor: github.com/rootless-containers/rootlesskit/v2 v2.3.6 c6d2d697eb docs: remove mention of DOCKER_CLIENTONLY 81c170a696 Makefile: remove DOCKER_BUILD_GOGC d5c81b1c01 Makefile: remove unused DOCKER_BUILD_PKGS 3a9a041092 Makefile: remove unused DOCKER_BUILD_OPTS 9dd2936e04 validate/module-replace: Also allow changing ref of the api module 05f9988fc8 hack/vendor/dropreplace: Make the auto-ref pick more reliable 354abbcb92 hack/vendor: Allow to specify ref to dropreplace 4b9e56156d Re-add replace rules 1acc9d3739 vendor: github.com/moby/moby/client v0.2.2-rc.1 3cee1aad22 vendor: github.com/moby/moby/api v1.53.0-rc.1 5070ad8dc1 Drop replace rules 614d9b966f daemon/libnetwork/options: GenerateFromModel: remove redundant check e1fb5ef4a7 api: update to go1.25.5 and remove version from Makefile 265bdc1a06 validate/module-replace: Ignore client diff if it only removes the replace rule aef5d996ce use mime-type application/jsonl to align with openapi 3.2 26bb1af7e6 daemon/layer_store: Use named return error for defer 72ce2c3f82 doc: fix module definition c63bf203bf vendor: github.com/moby/buildkit v0.26.3 1f532963ed golangci-lint: remove unused exclusion rule 9cd41375ce Dockerfile: update golangci-lint to v2.7.2 1f498c5ff0 fix linting issues 366044fc20 vendor: github.com/spf13/cobra v1.10.2 c2073cc7e2 vendor: go.etcd.io/etcd/* v3.6.6 0ae3f972ad daemon: Simplify slices.Contains usage 8802be9eca hack: Restore rootlesskit and tini installers 54a6ec374a Update client MaxAPIVersion to 1.53 1e209e788b Continue to backfill empty PortBindings in API 1.53 2cce7ff87f api/docs: move ImageHistoryResponseItem to definitions (API v1.25-v1.52) b48be08eb5 project: Update branches/tags and patch releases 51d1974500 daemon/cluster/test: Use `t.Context()` 6c5233e109 modernize: Use `strings.CutSuffix` 71fd582aa2 modernize: Use strings.Builder instead of string concatenation 62ed24a87c modernize: Use slices.Contains bce14ac5bc reflect: Use `TypeFor` instead of `TypeOf` 3df05205f4 modernize: Use range int e548a31d28 modernize: Use `min` built-in 39c19d9161 modernize: Use fmt.Appendf cdce8f4f92 modernize: Use maps.Copy instead of for loops ff33808a79 modernize: Use strings.Cut instead of strings.Index where possible a25907b485 modernize: Prefer `strings.SplitSeq` instead of `Split` c9b0a21bb1 modernize: Use `b.Loop` (introduced in Go 1.24) 37fdb6d775 ci: Remove concurrency setting from golangci-lint config f44b5abf0e api: deprecate /grpc and /session endpoints a0bd623959 api: remove docs/v1.53.yaml 53c67be034 daemon/c8d: Log correct error extractOCIErrors 98d196b714 NRI: error on unsupported adjustment ff553c5069 NRI: make config reloadable 3f938c6091 gha: Bump actions/upload-artifact to v6 3fdde529e7 layer: Clean up init layer if initialization fails 7c7a626e5d NRI: include in API Info response f6b1488468 Bump API to v1.53 29d5098ffd migrate TestAPINetworkInspectWithScope to integration test d7a6250b91 layer: Clean up RW layer if mount metadata save fails 10c0fc4de8 NRI: add TestNRIContainerCreateAddMount a30301b28d NRI: allow plugins to add mounts 52f33797f3 vendor: github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754 70004549fb layer: Fix orphan creation in registerWithDescriptor 413b4afcba vendor: github.com/tetratelabs/wazero v1.10.1 24bac4495e vendor: github.com/containernetworking/plugins v1.9.0 caaa9c9bb5 simplify swagger generation ec9315cd4f daemon: clean up dead containers on start 849afcc5be daemon: use WithExtraDialOpts for containerd client connection 8dd2c72fb6 gha/vm: Update lima template locators c74203adbb gha: Fix PR branch validation 0666108ebf api: move scripts to generate and validate swagger to api module a97b330c6c Makefile: Add simple dev loop 2a191665b8 daemon/container: Container.BackfillEmptyPBs: prevent nil map 43780fe40c daemon: disallow container port 0 695010ba2e daemon: buildCreateEndpointOptions: fix panic with "publish all" 8cf9e64738 NRI: report container state to plugins dc1fe0be82 NRI: minor cleanups 322dda3908 NRI: add TestNRIContainerCreateEnvVarMod b67f0c0449 NRI: add ContainerCreate hook, allow env-var adjustments 565f7dce18 integration-cli: TestUserDefinedNetworkAlias: adjust for API versions 93eb7962dc integration-cli: TestUserDefinedNetworkAlias: replace deprecated utils 83f17f77cf integration-cli: adjust some tests for API-specific event-types 35f1250685 integration-cli: use event-consts in some tests 33eb3b8d78 integration-cli: TestEventsFilterType: remove test for "build" events 99066209a2 libnetwork/options: GenerateFromModel: use generics 14c5cd377d libnetwork/options: GenerateFromModel: reduce reflection d210449d85 Natively support GRPC on the docker socket fcb23060fc integration-cli: rewrite some tests depending on intermediate images 751a6f9f33 integration-cli: improve TestBuildNoNamedVolume 5152c7c3ef integration-cli: DockerCLIBuildSuite: use more unique names for images a39e866aa8 integration-cli: rename var that shadowed package-level const 14906f8023 NRI: use the daemon's logger 282868dabf NRI: instantiate and start/stop NRI adaptation 4941b36883 NRI: import containerd's NRI adaptation package 5ab4a14fe8 gha/vm: update Lima to v2.0.2 cc30833181 integration: increase timeout a230544000 NRI: add daemon.json/command line options 29560eacda go.mod: add back replace rules 773aca9f5d api, client: add separate LICENSE file bb713e7fa8 Fix spelling error in comments for names-generator.go 3ac4fd1eba project: add End-of-maintenance date for 25.0 e874083bdb Dockerfile: update compose to v5.0.0 da1e638566 Dockerfile: update cli to v29.1.2 b56d077034 fix: Correct typo in error message 9e72c44dae rm -r hack/dockerfile/install 6f9d1ec3fb update to go1.25.5 81d930f527 gha: update to actions/setup-go@v6 7000f92763 gha: update actions/download-artifact@v6 69963d84f8 gha: update actions/upload-artifact@v5 43ed81ed85 gha: update actions/checkout@v6 4b8f9dd251 vendor: github.com/klauspost/compress v1.18.2 a0e5e0525b Improve description of tmpfs mode 7687298e0a hack/validate/module-replace: relax check a828af4d8d Dockerfile: Update buildx to 0.30.1 f97f234729 Dockerfile: update runc binary to v1.3.4 b9d18a107a integration: cdi: add TestEtcCDI to verify /etc/cdi is used in rootless mode a55f610e2a cdi: resolve symlinks e29eaedf65 cdi: skip scanning non-readable dirs cd4397b4dc cdi: read XDG_CONFIG_HOME/cdi and XDG_RUNTIME_DIR/cdi for rootless 2e3a23c8ec c8d/inspect: Fix image inspect for incomplete images 69c4ea7aad system: df: fix SharedUsage on non-containerd 8c0751aa4d dockerd-rootless-setuptool.sh: fix `nsenter: no namespace specified` 7517464283 PublishAllPorts: don't crash with nil PortBindings 87583c9029 integration: migrate TestAPIImagesSizeCompatibility to integration test 310aa9241a libnet/pm: log when stopping userland proxy 52fae09ec0 libnet/pms/nat: don't bind IPv6 ports if not supported by port driver 955650b33f gha/test-validate: Reuse the dev image 56e8e43339 Revert "libnet: populateNetworkResourcesOS: updateDNS only if !needResolver" 83f00e9f2b Revert "libnet: rebuildDNS: update the hash file" 14a955db2f Revert "libnet: setupDNS: don't overwrite user-modified resolv.conf" 4219768511 vendor: update to client 0.2.1 ea539d267d client - use tagged api module c74559df60 gha/validate: Actually dont fail fast ecf4446e46 gha/validate: Don't fail fast 46ca7f19cd validate/module-replace: Fix check f745fe7f14 vendor: client/0.2.0 a60bea5412 Drop replace rules 04ab3d562c client: don't downgrade when failing to negotiate 189942570a client: enable API-version negotiation by default e752ec0f8e client: fix typo in comment bec7ab7f62 client: TestTLSCloseWriter: test with version negotiation enabled 701f2fdade client: improve mocking responses ef588715b6 client: add mockPingResponse utility acb5c5a390 client: mockResponse: prevent sharing body reader 45c9f460b8 client: checkResponseErr: don't read body for HEAD requests 77858fab6e client: ensureBody: also ensure the request is preserved e51a4306e2 client: ensureReaderClosed: small optimizations 89bd3150e1 client: client.ping(): use fresh request for HEAD -> GET 75520d1f5b client: resolveContainerSpecImage, resolvePluginSpecRemote: early returns 366ea9e9af client: ServiceCreate,ServiceUpdate: don't add empty warnings e94ed33de1 vendor: github.com/mistifyio/go-zfs/v3 v3.1.0 0389d3b13e vendor: github.com/opencontainers/selinux v1.13.1 bda87b7de8 vendor: golang.org/x/crypto v0.45.0 163cc95aea Add TestGatewayErrorOnNetDisconnect 8f2aa3e0f5 Network disconnect: log rather than error on gateway update e4a1657762 Check containerd client before using on Windows a3916290da vendor: golang.org/x/mod v0.30.0 10d68d4399 vendor: golang.org/x/net v0.47.0 633acaa5b3 vendor: golang.org/x/crypto v0.44.0 e4900958c3 vendor: golang.org/x/text v0.31.0 bd79eb0da5 vendor: golang.org/x/tools v0.38.0 421bda22d1 vendor: golang.org/x/sync v0.18.0 3054fdd8b2 vendor: golang.org/x/sys v0.38.0 997837376a vendor: github.com/cloudflare/circl v1.6.1 5a5d5b4c5f integration: add Windows network driver and isolation tests 731ae07e65 Endpint.sbLeave: when deleting container, no new gateway 7639e193ff libnet: setupDNS: don't overwrite user-modified resolv.conf eb18b398d4 libnet: rebuildDNS: update the hash file 937246a868 libnet: populateNetworkResourcesOS: updateDNS only if !needResolver 85b260fba8 PublishAllPorts: create port mappings for exposed ports a2de9bb334 Unmap more netip.Addr vars created using AddrFromSlice 2effc1bfd4 inspect: unmap IPv6-mapped IPv4 host address 84a251d039 Allow configured address with no configured subnet 7e14b4d931 Update docker-py in test-docker-py 517ae20be8 .github: collect all the OTEL traces 54d269a3b4 vendor: update buildkit to v0.26.2 442f0115cd docs: update contributing guides for clarity and consistency (#49891) 93825e00e8 migrate TestAPIImagesSaveAndLoad to integration test ed10b98506 Restore missing nwEndpointsMu.Lock 9fbc9d6e6d integration: migrate TestAPIGetEnabledCORS to integration test 774bb532f1 vendor: update buildkit to v0.26.1 e59d1b4563 libnetwork/drivers/overlay: DiscoverNew: move logic to setKeys, updateKeys f40b45ca1f libnetwork/drivers/overlay: use structured logs in some places c9f0314f21 libnetwork: controller.handleKeyChange: slight cleanup of logs de11467756 daemon/containerd: cleanup registry error-handling de546caa92 daemon/containerd: translateRegistryError: add early return 029770595d integration-cli: remove TestVolumeCLINoArgs 9ab033cc8a client: TestTLSCloseWriter: assorted cleanups / fixes 96b8f9c8ca Daemon.createContainerOSSpecificSettings - remove redundant param 33032b0454 Daemon.setSecurityOptions: remove redundant param 34925e5be9 Remove Daemon.setHostConfig 22c5c78bfb Move Daemon.registerMountPoints out of Daemon.setHostConfig 48709e502f Split OS-specific container config and volume creation 4434236088 Daemon.setHostConfig - don't set default network mode e757bbb4ea Move call to Daemon.registerLinks out of Daemon.setHostConfig 92b4902b8d Daemon.registerMountPoints: var 'container' -> 'ctr' 5c9f2e0388 rootless: ignore error when enabling IPv6 forwarding 4622dd0ccc client: Client.buildRequest, jsonEncode improve handling of content 20d65620f9 client: Client.buildRequest: don't set content-header if not set b17eee7aad Update DOCKERCLI_VERSION to v29.0.1 4e2e2cde7e client: simplify logic for manual vs auto API versions 1731e9e729 Don't try to remove cleared docker_gwbridge endpoint 6857132911 client: client.Ping: allow ForceNegotiate with manual override 8f1134b46d integration/image: migrate TestAPIImagesDelete to the new integration test framework 3e4a3cb03e integration: skip TestBuildWithHugeFile 53764de815 client: make WithAPIVersion, WithAPIVersionFromEnv order-independent a5c7f3f9c8 client: don't negotiate malformed responses bcc1db1ce5 client: WithAPIVersion, WithAPIVersionFromEnv: validate well-formedness 83ad5c92f7 client: Client.ping() fix duplicate ping 49c8d77639 vendor: github.com/ishidawataru/sctp v0.0.0-20251114114122-1 611c7dce43 client: export fallbackAPIVersion as MinAPIVersion 4535d63c91 daemon: install OpenCensus-to-OTEL trace bridge 0af2962fdd daemon: reduce use of pointer-slices in backend 53ea70ea46 inte/networking: TestDisableIPv6OnInterface: add '-c1' to ping 47bd247d4d inte/networking: test DNS resolution for non swarm-scoped nws 2e41476a5f libnet: create DNS records on sbJoin (if not agent node) 94e83af71a client: TestImageListWithSharedSize: merge with TestImageList 62589a6961 client: TestTLSCloseWriter: cancel context after test a5dec0a779 client: make sure context is canceled for ContainerWait tests 76a4381d45 client: TestImageListWithSharedSize slight reformat 9af7fbff2a client: TestImageList: use subtests 391247ce96 daemon: Fix image store choice priority for prior graphdriver state c5d0e3e6fa daemon: Add TestDetermineImageStoreChoice 17a3357e32 vendor: github.com/moby/buildkit v0.26.0 dae3650dcc client: rename/deprecate WithVersion, WithVersionFromEnv e5db2380f5 client: rename options.go to client_options.go 5cf1fb3954 hack/validate: Check if replace rules are needed 0f597561e8 hack/test/unit: Fix api and client module testing without replace rules 2729703967 client: fix example in README (align with ExampleNew()) b29990916d client: fix unused imports 47e852f061 image: pull/load/save attestation manifest and signatures with image 16b95ba758 go.mod: add back replace rules b4f9bd1cb3 c8d/builder-next: Don't force unpack 3874ca5984 vendor: update buildkit to v0.26.0-rc2 d558896fae vendor: github.com/secure-systems-lab/go-securesystemslib v0.9.1 bb07fdcd14 vendor: github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 f1d0fe47c9 vendor: github.com/golang-jwt/jwt/v5 v5.3.0 79344e1c9a vendor: github.com/gofrs/flock v0.13.0 d36617d2c1 vendor: github.com/containerd/nydus-snapshotter v0.15.4 1e48c34345 vendor: github.com/containerd/stargz-snapshotter/estargz v0.17.0 c169cc9629 vendor: github.com/google/certificate-transparency-go v1.3.2 940c8d6b71 vendor: cloud.google.com/go v0.121.6 621cee8dbe Dockerfile: update cli to v29.0.0 ce739870fb vendor: github.com/opencontainers/cgroups v0.0.6 7e78088f8f daemon: remove workaround for c8d client connection timeout f740e0fefa vendor: github.com/containerd/containerd/v2 v2.2.0 1639703e56 vendor: github.com/containernetworking/plugins v1.8.0 e4278c4c54 vendor: github.com/containerd/go-cni v1.1.13 7c798d012a vendor: sigs.k8s.io/yaml v1.6.0 d8f2aa4e3b vendor: github.com/containerd/containerd/api v1.10.0 0a494a7303 vendor: github.com/moby/swarmkit/v2 v2.1.2-0.20251110192100-17b8d222e7dd a040664176 vendor: github.com/Microsoft/hcsshim v0.14.0-rc.1 e65995d896 vendor: google.golang.org/grpc v1.76.0, google.golang.org/protobuf v1.36.10 65bb1bb21f vendor: go.opentelemetry.io/otel v1.38.0 6b8285f965 libnetwork/discoverapi: use DiscoveryType for enum 7eaf25ee59 vendor: cloud.google.com/go/logging v1.13.0 3f6f3b9ed2 vendor: cloud.google.com/go/compute/metadata v0.8.0 94eb87f4c0 vendor: github.com/klauspost/compress v1.18.1 1621c4e7ad vendor: github.com/prometheus/client_golang v1.23.2 efc3e93b1e vendor: golang.org/x/oauth2 v0.30.0 e773a0cf50 vendor: github.com/vbatts/tar-split v0.12.2 ebcf9bb0c4 vendor: github.com/containerd/cgroups/v3 v3.1.0 7c29edf1b4 hack: remove cpexp package bb56c4d7e7 daemon: remove some deprecated and unused code 365e588d0f Dockerfile: update containerd binary to v2.2.0 (static binaries and CI only) c950796596 client: use t.Context in tests 20b831c59a vendor: github.com/moby/moby/client v0.1.0 e0a877b487 vendor: github.com/moby/moby/api v1.52.0 854ccbfcf5 Drop replace rules 15241265dc client, api: update go.mod to go1.24 e8f156110a api/types/plugin: remove deprecated Config.DockerVersion 34fb9de7f3 api/docs: remove links to docs.docker.com from changelog d192a63467 daemon: Ensure buildkit created container's isolation mode consistent with daemon's config db71c6a914 api/types/container: make HealthStatus a concrete type 1fd87e9fdf api/types/container: make ContainerState a concrete type 18000fe371 api/types/volume: change ListResponse.Volumes to a non-pointer slice fe1a505cbf simplify some commit tests, and work around change in CLI behavior c477a68fb9 TestBuildForceRm: use assert to help debugging failures b0ab0b4078 TestBridgeIPIsExcludedFromAllocatorPool: don't use deprecated fields 9b7452e903 TestDockerNetworkValidateIP: relax string-matching errors 82a5eec1aa DockerSwarmSuite: relax string-matching errors and output 2e3c523579 TestAttachPausedContainer: relax error-message matching 598618b6f2 TestBuildWithInaccessibleFilesInContext: use sub-tests 7aa036ef2e client: rename CheckpointDelete to CheckpointRemove, and add output struct e2bdc51508 client: CheckpointCreate: add output struct da25838fc3 client: CheckpointListResult: rename Checkpoints to Items fda54735c9 client: move CheckpointAPIClient together with other interfaces d087d3c057 daemon: close EventsService on shutdown 46090e88e4 daemon/internal/builder-next: Builder.DiskUsage(): use singleflight fb94e241f5 daemon: disk-usage: fix incorrect key for singleflight 15a048c396 api, client: don't use a pointer-slice for plugins ed428234bd api: remove / internalize LegacyDiskUsage 71bcd22d6d daemon/server/router/system: simplify constructing response f5e319c950 daemon/server/router/system: use early return for disk-usage 20870f13c2 daemon: remove intermediate vars when collecting diskUsage 0dcb1fe344 daemon: align build.DiskUsage() with other disk-usages f1a3387633 daemon/server/backend: align DiskUsage types with api 04de584531 daemon/server/router/system: use shorter names and comments 32319028e5 daemon/server/router/system: slightly rewrite logic for legacy bd5e6bab1d go.mod: add back replace 34b6fb783d vendor: github.com/moby/moby/client v0.1.0-rc.1 f66f1b451c vendor: github.com/moby/moby/api v1.52.0-rc.1 e8745c2157 Drop replace rules 8db3118ac9 client: remove uses of deprecated NewClientWithOpts 1745075b24 client: DiskUsage: rename fields to match API dcfcfd33e9 client: cleanup and re-group interfaces 931c347b36 api/types: rename disk usage fields 745c483e42 client: pkg/streamformatter: un-export unused utilities 4c6d0ebc40 Fix disk usage result from legacy response logic bc3c37098c vendor: github.com/opencontainers/selinux v1.13.0 10f6eeb56d daemon: Refactor image store choice logic 4a3e139e3c daemon/command: NewDaemonRunner: set both stdout and stderr 0678de9c87 cmd/dockerd: main(): remove "onError" func 922cd97491 update to go1.25.4 d6ceff48bf delete redundant/incorrect cmd/dockerd/README.md d0fbae6e44 gha/vm: Force Lima v1.2.2 0029924181 api/types/system: change legacyDiskUsage to a non-pointer slice ff019cd853 internal/sliceutil: add Deref utility e509a7cefe daemon/command: remove `__dummy_command` workaround for completion 6881ae72c7 api/types: use regular slices for disk usage types c351539358 Dockerfile: test containerd v2.1.5 (linux), v2.0.7 (windows) 37d75fc46c vendor: github.com/containerd/containerd v2.1.5 f76f1fc013 client: Client.ImageSave: close reader on context cancellation 175e4e5048 client: Client.TaskLogs: close reader on context cancellation d35d8ec81b client: Client.ContainerLogs: close reader on context cancellation cc9969bfed client: Client.ServiceLogs: close reader on context cancellation c5aedacb4f client: Client.ContainerExport: close reader on context cancellation 08cd02cab6 client: Client.ImageImport: close reader on context cancellation 849239cedf client: Client.ImageLoad: close reader on context cancellation be96014740 client: Client.ContainerStats: close reader on context cancellation d11232bad9 client: add newCancelReadCloser utility fabdccbe10 api/types: move disk usage structs to per type packages de9ab07188 client: ExecCreateOptions: change ConsoleSize to a ConsoleSize type 443b548efa client: ExecCreate: rename Tty to TTY ebc1dfbb64 client: singularize prune methods 52a917d48a gha/bin-image: Fix dco running on non-v tags 39ccd04ca8 api/types/swarm: define type for RegistryAuthSource 39f2dbffa1 vendor: github.com/moby/buildkit v0.25.2 d299e5be83 api/types/swarm: define type for UpdateOrder b552b8b729 api/types/swarm: define type for FailureAction 47edd80d97 integration-cli: Adjust nofile limits 35f6a78082 Dockerfile: update runc binary to v1.3.3 5ad71c5ddf vendor: github.com/containerd/platforms v1.0.0-rc.2 3a105f4e0c daemon/internal: adjust some build-tags a69abdd90d api/types/system: add type specific usage fields to `DiskUsage` 2af22d3512 Fix TestHandleMACAddressBC dc22f2c8bf client: make ImageSaveResult an interface 5c8a9b7b9e client: make TaskLogsResult an interface 7dc9d39ca1 client: make ContainerLogsResult an interface 8d0b09c722 client: make ServiceLogsResult an interface 0257c642c7 client: make ContainerExportResult an interface 5bfc628e97 client: make ImageImportResult an interface 5fc866fbfd client: make ImageLoadResult an interface 1051c7f89e client: Client.ImageLoad: move description of platform parameter b30eb86b31 go.mod: add back replace rules 668b546d2c docker/save: stable timestamp for blobs/digest dir 31f7f62d6c client/pkg/security: simplify 9b749d7c85 integration-cli: migrate TestAPIStatsContainerNotFound to integration tests b6dab24a43 dockerd-rootless.sh: restore missing `exit 1` 76b1d304e4 dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host 5369540dd2 go.mod: remove "exclude" rules 9b8419f6ed daemon/config: export "min-api-version" through daemon.json 3d772829ba vendor: github.com/moby/moby/client v0.1.0-beta.3 93c273dc11 vendor: github.com/moby/moby/api v1.52.0-beta.4 56bd456694 Drop replace rules 1e56b87f7f hack/vendor: Make dropreplace vendor latest version 73455ce01a client: Remove ImageCreate in favor of ImagePull/ImageImport fd1593c067 api/container_inspect: Ensure Config is not nil in inspect response 6aea8c2591 Dockerfile: update integration-cli CLI to v25.0.5 4bcd446f03 Deprecate cgroup v1 a087d03e0c client: refactor create network api implementation to wrap options/results 12c9de37e9 api/types: move Version to api/types/system 3d28cb8bbd client: ServerVersionResult: add back legacy fields ebe464ea45 api/types: remove PushResult type, and move internal 22c037982c API compat: replace nil values when adding fields 19f4c27d81 api/t/network: represent MAC addrs as byte slices 433023a03d Move namesgenerator to internal d1f70d4f54 client: deprecate NewClientWithOpts in favor of New 137adde33d client: prepare option-structs for multiple platforms 860307c4ea client: refactor ServerVersion to return ServerVersionResult 6c042389a3 client: use sub-tests for ServiceLogs e8e7f1a500 client: use sub-tests for ContainerLogs af40d2bfed vendor: cloud.google.com/go/logging v1.12.0 15a1256f21 vendor: genproto v0.0.0-20240903143218-8af14fe29dc1 88cbd467f6 vendor: cloud.google.com/go/compute/metadata v0.7.0 a5c0f152a7 daemon: improve validation for container rename 0eba2989e0 api/types/registry: rename AuthenticateOKBody to AuthResponse 6cf02b5cba client: remove unused import 3c62b06de2 client: fix example, and add runnable example 90e7232c8e Dockerfile: update runc binary to v1.3.2 1cc2ab16ce client/container_copy: Wrap options and result struct 38d703ff6f client/container_update: Wrap options and result e9f28e2a41 client: refactor NetworkConnect, NetworkDisconnect, NetworkRemove 2d6bf9332b client: un-export NewVersionError, rename to requiresVersion 29ad05b130 client: ContainerWaitResult: use singular for channels 51a0584088 client: ContainerWait: touch-up GoDoc, remove legacy code bae45f766d api/types/network: define `ConnectRequest` and `DisconnectRequest` fc97a2ff0d client: Rename ContainerUnPause* to ContainerUnpause* f8b9396c2c gha/labeler: Fix dependencies d2e7465293 client: refactor `ContainerRename` to wrap options/result structs 28ed1ef927 client: refactor `ContainerLogs` to wrap result e46058cbae client: refactor Events, Info, RegistryLogin 749c980d4e client: refactor `ContainerExport` to wrap options/result structs ec22a1e5b2 client: refactor `ContainerTop` to wrap options and results c5ddef1122 client: refactor `ContainerList` to wrap result cf173bc941 client: refactor ContainerWait to use client defined options/results structs bbaeb9036f client/pkg/jsonmessage: use api message def'ns 848b0452d3 client: VolumesPrune: rename argument for consistency 1985a8979e client: VolumeUpdate: add output struct, and move "version" faee204c02 client: VolumeRemove: add output struct 1f5c82b9fa client: add option and output structs for various container methods edbf321ce6 client: remove NegotiateAPIVersion, NegotiateAPIVersionPing c4aee2a50e client: remove ContainerStatsResult.OSType field 6a2a1dd6cf api/types/container: StatsResponse: add OSType field 8118385ba8 client: ContainerStats: add option, output-structs, remove ContainerStatsOneShot 5df881f3a7 daemon: Daemon.ContainerStats: don't escape HTML in responses 7623979aba daemon: Daemon.ContainerStats: combine some conditions and remove error 95a3880197 daemon: Daemon.ContainerStats: inline getStatJSON closure f7003ef7de integration-cli: minor cleanups in stats tests 5742b40c87 integration-cli: simplify, improve some stats tests e690c84bed integration-cli: remove TestAPIStatsNetworkStatsVersioning 155d697010 integration/container: TestStats: use sub-tests 6040a2f686 fix some faulty defers in tests e410daf8f7 integration-cli: TestContainerAPIStatsWithNetworkDisabled: check result 7439f09cd2 daemon: Daemon.stats: fill-in container ID and Name when collecting 3088c4e192 api/types/container: StatsResponse: cleanup fields and GoDoc 9b795c53a7 client: remove ImageLoadResult.JSON field ef589ef824 client: fix ImageLoadResult GoDoc 5cf4d68121 daemon: subscribeToContainerStats: return cancel / unsubscribe function 99410827c7 daemon: use errdefs instead of string-matching in some places 4aac139fc0 client/container_exec: Separate structs for Start and Attach 425975313a client: merge ContainerInspectWithRaw with ContainerInspect 58356450fa client: remove redundant closing and draining of response ddbb503dc7 client: change Raw fields to be json.RawMessage 12123eb592 client: merge ExecInspectResult with ExecInspect 378116a84f client: ImageImportResult: prevent panic on nil reader 0b7b7625c6 client: rename NodeUpdateOptions.Node to NodeUpdateOptions.Spec 875c577711 client: consolidate node options with their methods 832590155c client: ExecCreateResult: define local type with ID field c6a45784f9 client: VolumeListResult: define local type 687c3d7f42 api/types/jsonstream: define Message type ae28867804 api/pkg/progress: move to client and daemon/internal 6baf274fa3 api/pkg/streamformatter: move to client and daemon/internal c246639baa client: rename ImageRemoveResult.Deleted to ImageRemoveResult.Items fb85d123c1 integration/service: fix tests for updated client f40e1a7582 api: move types/versions to client/pkg and daemon/internal c9b3c65f37 vendor: github.com/aws/aws-sdk-go-v2/config@v1.31.15 b3129817a7 vendor: github.com/aws/aws-sdk-go-v2/credentials v1.18.19 1b2015a26f vendor: github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.58.5 7f7588be22 vendor: github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.11 f82fa7a4b2 vendor: github.com/aws/aws-sdk-go-v2 v1.39.4 529076c7b4 vendor: github.com/aws/smith-go v1.23.1 031f30340b vendor: golang.org/x/net v0.46.0 8afa422f0c vendor: golang.org/x/time v0.14.0 8c88244d7f vendor: golang.org/x/text v0.30.0 8d3ae564e0 vendor: golang.org/x/mod v0.29.0 7563a498f0 vendor: golang.org/x/sys v0.37.0 8fb561ca9a client/container_create: Add `Image` outside of Config 3340c86db9 client/container_create: Rename ContainerName to Name bd31b8b1c7 client_(attach,commit,create,diff): Wrap result and options 47fd987af2 client: simplify test with mock-responses 3a43b5b559 client: refactor ServiceCreate, ServiceUpdate, SwarmUpdate 0fe6be8c38 client: remove roundTripFunc, bytesBufferClose b9dd7c0d59 client: tidy-up mock-utilities a315437e1c client: rename transportFunc -> testRoundTripper 0971a3bcb8 Inspect: API v1.51 compatibility f733b411a1 client: remove unused hasEndpointSpecificMacAddress utility 5a5d39205c client: rename `ServiceListResult.Services` to `ServiceListResult.Items` 94ab385eb5 client/container_exec: Wrap options and result, rename to Exec ea0d934ff2 Allow requesting networks with a custom prefix size from the default pools 5c67034952 Dockerfile: upgrade Delve to v1.25.2 5b46429122 client: please the linters c7fe7136d2 client: gofumpt 909e32b27d client: refactor plugin api client functions to define options/results structs 362e9d088f client/distribution_inspect: Wrap options and result f09ca78b45 api/types: fix godoc 7ceea4148a client/node: Wrap options and output 8dc5d1e64d api/types: move Ping and swarm.Status to client 6819a9fc1e client/image_tag: Wrap options and result 347693a580 client/image_remove&search: Wrap options and result b3974f07f5 client/image_list: Wrap options and result a7f409014f client/image_create&import: Wrap options and result 5cc1e5f800 client/build_cancel: Wrap options and result 51ed1a9a37 client/image_build: Rename output to ImageBuildResult cd08b79c02 client: refactor service api client functions for defined options/result structs e3c6dc2a91 client: VolumeInspect: add options struct 8f50d38231 client: SwarmInspect: add options struct 95fac07ccc client/secrets: Wrap results and options ebc92e015a client: PluginInspectWithRaw: refactor and rename to PluginInspect 8cd377bd9c internal/testutil/daemon: remove "Config" utilities f5b0ce3988 integration/network: TestServiceWithDefaultAddressPoolInit fix log 2c5e0a008a client: rename ConfigListResult.Configs to ConfigListResult.Items 67cbf36ac9 client: remove VolumeInspectWithRaw, merge with VolumeInspect 5a04a9718d client: rename VolumeListResult.List to VolumeListResult.Items 485b95600a client: NetworkList: wrap result 3fbf5a3bd1 client: NetworkInspect: wrap result and remove NetworkInspectWithRaw 612342198c client: refactor swarm api functions to wrap params/responses 343185cf1a libnetwork: move Network.resolveDriver to Controller 68e1a8805b Dockerfile: test against containerd v2.1.4 ee3cab4158 libnetwork/drivers/overlay: pass context for logger 38ef4fd576 client: refactor task responses 2d69edd28a client/image_(inspect,history,load,save): Wrap return values 35acf347eb hack: disable go telemetry in integration tests 9fe856a5f3 integration-cli: move some tests to integration 62a71a8261 test: migrate test api error not found json 33fc45e5c5 libnetwork: EndpointInterface: cleanup marshal/unmarshal 48c2d8c458 libnetwork: support custom DNS servers in Windows overlay driver a8950e0192 api/types/container: remove deprecated Config.MacAddress 79912d4c7f daemon: Daemon.getInspectData: move migration code to router 91ce33d4b0 daemon/server/router/container: remove uses of deprecated MacAddress 0030ba21e3 client: ContainerCreate: remove handling of legacy MacAddress e5864a51ac integration/networking: TestWatchtowerCreate: rewrite with request util 8088de791c integration/networking: TestInspectCfgdMAC: rewrite with request util b4b0b6f10f integration/container: rewrite with request for MacAddress 4b22807a0f gha/labeler: Exclude client and api modules from dependencies label abf5679049 client/inspect: Better Raw handling ee22a50b75 client/config: Use Config instead of Spec as field f4b06e66e1 client/config: Wrap results and options 42ba5466c7 api: rename `volumes.CreateOptions` to `volumes.CreateRequest` a2fd724453 client: wrap volume create api options with client options 600edfe55c Move container platform migration logic 3a90dd8b8f Adding support for memory swap settings for services d4e6d4f697 client/volume: refactor volume options and responses 975e46f726 libnetwork/datastore: small cleanups 10faa629fe libnetwork/drivers/macvlan, ipvlan: assorted minor cleanups a013147c40 libnetwork/drivers/macvlan: parentHasSingleUser: don't create copy of networks 65296cd0e7 libnetwork/drivers/macvlan, ipvlan: un-embed mutexes a2f4f09f91 libnetwork/drivers/macvlan, ipvlan: remove unused sync.Once 5276dd8e9a libnetwork/drivers/ipvlan: remove ifaceGateway utility d481c09fa7 libnetwork/drivers/macvlan, ipvlan: make driver.leave a stub aec6e7f7b6 libnetwork/drivers/macvlan, ipvlan: remove networkTable, endpointTable bf7277f8fe libnetwork/drivers/macvlan, ipvlan: remove getSubnetforIPv6, getSubnetforIPv4 a294445345 ibnetwork/drivers/macvlan, ipvlan: align and fix potential panic 17425cff08 libnetwork/drivers/macvlan, ipvlan: driver.Join: don't fetch endpoint twice 3906199019 internal/testutil/request: add ReadJSONResponse utility ee043729a0 integration/container: Make tests runnable on SELinux enabled daemon 5061d0a74d api/types/swarm: remove deprecated ServiceSpec.Networks field acda47637c ci: update docker-py to main (v7.2.0-dev) 6da63a3ed5 client: VolumePruneOptions: add "All" option 2d1429c62c introduce ImagePushResponse e1722eb8d8 daemon/command: disable c8d snapshotter when userns remapping enabled docker-moby/cli: update to v29.2.1 5eb91665d docs: fix typos d6c6bbf57 docker-bake.hcl: use default GO_VERSION from Dockerfile 2d5d0842c update to go1.25.7 def41fe65 docs: fix typo in dockerd.md for 'replacement' 58413ca11 Dockerfile: update tonistiigi/xx to v1.9.0 df3e9237d opts: MountOpt: extract utility functions and don't set empty values d781df8b5 opts: MountOpt: extract validation to a separate function f35fb0f5a cli/command: TestGetDefaultAuthConfig: cleanup test file fe1af9206 opts: MountOpt: improve validation of boolean values 5de99e672 opts: MountOpt: improve validation for whitespace in values 9620e4178 opts: MountOpt: improve validation for whitespace in options e888a6e00 opts: remove outdated comment bcc14559c opts: MountOpt: relax client-side validation of mount target defbe23de opts: MountOpt: improve error for empty value 77e02a92e opts: MountOpt: add test-coverage for volume options 2c8bf677f opts: MountOpt: remove duplicate test 7ebc2f7c2 opts: MountOpt: rewrite TestMountOptVolumeNoCopy to a table-test a850b054a opts: MountOpt: rewrite TestMountOptDefaultEnableReadOnly to a table-test f3efc27a1 opts: MountOpt: combine error tests into a test-table 9c9ec7358 vendor: github.com/moby/moby/client v0.2.2 bab3e81e1 vendor: github.com/moby/moby/api v1.53.0 e34a3422c templates: make "join" work with non-string slices and map values 771660a17 vendor: github.com/go-viper/mapstructure/v2 v2.5.0 08ed2bc6e cli/command/container: make injecting config.json failures a warning e9ceb2f5a vendor: golang.org/x/net v0.49.0 faf8a0836 vendor: golang.org/x/term v0.39.0 daa4d4e4a vendor: golang.org/x/text v0.33.0 a4aee9bf5 vendor: golang.org/x/sys v0.40.0 ce489e0db vendor: github.com/klauspost/compress v1.18.3 ef0847596 cli/command/container: ignore "not found" error on cidfile.Close 16bbf5d07 cli/command/container: cidFile.Write: include CID in error message ed566e723 cli/command/container: createContainer: remove intermediate vars cfb71de7d cli/command/container: createContainer: remove redundant closure adfb40ceb cli/command/container: remove outdated TODO ceea57b46 cli/command/container: copyDockerConfigIntoContainer: close TarWriter effdf1b45 cli/command/container: rename vars to use correct camelCase ccbe206a8 cli/command/containerd: parseSecurityOpts: remove redundant sprintf c8841ac1b vendor: moby/api v1.53.0-rc.2, moby/client v0.2.2-rc.2 7e8457115 update to go1.25.6 86bd884ac docs: Fix daemon.json typo 16873675b vendor: github.com/sirupsen/logrus v1.9.4 b21139c30 internal/jsonstream: TestDisplay use streamformatter d6cdb71e2 cli/command: RetrieveAuthTokenFromImage: remove redundant conditions b13b774e2 man: reformat docker-run.1.md to prevent linting warnings 816f4556c internal/registryclient: simplify notFoundError d61519f99 internal/registryclient: allEndpoints: pass through context fe3157419 improve validation of "--detach-keys" options 6a93e7803 cli/command: add WithAPIClientOptions option db762956d login: touch-up error for non-TTY 4b0ec0d4e cli/command: DockerCli: store API-client options as field f9f2d822b cli/command: make TestSetGoDebug more predictable 391acef40 Improve clarity of environment variables description a6f8391c9 vendor: github.com/docker/docker-credential-helpers v0.9.5 14cffdbfa gha: run unit-tests in go modules mode, to prevent traversing nested modules 0cd2c1858 vendor: golang.org/x/net v0.48.0 647ab775d vendor: golang.org/x/term v0.38.0 a1799eacd vendor: golang.org/x/text v0.32.0 a78533373 vendor: golang.org/x/sync v0.19.0 e2a368fa4 vendor: golang.org/x/sys v0.39.0 ab5d4d4f8 cli/compose/loader: rewrite with reflect.TypeFor 3ce8f1d80 vendor: github.com/moby/go-archive v0.2.0 8205124d5 cli/command/node: nodeContext: remove uses of reflect 40f052c7e cli/command/container: use reflect IsZero f28565d17 cli/command/service: replace reflect for gotest.tools assertion e715dd507 cli/command/volume: remove uses of reflect in test 3811f24f4 cli/connhelper: replace reflect for gotest.tools assertion a89b2e19f cli/command/formatter: rewrite some tests with gotest.tools 90ae5b813 cli/command: replace reflect for gotest.tools assertion a0e303a0e opts/swarmopts: add missing build-tag 03dfab401 remove uses of deprecated go-archive consts dd6d0cd80 vendor: tags.cncf.io/container-device-interface v1.1.0 4743d1d89 Makefile/yamldocs: Don't require TTY 485106679 docs/container: Update dead link 226af6814 cli/command/service: fix API version for memory-swap, memory-swappiness 13759330b cli-plugins/manager: remove legacy system-wide cli-plugin path 302498c33 vendor: github.com/moby/moby/client v0.2.2-rc.1 def847be9 vendor: github.com/moby/moby/api v1.53.0-rc.1 2a903c52d Include NRI in info output d8351dbe6 Vendor moby/[api|client] from moby master f7ddc8a7d docs: Update --all flag description to clarify it shows dangling images 4d7a8b0fd build(deps): bump actions/upload-artifact from 5 to 6 0f03c31ab image/list: Fix `dangling=false` handling 1e259062f cli/tree: Remove unused `all` field 09a46645a image/tree: Add golden test 0d88411f1 image/tree: Remove --all flag check for untagged images in non-expanded view b31598389 image/tree: Fix width calculation for untagged images 150a25b9f image/tree: Extract untagged image name to const 67f5e3413 image: Fix dangling image detection with graphdrivers 2e3425fbd cli/command/container: use consistent casing for dockerCLI arg de098367d cli/command/container: inline parseWindowsDevice 15de6ce8f vendor: github.com/klauspost/compress v1.18.2 5c406f5ee vendor: github.com/morikuni/aec v1.1.0 a6335c422 docker run, create: don't swallow connection errors during validate 49021ad98 vendor: github.com/spf13/cobra v1.10.2, migrate to go.yaml.in/yaml/v3 6f75c0c8e add TODOs for replacing nat.ParsePortSpecs 9c10a9c9a opts/swarmopts: remove use of nat.ParsePortRange 9dfe779ab internal/test: remove unused FakeStore c81e05eed add shell completion for "docker stack deploy --compose-file" d54488531 update to go1.25.5 ba683d8df opts/swarmopts: use sub-tests dd2be022c gha/e2e: Switch to rc and 29 latest 1abfbf298 vendor: github.com/moby/moby/client v0.2.1 e0d30db11 docs: update buildgc example config to use new buildkit v0.17 options 6a0099bc8 cmd/docker-trust: bump golang.org/x/crypto v0.45.0 c90166ffa cmd/docker-trust: update dependencies ac5e88612 vendor: golang.org/x/net v0.47.0 3ec414638 vendor: golang.org/x/term v0.37.0 616e93a0c vendor: golang.org/x/text v0.31.0 1202f8a64 vendor: golang.org/x/sync v0.18.0 b67055c96 vendor: golang.org/x/sys v0.38.0 475961583 image/tree: Allow image names to overflow instead of truncating 3099d4716 build(deps): bump actions/checkout from 5 to 6 d84396d4e image ls: allow custom format in cli config 6751cd169 docker version: restore top-level BuildTime to RFC3339Nano 3a842587f chore: update link/linktext to dockerd proxy config dd2c49382 cli/command/system: Fix missing components in version output 207bf52c2 image/tree: Only show untagged images when --all flag is used be9e6308f image/tree: Respect NO_COLOR env variable ed281ddf5 image/list: Print legend only if limiting width aa5d00a3a image/tree: Don't limit name width if non tty b66b93130 image/tree: Fix untagged images in non-expanded view bff56f049 cli/command/system: define struct for formatting version d787e70a1 cli/connhelper/commandcon: remove warn logs ebc1995f9 vendor: github.com/moby/moby/api v1.52.0, moby/client v0.1.0 ad96811f1 swarm: Add memory swap support (no stack/compose support) 6ba06b5fb Revert "cli/compose: add schema 3.14 (no changes from 3.13 yet)" e0716b571 Revert "Add memory swap to swarm" 4b450f113 vendor: github.com/moby/moby/api, moby/client master 1d789e409 cli/command/system: add missing "go:build" b3824015d vendor: github.com/moby/moby/api v1.52.0-rc.1, moby/client v0.1.0-rc.1 d67291026 vendor.mod: remove replace 41088ed7d vendor: go.opentelemetry.io/auto/sdk v1.2.1 712f569f1 vendor: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 7736f5e60 vendor: align other otel packages to v1.38.0 d45551dac cli/command: update to semconv v1.37.0, otel v1.38.0 71828f279 Add memory swap to swarm d0c86d39e cli/compose: add schema 3.14 (no changes from 3.13 yet) 5039eee77 vendor: github.com/moby/moby/api master, moby/client master cee9ea67f lint: run in go-modules mode b2aa690b2 scripts/build/binary: remove pkcs11 build tag c1a53ae7b cmd/docker-trust: remove dependency on cli/internal 06914dd0f make trust-plugin a separate module c9bb29115 implement `docker trust` as plugin dd70b43bc chore: update broken link to restrucured docker desktop documentation f2755b02d update to go1.25.4 880ef756b Fix static build + CGO 0976389e1 vendor: golang.org/x/net v0.46.0, golang.org/x/crypto v0.43.0 c733cb053 vendor: golang.org/x/time v0.14.0 1f77c6f1c vendor: golang.org/x/term v0.36.0 dcce972f4 vendor: golang.org/x/text v0.30.0 b11d143cd vendor: golang.org/x/sync v0.17.0 0c8ce84a6 vendor: golang.org/x/sys v0.37.0 d9f7e4b0c cli/command/service: use enum-consts defined in API 774f1d60a cli/command/service: parse generic resources without protobufs 437ed4c1e Dockerfile: update golangci-lint to v2.6.1 c4a28d0d3 vendor: github.com/go-jose/go-jose/v4 v4.1.3 f8d036512 fix perfsprint (concat-loop) linting 7b624841c update minimum go version to go1.24 82b47c8e5 vendor: github.com/moby/swarmkit/v2 v2.1.1 3a9178813 vendor: github.com/containerd/platforms v1.0.0-rc.2 61d88c951 lint: don't disable modules 9bce085b1 vendor: github.com/mattn/go-runewidth v0.0.19 e0b1ab68f cli/command/container: fix use of generics e5f46499b image/tree: Fix table header having escape codes when not tty d5d2ed5ba image/tree: Add test for checking ansi escape output 1a261e3f5 image/tree: Use streams interface 4893a5d5e completion/zsh: Allow multiple volumes of 'volume rm' 700875b66 Plugin may set itself as hidden ad776d1e1 remove support for client-side docker content trust validation 259df25a9 cli: allManagementSubCommands: improve handling of plugin stubs aa62a6a97 docs: update link to libnetwork protocol doc ef16d8230 vendor: github.com/moby/moby/api v1.52.0-beta.4, client v0.1.0-beta.3 6fa590033 image/tree: Remove longest->shortest sort 5836040ec Update golden files f6feef8fe image/test: Fix `go test` args being used by CLI commands 631f32ee9 images/list: Add print ambiguous warning for tree c41815f17 image/list: Show collapsed tree by default 5d599e932 e2e: add docker v29-rc 50598d21c skip TestBuildIidFileSquash cf9e1778d Dockerfile: remove notary c98d9647d e2e: remove DCT tests 8444c911b vendor: github.com/moby/moby master 7f86de931 docs: deprecated: deprecate cgroup v1 7bdb4df07 cli/command/container: use ImagePull instead of ImageCreate 9e7937746 image/tree: Fix dangling filter condition 8e2943c6c image/tree: Sort image tree by name instead of creation date 8767904ae vendor: github.com/moby/moby/api master, moby/client master b8b4f54a8 fix typo in TODO comment 65496c555 cli/trust: use local definition for PushResult Aux message e636a2a06 cli/container_rename: Move to API validation af255acca vendor: github.com/moby/moby master 053aa376e vendor: github.com/moby/moby/api, moby/moby/client master 83319f09f cli/command/container: use per-stats OSType if present 6ed16a2cc vendor: github.com/moby/moby/api, moby/moby/client master 5007c96b0 cli/command/container: collect(): split windows/unix branches c467ebafd cli/command/container: calculateCPUPercentWindows minor cleanup 689152a80 cli/command/container: calculateCPUPercentUnix: simplify e01ce69ff cli/command/container: collect: handle context-cancellation 292001a45 cli/command/container: RunStats: early return for non-streaming 0b1c7bc0f cli/command/container: RunStats: small tweaks on closeChan d309027d5 cli/command/container: RunStats: gracefully handle io.EOF 15b422b31 cli/command/container: RunStats: handle context-cancellation 832fc66ca cli/command/container: RunStats: simplify stats loop dad1d367c cli/command/container: move debug logs to call-site f594a7f09 cli/command/image: remove uses of JSON field 4b498addc cli/command/container: don't depend on result.OSType 4a608069a vendor: github.com/moby/moby/api, moby/moby/client master 153f7f10c telemetry: lock the semconv version of the otel sdk aef2ef8c7 build(deps): bump actions/upload-artifact from 4 to 5 4afbd6146 implement some ad-hoc mocks for responses 056e31464 vendor: github.com/moby/moby/api, moby/moby/client master 64805c295 image/list: Respect `dangling` filter when not using `--all` e9a941001 image/list: Hide untagged images without `--all` 4f7c07cfc update local code for updated modules aeb78091a vendor: github.com/moby/moby/api, moby/moby/client master 563f5fe33 vendor: github.com/moby/moby/api, moby/moby/client master 5ba4c17d7 cli/command/container: Simplify with slices.Contains d252afa6b cli/command/container: add go1.23 build constraint for range-over-func Signed-off-by: Bruce Ashfield --------------------------- Commit: 0e1a86ac --------------------------- podman: improve reproducibility disable buildvcs to improve reproducibility Signed-off-by: Changqing Li Signed-off-by: Bruce Ashfield --------------------------- Commit: 9a28d5ed --------------------------- recipes/golang: improve reproducibility Refer [1], cgo will embeded cgo_ldflags in the intermediary output, which make content ID will be incfluenced by cgo_ldflags. '--sysroot=xxx' includes build path, which will make the binary not reproducible, these recipes can build successfully without --sysroot, so remove it [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Changqing Li Signed-off-by: Bruce Ashfield --------------------------- Commit: 914b5d23 --------------------------- nerdctl: add -buildmode=pie to avoid textrel QA error On qemuarm, building nerdctl fails with QA error about textrel. Add '-buildmode=pie' to fix this issue. Signed-off-by: Chen Qi Signed-off-by: Bruce Ashfield --------------------------- Commit: 9ba68c94 --------------------------- vruntime: add BBMASK to reduce multiconfig parse time The vruntime multiconfigs (vruntime-aarch64, vruntime-x86-64) trigger a full BitBake parse of all layers, but only need ~318 recipes to build the vdkr/vpdmn container runtime stacks. BBMASK set in the vruntime distro conf only affects parsing for those multiconfigs; the main build is unaffected. Add three .inc files, each independently disableable, that mask unused recipes: - vruntime-bbmask.inc: meta-virtualization layer (~88 masks covering virtualization platforms, unused container orchestration/tooling, and individual go libraries) - vruntime-bbmask-oe-core.inc: oe-core graphics subdirs, multimedia, sato, and rt categories - vruntime-bbmask-meta-oe.inc: meta-oe, meta-networking categories, plus entire meta-python, meta-filesystems, and meta-webserver layers Mask patterns were generated from bitbake -g dependency graph analysis of both aarch64 and x86-64 targets, with all 318 needed PNs (including -native variants) cross-checked against the patterns. Orphaned bbappend files in other layers are also masked to prevent parse errors. Signed-off-by: Bruce Ashfield --------------------------- Commit: d79d3d2a --------------------------- vcontainer: fix yocto-check-layer mcdepends parse error Fix yocto-check-layer failure: ERROR: Multiconfig dependency mc::vruntime-x86-64:vpdmn-initramfs-create:do_deploy depends on nonexistent multiconfig configuration named configuration vruntime-x86-64 Several recipes and classes declared static mcdepends referencing vruntime-aarch64 and vruntime-x86-64 multiconfigs. When parsed without BBMULTICONFIG set (e.g. yocto-check-layer), BitBake validates these and fails because the referenced multiconfigs don't exist. Move mcdepends into anonymous python functions and only set them when the target multiconfig exists in BBMULTICONFIG, following the pattern established in meta/classes-recipe/kernel-fit-image.bbclass. Signed-off-by: Bruce Ashfield --------------------------- Commit: ed5b3393 --------------------------- go-mod-vcs: fix do_rm_work permission failure on module cache go build creates read-only files in the module cache during do_compile. The previous do_fix_go_mod_permissions task ran before do_compile, so it could not catch these files, causing do_rm_work to fail with permission errors. Replace the standalone task with a do_compile postfunc that fixes module cache permissions after compilation finishes. This covers all go-mod-vcs recipes regardless of how they invoke go build. Signed-off-by: Bruce Ashfield --------------------------- Commit: 1553125e --------------------------- docker-registry: add native support This is required for several of the scripts and capabilities providing local registry support. Signed-off-by: Bruce Ashfield --------------------------- Commit: ff406688 --------------------------- container-registry: add tests and documentation for secure registry Add comprehensive test coverage and documentation for the secure registry infrastructure. Tests added: TestRegistryAuthentication - auth modes (none, home, authfile, credsfile, env, creds, token) for push and import TestSecureRegistryTLSOnly - TLS-only mode using running registry TestSecureRegistryWithAuth - isolated TLS+auth instance on port 5001 TestDockerRegistryConfig - static analysis of bbclass/recipe logic TestContainerCrossInstallSecure - auto IMAGE_INSTALL verification TestVcontainerSecureRegistry - script pattern verification for virtio-9p CA transport, daemon _9p=1, shared folder reads README.md: Document authentication modes (none, home, authfile, credsfile, env), secure registry setup, PKI generation, target integration, and CI/CD examples. conftest.py: Add --secure-registry pytest option and skip_secure fixture for tests requiring openssl/htpasswd. Signed-off-by: Bruce Ashfield --------------------------- Commit: d0410316 --------------------------- image-oci: fix process substitution for dash/busybox compatibility Replace bash-specific process substitution (< <(find ...)) with POSIX-compatible piped find | while constructs. Replace $((...)) arithmetic with expr for broader shell compatibility. This fixes OCI image delta-copy on systems where /bin/sh is dash or busybox ash rather than bash. Signed-off-by: Bruce Ashfield --------------------------- Commit: 7297ba3a --------------------------- vcontainer: add secure registry support with virtio-9p CA transport Enable vdkr/vcontainer to pull from TLS-secured registries by transporting the CA certificate via virtio-9p shared folder. vcontainer-common.sh: Add --secure-registry, --ca-cert, --registry-user, --registry-password CLI options. Auto-detect bundled CA cert at registry/ca.crt in the tarball and enable secure mode automatically. vrunner.sh: Copy CA cert to the virtio-9p shared folder for both daemon and non-daemon modes. Fix daemon mode missing _9p=1 kernel cmdline parameter which prevented the init script from mounting the shared folder. vdkr-init.sh: Read CA cert from /mnt/share/ca.crt (virtio-9p) instead of base64-decoding from kernel cmdline (which caused truncation for large certificates). Install cert to /etc/docker/certs.d/{host}/ca.crt for Docker TLS verification. Support optional credential passing for authenticated registries. vcontainer-tarball.bb: Add script files to SRC_URI for proper file tracking and rebuild triggers. Signed-off-by: Bruce Ashfield --------------------------- Commit: 52fc4ca7 --------------------------- container-registry: add target image TLS integration Install CA certificates and registry configuration into target images so they can pull from the secure registry at runtime. docker-registry-config.bb: When CONTAINER_REGISTRY_SECURE=1, install the CA cert to /etc/docker/certs.d/{host}/ca.crt instead of adding insecure-registries to daemon.json. Translates localhost/127.0.0.1 to 10.0.2.2 for QEMU targets where the host registry is accessed via slirp networking. container-oci-registry-config.bb: Same secure mode support for podman/CRI-O with insecure=false in registries.conf. container-registry-ca.bb: New recipe that installs the CA certificate to Docker, podman/CRI-O, and system trust store paths on the target. container-cross-install.bbclass: Auto-add docker-registry-config or container-oci-registry-config to IMAGE_INSTALL when CONTAINER_REGISTRY_SECURE=1, based on the configured container engine. Signed-off-by: Bruce Ashfield --------------------------- Commit: 092aa819 --------------------------- container-registry: add secure registry infrastructure with TLS and auth Add opt-in secure registry mode with auto-generated TLS certificates and htpasswd authentication. New BitBake variables: CONTAINER_REGISTRY_SECURE - Enable TLS (HTTPS) for local registry CONTAINER_REGISTRY_AUTH - Enable htpasswd auth (requires SECURE=1) CONTAINER_REGISTRY_USERNAME/PASSWORD - Credential configuration CONTAINER_REGISTRY_CERT_DAYS/CA_DAYS - Certificate validity CONTAINER_REGISTRY_CERT_SAN - Custom SAN entries The bbclass validates conflicting settings (AUTH without SECURE) and provides credential helper functions for skopeo push operations. PKI infrastructure (CA + server cert with SAN) is auto-generated at bitbake build time via openssl-native. The generated helper script supports both TLS-only and TLS+auth modes. The script now supports environment variable overrides for CONTAINER_REGISTRY_STORAGE, CONTAINER_REGISTRY_URL, and CONTAINER_REGISTRY_NAMESPACE, uses per-port PID files to allow multiple instances, and auto-generates config files when running from an overridden storage path. Signed-off-by: Bruce Ashfield --------------------------- Commit: 4ed680e3 --------------------------- lxc: restore DEBUG_PREFIX_MAP in TARGET_LDFLAGS for LTO reproducibility oe-core [1] removed DEBUG_PREFIX_MAP from TARGET_LDFLAGS to avoid passing prefix-map options via the linker flags. This is fine for most projects since DEBUG_PREFIX_MAP is also provided via CFLAGS at configure time. However, lxc enables LTO by default, which causes link-time code generation to (re)emit debug information during the link step. Without DEBUG_PREFIX_MAP on the link command line, TMPDIR/WORKDIR paths can leak into DWARF, triggering the buildpaths QA check and breaking reproducibility. Append DEBUG_PREFIX_MAP back to TARGET_LDFLAGS for lxc to ensure prefix-map options are visible during LTO link-time compilation. [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Ricardo Salveti Signed-off-by: Bruce Ashfield --------------------------- Commit: bb7e321f --------------------------- container-cross-install: add tests and documentation for custom service files Add pytest tests to verify CONTAINER_SERVICE_FILE varflag support: TestCustomServiceFileSupport (unit tests, no build required): - test_bbclass_has_service_file_support - test_bundle_class_has_service_file_support - test_service_file_map_syntax - test_install_custom_service_function TestCustomServiceFileBoot (boot tests, require built image): - test_systemd_services_directory_exists - test_container_services_present - test_container_service_enabled - test_custom_service_content - test_podman_quadlet_directory Documentation updates: - docs/container-bundling.md: Add "Custom Service Files" section with variable format, usage examples for both BUNDLED_CONTAINERS and container-bundle packages, and example .service/.container files - tests/README.md: Add test class entries to structure diagram and "What the Tests Check" table Signed-off-by: Bruce Ashfield --------------------------- Commit: cd5081a5 --------------------------- container-cross-install: add CONTAINER_SERVICE_FILE support Add support for custom systemd service files (Docker) or Quadlet container files (Podman) instead of auto-generated ones for container autostart. For containers requiring specific startup configuration (ports, volumes, capabilities, dependencies), users can now provide custom service files using the CONTAINER_SERVICE_FILE varflag: CONTAINER_SERVICE_FILE[container-name] = "${UNPACKDIR}/myservice.service" For BUNDLED_CONTAINERS in image recipes: SRC_URI += "file://myapp.service" BUNDLED_CONTAINERS = "myapp-container:docker:autostart" CONTAINER_SERVICE_FILE[myapp-container] = "${UNPACKDIR}/myapp.service" For container-bundle packages: SRC_URI = "file://myapp.service" CONTAINER_BUNDLES = "myapp-container:autostart" CONTAINER_SERVICE_FILE[myapp-container] = "${UNPACKDIR}/myapp.service" Implementation: - container-cross-install.bbclass: Add get_container_service_file_map() to build varflag map, install_custom_service() for BUNDLED_CONTAINERS, and install_custom_service_from_bundle() for bundle packages - container-bundle.bbclass: Install custom service files to ${datadir}/container-bundles/${runtime}/services/ Signed-off-by: Bruce Ashfield --------------------------- Commit: b4ad3f9e --------------------------- image-oci: add host layer type and delta-only copying Add two enhancements to multi-layer OCI image support: 1. Delta-only copying for directories/files layers: - directories and files layers now only copy content that doesn't already exist in the bundle rootfs from earlier layers - Prevents duplication when a directories layer references paths that were already populated by a packages layer - Logs show "delta: N copied, M skipped" for visibility 2. New 'host' layer type for build machine content: - Copies files from the build machine filesystem (outside Yocto) - Format: name:host:source_path:dest_path - Multiple pairs: name:host:src1:dst1+src2:dst2 - Emits warning at parse time about reproducibility impact - Fatal error if source path doesn't exist - Use case: deployment-specific config, certificates, keys that cannot be packaged in recipes Example: OCI_LAYERS = "\ base:packages:busybox \ app:directories:/opt/myapp \ certs:host:/etc/ssl/certs/ca.crt:/etc/ssl/certs/ca.crt \ " Signed-off-by: Bruce Ashfield --------------------------- Commit: bcddeedc --------------------------- vcontainer: enable incremental builds by default Previously, vcontainer recipes had [nostamp] flags that forced all tasks to rebuild on every bitbake invocation, even when nothing changed. This was added as a workaround for dependency tracking issues but caused slow rebuild times. Changes: - Make [nostamp] conditional on VCONTAINER_FORCE_BUILD variable - Default to normal stamp-based caching for faster incremental builds - file-checksums on do_rootfs still tracks init script changes - Add VCONTAINER_FORCE_BUILD status to the tarball build banner To enable the old always-rebuild behavior (for debugging dependency issues), set in local.conf: VCONTAINER_FORCE_BUILD = "1" Signed-off-by: Bruce Ashfield --------------------------- Commit: ffa5f611 --------------------------- vcontainer-tarball: build all architectures via single bitbake command Previously, building vcontainer-tarball required multiple bitbake invocations or complex command lines to build both x86_64 and aarch64 blobs. This was a usability issue. Changes: - mcdepends now triggers builds for BOTH architectures automatically - VCONTAINER_ARCHITECTURES defaults to "x86_64 aarch64" (was auto-detect) - Add informational banner at parse time showing what will be built - Fix duplicate sanity check messages when multiconfig is active Usage is now simply: bitbake vcontainer-tarball To build only one architecture, set in local.conf: VCONTAINER_ARCHITECTURES = "x86_64" Signed-off-by: Bruce Ashfield --------------------------- Commit: 5063d6f0 --------------------------- vdkr-init: improve Docker daemon startup logging and error handling Improve debugging capabilities when Docker daemon fails to start: - Log dockerd output to /var/log/docker.log instead of /dev/null - Capture docker info exit code and output for diagnostics - Show docker info error on every 10th iteration while waiting - Include last docker info output and docker.log tail on failure - Extend sleep on failure from 2s to 5s for log review Signed-off-by: Bruce Ashfield --------------------------- Commit: 1d53c867 --------------------------- packagegroups: add container build aggregates Add packagegroup recipes to simplify building all container-related artifacts: - packagegroup-container-images: Build all OCI container images (recipes inheriting image-oci) - packagegroup-container-bundles: Build all container bundles (recipes inheriting container-bundle) - packagegroup-container-demo: Build all demo containers and bundles Usage: bitbake packagegroup-container-images bitbake packagegroup-container-bundles bitbake packagegroup-container-demo Signed-off-by: Bruce Ashfield --------------------------- Commit: 63c4d741 --------------------------- vcontainer: add host-side idle timeout with QMP shutdown Implement reliable idle timeout for vmemres daemon mode using host-side monitoring with QMP-based shutdown, and container-aware idle detection via virtio-9p shared file. Host-side changes (vrunner.sh): - Add -no-reboot flag to QEMU for clean exit semantics - Spawn background watchdog when daemon starts - Watchdog monitors activity file timestamp - Check interval scales to idle timeout (timeout/5, clamped 10-60s) - Read container status from shared file (guest writes via virtio-9p) - Only shutdown if no containers are running - Send QMP "quit" command for graceful shutdown - Watchdog auto-exits if QEMU dies (no zombie processes) - Touch activity file in daemon_send() for user activity tracking Config changes (vcontainer-common.sh): - Add idle-timeout to build_runner_args() so it's always passed Guest-side changes (vcontainer-init-common.sh): - Add watchdog that writes container status to /mnt/share/.containers_running - Host reads this file instead of socket commands (avoids output corruption) - Close inherited virtio-serial fd 3 in watchdog subshell to prevent leaks - Guest-side shutdown logic preserved but disabled (QMP more reliable) - Handle Yocto read-only-rootfs volatile directories (/var/volatile) The shared file approach avoids sending container check commands through the daemon socket, which previously caused output corruption on the single-stream virtio-serial channel. The idle timeout is configurable via: vdkr vconfig idle-timeout Default: 1800 seconds (30 minutes) Signed-off-by: Bruce Ashfield --------------------------- Commit: d242468e --------------------------- vcontainer: consolidate initramfs-create recipes Update vcontainer-initramfs-create.inc to use the image-based approach: - Depend on tiny-initramfs-image for cpio.gz (replaces file extraction) - Depend on rootfs-image for squashfs (unchanged) - Remove DEPENDS on squashfs-tools-native (no longer extracting files) Update recipe files to use the consolidated inc: - vdkr-initramfs-create_1.0.bb - vpdmn-initramfs-create_1.0.bb Boot flow remains unchanged: QEMU boots kernel + tiny initramfs -> preinit mounts rootfs.img from /dev/vda -> switch_root into rootfs.img -> vdkr-init.sh or vpdmn-init.sh runs Signed-off-by: Bruce Ashfield --------------------------- Commit: abf81c8c --------------------------- vcontainer: add tiny initramfs image infrastructure Add proper Yocto image recipes for the tiny initramfs used by vdkr/vpdmn in the switch_root boot flow: - vcontainer-tiny-initramfs-image.inc: Shared image configuration - vcontainer-preinit_1.0.bb: Preinit script package (shared) - vdkr-tiny-initramfs-image.bb: Tiny initramfs for vdkr - vpdmn-tiny-initramfs-image.bb: Tiny initramfs for vpdmn The tiny initramfs contains only busybox and a preinit script that: 1. Mounts devtmpfs, proc, sysfs 2. Mounts the squashfs rootfs.img from /dev/vda 3. Creates tmpfs overlay for writes 4. Performs switch_root to the real rootfs This replaces ad-hoc file extraction with proper image-based builds, improving reproducibility and maintainability. Signed-off-by: Bruce Ashfield --------------------------- Commit: 60b7b352 --------------------------- vcontainer-tarball: add nativesdk-expect dependency Add expect to the vcontainer SDK toolchain for interactive testing and automation scripts. Signed-off-by: Bruce Ashfield --------------------------- Commit: d72d1f13 --------------------------- linux-yocto: add iptables legacy kernel config for Docker Kernel 6.18+ split iptables into legacy/nftables backends. Docker requires the legacy iptables support, so add the kernel configuration for the full dependency chain: - CONFIG_NETFILTER_XTABLES_LEGACY=y - CONFIG_IP_NF_IPTABLES_LEGACY=m - CONFIG_IP_NF_FILTER=m - CONFIG_IP_NF_NAT=m - CONFIG_IP_NF_TARGET_MASQUERADE=m Without these, Docker's iptables rules fail to load on 6.18+ kernels. Signed-off-by: Bruce Ashfield --------------------------- Commit: 729c4bb0 --------------------------- vcontainer: add sanity checks and auto-enable virtfs for QEMU Fix virtio-9p (virtfs) support for container-cross-install batch imports which provides ~50x speedup over base64-over-serial. The issue was that native recipes don't see target DISTRO_FEATURES, so qemu-system-native wasn't getting virtfs enabled. Fix by: - layer.conf: Propagate virtualization to DISTRO_FEATURES_NATIVE when vcontainer or virtualization is in target DISTRO_FEATURES - qemu-system-native: Check DISTRO_FEATURES_NATIVE for virtfs enable - container-cross-install: Prepend native sysroot to PATH so vrunner finds the QEMU with virtfs support Signed-off-by: Bruce Ashfield --------------------------- Commit: 0f5344e8 --------------------------- vcontainer: fix runc/crun conflict in multiconfig builds The vruntime distro is used for multiconfig builds of both vdkr (Docker/runc) and vpdmn (Podman/crun) images. When CONTAINER_PROFILE or VIRTUAL-RUNTIME_container_runtime is set, containerd and podman pull their preferred runtime via RDEPENDS, causing package conflicts. Fix by having vruntime distro NOT participate in CONTAINER_PROFILE: - Set VIRTUAL-RUNTIME_container_runtime="" to prevent automatic runtime selection - Explicitly install runc in vdkr-rootfs-image.bb - Explicitly install crun in vpdmn-rootfs-image.bb This allows both images to be built in the same multiconfig without conflicts, while standard container-host images continue to use CONTAINER_PROFILE normally. Also add kernel-modules to vdkr-rootfs-image for overlay filesystem support. Signed-off-by: Bruce Ashfield --------------------------- Commit: cfab7d38 --------------------------- crun: add RCONFLICTS to prevent runc package conflict When CRUN_AS_RUNC is enabled (default), crun creates a /usr/bin/runc symlink that conflicts with the runc package's /usr/bin/runc binary. Add RCONFLICTS to declare this conflict so package managers prevent both from being installed simultaneously. Signed-off-by: Bruce Ashfield --------------------------- Commit: 572bc836 --------------------------- vcontainer: add sanity checks and auto-enable virtfs for QEMU Add sanity check that warns when vcontainer distro feature is enabled but BBMULTICONFIG is missing the required vruntime-* multiconfigs. Add qemu-system-native bbappend to auto-enable virtfs (virtio-9p) when vcontainer or virtualization distro feature is set. This is required for the fast batch-import path in container-cross-install. Signed-off-by: Bruce Ashfield --------------------------- Commit: 76cf4ff5 --------------------------- container-bundles: add multilayer container bundle recipe Add demo recipe that bundles app-container-multilayer to demonstrate multi-layer OCI images with container-cross-install. Usage: IMAGE_INSTALL:append:pn-container-image-host = " multilayer-container-bundle" Signed-off-by: Bruce Ashfield --------------------------- Commit: 25acb056 --------------------------- vcontainer: add multi-arch OCI support Add functions to detect and handle multi-architecture OCI Image Index format with automatic platform selection during import. Also add oci-multiarch.bbclass for build-time multi-arch OCI creation. Runtime support (vcontainer-common.sh): - is_oci_image_index() - detect multi-arch OCI images - get_oci_platforms() - list available platforms - select_platform_manifest() - select manifest for target architecture - extract_platform_oci() - extract single platform to new OCI dir - normalize_arch_to_oci/from_oci() - architecture name mapping - Update vimport to auto-select platform from multi-arch images Build-time support (oci-multiarch.bbclass): - Create OCI Image Index from multiconfig builds - Collect images from vruntime-aarch64, vruntime-x86-64 - Combine blobs and create unified manifest list Signed-off-by: Bruce Ashfield --------------------------- Commit: 1c902059 --------------------------- container-registry: abstract config and add multi-directory push Abstract registry configuration for Docker/Podman compatibility and add multi-directory scanning for easy multi-arch manifest list creation. - Support both DOCKER_REGISTRY_INSECURE and CONTAINER_REGISTRY_INSECURE - Add DEPLOY_DIR_IMAGES to scan all machine directories - Support push by path (single OCI) and push by name (all archs) - Add environment variable overrides for flexibility - Single 'push' command now creates multi-arch manifest lists Signed-off-by: Bruce Ashfield --------------------------- Commit: 1008fa9b --------------------------- container-cross-install: fix image naming and default runtime Fix extract_container_info() to properly handle multi-part container names and add automatic runtime detection based on CONTAINER_PROFILE. - Fix multi-part name parsing (app-container-multilayer-latest-oci now correctly becomes app-container-multilayer:latest) - Add CONTAINER_DEFAULT_RUNTIME from CONTAINER_PROFILE - Add CONTAINER_IMPORT_TIMEOUT_BASE/PER for dynamic timeout scaling Signed-off-by: Bruce Ashfield --------------------------- Commit: 52ac90f1 --------------------------- vcontainer: add virtio-9p fast path for batch imports Add virtio-9p filesystem support for faster storage output during batch container imports, replacing slow base64-over-console method. - Add --timeout option for configurable import timeouts - Mount virtio-9p share in batch-import mode - Parse _9p=1 kernel parameter for 9p availability - Write storage.tar directly to shared filesystem - Reduces import time from ~600s to ~11s for large containers Signed-off-by: Bruce Ashfield --------------------------- Commit: 929d1609 --------------------------- image-oci: add layer caching for multi-layer OCI builds Add layer caching to speed up multi-layer OCI image rebuilds. When enabled, pre-installed package layers are cached to disk and restored on subsequent builds, avoiding repeated package installation. New variables: - OCI_LAYER_CACHE: Enable/disable caching (default "1") - OCI_LAYER_CACHE_DIR: Cache location (default ${TOPDIR}/oci-layer-cache/${MACHINE}) Cache key is computed from: - Layer name and type - Sorted package list - Package versions from PKGDATA_DIR - MACHINE and TUNE_PKGARCH Cache automatically invalidates when: - Package versions change - Layer definition changes - Architecture changes Benefits: - First build: ~10-30s per layer (cache miss, packages installed) - Subsequent builds: ~1s per layer (cache hit, files copied) - Shared across recipes with identical layer definitions Build log shows cache status: NOTE: OCI Cache HIT: Layer 'base' (be88c180f651416b) NOTE: OCI: Pre-installed packages for 3 layers (cache: 3 hits, 0 misses) Also adds comprehensive pytest suite for multi-layer OCI functionality including tests for 1/2/3 layer modes and cache behavior. Signed-off-by: Bruce Ashfield --------------------------- Commit: 4fd9190b --------------------------- image-oci: add multi-layer OCI image support with OCI_LAYERS Add support for creating multi-layer OCI images with explicit layer definitions via OCI_LAYERS variable. This enables fine-grained control over container layer composition. New variables: - OCI_LAYER_MODE: Set to "multi" for explicit layer definitions - OCI_LAYERS: Define layers as "name:type:content" entries - packages: Install specific packages in a layer - directories: Copy directories from IMAGE_ROOTFS - files: Copy specific files from IMAGE_ROOTFS Package installation uses Yocto's package manager classes (RpmPM, OpkgPM) for consistency with do_rootfs, rather than calling dnf/opkg directly. Example usage: OCI_LAYER_MODE = "multi" OCI_LAYERS = "\ base:packages:base-files+base-passwd+netbase \ shell:packages:busybox \ app:packages:curl \ " This creates a 3-layer OCI image with discrete base, shell, and app layers that can be shared and cached independently. Signed-off-by: Bruce Ashfield --------------------------- Commit: 4ddc9e48 --------------------------- recipes: add multi-layer OCI example recipes Add example recipes demonstrating multi-layer OCI image building: alpine-oci-base_3.19.bb: - Fetches Alpine 3.19 from Docker Hub using container-bundle - Uses CONTAINER_BUNDLE_DEPLOY for use as OCI_BASE_IMAGE source - Pinned digest for reproducible builds app-container-alpine.bb: - Demonstrates external base image usage - Layers Yocto packages (busybox) on top of Alpine - Uses OCI_IMAGE_CMD for Docker-like behavior app-container-layered.bb: - Demonstrates local base image usage - Layers Yocto packages on top of container-base - Uses OCI_IMAGE_CMD for Docker-like behavior Both app containers produce 2-layer OCI images where the base layer is shared, reducing storage and transfer costs. Signed-off-by: Bruce Ashfield --------------------------- Commit: fb238ac5 --------------------------- docs: add OCI multi-layer and vshell documentation Update container-bundling.md with: - New "OCI Multi-Layer Images" section explaining: - Single vs multi-layer image differences - OCI_BASE_IMAGE usage (recipe name or path) - OCI_IMAGE_CMD vs OCI_IMAGE_ENTRYPOINT behavior - When to use CMD (base images) vs ENTRYPOINT (wrapper tools) Signed-off-by: Bruce Ashfield --------------------------- Commit: 98137ae7 --------------------------- vcontainer: add vshell command for VM debug access Add vshell command to vdkr/vpdmn for interactive shell access to the QEMU VM where Docker/Podman runs. This is useful for debugging container issues directly inside the virtual environment. Usage: vdkr vmemres start vdkr vshell # Now inside VM, can run docker commands directly docker images docker inspect exit The vshell command requires the memory-resident daemon to be running (vmemres start). It opens an interactive shell via the daemon's --daemon-interactive mode. Signed-off-by: Bruce Ashfield --------------------------- Commit: 9a010bea --------------------------- container-bundle: add CONTAINER_BUNDLE_DEPLOY for base layer use Add CONTAINER_BUNDLE_DEPLOY variable to enable dual-use of container-bundle: 1. Target packages (existing): Creates installable packages for target container storage (Docker/Podman) 2. Base layer source (new): When CONTAINER_BUNDLE_DEPLOY = "1", also deploys the fetched OCI image to DEPLOY_DIR_IMAGE for use as a base layer via OCI_BASE_IMAGE This enables fetching external images (docker.io, quay.io) and using them as base layers for Yocto-built container images. Example usage: # recipes-containers/oci-base-images/alpine-oci-base_3.19.bb inherit container-bundle CONTAINER_BUNDLES = "docker.io/library/alpine:3.19" CONTAINER_DIGESTS[docker.io_library_alpine_3.19] = "sha256:..." CONTAINER_BUNDLE_DEPLOY = "1" # Then in your app container recipe: OCI_BASE_IMAGE = "alpine-oci-base" IMAGE_INSTALL = "myapp" Signed-off-by: Bruce Ashfield --------------------------- Commit: b02a9d60 --------------------------- image-oci: add multi-layer OCI support and CMD default Add support for multi-layer OCI images, enabling base + app layer builds: Multi-layer support: - Add OCI_BASE_IMAGE variable to specify base layer (recipe name or path) - Add OCI_BASE_IMAGE_TAG for selecting base image tag (default: latest) - Resolve base image type (recipe/path/remote) at parse time - Copy base OCI layout before adding new layer via umoci repack - Fix merged-usr whiteout ordering issue for non-merged-usr base images (replaces problematic whiteouts with filtered entries to avoid Docker pull failures when layering merged-usr on traditional layout) CMD/ENTRYPOINT behavior change: - Add OCI_IMAGE_CMD variable (default: "/bin/sh") - Change OCI_IMAGE_ENTRYPOINT default to empty string - This makes `docker run image /bin/sh` work as expected (like Docker Hub images) - OCI_IMAGE_ENTRYPOINT_ARGS still works for legacy compatibility - Fix shlex.split() for proper shell quoting in CMD/ENTRYPOINT values The multi-layer feature requires umoci backend (default). The sloci backend only supports single-layer images and will error if OCI_BASE_IMAGE is set. Example usage: OCI_BASE_IMAGE = "container-base" IMAGE_INSTALL = "myapp" OCI_IMAGE_CMD = "/usr/bin/myapp" Signed-off-by: Bruce Ashfield --------------------------- Commit: 68320b2c --------------------------- container-registry: add management commands and documentation Registry management commands: - delete :: Remove tagged images from registry - gc: Garbage collection with dry-run preview and confirmation - push --tag: Explicit tags now require image name (prevents accidentally tagging all images with same version) Config improvements: - Copy config to storage directory with baked-in storage path - Fixes gc which reads config directly (not via env var) - All registry files now in ${TOPDIR}/container-registry/ Documentation: - Development Loop workflow (build, push, pull, test) - Build-time OCI labels (revision, branch, created) - Complete command reference Signed-off-by: Bruce Ashfield --------------------------- Commit: 8b19fa53 --------------------------- image-oci: add build-time metadata labels for traceability Automatically embed source and build information into OCI images using standard OCI annotations (opencontainers.org image-spec): - org.opencontainers.image.revision: git commit SHA - org.opencontainers.image.ref.name: git branch name - org.opencontainers.image.created: ISO 8601 build timestamp - org.opencontainers.image.version: PV (if meaningful) New variables: - OCI_IMAGE_REVISION: explicit SHA override (auto-detects from TOPDIR) - OCI_IMAGE_BRANCH: explicit branch override (auto-detects from TOPDIR) - OCI_IMAGE_BUILD_DATE: explicit timestamp override (auto-generated) - OCI_IMAGE_APP_RECIPE: hook for future cross-recipe extraction Set any variable to "none" to disable that specific label. This enables 1:1 traceability between container images and source code, following industry best practices for CI/CD and release management. Signed-off-by: Bruce Ashfield --------------------------- Commit: 1d896819 --------------------------- container-registry: add industry-standard tag strategies Add comprehensive tag support for registry push operations: Tag strategies (CONTAINER_REGISTRY_TAG_STRATEGY): - sha/git: short git commit hash for traceability - branch: git branch name (sanitized) for dev workflows - semver: nested SemVer tags (1.2.3 -> 1.2.3, 1.2, 1) - timestamp: YYYYMMDD-HHMMSS format - version: single version tag from PV - latest: the "latest" tag - arch: append architecture suffix Helper script enhancements: - push --tag : explicit tags (repeatable) - push --strategy : override tag strategy - push --version : version for semver strategy - Baked-in defaults from bitbake variables - Environment variable overrides supported This aligns with industry practices: - Git SHA for CI/CD traceability - SemVer nested tags for release management - Branch tags for feature development Signed-off-by: Bruce Ashfield --------------------------- Commit: 45a4f2aa --------------------------- tests: add container registry pytest tests Add pytest tests for registry functionality: - test_vdkr_registry.py: vconfig registry, image commands, CLI override - test_container_registry_script.py: start/stop/push/import/list/tags - conftest.py: --registry-url, --registry-script options Signed-off-by: Bruce Ashfield --------------------------- Commit: f865a238 --------------------------- vdkr: add registry configuration and pull fallback Add registry support to vdkr: - vconfig registry command for persistent config - --registry flag for one-off usage - Registry-first, Docker Hub fallback for pulls - Baked-in registry config via CONTAINER_REGISTRY_URL - Image commands (inspect, history, rmi, images) work without transform Signed-off-by: Bruce Ashfield --------------------------- Commit: 87ed625c --------------------------- container-registry: add local OCI registry infrastructure Add container registry support for Yocto container workflows: - container-registry.bbclass with helper functions - container-registry-index.bb generates helper script with baked paths - docker-registry-config.bb for Docker daemon on targets - container-oci-registry-config.bb for Podman/Skopeo/Buildah targets - IMAGE_FEATURES container-registry for easy target configuration Signed-off-by: Bruce Ashfield --------------------------- Commit: 33944038 --------------------------- tests: increase stop command timeouts to 30 seconds Docker stop has a default 10-second grace period before SIGKILL, so test timeouts of 10 seconds were insufficient. Increase all stop timeouts to 30 seconds to account for the grace period plus command overhead. Signed-off-by: Bruce Ashfield --------------------------- Commit: cfd997d1 --------------------------- tests: add --network=host backward compatibility test Add test_network_host_backward_compat to verify that explicit --network=host still works with the new bridge networking default. Uses busybox httpd with configurable port since static port forwards now map host_port -> host_port on VM (for bridge networking's Docker -p handling). Also update test docstrings to reflect bridge networking as the new default and add port 8082 to TEST_PORTS for orphan cleanup. Signed-off-by: Bruce Ashfield --------------------------- Commit: 3d7bf7da --------------------------- vcontainer: fix ps -q to suppress port forward display When using `ps -q` or `ps --quiet`, only container IDs should be output. The port forward registry display was being included, which broke cleanup code that expected just container IDs. Signed-off-by: Bruce Ashfield --------------------------- Commit: f367e1c7 --------------------------- vrunner: update static port forwarding for bridge networking Update the static port forwarding (used at QEMU startup) to match the dynamic QMP port forwarding change. With bridge networking: - QEMU forwards host:port -> VM:port - Docker's iptables handles VM:port -> container:port Previously the static port forward went directly to the container port (host:8080 -> VM:80), which doesn't work with bridge networking where Docker needs to handle the final hop. Signed-off-by: Bruce Ashfield --------------------------- Commit: dd13b2b6 --------------------------- tests: add cleanup for orphan QEMU and stale test state Add session-scoped autouse fixture that at session start: 1. Kills any QEMU processes holding ports used by tests (8080, 8081, 8888, etc.) - handles orphans from manual testing or crashed runs 2. Cleans up corrupt test state directories (docker-state.img with "needs journal recovery") to ensure tests start fresh This ensures tests don't fail due to leftover state from previous runs or manual testing. Signed-off-by: Bruce Ashfield --------------------------- Commit: 35193015 --------------------------- recipes: fix multiconfig build comments Fix the bitbake multiconfig commands in rootfs recipe comments. The multiconfig names are vruntime-aarch64 and vruntime-x86-64, not vdkr-*/vpdmn-*. Signed-off-by: Bruce Ashfield --------------------------- Commit: aaaef65d --------------------------- tests: add bridge networking test Add test_multiple_containers_same_internal_port() to verify the key benefit of bridge networking: multiple containers can listen on the same internal port with different host port mappings. The test runs two nginx containers both listening on port 80 internally, mapped to host ports 8080 and 8081, and verifies both are accessible. Also update TestPortForwarding docstring to reflect the change from host networking to bridge networking. Signed-off-by: Bruce Ashfield --------------------------- Commit: f2889118 --------------------------- vcontainer: update CLI for bridge networking Update the CLI wrapper to work with Docker bridge networking: - qmp_add_hostfwd(): Change QEMU port forward from host_port->guest_port to host_port->host_port. With bridge networking, Docker's iptables handles the final hop (VM:host_port -> container:guest_port). - Default network mode: Remove --network=host default. Docker's bridge is now the default, giving each container its own IP. Users can still explicitly use --network=host for legacy behavior. - Update help text to document the new bridge networking behavior. Port forwarding flow is now: Host:8080 -> QEMU -> VM:8080 -> Docker iptables -> Container:80 Signed-off-by: Bruce Ashfield --------------------------- Commit: 6b18259b --------------------------- vdkr: enable Docker bridge networking Enable Docker's default bridge network (docker0, 172.17.0.0/16) inside the QEMU VM to allow multiple containers to listen on the same internal port with different host port mappings. Changes: - Add iptables package to vdkr-rootfs-image for Docker NAT rules - Change dockerd options in vdkr-init.sh: - Set --iptables=true (was false) - Remove --bridge=none to enable default docker0 bridge This enables the workflow: vdkr run -d -p 8080:80 --name nginx1 nginx:alpine vdkr run -d -p 8081:80 --name nginx2 nginx:alpine # Both work - each container gets its own 172.17.0.x IP Previously with --network=host (the old default), both containers would try to bind port 80 on the VM's single IP, causing conflicts. Signed-off-by: Bruce Ashfield --------------------------- Commit: 3c01c9aa --------------------------- vcontainer-common: fix QMP netdev ID for hostfwd commands The QEMU netdev is named 'net0', not 'user.0'. Fix the hostfwd_add and hostfwd_remove commands to use the correct netdev ID. Signed-off-by: Bruce Ashfield --------------------------- Commit: 6cd8f5c6 --------------------------- vcontainer-common: remove 'local' keywords from case blocks The 'local' keyword can only be used inside functions, not in the main script's case blocks. Remove 'local' from variables in the run, ps, and vmemres case handlers. Signed-off-by: Bruce Ashfield --------------------------- Commit: 1370e09b --------------------------- vcontainer-init: fix idle timeout detection to distinguish EOF from timeout The read -t command returns different exit codes: - 0: successful read - 1: EOF (connection closed) - >128: timeout (typically 142) Previously, any empty result was treated as timeout, but when the host closes the connection after PING/PONG, read returns EOF immediately. This caused the daemon to shut down right after startup. Now we capture the exit code and only trigger idle shutdown when read actually times out (exit code > 128). Signed-off-by: Bruce Ashfield --------------------------- Commit: 2f75879b --------------------------- vrunner: fix file descriptor close syntax for coproc The syntax {SOCAT[0]}<&- is invalid - curly braces are for allocating new file descriptors, not referencing existing ones. Use eval with ${SOCAT[0]} to properly close the coproc file descriptors. Fixes: "SOCAT[0]: ambiguous redirect" error when using daemon mode. Signed-off-by: Bruce Ashfield --------------------------- Commit: 3f0745b4 --------------------------- tests: add tests for auto-start and dynamic port forwarding Add test coverage for new vmemres features: TestAutoStartDaemon: - test_auto_start_on_first_command: Verify daemon auto-starts - test_no_daemon_flag: Verify --no-daemon uses ephemeral mode - test_vconfig_auto_daemon: Test auto-daemon config setting - test_vconfig_idle_timeout: Test idle-timeout config setting TestDynamicPortForwarding: - test_dynamic_port_forward_run: Run -d -p adds forward dynamically - test_port_forward_cleanup_on_stop: Forwards removed on stop - test_port_forward_cleanup_on_rm: Forwards removed on rm - test_multiple_dynamic_port_forwards: Multiple containers work TestPortForwardRegistry: - test_port_forward_cleared_on_memres_stop: Registry cleared Also add ensure_busybox() helper to both VdkrRunner and VpdmnRunner. Signed-off-by: Bruce Ashfield --------------------------- Commit: 0ebf4ef7 --------------------------- vcontainer: add dynamic port forwarding via QEMU QMP Add dynamic port forwarding for containers using QEMU's QMP (QEMU Machine Protocol). This enables running multiple detached containers with different port mappings without needing to declare ports upfront. Key changes: - vrunner.sh: Add QMP socket (-qmp unix:...) to daemon startup - vcontainer-common.sh: * QMP helper functions (qmp_send, qmp_add_hostfwd, qmp_remove_hostfwd) * Port forward registry (port-forwards.txt) for tracking mappings * Parse -p, -d, --name flags in run command * Add port forwards via QMP for detached containers * Enhanced ps command to show host port forwards * Cleanup port forwards on stop/rm/vmemres stop Usage: vdkr run -d -p 8080:80 nginx # Adds 8080->80 forward vdkr run -d -p 3000:3000 myapp # Adds 3000->3000 forward vdkr ps # Shows containers + port forwards vdkr stop nginx # Removes 8080->80 forward This solves the problem where auto-started vmemres couldn't handle multiple containers with different port mappings. QMP allows adding and removing port forwards at runtime without restarting the daemon. Signed-off-by: Bruce Ashfield --------------------------- Commit: 9e17cd68 --------------------------- vcontainer: add auto-start daemon with idle timeout Add automatic daemon startup and idle timeout cleanup for vdkr/vpdmn: - vmemres daemon auto-starts on first command (no manual start needed) - Daemon auto-stops after idle timeout (default: 30 minutes) - --no-daemon flag for ephemeral mode (single-shot QEMU) - New config keys: idle-timeout, auto-daemon Changes: - vcontainer-init-common.sh: Parse idle_timeout from cmdline, add read -t timeout to daemon loop for auto-shutdown - vrunner.sh: Add --idle-timeout option, pass to kernel cmdline - vcontainer-common.sh: Auto-start logic in run_runtime_command(), --no-daemon flag, config defaults - container-cross-install.bbclass: Add --no-daemon for explicit ephemeral mode during Yocto builds Configuration: vdkr vconfig idle-timeout 3600 # 1 hour timeout vdkr vconfig auto-daemon false # Disable auto-start Signed-off-by: Bruce Ashfield --------------------------- Commit: 70a9de6c --------------------------- image-oci: fix symlink loop on image rebuild Use ln -sfn instead of ln -sf to prevent creating symlinks inside existing symlink target directories. Without -n, if the convenience symlink (e.g., container-base-latest-oci) already exists and points to a directory, ln -sf creates the new symlink inside that directory rather than replacing it, resulting in a self-referencing symlink. This manifests as "Too many levels of symbolic links" errors when container-bundle tries to copy OCI images after a rebuild. Signed-off-by: Bruce Ashfield --------------------------- Commit: 3a24b69b --------------------------- tests: fix has_image false positive from substring match Change has_image() to use 'image inspect' instead of substring search in 'images' output. The substring approach caused false positives when images like 'nginx:alpine' were present - searching for 'alpine' would match and skip pulling 'alpine:latest'. This fixes TestSaveLoad::test_save_and_load which failed after the port forwarding test introduced nginx:alpine. Signed-off-by: Bruce Ashfield --------------------------- Commit: 2af9d5d8 --------------------------- docs: update meta-virt-roadmap Signed-off-by: Bruce Ashfield --------------------------- Commit: 7584611e --------------------------- docs: fix dead references to vdkr-native and obsolete test classes Update references to reflect the current architecture: - Change vdkr-native/vpdmn-native to vcontainer-native in comments - Remove TestContainerCrossTools and TestContainerCrossInitramfs from README - Fix build command: vdkr-native → vcontainer-tarball Signed-off-by: Bruce Ashfield --------------------------- Commit: 7cfd91b8 --------------------------- docs: add container bundling and vdkr/vpdmn documentation Add comprehensive documentation for the container cross-install system: - Choosing between BUNDLED_CONTAINERS and container-bundle packages - Decision guide table for selecting the right approach - Component relationships (app recipe -> container image -> bundle) - BUNDLED_CONTAINERS format and examples - container-bundle.bbclass usage - Container autostart configuration - vdkr/vpdmn virtual container runtime usage - Architecture overview and how it works - Testing instructions This provides a single reference for users wanting to bundle containers into Yocto images at build time. Signed-off-by: Bruce Ashfield --------------------------- Commit: f93abf86 --------------------------- classes: factor out shared functions to container-common.bbclass Create container-common.bbclass with shared Python functions used by both container-bundle.bbclass and container-cross-install.bbclass: - get_vruntime_multiconfig(d): Maps TARGET_ARCH to multiconfig name - get_vruntime_machine(d): Maps TARGET_ARCH to MACHINE for deploy path - get_blob_arch(d): Maps TARGET_ARCH to blob directory name This removes ~55 lines of duplicated code and ensures consistency between the two bbclass files. Signed-off-by: Bruce Ashfield --------------------------- Commit: e41728ba --------------------------- vcontainer: default to --network=host for container run Docker bridge networking is intentionally disabled in vdkr (dockerd runs with --bridge=none --iptables=false). Rather than requiring users to explicitly add --network=host to every container run command, make it the default. This simplifies port forwarding workflows: vdkr memres start -p 8080:80 vdkr run -d --rm nginx:alpine # Just works, no --network=host needed Users can still override with --network=none if they explicitly want no networking. Updates help text and examples to reflect the new default. Signed-off-by: Bruce Ashfield --------------------------- Commit: c03fa452 --------------------------- vcontainer: add SDK-based standalone tarball Add vcontainer-tarball.bb recipe that creates a relocatable standalone distribution of vdkr and vpdmn container tools using Yocto SDK infrastructure. Features: - Auto-detects available architectures from built blobs - Custom SDK installer with vcontainer-specific messages - nativesdk-qemu-vcontainer.bb: minimal QEMU without OpenGL deps Recipe changes: - DELETE vdkr-native_1.0.bb (functionality moved to SDK) - DELETE vpdmn-native_1.0.bb (functionality moved to SDK) - ADD vcontainer-tarball.bb (SDK tarball recipe) - ADD toolchain-shar-extract.sh (SDK installer template) - ADD nativesdk-qemu-vcontainer.bb (minimal QEMU for SDK) Usage: MACHINE=qemux86-64 bitbake vcontainer-tarball ./tmp/deploy/sdk/vcontainer-standalone.sh -d /opt/vcontainer -y source /opt/vcontainer/init-env.sh vdkr images Signed-off-by: Bruce Ashfield --------------------------- Commit: f9f8e294 --------------------------- tests: add port forwarding test for vdkr Add TestPortForwarding class with test_port_forward_nginx that: - Starts memres with port forwarding (-p 8080:80) - Runs nginx with --network=host - Verifies accessibility from host via curl Also adds port_forwards parameter to memres_start() in both VdkrRunner and VpdmnRunner helper classes. Signed-off-by: Bruce Ashfield --------------------------- Commit: 1165c61f --------------------------- tests: add pytest framework for vdkr and vpdmn Add pytest-based test suite for testing vdkr and vpdmn CLI tools. Tests use a separate state directory (~/.vdkr-test/) to avoid interfering with production images. Test files: - conftest.py: Pytest fixtures for VdkrRunner and VpdmnRunner - test_vdkr.py: Docker CLI tests (images, vimport, vrun, volumes, etc.) - test_vpdmn.py: Podman CLI tests (mirrors vdkr test coverage) - memres-test.sh: Helper script for running tests with memres - pytest.ini: Pytest configuration and markers Test categories: - Basic operations: images, info, version - Import/export: vimport, load, save - Container execution: vrun, run, exec - Storage management: system df, vstorage - Memory resident mode: memres/vmemres start/stop/status Running tests: pytest tests/test_vdkr.py -v --vdkr-dir /tmp/vcontainer-standalone pytest tests/test_vpdmn.py -v --vdkr-dir /tmp/vcontainer-standalone Signed-off-by: Bruce Ashfield --------------------------- Commit: c32e1081 --------------------------- container-cross-install: add bbclass for bundling containers into images This class enables bundling pre-built OCI containers into Yocto images at build time. It uses vdkr/vpdmn to process containers via QEMU, producing properly formatted storage that can be merged into the target rootfs. Two mechanisms for bundling containers: 1. BUNDLED_CONTAINERS variable (direct specification): - Set in local.conf or image recipe - Format: "name:runtime[:autostart][:external]" - Dependencies auto-generated at parse time - Example: BUNDLED_CONTAINERS = "container-base:docker:autostart" 2. container-bundle packages (package-based): - Recipes inherit container-bundle.bbclass to create packages - Installing packages via IMAGE_INSTALL triggers processing - merge_installed_bundles() scans installed OCI directories - Runs vrunner once in batch-import mode for efficiency Automatic dependency generation for BUNDLED_CONTAINERS: - Parses entries at recipe parse time via python __anonymous() - Derives recipe name from OCI dir names (strips -latest-oci/-oci suffix) - Generates do_rootfs[depends] on recipe:do_image_complete - Use :external tag to skip dependency for third-party blobs - Single "bitbake container-image-host" builds containers + image Usage in image recipe: inherit container-cross-install Features: - Automatic detection of target architecture - Support for both Docker and Podman runtimes - Batch import mode for efficiency with multiple containers - Autostart support via systemd services (Docker) or Quadlet (Podman) - Integration with vrunner for QEMU-based processing - Backwards compatible with legacy -latest-oci naming convention The class processes containers during do_rootfs and merges the resulting storage into /var/lib/docker or /var/lib/containers. Signed-off-by: Bruce Ashfield --------------------------- Commit: 79d03d53 --------------------------- container-bundle: add package-based container bundling support This class creates installable packages that bundle pre-processed container images. When installed via IMAGE_INSTALL, containers are automatically merged into the target image's container storage. Component relationships for bundling a local container: 1. Application Recipe (builds the software) recipes-demo/myapp/myapp_1.0.bb - Compiles application binaries - Creates installable package (myapp) 2. Container Image Recipe (creates OCI image containing the app) recipes-demo/images/myapp-container.bb - inherit image image-oci - IMAGE_INSTALL = "myapp" - Produces: ${DEPLOY_DIR_IMAGE}/myapp-container-latest-oci/ 3. Bundle Recipe (packages container images for deployment) recipes-demo/bundles/my-bundle_1.0.bb - inherit container-bundle - CONTAINER_BUNDLES = "myapp-container:autostart" - Creates installable package with OCI data Flow: application recipe -> container image recipe -> bundle recipe -> IMAGE_INSTALL in host image -> container deployed on target Usage: inherit container-bundle CONTAINER_BUNDLES = "myapp-container:autostart redis-container" CONTAINER_BUNDLES format: source[:autostart-policy] - source: Container IMAGE recipe name or remote registry URL - autostart-policy: Optional (autostart, always, unless-stopped, on-failure) Features: - Auto-generates dependencies on container image recipes (do_image_complete) - Supports remote containers via skopeo (requires CONTAINER_DIGESTS) - Runtime auto-detected from CONTAINER_PROFILE (docker/podman) - Produces OCI directories and metadata for container-cross-install Signed-off-by: Bruce Ashfield --------------------------- Commit: 0cdb5504 --------------------------- vcontainer: add documentation Add documentation for vcontainer/vdkr/vpdmn: - README.md: Update layer README with vcontainer distro feature - recipes-containers/vcontainer/README.md: Comprehensive vdkr/vpdmn usage documentation including CLI commands, build instructions, and architecture overview Signed-off-by: Bruce Ashfield --------------------------- Commit: 8f6f746b --------------------------- vcontainer: add vpdmn Podman support Add vpdmn - Podman CLI wrapper for cross-architecture container operations: Scripts: - vpdmn.sh: Podman CLI entry point (vpdmn-x86_64, vpdmn-aarch64) - vpdmn-init.sh: Podman init script for QEMU guest Recipes: - vpdmn-native: Installs vpdmn CLI wrappers - vpdmn-rootfs-image: Builds Podman rootfs with crun, netavark, skopeo - vpdmn-initramfs-create: Creates bootable initramfs blob The vpdmn CLI provides Podman-compatible commands executed inside a QEMU-emulated environment. Unlike vdkr, Podman is daemonless which simplifies the guest init process. Signed-off-by: Bruce Ashfield --------------------------- Commit: 18074e0e --------------------------- vcontainer: add vdkr Docker support Add vdkr - Docker CLI wrapper for cross-architecture container operations: Scripts: - vdkr.sh: Docker CLI entry point (vdkr-x86_64, vdkr-aarch64) - vdkr-init.sh: Docker init script for QEMU guest Recipes: - vdkr-native: Installs vdkr CLI wrappers - vdkr-rootfs-image: Builds Docker rootfs with containerd, runc, skopeo - vdkr-initramfs-create: Creates bootable initramfs blob The vdkr CLI provides Docker-compatible commands executed inside a QEMU-emulated environment, enabling cross-architecture container operations during Yocto builds. Signed-off-by: Bruce Ashfield --------------------------- Commit: c32db569 --------------------------- vcontainer: add shared infrastructure and runner Add core vcontainer infrastructure shared by vdkr and vpdmn: Scripts: - vrunner.sh: QEMU runner supporting both Docker and Podman runtimes - vcontainer-common.sh: Shared CLI functions and command handling - vcontainer-init-common.sh: Shared init script functions for QEMU guest - vdkr-preinit.sh: Initramfs preinit for switch_root to squashfs overlay Recipes: - vcontainer-native: Installs vrunner.sh and shared scripts - vcontainer-initramfs-create.inc: Shared initramfs build logic Features: - Docker/Podman-compatible commands: images, pull, load, save, run, exec - Memory resident mode for fast command execution - KVM acceleration when host matches target - Interactive mode with volume mounts - Squashfs rootfs with tmpfs overlay Signed-off-by: Bruce Ashfield --------------------------- Commit: 4baa3503 --------------------------- vcontainer: add vruntime distro and multiconfigs Add minimal vruntime distro for building QEMU blob images: - conf/distro/vruntime.conf: Minimal distro with vcontainer features - conf/multiconfig/vruntime-aarch64.conf: aarch64 multiconfig - conf/multiconfig/vruntime-x86-64.conf: x86-64 multiconfig The vruntime distro provides a minimal environment for building Docker/Podman rootfs images used by vdkr/vpdmn. Signed-off-by: Bruce Ashfield --------------------------- Commit: f73b6076 --------------------------- vcontainer: add kernel config fragments for container support Add kernel configuration fragments required for vdkr/vpdmn: - 9p.cfg: 9P filesystem for virtio-9p file sharing (volume mounts) - squashfs.cfg: Squashfs and overlayfs for rootfs images Only applied when "vcontainer" is in DISTRO_FEATURES. Signed-off-by: Bruce Ashfield --------------------------- Commit: aca7bf0b --------------------------- busybox: add utilities required for container cross-install Add busybox configuration fragment enabling utilities needed for container cross-install initramfs: - base64: Required for transferring container storage from QEMU to host via serial console - hexdump, uuencode, split: Additional useful utilities These utilities are used by the rootfs/runtime/init inside QEMU to encode container storage data for transfer. Signed-off-by: Bruce Ashfield --------------------------- Commit: 28d26fd9 --------------------------- lopper: update to -tip Bumping lopper to latest, which comprises the following commits: b3ef974 lopper: assists: xlnx_overlay_dt: Remove explicit phandle property configuration 5ee18e1 lopper: assists: xlnx_overlay_dt: Sort imports 15780a1 lopper: assists: xlnx_overlay_dt: Use Lopper logging 9bfadf3 lopper: assists: xlnx_overlay_dt: Refactor to use Lopper tree operations 435a501 openamp: xlnx: add specific checks to ensure reserved mem is ok 3a3df0a lopper_sanity/schema: add /bits/ 64 bit preserved test cd8a467 lopper/tree: fix /bits/ 64 property output 363b74b lopper:assists:baremetallinker_xlnx: Correct OCM memory mapping in xlnx_memipname 35f96f9 gen_domain_dts: Fix RTC interrupt format for Zephyr 1c11d1c lopper: assists: zephyr: Add Xilinx RTC node for Zephyr 85bf49e gen_domain_dts: Fix back clock_props logic afa272d openamp: xlnx: enable zephyr RPU DT without domain-access 09ba439 openamp: xlnx: parity with default openamp cases a279acf lopper: assist: zephyr: for R52 update ranges property 7db8955 gen_domain_dts: Remove mig-7series, ddr4 and lmb_bram from the list of PL memory IPs that need to be removed e6a1d17 assists: gen_domain_dts: Add tcm lockstep nodes to linux_ignore_ip_list 833d64b lops/sample: add a sample lop file for phandle modifications c97589b lopper:assist: Define FRL enable macro based on HDMI mode 696a855 lopper:assists:baremetalconfig_xlnx: Fix file handle leak in DtbtoCStruct causing _g.c file corruption 4fa6a81 lopper:assists: Refactor device tree node property access to use propval() method aa0ba9a openamp: xlnx: xlnx_openamp_get_ddr_elf_load: skip mmio-sram nodes 8080436 assists/yaml_to_dts_expansion: resolve_host_remote: fix err handling path d8c8022 assists/yaml_to_dts_expansion: openamp_remote_cpu_expand: fix lockstep check 8b39ddf sanity/openamp: reformat test to use internal script 32ab506 assists/domain_access: fix includes b717e84 assists/yaml_to_dts_expansion: add start/size helper 72a938c assists/yaml_to_dts_expansion: Add cleanups 87e3d3e assists/domain_access: Document case of empty memory description for domain b3d7642 lopper: move YAML expansion to its own plugin yaml_translation 429834f assists/subsystem: add yaml handling from openamp 7e88aef openamp: remove yaml handling here 6e77a4b assists/domain_access: remove expand calls 84cba90 openamp: xlnx: removed yaml translation routines 3c7947e openamp: xlnx: Add documentation for each routine. 18cb02e lopper: assists: zephyr: Add MMIO SRAM d7e1875 assists/domain_access: memory: account for empty memory value cb66e4d openamp: xlnx: refactor for domain access 387d72e assists/domain_access: Only do a re-order for reserved memory efb5998 yaml-xlate: update handling for domain reserved memory f395a39 assists/subsystem: reserved_memory_expand: change to follow phandle list convention f120d7e gen_domain_dts: remove openamp handling bf70796 baremetallinker_xlnx: update openamp elf ddr routine 61a19eb assists/subsystem: add RPU power domain to domain 419b2b0 lops/xlate-yaml: synchronize interrupt-map phandle definition 3c827f4 lops: drop cdo lops from default loading b48475e housekeeping: remove unused cdo lops and assists ad3d848 lopper:assists:baremetalconfig_xlnx: Fix file handle leak in DtbtoCStruct causing _g.c file corruption 892679f lopper/base: tweak comment regex to skip embedded python 6f0ffe0 lopper: correctly label compact (or sparse) nodes in --enhanced mode 06ca2b9 lopper: Use absolute() instead of resolve() to preserve substituted drive letters and avoid Windows path length issues 4117062 lopper_sanity: make results output uniform 8569906 loper/yaml: update to lopper.log and global trace level values 61d252b tree: drop if verbose checks 0ddcc1c lopper/query: convert to lopper.log format 59fc977 loper/base: convert output to lopper.log format 460ca22 assists/extract: convert to lopper log output 608610a assits/domain_access: set finer grained lopper log level 7e75684 assists/compare: convert to lopper.log output fd630e3 lopper/common_utils: convert remaining print to lopper.log 2330e5f lopper/cdo: use lopper.log instead of print c0f92ba lopper/main: convert remaining print statments to lopper.log 4cee119 lopper: SDT: convert print statements to lopper.log output 27b0b6a lopper/fdt: convert print statements to lopper log calls fd17a4f lopper/log: add additional logging levels abf3aed lopper: convert remaining verbosity checks to lopper.log calls 59d307f lopper: allow .dtsi files to be joined with the SDT e4c11a0 gpios: add phandle field description f4bfbbf lopper:assists: Add exception handling for missing clock nodes 50c245d assists: baremetallinker_xlnx: Add support for lpddr memory IP dd91add baremetal_gentestapp_xlnx: Skip the inclusion of the IP in peripheral test if is-hierarchy is present in the DT node 4f56ad3 lopper: assists: gen_domain_dts: Fix for Zephyr microblaze Kconfig generation alignment and ordering 9303c00 lopper: assist: zephyr: Add support for dma-channels property in AXI-DMA node 873dc86 docs(zephyr): Add comprehensive AMD SoC processor documentation with Sphinx integration Signed-off-by: Bruce Ashfield --------------------------- Commit: 03fe48aa --------------------------- lxc: delete empty lxc state directory lxc systemd service [1] defines a StateDirectory to ensure that the /var/lib/lxc directory is automatically created and managed by systemd during service startup. Do not create lxc directory at build time for systemd. [1] https://github.com/lxc/lxc/blob/f9ff9ea2a92653a823edf25e8e28c9dab08b3090/config/init/systemd/lxc.service.in#L16 Signed-off-by: Vishwas Udupa Signed-off-by: Bruce Ashfield --------------------------- Commit: 9d98a3a8 --------------------------- cockpit-machines: add recipe `cockpit-machines` is a Cockpit plugin used to provide a web interface to manage virtual machines. Since Cockpit version 242, cockpit-machines has been moved to a dedicated repository. This package is dependent on cockpit package from meta-webserver layer. To test it, access the cockpit-machines UI on the tested target at `https://127.0.0.1:9090/machines`. Signed-off-by: Paul Le Guen de Kerneizon Signed-off-by: Bruce Ashfield --------------------------- Commit: 980ef86f --------------------------- python3-dotenv: add UPSTREAM_CHECK_PYPI_PACKAGE Add UPSTREAM_CHECK_PYPI_PACKAGE to check the correct latest stable verison. Before the patch: $ devtool latest-version python3-dotenv INFO: Current version: 1.1.0 INFO: Latest version: 1.0.1 After the patch: $ devtool latest-version python3-dotenv INFO: Current version: 1.1.0 INFO: Latest version: 1.2.1 Signed-off-by: Yi Zhao Signed-off-by: Bruce Ashfield --------------------------- Commit: f6a438e0 --------------------------- irqbalance: correct to install /etc/default for systemd Due to upstream commit [Properly embed EnvironmentFile sourced systemd configs into meson and autonconf][1], introduced 2 configurable directories, defaults set to: /usr/etc/default. This commit uses option --with-pkgconfdir to correct to install /etc/default for systemd as usual [1] https://github.com/Irqbalance/irqbalance/commit/41cb97c714e6216ab7f10f8aaa51a2548da3acc7 Signed-off-by: Hongxu Jia Signed-off-by: Bruce Ashfield ## meta-yocto --------------------------- Commit: c7fa63b --------------------------- poky: Remove Fedora 41 from sanity tested distros list Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f4d45d0 --------------------------- poky: Update codename whinlatter -> wrynose Signed-off-by: Richard Purdie --------------------------- Commit: ddd007f --------------------------- layer.conf: Update wrynose release series Signed-off-by: Richard Purdie --------------------------- Commit: 31e68c7 --------------------------- oeqa/runtime/parselogs: ignore KV260 USB error on genericarm64 On AMD KV260 the USB 1-1 driver sometimes throws this new warning at boot but continues and USB stack works so ignore the error: usb 1-1: device descriptor read/64, error -71 hub 1-1:1.0: USB hub found hub 1-1:1.0: 5 ports detected usb 2-1: new SuperSpeed USB device number 2 using xhci-hcd hub 2-1:1.0: USB hub found hub 2-1:1.0: 4 ports detected https://lists.yoctoproject.org/g/automated-testing/message/1525 Signed-off-by: Mikko Rapeli Signed-off-by: Richard Purdie --------------------------- Commit: b9f474f --------------------------- oeqa/runtime/parselogs: workaround current TI BeaglePlay warnings On genericarm64 machine, parselogs test is currently failing due to these error messages. They don't seem to affect functionality so ignore them for now. Signed-off-by: Mikko Rapeli Signed-off-by: Richard Purdie --------------------------- Commit: 4e081be --------------------------- poky: Update after core default changes These changes were moved into defaultsetup.conf and therefore are no longer needed here. Signed-off-by: Richard Purdie --------------------------- Commit: 3f03fda --------------------------- yocto-bsp: update to v6.18.13 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: 25e0b1c206e3d Linux 6.18.13 df337ba02ca53 f2fs: fix incomplete block usage in compact SSA summaries 855c54f1803e3 f2fs: fix to do sanity check on node footer in {read,write}_end_io cd2fec912a0f0 f2fs: fix to do sanity check on node footer in __write_node_folio() 715a7a72e4736 USB: serial: option: add Telit FN920C04 RNDIS compositions f611dafe0ffd3 iommu/arm-smmu-qcom: do not register driver in probe() 0415ae51a40e3 f2fs: optimize f2fs_overwrite_io() for f2fs_iomap_begin fee27b69dde1a f2fs: fix to avoid mapping wrong physical block for swapfile 97e4f479939e5 f2fs: support non-4KB block size without packed_ssa feature 995030be4ce63 f2fs: fix to avoid UAF in f2fs_write_end_io() d4a594dd952df f2fs: fix out-of-bounds access in sysfs attribute read/write bd66b4c487d50 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes 70cf1e96bde07 f2fs: fix to check sysfs filename w/ gc_pin_file_thresh correctly fb9f7e52273db f2fs: fix to add gc count stat in f2fs_gc_range 1c008ad0f0d1c fbdev: smscufx: properly copy ioctl memory to kernelspace 3e4cbd1d46c24 fbdev: rivafb: fix divide error in nv3_arb() 98d91080517d4 cpuset: Fix missing adaptation for cpuset_is_populated eaa9fcf57934c LoongArch: Rework KASAN initialization for PTW-enabled systems 9b671f6f432be mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather 0c74d37343b93 arm64: dts: mediatek: mt8183: Add missing endpoint IDs to display graph 6d66464d1a059 gpiolib: acpi: Fix gpio count with string references fa4938e0d0d64 io_uring/fdinfo: be a bit nicer when looping a lot of SQEs/CQEs cab928242853a ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put() 00c57e2369386 drm/amd/display: remove assert around dpp_base replacement 8e6f503961709 drm/amd/display: extend delta clamping logic to CM3 LUT helper f2584f791a103 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow 7bc40c6f36575 ASoC: cs42l43: Correct handling of 3-pole jack load detection a8ed5b974a244 platform/x86: panasonic-laptop: Fix sysfs group leak in error path 2ca80dd4bb0e2 ASoC: sof_sdw: Add a quirk for Lenovo laptop using sidecar amps with cs42l43 bb6ff25035da5 platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro a9584e9e46448 ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 78783e8d588cf ASoC: amd: yc: Add quirk for HP 200 G2a 16 c3b2e922924bf ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 97528b1622b8f platform/x86: classmate-laptop: Add missing NULL pointer checks efdb9c8ca3cfb drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used 4b71ad7676564 romfs: check sb_set_blocksize() return value d2e01e0c5e947 ALSA: hda/realtek - fixed speaker no sound 20bc7062c352f ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel 1bdbcf326474c ALSA: hda/realtek: Add quirk for Inspur S14-G1 b0b2cb84b64a9 gpio: sprd: Change sprd_gpio lock to raw_spin_lock 652667ac1369e ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list 464a50c6b23aa rust: driver: fix broken intra-doc links to example driver types 7d82e965fe0e3 rust: dma: fix broken intra-doc links 68dd6c5ebe799 rust: device: fix broken intra-doc links 31f33b856d232 scsi: qla2xxx: Fix bsg_done() causing double free 2784b1b43af37 Linux 6.18.12 53a76425e0764 Revert "driver core: enforce device_lock for driver_match_device()" ee4fb138af107 Linux 6.18.11 32f08c3ddd6dd gpio: omap: do not register driver in probe() 116f7bd8160c6 wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add 24a253c3aa6d9 PCI: endpoint: Avoid creating sub-groups asynchronously 60b75407c172e drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free ed82e7949f5ca xfs: fix UAF in xchk_btree_check_block_owner d741534302f71 erofs: fix UAF issue for file-backed mounts w/ directio option 1d6bd6183e723 bus: fsl-mc: fix use-after-free in driver_override_show() d14e991279831 scsi: qla2xxx: Query FW again before proceeding with login f04840512438a scsi: qla2xxx: Free sp in error path to fix system crash c068ebbaf5282 scsi: qla2xxx: Delay module unload while fabric scan in progress ae49d33bfc08b scsi: qla2xxx: Allow recovery for tape devices 1a9585e4c58d1 scsi: qla2xxx: Validate sp before freeing associated memory 1339455044155 wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() 46c1d56ad321f hfs: ensure sb->s_fs_info is always cleaned up 4aa45f841413c nilfs2: Fix potential block overflow that cause system hang 52505d7f713bf crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req e69a7b0a71b65 crypto: virtio - Add spinlock protection with virtqueue notification 2ed27b5a11743 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly 62c89e1992c86 crypto: octeontx - Fix length check to avoid truncation in ucode_load_store d75207465eed2 crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode 65a0016016e8b ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 be7a9bcee0ca6 Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB 8d76b2488eb3c driver core: enforce device_lock for driver_match_device() 16c8be3d55441 smb: client: let send_done handle a completion without IB_SEND_SIGNALED 6bf260ace7301 smb: client: let smbd_post_send_negotiate_req() use smbd_post_send() 69ce4ae2ab65c smb: client: fix last send credit problem causing disconnects cca0526ef2344 smb: client: make use of smbdirect_socket.send_io.bcredits 9eff83600edf6 smb: client: use smbdirect_send_batch processing d059e5fc49755 smb: client: introduce and use smbd_{alloc, free}_send_io() 1f3e8e2c67cbc smb: client: split out smbd_ib_post_send() 8786127068d51 smb: client: port and use the wait_for_credits logic used by server 1fe0f989beb8b smb: client: remove pointless sc->send_io.pending handling in smbd_post_send_iter() 2b08ca3ab6cc5 smb: client: remove pointless sc->recv_io.credits.count rollback b9ec75aba3c8f smb: client: let smbd_post_send() make use of request->wr 5b69ba9978dd0 smb: client: let recv_done() queue a refill when the peer is low on credits f664e6e8a8110 smb: client: make use of smbdirect_socket.recv_io.credits.available 24082642654f3 smb: server: let send_done handle a completion without IB_SEND_SIGNALED 85bf0a73831cc smb: server: fix last send credit problem causing disconnects 5ef18a2e66f2f smb: server: make use of smbdirect_socket.send_io.bcredits cea7afb097b00 smb: server: let recv_done() queue a refill when the peer is low on credits 66c082e3d4651 smb: server: make use of smbdirect_socket.recv_io.credits.available 88cf40f7b5fb4 smb: smbdirect: introduce smbdirect_socket.send_io.bcredits.* e811e60e1cc79 smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available cd25e0d809531 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() e4a8a96a93d08 ksmbd: add chann_lock to protect ksmbd_chann_list xarray 71b5e7c528315 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths c4b9edd559873 smb: client: split cached_fid bitfields to avoid shared-byte RMW races 1658b66fed206 io_uring: allow io-wq workers to exit when unused f02693a40e407 io_uring/io-wq: add exit-on-idle state Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 70926f5 --------------------------- yocto-bsp: update to v6.18.11 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: ee4fb138af107 Linux 6.18.11 32f08c3ddd6dd gpio: omap: do not register driver in probe() 116f7bd8160c6 wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add 24a253c3aa6d9 PCI: endpoint: Avoid creating sub-groups asynchronously 60b75407c172e drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free ed82e7949f5ca xfs: fix UAF in xchk_btree_check_block_owner d741534302f71 erofs: fix UAF issue for file-backed mounts w/ directio option 1d6bd6183e723 bus: fsl-mc: fix use-after-free in driver_override_show() d14e991279831 scsi: qla2xxx: Query FW again before proceeding with login f04840512438a scsi: qla2xxx: Free sp in error path to fix system crash c068ebbaf5282 scsi: qla2xxx: Delay module unload while fabric scan in progress ae49d33bfc08b scsi: qla2xxx: Allow recovery for tape devices 1a9585e4c58d1 scsi: qla2xxx: Validate sp before freeing associated memory 1339455044155 wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() 46c1d56ad321f hfs: ensure sb->s_fs_info is always cleaned up 4aa45f841413c nilfs2: Fix potential block overflow that cause system hang 52505d7f713bf crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req e69a7b0a71b65 crypto: virtio - Add spinlock protection with virtqueue notification 2ed27b5a11743 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly 62c89e1992c86 crypto: octeontx - Fix length check to avoid truncation in ucode_load_store d75207465eed2 crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode 65a0016016e8b ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 be7a9bcee0ca6 Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB 8d76b2488eb3c driver core: enforce device_lock for driver_match_device() 16c8be3d55441 smb: client: let send_done handle a completion without IB_SEND_SIGNALED 6bf260ace7301 smb: client: let smbd_post_send_negotiate_req() use smbd_post_send() 69ce4ae2ab65c smb: client: fix last send credit problem causing disconnects cca0526ef2344 smb: client: make use of smbdirect_socket.send_io.bcredits 9eff83600edf6 smb: client: use smbdirect_send_batch processing d059e5fc49755 smb: client: introduce and use smbd_{alloc, free}_send_io() 1f3e8e2c67cbc smb: client: split out smbd_ib_post_send() 8786127068d51 smb: client: port and use the wait_for_credits logic used by server 1fe0f989beb8b smb: client: remove pointless sc->send_io.pending handling in smbd_post_send_iter() 2b08ca3ab6cc5 smb: client: remove pointless sc->recv_io.credits.count rollback b9ec75aba3c8f smb: client: let smbd_post_send() make use of request->wr 5b69ba9978dd0 smb: client: let recv_done() queue a refill when the peer is low on credits f664e6e8a8110 smb: client: make use of smbdirect_socket.recv_io.credits.available 24082642654f3 smb: server: let send_done handle a completion without IB_SEND_SIGNALED 85bf0a73831cc smb: server: fix last send credit problem causing disconnects 5ef18a2e66f2f smb: server: make use of smbdirect_socket.send_io.bcredits cea7afb097b00 smb: server: let recv_done() queue a refill when the peer is low on credits 66c082e3d4651 smb: server: make use of smbdirect_socket.recv_io.credits.available 88cf40f7b5fb4 smb: smbdirect: introduce smbdirect_socket.send_io.bcredits.* e811e60e1cc79 smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available cd25e0d809531 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() e4a8a96a93d08 ksmbd: add chann_lock to protect ksmbd_chann_list xarray 71b5e7c528315 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths c4b9edd559873 smb: client: split cached_fid bitfields to avoid shared-byte RMW races 1658b66fed206 io_uring: allow io-wq workers to exit when unused f02693a40e407 io_uring/io-wq: add exit-on-idle state 41cec610f6906 Linux 6.18.10 31b593fbece63 riscv: Add intermediate cast to 'unsigned long' in __get_user_asm ecd164120c248 ALSA: usb-audio: Use the right limit for PCM OOB check 24ad4cfac0b8e ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU. 57bac08056787 spi: tegra114: Preserve SPI mode bits in def_command1_reg b8eec12aa666c spi: tegra: Fix a memory leak in tegra_slink_probe() 2ac3a105e5149 spi: tegra210-quad: Protect curr_xfer check in IRQ handler d51554dc05695 spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer 3bc293d5b5650 spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer 2d3c0122e9611 spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one 51013068438ac spi: tegra210-quad: Move curr_xfer read inside spinlock e1777c400b7a9 spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer b767cf2d4efc8 regulator: spacemit-p1: Fix n_voltages for BUCK and LDO regulators 3f9b508b3eecc i2c: imx: preserve error state in block data length handler e71e3fa90a151 gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc() 279cb9180510f ASoC: amd: fix memory leak in acp3x pdm dma ops 8434b351cd4ea ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() 01d2fb15f15c1 firmware: cs_dsp: rate-limit log messages in KUnit builds abd66845227c5 firmware: cs_dsp: Factor out common debugfs string read b8ad2d53f706a ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF f3ed399e9aa6f nvme-pci: handle changing device dma map requirements 3c58f6121863c drm/xe/guc: Fix CFI violation in debugfs access. 8b68a45f9722f netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() 32ddd09d1103e hwmon: (occ) Mark occ_init_attribute() as __printf 8abb71d4a1dce drm/xe/pm: Disable D3Cold for BMG only on specific platforms 7c5db0957a230 drm/xe/query: Fix topology query pointer advance 184a84f03b5e6 drm/mgag200: fix mgag200_bmc_stop_scanout() 2e5edb69e5d0e net: gro: fix outer network offset 589a530ae44d0 net: add proper RCU protection to /proc/net/ptype 9f42cb8fafd6d net: ethernet: adi: adin1110: Check return value of devm_gpiod_get_optional() in adin1110_check_spi() 100f3bf914612 drm/amd/display: fix wrong color value mapping on MCM shaper LUT 0031f8829c7fb wifi: iwlwifi: mvm: pause TCM on fast resume 9b9f52f052f49 wifi: iwlwifi: mld: cancel mlo_scan_start_wk 5a2b4b0e9c003 net: enetc: Convert 16-bit register reads to 32-bit for ENETC v4 566ea5769ec27 net: enetc: Convert 16-bit register writes to 32-bit for ENETC v4 f346253e5fd95 net: enetc: Remove CBDR cacheability AXI settings for ENETC v4 d98745c68023f net: enetc: Remove SI/BDR cacheability AXI settings for ENETC v4 c175b1eaf729e tipc: use kfree_sensitive() for session key material f3931416cbdd0 net: rss: fix reporting RXH_XFRM_NO_CHANGE as input_xfrm for contexts 2718ae6af7445 linkwatch: use __dev_put() in callers to prevent UAF 64cf3016234ce io_uring/zcrx: fix page array leak fad7334082cd1 net: don't touch dev->stats in BPF redirect paths 8860ddf0e07be hwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify() 1b2efc593dca9 net: usb: r8152: fix resume reset deadlock cdedcd5aa3f3c macvlan: fix error recovery in macvlan_common_newlink() c9e4daf62ca07 net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module 8553bf2e09828 i40e: drop udp_tunnel_get_rx_info() call from i40e_open() 07bb882485f89 ice: drop udp_tunnel_get_rx_info() call from ndo_open() 7565d4df66b66 ice: Fix PTP NULL pointer dereference during VSI rebuild ef72678c9df0e ice: PTP: fix missing timestamps on E825 hardware 6801ef140fc33 ice: fix missing TX timestamps interrupts on E825 devices 1b381a638e185 dpaa2-switch: add bounds check for if_id in IRQ handler 4640fa5ad5e1a net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup 293eaad0d6d6b net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup d028147ae0640 net: liquidio: Initialize netdev pointer before queue setup 155eb99aff292 dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero 8a672f177ebe1 net/sched: cls_u32: use skb_header_pointer_careful() 9b186feb75267 net: add skb_header_pointer_careful() helper f8611a7981cd0 hwmon: (dell-smm) Add Dell G15 5510 to fan control whitelist 9ee608a64e37c smb/client: fix memory leak in smb2_open_file() faff38ebbfe63 platform/x86/intel/tpmi/plr: Make the file domain/status writeable 9029ccfab2ca9 platform/x86: hp-bioscfg: Skip empty attribute names 6c45a5a7e1e3b platform/x86: intel_telemetry: Fix PSS event register mask f93ae43780b75 platform/x86: toshiba_haps: Fix memory leaks in add/remove routines 245ff08e261ce Revert "drm/amd/display: pause the workload setting in dm" 98bf5bc8cb8cb tracing: Avoid possible signed 64-bit truncation 6dd87f6afe9e9 ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio 3228b2eceb6c3 btrfs: reject new transactions if the fs is fully read-only b4b065a880997 wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice ccb3c75d57039 btrfs: sync read disk super and set block size 7a1bec39c014e wifi: mac80211: correctly check if CSA is active 990e40fb1d111 btrfs: fix Wmaybe-uninitialized warning in replay_one_buffer() 3835e49e146a4 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() 108cbf2b7d295 ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU 1d5f2329ab4df io_uring/rw: free potentially allocated iovec on cache put failure c65a1a72a41e4 riscv: Use 64-bit variable for output in __get_user_asm 4530f4e4d0e6a scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() 8a7ef96e6af91 wifi: cfg80211: Fix bitrate calculation overflow for HE rates 36e88bd40a8c0 spi: intel-pci: Add support for Nova Lake SPI serial flash 7178b36de1850 ALSA: usb-audio: Add delay quirk for MOONDROP Moonriver2 Ti f08f2d2907675 regmap: maple: free entry on mas_store_gfp() failure 7d4c9c448c2b3 spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization 66b73d3f2cfc7 ALSA: hda/tas2781: Add newly-released HP laptop e6ce61e01c9a2 ASoC: tlv320adcx140: Propagate error codes during probe 3ba3d959c17aa ASoC: amd: yc: Fix microphone on ASUS M6500RE 1c90f930e7b41 nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() 62932d9ed639a ALSA: usb-audio: Prevent excessive number of frames e810b290922c5 nvme-fc: release admin tagset if init fails a883080063f97 ASoC: simple-card-utils: Check device node before overwrite direction 61fa85497c7b7 ASoC: davinci-evm: Fix reference leak in davinci_evm_probe 9f665b3c3d9a1 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() 921903d73967f ASoC: Intel: sof_sdw: Add new quirks for PTL on Dell with CS42L43 74309a4b0ffc7 wifi: mac80211: collect station statistics earlier when disconnect da1880c7b6b83 HID: Elecom: Add support for ELECOM M-XT3DRBK (018C) 71434e45bf124 HID: logitech: add HID++ support for Logitech MX Anywhere 3S b1f8285bc8e35 riscv: trace: fix snapshot deadlock with sbi ecall 151589d15ee87 ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free cd7ff7fd3e4b7 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset ecb8653a8fe9d HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) 1e84a807c98a7 HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer 2124279f1f8c3 HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() 6e2108daed94e HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list 645671377158f drm/amd/display: Reduce number of arguments of dcn30's CalculatePrefetchSchedule() eb5d6dedadd66 netfilter: replace -EEXIST with -EBUSY ddab2d0f93200 PCI: qcom: Remove ASPM L0s support for MSM8996 SoC 3210077ed2648 ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk 5b9bbe3d7bb90 x86/sev: Disable GCOV on noinstr object 75f1f512b1567 ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 747b9a7d4c712 HID: playstation: Center initial joystick axes to prevent spurious events 7ae5b35148119 HID: intel-ish-hid: Reset enum_devices_done before enumeration 8b44e75379510 riscv: Sanitize syscall table indexing under speculation 28768bd3abf99 btrfs: fix reservation leak in some error paths when inserting inline extent a206870513cda HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL ea5ef771f3c26 HID: intel-ish-hid: Update ishtp bus match to support device ID table 6de3a371a8b9f btrfs: do not free data reservation in fallback from inline due to -ENOSPC 70dd3513ed6ac smb/server: fix refcount leak in parse_durable_handle_context() c2ed4f71e9288 LoongArch: Enable exception fixup for specific ADE subcode 2bb9c8a77df50 io_uring: use GFP_NOWAIT for overflow CQEs on legacy rings 4665e52bde3b1 smb/server: fix refcount leak in smb2_open() 0107b18cd8ac1 md: suspend array while updating raid_disks via sysfs 9531210f348aa LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED fdda836fcee6f smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() f309b2c7df659 block,bfq: fix aux stat accumulation destination 86acdc1791944 platform/x86: dell-lis3lv02d: Add Latitude 5400 ff6892ea544c4 wifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP 6b7c60feab3c6 net: usb: sr9700: support devices with virtual driver CD 10d3ff7e5812c wifi: mac80211: don't WARN for connections on invalid channels 689a7980e4788 wifi: wlcore: ensure skb headroom before skb_push e0bd226804f8e wifi: mac80211: ocb: skip rx_no_sta when interface is not joined abd219fd48b11 tracing: Fix ftrace event field alignments 116ffca92dc4d binderfs: fix ida_alloc_max() upper bound e9bcfe865188a binder: fix BR_FROZEN_REPLY error log a6050dedb6f1c binder: fix UAF in binder_netlink_report() 287221c5e0707 rust_binderfs: fix ida_alloc_max() upper bound 685bb05d307ac rust_binder: add additional alignment checks 598fe3ff32e43 rust_binder: correctly handle FDA objects of length zero 13de38aa3ea7a sched/fair: Have SD_SERIALIZE affect newidle balancing de7cb4282dafc sched/fair: Skip sched_balance_running cmpxchg when balance is not due 3a15c519d2b0f bus: mhi: host: pci_generic: Add Telit FE990B40 modem support fa2274bb17a4a treewide: Drop pci_save_state() after pci_restore_state() 71c50e60421bb PCI/ERR: Ensure error recoverability at all times 1a893bd719121 hwmon: (gpio-fan) Allow to stop FANs when CONFIG_PM is disabled 37751b6d0b6b5 hwmon: (gpio-fan) Fix set_rpm() return value 4385b2f284354 KVM: Don't clobber irqfd routing type when deassigning irqfd 7a245ef476ffb KVM: selftests: Add -U_FORTIFY_SOURCE to avoid some unpredictable test failures a82647e1a9499 net: spacemit: k1-emac: fix jumbo frame support d5b3a66986697 net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue 488009aa62bb1 net: cpsw: Execute ndo_set_rx_mode callback in a work queue ef763b480a3de nouveau/gsp: fix suspend/resume regression on r570 firmware a20887d5239a3 nouveau/gsp: use rpc sequence numbers properly. 9cc8caba82c2b nouveau: add a third state to the fini handler. 5f645222eb30c Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" 7b6a0f121d502 mm, shmem: prevent infinite loop on truncate race 41a7b9ab855c8 gve: Correct ethtool rx_dropped calculation 11f8311f69e4c gve: Fix stats report corruption on queue count change e9cdd54797dc2 drm/amd: Set minimum version for set_hw_resource_1 on gfx11 to 0x52 d3081353acaa6 cgroup/dmem: avoid pool UAF 5c38604abbfa5 cgroup/dmem: avoid rcu warning when unregister region c13816e8fa23d cgroup/dmem: fix NULL pointer dereference when setting max e258ed369c9e0 ceph: fix oops due to invalid pointer for kfree() in parse_longname() 35e6fd0d5bc30 ARM: 9468/1: fix memset64() on big-endian 46dfdb6f7a79d rbd: check for EOD after exclusive lock is ensured to be held 57b36ffc8881d ceph: fix NULL pointer dereference in ceph_mds_auth_match() e8af57e090790 mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single cbc03ce3e6ce7 procfs: avoid fetching build ID while holding VMA lock eb54ce033b344 pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains 11ca03ce17d7d pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup 5171a3dddf427 pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset 72129d55be9ce pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup d72563e402bab pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state 5727ccf9d19ca ALSA: aloop: Fix racy access at PCM trigger 21816bbc8492f platform/x86: intel_telemetry: Fix swapped arrays in PSS output b5a02290ee3a4 KVM: x86: Explicitly configure supported XSS from {svm,vmx}_set_cpu_caps() a94b956bb7272 x86/kfence: fix booting on 32bit non-PAE systems feb603a69f830 x86/vmware: Fix hypercall clobbers ab200d71553bd nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 4bbc647 --------------------------- yocto-bsp: update to v6.18.9 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: adb851edb7078 Linux 6.18.9 0d26aa84ff0b7 mptcp: avoid dup SUB_CLOSED events after disconnect 01b0831d71b6d sched_ext: Fix SCX_KICK_WAIT to work reliably 664e78f2d4ec3 sched_ext: Don't kick CPUs running higher classes edb9fab1b78c6 net/sched: act_ife: convert comma to semicolon 5b22c6cbabc78 Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" ab21cf885fb2a libbpf: Fix -Wdiscarded-qualifiers under C23 f749b366b8e79 gpiolib: acpi: Fix potential out-of-boundary left shift 84df65fcfbff1 iommu/tegra241-cmdqv: Reset VCMDQ in tegra241_vcmdq_hw_init_user() 078377b07f8e8 drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() ac251d17d8af5 drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove 2d9bff2af0adb drm/amdgpu/gfx12: adjust KGQ reset sequence d9790cf8bbe80 drm/amdgpu/gfx12: fix wptr reset in KGQ init 4867b512bb7f5 drm/amdgpu/gfx11: adjust KGQ reset sequence 018892bd9a0c0 drm/amdgpu/gfx11: fix wptr reset in KGQ init 75ebd42441702 drm/amdgpu/gfx10: fix wptr reset in KGQ init 9a6d87fbe3f51 drm/amdgpu/soc21: fix xclk for APUs 5f841c308c453 drm/amd/pm: fix smu v14 soft clock frequency setting issue 191e22e5d742e drm/amd/pm: fix smu v13 soft clock frequency setting issue ca68745e820ec drm/imx/tve: fix probe device leak 31203f5680c3d drm/msm/a6xx: fix bogus hwcg register updates a4ea228271cd4 drm/tyr: depend on `COMMON_CLK` to fix build error 3e845c46dfe5a drm/xe/xelp: Fix Wa_18022495364 ae8831ee0fb2f drm: Do not allow userspace to trigger kernel warnings in drm_gem_change_handle_ioctl() dd222df5b356e scripts: generate_rust_analyzer: Add compiler_builtins -> core dep 8afa6c4d7abfb scripts: generate_rust_analyzer: fix resolution of #[pin_data] macros 2426867644cc7 scripts: generate_rust_analyzer: compile sysroot with correct edition ce798a0fe6b79 scripts: generate_rust_analyzer: remove sysroot assertion 595718c74f85b scripts: generate_rust_analyzer: Add pin_init_internal deps 5bfa32ff75b50 scripts: generate_rust_analyzer: Add pin_init -> compiler_builtins dep e82f822ed1472 rust: sync: refcount: always inline functions using build_assert with arguments 4bb727f4b0614 rust: sync: atomic: Provide stub for `rusttest` 32-bit hosts 625605ac8be50 rust: bits: always inline functions using build_assert with arguments 3d48d59235c49 net: fix segmentation of forwarding fraglist GRO b23bee8cdb7aa mm/shmem, swap: fix race of truncate and swap entry split 40aed8b856580 mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn b0020cbd26380 mm, swap: restore swap_space attr aviod kernel panic 4f57516293fda mm/memory-failure: fix missing ->mf_stats count in hugetlb poison c71fae335dfe7 mm/kfence: randomize the freelist on initialization 629666d20c7dc btrfs: do not strictly require dirty metadata threshold for metadata writepages b91a84299d72a flex_proportions: make fprop_new_period() hardirq safe 131af3df59b24 selftests: mptcp: join: fix local endp not being tracked e73aab3337833 selftests: mptcp: check subflow errors in close events 8d4ccc10a77f0 selftests: mptcp: check no dup close events after error 35bb480000cd2 mptcp: only reset subflow errors when propagated 33f971476ffc1 mm/kasan: fix KASAN poisoning in vrealloc() 0ac0e2e64b068 gpio: rockchip: Stop calling pinctrl for set_direction f69cae1bf44ca ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine 68207ceefd71c nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference e4e15a0a4403c efivarfs: fix error propagation in efivar_entry_get() 14ca9fa020829 scsi: qla2xxx: edif: Fix dma_free_coherent() size 5ba425a7bab31 kbuild: rust: clean libpin_init_internal in mrproper e4c0a92146ddf gpio: pca953x: mask interrupts in irq shutdown cb69b0a0c0aaf ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO 98e0bc206a321 scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() 91539cf522ed0 ASoC: fsl: imx-card: Do not force slot width to sample width 8b581837295fc rust: kbuild: give `--config-path` to `rustfmt` in `.rsi` target 50c66cb08070c rust: rbtree: fix documentation typo in CursorMut peek_next method fe9a1a825b4ae riscv: compat: fix COMPAT_UTS_MACHINE definition b038874e31fc3 firewire: core: fix race condition against transaction list a28fce0365e1c perf: sched: Fix perf crash with new is_user_task() helper 112d497809970 pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins e81d1bc4ea791 pinctrl: meson: mark the GPIO controller as sleeping e0468c4527a22 pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver b1f41c1f0bbbe writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 36370892e3111 sched/deadline: Fix 'stuck' dl_server 0bbcb7586bc81 sched/deadline: Document dl_server 32887d8e4bc06 drm/xe/nvm: Fix double-free on aux add failure 02dc6cf6409e5 drm/xe/nvm: Manage nvm aux cleanup with devres 2859fa957a936 drm/xe/configfs: Fix is_bound() pci_dev lifetime 64364ccf491c7 dma/pool: distinguish between missing and exhausted atomic pools d36c4149ea224 bcache: fix I/O accounting leak in detached_dev_do_request 7b72d76a58e6b bcache: use bio cloning for detached device requests db6e287bd6e80 bcache: fix improper use of bi_end_io 23f9f9c46edd9 of: reserved_mem: Allow reserved_mem framework detect "cma=" kernel param 14e32032c42fe of/reserved_mem: Simplify the logic of fdt_scan_reserved_mem_reg_nodes() 8d9c5ceff4b53 kbuild: Fix permissions of modules.builtin.modinfo 32d8f998bb8d4 kbuild: rpm-pkg: Generate debuginfo package manually d4dbada7ac6f3 gpio: brcmstb: correct hwirq to bank map 546e62c3fb29a drm/amd/pm: fix race in power state check before mutex lock 7bec90f605cfb gpio: virtuser: fix UAF in configfs release path c0ce86d92565b gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler ecb638fb9a5cc ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion e67828aeb58d9 drm/xe: Skip address copy for sync-only execs 4d7b7abb525b4 ASoC: soc-acpi-intel-ptl-match: fix name_prefix of rt1320-2 a42bdbcada187 scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() aabc36857bd39 wifi: mac80211: correctly decode TTLM with default link map a4f9a19a266e6 wifi: mac80211: apply advertised TTLM from association response b8d890f8c3223 wifi: mac80211: parse all TTLM entries cc3f137d36fda net/mlx5e: Skip ESN replay window setup for IPsec crypto offload 19bb3c68e18cf net/mlx5: Fix vhca_id access call trace use before alloc fc3da1466af5f net/mlx5: Initialize events outside devlink lock 2614734c4bc67 net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect 335031cacd7e8 net: phy: micrel: fix clk warning when removing the driver 92db64d3546f9 net/mlx5e: don't assume psp tx skbs are ipv6 csum handling f4bb58e14f042 net: bridge: fix static key check c3369fc5e6120 nfc: nci: Fix race between rfkill and nci_unregister_device(). 92e0483402afc net/mlx5e: Account for netdev stats in ndo_get_stats64 fdf8437016f57 net/mlx5e: TC, delete flows only for existing peers 2df2aad9cf2f4 ice: stop counting UDP csum mismatch as rx_errors 36126ddbe9247 ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues 214aed313f7a5 ixgbe: don't initialize aci lock in ixgbe_recovery_probe() c721ea2ff5672 ixgbe: fix memory leaks in the ixgbe_recovery_probe() path bd25b092a06a3 bonding: fix use-after-free due to enslave fail after slave array update 61858cbce6ca4 nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). fdb99161cbef2 net: spacemit: Check for netif_carrier_ok() in emac_stats_update() 1f1b9523527df mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() dce375f4afc34 rocker: fix memory leak in rocker_world_port_post_fini() cdc4deb9e7be2 net/mlx5: Fix return type mismatch in mlx5_esw_vport_vhca_id() 2c0fb0f60bc15 net: wwan: t7xx: fix potential skb->frags overflow in RX path 500c1237c9a13 ipv6: use the right ifindex when replying to icmpv6 from localhost 0b74c6e132737 net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() 590c8179ffb01 sfc: fix deadlock in RSS config read bd98324e327e4 bonding: annotate data-races around slave->last_rx d753f3c3f9d7a octeon_ep: Fix memory leak in octep_device_setup() f14d881f0a5aa net: bcmasp: fix early exit leak with fixed phy 713ba826ae114 can: gs_usb: gs_usb_receive_bulk_callback(): fix error message 23f40dbda938e net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() 3b63185053788 Bluetooth: MGMT: Fix memory leak in set_ssp_complete 03e8c90c62233 Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work 4081d53864dae can: at91_can: Fix memory leak in at91_can_probe() e80617a5e1c24 btrfs: zlib: fix the folio leak on S390 hardware acceleration 474f851ec5e2e readdir: require opt-in for d_type flags Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 4c156ef --------------------------- poky: Add Fedora 43 to sanity tested distros list Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f3b63d0 --------------------------- poky: Update after core default changes These changes were moved into defaultsetup.conf and therefore are no longer needed here. Signed-off-by: Richard Purdie --------------------------- Commit: 2486ce2 --------------------------- yocto-bsp: linux-yocto/6.18: update to v6.18.8 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: d905362ff5b86 Linux 6.18.8 5b0caf3913e72 mm/vma: enforce VMA fork limit on unfaulted,faulted mremap merge too a4d9dbfc1bab1 mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge 9966c8cc987e3 irqchip/renesas-rzv2h: Prevent TINT spurious interrupt during resume 79966baabcfe9 arm64: dts: qcom: talos: Correct UFS clocks ordering 25be3c170ff8e iio: core: add separate lockdep class for info_exist_lock 2dabc85131c84 iio: core: Replace lockdep_set_class() + mutex_init() by combined call c5dbad55ce02a mm/hugetlb: fix two comments related to huge_pmd_unshare() 918ba220debc4 mm: fix some typos in mm module 908795c02dbc7 Bluetooth: btintel_pcie: Support for S4 (Hibernate) ab140fc931083 gpio: cdev: Fix resource leaks on errors in gpiolib_cdev_register() 16414341b0dd5 gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify() 919f27eb24b0e gpio: cdev: Correct return code on memory allocation failure e7200b0a4b2a5 drm/xe: fix WQ_MEM_RECLAIM passed as max_active to alloc_workqueue() 85d4652f9cdcf drm/xe: Adjust page count tracepoints in shrinker 569ed6a73e927 drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind ce2cca8e27d16 drm/amdgpu: remove frame cntl for gfx v12 07e9373739c63 can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak d374d715e338d can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak 3b1a593eab941 can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak a9503ae43256e can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak 68c62b3e53901 can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak aac95b3dd1c26 net: txgbe: remove the redundant data return in SW-FW mailbox 69b5b028fc130 net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick 326470b33c28a net: fec: account for VLAN header in frame length calculations 03faa61eb4b9c irqchip/gic-v3-its: Avoid truncating memory addresses cdb3f95a94f9f perf/x86/intel: Do not enable BTS for guests f8cf1368e0a54 rxrpc: Fix data-race warning and potential load/store tearing 8a957e6d3d262 rust: irq: always inline functions using build_assert with arguments ad60902a98181 rust: io: always inline functions using build_assert with arguments 8776dfa846d5c pmdomain:rockchip: Fix init genpd as GENPD_STATE_ON before regulator ready fd675de6bddf7 pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu bbcca5a60c88a platform/x86: hp-bioscfg: Fix automatic module loading 9f5fa78d9980f netrom: fix double-free in nr_route_frame() 92e4f11e29b98 uacce: ensure safe queue release with state management ba29b59d124e7 uacce: implement mremap in uacce_vm_ops to return -EPERM 82821a681d5dc uacce: fix isolate sysfs check condition bd2393ed77125 uacce: fix cdev handling in the cleanup path 242cbb3df97af s390/boot/vmlinux.lds.S: Ensure bzImage ends with SecureBoot trailer ea1b2081d594b s390/ap: Fix wrong APQN fill calculation f1cb33a82818d mei: trace: treat reg parameter as string f9b059bda4276 intel_th: fix device leak on output open() 3b90d099efa2b tracing: Fix crash on synthetic stacktrace field usage 6602bb4d1338e slimbus: core: fix device reference leak on report present 5f13c946ca449 slimbus: core: fix runtime PM imbalance on report present b8a2639341951 octeontx2: Fix otx2_dma_map_page() error return code d1943bc9dc950 ksmbd: smbd: fix dma_unmap_sg() nents 6e32070d29d1a arm64: Set __nocfi on swsusp_arch_resume() 7b5a52cf252a0 arm64/fpsimd: signal: Fix restoration of SVE context 70f7f54566afc arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA 4f39984176e7e arm64/fpsimd: ptrace: Fix SVE writes on !SME systems 31efbcff90884 wifi: rsi: Fix memory corruption due to not set vif driver data size 0adefb6396d7b wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() 4846b32be324f wifi: ath12k: fix dma_free_coherent() pointer 07f363f305793 wifi: ath10k: fix dma_free_coherent() pointer 448a2071a8438 drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) 41ec698854781 iommu/io-pgtable-arm: fix size_t signedness bug in unmap path 36be050f21dea mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode 6c4555bfd4383 mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function dc1a5dd80af1e ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() 31a3eba5c265a ALSA: scarlett2: Fix buffer overflow in config retrieval 29f43e8ec7bf0 ALSA: hda/realtek: Add quirk for Samsung 730QED to fix headphone 873e2360d247e ALSA: ctxfi: Fix potential OOB access in audio mixer handling 59e54709f9a97 iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl db16e7c52032c iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source de8755ae2912d iio: chemical: scd4x: fix reported channel endianness d06a4f6c2b186 iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot b6ffc2de37253 iio: adc: exynos_adc: fix OF populate on driver rebind d890234a91570 iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver 348356c91909f iio: adc: ad9467: fix ad9434 vref mask ad25bb51203d0 iio: accel: iis328dq: fix gain values fa322c8bb2ea4 iio: accel: adxl380: fix handling of unavailable "INT1" interrupt 1b68efce6dd48 migrate: correct lock ordering for hugetlb file folios 1093e0a96d168 of: platform: Use default match table for /firmware 7685286dd7a5e of: fix reference count leak in of_alias_scan() 67270881c8cf2 panic: only warn about deprecated panic_print on write access 78822628165f3 leds: led-class: Only Add LED to leds_list when it is fully ready c9aeb168e88d2 keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal 4040b84ec04a6 x86: make page fault handling disable interrupts properly e343973fab43c Octeontx2-af: Add proper checks for fwdata 236a657422a56 dpll: Prevent duplicate registrations 6c75fed550800 net/sched: act_ife: avoid possible NULL deref 3b796b1ecfd3b hinic3: Fix netif_queue_set_napi queue_index input parameter error 84ef86aa71204 vsock/virtio: cap TX credit to local buffer size 0aa25bbfd5ea5 vsock/test: fix seqpacket message bounds test ec0f1b3da8061 vsock/virtio: fix potential underflow in virtio_transport_get_credit() 095ec3482a7d3 net: openvswitch: fix data race in ovs_vport_get_upcall_stats e22381c1299f7 octeontx2-af: Fix error handling b658306ce3835 net: pcs: pcs-mtk-lynxi: report in-band capability for 2500Base-X cccf79f688de9 net: dsa: fix off-by-one in maximum bridge ID determination 05f8f55899289 net: bcmasp: Fix network filter wake for asp-3.0 de97735a40a14 bonding: provide a net pointer to __skb_flow_dissect() cb32707497d48 selftests: net: amt: wait longer for connection before sending packets 31410a01a86bc be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list f47c6e5a532cc drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors fbc8d1a39da9f drm/nouveau: add missing DCB connector types 8fd181dada6ea drm/amdgpu: fix type for wptr in ring backup c6ec1f665f8f7 drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) c85aac064f5c2 drm/amd/pm: Don't clear SI SMC table when setting power limit 91243b926ae96 drm/amd/pm: Fix si_dpm mmCG_THERMAL_INT setting 79a074be9b57e sched/fair: Fix pelt clock sync when entering idle 23c0e4bd93d0b perf: Fix refcount warning on event->mmap_count increment 9d88a79e9018c selftests/ublk: fix garbage output in foreground mode e2f4eac26f018 selftests/ublk: fix error handling for starting device 814e8643b453d selftests/ublk: fix IO thread idle check 26bf09b6320b8 ublk: fix ublksrv pid handling for pid namespaces 437553d649647 drm/xe: Update wedged.mode only after successful reset policy change 7c49c91121194 drm/xe/pm: Add scope-based cleanup helper for runtime PM e59924c266a45 drm/xe/migrate: fix job lock assert 9bba27c222e0e drm/xe/uapi: disallow bind queue sharing 54c19e7eb2636 clocksource: Reduce watchdog readout delay limit to prevent false positives 0db865321e63d Octeontx2-pf: Update xdp features 00a39a148d2fb usbnet: limit max_mtu based on device's hard_mtu e3c1040252e59 ipv6: annotate data-race in ndisc_router_discovery() 7ac345a93af31 mISDN: annotate data-race around dev->work d7beeb64be5ca net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue bb90d1799073d net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M 5e5dae04ef971 be2net: fix data race in be_get_new_eqd 7539ae6c67a75 idpf: Fix data race in idpf_net_dim b29f51399626b net: hns3: fix data race in hns3_fetch_stats 1f24dfd556401 net: phy: intel-xway: fix OF node refcount leakage 2ea06ebaa4abd idpf: read lower clock bits inside the time sandwich 87c1dacca197c ice: fix devlink reload call trace a3d99e2fbf014 ice: add missing ice_deinit_hw() in devlink reinit path ec0bfc3ed7e7f ice: Fix persistent failure in ice_get_rxfh 68462ecc40ea8 netdevsim: fix a race issue related to the operation on bpf_bound_progs list 9eb4e2396cd7f vsock/test: Do not filter kallsyms by symbol type 902fd1026ca42 drm/imagination: Wait for FW trace update command completion eb98125fa2b33 drm/mediatek: dpi: Find next bridge during probe fccaa85ffb73c drm/xe: Disable timestamp WA on VFs aa29fe8c1d86b drm/xe/vm: fix xe_vm_validation_exec() kernel-doc bc0812416e089 drm/xe/xe_late_bind_fw: fix enum xe_late_bind_fw_id kernel-doc a807e4f4f63a5 iommu/amd: Fix error path in amd_iommu_probe_device() 06657690854fa ntb: transport: Fix uninitialized mutex ecb2c8732680c ALSA: usb: Increase volume range that triggers a warning aa14451fa5d5f scsi: qla2xxx: Sanitize payload size to prevent member overflow 219f009ebfd1e scsi: core: Wake up the error handler when final completions race against each other 1a0072bd1f1e5 platform/x86/amd: Fix memory leak in wbrf_record() 5f1f79cb90f5e platform/mellanox: Fix SN5640/SN5610 LED platform data e150008568a5d riscv: suspend: Fix stimecmp update hazard on RV32 c4b55a4c600fa riscv: clocksource: Fix stimecmp update hazard on RV32 82fb54efe7e0f kconfig: fix static linking of nconf c2d2cf710dc3e regmap: Fix race condition in hwspinlock irqsave routine f6d6b3f172df1 spi: spi-sprd-adi: Fix double free in probe error path 5d7c7e1fb3ec2 interconnect: debugfs: initialize src_node and dst_node to empty strings bcb9803aa1db7 iio: adc: ad7606: Fix incorrect type for error return variable 489b88567f24d iio: adc: ad7280a: handle spi_setup() errors in probe() 81ed6e42d6e55 iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection bdf0bf73006ea io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop 8f7c9dbeaa0be timekeeping: Adjust the leap state for the correct auxiliary timekeeper 2fc23eaea11a7 mm: restore per-memcg proactive reclaim with !CONFIG_NUMA f723037e2bfe3 mm/rmap: fix two comments related to huge_pmd_unshare() 69c4e241ff135 mm/hugetlb: fix hugetlb_pmd_shared() 193922a23d729 platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro 800b2767905d6 platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names 83eae3692c353 drm, drm/xe: Fix xe userptr in the absence of CONFIG_DEVICE_PRIVATE 3f4ed5e2b8f11 fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() ec56b9f1c1b9b comedi: Fix getting range information for subdevices 16 to 255 3fe8abec037f5 x86/kfence: avoid writing L1TF-vulnerable PTEs 930114425065f rxrpc: Fix recvmsg() unconditional requeue f60ba4a97ae3f slab: fix kmalloc_nolock() context check for PREEMPT_RT 37a63671df78f arm64: dts: rockchip: Configure MCLK for analog sound on NanoPi M5 df546b3311582 arm64: dts: rockchip: Fix headphones widget name on NanoPi M5 7eb3e77873605 arm64: dts: rockchip: fix unit-address for RK3588 NPU's core1 and core2's IOMMU 3569a00f66a87 arm64: dts: rockchip: Fix voltage threshold for volume keys for Pinephone Pro 18d2d227ccd77 arm64: dts: rockchip: remove dangerous max-link-speed from helios64 c8039a60c31dc arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s 808d8755fc6e6 ARM: dts: microchip: sama7d65: fix size-cells property for i2c3 5f403d64af721 ARM: dts: microchip: sama7d65: fix the ranges property for flx9 cd3c1f823e213 i2c: spacemit: drop IRQF_ONESHOT flag from IRQ request 24c441f0e24da scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() a5e4d969392ce scsi: storvsc: Process unsupported MODE_SENSE_10 bfe76b0f9f3e9 Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA 2c61ca3c5bed6 Input: i8042 - add quirks for MECHREVO Wujie 15X Pro 5d5b227c92721 Revert "nfc/nci: Add the inconsistency check between the input data length and count" 3f5ef08f302cc w1: fix redundant counter decrement in w1_attach_slave_device() e6b2609af21b5 w1: therm: Fix off-by-one buffer overflow in alarms_store 169164fe51b27 comedi: dmm32at: serialize use of paged registers 2501c49306238 serial: Fix not set tty->port race condition 0b7383aceaad1 serial: 8250_pci: Fix broken RS485 for F81504/508/512 f4748bfa3d3e2 wifi: mac80211: don't perform DA check on S1G beacon 9532ff0d0e90f crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec 77f1afd0bb4d5 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag 16ed73c1282d3 net/sched: Enforce that teql can only be used as root qdisc ed80f605edd6c octeontx2: cn10k: fix RX flowid TCAM mask handling 6a81e2db09691 ipvlan: Make the addrs_lock be per port 32d417497b79e l2tp: avoid one data-race in l2tp_tunnel_del_work() a635ae2a9fdb8 pwm: max7360: Populate missing .sizeof_wfhw in max7360_pwm_ops 4230e8cd2f1b4 pwm: Ensure ioctl() returns a negative errno on error 0f6e1ff56cd27 veth: fix data race in veth_get_ethtool_stats 9b75dff8446ec fou: Don't allow 0 for FOU_ATTR_IPPROTO. 18da5acb3c03d tools: ynl: Specify --no-line-number in ynl-regen.sh. 5437a279804ce gue: Fix skb memleak with inner IP protocol 0. 392b28d404b74 amd-xgbe: avoid misleading per-packet error log 0c4adb1f391a7 sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT c3edc14da81a8 can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error 4f727c422b7fc net: freescale: ucc_geth: Return early when TBI PHY can't be found 5ebc24f9dbe4f selftests: net: fib-onlink-tests: Convert to use namespaces by default d4ce79e6dce2a l2tp: Fix memleak in l2tp_udp_encap_recv(). 43dee6f7ef1d2 bonding: limit BOND_MODE_8023AD to Ethernet devices b9f0896f8e229 net: usb: dm9601: remove broken SR9700 support 63ef9b300bd09 vsock/virtio: Coalesce only linear skb 88037973c8ef6 igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue 41d7a27c47b8a igc: fix race condition in TX timestamp read for register 0 a38d2c624639c igc: Restore default Qbv schedule when changing channels 695c909d1815b ice: Fix incorrect timeout ice_release_res() 753171a695b93 ice: Avoid detrimental cleanup for bond during interface stop 0bc8d94bf6694 ice: initialize ring_stats->syncp c35a0cb145f2c wifi: ath12k: Fix wrong P2P device link id issue 06ac2aa13f701 wifi: ath12k: fix dead lock while flushing management frames c8e5f49667f5f wifi: ath12k: Fix scan state stuck in ABORTING after cancel_remain_on_channel 1aa6698924595 wifi: ath12k: cancel scan only on active scan vdev 887032ba3ff23 ata: libata: Print features also for ATAPI devices d5529d36e7646 ata: libata: Add DIPM and HIPM to ata_dev_print_features() early return 93f484d63f873 ata: libata: Add cpr_log to ata_dev_print_features() early return 7fe7e7858b32d ata: libata-sata: Improve link_power_management_supported sysfs attribute 05db73211387f ata: libata: Call ata_dev_config_lpm() for ATAPI devices 62ced8e065787 ata: ahci: Do not read the per port area for unimplemented ports a57459614aa69 wifi: ath12k: don't force radio frequency check in freq_to_idx() d395afac28adb pmdomain: qcom: rpmhpd: Add MXC to SC8280XP 0f56c3f23ed56 dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO 4818f28cd9023 btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE 6abad2eb9a1bd Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() 4f6884288e4b7 perf parse-events: Fix evsel allocation failure 83eeeb8c1acb7 arm64: dts: rockchip: Fix wrong register range of rk3576 gpu 2d73b3ed28be1 arm64: dts: qcom: sm8650: Fix compile warnings in USB controller node 0e5ad343afa30 arm64: dts: qcom: sm8550: Fix compile warnings in USB controller node 27357b61522f7 arm64: dts: qcom: sc8280xp: Add missing VDD_MXC links Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 059cde8 --------------------------- meta-yocto-bsp: drop 6.16 bbappend Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 0e6b3a9 --------------------------- meta-yocto-bsp: drop 6.12 bbappend Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: dd43b32 --------------------------- yocto-bsp: Bump the default kernel to v6.18 for beaglebone Kevin Hao has the beaglebone working on the 6.18 standard branches. So we bump the default version to 6.18 for the upcoming LTS release. Signed-off-by: Kevin Hao Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: de4abc0 --------------------------- parselogs: ignore panfrost fan error message on genericarm64 Some devices don't have active cooling so this is not an error: https://ledge.validation.linaro.org/scheduler/job/125155 panfrost ff9a0000.gpu: [drm:panfrost_devfreq_init [panfrost]] Failed to register cooling device Signed-off-by: Mikko Rapeli Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: d3dd8f6 --------------------------- meta-yocto: add .gitignore file The contents are a direct copy of the .gitignore in meta-openembedded. Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: dde0c90 --------------------------- meta-poky: Enable NFS server for linux-yocto-dev Add the NFS kernel server feature to the linux-yocto-dev configuration to match the standard linux-yocto setup. This is to fix the OEQA tests with this error: - runtime - INFO - test_systemd_failed (systemd.SystemdBasicTests.test_systemd_failed) - runtime - INFO - ... FAIL - runtime - INFO - Traceback (most recent call last): File "/lava-downloads/core-image-full-cmdline/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f return func(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^ File "/lava-downloads/core-image-full-cmdline/meta/lib/oeqa/runtime/cases/systemd.py", line 100, in test_systemd_failed output += self.systemctl('status --full --failed') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/lava-downloads/core-image-full-cmdline/meta/lib/oeqa/runtime/cases/systemd.py", line 26, in systemctl self.assertEqual(status, expected, message) AssertionError: 3 != 0 : SYSTEMD_BUS_TIMEOUT=240s systemctl status --full --failed × proc-fs-nfsd.mount - NFSD configuration filesystem Loaded: loaded (/usr/lib/systemd/system/proc-fs-nfsd.mount; static) Active: failed (Result: exit-code) since Mon 2025-10-13 15:01:58 UTC; 2 months 4 days ago Invocation: 14e22af5612e4abaa101f1afcf65a5ce Where: /proc/fs/nfsd What: nfsd Mem peak: 1.2M CPU: 32ms genericarm64 mount[347]: mount: /proc/fs/nfsd: unknown filesystem type 'nfsd'. genericarm64 mount[347]: dmesg(1) may have more information after failed mount system call. genericarm64 systemd[1]: proc-fs-nfsd.mount: Mount process exited, code=exited, status=32/n/a genericarm64 systemd[1]: proc-fs-nfsd.mount: Failed with result 'exit-code'. genericarm64 systemd[1]: Failed to mount NFSD configuration filesystem. Signed-off-by: Javier Tia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c23c19e --------------------------- poky: Post release version bump so we're after whinlatter Move master to be a version after whinlatter. Signed-off-by: Richard Purdie ## openembedded-core --------------------------- Commit: 8061433fcd --------------------------- spdx: Update to latest bindings Updates the to bindings generated from version 1.0.0 of shacl2code. These bindings make some changes to the way extension classes are generated, add support for context in generate SPDX files, and are about 25% faster and more space efficient than the previous version Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 45019a49f9 --------------------------- spdx: Remove do_collect_spdx_deps task Removes the do_collect_spdx_deps task. This task was added a long time ago, and appears to have been added due to a misunderstanding about how the task graph works. It is not necessary since tasks can directly call collect_direct_deps() with the appropriate task that they depend on to get their dependencies. This should fix several classes of SPDX bug where documents could not be found because the wrong deps were being looked for due to which tasks were re-run Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 8e8d0becac --------------------------- spdx3: Use common variable for vardeps Instead of repeating the vardeps for each SPDX task with the necessary variables, use a common variable to make it easier to manage Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 96a4b4b18d --------------------------- spdx: Remove fatal errors for missing providers When creating images and SDKs, do not error on missing providers. This allows recipes to use the `nospdx` inherit to prevent SPDX from being generated, but not result in an error when assembling the final image. Note that runtime packages generation already ignored missing providers, so this is changing image and SDK generation to match Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 6406240932 --------------------------- spdx30: Remove package VEX Removes VEX statements from packages. These are no longer necessary since the VEX data is now attached to the recipes, which significantly reduces the duplication of the data, and thus the size of the SPDX output files. Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 667a06a9d4 --------------------------- spdx_common: Check for dependent task in task flags Checks that the task being used to detect dependencies is present in at least one dependency task flag of the current task. This helps prevent errors where the wrong task is specified and never found. Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 0cb75bd7f9 --------------------------- spdx: De-duplicate CreationInfo De-duplicates CreationInfo objects that are identical (except for ID) when writing out an SBoM. This significantly reduces the number of CreationInfo objects that end up in the final document. Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 9e85daf516 --------------------------- spdx30: Include patch file information in VEX Modifies the SPDX VEX output to include the patches that fix a particular vulnerability. This is done by adding a `patchedBy` relationship from the `VexFixedVulnAssessmentRelationship` to the `File` that provides the fix. If the file can be located without fetching (e.g. is a file:// in SRC_URI), the checksum will be included. Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: ca92ab825c --------------------------- spdx3: Add is-native property Adds a custom is-native property to the recipe package to indicate if it is a native recipe Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 1b926c8cf7 --------------------------- spdx3: Add recipe SBoM task Adds a task that will create the complete recipe-level SBoM for a given target recipe, following all dependencies. For example: ``` bitbake -c create_recipe_sbom zstd ``` Would produce the complete recipe SBoM for the zstd recipe, include all build time dependencies (recursively). The complete SBoM for all (target) recipes can be built with: ``` bitbake meta-world-recipe-sbom ``` Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: d999ac407c --------------------------- spdx3: Add recipe SPDX data Adds a new package to the SPDX output that represents the recipe data for a given recipe. Importantly, this data contains only things that can be determined statically from only the recipe, so it doesn't require fetching or building anything. This means that build time dependencies and CVE information for recipes can be analyzed without needing to actually do any builds. Sadly, license data cannot be included because NO_GENERIC_LICENSE means that actual license text might only be available after do_fetch Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: 13cd668c77 --------------------------- packagegroup-core-tools-profile: add lttng-modules to LTTNGTOOLS It has removed lttng-modules from lttng-tools's RRECOMMENDS, so add lttng-modules to LTTNGTOOLS in packagegroup-core-tools-profile.bb to make its dependent packages unchanged. [RP: Fix for riscv64 which doesn't support lttng-modules] Signed-off-by: Kai Kang Signed-off-by: Richard Purdie --------------------------- Commit: bcc58d4db0 --------------------------- lttng-tools: not rrecommend on lttng-modules As in the lttng manual [1]: Most distributions mark the LTTng-modules and LTTng-UST packages as optional when installing LTTng-tools (which is always required). In the following sections, we always provide the steps to install all three, but note that: * You only need to install LTTng-modules if you intend to use the Linux kernel LTTng tracer. * You only need to install LTTng-UST if you intend to use the user space LTTng tracer. there should be no force dependency between lttng-tools and lttng-modules. When set lttng-modules in RRECOMMENDS, it always forces to build lttng-modules whether it is required or not. Compare to rpm spec [2] and debian conf [3], there are no any dependency between them too. So remove the RRECOMMENDS setting. [1]: https://lttng.org/docs/v2.14/#doc-installing-lttng [2]: https://rpmfind.net/linux/RPM/fedora/updates/testing/43/aarch64/Packages/l/lttng-tools-2.14.0-4.fc43.aarch64.html [3]: https://packages.debian.org/trixie/lttng-tools Signed-off-by: Kai Kang Signed-off-by: Richard Purdie --------------------------- Commit: 5f34680219 --------------------------- python3: package all of the compression module into python3-compression Package all of the compression. module into the compression package, as otherwise some modules such as compression.zstd end up in python3-misc. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 32801348ca --------------------------- glibc-testsuite: Do not generate SPDX glibc-testsuite does not run on target or factor into the build supply chain, since its purpose is run tests in Qemu at build time Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie --------------------------- Commit: fd6957926f --------------------------- meta/*-tarball: Fix SDK PACKAGE_ARCH after recent changes In "sstate: Tweak SDK sstate package architecture", these PACKAGE_ARCH values should have been updated to match, fix that. Signed-off-by: Richard Purdie --------------------------- Commit: 3a9bdbd4c7 --------------------------- runqemu: fix the checking of STAGING_BINDIR_NATIVE In previous patch[1], the os.path.exists was accidently called twice. This is incorrect. [1] https://git.openembedded.org/openembedded-core/commit/?id=972155bbee02dd8061fee9c07a40f8e9034b9a3c Signed-off-by: Chen Qi Signed-off-by: Richard Purdie --------------------------- Commit: aeb2a667b9 --------------------------- documentation.conf: Add LICENSE_FLAGS related variables The LICENSE_FLAGS, LICENSE_FLAGS_ACCEPTED, and LICENSE_FLAGS_DETAILS documented in [1] are not listed in documentation.conf. This commit adds them to the documentation.conf file. [1] https://docs.yoctoproject.org/dev/dev-manual/licenses.html#enabling-commercially-licensed-recipes Signed-off-by: Ricardo Ungerer Reviewed-by: Mark Jonas Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b351aadeb6 --------------------------- barebox-tools: upgrade 2026.01.0 -> 2026.03.0 Highlights in v2026.03.0: - Security fix: signed FIT image vulnerability fixed; users doing secure boot with signed FIT images should update to this release - Added Rockchip RK3562 SoC support along with KickPi K3 board - USB Fastboot now supports booting Linux kernels generically across architectures (previously limited to ARM32 zImage) - CI infrastructure gained PowerPC Qemu test coverage - ARM NXP i.MX8MP: Fixed SoC UID incorrectly reading 64bit instead of 128bit; enable CONFIG_ARCH_IMX8MP_KEEP_COMPATIBLE_SOC_UID if rolled out devices depend on constant SoC UID For full release notes, see: https://lore.kernel.org/barebox/abQ56zuKfzKlZvcr@pengutronix.de/T/#u Dropped a local patch 0001-barebox-tools-fix-glibc-2.43-openat2-build.patch as it has been merged now with this release. Signed-off-by: Hemanth Kumar M D Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ff1b7becac --------------------------- libinput: upgrade 1.30.1-> 1.30.2 1. Changelog https://gitlab.freedesktop.org/libinput/libinput/-/releases/1.30.2 Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2681601e44 --------------------------- ccache: upgrade 4.12.3 -> 4.13.1 1. Changelog https://ccache.dev/releasenotes.html#_ccache_4_13_1 2. Checksum of LICENSE.adoc changed as: 2.1 authors.adoc location changed 2.2 third_party fmt version update 2.3 third_party oss nonstd-span removed 3. Remove LIC_FILES_CHKSUM of nonstd-span as it was removed from third_party Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f5054652f8 --------------------------- oeqa/qemurunner: make the error message about invalid rootfs clearer Printing "Invalid rootfs" when the rootfs image simply doesn't exist can be misleading to the user. Print a clearer message to help users understand the issue. Signed-off-by: Corentin Guillevic Signed-off-by: Richard Purdie --------------------------- Commit: 915870472e --------------------------- documentation.conf: Drop obsolete QMAKE vars The use of these variables ceased already in 2015, since commit cb89d2b25b4e ("qt4: remove recipes and classes") Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie --------------------------- Commit: 7a45c8ca22 --------------------------- documentation.conf: Drop obsolete INC_PR The use of the variable ceased already in 2020, since commit 3fdd772b419b ("recipes: Remove remaining INC_PR variables") Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie --------------------------- Commit: b1622286fb --------------------------- python3-sbom-cve-check: Update to release 1.2.0 Update from release 1.1.0 to 1.2.0. The changelog: https://github.com/bootlin/sbom-cve-check/blob/v1.2.0/CHANGELOG.md#v120 Signed-off-by: Benjamin Robin Signed-off-by: Richard Purdie --------------------------- Commit: a06bb82e5e --------------------------- gdb: Upgrade 16.3 -> 17.1 GDB 17.1 includes the following changes and enhancements: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=gdb-17.1-release * x86-64 CET shadow stack support * Debugging Linux programs that use AArch64 Guarded Control Stacks * GDB record feature now supports rv64gc architectures * 'info threads' command support for two new options '-stopped' and '-running' to limit the list of displayed threads. * On Linux and FreeBSD, the addresses shown by the 'info sharedlibrary' command are now for the full memory range allocated to the shared library. * Linux checkpoints now work with multiple inferiors * Improved linker namespace support * Warnings and error messages now start with an emoji (warning sign, or cross mark) if supported by the host charset. Configurable. * Built-in support for TLS on Linux as backup when libthread_db is not available. Supported on the x86_64, aarch64, ppc64, s390x, and riscv architectures, when compiled with GLIBC or MUSL. * New command "set riscv numeric-register-names" to display risc-v registers using their numeric names instead of their ABI names. * The Alpha target now supports target descriptions. * Python API enhancements * Support for Python versions older than 3.4 has been removed. Dropped 0009-Readline-8.3-alpha-release.patch Added 0009-PR-gdb-33747-gdb-ser-unix-modernize-Linux-custom-bau.patch Added 0010-GDB-aarch64-linux-Fix-build-failure-on-musl-systems.patch Co-authored-by: Sundeep Kokkonda Signed-off-by: Sunil Dora Signed-off-by: Richard Purdie --------------------------- Commit: 548c212a11 --------------------------- overlayfs-etc: Add template file dependency It case a user uses own template file, its changes have to be propagated to the image. Fixes [YOCTO #16193] Cc: Wojciech Niziński Signed-off-by: Vyacheslav Yurkov Signed-off-by: Richard Purdie --------------------------- Commit: e5184a0d20 --------------------------- sanity: condition hash equivalence warnings to when it is in use. The warnings about the hash equivalence server are only valid when the signature is being used, and for that we have to check the BB_SIGNATURE_HANDLER variable. This fix the warning that is displayed when using the basic signature hash, OEBasicHash. | WARNING: | You are using a local hash equivalence server but have configured an sstate mirror. | This will likely mean no sstate will match from the mirror. | You may wish to disable the hash equivalence use (BB_HASHSERVE), | or use a hash equivalence server alongside the sstate mirror. Signed-off-by: Jose Quaresma Signed-off-by: Richard Purdie --------------------------- Commit: 59cd78b2a3 --------------------------- cmake: upgrade 4.2.3 -> 4.3.0 Release notes are available at [0]. License-Update: Year references updated in [1] and [2] [0]: https://cmake.org/cmake/help/v4.3/release/4.3.html [1]: https://gitlab.kitware.com/cmake/cmake/-/commit/b08cb30f2efda73796a076cef2b7b4c29e458c27 [2]: https://gitlab.kitware.com/cmake/cmake/-/commit/97ad58a86cf73d85f755939114eb6b32f085d0dd Signed-off-by: Moritz Haase Signed-off-by: Richard Purdie --------------------------- Commit: 16e9b6f6ae --------------------------- kernel-yocto-rust: Move rust kernel dependencies to bbclass Move the rust kernel dpendencies from linux-yocto.inc to kernel-yocto-rust.bbclass. This centralizes Rust-specific configuration in the dedicated class, which is intended to be inherited only when Rust kernel support is enabled (e.g. via KERNEL_FEATURES). Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: b83ff91337 --------------------------- gtk4: Fix a build error in examples/application8 Add a backported patch from master to use underscore instead of space in a generated filename. This fixes the build error: | /usr/bin/ld: cannot find examples/application8/exampleapp8.p/meson-generated_.._exampleapp8: No such file or directory | /usr/bin/ld: cannot find resources.c.o: No such file or directory Signed-off-by: Zoltán Böszörményi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 20d0db2612 --------------------------- libc-package, default-distrovars: Remove unsupported LOCALE_UTF8_ONLY ptest subpackages for various recipes added RDEPENDS for locales that do not exist when LOCALE_UTF8_ONLY is set to 1. This makes it clear that LOCALE_UTF8_ONLY=1 is untested in Yocto and became unsupported. Remove this distro variable. Signed-off-by: Zoltán Böszörményi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7728aa3168 --------------------------- systemd: break circular dependency with libfido2 libfido2 depends on udev, and when the fido2 feature is enabled in systemd, systemd depends on libfido2. However, systemd really only needs libfido2's headers at build time. It uses dlopen to opportunistically enable the features at runtime. Break this circular dependency by creating a recipe that provides libfido2's headers and pkgconfig file. That allows systemd to build with fido2 enabled and allows libfido2 do build as well. Signed-off-by: Dan McGregor Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: fa10e1b59b --------------------------- spdx-common: Add documentation for undocumented SPDX variables Add [doc] strings for eight undocumented SPDX-related BitBake variables in spdx-common.bbclass. Variables documented: - SPDX_INCLUDE_SOURCES - SPDX_INCLUDE_COMPILED_SOURCES - SPDX_UUID_NAMESPACE - SPDX_NAMESPACE_PREFIX - SPDX_PRETTY - SPDX_LICENSES - SPDX_CUSTOM_ANNOTATION_VARS - SPDX_MULTILIB_SSTATE_ARCHS This makes variables discoverable via bitbake-getvar and IDE completion, improving usability for SBOM generation. Signed-off-by: Stefano Tondo Reviewed-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 9dd9c00389 --------------------------- cve_check: Escape special characters in CPE 2.3 strings CPE 2.3 formatted string binding (cpe:2.3:...) requires backslash escaping for special meta-characters per NISTIR 7695. Characters like '++' and ':' in product names must be escaped. The CPE 2.3 specification defines two bindings: - URI binding (cpe:/...) uses percent-encoding - Formatted string (cpe:2.3:...) uses backslash escaping Escape the required meta-characters with backslash: - Backslash (\\) -> \\ - Question mark (?) -> \? - Asterisk (*) -> \* - Colon (:) -> \: - Plus (+) -> \+ All other characters are kept as-is without encoding. Example CPE identifiers: - cpe:2.3:*:*:crow:1.0\+x:*:*:*:*:*:*:* - cpe:2.3:*:*:sdbus-c\+\+:2.2.1:*:*:*:*:*:*:* Signed-off-by: Stefano Tondo Reviewed-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 952990d3bd --------------------------- orc: Enable hotdoc to produce doc Add do_install:append function to fix QA Issue like "File /usr/share/doc/orc/html/assets/js/search/hotdoc_fragments/orctarget.html-enum (unnamed at /work/x86-64-v3-poky-linux/orc/0.4.42/sources/orc-0.4.42/orc/orctarget.h:39:1).fragment in package orc-doc contains reference to TMPDIR [buildpaths]" Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 8ad2360405 --------------------------- oeqa: manual: Add Upstream-Status to abat patch Running check-layer on the core metadata showed that abat.patch is missing an Upstream-Status. Signed-off-by: Paul Barker Signed-off-by: Richard Purdie --------------------------- Commit: df0947c765 --------------------------- udev-extraconf: detect init manager from pid Detecting the init manager from /sbin/init does not always work and it fails when etc-overlayfs is used, because first the pre-init script is called and init is renamed as init.orig.. Read the process name with pid = 1 from /proc, and use it to detect the init manager. Signed-off-by: Stefano Babic Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a3551d15f6 --------------------------- systemd: fix configure option for dropping sysv support Add three extra configuration options to make our systemd stop supporting sysvinit. Without these three options, we'll have in config.h: build/config.h:#define HAVE_SYSV_RC_LOCAL 1 build/config.h:#define HAVE_SYSV_COMPAT 1 The HAVE_SYSV_RC_LOCAL makes /etc/rc.local work as the rc-local.service is still installed. And the HAVE_SYSV_COMPAT means /etc/rcX.d is still supported. With this fix, we have: build/config.h:#define HAVE_SYSV_RC_LOCAL 0 build/config.h:#define HAVE_SYSV_COMPAT 0 Note that these three options need to be dropped when systemd is upgraded to v260. Signed-off-by: Chen Qi Signed-off-by: Richard Purdie --------------------------- Commit: eafb6d797b --------------------------- packagegroup-core-tools-profile: Avoid dependency on systemtap for loongarch64 Trying to build systemtap for qemuloongarch64 gives the error: systemtap was skipped: incompatible with host loongarch64-oe-linux (not in COMPATIBLE_HOST) Drop this dependency from packagegroup-core-tools-profile to avoid the error. Signed-off-by: Paul Barker Signed-off-by: Richard Purdie --------------------------- Commit: 10a54e177b --------------------------- systemd: upgrade 259.3 -> 259.5 Update to latest revision of v259. Changes: https://github.com/systemd/systemd/compare/v259.3...v259.5 Signed-off-by: Peter Marko Signed-off-by: Richard Purdie --------------------------- Commit: 2d8da77f28 --------------------------- grub: add patch to use medany for riscv64 >From the upstream bug report, filed in 2024: |GRUB 2.12 does not compile correctly using large model on riscv64 using gcc 14.1.1 (gcc-14.1.1-5.fc40.x86_64). | |It is my understanding that the large model should not really be used on riscv64 yet and trying to build GRUB 2.12 with it results in an error: | |+ ././grub-mkimage -O riscv64-efi -o grubriscv64.efi.orig -d grub-core --sbat ././sbat.csv -m memdisk.squashfs -p /EFI/fedora all_video boot blscfg btrfs cat configfile cryptodisk echo ext2 f2fs fat font gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_twofish gcry_whirlpool gfxmenu gfxterm gzio halt hfsplus http increment iso9660 jpeg loadenv loopback linux lvm luks luks2 memdisk mdraid09 mdraid1x minicmd net normal part_apple part_msdos part_gpt password_pbkdf2 pgp png reboot regexp search search_fs_uuid search_fs_file search_label serial sleep squash4 syslinuxcfg test tftp version video xfs zstd efi_netfs efifwsetup efinet lsefi lsefimmap connectefi |././grub-mkimage: error: relocation 0x2b is not implemented yet. | |medany builds successfully and boots on the VisionFive2 and on VMs. Signed-off-by: Trevor Gamblin Signed-off-by: Richard Purdie --------------------------- Commit: 4819698443 --------------------------- wic: filemap: use separate fd for SEEK_HOLE probes While working on splitting-out wic from oe-core, on my openSUSE Leap 16.0 machine, the moment I split wic out, 2 oe-selftests always failed with 100% reproducibility: - wic.ModifyTests.test_wic_cp_ext - wic.Wic2.test_expand_mbr_image In both cases the symptom is the same: the filesystem has inode tables that are completely zeroed out. Both issues are linked together to the same underlying fault. FilemapSeek._get_ranges() is a generator. Due to the nature of finding each hole/data extent one at a time using the lseek() system call, it calls os.lseek() on a raw file descriptor, then yields, then the caller, sparse_copy(), calls file.seek() + file.read() on a Python BufferedReader wrapping that same fd — then the generator resumes and calls os.lseek() again. This interleaving of raw os.lseek() and buffered I/O on the same fd is undefined behaviour from Python's perspective. The BufferedReader tracks its own idea of the fd's position and buffer contents; os.lseek() changes the position behind its back. This can corrupt its internal state and cause read() to return stale/zero data. This code, however, has existed in wic since it was written, so why was it not noticed before? It turns out this bug was being masked by a number of implementation details that changed, especially when wic was split out for oe-core. These changes conspired together to cause the bug to be triggered. One of the root causes of this bug is that Python 3.14 increased the default buffer size from 8KB to 128KB[1]. With 8 KB buffers, read()s either go through the direct-read path leaving the buffer empty, or if it fills in 8KB chunks the buffer is fully drained. Either way, with a small buffer, read()s do a real raw seek. No fast path. No corruption. With a 128KB buffer, however, a much larger window exists where BufferedReader.seek() can take the fast-path after the raw file descriptor has already been repositioned by os.lseek() in the generator. With the smaller buffer, this window was too narrow to hit in practice. This is fixed by opening a second file object in FilemapSeek.__init__() dedicated to SEEK_DATA/SEEK_HOLE probes, leaving the data-reading handle (self._f_image) untouched. This explains why the corruption is deterministic and tied to specific block boundaries, why it only manifests with the split-out version using Python 3.14 (on systems that are using Python versions less than 3.14 on the host), and why using a separate file descriptor for reading bypasses the issue entirely. This is not an intermittent bug. For a more detailed explanation including log files, in-depth analysis, and a standalone Python reproducer, please see the linked bugzilla entry. Fixes: [YOCTO #16197] [1] https://github.com/python/cpython/commit/b1b4f9625c5f2a6b2c32bc5ee91c9fef3894b5e6 b1b4f9625c5f ("gh-117151: IO performance improvement, increase io.DEFAULT_BUFFER_SIZE to 128k (GH-118144)") AI-Generated: codex/claude-opus-4.6 (xhigh) Signed-off-by: Trevor Woerner Signed-off-by: Richard Purdie --------------------------- Commit: dd79baf74a --------------------------- license: Fix sstate hash conflict issues Currently, SSTATE_PKGARCH is injected into the sstate packages themselves but the output of do_populate_lic is meant to be architecture invariant. Instead of putting it into the package, use that part of the path as the installation location. This makes the sstate packages architecture invariant and avoids hash mismatch issues. Since the sstate install path isn't part of the task checksums, we can just remove all the LICENSE_DEPLOY_PATHCOMPONENT code entirely. It will change the native/cross locations to SSTATE_PKGARCH but that likely makes more sense anyway. I suspect this was what I'd originally intended when I added SSTATE_PKGARCH to the path but things weren't quite done correctly. Signed-off-by: Richard Purdie --------------------------- Commit: 531f87111d --------------------------- layer.conf: Use += to add to the DUMMY_PACKAGE_ARCHS_* variables This avoids the assumption that the meta layer is the first layer listed in the BBLAYERS variable. Signed-off-by: Peter Kjellerstedt Signed-off-by: Richard Purdie --------------------------- Commit: cd1179544d --------------------------- layer.conf: Update to wrynose Prepare for the next release and update to the new wrynose release series. Signed-off-by: Richard Purdie --------------------------- Commit: 2dc4d2f8b5 --------------------------- qemurunner: Hide kernel messages on first non-raw run_serial() call Kernel messages on console can be mixed with run_serial() command output and might even prevent run_serial() to read the command exit code. To fix this, on the first non-raw run_serial() call, run "dmesg -n 1" first to hide the kernel message from the console we use to run commands. Note that kernel messages are still logged in dmesg buffer. man dmesg (from util-linux): > -n, --console-level > level Set the level at which printing of messages is done to the > console. The level is a level number or abbreviation of the level name. > For all supported levels see the --help output. > > For example, -n 1 or -n emerg prevents all messages, except emergency (panic) > messages, from appearing on the console. All levels of messages are still > written to /proc/kmsg, so syslogd(8) can still be used to control exactly where > kernel messages appear. When the -n option is used, dmesg will not print or > clear the kernel ring buffer. Busybox's dmesg also support the option. Raw run_serial() calls are used during the login process when it's too early to run the dmesg command. Fixes [ YOCTO #16189 ] Signed-off-by: Yoann Congal Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 69af43387e --------------------------- webkitgtk: remove PACKAGECONFIG soup2 * libsoup-2.4 already removed in commit [1], so remove the soup2 PACKAGECONFIG, which may causes depeneds on libsoup-2.4. * soup2 will not be supported from 2.52.0. * webkitgtk build with libsoup3 by default, USE_SOUP2 is OFF by default, so also remove soup3 option [1] https://git.openembedded.org/openembedded-core/commit/?id=94ebc5b798aed6eea642c5e2a4df24b386520636 [2] https://webkitgtk.org/2025/10/07/webkitgtk-soup2-deprecation.html Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 61d653562a --------------------------- gstreamer1.0-plugins-good: remove PACKAGECONFIG soup2 * libsoup-2.4 already removed in commit [1], so remove the soup2 PACKAGECONFIG, which may causes depeneds on libsoup-2.4 * provide soup3 option, enable soup3 will enable soup and soup version will be auto defected as libsoup3 since we depend on libsoup, disable soup3 will disable soup. [1] https://git.openembedded.org/openembedded-core/commit/?id=94ebc5b798aed6eea642c5e2a4df24b386520636 Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 56aeb7ff4e --------------------------- uki.bbclass: make DTB packaging optional According to the Unified Kernel Image (UKI) specification [1], including a compiled device tree in the .dtb section of a UKI is optional. However, the current implementation always packages device trees listed in KERNEL_DEVICETREE into the UKI by default. This makes uki.bbclass unsuitable for systems that rely on firmware-provided DTBs and do not want a DTB embedded in the UKI. Fix this by introducing a new UKI_DEVICETREE variable to control device tree packaging. The .dtb section is now populated from UKI_DEVICETREE instead of KERNEL_DEVICETREE. Users who do not want DTBs included in the UKI can override UKI_DEVICETREE to an empty value from their recipes. Update the UKI selftests accordingly, as QEMU does not provide a device tree to embed. [1] https://uapi-group.org/specifications/specs/unified_kernel_image/ Signed-off-by: Viswanath Kraleti Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5571775018 --------------------------- python3: Add a new PACKAGECONFIG knob for free threading One of the main points in the Python 3.14.x release notes was that free threading is officially supported. Add PACKAGECONFIG[freethreading] to turn it on with --disable-gil. GIL is the Global Interpreter Lock, which is kept enabled without this option. By default, keep free threading disabled, i.e. GIL enabled. Signed-off-by: Zoltán Böszörményi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4caa308304 --------------------------- curl: upgrade 8.18.8 -> 8.19.0 Solves CVE-2026-1965, CVE-2026-3783, CVE-2026-3784 and CVE-2026-3805. Drop patch included in the release. Release info [1]: Changes: * BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 * cmake: add `CURL_BUILD_EVERYTHING` option * mqtt: initial support for MQTTS * tool: support fractions for --limit-rate and --max-filesize * tool_cb_hdr: with -J, use the redirect name as a backup * vquic: drop support for OpenSSL-QUIC * windows: add build option to use the native CA store * windows: bump minimum to Vista (from XP) (and lot of bugfixes) [1] https://curl.se/ch/8.19.0.html License-Update: copyright years refreshed Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6a6377a983 --------------------------- libuv: upgrade 1.52.0 -> 1.52.1 Release info [1]: Changes since version 1.52.0: * misc: add simple clang-tidy setup (Jameson Nash) * unix: check RLIMIT_AS and RLIMIT_DATA in uv_get_constrained_memory (Jameson Nash) * win: add fs-fd-hash-inl.h to tarball (tobil4sk) * unix,win: support NULL loop for sync uv_getaddrinfo (Saúl Ibarra Corretgé) * Fix const-correctness warning in linux.c (Quaylyn Rimer) * build(deps): bump actions/upload-artifact from 6 to 7 (dependabot[bot]) * build(deps): bump actions/download-artifact from 7 to 8 (dependabot[bot]) * unix: fix compilation warnings with GCC 15 (Saúl Ibarra Corretgé) * test: remove conditionals from `uv_thread_self` usage (Yasser Nascimento) * unix: fix discard const (Rudi Heitbaum) * unix: do not cast to char variables that are const char (Rudi Heitbaum) * linux: fix crash if poll callback closes handle before `POLLERR` (Juan José Arboleda) [1] https://github.com/libuv/libuv/releases/tag/v1.52.1 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 3cfa638aa9 --------------------------- linux-firmware: upgrade 20260221 -> 20260309 Upgrade the firmware package to latest release. Add package ${PN}-lt8713sx for Lontium LT8713SX DP hub, add audioreach firmware and license for Kaanapali, Lenovo ISH LNLM firmware was renamed so add those files in ${PN}-ish-lnlm-53c4ffad package, and modify FILES:${PN} for package ${PN}-ish-lnlm-12128606 to pack firmwares properly. Signed-off-by: Vivek Puar Cc: Dmitry Baryshkov Reviewed-by: Dmitry Baryshkov Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 945d9b9e75 --------------------------- linux: cve-exclusions: Add --always to git-describe Otherwise https://git.kernel.org/pub/scm/linux/security/vulns.git cannot be used: subprocess.CalledProcessError: Command '('git', 'describe', '--tags', 'HEAD')' returned non-zero exit status 128. Original error from git: fatal: No names found, cannot describe anything. The change will at least produce an abbreviated SHA1 hash as {data_version}. Fixes: 5e66e2b79fae ("linux/generate-cve-exclusions: show the name and version of the data source") Signed-off-by: Alexander Sverdlin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6145c70a27 --------------------------- mesa: remove trailing whitespace Signed-off-by: Lucas Stach Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fe0490e637 --------------------------- resulttool: Fix UnboundLocalError when missing test results The junit_tree function failed when either ptest or imagetest results were missing from testresults.json due to uninitialized variables. Move variable initialization outside the loop to ensure they always have default values. Signed-off-by: Miroslav Cernak Signed-off-by: Richard Purdie --------------------------- Commit: 817b5c012a --------------------------- pypi.bbclass: set UPSTREAM_CHECK_PYPI_PACKAGE from PYPI_PACKAGE This aligns the tarball upstream check regex (set from former variable) with existing tarball name (set from the latter). Previously the regex used a 'normalized' value (_ replaced with -) which wasn't matching the actual tarballs, and required setting both variables whenever PYPI_PACKAGE default wasn't suitable and had to be set in the recipe. I have confirmed that 'devtool check-upgrade-status' doesn't break. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 3b476245b3 --------------------------- iptables/libmnl: fix upstream version check The original locations still exist, but no longer allow directory listings. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 1fc2b952c7 --------------------------- libfyaml: inherit github-releases class This fixes the upstream version check for the newly added recipe, as the default SRC_URI-minus-tarball page doesn't contain a list of releases. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 9e2d2a5b0c --------------------------- gstreamer1.0-vaapi: remove recipe gstreamer-vappi has been removed in favour of the va plugin and is no longer updated going forward. Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie --------------------------- Commit: dcac7775f2 --------------------------- lib/oe/patch: add user and email when patchtool is git When the PATCHTOOL=git, oe-core creates a git repo for the sources with: git init git add . git commit The git commit can fails blindly due to misconfigured user when git don't have the email proper configured. Although the commit command does not fail because it returns 0, it is not executed and the tree remains with all files staged so the following git commands can fail and fails in some cases. This problem has been particularly observed in some obscure and little-used cases in openembedded-core like patching the linux-firmware which only works using PATCHTOOL=git because it deals with binary files. Signed-off-by: Jose Quaresma Signed-off-by: Richard Purdie --------------------------- Commit: 89a9a02859 --------------------------- appstream: upgrade from 1.0.6 to 1.1.2 License-Update: Update COPYING with latest from FSF * Upstream changed the dependency, libyaml changed to libfyaml, refer [1] * Upstream enable bash-completion by default, but bash-completion is in ASSUME_PROVIDE, on host without bash-completion, appstream-native will configure failed, so disable bash-completion for appstream-native [1] https://github.com/ximion/appstream/commit/2899271049c0c9716eba0ccd62b10cdb9df5746d#diff-35104d8113cb43cdd6cfaa78c780eba89165e17c580d1e6678e5c3dfbd9b23c5 Signed-off-by: Changqing Li Signed-off-by: Richard Purdie --------------------------- Commit: 6e9ebdf5fb --------------------------- lttng-modules: Upgrade 2.14.3 -> 2.14.4 to fix build issue on kernel 6.18 Add 0001-fix-adjust-range-in-btrfs-probe-for-v6.18.14.patch to adjust Brtfs probe header for 6.18[1] Change Log: 2026-02-09 LTTng modules 2.14.4 * fix: Manual conversion to use ->i_state accessors (v6.19) * fix: btrfs: headers cleanup to remove unnecessary local includes (v6.19) * Fix: Initialize syscall tables sorted entries * Cleanup lttng-syscalls.h: Remove extern on function prototypes * Make init_event_desc_enum_desc_sorted_entries public * Update .gitreview for stable-2.14 Ref: [1] https://git.lttng.org/?p=lttng-modules.git;a=commit;h=ca93dc3b05fcb22db5b653858a1b08002496d783 Signed-off-by: Xiangyu Chen Signed-off-by: Richard Purdie --------------------------- Commit: 512a71ea5d --------------------------- librsvg: move symlink file for ptest in package librsvg-ptest In order to make ptest can find needed data, a symlink is created: /usr/lib64/librsvg/rsvg -> ptest package this symlink file in package librsvd-ptest, this can avoid there is a dead link when ptest-pkgs is not installed. Signed-off-by: Changqing Li Signed-off-by: Richard Purdie --------------------------- Commit: d3d1694035 --------------------------- selftest: uboot: Add sefltest for recent KCONFIG_CONFIG_ROOTDIR fix Add a check to make sure that KCONFIG_CONFIG_ROOTDIR and KCONFIG_CONFIG_ENABLE_MENUCONFIG are being set correctly in the different cases. A recent commit [1] showed that we were missing a check for the correctness of these variables. [1] https://git.openembedded.org/openembedded-core/commit/?id=2548c040ea155c981e41cb0282bcb28c47b3b688 Signed-off-by: Ryan Eatmon Signed-off-by: Richard Purdie --------------------------- Commit: 16054e30b2 --------------------------- uboot-config: Fix scope of KCONFIG_CONFIG_ROOTDIR check The current check is in the inner loop of UBOOT_CONFIG, but the check is attempting to only apply to the case when there is a single entry in UBOOT_CONFIG. Shift the indention to be outside of the for loop and only execute once. Signed-off-by: Ryan Eatmon Signed-off-by: Richard Purdie --------------------------- Commit: a534e79198 --------------------------- shadow: fix build with GCC 10 Fix the build with GCC 10 which otherwise fails due to function parameters being unnamed. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: d0671c3dad --------------------------- rust: enable dynamic LLVM linking by default Fixes [YOCTO #16058] Enable dynamic linking with LLVM (link-shared) for all rust variants (native, nativesdk and target) via a PACKAGECONFIG option, enabled by default. This prevents segmentation faults when reusing sstate artifacts built with different host toolchains. Update multilib library symlinking to include shared libraries and adjust the rust selftest to install llvm so the dynamically linked compiler can run correctly. Suggested-by: Alexander Kanavin Signed-off-by: Sunil Dora Signed-off-by: Richard Purdie --------------------------- Commit: a967f364c7 --------------------------- scripts/install-buildtools: Update to 5.3.2 Update to the 5.3.2 release of the 5.3 series for buildtools Signed-off-by: Aleksandar Nikolic Signed-off-by: Richard Purdie --------------------------- Commit: 388cd4770e --------------------------- ptest-packagelists: Exclude ptests from musl which are known to fail Since we'd like to start tracking musl ptest regressions, mark the existing known failures for qemuarm64 and qemux86-64 so we can then start to test without warnings. Signed-off-by: Richard Purdie --------------------------- Commit: 4e06a6df74 --------------------------- sstate/sstatesig: Abstract dummy package architectures into layer.conf settings Other layers need to be able to add dummy recipes. To do this add DUMMY_PACKAGE_ARCHS_SDK and DUMMY_PACKAGE_ARCHS_TARGET in layer.conf which can be used to add these to the right places in the code. Don't add the variables to task signatures as these only matter in the context of constructed images and not the recipes. Signed-off-by: Richard Purdie --------------------------- Commit: 834efe5eea --------------------------- sstate: Tweak SDK sstate package architecture While in this area of the code, it is worth noting that PACKAGE_ARCH + PN are already designed to capture the needed information that we need in SSTATE_PKGARCH. We can therefore simplify things by just using the standard fallack for SSTATE_PKGARCH instead of more complex manipulations. Signed-off-by: Richard Purdie --------------------------- Commit: 7e8dae7502 --------------------------- meta/dummy-sdk-package: Improve SDK dummy package handling Currently, the dummy SDK packages are re-running for different SDKMACHINE values when they should not. The usage of allarch is broken and not triggering the right PACKAGE_ARCH value due to the deferred nature of nativesdk. This was probably broken when we switched to add deferred classes. To try and make this all more explict and less prone to breakage, switch to calling oe.utils.make_arch_independent() directly. Add the 'special' package architecture values to SSTATE_ARCHS so the system cna properly track them. Remove the pointless tasks we don't need from the dummy recipes, mark the packagedata as machine independent and then remove from the conflict list in sstate.bbclass. Signed-off-by: Richard Purdie --------------------------- Commit: ac9fb57879 --------------------------- allarch/lib: Convert core of allarch code into a function We need to call the functionality in allarch.bbclass from other contexts and the current conditionals are problematic enough without further changes confusing things. Move the code to a funtion in oe.utils so we can call it as needed. Signed-off-by: Richard Purdie --------------------------- Commit: 9f59ba9cd6 --------------------------- bitbake.conf: Add SDKMACHINE to BUILDCFG_VARS, drop TARGET_FPU Tweak the default build header to add SDKMACHINE and drop TARGET_FPU since that data is more likely to be of use to the general user. Signed-off-by: Richard Purdie --------------------------- Commit: 78e8586cc1 --------------------------- sstate: Drop unneeded SSTATE_MANMACH variable This variable doesn't appear needed and just confuses the code, remove it. Signed-off-by: Richard Purdie --------------------------- Commit: 10dff9f0ed --------------------------- runtime_test: Add rust-out-of-tree selftest This new case tests that the rust-out-of-tree-module recipe compiles and run properly: check that the dmesg output is as expected. Signed-off-by: Yoann Congal Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 4b7581df74 --------------------------- make-mod-scripts: fix for buildpath issues with rust-out-of-tree compilation Fixes buildpath issues when compiling rust-out-of-tree recipe. Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 5fdb94febc --------------------------- meta-skeleton: Add rust-out-of-tree-module recipe Basic template for an out-of-tree Linux kernel module written in Rust. Mainly to test Rust integration into the kernel. Signed-off-by: Yoann Congal Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 76fd22f09f --------------------------- module-rust.bbclass: Prepare out-of-tree rust module compilation Add support for rust-out-of-tree module compilation: - Add dependency to rust-native - Remap ${S} in compiled output to avoid buildpath errors - Added check to skip rust out-of-ree-module compilation, if rust kernel support is not enabled Co-developed-by:Yoann Congal Signed-off-by: Yoann Congal Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: af8cdc54e3 --------------------------- kernel.bbclass: Copy include/config/auto.conf in STAGING_KERNEL_BUILDDIR Linux commit aaed5c7739be ("kbuild: slim down package for building external modules")[0] states that include/config/auto.conf is also a file needed for out-of-tree build. This avoids this error when building an out-of-tree Rust kernel module: | make -C .../tmp/work-shared/qemux86-64/kernel-source M=$PWD | make[1]: Entering directory '.../tmp/work-shared/qemux86-64/kernel-source' | make[2]: Entering directory '.../tmp/work/qemux86_64-poky-linux/rust-out-of-tree-module/git/sources/rust-out-of-tree-module-git' | .../tmp/work-shared/qemux86-64/kernel-source/Makefile:779: .../tmp/work-shared/qemux86-64/kernel-build-artifacts/include/config/auto.conf: No such file or directory [0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aaed5c7739be81ebdd6008aedc8befd98c88e67a Signed-off-by: Yoann Congal Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 01ea2b2add --------------------------- selftest/cases/runtime_test: Add test for Linux Rust sample This new case tests that the rust_mininal sample inside the kernel source tree is buildable and works properly: check that the module can be loaded and that it prints correctly. Signed-off-by: Yoann Congal Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: a38b7a1be6 --------------------------- kernel-devsrc: copying rust-kernel source to $kerneldir/build When CONFIG_RUST is enabled, running 'make prepare' in the target & SDK fails because the Rust kernel infrastructure is incomplete in the staged kernel sources. The Rust build system requires a wider set of interdependent sources during make prepare, including bindgen inputs, C helper sources, generated headers, and other support files. These are all located under the kernel rust/ directory. To ensure make prepare succeeds and to support building Rust-based kernel modules from the target & SDK, copy the full rust/ directory (of size 2.5MB) into $kerneldir/build when the rust-kernel distro feature is enabled. Additionally, when Rust support is enabled, 'make prepare' generates .rmeta files (crate metadata in a custom binary format) and shared objects (.so) that are required for compiling Rust kernel modules. Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: d80d006ae8 --------------------------- kernel: Disable ccache when kernel rust support is enabled Currently, a ccache enabled build fails with: | HOSTRUSTC scripts/generate_rust_target | HOSTCC scripts/kallsyms | HOSTCC scripts/sorttable | HOSTCC scripts/asn1_compiler | TOUCH include/generated/gcc-plugins.h | DESCEND objtool | error: multiple input filenames provided (first two filenames are gcc and .../tmp/work-shared/qemux86-64/kernel-source/scripts/generate_rust_target.rs) Linux rust build infrastructure does not currently support ccache (Opened bug[0]). Quick summary: There are 2 issues: $HOSTCC is not escaped and rustc expect a path (and not a command) Disable ccache if KERNEL_RUST_SUPPORT is 'True' for kernel and kernel module builds, including auxiliary tooling such as make-mod-scripts. More details in: https://lists.openembedded.org/g/openembedded-core/message/229336 [0]: https://github.com/Rust-for-Linux/linux/issues/1224 Co-developed-by: Yoann Congal Signed-off-by: El Mehdi YOUNES Cc: Alban MOIZAN Signed-off-by: Yoann Congal Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: aade2ef38c --------------------------- make-mod-scripts: split `HOSTCC` flag to align with to linux-yocto when compiling rust-out-of-tree module recipe 'make-mod-scripts' failing with the following error: HOSTRUSTC scripts/generate_rust_target error: Unrecognized option: 'i' This issue occurs because CFLAGS are being passed to HOSTRUSTC. Updated the flags in the make-mod-scripts recipe to align with the flags used by linux-yocto. Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 261df16df3 --------------------------- kernel-yocto-rust: Fix for buildpaths errors when rust is enabled for kernel Fixes for buildpaths errors after enabling rust for linux-kernel -Introduced KRUSTFLAGS to pass `--remap-path-prefix` to rustc while building kernel with rust support. Co-authored-by: El Mehdi YOUNES Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 6c90097beb --------------------------- kernel-yocto-rust: enable Rust kernel support via 'make rustavailable'. This change adds support for Rust-enabled kernel builds by: -Extending do_kernel_configme dependencies to include rust-native, clang-native, and bindgen-cli-native. -Invoking make rustavailable during do_kernel_configme() to prepare the kernel build environment for Rust. Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 2912ca3b34 --------------------------- rust: install Rust library sources for 'make rustavailable' support The `make rustavailable` process (1) expects the Rust standard library source files (e.g., `lib.rs`) to be present in the `library/` directory under `rustlib/src/rust/`. This patch ensures the required sources are available by: - Installing the `library/` directory (of size ~50MB) into `${D}${libdir}/rustlib/src/rust` for making them available during `make rustavailable` for native, target & sdk. - packaging `${libdir}/rustlib/src/rust` sepearately with `${PN}-src-lib`. 1) See the kernel tree for Documentation/rust/quick-start.rst in the section: Requirements: Building https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/rust/quick-start.rst#n145 Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 16d55fc3bc --------------------------- linux-yocto: conditionally add clang/rust/bindgen-cli-native to DEPENDS Conditionally add 'clang-native', 'rust-native' and 'bindgen-cli-native' to 'DEPENDS' when Kernel Rust Support is enabled. These tools are required for building Rust-enabled kernels and for generating Rust FFI bindings via bindgen during the kernel build. This ensures the additional dependencies are only pulled in when Rust support is explicitly enabled, avoiding unnecessary native dependencies for non-Rust kernel builds. Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 6719ed4a34 --------------------------- kernel-yocto: Enable rust in kernel Allow enabling Rust support in the kernel by simply adding "rust" to KERNEL_FEATURES in local.conf or a global configuration file. This maps the feature name to the appropriate kernel configuration fragment located at features/kernel-rust/kernel-rust.scc Signed-off-by: Harish Sadineni Signed-off-by: Richard Purdie --------------------------- Commit: 3c1a65a576 --------------------------- libgloss: package riscv header files correctly Signed-off-by: Alejandro Hernandez Samaniego Signed-off-by: Richard Purdie --------------------------- Commit: 971d03b19b --------------------------- picolibc: Update 1.8.6 -> 1.8.11 Rebased: - avoid_polluting_cross_directories.patch Licensing files COPYING.NEWLIB and COPYING.GPL2 were removed upstream, checksum for COPYING needs update since files included may change with every release. Tested to work on qemuarm,aarch64,riscv32 and riscv64 variants https://dev.azure.com/ahcbb6/baremetal-qemu/_build/results?buildId=21709&view=results Signed-off-by: Alejandro Hernandez Signed-off-by: Richard Purdie --------------------------- Commit: 6ffad1ec5d --------------------------- newlib: Upgrade 4.5.0 -> 4.6.0 License changes: - Adds BSD-2 for m68k-atari-elf target Tested to work on qemux86,arm,aarch64,riscv32 and riscv64 variants: https://dev.azure.com/ahcbb6/baremetal-qemu/_build/results?buildId=21709&view=results Signed-off-by: Alejandro Hernandez Samaniego Signed-off-by: Richard Purdie --------------------------- Commit: 3b5c2d8bdb --------------------------- rust: Drop oeqa-selftest-Increase-timeout-in-process-sigpipe-ru.patch This patch was originally introduced to address a rare failure on the PPC target and with the latest version of rustc this issue no longer occurs. So, this patch can be removed. Signed-off-by: Deepesh Varatharajan Signed-off-by: Richard Purdie --------------------------- Commit: e368dde8af --------------------------- oeqa/selftest: wic: Add vfat to test_wic_sector_size Add an empty vfat partition to the 4k sector size test. This ensures that the -S 4096 option is passed to mkfs.vfat, and the resulting filesystem is generated. We also now verify that the requested partitions, and names were created as expected. Size does not matter, only the partition type and name. Note, there is a known issue in parted that 4096 fat partitions are not recognized by fstype, so report themselves as empty in the regular output. Both wic ls and parted p show an unknown filesytem type. However, the type of the partition (last field) is set to msftdata, so we can use that instead. Signed-off-by: Mark Hatle Signed-off-by: Richard Purdie --------------------------- Commit: c1fb515f2a --------------------------- yocto-uninative: Update to 5.1 for glibc 2.43 yocto-uninative: Update to 5.1 for glibc 2.43 Signed-off-by: Michael Halstead Signed-off-by: Richard Purdie --------------------------- Commit: 438afb3ded --------------------------- oeqa/selftest: Introduce OEQA_TESTDISPLAY variable and use for sdl/gtk qemu test Currently we've been using DISPLAY from the parent environment indiscriminately. Since we can change many of the tests to use internal VNC, we really need a mechanism to only use a DISPLAY when the system really needs to and there is no other option. Somehow we need to differentiate between that and a system with graphics available. Introduce OEQA_TESTDISPLAY for this purpose, this being used only if there is no other way to run the test. There is only one test case I'm aware of that needs this, so this patch updates that test case. This variable is not meant as a replacement for all DISLAY usage, it is only for cases where the test would not otherwise work. Signed-off-by: Richard Purdie --------------------------- Commit: 9e5d18040b --------------------------- libarchive: upgrade 3.8.5 -> 3.8.6 Release information [1]: Libarchive 3.8.6 is a security and bugfix release. Notable fixes: * libarchive: fix incompatibility with Nettle 4.x (#2858) * libarchive: fix NULL pointer dereference in archive_acl_from_text_w() (#2859) * bsdunzip: fix ISO week year and Gregorian year confusion (#2860) * 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864) * 7zip: fix out-of-bounds access on ELF 64-bit header (#2875) * RAR5 reader: fix infinite loop in rar5 decompression (#2877) * RAR5 reader: fix potential memory leak (#2892) * RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice (#2893) * CAB reader: fix memory leak on repeated calls to archive_read_support_format_cab (#2895) * mtree reader: Fix file descriptor leak in mtree parser cleanup (CWE-775, #2878) * various small bugfixes in code and documentation [1] https://github.com/libarchive/libarchive/releases/tag/v3.8.6 Signed-off-by: Peter Marko Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --------------------------- Commit: f791d6c528 --------------------------- glibc: Upgrade to 2.43 release License-Update: Match to changes [1] - Changes to the FSF address and sample names - Rearranged files - License remains unchanged Added free_sized, free_aligned_sized, memset_explicit, memalignment, and new time bases (TIME_MONOTONIC, etc.). Support for the Linux mseal system call to protect memory mappings (sealing). Added support for the openat2 system call, allowing more granular file opening options. New, optimized, and correctly rounded functions from the CORE-MATH project (acosh, asinh, atanh, erf, erfc, lgamma, tgamma). Significant 4x improvements for fused multiply-add (FMA) on AMD Zen 3 by updating ldbl-96 implementation. Improved remainder, frexp, and frexpl. Experimental Clang Support: Added support for building with LLVM Clang (version 18+) on AArch64/x86_64 Linux. New CPU Detection: Enhanced detection for newer CPU architectures. 64-bit atomics for 32bit x86 patch is no longer required since upstrea has dropped this logic in 2.43 release [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=a0ce8b0779e290596e99ca6d96c301684a2d7cfe Signed-off-by: Khem Raj Signed-off-by: Hemanth Kumar M D Signed-off-by: Richard Purdie --------------------------- Commit: 325c078855 --------------------------- busybox: fix printf ptest failure with glibc 2.43 Following ptests were failing on aarch64 after glibc 2.43 upgrade: - printf_understands_%s_'"x'_"'y"_"'zTAIL" - printf_handles_positive_numbers_for_%f Backport fix from Debian bug #1128825. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128825 Signed-off-by: Hemanth Kumar M D Signed-off-by: Richard Purdie --------------------------- Commit: 09c9603bb3 --------------------------- glib-2.0: fix gdatetime ptest failure with glibc 2.43 glib/gdatetime.test ptest was failing after glibc 2.43 upgrade. Backport upstream fix from glib commit 7c837a52. Upstream: https://gitlab.gnome.org/GNOME/glib/-/issues/3895 Signed-off-by: Hemanth Kumar M D Signed-off-by: Richard Purdie --------------------------- Commit: f78863f89d --------------------------- ltp: workaround openat2 build failure with glibc 2.43 glibc 2.43 added native openat2() support, causing LTP's configure to set HAVE_OPENAT2=1 and skip its own internal definitions, resulting in a build failure. Add a patch to undef HAVE_OPENAT2 in lapi/openat2.h as a workaround until a proper fix is found. Signed-off-by: Hemanth Kumar M D Signed-off-by: Richard Purdie --------------------------- Commit: a217683514 --------------------------- barebox-tools: fix build failure with glibc 2.43 glibc 2.43 introduces linux/openat2.h through the fcntl include chain (bits/fcntl-linux.h -> linux/openat2.h) which expects __u64 to be defined before inclusion. Move in barebox scripts/include/ linux/types.h to after the typedef definitions to fix the build. Signed-off-by: Hemanth Kumar M D Signed-off-by: Richard Purdie --------------------------- Commit: 8340d4be03 --------------------------- libxcrypt: avoid discarded-qualifiers build failure with glibc 2.43 With the glibc 2.43 upgrade, building nativesdk-libxcrypt triggers a -Wdiscarded-qualifiers warning in crypt-gost-yescrypt.c and crypt-sm3-yescrypt.c which becomes a build failure due to -Werror. Signed-off-by: Hemanth Kumar M D Signed-off-by: Richard Purdie --------------------------- Commit: 0433d2d6a9 --------------------------- gcc-runtime: avoid discarded-qualifiers build failure with glibc 2.43 With the glibc 2.43 upgrade, building gcc-runtime triggers a -Wdiscarded-qualifiers warning in libgomp/affinity-fmt.c which becomes a build failure due to -Werror. Add -Wno-error=discarded-qualifiers to CFLAGS as a workaround until the upstream const-correctness issue in libgomp is resolved. Signed-off-by: Hemanth Kumar M D Signed-off-by: Richard Purdie --------------------------- Commit: 0ed7b56814 --------------------------- gettext: upgrade 0.26 -> 1.0 Release notes: https://savannah.gnu.org/news/?id=10853 Changelog: 1.0: https://lists.gnu.org/archive/html/info-gnu/2026-01/msg00007.html - gettext-minimal-native: update Makevars.template source path to new location under gettext-tools/wizard/po-templates/traditional/ - use-pkgconfig.patch: refresh patch hunks to match updated upstream context in libxml.m4 and selinux-selinux-h.m4, update selinux discovery: replace AC_SEARCH_LIBS (getfilecon_raw) with PKG_CHECK_MODULES for correct sysroot handling - gettext_1.0.bb: add autotools ptest directory and install gettext-tools autotools build artifacts for ptest ptest results: ======================= All 630 tests passed (41 tests were not run) ======================= DURATION: 45 END: /usr/lib/gettext/ptest 2026-03-09T17:58 STOP: ptest-runner TOTAL: 1 FAIL: 0 With the previous version: All 626 tests passed (40 tests were not run) Signed-off-by: Randy MacLeod Signed-off-by: Hemanth Kumar M D Signed-off-by: Richard Purdie --------------------------- Commit: 7e75ec7a66 --------------------------- bitbake.conf: Set PACKAGECONFIG vardepvalue For PACKAGECONFIG settings in recipes, we care about the end value, we don't really care how it is constructed. bbappends to recipes can add things to the default PACKAGECONFIG settings, for example being dependent on a DISTRO_FEATURE or another variable. If the computed value doesn't change, the task hashes can remain constant, allowing for better sstate reuse. To do this, set a vardepvalue of the variable value itself, ignoring how the actual value is calculated. Signed-off-by: Richard Purdie --------------------------- Commit: 01aa7f30d9 --------------------------- cargo-c: update 0.10.20 -> 0.10.21 Changes are here: https://github.com/lu-zero/cargo-c/compare/v0.10.20...v0.10.21 Signed-off-by: Deepesh Varatharajan Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5c995f9754 --------------------------- lua: upgrade from 5.4.8 to 5.5.0 Changes: https://www.lua.org/manual/5.5/readme.html#changes PLATS linux-readline is moved, and readline is changed to load dynamically, refer [1], keep readline as PACKAGECONFIG to allow user to remove readline dependency. Lua use dlopen by default, and LUA_READLINELIB is set to libreadline.so, but libreadline.so is in the dev package, which will make Lua cannot load libreadline even when libreadline is installed. Make readline as build dependency and detect the real libreadline name and set LUA_READLINELIB [1] https://github.com/lua/lua/commit/366c85564874d560b3608349f752e9e490f9002d [2] https://github.com/lua/lua/blob/master/lua.c#L520 Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: afb1765ef3 --------------------------- tcl8: fix tclConfig.sh after UNPACKDIR change Adapt the sed command that edits TCL_SRC_DIR in tclConfig.sh This is needed so that tk in meta-oe is capable of reading the required header file Remove buildpath from TCL_BUILD_STUB_LIB_PATH in tclConfig.sh Signed-off-by: Krupal Ka Patel Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cf7c79f396 --------------------------- python3-setuptools: drop Windows launcher executables on non-mingw builds setuptools installs Windows launcher executables (cli*.exe, gui*.exe) into site-packages. These binaries are only used on Windows platforms but are packaged for target, native, and nativesdk builds. Remove the Windows launcher executables when not building for a mingw (mingw32/mingw64) host to avoid shipping unused Windows binaries. Signed-off-by: Krupal Ka Patel Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 90d208fbb0 --------------------------- python3-pip: drop unused Windows distlib launcher templates pip vendors distlib which ships Windows launcher template binaries (*.exe) under pip/_vendor/distlib. These files are only used on Windows systems but are installed and packaged for target, native, and nativesdk builds. Remove the distlib *.exe templates when not building for a mingw (mingw32/mingw64) host to avoid shipping unused Windows binaries and reduce package noise. Signed-off-by: Krupal Ka Patel Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bd04d43100 --------------------------- gcc-source: Use allarch.bbclass Converts the recipe to use allarch.bbclass. This is necessary because SSTATE_PKGARCH is set to "allarch" based on if allarch is inherited or not. If it is not, SSTATE_PKGARCH has the value "all", which means any data written out based on it cannot be found (because "all" is not in SSTATE_ARCHS) Signed-off-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1af7942c53 --------------------------- llvm-project-source: Use allarch.bbclass Converts the recipe to use allarch.bbclass. This is necessary because SSTATE_PKGARCH is set to "allarch" based on if allarch is inherited or not. If it is not, SSTATE_PKGARCH has the value "all", which means any data written out based on it cannot be found (because "all" is not in SSTATE_ARCHS) Signed-off-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2c49774f47 --------------------------- selftest/glibc: add docstrings to the selftest classes Add docstrings to GlibcSelfTest classes and comments to the glibc-testsuite recipe explaining how this test concept works. This commit does not change the code itself. Related [Yocto #16113] Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b4801e63d1 --------------------------- spirv-tools: backport a fix for building with gcc-16 Fixes: https://errors.yoctoproject.org/Errors/Details/905195/ when building on host with gcc-16 Signed-off-by: Martin Jansa Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9eabea38f0 --------------------------- gcc: backport a fix for building with gcc-16 Fixes: https://errors.yoctoproject.org/Errors/Details/905192/ when building on host with gcc-16 Signed-off-by: Martin Jansa Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 97dd558277 --------------------------- m4: upgrade to 1.4.21 https://lists.gnu.org/archive/html/m4-announce/2026-02/msg00000.html This release is being made mainly to cater to recent glibc changes in light of the C23 language standard. However, it also includes fixes for some corner-case bugs in eval and when using the defn macro on builtins. Fixes m4-native builds on hosts with glibc-2.43 like: ./stdlib.h:827:20: error: expected identifier or '(' before '_Generic' ./string.h:777:20: error: expected identifier or '(' before '_Generic' Remove 0001-gettext-h-Avoid-gcc-Wformat-security-warnings-with-d.patch which is included in gnulib revision used by m4 since: https://gitweb.git.savannah.gnu.org/gitweb/?p=m4.git;a=commit;h=beee8d26382460010338c37f9dd9f823aa9f4ee8 LIC_FILES_CHKSUM was updated for barem4.m4 and testbarem4.m4 from: https://gitweb.git.savannah.gnu.org/gitweb/?p=m4.git;a=blobdiff;f=examples/COPYING;h=e623b2b9394cbd1784a4964bbac105050296f33b;hp=7e73a1219b542fa035facc47cdb3dd81132e6373;hb=900a90f624cee4a8c1c02c4d6a61ef1ed26a17d1;hpb=c7b96d682958532c4eb2d5c2d81bb6ac342fd410 Signed-off-by: Martin Jansa Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9ec9680cda --------------------------- libpam: set status for CVE-2024-10041 This CVE was fixed in v1.6.1 (per [1]). NVD tracks it as version-less CVE for RedHat. [1] https://security-tracker.debian.org/tracker/CVE-2024-10041 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 48a3df9e66 --------------------------- procps: support ptest when TCLIBC is glibc * Support ptest for procps TCLIBC is glibc. The configure.ac only match LINUX as "linux-gnu", we can patch it to make test can run on musl lib system, but the upstream testsuite should only run on gnu libc host, some test cases only suitable for glibc, eg: Some of the error messages for free command on musl system is not the same as glibc system, which will make test failed. In order to avoid some other unexpected failure, just support ptest for glibc. * Bug [1] is filed for musl support, we may can add support for musl libc later when upstream add the musl support * procps's testsuite use DejaGnu test framework. The testsuite is expected to run during build time, this implementation create the same folder structure as the testsuite expected to make it can work well. [1] https://gitlab.com/procps-ng/procps/-/issues/420 Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2548c040ea --------------------------- uboot-config: fix KCONFIG_CONFIG_ROOTDIR path Commit 22e96b3 ("u-boot: Make sure the build dir is unique for each UBOOT_CONFIG") changed the u-boot build directory name to include the UBOOT_CONFIG value the build is performed for. Align to the new pattern also the KCONFIG_CONFIG_ROOTDIR variable, which is used by devtool to create a config baseline in case the menuconfig task is enabled. This fixes the following error, which can be seen when building u-boot under devtool and UBOOT_CONFIG contains a single configuration: cp: cannot stat '//.config': No such file or directory Signed-off-by: Francesco Valla Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 770b36ea0d --------------------------- cross-canadian.bbclass: merged /usr support Use ${root_prefix} instead of ${base_prefix} while setting ${target_base_prefix}, otherwise we might loose the root prefix configuration change in case of 'usrmerge' distro feature is enabled. Signed-off-by: Peter de Ridder Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 491de0db64 --------------------------- sanity.bbclass: warn when sstate is outside of build dir, but hash equiv database is inside it This should help with the long-standing usability problem: when someone tweaks the configuration to put sstate somewhere else than the default (so that it can be shared between local builds, or over NFS), they should also share the hash equivalency database, but no indication would be given to the user to do so. This will issue a warning and recommend to start a dedicated hash equivalency server (if sstate is on NFS), or set BB_HASHSERVE_DB_DIR (if it isn't). Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 66aefeca48 --------------------------- grub: fix grub installation error on i386 target Commit 1a5417f39[1] introduced a grub installation error on i386 target: grub-mkimage: error: `/usr/lib/grub/i386-pc/kernel.img' is miscompiled: its start address is 0x9074 instead of 0x9000: ld.gold bug?. A series of patches are under review in grub mailing list[2]. Once these patches are merged, we will backport them to the current version. Currently, referring to Gentoo[3] and Libreboot[4], revert the following commits as a workaround: 1a5417f39 configure: Check linker for --image-base support ac042f3f5 configure: Print a more helpful error if autoconf-archive is not installed [1] https://cgit.git.savannah.gnu.org/cgit/grub.git/commit/?id=1a5417f39a0ccefcdd5440f2a67f84d2d2e26960 [2] https://lists.gnu.org/archive/html/grub-devel/2026-02/msg00039.html [3] https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5a995ac689a7132651ef6b2b87295c392899427 [4] https://codeberg.org/libreboot/lbmk/src/branch/master/config/grub/nvme/patches/0010-Revert-configure-Check-linker-for-image-base-support.patch Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7eae351b5f --------------------------- grub: upgrade 2.12 -> 2.14 ChangeLog: * libgcrypt 1.11. * LVM LV integrity and cachevol support. * EROFS support. * GRUB environment block inside the Btrfs header support. * NX support for EFI platforms. * shim loader protocol support. * BLS and UKI support. * Argon2 KDF support. * TPM2 key protector support. * Appended Signature Secure Boot Support for PowerPC. * New option to block command line interface. * Support dates outside of 1901..2038 range. * zstdio decompression support. * EFI code improvements and fixes. * TPM driver fixes. * Filesystems fixes. * CVE and Coverity fixes. * Tests improvements. * Documentation improvements. Drop backport patches. Refresh local patches. Split grub-bash-completion package by inheriting bash-completion. Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 3e2bc0f380 --------------------------- qemurunner: Drop nographic option now runqemu falls back to VNC Since runqemu now falls back to vnc or a none display if DISPLAY isn't set, we no longer need to pass nographic to the qemu commandline and can allow runqemu just to handle it. One challenge with nographic is that it changes more that just the display setting, it can affect the serial and parallel port mappings so this also makes settings slightly more consistent accross environments. Ultimately, this allows us to stop requiring X desktops whilst still having a way to connect to the display over VNC for debugging. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: df9e9f382e --------------------------- scripts/runqemu: Allow VNC use as a fallback when there is no DISPLAY set We would like to be able to fall back on QEMU's internal VNC server when there is no DISPLAY available. Add code to do this, putting a socket for VNC alongside the network interface tap lock files. This won't work if tap networking isn't enabled but in most of our use cases it will be and it avoids having to invent a new location for the sockets. If there are needs outside this, that can be addressed in future. Also move the other "publicvnc" code to be alongside the rest of the graphics parameters for ease of reading the code. The publicvnc option doesn't work for this use case as it can't handle multiple concurrent qemu istances. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 57fe3e411f --------------------------- license_image.bbclass: report all packages with incompatible license When multiple packages cannot be installed it shows only first one it finds, because of bb.fatal use. It might require many iterations to find all packages to avoid. e.g. with ptest enabled and GPL-3.0-or-later, GPL-3.0-only set as incompatible licenses you might get list like this for relatively small image: ERROR: image-1.0-r0 do_rootfs: Some packages cannot be installed into the image because they have incompatible licenses: bzip2-ptest (GPL-3.0-or-later) coreutils (GPL-3.0-or-later) coreutils-stdbuf (GPL-3.0-or-later) diffutils (GPL-3.0-or-later) findutils (GPL-3.0-or-later) gawk (GPL-3.0-or-later) gnutls-openssl (GPL-3.0-or-later) gnutls-ptest (GPL-3.0-or-later) grep (GPL-3.0-only) make (GPL-3.0-only) mpfr (LGPL-3.0-or-later) python3-dbusmock (GPL-3.0-only) readline (GPL-3.0-or-later) sed (GPL-3.0-or-later) Signed-off-by: Martin Jansa Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 033256d636 --------------------------- subversion: fix race in parallel builds In parallel build its possible for objects to be written into directories that do not exist yet, as mkdir-init and local-all are executed at the same time. This fix is ugly, but a proper fix would be quite invasive. Upstream have been informed of the problem. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 468c9dec67 --------------------------- gnutls: make C99 detection more resiliant gnutls checks that the compiler supports C99 code by checking that the standard being used is C99 or C11. This will fail with autoconf 2.73, which will tell the compiler to use C23 by default. Change the logic so that the build works with C23 by flipping the logic: we know that C89 is less than C99, but we don't know the names of future standards. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: af66dec1a0 --------------------------- vim: upgrade 9.2.0 -> 9.2.0110 Solves CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421 and CVE-2026-28422. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 19aface8a4 --------------------------- inetutils: patch CVE-2026-28372 Pick patch according to [1] (equivalent to patch from [2]). [1] https://security-tracker.debian.org/tracker/CVE-2026-28372 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-28372 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4ca85ec961 --------------------------- README: add global note about C locale sorting Other locale might have different order for the "-" character and lead to unstable sorting. Signed-off-by: Yoann Congal Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9c3782b574 --------------------------- maintainers.inc: add note about C locale sorting Other locale might have different order for the "-" character and lead to unstable sorting. Signed-off-by: Yoann Congal Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 28552a7b6c --------------------------- dtc: backport fix for build with glibc-2.43 glibc-2.43 isn't used in OE builds yet, but this fixes dtc-native: https://errors.yoctoproject.org/Errors/Details/903983/ ../sources/dtc-1.7.2/libfdt/fdt_overlay.c: In function ‘overlay_fixup_phandle’: ../sources/dtc-1.7.2/libfdt/fdt_overlay.c:424:21: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 424 | sep = memchr(fixup_str, ':', fixup_len); | ^ ../sources/dtc-1.7.2/libfdt/fdt_overlay.c:434:21: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 434 | sep = memchr(name, ':', fixup_len); | ^ cc1: all warnings being treated as errors Signed-off-by: Martin Jansa Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b91f6cec2b --------------------------- gcc: Fix gcc-libitm false positives in regression report Some of the gcc-libitm test cases include build paths (e.g. [1]) in their results. When comparing two build outputs, these embedded paths cause resulttool to incorrectly report regressions. [1] ptestresult.gcc-libitm-user.libitm.c++/dropref.C -B /srv/pokybuild/yocto-worker/qemuarm64-tc/build/build-st-64312/ ..../libitm/../libstdc++-v3/src/.libs (test for excess errors): PASS This leads to a false regression such as: PASS → No matching test result Upstream-Status: Backport [https://gcc.gnu.org/cgit/gcc/patch/?id=b129ff0880c6d10e0379b46889d01255ee8d1f82, https://gcc.gnu.org/cgit/gcc/patch/?id=66ce317036f2eb5aeb96d5e4b9e468799d7566b] Signed-off-by: Harish Sadineni Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8c24acf3f4 --------------------------- python3-imagesize: upgrade 1.4.1 -> 2.0.0 Changes: https://github.com/shibukawa/imagesize_py/compare/1.4.1...2.0.0 https://github.com/shibukawa/imagesize_py/blob/master/README.rst Signed-off-by: Jiaying Song Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f5499e224c --------------------------- alsa-ucm-conf: Backport the channel fix for lemans and monaco boards Remove Fixed channel setting for Qualcomm lemans and monaco boards to support stereo capture. Signed-off-by: Mohammad Rafi Shaik Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1ade8bb5e7 --------------------------- alsa-ucm-conf: Remove JackControl from TALOS EVK HiFi config The EVK board does not support headset or jack detection. Keeping JackControl entries prevents PipeWire (wpctl) from exposing sinks and sources correctly. Remove JackControl from Headphones and Headset devices so PipeWire can enumerate playback and capture nodes normally. link: https://github.com/alsa-project/alsa-ucm-conf/pull/704 Signed-off-by: Le Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1fc1fac23a --------------------------- systemd: package lib/nvpcr as part of systemd systemd 259 includes NvPCRs JSON snippets when tpm2 support is enabled via packageconfig, so make sure they are also included as part of the main systemd package. This fixes the following issue when tpm2 is enabled in systemd: ERROR: systemd-1_259.1-r0 do_package: QA Issue: systemd: Files/directories were installed but not shipped in any package: /usr/lib/nvpcr /usr/lib/nvpcr/cryptsetup.nvpcr /usr/lib/nvpcr/hardware.nvpcr Signed-off-by: Ricardo Salveti Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c18f921cd4 --------------------------- systemd: upgrade 259.1 -> 259.3 Update to latest revision of v259. Drop patches included in this release. Changes: https://github.com/systemd/systemd/compare/v259.1...v259.3 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 39f7113d09 --------------------------- systemd: properly package new container files v259 added more container files which need to ba correctly packaged. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 124a43b74b --------------------------- go: upgrade 1.26.0 -> 1.26.1 Upgrade to latest 1.26.x release [1]: $ git --no-pager log --oneline go1.26.0..go1.26.1 e87b10ea2a (tag: go1.26.1) [release-branch.go1.26] go1.26.1 e792d6aa95 [release-branch.go1.26] crypto/x509: fix name constraint checking panic a761c9ff70 [release-branch.go1.26] crypto/x509: fix full email constraint matching 994692847a [release-branch.go1.26] html/template: properly escape URLs in meta content attributes 65c7d7a9fb [release-branch.go1.26] net/url: reject IPv6 literal not at start of host e28ac674af [release-branch.go1.26] cmd/go: revert update default go directive in mod or work init 4d1051fdc9 [release-branch.go1.26] cmd: re-vendor x/tools for Go 1.26.1 8cce3ab20c [release-branch.go1.26] os: avoid escape from Root via ReadDir or Readdir ef041913a8 [release-branch.go1.26] cmd/compile: ensure StructMake/ArrayMake1 of direct interfaces are unwrapped 155c25e249 [release-branch.go1.26] cmd/compile: pointer-shaped types are SSAable even if lots of 0-sized fields c5723195a6 [release-branch.go1.26] net/smtp: prevent test failures due to expired test certificate f67a1f4c76 [release-branch.go1.26] cmd/go: fix pkg-config flag sanitization 4659d630da [release-branch.go1.26] cmd/compile: avoid folding 64-bit integers into 32-bit constants 6fb3df88d4 [release-branch.go1.26] go/analysis/passes/modernize: add vendored code 85050c90ee [release-branch.go1.26] cmd/compile: fix mis-compilation for static array initialization 12c0690eeb [release-branch.go1.26] cmd/compile: don't drop same register twice e8df1a6697 [release-branch.go1.26] reflect: use &zeroVal[0] instead of nil for data field for zero-sized payloads 167ef716ba [release-branch.go1.26] cmd/compile: rewriteFixedLoad: ensure AuxInt is sign-extended 495e6c6b09 [release-branch.go1.26] internal/syscall/windows: correct some enums and syscall signatures 29618c4439 [release-branch.go1.26] cmd/link: don't pass -Wl,-S on illumos c283d1f762 [release-branch.go1.26] os: support deleting inaccessible files in RemoveAll Fixes CVE-2026-27137, CVE-2026-27138, CVE-2026-27142, CVE-2026-25679 and CVE-2026-27139. Release information: [2] [1] https://github.com/golang/go/compare/go1.26.0...go1.26.1 [2] https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 3ca64560e1 --------------------------- kernel_module.py: add missing license header This is a fixup for commit 570dd06a703c9346672055d52a2461f2715a515b module.bbclass: move environment setup to kernel_module.py Copy also the MIT SPDX license header from the file where this lines were copied from. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b0ea86d95b --------------------------- rust: Drop revert-link-std-statically-in-rustc_driver-feature.patch Starting from Rust 1.82, std is statically linked with rustc_driver.so. This change affected the runtime dependencies of the rustc_main test binary, causing tests to fail in QEMU because librustc_driver*.so is not shipped and cannot be found. After discussing with upstream, the patch is removed, and the test is skipped using #[cfg(not(test))]. The rustc_main function does not include any test code,so this safely restores the feature without impacting tests. Upstream Discussion: https://github.com/rust-lang/rust/pull/153409 Signed-off-by: Deepesh Varatharajan Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a91d977917 --------------------------- cargo-c: Move recipe out of rust directory cargo-c is an external Cargo extension used to build Rust libraries with a C-compatible ABI and generate C headers and pkg-config files. Since it is not part of the standard Rust toolchain, move it from the rust directory to cargo-c under recipes-devtools for better organization and maintainability. Signed-off-by: Deepesh Varatharajan Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 766657738a --------------------------- rust: Upgrade 1.93.0 -> 1.94.0 https://blog.rust-lang.org/2026/03/05/Rust-1.94.0/ Rust Changes: https://github.com/rust-lang/rust/releases/tag/1.94.0 Cargo Changes: https://doc.rust-lang.org/nightly/cargo/CHANGELOG.html#cargo-194-2026-03-05 Rebased patch: rust-oe-selftest.patch Backported patch: 0001-Update-call-llvm-intrinsics-test.patch To fix riscv64 oe-selftest failure with 1.94.0 Test results: rust v1.94.0 +-------------+---------+---------+ | Machine | Passed | Skipped | +-------------+---------+---------+ | qemux86-64 | 21910 | 659 | | qemux86 | 21657 | 912 | | qemuarm64 | 21722 | 847 | | qemuarm | 21638 | 931 | | qemuriscv64 | 21684 | 885 | +-------------+---------+---------+ Test results difference (1.94.0 - 1.93.0): +-------------+--------+---------+ | Machine | Passed | Skipped | +-------------+--------+---------+ | qemux86-64 | +221 | +13 | | qemux86 | +218 | +16 | | qemuarm64 | +227 | +7 | | qemuarm | +217 | +17 | | qemuriscv64 | +218 | +16 | +-------------+--------+---------+ Signed-off-by: Deepesh Varatharajan Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1389fbe477 --------------------------- texinfo: upgrade texinfo 7.2 -> 7.3 Upgrade to latest revision of 7.3 - Refresh patch 0001-Makefile.am-do-not-build-manpages.patch - Remove -I ${S}/gnulib/m4 from EXTRA_AUTORECONF since configure.ac already defines AC_CONFIG_MACRO_DIRS - Fix QA issue for load_txi_modules (new file in 7.3) Release Note:[https://lists.gnu.org/archive/html/bug-texinfo/2026-03/msg00007.html] Signed-off-by: Zhang Peng Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5814d6f460 --------------------------- libksba: upgrade 1.6.7 -> 1.6.8 ChangeLog: https://github.com/gpg/libksba/blob/libksba-1.6.8/NEWS Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 34cbb0a1b9 --------------------------- file: upgrade 5.46 -> 5.47 ChangeLog: https://github.com/file/file/blob/FILE5_47/ChangeLog Remove backport patches. Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 72b5eded6a --------------------------- iptables: upgrade 1.8.12 -> 1.8.13 ChangeLog: https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.13.txt Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b8b7b5873f --------------------------- libfyaml: init add Depended by recipe appstream Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 82eb19752b --------------------------- iproute2: upgrade 6.18.0 -> 6.19.0 Drop fix-musl.patch as it was merged upstream. Add missing include for types (linux/types.h). Changes: - new dpll command for managing Digital Phase-Locked Loop devices via netlink. - expanded CAN XL support - MPTCP improvements - devlink: - added support for 64‑bit parameters - added new SWITCHDEV_INACTIVE eswitch mode - added burst period configuration for health reporters - genl: - supports JSON output - ifstat, nstat, lnstat: - converted to use the high-level json_print API for unified JSON output Signed-off-by: Andrej Kozemcak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a007b71e17 --------------------------- tcl8: prefer tcl's own tzdata The little thread that was "one of the tcl test cases fails with system tzdata" has unravelled upstream into a series of problems with the tz code when the system tzdata is used: https://core.tcl-lang.org/tcl/tktview/51aa53616067cb63900b17ca1d71f07b094ffa1a Add a PACKAGECONFIG for the option, and default to using the tcl tzdata until the issues are resolved upstream. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fb804d9d21 --------------------------- tcl: prefer tcl's own tzdata The little thread that was "one of the tcl test cases fails with system tzdata" has unravelled upstream into a series of problems with the tz code when the system tzdata is used: https://core.tcl-lang.org/tcl/tktview/51aa53616067cb63900b17ca1d71f07b094ffa1a Add a PACKAGECONFIG for the option, and default to using the tcl tzdata until the issues are resolved upstream. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a90c83c0de --------------------------- tcl8: rewrite ptest (again) Backport the previous commit's changes for tcl9 to the tc8 recipe: I discovered that running a single test case with tcltest doesn't let you know if the test failed or not, so when run-ptest moved away from using all.tcl[1] we were always marking the tests as passing. So, revert that commit and use all.tcl as a test runner. This is more noisy, but importantly will let us know if a test failed. Remove our un-upstreamable tweaks to the interp tests and instead skip the test that is known to be fragile, so we don't have to carry a patch forever. Don't install another copy of the entire Tcl library for the tests, as there is no real point. This does then expose a bug in the tests where clock-59.2 assumes that it is running in a source tree and behaves differently if the system tzdata is being used. This is being worked on upstream[2], for now skip this test. Clean up musl overriding so it's more resiliant. Exit 1 if a test fails. [1] oe-core 9c41887f2a ("tcl: improve test execution loop") [2] https://core.tcl-lang.org/tcl/tktview/51aa53616067cb63900b17ca1d71f07b094ffa1a Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7cbe06574f --------------------------- tcl: rewrite ptest (again) I discovered that running a single test case with tcltest doesn't let you know if the test failed or not, so when run-ptest moved away from using all.tcl[1] we were always marking the tests as passing. So, revert that commit and use all.tcl as a test runner. This is more noisy, but importantly will let us know if a test failed. Remove our un-upstreamable tweaks to the interp tests and instead skip the test that is known to be fragile, so we don't have to carry a patch forever. Don't install another copy of the entire Tcl library for the tests, as there is no real point. This does then expose a bug in the tests where clock-59.2 assumes that it is running in a source tree and behaves differently if the system tzdata is being used. This is being worked on upstream[2], for now skip this test. Clean up musl overriding so it's more resiliant. Exit 1 if a test fails. [1] oe-core 9c41887f2a ("tcl: improve test execution loop") [2] https://core.tcl-lang.org/tcl/tktview/51aa53616067cb63900b17ca1d71f07b094ffa1a Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 29c6e4f173 --------------------------- blueprint-compiler: upgrade 0.19.0 -> 0.20.0 Changelog: https://gitlab.gnome.org/GNOME/blueprint-compiler/-/releases/v0.20.0 Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ab6b2bf7b5 --------------------------- python3-setuptools: upgrade 80.9.0 -> 82.0.0 Remove python3-pkg-resources History v82.0.0 [1]: Deprecations and Removals - pkg_resources has been removed from Setuptools. Most common uses of pkg_resources have been superseded by the importlib.resources and importlib.metadata projects. Projects and environments relying on pkg_resources for namespace packages or other behavior should depend on older versions of setuptools. (#3085) [1] https://setuptools.pypa.io/en/stable/history.html#v82-0-0 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 44a58e6891 --------------------------- python3-semantic-version: remove python3-pkg-resources from runtime depends Due to setuptools removes and deprecates pkg_resources in 82.0.0 [1], python-semanticversion import `pkg_resources` conditionally for Python 3.8- [2], because we have python 3.14+, then python3-pkg-resources is not necessary for us, remove it from runtime depends [1] https://setuptools.pypa.io/en/stable/history.html#v82-0-0 [2] https://github.com/rbarrois/python-semanticversion/commit/306fbe1b2222d218c62c2ddb32d91eeea8957951 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f57b5dfef4 --------------------------- python3-scons: remove python3-pkg-resources from runtime depends Due to setuptools removes and deprecates pkg_resources in 82.0.0 [1], SCons nowhere in its code does import `setuptools` or `pkg_resources` [2], remove python3-pkg-resources from runtime depends [1] https://setuptools.pypa.io/en/stable/history.html#v82-0-0 [2] https://github.com/SCons/scons/commit/e27b28c6b3ca8c9155bff38891189eb73deab611 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: dc5b7f6fb5 --------------------------- meson: remove python3-pkg-resources from runtime depends Due to setuptools removes and deprecates pkg_resources in 82.0.0 [1] meson removes setuptools and uses mesondata instead [2], remove python3-pkg-resources from runtime depends [1] https://setuptools.pypa.io/en/stable/history.html#v82-0-0 [2] https://github.com/mesonbuild/meson/commit/05ddd6543d4c4fc33b4c64f26291e73f49733f71 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fe4b816bb9 --------------------------- ncurses: upgrade 6.5 -> 6.6 1. License-Update: copyright years updated 2. Fix installed-vs-shipped QA error ... ERROR: ncurses-6.6-r0 do_package: QA Issue: ncurses: Files/directories were installed but not shipped in any package: /usr/lib ncurses: 1 installed and not shipped files. [installed-vs-shipped] ... Due to commit [1], upstream hardcoded `lib` to create symlink ... ** sym-linked tmp/work/x86-64-v3-oe-linux/ncurses/6.6/image/usr/lib/terminfo for compatibility ... Apply a local patch to not create symlink terminfo under image/usr/lib, and clean up symlink remove operation in recipe 3. Delete backport patch - CVE-2025-6141.patch 4. Announcing ncurses 6.6: https://lists.gnu.org/archive/html/info-gnu/2025-12/msg00010.html [1] https://github.com/ThomasDickey/ncurses-snapshots/commit/a60b584d93ab59e1df0bc9661b7 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7da2290a46 --------------------------- autotools: remove deletion of aclocal.m4 We've historically[1] deleted any aclocal.m4 file in the source tree before autoreconfing on the grounds that it is "too shy" to overwrite aclocal.m4, so we forcibly delete the aclocal.m4 unless aclocal has been excluded in autoreconf. However, this shyness has been removed in autoconf 2.70[2] and autoreconf will always call aclocal, which will rewrite the file if needed. So, remove the explicit deletion of aclocal.m4. I've verified that a build of all recipes in core that use autotools have identical aclocal.m4 files before and after this change. [1] This code appears in oe-classic during 2011 but originated in a BitKeeper commit, so predates our use of git. [2] autoconf bc7e12e7 ("autoreconf: drop support for old (< 1.8) aclocal versions") Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d35a1a1697 --------------------------- readline: improve aclocal.m4 handling I don't know why I decided to copy aclocal.m4 to acinclude.m4 to avoid autotools.bbclass deleting the upstream hand-maintained aclocal.m4, but I did. A neater fix is to exclude aclocal, which has the side-effect of not deleting aclocal.m4 in do_configure. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 63fb9adc2a --------------------------- rxvt-unicode: improve aclocal.m4 handling I don't know why we copy aclocal.m4 to acinclude.m4 to avoid autotools.bbclass deleting the upstream hand-maintained aclocal.m4, but we do. A neater fix is to exclude aclocal, which has the side-effect of not deleting aclocal.m4 in do_configure. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: df33303c88 --------------------------- lzop: remove custom aclocal.m4 handling The aclocal.m4 wrangling is historical, the custom macros are now part of lzop-1.04/autoconf/local.m4 and the aclocal.m4 in the tarball is in fact generated with aclocal. Thus we no longer need to ship an acinclude.m4 or exclude aclocal from running. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d49b14ad48 --------------------------- gperf: remove autoreconf tweaks Since gperf 3.3[1] gperf uses aclocal, so we don't need to do anything special anymore to autoreconf. [1] gperf e60835d ("build: Use Automake in lib/.") Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 81bcecfb7f --------------------------- vulkan-samples: upgrade to latest revision Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 32e5386561 --------------------------- python3: skip test_only_active_thread test Skip a test we've seen failing intermittently, since it may be another occurring due to variable load on the Autobuilder. Fixes: [YOCTO #16178] Signed-off-by: Trevor Gamblin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cf67c8024f --------------------------- shadow: upgrade 4.18.0 -> 4.19.4 Changelog: https://github.com/shadow-maint/shadow/blob/4.19.4/ChangeLog - useradd.8: fix default group ID (Tim Biermann) - revert drop of subid_init() (Serge Hallyn) - Georgian translation (NorwayFun) - useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog (David Kalnischkies) - relax username restrictions (Alexander Kanavin) - selinux: check MLS enabled before setting serange (genBTC) - copy_tree: use fchmodat instead of chmod (Samanta Navarro) - copy_tree: don't block on FIFOs (Samanta Navarro) - add shell linter (Jan Macku) - copy_tree: carefully treat permissions (Samanta Navarro) - lib/commonio: make lock failures more detailed (Luca BRUNO) - lib: use strzero and memzero where applicable (Christian Göttsche) - Update Dutch translation (Frans Spiesschaert) - Don't test for NULL before calling free (Alex Colomar) - Use libc MAX() and MIN() (Alejandro Colomar) - chage: Fix regression in print_date (Xiami) - usermod: report error if homedir does not exist (Iker Pedrosa) - libmisc: minimum id check for system accounts (Iker Pedrosa) - fix usermod -rG x y wrongly adding a group (xyz) - man: add missing space in useradd.8.xml (Iker Pedrosa) - lastlog: check for localtime() return value (Iker Pedrosa) - Raise limit for passwd and shadow entry length (Iker Pedrosa) - Remove adduser-old.c (Alejandro Colomar) - useradd: Fix buffer overflow when using a prefix (David Michael) - Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn Signed-off-by: Andrej Kozemcak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7780eb8d6c --------------------------- libunistring: upgrade 1.4.1 -> 1.4.2 - prepare for 1.4.2 release. - version.sh: Bump version number, date, gnulib version. - README: Update version. - NEWS: Update. - sync with gnulib. - lib/unistring/cdefs.h: Update from gnulib/m4/gnulib-common.m4. (_GL_UNNAMED): New macro. (_UC_UNNAMED): Apply - new C macro _GL_UNNAMED - Make the generated more usable in C++ mode. - lib/Makefile.am (unistring/stdint.h): In C++ 11 or newer mode, just use . Signed-off-by: Andrej Kozemcak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 11f686ee56 --------------------------- iptables: upgrade 1.8.11 -> 1.8.12 Changes: - fix null dereference parsing bitwise operations. - refuse to run under file capabilities, ie. getauxval(AT_SECURE). - fix for all-zero mask on Big Endian in arptables-nft. - support adding and replacing a rule in the same batch in iptables-nft. - filter -A FORWARD -m comment --comment "new rule being replaced" -R FORWARD 1 -m comment --comment "new replacing rule" COMMIT - print -X in xtables-monitor command for base chains. - remove incorrect libebt_redirect translations. - translate bare '-m sctp' match to '-p sctp' just like TCP and UDP. - support for info-request and info-reply icmp types. - fix interface comparisons in `-C` commands in iptables-nft. - several fixes for ip[6]tables-translate, the tool to ease migration to nftables. - document flush behaviour with --noflush for user-defined chains. Signed-off-by: Andrej Kozemcak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d5faee113d --------------------------- freetype: upgrade 2.14.1 -> 2.14.2 Changelog: https://gitlab.freedesktop.org/freetype/freetype/-/blob/f4205da14867c5387cd6a329b90ee10a6df6eeff/docs/CHANGES Changes: - Several changes related to LCD filtering are implemented to achieve better performance and encourage sound practices. Bug fixes: - A bunch of potential security problems have been found. All users should update. - The italic angle in `PS_FontInfo` is now stored as a fixed-point value in degrees for all Type 1 fonts and their derivatives, consistent with CFF fonts and common practices. The broken underline position and thickness values are fixed for CFF fonts. Miscellaneous: - The `x` field in the `FT_Span` structure is now unsigned. - Demo program `ftgrid` got an option `-m` to select a start character to display. - Similarly, demo program `ftmulti` got an option `-m` to select a text string for rendering. - Option `-d` in the demo program `ttdebug` is now called `-a`, expecting a comma-separated list of axis values. The user interface is also slightly improved. - The `ftinspect` demo program can now be compiled with Qt6, too. Signed-off-by: Andrej Kozemcak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 738e08718e --------------------------- ca-certificates: upgrade 20250419 -> 20260223 Changelog: * Update Mozilla certificate authority bundle to version 2.82 The following certificate authorities were added (+): + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA + SwissSign RSA TLS Root CA 2022 - 1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 The following certificate authorities were removed (-): - GlobalSign Root CA - Entrust.net Premium 2048 Secure Server CA - Baltimore CyberTrust Root (closes: #1121936) - Comodo AAA Services root - XRamp Global CA Root - Go Daddy Class 2 CA - Starfield Class 2 CA - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 * Use dh_usrlocal to create /usr/local/share/ca-certificates Signed-off-by: Andrej Kozemcak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e428396ed5 --------------------------- xorgproto: upgrade 2024.1 -> 2025.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 25c46be770 --------------------------- ttyrun: upgrade 2.40.0 -> 2.41.0 Changes of existing tools: ------------------------------ - chreipl: Make --bootparms work for ECKD re-IPL - cpacfstats: Add 'unauthorized' state to CPU-MF counters - cpictl: Detect RHCOS using VARIANT_ID - hsci: Automatically set appropriate MTU for HSCI - libutil: Add util_readlink() and util_readlinkat() helpers - libutil: Add util_startswith() to util_str - libutil: Add utility parsing functions - lschp: Add support for structured output (--format) - lsreipl: Suppress 'clear' output if not supported - pvimg: Add '--format text' support to 'pvimg info' - pvimg: Add '--print-schema ' option to 'pvimg info' - pvimg: Add '--show-secrets' flag to 'pvimg info' - pvimg: Provide improved JSON output to 'pvimg info --format json' - pvinfo: Improve User experience on non-SE enabled systems - zipl/ngdump: Ensure ext4 file system is used on dump partition - zkey: Add support for integrity protected disks using HMAC keys Bug Fixes: ------------- - cpumf/pai: Handle different size of perf_event_attr - lscss: Fix memory leak - zipl: Fix dump job on tape devices Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0d086e2040 --------------------------- taglib: upgrade 2.1.1 -> 2.2 Changelog: ========= * Support for Matroska (MKA, MKV) and WebM files. * Support for NI STEM in MP4 files. * New method isDsd() in WavPack Properties. * Stricter verification of ID3v2 frames. * Fix setting the last header flag in Ogg FLAC files. * Fix reading of the last page in Ogg streams. * Avoid corrupting invalid Ogg FLAC files without Vorbis comment. * Windows: Support MP4 files with 64-bit atoms. * Fix use of property keys with non-ASCII characters in C bindings. * Fix building with Android NDK 29. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 929b0d8f05 --------------------------- spirv-llvm-translator: upgrade 21.1.3 -> 21.1.5 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cda4c6d779 --------------------------- sbc: upgrade 2.1 -> 2.2 Changelog: Fix issue when compiling with C23 requirements. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 68e20cba59 --------------------------- rpm-sequoia-crypto-policy: upgrade to latest revision Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 736e79c65e --------------------------- p11-kit: upgrade 0.26.1 -> 0.26.2 Changelog: rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0421e9b203 --------------------------- libxmlb: upgrade 0.3.24 -> 0.3.25 Bugfixes: - Correctly decompress heavily compressed zstd streams Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 30b4ff40bc --------------------------- libx11: upgrade 1.8.12 -> 1.8.13 License-Update: Drop vestiges of OS/2 support Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8ac239fa85 --------------------------- libuv: upgrade 1.51.0 -> 1.52.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 68c38c1fa8 --------------------------- libtraceevent: upgrade 1.8.6 -> 1.9.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b6fb8f26a2 --------------------------- libsoup: upgrade 3.6.5 -> 3.6.6 Changelog: ============ * websocket: Fix out-of-bounds read in process_frame * Check nulls returned by soup_date_time_new_from_http_string() * Numerous fixes to handling of Range headers * server: close the connection after responsing a request containing Content-Length and Transfer-Encoding * Use CRLF as line boundary when parsing chunked enconding data * websocket: do not accept messages frames after closing due to an error * Sanitize filename of content disposition header values * Always validate the headers value when coming from untrusted source * uri-utils: do host validation when checking if a GUri is valid * multipart: check length of bytes read soup_filter_input_stream_read_until() * message-headers: Reject duplicate Host headers * server: null-check soup_date_time_to_string() * auth-digest: fix crash in soup_auth_digest_get_protection_space() * session: fix 'heap-use-after-free' caused by 'finishing' queue item twice * cookies: Avoid expires attribute if date is invalid * http1: Set EOF flag once content-length bytes have been read * date-utils: Add value checks for date/time parsing * multipart: Fix multiple boundry limits * Fixed multiple possible memory leaks * message-headers: Correct merge of ranges * body-input-stream: Correct chunked trailers end detection * server-http2: Correctly validate URIs * multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() * headers: Ensure Request-Line comprises entire first line * tests: Fix MSVC build error * Fix possible deadlock on init from gmodule usage * Add Cornish translation * Update Turkish translation * Update Uighur translation * Update Romanian translation * Add Uzbek (Latin) translation * Add Kazakh translation Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 245c93e520 --------------------------- libgpg-error: upgrade 1.58 -> 1.59 License-Update: Copyright year updated to 2026. Changelog: ============= * Take care of POSIX semaphore "shared" semantics. This fixes a problem on NetBSD. * Fix preparing the environment block on Windows. * Fix for GPGRT_PROCESS_*_KEEP flags on Windows. * Update Russian and Swedish translations. * Introduce autogen.rc variable autogen_use_force. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7d0252348a --------------------------- libfontenc: upgrade 1.1.8 -> 1.1.9 Changelog: =========== - gitlab CI: drop the ci-fairy check-mr job - meson: Add option to build with meson - configure: Use pkg-config to handle zlib dependency if possible Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 17be05faf5 --------------------------- libcap-ng/libcap-ng-python: Upgrade 0.9 -> 0.9.1 Changelog: ============== - Deprecate captest - In cap-audit, if tested app uses file system based capabilities, drop setpcap - In cap-audit, fully resolve paths before classifying - In cap-audit, add JSON escaping to output - In cap-audit, filter pre-exec, startup, and shutdown capability noise - pscap now has a --tree disply mode - More code cleanups - Improve output alignment of various utilities Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cb26060424 --------------------------- less: upgrade 691 -> 692 Changelog: ========== - Revert HOME key to scroll to beginning of file and END key to scroll to end of file - Configure tty to leave CR and NL unmodified - Add commands to lesskey parser (forw-bell-hilite, goto-pos and osc8-jump). - Add key sequences to lesskey parser (\kE, \kF, \kH, \kI, \kM, and \kS). - Fix bug using negative value with -z option - Fix bug handling empty terminfo capabilties - Fix memory leak in setupterm - Make lesstest ignore system locale (nl_langinfo) License-Update: Copyright year updated to 2026. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 323707e7d2 --------------------------- hwdata: upgrade 0.403 -> 0.404 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 12b5aa194c --------------------------- fastfloat: upgrade 8.2.2 -> 8.2.3 Changelog: ========= - add base check for uint8 - fix issue with s390x. - optimize uint16 parsing - optimize fastfloat_strncasecmp - Bump the github-actions group across 1 directory with 4 updates - fix early return error in fastfloat_strncasecmp - Clarify behavior for underflow - Fix overzealous build-time /permissive- propagating to compile-time (cross-compilation bug) Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9031c7a855 --------------------------- enchant2: upgrade 2.8.14 -> 2.8.15 Bugfix: ========= - removing a word that happens to be at the end of a personal word list file has not worked since 2.7.0. - the way that personal word lists are merged with the current session has been changed so that personal word list words now appear in suggestions with providers that support adding words to the current session (Aspell and Hunspell). Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2077cbdbb2 --------------------------- ed: upgrade 1.22.4 -> 1.22.5 Changelog: ============ - Use 'sizeof active_list[0]' instead of 'sizeof (line_node **)'. - A file name ending in slash '/' is now diagnosed as 'Invalid filename' instead of 'Is a directory'. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b978208c23 --------------------------- diffoscope: upgrade 311 -> 313 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 76a5917034 --------------------------- ccache: upgrade 4.12.2 -> 4.12.3 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: acea8cee91 --------------------------- xauth: upgrade 1.1.4 -> 1.1.5 ChangeLog in 1.1.5: commit 6fe9365f11181a043f151f2e67f36015c278791d Author: Alan Coopersmith Date: Wed Dec 31 11:58:21 2025 -0800 xauth 1.1.5 Signed-off-by: Alan Coopersmith commit 1cb1d8e0284870a03970a0a45d1c8cfe7ec6a696 Author: Alan Coopersmith Date: Sun May 18 16:31:05 2025 -0700 man page: fix warnings from `mandoc -T lint` and `groff -rCHECKSTYLE=10` mandoc: xauth.1:26:13: WARNING: cannot parse date, using it verbatim: TH xauth 1.1.4 mandoc: xauth.1:33:2: WARNING: skipping paragraph macro: PP after SH mandoc: xauth.1:225:2: WARNING: skipping paragraph macro: sp after PP mandoc: xauth.1:216:2: WARNING: skipping paragraph macro: PP after SH mandoc: xauth.1:254:2: WARNING: skipping paragraph macro: PP after SH an.tmac:xauth.1:96: style: blank line in input an.tmac:xauth.1:104: style: blank line in input an.tmac:xauth.1:114: style: blank line in input an.tmac:xauth.1:122: style: blank line in input an.tmac:xauth.1:130: style: blank line in input an.tmac:xauth.1:135: style: blank line in input an.tmac:xauth.1:142: style: blank line in input an.tmac:xauth.1:166: style: blank line in input Signed-off-by: Alan Coopersmith Part-of: commit 0d43570ad3ca169464daf4304151c9b8d7ab05b8 Author: Michael Gilbert Date: Fri Jul 22 14:57:37 2011 -0400 xauth: needs cookie handling warnings in man page [Debian bug #635109] Reported-by: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635109 Signed-off-by: Alan Coopersmith Part-of: commit 23735afd04ab561914aa3d5465532be0a6975fef Author: Alan Coopersmith Date: Sun Mar 30 09:07:57 2025 -0700 Improve man page formatting Signed-off-by: Alan Coopersmith Part-of: commit 9e238deb87c07ecda45ad86ff1e4a49125839446 Author: Alan Coopersmith Date: Sun Mar 23 13:14:50 2025 -0700 Add --help and --version options Signed-off-by: Alan Coopersmith Part-of: commit eb8b2ef585dc837558cc3f02f85cb88d2a6de5db Author: Alan Coopersmith Date: Sun Mar 23 11:25:50 2025 -0700 Report unknown argument that caused error before printing usage message Signed-off-by: Alan Coopersmith Part-of: Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 13c61003d5 --------------------------- python3-xmltodict: upgrade 1.0.2 -> 1.0.3 Release notes[1]: Bug Fixes - unparse: serialize None text/attrs as empty values (fixes #401) (aa16511) Documentation - readme: fix Fedora and Arch package links (fd6a73b) [1] https://github.com/martinblech/xmltodict/releases/tag/v1.0.3 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 51291b4280 --------------------------- python3-uv-build: upgrade 0.9.28 -> 0.10.4 Released on 2026-02-17[1]. Enhancements Remove duplicate references to the affected paths when showing uv python errors (#18008) Skip discovery of workspace members that contain only git-ignored files, including in sub-directories (#18051) Bug fixes Don't panic when initialising a package at the filesystem root (e.g. uv init / --name foo) (#17983) Fix permissions on wheel and sdist files produced by the uv_build build backend (#18020) Revert locked file change to fix locked files on NFS mounts (#18071) [1] https://github.com/astral-sh/uv/releases/tag/0.10.4 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1ed91ce336 --------------------------- python3-trove-classifiers: upgrade 2025.12.1.14 -> 2026.1.14.14 Rlease notes[1]: Update __init__.py to add Cygwin as a classifier (#232) Add "Environment :: Cygwin (MS Windows)" as a classifier as some modules, such as mine, work on Windows but only via the Cygwin POSIX layer (www.cygwin.com) [1] https://github.com/pypa/trove-classifiers/releases/tag/2026.1.14.14 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f18976f29e --------------------------- python3-testtools: upgrade 2.8.2 -> 2.8.3 What's Changed [1] - Support binary contents in FileContains matcher by @jelmer in #553 - Be more lenient to stream=None being passed into TestResult classes by @jelmer in #554 - Support async setUp/tearDown validation with Deferreds by @jelmer in #552 - Bump ruff from 0.14.9 to 0.14.10 by @dependabot[bot] in #555 - Add more typing, reduce size of testtools.compat by @jelmer in #556 - Bump ruff from 0.14.10 to 0.14.11 by @dependabot[bot] in #558 - Add more typing by @jelmer in #559 - Finish typing by @jelmer in #561 [1] https://github.com/testing-cabal/testtools/releases/tag/2.8.3 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 236c2886d8 --------------------------- python3-pyproject-metadata: upgrade 0.10.0 -> 0.11.0 Relase note [1]: This release refactors a lot of the internals to break up conversion and validation. This should not be noticeable except for better error messages in some cases. We also now test on some downstream projects; if you are using pyproject-metadata for a backend, you can suggest adding a downstream test to our noxfile. Refactoring: Restructured internals around conversion. Internal and CI: Test on some downstream projects. Remove some PEP 621 terminology [1] https://github.com/pypa/pyproject-metadata/releases/tag/0.11.0 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fe678e5026 --------------------------- python3-pycparser: upgrade 2.23 -> 3.0 Convert to python_setuptools_build_meta to fix WARNING: python3-pycparser-3.0-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] What's Changed [1] - Removed dependency on PLY, by rewriting pycparser to use a hand-written lexer and recursive-descent parser for C. No API changes / functionality changes intended - the same AST is produced. - Add support for Python 3.14 and drop EOL 3.8 by @hugovk in #581 - Update _ast_gen.py to be in sync with c_ast.py by @simonlindholm in #582 [1] https://github.com/eliben/pycparser/releases/tag/release_v3.00 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 276d058e05 --------------------------- python3-pip: upgrade 26.0 -> 26.0.1 ChangeLog: 26.0.1 (2026-02-04) [1] Bug Fixes Fix --pre not being respected from the command line when a requirement file includes an option e.g. -extra-index-url. (#13788) [1] https://pip.pypa.io/en/stable/news/#v26-0-1 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 97f6925f97 --------------------------- python3-markdown: upgrade 3.10.1 -> 3.10.2 Release note [1]: Fixed - Fix a regression related to comment handling (#1590). - More reliable fix for Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ba66d7bacd --------------------------- python3-hypothesis: upgrade 6.151.4 -> 6.151.9 6.151.9 - 2026-02-16 [1] - Remove some old unused code. [1] https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-151-9 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b6d83c4e3f --------------------------- python3-cryptography{-vectors}: 46.0.4 -> 46.0.5 46.0.5 - 2026-02-10 [1] - An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine for reporting the issue. CVE-2026-26007 - Support for SECT* binary elliptic curves is deprecated and will be removed in the next release. [1] https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#4605---2026-02-10 Backport 0001-bump-uv_build-to-0.10.0-14271.patch to fix compile failure ... | ERROR Missing dependencies: | uv_build<0.10.0,>=0.7.19 | WARNING: exit code 1 from a shell command. ... Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0ab1016788 --------------------------- gn: upgrade to latest revision Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 66b4a77017 --------------------------- font-alias: upgrade 1.0.5 -> 1.0.6 ChangeLog in 1.0.6 commit ebeee85f070dc12197ad98d1c849786f8e3be124 Author: Alan Coopersmith Date: Sat Feb 7 17:20:58 2026 -0800 font-alias 1.0.6 Signed-off-by: Alan Coopersmith commit 55ceddb52f9e08a277ba634b2b0a03a9be31fb46 Author: Alan Coopersmith Date: Sun Jan 11 11:20:41 2026 -0800 gitlab CI: drop the ci-fairy check-mr job The only thing this checked was the checkbox for allowing maintainers to edit the MR. Changed permissions checks now fail this job but luckily the setting it checked has been the default for years anyway so we can drop it. https://gitlab.freedesktop.org/freedesktop/ci-templates/-/issues/81 Signed-off-by: Alan Coopersmith commit 184c43dd059f785537c8a48a4a7972c488ac1215 Author: Alan Coopersmith Date: Sun Nov 19 09:45:41 2023 -0800 Add a meson build system Includes CI checks comparing installed files based on those from xorgproto Signed-off-by: Alan Coopersmith Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bad35a5cae --------------------------- ell: upgrade 0.81 -> 0.82 ChangeLog ver 0.82: Fix issue with using -std=c23 compiler setting. Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bfd987a19c --------------------------- connman: upgrade 1.45 -> 2.0 ver 2.0 [1]: Fix issue with agent request on NoReply D-Bus error. Add support for DefaultEnabledTechnologies setting. Remove installation of include headers. [1] https://kernel.googlesource.com/pub/scm/network/connman/connman/+/refs/tags/2.0%5E%21/ Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7cd04ea6e5 --------------------------- btrfs-tools: upgrade 6.17.1 -> 6.19 Release Notes: https://github.com/kdave/btrfs-progs/releases/tag/v6.19 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7d35b0e792 --------------------------- pseudo: Add fix for glibc 2.43 Update to add a fix for a function definition to work with glibc 2.43. Signed-off-by: Richard Purdie --------------------------- Commit: fc291db504 --------------------------- oeqa/runtime/ptest: Improve timeout values The ptest runner command has timeouts disabled which has the side effect of limiting the command logging. This can lead to incomplete logs and makes issues harder to debug since the log buffer is lost if things crash or are interrupted. Pass in a timeout value of the ptest timeout + 30 so that debugging is improved. Signed-off-by: Richard Purdie --------------------------- Commit: af2a0a57bc --------------------------- oeqa/runtime/ptest: Use a timeout with command, remove disabling A simple 'which' call doesn't need the timeout disabling. This was likely a copy and paste error and can be removed. Signed-off-by: Richard Purdie --------------------------- Commit: b57105311f --------------------------- ptest-runner: Upgrade 2.5.0 -> 2.5.1 Pull in buffering fix: """ When running slow ptests, we can see an issue where the tests are writing output but it doesn't make it to the process (e.g. ssh connection) running ptest-runner. The issue is that the standard buffering for non-interactive terminals is 8kb and some ptests don't output enough data to trigger a write. This can lead to the controlling connection timing out. This change forces the output streams to be line buffered in all cases. Most ptest output would contain newlines so this should work well. stderr can be unbuffered by default but making it consistent here seems the best approach. Testing with this change on slow ptest runs (e.g. qemu emulated) showed much more consistent data with this change. """ Signed-off-by: Richard Purdie --------------------------- Commit: 1f87b57c82 --------------------------- ptest-runner: Use git tag in SRC_URI Also, remove an extra line split. Signed-off-by: Yoann Congal Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 869d70d46c --------------------------- ptest-runner: Upgrade 2.4.5.1 -> 2.5.0 Changelog: - utils.c: Fix dirname() handling in run_ptests() - ptest-runner-collect-system-data: add info to logs - main.c: Set PYTHONUNBUFFERED in the environment - utils.c: print a message when a timeout occurs - main.c: Add print_helptext() for detailed help - main.print_usage: Remove unused argument list of -l Signed-off-by: Yoann Congal Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ac5e0160df --------------------------- mesa: depend on mesa-tools-native for less expensive libclc dependency libclc is required for some drivers (asahi, panfrost and intel at the very least). libclc brings very expensive per-target dependencies such as llvm and clang. However, we can make libclc depend on native tools (mesa-clc and precomp-compiler via mesa-tools-native) such that this cost exists only once (for the native build machine) and not for each machine to build. So this migrates the libclc dependency to make use of the newly introduced mesa-tools-native to make use of mesa-clc=system and precomp-compiler=system. We told the user to have libclc PACKAGECONFIG when selecting opencl PACKAGECONFIG but its dependencies are now gone since we're using mesa-tools-native for libclc. Therefore, this also moves the previous dependencies of libclc PACKAGECONFIG to opencl such that we can still build rusticl which still requires all dependencies from previous implementation of libclc (as specified in meson.build[1][2][3][4]). For some reason, libclc PACKAGECONFIG is still required otherwise rusticl fails to build with the following (stripped) message: """ FAILED: [code=101] src/gallium/frontends/rusticl/rusticl_libc_bindings.rs /build/tmp/work/cortexa35-poky-linux/mesa/25.3.3/recipe-sysroot-native/usr/bin/bindgen ../sources/mesa-25.3.3/src/gallium/frontends/rusticl/rusticl_libc_bindings.h --output /build/tmp/work/cortexa35-poky-linux/mesa/25.3.3/build/src/gallium/frontends/rusticl/rusticl_libc_bindings.rs [...] -MD -MQ ../sources/mesa-25.3.3/src/gallium/frontends/rusticl/rusticl_libc_bindings.h -MF src/gallium/frontends/rusticl/rusticl_libc_bindings.h.d thread 'main' (3601157) panicked at bindgen/lib.rs:616:27: Unable to find libclang: "couldn't find any valid shared libraries matching: ['libclang.so', 'libclang-*.so', 'libclang.so.*', 'libclang-*.so.*'], set the `LIBCLANG_PATH` environment variable to a path where one of these files can be found (invalid: [])" note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace """ libclang.so is available in the sysroot. Exporting LIBCLANG_PATH with "${STAGING_LIB_DIR}" in the recipe doesn't do anything. So for now, we keep telling the user to add libclc PACKAGECONFIG when opencl is selected (and keep it in mesa.bb when DISTRO_FEATURES has opencl) and maybe can figure out why we cannot build rusticl without libclc PACKAGECONFIG later on. I'm also not sure if the Note that does mean that when selecting opencl, mesa will bring the expensive dependencies again, but I'm not sure there's anything we can do about that at the moment. [1] https://gitlab.freedesktop.org/mesa/mesa/-/blob/mesa-25.3.4/meson.build?ref_type=tags#L838-L839 [2] https://gitlab.freedesktop.org/mesa/mesa/-/blob/mesa-25.3.4/meson.build?ref_type=tags#L850-L852 [3] https://gitlab.freedesktop.org/mesa/mesa/-/blob/mesa-25.3.4/meson.build?ref_type=tags#L1849-L1850 [4] https://gitlab.freedesktop.org/mesa/mesa/-/blob/mesa-25.3.4/meson.build?ref_type=tags#L1855-L1856 Suggested-by: Ross Burton Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 937a0931dd --------------------------- add mesa-tools native-only recipe libclc is required for some drivers (asahi, panfrost and intel at the very least). libclc brings very expensive dependencies such as llvm (through its spirv-llvm-translator dependency) and clang. Building clang and llvm for each target architecture is very expensive, but mesa allows to depend on prebuilt host binaries (mesa-clc and precomp-compiler). Those are built by mesa as well, but can be compiled in mesa-native instead of mesa, making the dependency expensive but only once regardless of the number of target architectures to build for. Ideally the mesa-clc and precomp-compiler would only be compiled in mesa-native if target mesa requires libclc support, however this is not possible as a target recipe cannot impact or depend on a native recipe's configuration. We thus have two choices, always build libclc in mesa-native with its heavy dependencies and impact every build, or force the user to modify the mesa-native recipe in a custom layer (as a native recipe cannot use target's OVERRIDES). The latter is unacceptable so the former seems to be the only option. Another big downside is that mesa-native currently builds drivers (amd, nouveau, svga) which we may have absolutely no interest in building, increasing the build time and possibly dependencies list. A third choice is to spin-off the native mesa recipe with libclc support into a new recipe without drivers and only what's necessary to build mesa-clc and precomp-compiler binaries. This allows to keep a "clean" mesa-native recipe for whoever needs those drivers built-in (e.g. for testing, for qemu-native, or whatever else) and only bring the libclc dependency when required by the target recipe. This is the native mesa tool recipe from the third choice. The next commit will make use of it in the mesa recipes. Suggested-by: Ross Burton Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 12099f39b3 --------------------------- mesa: security bump 26.0.0 -> 26.0.1 See https://docs.mesa3d.org/relnotes/26.0.1.html for the changelog and sha256sum. The announcement[1] on the mailing list states this contains an important security fix. [1] https://lists.freedesktop.org/archives/mesa-dev/2026-February/226597.html Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ec869f2d30 --------------------------- ruby: refresh patches * 0003-rdoc-build-reproducible-documentation.patch remove the not needed lines * 0001-Don-t-save-the-original-name-and-timestamp.patch use better array Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: aed892186f --------------------------- kernel: remove pkg-config variables for old (<5.15) kernels The kernel has supported setting an alternative binary for pkg-config with a variable since 5.19 (in 2022[1]) and we set that to pkg-config-native, so there is no longer any need to also manually set the PKG_CONFIG_* variables. The relevant commit was backported and is present in 5.15.91 onwards, but is not yet in 5.10.x. [1] linux d5ea4fece450 ("kbuild: Allow kernel installation packaging to override pkg-config") Signed-off-by: Ross Burton Acked-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1d14eed195 --------------------------- qemu: extend PKG_CONFIG_LIBDIR when using the host search path The qemu recipe does something horrible when building natively and can also search the build host's search path. Now that we've moved from PKG_CONFIG_PATH to PKG_CONFIG_LIBDIR, this code also needs to do the same as otherwise it will find packages on the build host before the native sysroot. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 52c7dbb1d4 --------------------------- classes/pkgconfig: rationalise variable usage Our PKG_CONFIG_* variables were a bit of a mess. First, PKG_CONFIG_DIR is not used by either pkg-config or pkgconf. It's set to (approximately) ${libdir}/pkgconfig but we also want to search ${datadir}/pkgconfig so it isn't actually useful as an intermediate variable. Remove PKG_CONFIG_DIR and replace with the neatest expression for the value we want: ${STAGING_LIBDIR}/pkgconfig. Second, PKG_CONFIG_PATH and PKG_CONFIG_LIBDIR shouldn't be set to the same paths. The semantics of these variables is that PKG_CONFIG_PATH is searched first, followed by either PKG_CONFIG_LIBDIR or the default paths compiled into the pkg-config binary. Currently we set PKG_CONFIG_PATH to (approx.) ${libdir}:${datadir} and PKG_CONFIG_LIBDIR to ${libdir}, so we search libdir twice. Also the default paths embedded in the binary will be incorrect as they point to pkgconfig-native's sysroot, so we absolutely need to set PKG_CONFIG_LIBDIR. Instead, set PKG_CONFIG_LIBDIR to ${libdir}:${datadir} so that the default search path is correct. We can then leave PKG_CONFIG_PATH empty, if a recipe has specific needs it can set that but normally it is not needed anymore. Then bubble these changes out to the few places where the variables are used directly: - Kernel/kconfig interaction where 'pkg-config' needs to read the native files, not target. - The class classes (native, etc) which redefine the values. However, as the values are defined in terms of sysroot variables, we can typically remove assignments from those classes as they are redundant. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: af423b499c --------------------------- classes/pkgconfig: move assignments Move the pkg-config-specific assignments (PKG_CONFIG_LIBDIR, etc) out of bitbake.conf and into pkgconfig.bbclass. Note that the assignments now have to be ?= so that recipes such as gdb-cross-canadian-* can build. This is because previously the assignment order of PKG_CONFIG_PATH was: 1) bitbake.conf 2) cross-canadian.bbclass But with this new layout it is: 1) cross-canadian.bbclass 2) pkgconfig.bbclass If pkgconfig does a hard assign then it replaces any assignments that have happened already. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 00a4c1104e --------------------------- systemd: add back warning for use with musl Add back a warning linking to the release notes to alert users that systemd with musl is still experimental and has limitations compared to glibc. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 1475feef95 --------------------------- systemd 259.1: fix udev rootfs by-partuuid link generation systemd update from 257 to 258 broke genericarm64 machine boot on Renesas SMARC EVK board. The firmware and kernel drivers trigger a lot of udev events and the changed event priority handling meant that rootfs by-partuuid link was not generated inside initramfs even when all needed kernel drivers were loaded and correct block devices were detected. Backported patches from main branch fix the issue. The patches have been queued to upstream v258 and v259 stable branches. For details see: https://github.com/systemd/systemd/issues/40654 Signed-off-by: Mikko Rapeli Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: d87c75c831 --------------------------- systemd: upgrade from 258.1 to 259.1 Changes with v259: https://github.com/systemd/systemd/releases/tag/v259 The 'iptc' PACKAGECONFIG is dropped, because: """ systemd-networkd and systemd-nspawn no longer support creating NAT rules via iptables/libiptc APIs; only nftables is now supported. """ Add 'empower' group for systemd. See commit below: https://github.com/systemd/systemd/commit/3150c342705f4ac27f2b3299ac0961e7a70e4451 This new version has big change on musl support. """ Incomplete support for musl libc is now available by setting the "libc" meson option to "musl". ... This support for musl is provided without a promise of continued support in future releases. """ See https://github.com/systemd/systemd/blob/main/NEWS#L562 for more details. Here are some examples: - The musl specific '-D_LARGEFILE64_SOURCE' could be dropped because: https://github.com/systemd/systemd/commit/fb33d20c072f2e7c3d500f00f8c04c99271f34c1 - The 0017-Always-include-netinet-if_ether.h-first.patch and '-D__UAPI_DEF_ETHHDR=0 could be dropped because: https://github.com/systemd/systemd/commit/8324ef421373c84b5034bf47b84fe42d84b1032f - The 0015-Avoid-sequence-point-error.patch could be dropped because: https://github.com/systemd/systemd/commit/ebbc0ea7fd764c870bb8689111138b4f73854d42 With the above musl support, here are the changes for this 259.1 recipe: - Add '-Dlibc=${TCLIBC}' configure option. - The musl warning, do_warn_musl, is removed. - *ALL* musl specific patches are dropped. Any further fix for musl should be sent to systemd upstream. Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 8575c4b23c --------------------------- linux-yocto/6.18: genericarm64: fix configuration audit warning Integrating the following commit(s) to linux-yocto/.: 1/1 [ Author: Bruce Ashfield Email: bruce.ashfield@gmail.com Subject: genericarm64: drop CONFIG_PINCTRL_SM8350_LPASS_LPI Date: Tue, 3 Mar 2026 11:48:55 -0500 It has been removed upstream: commit 112d4978099700bcf5e3a4a7e571cf672188f3bc Author: Krzysztof Kozlowski Date: Thu Jan 8 11:07:22 2026 +0100 pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins commit 1fbe3abb449c5ef2178e1c3e3e8b9a43a7a410ac upstream. Qualcomm SC7280 and SM8350 SoCs have slightly different LPASS audio blocks (v9.4.5 and v9.2), however the LPASS LPI pin controllers are exactly the same. The driver for SM8350 has two issues, which can be fixed by simply moving over to SC7280 driver which has them correct: 1. "i2s2_data_groups" listed twice GPIO12, but should have both GPIO12 and GPIO13, 2. "swr_tx_data_groups" contained GPIO5 for "swr_tx_data2" function, but that function is also available on GPIO14, thus listing it twice is not necessary. OTOH, GPIO5 has also "swr_rx_data1", so selecting swr_rx_data function should not block the TX one. Fixes: be9f6d56381d ("pinctrl: qcom: sm8350-lpass-lpi: add SM8350 LPASS TLMM") Cc: stable@vger.kernel.org Signed-off-by: Krzysztof Kozlowski Reviewed-by: Bartosz Golaszewski Reviewed-by: Konrad Dybcio Signed-off-by: Linus Walleij Signed-off-by: Greg Kroah-Hartman And is causing an audit warning, so we drop our assignement Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 05ea604e9f --------------------------- ruby: Fix reproducibility issue in docs package Add a patch, submitted upstream to address a timestamp sometimes added to the docs files. [RP: Extracted the missing pieces of a v2 patch into a separate commit] Signed-off-by: Richard Purdie --------------------------- Commit: 0fdacec2d7 --------------------------- sbom-cve-check: add recipe Provide sbom-cve-check (native) executable. Signed-off-by: Benjamin Robin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a83eaca5d9 --------------------------- python3-spdx-python-model: add recipe - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 41591afd51 --------------------------- python3-hatch-build-scripts: add recipe - Build dependency of python3-spdx-python-model. - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 48622216cb --------------------------- python3-shacl2code: add recipe - Build dependency of python3-spdx-python-model. - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b787047d7b --------------------------- maintainers.inc: Sort list in alphabetical order No modification was realized except sorting the content of the file. This way this is easier to add an entry; we just have to add a line into maintainers.inc file, and sort it again. Signed-off-by: Benjamin Robin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 763c60ceb9 --------------------------- oe-selftest: devtool: add ide-sdk test for kernel modules Add a new selftest that validates `devtool ide-sdk --ide=code` output for a kernel module recipe. The test verifies: - generated makefile build/clean configurations - read-only kernel source mapping - exported cross-build terminal environment variables - kernel-specific file exclude patterns - extension recommendations for makefile/cpptools - `gnu11` and kernel include paths in c_cpp_properties.json Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cf58d7c393 --------------------------- meta-selftest: add test kernel module recipe Add a minimal out-of-tree kernel module and corresponding recipe under meta-selftest for devtool ide-sdk test coverage. This provides a simple module source and Makefile that can be built via the module class in selftest scenarios. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: aaf15d656d --------------------------- devtool: ide-sdk: support kernel module development This add very basic support for kernel module development with devtool ide-sdk. It exports the kernel build environment and sets up tasks for building and cleaning the module. But it does not yet support install, deploy, and debug tasks. It looks like possible to offer the same level of support as for CMake and Meson based projects, but that requires more work. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 570dd06a70 --------------------------- module.bbclass: move environment setup to kernel_module.py Refactor: move kernel module environment setup from do_devshell to kernel_module.py Extract the kernel module environment variable setup from do_devshell into oe.kernel_module.kernel_module_os_env(). This enables code reuse for future features such as devtool ide-sdk. Note: it would also be possible to e.g. bb.utils.py. But when every such a widely used utility function gets changed, bitbake needs to recompile a lot of code. Therefore it's probably better to put it into a separate file. It also is a very specific function, so oe.kernel_module seems to be a good place. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 64a9f4ca08 --------------------------- devtool: ide-sdk gate gdbserver warnings on recipe need Add a `wants_gdbserver` attribute to modified recipes and evaluate it across the selected set. Only emit warnings about missing `gdbserver` and missing `image-combined-dbg` when at least one recipe actually requires remote debugging support. This avoids noisy, irrelevant warnings in setups that do not use gdbserver. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e13ba36abe --------------------------- oe-selftest: devtool: improve test_devtool_ide_sdk_shared_sysroots In shared-sysroot IDE SDK mode, the C++ CMake example test ran CMake commands but did not assert that configure/build completed successfully. This could hide failures and produce false positives. Capture command output from both steps and assert expected messages: - configure: "Build files have been written to: " - build: "Built target" This makes the test explicitly fail when CMake configure or build does not complete as expected. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 53649a0638 --------------------------- oe-selftest: devtool: add compile step in ide-sdk tests Add explicit compile step to the ide-sdk test workflow. The current implementation relies on calling bitbake -c install to perform the install step, which also triggers a build. But this will change when bitbake will support task execution without handling dependencies. To make the tests future-proof, add an explicit compile step after modifying the source code. This also improves the test coverage for meson based recipes, as the compile step is now explicitly tested. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f3aaef3eeb --------------------------- templates: site.conf.sample: remove CVS proxy instructions The CVS fetcher was disabled with 5427500e4f23 ("fetch: Drop CVS fetcher module") in BitBake. Remove the CVS instructions from this file. Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5478429e67 --------------------------- libadwaita: upgrade 1.8.2 -> 1.8.4 ============= Version 1.8.4 ============= - AdwDialog - Fix initial focus in bottom sheet mode - AdwWrapBox - Fix ADW_JUSTIFY_SPREAD - Translation updates - Indonesian - Kazakh - Romanian Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0b95808bfd --------------------------- gtk4: upgrade 4.20.2 -> 4.20.3 Changelog https://gitlab.gnome.org/GNOME/gtk/-/blob/4.20.3/NEWS?ref_type=tags Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6078e7422a --------------------------- systemd: add nologin shell to polkitd user Signed-off-by: sven.kalmbach Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fb20afa7a2 --------------------------- libcomps: upgrade 0.1.23 -> 0.1.24 The project did not publish release notes, but the list of changes is available at [0]. [0]: https://github.com/rpm-software-management/libcomps/compare/0.1.23...0.1.24 Signed-off-by: Moritz Haase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 80ff4903ea --------------------------- improve_kernel_cve_report: validate that cve details field exists Check if the cve information has the details field to avoid crashing Signed-off-by: Daniel Turull Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9ea6d9209b --------------------------- improve_kernel_cve_report: update data if CVE exists This allow to include additional information if one of the sources is more complete. Updating description with more up to date information and including summary. For example: Before while using cve_check: { "id": "CVE-2025-68167", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-68167", "detail": "fixed-version", "description": "Fixed from version 6.18" }, After: { "id": "CVE-2025-68167", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-68167", "detail": "fixed-version", "description": "Fixed from version 6.18", "summary": "In the Linux kernel, the following (...)" }, Signed-off-by: Daniel Turull Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b76da2048b --------------------------- improve_kernel_cve_report: correct description for fixed-version Remove duplication in the description when fixed-version, to be consistent with the other status description. Signed-off-by: Daniel Turull Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 682e5beb0c --------------------------- improve_kernel_cve_report: sort kernel_compiled_files Sorting the set so the that output is predictable Signed-off-by: Andrew Fenner Signed-off-by: Daniel Turull Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 769f8557f5 --------------------------- linux-yocto/6.18: update CVE exclusions (6.18.13) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 2 changes (2 new | 0 updated): - 2 new CVEs: CVE-2026-2969, CVE-2026-2970 - 0 updated CVEs: Date: Mon, 23 Feb 2026 04:14:58 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 70dd0ddfcf --------------------------- linux-yocto/6.18: update to v6.18.13 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: 25e0b1c206e3d Linux 6.18.13 df337ba02ca53 f2fs: fix incomplete block usage in compact SSA summaries 855c54f1803e3 f2fs: fix to do sanity check on node footer in {read,write}_end_io cd2fec912a0f0 f2fs: fix to do sanity check on node footer in __write_node_folio() 715a7a72e4736 USB: serial: option: add Telit FN920C04 RNDIS compositions f611dafe0ffd3 iommu/arm-smmu-qcom: do not register driver in probe() 0415ae51a40e3 f2fs: optimize f2fs_overwrite_io() for f2fs_iomap_begin fee27b69dde1a f2fs: fix to avoid mapping wrong physical block for swapfile 97e4f479939e5 f2fs: support non-4KB block size without packed_ssa feature 995030be4ce63 f2fs: fix to avoid UAF in f2fs_write_end_io() d4a594dd952df f2fs: fix out-of-bounds access in sysfs attribute read/write bd66b4c487d50 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes 70cf1e96bde07 f2fs: fix to check sysfs filename w/ gc_pin_file_thresh correctly fb9f7e52273db f2fs: fix to add gc count stat in f2fs_gc_range 1c008ad0f0d1c fbdev: smscufx: properly copy ioctl memory to kernelspace 3e4cbd1d46c24 fbdev: rivafb: fix divide error in nv3_arb() 98d91080517d4 cpuset: Fix missing adaptation for cpuset_is_populated eaa9fcf57934c LoongArch: Rework KASAN initialization for PTW-enabled systems 9b671f6f432be mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather 0c74d37343b93 arm64: dts: mediatek: mt8183: Add missing endpoint IDs to display graph 6d66464d1a059 gpiolib: acpi: Fix gpio count with string references fa4938e0d0d64 io_uring/fdinfo: be a bit nicer when looping a lot of SQEs/CQEs cab928242853a ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put() 00c57e2369386 drm/amd/display: remove assert around dpp_base replacement 8e6f503961709 drm/amd/display: extend delta clamping logic to CM3 LUT helper f2584f791a103 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow 7bc40c6f36575 ASoC: cs42l43: Correct handling of 3-pole jack load detection a8ed5b974a244 platform/x86: panasonic-laptop: Fix sysfs group leak in error path 2ca80dd4bb0e2 ASoC: sof_sdw: Add a quirk for Lenovo laptop using sidecar amps with cs42l43 bb6ff25035da5 platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro a9584e9e46448 ALSA: hda/realtek: Enable headset mic for Acer Nitro 5 78783e8d588cf ASoC: amd: yc: Add quirk for HP 200 G2a 16 c3b2e922924bf ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 97528b1622b8f platform/x86: classmate-laptop: Add missing NULL pointer checks efdb9c8ca3cfb drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used 4b71ad7676564 romfs: check sb_set_blocksize() return value d2e01e0c5e947 ALSA: hda/realtek - fixed speaker no sound 20bc7062c352f ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel 1bdbcf326474c ALSA: hda/realtek: Add quirk for Inspur S14-G1 b0b2cb84b64a9 gpio: sprd: Change sprd_gpio lock to raw_spin_lock 652667ac1369e ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list 464a50c6b23aa rust: driver: fix broken intra-doc links to example driver types 7d82e965fe0e3 rust: dma: fix broken intra-doc links 68dd6c5ebe799 rust: device: fix broken intra-doc links 31f33b856d232 scsi: qla2xxx: Fix bsg_done() causing double free 2784b1b43af37 Linux 6.18.12 53a76425e0764 Revert "driver core: enforce device_lock for driver_match_device()" Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8dc1e294f1 --------------------------- linux-yocto/6.18: genericarm64: feature splits and enablement Integrating the following commit(s) to linux-yocto/.: 98a36302 cfgs/nfc: create an intel-nfc-vendor specific feature 6350b56a netfilter.cfg: enable NF_CONNTRACK_SNMP a425fdd0 pmem.cfg: enable DEV_DAX and DEV_DAX_HMEM 70eeaeff genericarm64.scc: enable TRANSPARENT_HUGEPAGE support d62a1267 security-arm64.cfg: rename CFI_CLANG to CFI b925ef94 security-arm64.cfg: correctly enable KASAN 1fdb98a4 security-arm64.cfg: add comment for ARM64_BTI_KERNEL 6d8bf6f0 security.cfg: move RANDOMIZE_MEMORY to x86_64 18fcb6dc arm.scc: move ARM_CPUIDLE to arm only 7e1d9b2b numa_x86_64.scc: move x86_64 config from numa.cfg to numa_x86_64.cfg e93e999e sound.cfg: split SND_SOC_WM8731 to I2C and SPI variants 5a567776 sound_x86.scc: take over x86 configs from sound.scc 1ae7ce94 genericarm64.cfg: enable MTD NAND ECC support 15d48f71 genericarm64.cfg: enable TI MTD NAND support 40a67254 genericarm64-serial.cfg: set SERIAL_8250_CONSOLE to y 5ee6148e qemu-kvm.cfg: remove extra space 9f780417 firmware.cfg: whitespace fixes bc221187 genericarm64.cfg: fix CONFIG_PM_DEVFREQ_EVENT aef69bf3 Revert "genericarm64.scc: enable OP-TEE support" 6f597e1a genericarm64.cfg: enable SCSI support for HiSilicon etc f1f313cf genericarm64.scc: enable RPMB support a4565911 genericarm64.scc: enable GNSS support 391566e2 gnss.scc: add feature d40a455d genericarm64.cfg: enable more bus drivers 20e41104 genericarm64.cfg: enable PCI_PASID support 0b2967f5 genericarm64.scc: enable NFC support 2643b37e nfc-vendor.scc: move Intel configs to nfc-vendor-intel.cfg b1d00b01 genericarm64.scc: enable RFKILL LED, INPUT and GPIO 92610953 rfkill-extra.scc: add fragment for RFKILL LEDs, input and GPIO support fc7d5f45 bluetooth.cfg: enable BT_LEDS support f18ec272 genericarm64.scc: enable HSR 79fa2c17 hsr.scc: add feature for High-availability Seamless Redundancy (HSR & PRP) 1313923a genericarm64.scc: enable Time Sensitive Networking e190eeff intel-x86.scc: enable hibernation with feature c941f4ee genericarm64.scc: enable hibernation support ce5c6d9d hibernation.scc: add feature 83620a7d bluetooth-usb.cfg: enable MediaTek and RealTek support cf6e1261 bluetooth-hw.cfg: enable BT_MTK ffdd0769 genericarm64.cfg: enable Microchip PHY support Signed-off-by: Mikko Rapeli Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0b29b97c40 --------------------------- linux-yocto/6.18: update CVE exclusions (6.18.11) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 1416 changes (1 new | 1415 updated): - 1 new CVEs: CVE-2026-2563 - 1415 updated CVEs: CVE-2001-0143, CVE-2001-0144, CVE-2001-0145, CVE-2001-0146, CVE-2001-0147, CVE-2001-0148, CVE-2001-0149, CVE-2001-0150, CVE-2001-0151, CVE-2001-0152, CVE-2001-0153, CVE-2001-0154, CVE-2001-0155, CVE-2001-0156, CVE-2001-0157, CVE-2001-0160, CVE-2001-0161, CVE-2001-0162, CVE-2001-0163, CVE-2001-0164, CVE-2001-0165, CVE-2001-0166, CVE-2001-0167, CVE-2001-0168, CVE-2001-0169, CVE-2001-0170, CVE-2001-0171, CVE-2001-0172, CVE-2001-0173, CVE-2001-0174, CVE-2001-0175, CVE-2001-0176, CVE-2001-0177, CVE-2001-0178, CVE-2001-0179, CVE-2001-0180, CVE-2001-0181, CVE-2001-0182, CVE-2001-0183, CVE-2001-0184, CVE-2001-0185, CVE-2001-0186, CVE-2001-0187, CVE-2001-0188, CVE-2001-0189, CVE-2001-0190, CVE-2001-0191, CVE-2001-0192, CVE-2001-0193, CVE-2001-0194, CVE-2001-0195, CVE-2001-0196, CVE-2001-0197, CVE-2001-0198, CVE-2001-0199, CVE-2001-0200, CVE-2001-0201, CVE-2001-0202, CVE-2001-0203, CVE-2001-0204, CVE-2001-0205, CVE-2001-0206, CVE-2001-0207, CVE-2001-0208, CVE-2001-0209, CVE-2001-0210, CVE-2001-0211, CVE-2001-0212, CVE-2001-0213, CVE-2001-0214, CVE-2001-0215, CVE-2001-0216, CVE-2001-0217, CVE-2001-0218, CVE-2001-0219, CVE-2001-0220, CVE-2001-0221, CVE-2001-0222, CVE-2001-0223, CVE-2001-0224, CVE-2001-0225, CVE-2001-0226, CVE-2001-0227, CVE-2001-0228, CVE-2001-0229, CVE-2001-0230, CVE-2001-0231, CVE-2001-0232, CVE-2001-0233, CVE-2001-0234, CVE-2001-0235, CVE-2001-0236, CVE-2001-0237, CVE-2001-0238, CVE-2001-0239, CVE-2001-0240, CVE-2001-0241, CVE-2001-0242, CVE-2001-0243, CVE-2001-0244, CVE-2001-0245, CVE-2001-0246, CVE-2001-0247, CVE-2001-0248, CVE-2001-0249, CVE-2001-0250, CVE-2001-0251, CVE-2001-0252, CVE-2001-0253, CVE-2001-0254, CVE-2001-0255, CVE-2001-0256, CVE-2001-0257, CVE-2001-0258, CVE-2001-0259, CVE-2001-0260, CVE-2001-0261, CVE-2001-0262, CVE-2001-0263, CVE-2001-0264, CVE-2001-0265, CVE-2001-0266, CVE-2001-0267, CVE-2001-0268, CVE-2001-0269, CVE-2001-0270, CVE-2001-0271, CVE-2001-0272, CVE-2001-0273, CVE-2001-0274, CVE-2001-0275, CVE-2001-0276, CVE-2001-0277, CVE-2001-0278, CVE-2001-0279, CVE-2001-0280, CVE-2001-0281, CVE-2001-0282, CVE-2001-0283, CVE-2001-0284, CVE-2001-0285, CVE-2001-0286, CVE-2001-0287, CVE-2001-0288, CVE-2001-0289, CVE-2001-0290, CVE-2001-0291, CVE-2001-0292, CVE-2001-0293, CVE-2001-0294, CVE-2001-0295, CVE-2001-0296, CVE-2001-0297, CVE-2001-0298, CVE-2001-0299, CVE-2001-0300, CVE-2001-0301, CVE-2001-0302, CVE-2001-0303, CVE-2001-0304, CVE-2001-0305, CVE-2001-0306, CVE-2001-0307, CVE-2001-0308, CVE-2001-0309, CVE-2001-0310, CVE-2001-0311, CVE-2001-0312, CVE-2001-0313, CVE-2001-0314, CVE-2001-0315, CVE-2001-0316, CVE-2001-0317, CVE-2001-0318, CVE-2001-0319, CVE-2001-0320, CVE-2001-0321, CVE-2001-0322, CVE-2001-0323, CVE-2001-0324, CVE-2001-0325, CVE-2001-0326, CVE-2001-0327, CVE-2001-0328, CVE-2001-0329, CVE-2001-0330, CVE-2001-0331, CVE-2001-0332, CVE-2001-0333, CVE-2001-0334, CVE-2001-0335, CVE-2001-0336, CVE-2001-0337, CVE-2001-0338, CVE-2001-0339, CVE-2001-0340, CVE-2001-0341, CVE-2001-0344, CVE-2001-0345, CVE-2001-0346, CVE-2001-0347, CVE-2001-0348, CVE-2001-0349, CVE-2001-0350, CVE-2001-0351, CVE-2001-0352, CVE-2001-0353, CVE-2001-0354, CVE-2001-0355, CVE-2001-0357, CVE-2001-0358, CVE-2001-0359, CVE-2001-0360, CVE-2001-0361, CVE-2001-0364, CVE-2001-0365, CVE-2001-0366, CVE-2001-0367, CVE-2001-0368, CVE-2001-0369, CVE-2001-0370, CVE-2001-0371, CVE-2001-0372, CVE-2001-0373, CVE-2001-0374, CVE-2001-0375, CVE-2001-0376, CVE-2001-0377, CVE-2001-0378, CVE-2001-0379, CVE-2001-0380, CVE-2001-0381, CVE-2001-0382, CVE-2001-0383, CVE-2001-0384, CVE-2001-0385, CVE-2001-0386, CVE-2001-0387, CVE-2001-0388, CVE-2001-0389, CVE-2001-0390, CVE-2001-0391, CVE-2001-0392, CVE-2001-0393, CVE-2001-0394, CVE-2001-0395, CVE-2001-0396, CVE-2001-0397, CVE-2001-0398, CVE-2001-0399, CVE-2001-0400, CVE-2001-0401, CVE-2001-0402, CVE-2001-0403, CVE-2001-0404, CVE-2001-0405, CVE-2001-0406, CVE-2001-0407, CVE-2001-0408, CVE-2001-0409, CVE-2001-0410, CVE-2001-0411, CVE-2001-0412, CVE-2001-0413, CVE-2001-0414, CVE-2001-0415, CVE-2001-0416, CVE-2001-0417, CVE-2001-0418, CVE-2001-0419, CVE-2001-0420, CVE-2001-0421, CVE-2001-0422, CVE-2001-0423, CVE-2001-0424, CVE-2001-0425, CVE-2001-0426, CVE-2001-0427, CVE-2001-0428, CVE-2001-0429, CVE-2001-0430, CVE-2001-0431, CVE-2001-0432, CVE-2001-0433, CVE-2001-0434, CVE-2001-0435, CVE-2001-0436, CVE-2001-0437, CVE-2001-0438, CVE-2001-0439, CVE-2001-0440, CVE-2001-0441, CVE-2001-0442, CVE-2001-0443, CVE-2001-0444, CVE-2001-0446, CVE-2001-0447, CVE-2001-0448, CVE-2001-0449, CVE-2001-0450, CVE-2001-0451, CVE-2001-0452, CVE-2001-0453, CVE-2001-0454, CVE-2001-0455, CVE-2001-0456, CVE-2001-0457, CVE-2001-0458, CVE-2001-0459, CVE-2001-0460, CVE-2001-0461, CVE-2001-0462, CVE-2001-0463, CVE-2001-0464, CVE-2001-0465, CVE-2001-0466, CVE-2001-0467, CVE-2001-0468, CVE-2001-0469, CVE-2001-0470, CVE-2001-0471, CVE-2001-0472, CVE-2001-0473, CVE-2001-0474, CVE-2001-0475, CVE-2001-0476, CVE-2001-0477, CVE-2001-0478, CVE-2001-0479, CVE-2001-0480, CVE-2001-0481, CVE-2001-0482, CVE-2001-0483, CVE-2001-0484, CVE-2001-0485, CVE-2001-0486, CVE-2001-0487, CVE-2001-0488, CVE-2001-0489, CVE-2001-0490, CVE-2001-0491, CVE-2001-0492, CVE-2001-0493, CVE-2001-0494, CVE-2001-0495, CVE-2001-0496, CVE-2001-0497, CVE-2001-0498, CVE-2001-0499, CVE-2001-0500, CVE-2001-0501, CVE-2001-0502, CVE-2001-0503, CVE-2001-0504, CVE-2001-0505, CVE-2001-0506, CVE-2001-0507, CVE-2001-0508, CVE-2001-0509, CVE-2001-0513, CVE-2001-0514, CVE-2001-0515, CVE-2001-0516, CVE-2001-0517, CVE-2001-0518, CVE-2001-0519, CVE-2001-0520, CVE-2001-0521, CVE-2001-0522, CVE-2001-0523, CVE-2001-0524, CVE-2001-0525, CVE-2001-0526, CVE-2001-0527, CVE-2001-0528, CVE-2001-0529, CVE-2001-0530, CVE-2001-0533, CVE-2001-0534, CVE-2001-0535, CVE-2001-0537, CVE-2001-0538, CVE-2001-0540, CVE-2001-0541, CVE-2001-0542, CVE-2001-0543, CVE-2001-0544, CVE-2001-0545, CVE-2001-0546, CVE-2001-0547, CVE-2001-0548, CVE-2001-0549, CVE-2001-0550, CVE-2001-0551, CVE-2001-0552, CVE-2001-0553, CVE-2001-0554, CVE-2001-0555, CVE-2001-0556, CVE-2001-0557, CVE-2001-0558, CVE-2001-0559, CVE-2001-0560, CVE-2001-0561, CVE-2001-0562, CVE-2001-0563, CVE-2001-0564, CVE-2001-0565, CVE-2001-0566, CVE-2001-0567, CVE-2001-0568, CVE-2001-0569, CVE-2001-0570, CVE-2001-0571, CVE-2001-0572, CVE-2001-0573, CVE-2001-0574, CVE-2001-0575, CVE-2001-0576, CVE-2001-0577, CVE-2001-0578, CVE-2001-0579, CVE-2001-0580, CVE-2001-0581, CVE-2001-0582, CVE-2001-0583, CVE-2001-0584, CVE-2001-0585, CVE-2001-0586, CVE-2001-0587, CVE-2001-0588, CVE-2001-0589, CVE-2001-0590, CVE-2001-0591, CVE-2001-0592, CVE-2001-0593, CVE-2001-0594, CVE-2001-0595, CVE-2001-0596, CVE-2001-0597, CVE-2001-0598, CVE-2001-0599, CVE-2001-0600, CVE-2001-0601, CVE-2001-0602, CVE-2001-0603, CVE-2001-0604, CVE-2001-0605, CVE-2001-0606, CVE-2001-0607, CVE-2001-0608, CVE-2001-0609, CVE-2001-0610, CVE-2001-0611, CVE-2001-0612, CVE-2001-0613, CVE-2001-0614, CVE-2001-0615, CVE-2001-0616, CVE-2001-0617, CVE-2001-0618, CVE-2001-0619, CVE-2001-0620, CVE-2001-0621, CVE-2001-0622, CVE-2001-0623, CVE-2001-0624, CVE-2001-0625, CVE-2001-0626, CVE-2001-0627, CVE-2001-0628, CVE-2001-0629, CVE-2001-0630, CVE-2001-0631, CVE-2001-0632, CVE-2001-0633, CVE-2001-0634, CVE-2001-0635, CVE-2001-0636, CVE-2001-0641, CVE-2001-0642, CVE-2001-0643, CVE-2001-0644, CVE-2001-0645, CVE-2001-0646, CVE-2001-0647, CVE-2001-0648, CVE-2001-0649, CVE-2001-0650, CVE-2001-0652, CVE-2001-0653, CVE-2001-0654, CVE-2001-0655, CVE-2001-0656, CVE-2001-0657, CVE-2001-0658, CVE-2001-0659, CVE-2001-0660, CVE-2001-0662, CVE-2001-0663, CVE-2001-0664, CVE-2001-0665, CVE-2001-0666, CVE-2001-0667, CVE-2001-0668, CVE-2001-0669, CVE-2001-0670, CVE-2001-0671, CVE-2001-0674, CVE-2001-0675, CVE-2001-0676, CVE-2001-0677, CVE-2001-0678, CVE-2001-0679, CVE-2001-0680, CVE-2001-0681, CVE-2001-0682, CVE-2001-0683, CVE-2001-0684, CVE-2001-0685, CVE-2001-0686, CVE-2001-0687, CVE-2001-0688, CVE-2001-0689, CVE-2001-0690, CVE-2001-0691, CVE-2001-0692, CVE-2001-0693, CVE-2001-0694, CVE-2001-0695, CVE-2001-0696, CVE-2001-0697, CVE-2001-0698, CVE-2001-0699, CVE-2001-0700, CVE-2001-0701, CVE-2001-0702, CVE-2001-0703, CVE-2001-0704, CVE-2001-0705, CVE-2001-0706, CVE-2001-0707, CVE-2001-0708, CVE-2001-0709, CVE-2001-0710, CVE-2001-0711, CVE-2001-0712, CVE-2001-0713, CVE-2001-0714, CVE-2001-0715, CVE-2001-0716, CVE-2001-0717, CVE-2001-0718, CVE-2001-0719, CVE-2001-0720, CVE-2001-0721, CVE-2001-0722, CVE-2001-0723, CVE-2001-0724, CVE-2001-0726, CVE-2001-0727, CVE-2001-0728, CVE-2001-0729, CVE-2001-0730, CVE-2001-0731, CVE-2001-0733, CVE-2001-0734, CVE-2001-0735, CVE-2001-0736, CVE-2001-0737, CVE-2001-0738, CVE-2001-0739, CVE-2001-0740, CVE-2001-0741, CVE-2001-0742, CVE-2001-0743, CVE-2001-0744, CVE-2001-0745, CVE-2001-0746, CVE-2001-0747, CVE-2001-0748, CVE-2001-0749, CVE-2001-0750, CVE-2001-0751, CVE-2001-0752, CVE-2001-0753, CVE-2001-0754, CVE-2001-0755, CVE-2001-0756, CVE-2001-0757, CVE-2001-0758, CVE-2001-0759, CVE-2001-0760, CVE-2001-0761, CVE-2001-0762, CVE-2001-0763, CVE-2001-0764, CVE-2001-0765, CVE-2001-0766, CVE-2001-0767, CVE-2001-0768, CVE-2001-0769, CVE-2001-0770, CVE-2001-0771, CVE-2001-0772, CVE-2001-0773, CVE-2001-0774, CVE-2001-0775, CVE-2001-0776, CVE-2001-0777, CVE-2001-0778, CVE-2001-0779, CVE-2001-0780, CVE-2001-0781, CVE-2001-0782, CVE-2001-0783, CVE-2001-0784, CVE-2001-0785, CVE-2001-0786, CVE-2001-0787, CVE-2001-0788, CVE-2001-0789, CVE-2001-0790, CVE-2001-0791, CVE-2001-0792, CVE-2001-0794, CVE-2001-0795, CVE-2001-0796, CVE-2001-0797, CVE-2001-0798, CVE-2001-0799, CVE-2001-0800, CVE-2001-0801, CVE-2001-0802, CVE-2001-0803, CVE-2001-0804, CVE-2001-0805, CVE-2001-0806, CVE-2001-0807, CVE-2001-0808, CVE-2001-0809, CVE-2001-0810, CVE-2001-0811, CVE-2001-0812, CVE-2001-0813, CVE-2001-0814, CVE-2001-0815, CVE-2001-0816, CVE-2001-0817, CVE-2001-0818, CVE-2001-0819, CVE-2001-0820, CVE-2001-0821, CVE-2001-0822, CVE-2001-0823, CVE-2001-0824, CVE-2001-0825, CVE-2001-0826, CVE-2001-0828, CVE-2001-0829, CVE-2001-0830, CVE-2001-0831, CVE-2001-0832, CVE-2001-0833, CVE-2001-0834, CVE-2001-0835, CVE-2001-0836, CVE-2001-0837, CVE-2001-0838, CVE-2001-0839, CVE-2001-0840, CVE-2001-0841, CVE-2001-0842, CVE-2001-0843, CVE-2001-0844, CVE-2001-0845, CVE-2001-0846, CVE-2001-0847, CVE-2001-0848, CVE-2001-0849, CVE-2001-0850, CVE-2001-0851, CVE-2001-0852, CVE-2001-0853, CVE-2001-0854, CVE-2001-0855, CVE-2001-0856, CVE-2001-0857, CVE-2001-0858, CVE-2001-0859, CVE-2001-0860, CVE-2001-0861, CVE-2001-0862, CVE-2001-0863, CVE-2001-0864, CVE-2001-0865, CVE-2001-0866, CVE-2001-0867, CVE-2001-0868, CVE-2001-0869, CVE-2001-0870, CVE-2001-0871, CVE-2001-0872, CVE-2001-0873, CVE-2001-0874, CVE-2001-0875, CVE-2001-0876, CVE-2001-0877, CVE-2001-0879, CVE-2001-0884, CVE-2001-0886, CVE-2001-0887, CVE-2001-0888, CVE-2001-0889, CVE-2001-0890, CVE-2001-0891, CVE-2001-0892, CVE-2001-0893, CVE-2001-0894, CVE-2001-0895, CVE-2001-0896, CVE-2001-0897, CVE-2001-0898, CVE-2001-0899, CVE-2001-0900, CVE-2001-0901, CVE-2001-0902, CVE-2001-0903, CVE-2001-0904, CVE-2001-0905, CVE-2001-0906, CVE-2001-0907, CVE-2001-0908, CVE-2001-0909, CVE-2001-0910, CVE-2001-0911, CVE-2001-0912, CVE-2001-0913, CVE-2001-0914, CVE-2001-0915, CVE-2001-0916, CVE-2001-0917, CVE-2001-0918, CVE-2001-0919, CVE-2001-0920, CVE-2001-0921, CVE-2001-0922, CVE-2001-0923, CVE-2001-0924, CVE-2001-0925, CVE-2001-0926, CVE-2001-0927, CVE-2001-0928, CVE-2001-0929, CVE-2001-0930, CVE-2001-0931, CVE-2001-0932, CVE-2001-0933, CVE-2001-0934, CVE-2001-0935, CVE-2001-0936, CVE-2001-0937, CVE-2001-0938, CVE-2001-0939, CVE-2001-0940, CVE-2001-0941, CVE-2001-0942, CVE-2001-0943, CVE-2001-0944, CVE-2001-0945, CVE-2001-0946, CVE-2001-0947, CVE-2001-0948, CVE-2001-0949, CVE-2001-0950, CVE-2001-0951, CVE-2001-0952, CVE-2001-0953, CVE-2001-0954, CVE-2001-0955, CVE-2001-0956, CVE-2001-0958, CVE-2001-0959, CVE-2001-0960, CVE-2001-0961, CVE-2001-0962, CVE-2001-0963, CVE-2001-0964, CVE-2001-0965, CVE-2001-0966, CVE-2001-0967, CVE-2001-0968, CVE-2001-0969, CVE-2001-0970, CVE-2001-0971, CVE-2001-0972, CVE-2001-0973, CVE-2001-0974, CVE-2001-0975, CVE-2001-0976, CVE-2001-0977, CVE-2001-0978, CVE-2001-0979, CVE-2001-0980, CVE-2001-0981, CVE-2001-0982, CVE-2001-0983, CVE-2001-0984, CVE-2001-0985, CVE-2001-0986, CVE-2001-0987, CVE-2001-0988, CVE-2001-0989, CVE-2001-0990, CVE-2001-0991, CVE-2001-0992, CVE-2001-0993, CVE-2001-0994, CVE-2001-0995, CVE-2001-0996, CVE-2001-0997, CVE-2001-0998, CVE-2001-0999, CVE-2001-1000, CVE-2001-1002, CVE-2001-1003, CVE-2001-1004, CVE-2001-1005, CVE-2001-1006, CVE-2001-1007, CVE-2001-1008, CVE-2001-1009, CVE-2001-1010, CVE-2001-1011, CVE-2001-1012, CVE-2001-1013, CVE-2001-1014, CVE-2001-1015, CVE-2001-1016, CVE-2001-1017, CVE-2001-1018, CVE-2001-1019, CVE-2001-1020, CVE-2001-1021, CVE-2001-1022, CVE-2001-1023, CVE-2001-1024, CVE-2001-1025, CVE-2001-1026, CVE-2001-1027, CVE-2001-1028, CVE-2001-1029, CVE-2001-1030, CVE-2001-1031, CVE-2001-1032, CVE-2001-1033, CVE-2001-1034, CVE-2001-1035, CVE-2001-1036, CVE-2001-1037, CVE-2001-1038, CVE-2001-1039, CVE-2001-1040, CVE-2001-1041, CVE-2001-1042, CVE-2001-1043, CVE-2001-1044, CVE-2001-1045, CVE-2001-1046, CVE-2001-1047, CVE-2001-1048, CVE-2001-1049, CVE-2001-1050, CVE-2001-1051, CVE-2001-1052, CVE-2001-1053, CVE-2001-1054, CVE-2001-1055, CVE-2001-1056, CVE-2001-1057, CVE-2001-1058, CVE-2001-1059, CVE-2001-1060, CVE-2001-1061, CVE-2001-1062, CVE-2001-1063, CVE-2001-1064, CVE-2001-1065, CVE-2001-1066, CVE-2001-1067, CVE-2001-1068, CVE-2001-1069, CVE-2001-1070, CVE-2001-1071, CVE-2001-1072, CVE-2001-1073, CVE-2001-1074, CVE-2001-1075, CVE-2001-1076, CVE-2001-1077, CVE-2001-1078, CVE-2001-1079, CVE-2001-1080, CVE-2001-1081, CVE-2001-1082, CVE-2001-1083, CVE-2001-1084, CVE-2001-1085, CVE-2001-1086, CVE-2001-1087, CVE-2001-1088, CVE-2001-1089, CVE-2001-1090, CVE-2001-1091, CVE-2001-1092, CVE-2001-1093, CVE-2001-1094, CVE-2001-1095, CVE-2001-1096, CVE-2001-1097, CVE-2001-1098, CVE-2001-1099, CVE-2001-1100, CVE-2001-1101, CVE-2001-1102, CVE-2001-1103, CVE-2001-1104, CVE-2001-1105, CVE-2001-1106, CVE-2001-1107, CVE-2001-1108, CVE-2001-1109, CVE-2001-1110, CVE-2001-1111, CVE-2001-1112, CVE-2001-1113, CVE-2001-1114, CVE-2001-1115, CVE-2001-1116, CVE-2001-1117, CVE-2001-1118, CVE-2001-1119, CVE-2001-1120, CVE-2001-1121, CVE-2001-1122, CVE-2001-1123, CVE-2001-1124, CVE-2001-1125, CVE-2001-1126, CVE-2001-1127, CVE-2001-1128, CVE-2001-1129, CVE-2001-1130, CVE-2001-1131, CVE-2001-1132, CVE-2001-1133, CVE-2001-1134, CVE-2001-1135, CVE-2001-1136, CVE-2001-1137, CVE-2001-1138, CVE-2001-1139, CVE-2001-1140, CVE-2001-1141, CVE-2001-1142, CVE-2001-1143, CVE-2001-1144, CVE-2001-1145, CVE-2001-1146, CVE-2001-1147, CVE-2001-1148, CVE-2001-1149, CVE-2001-1150, CVE-2001-1151, CVE-2001-1152, CVE-2001-1153, CVE-2001-1154, CVE-2001-1155, CVE-2001-1156, CVE-2001-1157, CVE-2001-1158, CVE-2001-1159, CVE-2001-1160, CVE-2001-1161, CVE-2001-1162, CVE-2001-1163, CVE-2001-1164, CVE-2001-1165, CVE-2001-1166, CVE-2001-1167, CVE-2001-1168, CVE-2001-1169, CVE-2001-1170, CVE-2001-1171, CVE-2001-1172, CVE-2001-1173, CVE-2001-1174, CVE-2001-1175, CVE-2001-1176, CVE-2001-1177, CVE-2001-1178, CVE-2001-1179, CVE-2001-1180, CVE-2001-1181, CVE-2001-1182, CVE-2001-1183, CVE-2001-1184, CVE-2001-1185, CVE-2001-1186, CVE-2001-1187, CVE-2001-1188, CVE-2001-1189, CVE-2001-1190, CVE-2001-1191, CVE-2001-1192, CVE-2001-1193, CVE-2001-1194, CVE-2001-1195, CVE-2001-1196, CVE-2001-1197, CVE-2001-1198, CVE-2001-1199, CVE-2001-1200, CVE-2001-1201, CVE-2001-1202, CVE-2001-1203, CVE-2001-1204, CVE-2001-1205, CVE-2001-1206, CVE-2001-1207, CVE-2001-1208, CVE-2001-1209, CVE-2001-1210, CVE-2001-1211, CVE-2001-1212, CVE-2001-1213, CVE-2001-1214, CVE-2001-1215, CVE-2001-1216, CVE-2001-1217, CVE-2001-1218, CVE-2001-1219, CVE-2001-1220, CVE-2001-1221, CVE-2001-1222, CVE-2001-1223, CVE-2001-1224, CVE-2001-1225, CVE-2001-1226, CVE-2001-1227, CVE-2001-1228, CVE-2001-1229, CVE-2001-1230, CVE-2001-1231, CVE-2001-1232, CVE-2001-1233, CVE-2001-1234, CVE-2001-1235, CVE-2001-1236, CVE-2001-1237, CVE-2001-1238, CVE-2001-1239, CVE-2001-1240, CVE-2001-1241, CVE-2001-1242, CVE-2001-1243, CVE-2001-1244, CVE-2001-1245, CVE-2001-1246, CVE-2001-1247, CVE-2001-1248, CVE-2001-1249, CVE-2001-1250, CVE-2001-1251, CVE-2001-1252, CVE-2001-1253, CVE-2001-1254, CVE-2001-1255, CVE-2001-1256, CVE-2001-1257, CVE-2001-1258, CVE-2001-1259, CVE-2001-1260, CVE-2001-1261, CVE-2001-1262, CVE-2001-1263, CVE-2001-1264, CVE-2001-1265, CVE-2001-1266, CVE-2001-1267, CVE-2001-1268, CVE-2001-1269, CVE-2001-1270, CVE-2001-1271, CVE-2001-1272, CVE-2001-1273, CVE-2001-1274, CVE-2001-1275, CVE-2001-1276, CVE-2001-1277, CVE-2001-1278, CVE-2001-1279, CVE-2001-1280, CVE-2001-1281, CVE-2001-1282, CVE-2001-1283, CVE-2001-1284, CVE-2001-1285, CVE-2001-1286, CVE-2001-1287, CVE-2001-1288, CVE-2001-1289, CVE-2001-1290, CVE-2001-1291, CVE-2001-1292, CVE-2001-1293, CVE-2001-1294, CVE-2001-1295, CVE-2001-1296, CVE-2001-1297, CVE-2001-1298, CVE-2001-1299, CVE-2001-1300, CVE-2001-1301, CVE-2001-1302, CVE-2001-1303, CVE-2001-1304, CVE-2001-1305, CVE-2001-1306, CVE-2001-1307, CVE-2001-1308, CVE-2001-1309, CVE-2001-1310, CVE-2001-1311, CVE-2001-1312, CVE-2001-1313, CVE-2001-1314, CVE-2001-1315, CVE-2001-1316, CVE-2001-1317, CVE-2001-1318, CVE-2001-1319, CVE-2001-1320, CVE-2001-1321, CVE-2001-1322, CVE-2001-1323, CVE-2001-1324, CVE-2001-1325, CVE-2001-1326, CVE-2001-1327, CVE-2001-1328, CVE-2001-1329, CVE-2001-1330, CVE-2001-1331, CVE-2001-1332, CVE-2001-1333, CVE-2001-1334, CVE-2001-1335, CVE-2001-1336, CVE-2001-1337, CVE-2001-1338, CVE-2001-1339, CVE-2001-1340, CVE-2001-1341, CVE-2001-1342, CVE-2001-1343, CVE-2001-1344, CVE-2001-1345, CVE-2001-1346, CVE-2001-1347, CVE-2001-1348, CVE-2001-1349, CVE-2001-1350, CVE-2001-1351, CVE-2001-1352, CVE-2001-1353, CVE-2001-1354, CVE-2001-1355, CVE-2001-1356, CVE-2001-1357, CVE-2001-1358, CVE-2001-1359, CVE-2001-1360, CVE-2001-1361, CVE-2001-1362, CVE-2001-1363, CVE-2001-1364, CVE-2001-1365, CVE-2001-1366, CVE-2001-1367, CVE-2001-1368, CVE-2001-1369, CVE-2001-1370, CVE-2001-1371, CVE-2001-1372, CVE-2001-1373, CVE-2001-1374, CVE-2001-1375, CVE-2001-1376, CVE-2001-1377, CVE-2001-1378, CVE-2001-1379, CVE-2001-1380, CVE-2001-1382, CVE-2001-1383, CVE-2001-1384, CVE-2001-1385, CVE-2001-1386, CVE-2001-1387, CVE-2001-1388, CVE-2001-1389, CVE-2001-1390, CVE-2001-1391, CVE-2001-1392, CVE-2001-1393, CVE-2001-1394, CVE-2001-1395, CVE-2001-1396, CVE-2001-1397, CVE-2001-1398, CVE-2001-1399, CVE-2001-1400, CVE-2001-1401, CVE-2001-1402, CVE-2001-1403, CVE-2001-1404, CVE-2001-1405, CVE-2001-1406, CVE-2001-1407, CVE-2001-1408, CVE-2001-1409, CVE-2001-1410, CVE-2001-1411, CVE-2001-1412, CVE-2001-1413, CVE-2001-1414, CVE-2001-1415, CVE-2001-1416, CVE-2001-1417, CVE-2001-1418, CVE-2001-1419, CVE-2001-1420, CVE-2001-1421, CVE-2001-1422, CVE-2001-1423, CVE-2001-1424, CVE-2001-1425, CVE-2001-1426, CVE-2001-1427, CVE-2001-1428, CVE-2001-1429, CVE-2001-1430, CVE-2001-1431, CVE-2001-1432, CVE-2001-1433, CVE-2001-1434, CVE-2001-1435, CVE-2001-1436, CVE-2001-1437, CVE-2001-1438, CVE-2001-1439, CVE-2001-1440, CVE-2001-1441, CVE-2001-1442, CVE-2001-1443, CVE-2001-1444, CVE-2001-1445, CVE-2001-1446, CVE-2001-1447, CVE-2001-1448, CVE-2001-1449, CVE-2001-1450, CVE-2001-1451, CVE-2001-1452, CVE-2001-1453, CVE-2001-1454, CVE-2001-1455, CVE-2001-1456, CVE-2001-1457, CVE-2001-1458, CVE-2001-1459, CVE-2001-1460, CVE-2001-1461, CVE-2001-1462, CVE-2001-1463, CVE-2001-1464, CVE-2001-1465, CVE-2001-1466, CVE-2001-1467, CVE-2001-1468, CVE-2001-1469, CVE-2001-1470, CVE-2001-1471, CVE-2001-1472, CVE-2001-1473, CVE-2001-1474, CVE-2001-1475, CVE-2001-1476, CVE-2001-1477, CVE-2001-1478, CVE-2001-1479, CVE-2001-1480, CVE-2001-1481, CVE-2001-1482, CVE-2001-1483, CVE-2001-1484, CVE-2001-1487, CVE-2001-1488, CVE-2001-1489, CVE-2001-1490, CVE-2001-1491, CVE-2001-1492, CVE-2001-1494, CVE-2001-1495, CVE-2001-1496, CVE-2001-1497, CVE-2001-1498, CVE-2001-1499, CVE-2001-1500, CVE-2001-1501, CVE-2001-1502, CVE-2001-1503, CVE-2001-1504, CVE-2001-1505, CVE-2001-1506, CVE-2001-1507, CVE-2001-1508, CVE-2001-1509, CVE-2001-1510, CVE-2001-1511, CVE-2001-1512, CVE-2001-1513, CVE-2001-1514, CVE-2001-1515, CVE-2001-1516, CVE-2001-1517, CVE-2001-1518, CVE-2001-1519, CVE-2001-1520, CVE-2001-1521, CVE-2001-1522, CVE-2001-1523, CVE-2001-1524, CVE-2001-1525, CVE-2001-1526, CVE-2001-1527, CVE-2001-1528, CVE-2001-1529, CVE-2001-1530, CVE-2001-1531, CVE-2001-1532, CVE-2001-1533, CVE-2001-1534, CVE-2001-1535, CVE-2001-1536, CVE-2001-1537, CVE-2001-1538, CVE-2001-1539, CVE-2001-1540, CVE-2001-1541, CVE-2001-1542, CVE-2001-1543, CVE-2001-1544, CVE-2001-1545, CVE-2001-1546, CVE-2001-1547, CVE-2001-1548, CVE-2001-1549, CVE-2001-1550, CVE-2001-1551, CVE-2001-1552, CVE-2001-1553, CVE-2001-1554, CVE-2001-1555, CVE-2001-1556, CVE-2001-1557, CVE-2001-1558, CVE-2001-1559, CVE-2001-1560, CVE-2001-1561, CVE-2001-1562, CVE-2001-1563, CVE-2001-1564, CVE-2001-1565, CVE-2001-1566, CVE-2001-1567, CVE-2001-1568, CVE-2001-1569, CVE-2001-1570, CVE-2001-1571, CVE-2001-1572, CVE-2001-1573, CVE-2001-1574, CVE-2001-1575, CVE-2001-1576, CVE-2001-1577, CVE-2001-1578, CVE-2001-1579, CVE-2001-1580, CVE-2001-1581, CVE-2001-1582, CVE-2001-1583, CVE-2001-1584, CVE-2001-1585, CVE-2001-1586, CVE-2001-1587, CVE-2001-1588, CVE-2001-1589, CVE-2001-1590, CVE-2001-1591, CVE-2001-1592, CVE-2001-1593, CVE-2001-1594, CVE-2024-8419, CVE-2025-7195 Date: Mon, 16 Feb 2026 15:50:20 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8839696200 --------------------------- linux-yocto/6.18: update to v6.18.11 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: ee4fb138af107 Linux 6.18.11 32f08c3ddd6dd gpio: omap: do not register driver in probe() 116f7bd8160c6 wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add 24a253c3aa6d9 PCI: endpoint: Avoid creating sub-groups asynchronously 60b75407c172e drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free ed82e7949f5ca xfs: fix UAF in xchk_btree_check_block_owner d741534302f71 erofs: fix UAF issue for file-backed mounts w/ directio option 1d6bd6183e723 bus: fsl-mc: fix use-after-free in driver_override_show() d14e991279831 scsi: qla2xxx: Query FW again before proceeding with login f04840512438a scsi: qla2xxx: Free sp in error path to fix system crash c068ebbaf5282 scsi: qla2xxx: Delay module unload while fabric scan in progress ae49d33bfc08b scsi: qla2xxx: Allow recovery for tape devices 1a9585e4c58d1 scsi: qla2xxx: Validate sp before freeing associated memory 1339455044155 wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() 46c1d56ad321f hfs: ensure sb->s_fs_info is always cleaned up 4aa45f841413c nilfs2: Fix potential block overflow that cause system hang 52505d7f713bf crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req e69a7b0a71b65 crypto: virtio - Add spinlock protection with virtqueue notification 2ed27b5a11743 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly 62c89e1992c86 crypto: octeontx - Fix length check to avoid truncation in ucode_load_store d75207465eed2 crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode 65a0016016e8b ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 be7a9bcee0ca6 Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB 8d76b2488eb3c driver core: enforce device_lock for driver_match_device() 16c8be3d55441 smb: client: let send_done handle a completion without IB_SEND_SIGNALED 6bf260ace7301 smb: client: let smbd_post_send_negotiate_req() use smbd_post_send() 69ce4ae2ab65c smb: client: fix last send credit problem causing disconnects cca0526ef2344 smb: client: make use of smbdirect_socket.send_io.bcredits 9eff83600edf6 smb: client: use smbdirect_send_batch processing d059e5fc49755 smb: client: introduce and use smbd_{alloc, free}_send_io() 1f3e8e2c67cbc smb: client: split out smbd_ib_post_send() 8786127068d51 smb: client: port and use the wait_for_credits logic used by server 1fe0f989beb8b smb: client: remove pointless sc->send_io.pending handling in smbd_post_send_iter() 2b08ca3ab6cc5 smb: client: remove pointless sc->recv_io.credits.count rollback b9ec75aba3c8f smb: client: let smbd_post_send() make use of request->wr 5b69ba9978dd0 smb: client: let recv_done() queue a refill when the peer is low on credits f664e6e8a8110 smb: client: make use of smbdirect_socket.recv_io.credits.available 24082642654f3 smb: server: let send_done handle a completion without IB_SEND_SIGNALED 85bf0a73831cc smb: server: fix last send credit problem causing disconnects 5ef18a2e66f2f smb: server: make use of smbdirect_socket.send_io.bcredits cea7afb097b00 smb: server: let recv_done() queue a refill when the peer is low on credits 66c082e3d4651 smb: server: make use of smbdirect_socket.recv_io.credits.available 88cf40f7b5fb4 smb: smbdirect: introduce smbdirect_socket.send_io.bcredits.* e811e60e1cc79 smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available cd25e0d809531 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() e4a8a96a93d08 ksmbd: add chann_lock to protect ksmbd_chann_list xarray 71b5e7c528315 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths c4b9edd559873 smb: client: split cached_fid bitfields to avoid shared-byte RMW races 1658b66fed206 io_uring: allow io-wq workers to exit when unused f02693a40e407 io_uring/io-wq: add exit-on-idle state 41cec610f6906 Linux 6.18.10 31b593fbece63 riscv: Add intermediate cast to 'unsigned long' in __get_user_asm ecd164120c248 ALSA: usb-audio: Use the right limit for PCM OOB check 24ad4cfac0b8e ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU. 57bac08056787 spi: tegra114: Preserve SPI mode bits in def_command1_reg b8eec12aa666c spi: tegra: Fix a memory leak in tegra_slink_probe() 2ac3a105e5149 spi: tegra210-quad: Protect curr_xfer check in IRQ handler d51554dc05695 spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer 3bc293d5b5650 spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer 2d3c0122e9611 spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one 51013068438ac spi: tegra210-quad: Move curr_xfer read inside spinlock e1777c400b7a9 spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer b767cf2d4efc8 regulator: spacemit-p1: Fix n_voltages for BUCK and LDO regulators 3f9b508b3eecc i2c: imx: preserve error state in block data length handler e71e3fa90a151 gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc() 279cb9180510f ASoC: amd: fix memory leak in acp3x pdm dma ops 8434b351cd4ea ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() 01d2fb15f15c1 firmware: cs_dsp: rate-limit log messages in KUnit builds abd66845227c5 firmware: cs_dsp: Factor out common debugfs string read b8ad2d53f706a ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF f3ed399e9aa6f nvme-pci: handle changing device dma map requirements 3c58f6121863c drm/xe/guc: Fix CFI violation in debugfs access. 8b68a45f9722f netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() 32ddd09d1103e hwmon: (occ) Mark occ_init_attribute() as __printf 8abb71d4a1dce drm/xe/pm: Disable D3Cold for BMG only on specific platforms 7c5db0957a230 drm/xe/query: Fix topology query pointer advance 184a84f03b5e6 drm/mgag200: fix mgag200_bmc_stop_scanout() 2e5edb69e5d0e net: gro: fix outer network offset 589a530ae44d0 net: add proper RCU protection to /proc/net/ptype 9f42cb8fafd6d net: ethernet: adi: adin1110: Check return value of devm_gpiod_get_optional() in adin1110_check_spi() 100f3bf914612 drm/amd/display: fix wrong color value mapping on MCM shaper LUT 0031f8829c7fb wifi: iwlwifi: mvm: pause TCM on fast resume 9b9f52f052f49 wifi: iwlwifi: mld: cancel mlo_scan_start_wk 5a2b4b0e9c003 net: enetc: Convert 16-bit register reads to 32-bit for ENETC v4 566ea5769ec27 net: enetc: Convert 16-bit register writes to 32-bit for ENETC v4 f346253e5fd95 net: enetc: Remove CBDR cacheability AXI settings for ENETC v4 d98745c68023f net: enetc: Remove SI/BDR cacheability AXI settings for ENETC v4 c175b1eaf729e tipc: use kfree_sensitive() for session key material f3931416cbdd0 net: rss: fix reporting RXH_XFRM_NO_CHANGE as input_xfrm for contexts 2718ae6af7445 linkwatch: use __dev_put() in callers to prevent UAF 64cf3016234ce io_uring/zcrx: fix page array leak fad7334082cd1 net: don't touch dev->stats in BPF redirect paths 8860ddf0e07be hwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify() 1b2efc593dca9 net: usb: r8152: fix resume reset deadlock cdedcd5aa3f3c macvlan: fix error recovery in macvlan_common_newlink() c9e4daf62ca07 net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module 8553bf2e09828 i40e: drop udp_tunnel_get_rx_info() call from i40e_open() 07bb882485f89 ice: drop udp_tunnel_get_rx_info() call from ndo_open() 7565d4df66b66 ice: Fix PTP NULL pointer dereference during VSI rebuild ef72678c9df0e ice: PTP: fix missing timestamps on E825 hardware 6801ef140fc33 ice: fix missing TX timestamps interrupts on E825 devices 1b381a638e185 dpaa2-switch: add bounds check for if_id in IRQ handler 4640fa5ad5e1a net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup 293eaad0d6d6b net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup d028147ae0640 net: liquidio: Initialize netdev pointer before queue setup 155eb99aff292 dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero 8a672f177ebe1 net/sched: cls_u32: use skb_header_pointer_careful() 9b186feb75267 net: add skb_header_pointer_careful() helper f8611a7981cd0 hwmon: (dell-smm) Add Dell G15 5510 to fan control whitelist 9ee608a64e37c smb/client: fix memory leak in smb2_open_file() faff38ebbfe63 platform/x86/intel/tpmi/plr: Make the file domain/status writeable 9029ccfab2ca9 platform/x86: hp-bioscfg: Skip empty attribute names 6c45a5a7e1e3b platform/x86: intel_telemetry: Fix PSS event register mask f93ae43780b75 platform/x86: toshiba_haps: Fix memory leaks in add/remove routines 245ff08e261ce Revert "drm/amd/display: pause the workload setting in dm" 98bf5bc8cb8cb tracing: Avoid possible signed 64-bit truncation 6dd87f6afe9e9 ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio 3228b2eceb6c3 btrfs: reject new transactions if the fs is fully read-only b4b065a880997 wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice ccb3c75d57039 btrfs: sync read disk super and set block size 7a1bec39c014e wifi: mac80211: correctly check if CSA is active 990e40fb1d111 btrfs: fix Wmaybe-uninitialized warning in replay_one_buffer() 3835e49e146a4 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() 108cbf2b7d295 ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU 1d5f2329ab4df io_uring/rw: free potentially allocated iovec on cache put failure c65a1a72a41e4 riscv: Use 64-bit variable for output in __get_user_asm 4530f4e4d0e6a scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() 8a7ef96e6af91 wifi: cfg80211: Fix bitrate calculation overflow for HE rates 36e88bd40a8c0 spi: intel-pci: Add support for Nova Lake SPI serial flash 7178b36de1850 ALSA: usb-audio: Add delay quirk for MOONDROP Moonriver2 Ti f08f2d2907675 regmap: maple: free entry on mas_store_gfp() failure 7d4c9c448c2b3 spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs initialization 66b73d3f2cfc7 ALSA: hda/tas2781: Add newly-released HP laptop e6ce61e01c9a2 ASoC: tlv320adcx140: Propagate error codes during probe 3ba3d959c17aa ASoC: amd: yc: Fix microphone on ASUS M6500RE 1c90f930e7b41 nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() 62932d9ed639a ALSA: usb-audio: Prevent excessive number of frames e810b290922c5 nvme-fc: release admin tagset if init fails a883080063f97 ASoC: simple-card-utils: Check device node before overwrite direction 61fa85497c7b7 ASoC: davinci-evm: Fix reference leak in davinci_evm_probe 9f665b3c3d9a1 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() 921903d73967f ASoC: Intel: sof_sdw: Add new quirks for PTL on Dell with CS42L43 74309a4b0ffc7 wifi: mac80211: collect station statistics earlier when disconnect da1880c7b6b83 HID: Elecom: Add support for ELECOM M-XT3DRBK (018C) 71434e45bf124 HID: logitech: add HID++ support for Logitech MX Anywhere 3S b1f8285bc8e35 riscv: trace: fix snapshot deadlock with sbi ecall 151589d15ee87 ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free cd7ff7fd3e4b7 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset ecb8653a8fe9d HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) 1e84a807c98a7 HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer 2124279f1f8c3 HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() 6e2108daed94e HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list 645671377158f drm/amd/display: Reduce number of arguments of dcn30's CalculatePrefetchSchedule() eb5d6dedadd66 netfilter: replace -EEXIST with -EBUSY ddab2d0f93200 PCI: qcom: Remove ASPM L0s support for MSM8996 SoC 3210077ed2648 ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk 5b9bbe3d7bb90 x86/sev: Disable GCOV on noinstr object 75f1f512b1567 ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 747b9a7d4c712 HID: playstation: Center initial joystick axes to prevent spurious events 7ae5b35148119 HID: intel-ish-hid: Reset enum_devices_done before enumeration 8b44e75379510 riscv: Sanitize syscall table indexing under speculation 28768bd3abf99 btrfs: fix reservation leak in some error paths when inserting inline extent a206870513cda HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL ea5ef771f3c26 HID: intel-ish-hid: Update ishtp bus match to support device ID table 6de3a371a8b9f btrfs: do not free data reservation in fallback from inline due to -ENOSPC 70dd3513ed6ac smb/server: fix refcount leak in parse_durable_handle_context() c2ed4f71e9288 LoongArch: Enable exception fixup for specific ADE subcode 2bb9c8a77df50 io_uring: use GFP_NOWAIT for overflow CQEs on legacy rings 4665e52bde3b1 smb/server: fix refcount leak in smb2_open() 0107b18cd8ac1 md: suspend array while updating raid_disks via sysfs 9531210f348aa LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED fdda836fcee6f smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() f309b2c7df659 block,bfq: fix aux stat accumulation destination 86acdc1791944 platform/x86: dell-lis3lv02d: Add Latitude 5400 ff6892ea544c4 wifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP 6b7c60feab3c6 net: usb: sr9700: support devices with virtual driver CD 10d3ff7e5812c wifi: mac80211: don't WARN for connections on invalid channels 689a7980e4788 wifi: wlcore: ensure skb headroom before skb_push e0bd226804f8e wifi: mac80211: ocb: skip rx_no_sta when interface is not joined abd219fd48b11 tracing: Fix ftrace event field alignments 116ffca92dc4d binderfs: fix ida_alloc_max() upper bound e9bcfe865188a binder: fix BR_FROZEN_REPLY error log a6050dedb6f1c binder: fix UAF in binder_netlink_report() 287221c5e0707 rust_binderfs: fix ida_alloc_max() upper bound 685bb05d307ac rust_binder: add additional alignment checks 598fe3ff32e43 rust_binder: correctly handle FDA objects of length zero 13de38aa3ea7a sched/fair: Have SD_SERIALIZE affect newidle balancing de7cb4282dafc sched/fair: Skip sched_balance_running cmpxchg when balance is not due 3a15c519d2b0f bus: mhi: host: pci_generic: Add Telit FE990B40 modem support fa2274bb17a4a treewide: Drop pci_save_state() after pci_restore_state() 71c50e60421bb PCI/ERR: Ensure error recoverability at all times 1a893bd719121 hwmon: (gpio-fan) Allow to stop FANs when CONFIG_PM is disabled 37751b6d0b6b5 hwmon: (gpio-fan) Fix set_rpm() return value 4385b2f284354 KVM: Don't clobber irqfd routing type when deassigning irqfd 7a245ef476ffb KVM: selftests: Add -U_FORTIFY_SOURCE to avoid some unpredictable test failures a82647e1a9499 net: spacemit: k1-emac: fix jumbo frame support d5b3a66986697 net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue 488009aa62bb1 net: cpsw: Execute ndo_set_rx_mode callback in a work queue ef763b480a3de nouveau/gsp: fix suspend/resume regression on r570 firmware a20887d5239a3 nouveau/gsp: use rpc sequence numbers properly. 9cc8caba82c2b nouveau: add a third state to the fini handler. 5f645222eb30c Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" 7b6a0f121d502 mm, shmem: prevent infinite loop on truncate race 41a7b9ab855c8 gve: Correct ethtool rx_dropped calculation 11f8311f69e4c gve: Fix stats report corruption on queue count change e9cdd54797dc2 drm/amd: Set minimum version for set_hw_resource_1 on gfx11 to 0x52 d3081353acaa6 cgroup/dmem: avoid pool UAF 5c38604abbfa5 cgroup/dmem: avoid rcu warning when unregister region c13816e8fa23d cgroup/dmem: fix NULL pointer dereference when setting max e258ed369c9e0 ceph: fix oops due to invalid pointer for kfree() in parse_longname() 35e6fd0d5bc30 ARM: 9468/1: fix memset64() on big-endian 46dfdb6f7a79d rbd: check for EOD after exclusive lock is ensured to be held 57b36ffc8881d ceph: fix NULL pointer dereference in ceph_mds_auth_match() e8af57e090790 mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single cbc03ce3e6ce7 procfs: avoid fetching build ID while holding VMA lock eb54ce033b344 pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains 11ca03ce17d7d pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup 5171a3dddf427 pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset 72129d55be9ce pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup d72563e402bab pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state 5727ccf9d19ca ALSA: aloop: Fix racy access at PCM trigger 21816bbc8492f platform/x86: intel_telemetry: Fix swapped arrays in PSS output b5a02290ee3a4 KVM: x86: Explicitly configure supported XSS from {svm,vmx}_set_cpu_caps() a94b956bb7272 x86/kfence: fix booting on 32bit non-PAE systems feb603a69f830 x86/vmware: Fix hypercall clobbers ab200d71553bd nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fbd55716cc --------------------------- linux-yocto/6.18: update CVE exclusions (6.18.9) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 4 changes (4 new | 0 updated): - 4 new CVEs: CVE-2026-25931, CVE-2026-25934, CVE-2026-25938, CVE-2026-25939 - 0 updated CVEs: Date: Mon, 9 Feb 2026 22:23:00 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0695c3e2a0 --------------------------- linux-yocto/6.18: update to v6.18.9 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: adb851edb7078 Linux 6.18.9 0d26aa84ff0b7 mptcp: avoid dup SUB_CLOSED events after disconnect 01b0831d71b6d sched_ext: Fix SCX_KICK_WAIT to work reliably 664e78f2d4ec3 sched_ext: Don't kick CPUs running higher classes edb9fab1b78c6 net/sched: act_ife: convert comma to semicolon 5b22c6cbabc78 Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" ab21cf885fb2a libbpf: Fix -Wdiscarded-qualifiers under C23 f749b366b8e79 gpiolib: acpi: Fix potential out-of-boundary left shift 84df65fcfbff1 iommu/tegra241-cmdqv: Reset VCMDQ in tegra241_vcmdq_hw_init_user() 078377b07f8e8 drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() ac251d17d8af5 drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove 2d9bff2af0adb drm/amdgpu/gfx12: adjust KGQ reset sequence d9790cf8bbe80 drm/amdgpu/gfx12: fix wptr reset in KGQ init 4867b512bb7f5 drm/amdgpu/gfx11: adjust KGQ reset sequence 018892bd9a0c0 drm/amdgpu/gfx11: fix wptr reset in KGQ init 75ebd42441702 drm/amdgpu/gfx10: fix wptr reset in KGQ init 9a6d87fbe3f51 drm/amdgpu/soc21: fix xclk for APUs 5f841c308c453 drm/amd/pm: fix smu v14 soft clock frequency setting issue 191e22e5d742e drm/amd/pm: fix smu v13 soft clock frequency setting issue ca68745e820ec drm/imx/tve: fix probe device leak 31203f5680c3d drm/msm/a6xx: fix bogus hwcg register updates a4ea228271cd4 drm/tyr: depend on `COMMON_CLK` to fix build error 3e845c46dfe5a drm/xe/xelp: Fix Wa_18022495364 ae8831ee0fb2f drm: Do not allow userspace to trigger kernel warnings in drm_gem_change_handle_ioctl() dd222df5b356e scripts: generate_rust_analyzer: Add compiler_builtins -> core dep 8afa6c4d7abfb scripts: generate_rust_analyzer: fix resolution of #[pin_data] macros 2426867644cc7 scripts: generate_rust_analyzer: compile sysroot with correct edition ce798a0fe6b79 scripts: generate_rust_analyzer: remove sysroot assertion 595718c74f85b scripts: generate_rust_analyzer: Add pin_init_internal deps 5bfa32ff75b50 scripts: generate_rust_analyzer: Add pin_init -> compiler_builtins dep e82f822ed1472 rust: sync: refcount: always inline functions using build_assert with arguments 4bb727f4b0614 rust: sync: atomic: Provide stub for `rusttest` 32-bit hosts 625605ac8be50 rust: bits: always inline functions using build_assert with arguments 3d48d59235c49 net: fix segmentation of forwarding fraglist GRO b23bee8cdb7aa mm/shmem, swap: fix race of truncate and swap entry split 40aed8b856580 mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn b0020cbd26380 mm, swap: restore swap_space attr aviod kernel panic 4f57516293fda mm/memory-failure: fix missing ->mf_stats count in hugetlb poison c71fae335dfe7 mm/kfence: randomize the freelist on initialization 629666d20c7dc btrfs: do not strictly require dirty metadata threshold for metadata writepages b91a84299d72a flex_proportions: make fprop_new_period() hardirq safe 131af3df59b24 selftests: mptcp: join: fix local endp not being tracked e73aab3337833 selftests: mptcp: check subflow errors in close events 8d4ccc10a77f0 selftests: mptcp: check no dup close events after error 35bb480000cd2 mptcp: only reset subflow errors when propagated 33f971476ffc1 mm/kasan: fix KASAN poisoning in vrealloc() 0ac0e2e64b068 gpio: rockchip: Stop calling pinctrl for set_direction f69cae1bf44ca ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine 68207ceefd71c nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference e4e15a0a4403c efivarfs: fix error propagation in efivar_entry_get() 14ca9fa020829 scsi: qla2xxx: edif: Fix dma_free_coherent() size 5ba425a7bab31 kbuild: rust: clean libpin_init_internal in mrproper e4c0a92146ddf gpio: pca953x: mask interrupts in irq shutdown cb69b0a0c0aaf ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO 98e0bc206a321 scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() 91539cf522ed0 ASoC: fsl: imx-card: Do not force slot width to sample width 8b581837295fc rust: kbuild: give `--config-path` to `rustfmt` in `.rsi` target 50c66cb08070c rust: rbtree: fix documentation typo in CursorMut peek_next method fe9a1a825b4ae riscv: compat: fix COMPAT_UTS_MACHINE definition b038874e31fc3 firewire: core: fix race condition against transaction list a28fce0365e1c perf: sched: Fix perf crash with new is_user_task() helper 112d497809970 pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins e81d1bc4ea791 pinctrl: meson: mark the GPIO controller as sleeping e0468c4527a22 pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver b1f41c1f0bbbe writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 36370892e3111 sched/deadline: Fix 'stuck' dl_server 0bbcb7586bc81 sched/deadline: Document dl_server 32887d8e4bc06 drm/xe/nvm: Fix double-free on aux add failure 02dc6cf6409e5 drm/xe/nvm: Manage nvm aux cleanup with devres 2859fa957a936 drm/xe/configfs: Fix is_bound() pci_dev lifetime 64364ccf491c7 dma/pool: distinguish between missing and exhausted atomic pools d36c4149ea224 bcache: fix I/O accounting leak in detached_dev_do_request 7b72d76a58e6b bcache: use bio cloning for detached device requests db6e287bd6e80 bcache: fix improper use of bi_end_io 23f9f9c46edd9 of: reserved_mem: Allow reserved_mem framework detect "cma=" kernel param 14e32032c42fe of/reserved_mem: Simplify the logic of fdt_scan_reserved_mem_reg_nodes() 8d9c5ceff4b53 kbuild: Fix permissions of modules.builtin.modinfo 32d8f998bb8d4 kbuild: rpm-pkg: Generate debuginfo package manually d4dbada7ac6f3 gpio: brcmstb: correct hwirq to bank map 546e62c3fb29a drm/amd/pm: fix race in power state check before mutex lock 7bec90f605cfb gpio: virtuser: fix UAF in configfs release path c0ce86d92565b gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler ecb638fb9a5cc ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion e67828aeb58d9 drm/xe: Skip address copy for sync-only execs 4d7b7abb525b4 ASoC: soc-acpi-intel-ptl-match: fix name_prefix of rt1320-2 a42bdbcada187 scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() aabc36857bd39 wifi: mac80211: correctly decode TTLM with default link map a4f9a19a266e6 wifi: mac80211: apply advertised TTLM from association response b8d890f8c3223 wifi: mac80211: parse all TTLM entries cc3f137d36fda net/mlx5e: Skip ESN replay window setup for IPsec crypto offload 19bb3c68e18cf net/mlx5: Fix vhca_id access call trace use before alloc fc3da1466af5f net/mlx5: Initialize events outside devlink lock 2614734c4bc67 net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect 335031cacd7e8 net: phy: micrel: fix clk warning when removing the driver 92db64d3546f9 net/mlx5e: don't assume psp tx skbs are ipv6 csum handling f4bb58e14f042 net: bridge: fix static key check c3369fc5e6120 nfc: nci: Fix race between rfkill and nci_unregister_device(). 92e0483402afc net/mlx5e: Account for netdev stats in ndo_get_stats64 fdf8437016f57 net/mlx5e: TC, delete flows only for existing peers 2df2aad9cf2f4 ice: stop counting UDP csum mismatch as rx_errors 36126ddbe9247 ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues 214aed313f7a5 ixgbe: don't initialize aci lock in ixgbe_recovery_probe() c721ea2ff5672 ixgbe: fix memory leaks in the ixgbe_recovery_probe() path bd25b092a06a3 bonding: fix use-after-free due to enslave fail after slave array update 61858cbce6ca4 nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). fdb99161cbef2 net: spacemit: Check for netif_carrier_ok() in emac_stats_update() 1f1b9523527df mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() dce375f4afc34 rocker: fix memory leak in rocker_world_port_post_fini() cdc4deb9e7be2 net/mlx5: Fix return type mismatch in mlx5_esw_vport_vhca_id() 2c0fb0f60bc15 net: wwan: t7xx: fix potential skb->frags overflow in RX path 500c1237c9a13 ipv6: use the right ifindex when replying to icmpv6 from localhost 0b74c6e132737 net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() 590c8179ffb01 sfc: fix deadlock in RSS config read bd98324e327e4 bonding: annotate data-races around slave->last_rx d753f3c3f9d7a octeon_ep: Fix memory leak in octep_device_setup() f14d881f0a5aa net: bcmasp: fix early exit leak with fixed phy 713ba826ae114 can: gs_usb: gs_usb_receive_bulk_callback(): fix error message 23f40dbda938e net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() 3b63185053788 Bluetooth: MGMT: Fix memory leak in set_ssp_complete 03e8c90c62233 Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work 4081d53864dae can: at91_can: Fix memory leak in at91_can_probe() e80617a5e1c24 btrfs: zlib: fix the folio leak on S390 hardware acceleration 474f851ec5e2e readdir: require opt-in for d_type flags Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d3e757f214 --------------------------- testimage.bbclass: enable PTEST_RUNNER_TIMEOUT variable QB_MEM works in recipe scope because testimage.bbclass reads it from the current recipe datastore (d) at test time via the qemuboot.conf mechanism. PTEST_RUNNER_TIMEOUT was only available through testdata.json (written during image build via export2json). The testimage task reads td from the potentially stale testdata.json, and PTEST_RUNNER_TIMEOUT was never refreshed from the live recipe context. [YOCTO #16163] Signed-off-by: Tim Orling Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2110bbc2c3 --------------------------- core-image-ptest: add PTEST_RUNNER_TIMEOUT In lib/oeqa/runtime/cases/ptest.py, the timeout used to be hardcoded to 450 seconds. Now that it is a variable, make that a bit more obvious by setting a default value. Set PTEST_RUNNER_TIMEOUT for python3-cffi to 600 seconds as it is known to come close to and surpass the 450 second limit under heavy load. Fixes: [YOCTO #16163] Signed-off-by: Tim Orling Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 37982f5be4 --------------------------- oeqa/runtime/ptest: Make ptest-runner timeout configurable Replace the hardcoded 450 second timeout with a configurable PTEST_RUNNER_TIMEOUT variable, defaulting to 450 seconds. [YOCTO #16163] Signed-off-by: Tim Orling Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2535427d8d --------------------------- kernel-fit-image: support arbitrary loadables Allow a user to insert additional, arbitrary loadables in a FIT image. The loadables can be specified through the FIT_LOADABLES variable as a list, with parameters defined by flags on dedicated FIT_LOADABLE_* variables; they will be included in all configurations. Sensible defaults will be used for some parameters (type, compression, description, arch, os) if the corresponding flag is not set, while others (load address and entry point) will be omitted in the final FIT image. As an example, the following configuration can be specified to add as loadables a TF-A BL31 firmware and a (compressed) TEE firmware, to be loaded respectively at 0x204E0000 and 0x96000000: FIT_LOADABLES = "atf tee" FIT_LOADABLE_FILENAME[atf] = "bl31.bin" FIT_LOADABLE_TYPE[atf] = "tfa-bl31" FIT_LOADABLE_ARCH[atf] = "arm64" FIT_LOADABLE_OS[atf] = "arm-trusted-firmware" FIT_LOADABLE_LOADADDRESS[atf] = "0x204E0000" FIT_LOADABLE_FILENAME[tee] = "tee.bin.gz" FIT_LOADABLE_COMPRESSSION[tee] = "gzip" FIT_LOADABLE_TYPE[tee] = "tee" FIT_LOADABLE_OS[tee] = "tee" FIT_LOADABLE_LOADADDRESS[tee] = "0x21000000" Signed-off-by: Francesco Valla Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8536c8b9e9 --------------------------- ffmpeg: set status for CVE-2025-12343 Per [1] is patch for this CVE [2]. This is equivalent of [3] which is included in n8.0. [1] https://security-tracker.debian.org/tracker/CVE-2025-12343 [2] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b8d5f65b9e89d893f27cf00799dbc15fc0ca2f8e [3] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/263e819aa45cd3c48bf6887be02b4ec504c02048 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f12af98df8 --------------------------- busybox: Fixes CVE-2025-60876 This addresses CVE-2025-60876[1], which allows malicious URLs to inject HTTP headers. It has been accepted by Debian[2] and is tracked here [4]. The upstream fix has been submitted [3] and is pending merge. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-60876 [2] https://bugs.debian.org/1120795 [3] https://lists.busybox.net/pipermail/busybox/2025-November/091840.html [4] https://security-tracker.debian.org/tracker/CVE-2025-60876 Upstream-Status: Submitted [https://lists.busybox.net/pipermail/busybox/2025-November/0918 40.html] Signed-off-by: Livin Sunny Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4b902e7b17 --------------------------- toolchain-scripts-base.bbclass: remove timestamp This timestamp makes the package meta-environment-qemux86-64 not reproducible, and it is the time when the package is built, mabybe not that important, the key info is the meta revision. Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1b93479f7b --------------------------- tcl8: skip more timing-sensitive tests Skip more tests, as we already do for the tcl9 recipe. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7fbb281cc1 --------------------------- oeqa/selftest/sdk: add test_sdk_runqemu Add test case to ensure runqemu works in SDK. Using runqemu from SDK has been supported for many years. Add a test case to ensure we have no regression. Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 972155bbee --------------------------- runqemu: restore support to run inside SDK Using runqemu from SDK has been supported for a long time[1]. Below are example steps for using runqemu inside SDK. 1. mkdir destdir 2. cp -r /path/to/build/tmp/deploy/image/qemux86-64 destdir 3. Install SDK to destdir 4. Source SDK 5. runqemu qemux86-64 nographic slirp Recently the related code path was deleted by accident during an effort to make codes cleaner and more consistent. We need to restore support for it. What actually matters is the STAGING_BINDIR_NATIVE, which we use to locate the qemu binary. So in case of SDK, we set it from OECORE_NATIVE_SYSROOT. The STAGING_DIR_NATIVE checking and setting are meaningless, thus deleting it. [1] https://git.openembedded.org/openembedded-core/commit/?id=93649edc034f2540ff55dc9b41638797209cfb9c Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1327e46708 --------------------------- gawk: upgrade from 5.3.2 -> 5.4.0 Changes: https://lists.gnu.org/archive/html/info-gnu/2026-02/msg00011.html A notable change is: 1. This release now uses Mike Haertel's MinRX regular expression matcher as the default regexp engine. The old regex and dfa engines are still available. The former regex matcher is selectable at run-time by setting the environemnt variable: GAWK_GNU_MATCHERS More details are available here: https://cgit.git.savannah.gnu.org/cgit/gawk.git/tree/README_d/README.matchers?h=gawk-5.4-stable Switch the tarball from .gz to .xz to reduce size by ~3MB. No ptests errors for x86-64 for glibc/musl. Signed-off-by: Randy MacLeod Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fc144bec42 --------------------------- openssl: Package /etc/ssl/openssl.conf.d in openssl-conf Since the /etc/ssl/openssl.conf file is packaged in openssl-conf, it makes sense to also add the new /etc/ssl/openssl.conf.d directory to the same package. Signed-off-by: Peter Kjellerstedt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4e781c6618 --------------------------- oe-init-build-env: Drop VSCode setup Remove the VSCode setup from oe-init-build-env. Since poky as a combo-layer repository is no longer available, using the oe-init-build-env script from openembedded-core is no longer straightforward. There are too many ways to set up a build environment, with different directory structures, with containers involved or not, etc. Each of these setups may have its own way to provide IDE support. A simple shell script like oe-init-vscode cannot address all these use cases. Rather than trying to make oe-init-build-env smart enough to cover all these cases, it is better to delegate the responsibility to whatever tool or repository is used to set up the build environment. If no tool such as bitbake-setup is used, it is still possible to use a variant of the oe-setup-vscode script from a custom layer. One way which works well is to create a custom oe-init-build-env script in the custom layer repository which calls the custom oe-setup-vscode script from the custom layer repository. Example directory structure: my-project/ ├── .vscode # generated by oe-setup-vscode | # when oe-init-build-env is called ├── layers/ │ └── openembedded-core/ | └── bitbake/ ├── scripts/ │ └── oe-setup-vscode ├── build/ │ └── conf └── oe-init-build-env Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: db0072f298 --------------------------- perl: upgrade from 5.40.2 to 5.42.0 License-Update: Update copies of GPL to match recent FSF changes Changes: https://perldoc.perl.org/5.42.0/perldelta Update RDEPENDS for perl-module-extutils-parsexs, refer [1], this should fix libmodule-build-perl ptest failure: Failed to load or import from ExtUtils::ParseXS (version 3.57). Please check that ExtUtils::ParseXS is installed correctly and that the newest version will be found in your @INC path: Can't locate ExtUtils/ParseXS/Node.pm in @INC [1] https://github.com/Perl/perl5/commit/36118f523541d3e74ab495202ca8efbd9c9611b5 Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e556787312 --------------------------- binutils: Upgrade to 2.46 release New Features: Support for new instructions added to AMD, ARM and RISC-V architectures. Support for version 3 of the SFrame standard. The readelf program can now display the contents of Global Offset Tables. Improved linker tagging support. Detailed release notes are here [1] [1] https://lists.gnu.org/archive/html/info-gnu/2026-02/msg00006.html Dropped patches: 0001-aarch64-constify-BTI-and-GCS-report-functions.patch Since the fix is already included in binutils 2.46. CVE patches: CVE-2025-11081,CVE-2025-11082,CVE-2025-11083, CVE-2025-11839,CVE-2025-11840,CVE-2025-11412,CVE-2025-11413, CVE-2025-11414,CVE-2025-11494,CVE-2025-11495. These were dropped because they are already addressed in binutils 2.46. Drop CVE_STATUS: binutils 2.46 has needed fixes for CVE-2025-7545 and CVE-2025-7546. Rebased existing patches with binutils 2.46. Fixed elfutils-ptest regression for arm64. Testing Results: +----------------------+--------+--------+------+ | Result | 2.45.1 | 2.46 | Diff | +----------------------+--------+--------+------+ | Expected Passes | 318 | 331 | +13 | | Untested Testcases | 5 | 5 | 0 | | Unsupported Tests | 8 | 6 | -2 | +----------------------+--------+--------+------+ Testcases changes: ------------------------------------------------------------------------------- Testcase-name 2.45.1 2.46 ------------------------------------------------------------------------------- nm --ifunc-chars=-- (global ifunc) - PASS nm --ifunc-chars=-- (local ifunc) - PASS copy with unknown section flag - PASS objcopy tek2bin - PASS binary symbol (implicit) - PASS binary symbol (explicit) - PASS readelf SFrame V2 (x86-64/test-v2-ET_EXEC.sframe) - PASS objdump SFrame V2 (x86-64/test-v2-ET_EXEC.sframe) - PASS readelf SFrame V2 (x86-64/test-v2-ET_REL.sframe) - PASS objdump SFrame V2 (x86-64/test-v2-ET_REL.sframe) - PASS run objcopy of executable UNSUPPORTED PASS run stripped executable UNSUPPORTED PASS run stripped executable with saving a symbol UNSUPPORTED PASS Copy object attributes v2 data from an object to another - UNSUPPORTED Signed-off-by: Hemanth Kumar M D Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 31e06179f8 --------------------------- python3-rdflib: upgrade 7.5.0 -> 7.6.0 License-Update: Copyright year updated to 7.6.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f86c38b131 --------------------------- wireless-regdb: upgrade 2025.10.07 -> 2026.02.04 Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 3e72ebe9ed --------------------------- sanity: reject TMPDIR containing redundant slashes A trailing slash or consecutive slashes anywhere in TMPDIR cause BitBake variable expansion to embed those redundant slashes into derived variables such as STAGING_DIR and WORKDIR. The sstate machinery in sstate_add() normalises its directory arguments via os.path.normpath(), so manifest entries always contain clean paths. Functions in staging.bbclass that read the same variables directly via d.getVar() without normalising then fail to match manifest entries, silently staging files to wrong locations and causing do_populate_sysroot to abort. Although POSIX permits paths with redundant slashes, they break the string-matching assumptions embedded in the staging machinery, so treat any TMPDIR that differs from its normalised form as an error. Signed-off-by: Sam Povilus Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6f58513646 --------------------------- u-boot: Copy U-Boot script to B when suffix is not scr With the introduction of the UNPACKDIR variable, commit [1] changed the expected location of UBOOT_ENV_BINARY to B. This works fine when UBOOT_ENV_SUFFIX is "scr" but it does not copy the script when it is not. As documented in [2], it is expected that with any other value of UBOOT_ENV_SUFFIX the script gets installed verbatim. This commit fixes that by copying UNPACKDIR/UBOOT_ENV_SRC to B/UBOOT_ENV_BINARY when UBOOT_ENV_SUFFIX is not "scr", as documented. [1] https://git.openembedded.org/openembedded-core/commit/?id=62ff94ff40e823065178318133d54e44a3d8a46d [2] https://docs.yoctoproject.org/ref-manual/variables.html#term-UBOOT_ENV Signed-off-by: Ricardo Simoes Signed-off-by: Mark Jonas Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 534d6e68a2 --------------------------- libseccomp: add diffutils to ptest RDEPENDS libseccomp ptest needs diff during test execution, Add diffutils to the runtime ptest dependency. Signed-off-by: Nikhil R Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 117a513931 --------------------------- python3-certifi: Upgrade 2026.1.4 -> 2026.2.25 Upgrade to release 2026.2.25: - Updated dependencies Signed-off-by: Leon Anavi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 93913d177b --------------------------- python3-maturin: Upgrade 1.11.5 -> 1.12.4 Upgrade to release 1.12.4: - Upgrade memmap2 version - fix: platform tag detection for Android targets - fix: only ignore maturin-generated native libraries on all platforms - fix: ignore develop artifacts for all binding types during build - feat: support conditional cargo features based on Python version Signed-off-by: Leon Anavi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 87b4da38f9 --------------------------- python3-hatchling: Upgrade 1.28.0 -> 1.29.0 Upgrade to release 1.29.0: - Source Date Epoch no longer fails when set to date before 1980. Signed-off-by: Leon Anavi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 73191cc3b6 --------------------------- python3-wcwidth: Upgrade 0.5.3 -> 0.6.0 Upgrade to release 0.6.0: - Complete textwrap.wrap() with 6 missing params Signed-off-by: Leon Anavi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fa7877d258 --------------------------- devtool: standard: Add new patches in correct order when finishing Make sure that new patches that are added as a result of using devtool finish are added to the SRC_URI in the same order they were committed. Previously, the order was a result of the arbitrary order the patch files were returned by os.walk(), which typically resulted in them being added to the SRC_URI in the reverse order they were committed. Signed-off-by: Peter Kjellerstedt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e40c8ed2a8 --------------------------- lib/oe/patch: Make GitApplyTree.extractPatches() return the patches The list of patches will be used by _export_patches() in devtool to add new patches in the correct order. Signed-off-by: Peter Kjellerstedt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b4e1c5ccb4 --------------------------- socat: upgrade 1.8.1.0 -> 1.8.1.1 Drop patch: 0001-fix-compile-failed-with-musl.patch which is merged upstream: a235f59 Avoid compilation issue in xio-netlink.c with Musl libc commit log: 4ce8786 Version 1.8.1.1 f13b27d A few minor corrections d5a2c46 Fixed a few buffer read overruns b314687 Fixed issue with POSIXMQ in unidirectional context a235f59 Avoid compilation issue in xio-netlink.c with Musl libc a7058c9 Fixed strchr with const for new glibc 35d5da1 Fixed timestamps of -v and -x (really) Signed-off-by: Randy MacLeod Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5e7ca584b3 --------------------------- socat: Remove -fcommon from compiler flags This is no longer needed with gcc or clang Signed-off-by: Khem Raj Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 02271ecc3c --------------------------- nfs-utils: upgrade 2.8.4 -> 2.8.5 Commits (aside from typo fixes): 4e9b31fe Release: 2.8.5 00e2e62b nfsdctl: add support for min-threads parameter 4c275442 systemd: drop Wants=network-online.target for rpc-statd-notify 03b9c540 nfsiostat: normalize the mountpoints passed in from the command line 59e85671 Rename CONFIG_NFSV41 to CONFIG_BLKMAPD and disable by default 3b7de50f nfsdctl: ignore ipv6 listener creation error 0e71be58 locktest: use correct build flags 077b70fe sm-notify: Do not drop privileges if running as non-root user 8600bbb7 gssd: protect kerberos ticket cache access CONFIG_NFSV41 was renamed to CONFIG_BLKMAPD so update the associated PACKAGEONFIG option. Drop: 0001-locktest-Makefile.am-Do-not-use-build-flags.patch which as merged in: 0e71be58 locktest: use correct build flags Signed-off-by: Randy MacLeod Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7422f51e93 --------------------------- vim: upgrade 9.1.2144 -> 9.2.0 Solves 9.1.2148 (in 9.1.2148), see [1]. Drop patch merged upstream. Release notes for 9.2, see [2]. Note that almost all changes were already present in our 9.1 updates. [1] https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68 [2] https://www.vim.org/vim-9.2-released.php Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8417f4a186 --------------------------- meta: fix generation of kernel CONFIG_ in SPDX3 With the current solution, using a separate task (do_create_kernel_config_spdx) there is a dependency issue. Sometimes the final rootfs SBOM does not contain the CONFIG_ values. do_create_kernel_config_spdx is executed after do_create_spdx which deploys the SPDX file. do_create_kernel_config_spdx calls oe.sbom30.find_root_obj_in_jsonld to read from the deploy directory, which is OK, but the do_create_kernel_config_spdx ends up writing to this deployed file (updating it). do_create_rootfs_spdx has an explicit dependency to all do_create_spdx tasks, but there is nothing that prevents executing do_create_kernel_config_spdx after do_create_rootfs_spdx. To fix it, instead, now read from the workdir, and write to the workdir, and do the processing from the do_create_spdx task: we append to the do_create_spdx task. Furthermore, update oeqa selftest to execute do_create_spdx instead of removed function. Also only execute this task if create-spdx-3.0 was inherited, previously this code could be executed if create-spdx-2.2 is inherited. Fixes: 228a968e7c47 ("kernel.bbclass: Add task to export kernel configuration to SPDX") Signed-off-by: Benjamin Robin (Schneider Electric) Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: be8cdcf13a --------------------------- build-appliance-image: Update to master head revisions Signed-off-by: Richard Purdie --------------------------- Commit: 4a388406ac --------------------------- bitbake.conf: Set BB_HASHSERVE alongside BB_SIGNATURE_HANDLER We need to set this alongside the change in the previous commit for it to work correctly and default to a local only cache. Signed-off-by: Richard Purdie --------------------------- Commit: 3c00ad5d3b --------------------------- build-appliance-image: Update to master head revisions Signed-off-by: Richard Purdie --------------------------- Commit: 5596ea156d --------------------------- bitbake.conf: Switch BB_SIGNATURE_HANDLER to OEEquivHash by default Hash Equivalence is an extremely powerful feature for reducing build time. In simple terms, if something is rebuilt and the output is the same as a previous build, all sstate build artefacts beyond that point can be reused instead of being rebuilt. This can be done with a local hash equivalence database/server which is the default and even local builds with a local sstate can benefit hugely from it. There is an assumption that builds are reproducible in order for this to work optimally. The downside is that when enabled to pull from a shared sstate cache, you need to use a common hash equivalence server to match it for things to work well. OE-Core wasn't enabling hash equivalence by default but this changes it to do so. This has been extensively tested as the deafault in Poky for a long time. Signed-off-by: Richard Purdie --------------------------- Commit: c0c2339a52 --------------------------- linux-firmware: upgrade 20260110 -> 20260221 Upgrade the firmware package to latest release. Add firmware for TI TAS2783, Qualcomm Adreno A801, Qualcomm Glymur, Radxa Dragon Q6A CDSP and several Intel Sensors Hub firmware versions. Also pick up several ADSP topologies for Qualcomm X Elite and Qualcomm SM8450 based devices. License-Update: copyright years, new firmware Co-developed-by: Sairamreddy Bojja Signed-off-by: Sairamreddy Bojja Cc: Vivek Puar Signed-off-by: Dmitry Baryshkov Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e00d5d6eac --------------------------- systemd: drop sysvinit PACKAGECONFIG Systemd sysvinit was removed d9ec9e20 but the packageconfig knob was still here. Remove the sysvinit knob and fix: | ERROR: Nothing RPROVIDES 'systemd-compat-units' (but /lmp/build/conf/../../layers/openembedded-core/meta/recipes-core/systemd/systemd_258.1.bb RDEPENDS on or otherwise requires it) | NOTE: Runtime target 'systemd-compat-units' is unbuildable, removing... | Missing or unbuildable dependency chain was: ['systemd-compat-units'] Signed-off-by: Jose Quaresma Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d6fb3e7d39 --------------------------- perlcross: upgrade from 1.6.2 to 1.6.4 https://github.com/arsv/perl-cross/releases/tag/1.6.4 Include support for perl 5.40.3, perl 5.42.0 Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5d779a8694 --------------------------- gdk-pixbuf: upgrade from 2.44.4 to 2.44.5 NEWS: 2.44.5 === - Make the testsuite work with glycin - glycin: Add support for xpm and xbm - TRanslation updates Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d5cf97438f --------------------------- ruby: upgrade from 3.4.7 to 4.0.1 License-Update: Add license BSL-1.0 and Apache-2.0 COPYING - Add Cross-links between Japanese and English pages LEGAL - Update LEGAL for JSON vendored sources Refer: [1] https://github.com/ruby/ruby/commit/e652af18816ffe0b85109b8de0827349bf03f16d [2] https://github.com/ruby/ruby/commit/d5fbff50c7ff880ae71b8a8ae9aad976c69bea73 Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 11abd263d9 --------------------------- procps: upgrade from 4.0.5 to 4.0.6 Remove patch top_large_pid_fix.patch, already in 4.0.6 Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 699dbbdf3a --------------------------- cve-exclusions: set status for 5 CVEs Reuse work of Debian researchers and set status for fixed CVEs accordingly. These are not tracked by kernel itself, so generated exclusions won't help here. * https://security-tracker.debian.org/tracker/CVE-2022-38096 * https://security-tracker.debian.org/tracker/CVE-2023-39176 * https://security-tracker.debian.org/tracker/CVE-2023-39179 * https://security-tracker.debian.org/tracker/CVE-2023-39180 * https://security-tracker.debian.org/tracker/CVE-2023-6535 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 77fb0331ec --------------------------- linux-yocto: apply cve-exclusions also to rt and tiny recipe variants Version is the same as base kernel, only configuration differs. There is no reason to not apply the exclusions to all variants. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c2ee574f12 --------------------------- rpm/rootfs.py: ensure exit 1 has a word boundary Currently, If a package installed by dnf has the word "exit" followed by "100%" in the log file, the rpm/rootfs.py regex matches a failure thanks to the "exit 1"00%, such as the following: [682/932] perl-module-test2-plugin-exit 100% | 0.0 B/s | 8.5 KiB | 00m00s Add a `\b` to ensure there's a word boundary to prevent the error from happening. Signed-off-by: Adam Duskett Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9c840a69b6 --------------------------- lz4: Remove a reference to the rejected CVE-2025-62813 The CVE-2025-62813 is rejected so do not reference it anymore. So keep the patch but without referencing the CVE identifier. The CVE database indicates the following reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Signed-off-by: Benjamin Robin (Schneider Electric) Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bf41240132 --------------------------- avahi: Remove a reference to the rejected CVE-2021-36217 CVE-2021-36217 is rejected, and should no longer be referenced. CVE-2021-36217 is a duplicate of CVE-2021-3502 which is already referenced in the local-ping.patch. The CVE database indicates the following reason: ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Signed-off-by: Benjamin Robin (Schneider Electric) Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c710879b4c --------------------------- kernel.bbclass: remove dependency on initramfs when not bundled Previously, the kernel recipe depended on the initramfs image even when INITRAMFS_IMAGE_BUNDLE was not enabled. This caused the kernel to be rebuilt whenever the initramfs image changed, regardless of whether the kernel actually included the initramfs. The problematic chain was: linux:do_deploy -> linux:do_bundle_initramfs -> image-initramfs:do_image_complete The original intent (acc. to the comment) was to ensure the initramfs image was available for tools like wic. However, apart from bundling the initramfs in the kernel, there is probably no reason why the kernel should depend on the initramfs. And it is therefore simply wrong if it does so anyway. Thus, use cases that may be broken by these change are based on a bug, not a feature. This needs to be fixed by adding a dependency on the initramfs in the right place, not in the kernel where this destroys the kernel's sstate-caching. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b75c21fb95 --------------------------- image_types_wic.bbclass: add depend on initramfs When the wic image creation requires an initramfs image that is not bundled with the kernel (INITRAMFS_IMAGE_BUNDLE != "1"), ensure that the initramfs image is built before attempting to create the wic image by adding an explicit dependency on do_image_complete. Previously, this dependency was incorrectly handled by kernel.bbclass. This change moves the responsibility to image_types_wic.bbclass where it belongs. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2e1e7c8606 --------------------------- bitbake.conf: Enable opengl ptest multiarch wayland vulkan in DISTRO_FEATURES by default This change enables the modern graphics stack defaults of opengl, wayland and vulkan, it enables mutliarch which allows gcc, binutils and gdb to target multiple file formats and it also enables ptests by default This means that: * nodistro builds will match the Yocto Project sstate CDN objects * we have modern graphics defaults * users will see ptest issues more clearly and be more likely to test before sending patches These DISTRO_FEATURES have been tested and used as defaults in poky for a long time, this brings them into sync. Backfill is used so those with their own distro can set the DISTRO_FEATURES_BACKFILL_CONSIDERED variable to stop the backfill happening for speccific values. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 70a74fa2bd --------------------------- reproducible: fix git SOURCE_DATE_EPOCH randomness Anything that defines multiple git sources should have the largest value taken when calculating the SOURCE_DATE_EPOCH for a package. The previous iteration actually introduced some degree of randomness, as it would stop on the first git repository reported by os.walk, which does not assure any specific ordering by default. Signed-off-by: Randolph Sapp Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 082e3286ec --------------------------- coreutils: upgrade 9.9 -> 9.10 From https://lists.gnu.org/archive/html/coreutils-announce/2026-02/msg00000.html Notable changes include: - Options in man pages link directly into the full web docs - timeout(1) now kills the command for all terminating signals - paste(1) is now multi-byte character aware - cp(1) fixes an unlikely infinite loop introduced in v9.9 - The multi-call binary is 3.2% smaller Drop the 2 backported patches which are now part of 9.10. License-Update: copyright years refreshed For ptests, also install coreutils.texi which is used for a new test that ensures there is an anchor for each --help option for all of coreutils' programs. See: https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?h=v9.10&id=77e6b5d8f8d1ebc3125d6585a266a912a1123791 +---------+--------+-------+------+------+ | Version | Libc | TOTAL | PASS | SKIP | +---------+--------+-------+------+------+ | 9.10 | glibc | 705 | 543 | 162 | | 9.9 | glibc | 683 | 527 | 156 | +---------+--------+-------+------+------+ | diff | glibc | 22 | 16 | 6 | +---------+--------+-------+------+------+ | 9.10 | musl | 703 | 544 | 159 | | 9.10 | musl | 681 | 529 | 152 | +---------+--------+-------+------+------+ | diff | musl | 22 | 15 | 7 | +---------+--------+-------+------+------+ Most of the skipped tests are due to being "very expensive" according to the coreutils developers. The other skipped tests need strace, gdb, etc or locale dependencies which has not yet been added. Signed-off-by: Randy MacLeod Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cedeb958df --------------------------- coreutils: kill and uptime are no longer installed In coreutils-9.10, as explained in: 6b399ad35 build: kill(1), uptime(1): don't install by default * build-aux/gen-lists-of-programs.sh: kill and uptime are not installed by arch, debian, fedora, suse at least, so add to disabled list. Fixes https://github.com/coreutils/coreutils/issues/132 Note that in oe-core: kill is provided by busybox, procps and util-linux uptime is provided by busybox and procps and in other layers there may be other providers of these commands. Signed-off-by: Randy MacLeod Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c6f1e38dbd --------------------------- populate_sdk_base: Make SDK_ZSTD_COMPRESSION_LEVEL overridable Like the other SDK_*_COMPRESSION_LEVELS users may want to override the final compression level. Signed-off-by: Philip Lorenz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cb318d20f6 --------------------------- devtool: upgrade: do not add dummy git notes This has been causing a significant performance regression, to the point where AUH wasn't able to complete upgrades with particularly large number of git commits between releases [1]. After discussing with Peter [2], running 'oe-selftest -r devtool' with this change (100% pass), and also doing an AUH run with it, and reviewing the output I think this is fine to remove: the case is either very niche or non-existent, and if it appears again, we should come up with a better fix. [1] https://autobuilder.yoctoproject.org/valkyrie/#/builders/38/builds/54/steps/15/logs/stdio [2] https://lists.openembedded.org/g/openembedded-core/message/231281 Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4f96eaa098 --------------------------- externalsrc: fix duplicate entries in .git/info/exclude `readlines()` preserves trailing newlines, so the duplicate check against the stripped link name never matched. Strip lines before comparing to prevent repeated entries on each devtool modify run. Signed-off-by: Aditya Kurdunkar Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 34bafcf3d8 --------------------------- openssl: add support for config snippet includes This allows configuration (such as enabling providers) to be done by adding snippet files to /etc/ssl/openssl.cnf.d instead of modifying a copy of the full configuration file. As new snippets can be added from separate recipes, targeted changes can be done in multiple layers. For example, the pkcs11-provider can be enabled by adding a pkcs11.cnf containing something like: [default_sect] activate = 1 [provider_sect] pkcs11 = pkcs11_sect [pkcs11_sect] pkcs11-module-path = /usr/lib/libckteec.so.0 pkcs11-module-quirks = no-operation-state no-deinit pkcs11-module-encode-provider-uri-to-pem = true activate = 1 Signed-off-by: Jan Luebbe Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cf848ae6b6 --------------------------- python3-poetry-core: upgrade 2.2.1 -> 2.3.1 License-Update: file format changed to "ASCII text" from "ASCII text, with CRLF line terminators" in the lark license Changelog: ============ - Update list of supported licenses - Fix an issue where platform_release could not be parsed on Windows Server [RP: merged commits, tweak whitespace and fix commit message] Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b8e48562ba --------------------------- alsa-lib: patch CVE-2026-25068 Pick patch mentioned in NVD report. It also includes CVE ID in commit message. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 97bd9c1324 --------------------------- glib-2.0: upgrade 2.86.3 -> 2.86.4 Fixes CVE-2026-1484, CVE-2026-1485 and CVE-2026-1489. Release notes [1]: Overview of changes in GLib 2.86.4, 2026-02-13 * Fix several security vulnerabilities of varying severity (see below for details) * Bugs fixed: * #3858 (closed) glib-compile-resources: Incorrect compiler detection on Windows when building GTK causes a DoS (L. E. Segovia) * #3863 (closed) Iterating over a short (preallocated) GVariant bytestring invalidly refs a NULL GBytes (Christian Hergert) * #3870 (closed) (CVE-2026-1484) (YWH-PGM9867-168) Integer Overflow -> Buffer Underflow on Glib through glib/gbase64.c via g_base64_encode_close() leads to OOB Write (Marco Trevisan) * #3871 (closed) (CVE-2026-1485) (#YWH-PGM9867-169) Buffer underflow on Glib through gio/gcontenttype-fdo.c via parse_header() lead to OOB Read/Write (Marco Trevisan) * #3872 (closed) (CVE-2026-1489) (#YWH-PGM9867-171) Integer Overflow on Glib through glib/guniprop.c via output_marks() lead to OOB Write in glib/gutf8.c:g_unichar_to_utf8() (Marco Trevisan (Treviño)) * !4946 (merged) Update Romanian translation glib-2-86 * !4955 (merged) Backport !4954 (merged) “glib-compile-resources: Always assume MSVC compiler if VCINSTALLDIR is set” to glib-2-86 * !4961 (merged) Backport !4960 (merged) “glib/gvariant: add failing test for bytestring and fix it” to glib-2-86 * !4979 (merged) [glib-2-86] gbase64: Use gsize to prevent potential overflow * !4981 (merged) [glib-2-86] gio/gcontenttype-fdo: Do not overflow if header is longer than MAXINT * !4984 (merged) [glib-2-86] guniprop: Use size_t for output_marks length * !5010 (merged) Update Kazakh translation * Translation updates: * Kazakh (Baurzhan Muftakhidinov) * Romanian (Antonio Marin) [1] https://gitlab.gnome.org/GNOME/glib/-/releases/2.86.4 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 359f09f376 --------------------------- cmake: remove obsolete patches 0001-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal.patch can be replaced with two variable assignments to seed the results we want. 0002-CMakeLists.txt-disable-USE_NGHTTP2.patch is not needed anymore as the vendored curl will disable the use of nghttp2 automatically if it isn't found. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 03be77135d --------------------------- cmake: add license information for vendored cppdap library Add missing license information for the vendored cppdap library that we don't yet have a recipe for. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 91ed3b7db2 --------------------------- cmake: use system libuv We have a recipe for libuv in oe-core, so use it in the target recipe to avoid vendoring in more code. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a0abec1fff --------------------------- libuv: enable nativesdk builds This avoids the internal copy of libuv that cmake would otherwise include from the nativesdk-cmake build. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 61ea2e5cb2 --------------------------- cmake: consolidate CMAKE_USE_SYSTEM_LIBRARIES Move CMAKE_USE_SYSTEM_LIBRARIES=1 to cmake.inc so that all builds use system libraries unless told otherwise. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9d996cafdc --------------------------- cmake: clean up variables shared between .bb and .inc Use EXTRA_OECMAKE in the non-cmake-inheriting cmake-native recipe, so that the cmake.inc can assign once. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f1f605328c --------------------------- cmake: remove obsolete variable assignments Remove obsolete assignments: - KWSYS_CHAR_IS_SIGNED was removed in 3.5.0[1] - KWSYS_LFS_WORKS was removed in 3.15.0[2] [1] cmake ec1398d7ae ("KWSys 2015-12-14 (c1149ef6)") [2] cmake 11fe7c9063 ("KWSys 2019-02-25 (833b2470)") Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d08cf87ae1 --------------------------- pkgconf: add pkg-config-native to the nativesdk package This was added to the pkg-config recipe but not pkgconf. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 29831832ea --------------------------- pkgconf: small cleanups There's no need to --with-pkg-confg-dir as the default is the same and correct. Don't append BBCLASSEXTEND, there's no need. Sync pkg-config-native with the pkg-config recipe so that it sets the variables in the same way. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 175fcf9fad --------------------------- distro/defaultsetup: Enable space optimization tweaks This enables a collection of tweaks which reudce build output size where the output has been found to be particularly problematic. This reduces sstate object size as well as on disk build footprint, it also helps memory usage for linking some of the recipes. This in turn improves built speed and the smaller sstate objects are faster to compress, decompress and transfer over the network. This change has been tested in poky for a long time. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4c2d64c10a --------------------------- distro/defaultsetup: Enable security flags by default This defaults to including our security flags which use stack-protector-strong and D_FORTIFY_SOURCE=2 by default, as aids to improve detection of security issues. This change has been tested in poky for a long time and allows us to align our default compilation flags and environment. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 03fc931bfe --------------------------- distro/defaultsetup: Enable no-static-libs by default In general, few people use statlic libraries. They are however large and take up a lot of space on disk as well as taking time to compress/decompress and tranfser in sstate objects. This change disables most of them by default for disk space and speed/size performance benefits. This change has been tested in poky for a long time. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 722897f96d --------------------------- defaultsetup: Enable uninative by default uninative allows reuse of native sstate built on one distro on another. This change enables it by default, as has been done by default in poky for a long time. The reason for the change is that this makes the sstate CDN much more useful to speed up builds if good network access is available. It also standardises the builds to our usual testing configuration, removing one key difference which new users sometimes run into. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0b4061c5d5 --------------------------- conf: Switch to systemd by default and simplify init manager selection This change effectively switches things to use INIT_MANAGER to select the init system and drops the old compatibility 'none' method. The init manager selection is now complex enough that requiring users to select it makes sense. The new default is systemd, which reflects popular opinion. This is known to have issues in some of our configurations such as musl but is also frequently asked for. Anyone replacing defaultsetup.conf in their own setup will need to provide equivalent functionality but that is execpted for any of the settings in there. This change drops sysvinit from the default distro features backfill, meaning we no longer need to remove it in systemd setups and places the init managers on a more equal and equivalent standing. This is a behaviour change for anyone using nodistro and anyone not already setting INIT_MANAGER explictly. This does not change the default for distros which select an init manager already (e.g. poky). Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 544222c299 --------------------------- conf/distro: Drop default-versions.inc This conf file used to be useful when we had multiple versions of recipes but we no longer do that and the file is empty. Remove it as obsolete and not needed anymore. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6b483d69e0 --------------------------- binutils: Drop unneeded and problematic vardeps explict value and immediate expansion This was introduced in 0788cf349fe37ef4a36c626dbc396c97d1ab14d7 as a way of tracking the EXTRA_OECONF changes. These should be tracked reliably by the contains() code now so it is assumed this was working around a bug at the time. I checked the current task hashes and that information is there. Therefore drop this bit of code as the immediate expansion causes inaccurate values. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 61aaa2c597 --------------------------- nativesdk/crosssdk: Fix DISTRO_FEATURES_BACKFILL handling Similar to native, backfilling of items from DISTRO_FEATURES when combined with DISTRO_FEATURES_FILTER_NATIVESDK was not functioning correctly. Ensure the backfill is applied before filtering, then clear the value to prevent further backfill. This makes the nativesdk and crosssdk cases match the native code. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 74ba238ff1 --------------------------- rust: Enable dynamic linking with llvm Fixes [Yocto #16058] A segmentation fault occurs in rustc (e.g. in llvm::X86ReadAdvanceTable) when reusing sstate artifacts built with different host toolchain versions. Issue sequence: 1. llvm-native is built with a newer toolchain (e.g. GCC 15/Binutils 2.45). 2. rust-native is later built with an older linker. (e.g. GCC 12/Binutils 2.40). 3. The older linker statically links parts of llvm-native into librustc_driver. 4. The resulting binary crashes at runtime inside the statically linked LLVM code. The corruption happens at link time when mixing static native objects produced by different toolchain generations. Enable dynamic LLVM linking (link-shared = true) for rust-native so rustc links against libLLVM.so instead of static archives, avoiding host linker incompatibilities when reusing sstate artifacts. Signed-off-by: Sunil Dora Suggested-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 4f79b45b7a --------------------------- ifupdown: correct upstream version check Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b290db3fbf --------------------------- blktrace: correct SRC_URI AI scrapers prompted the move: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=9b24b42ef59d2e8015957db3dd70ffedb7ebcfe8 Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1fdcc2fae5 --------------------------- python3-sphinx: backport patch to fix singlehtml URIs The singlehtml builder creates broken links, as reported on the yocto-docs list[1]. This issue was also reported upstream[2], and the temporary fix is to revert commit c93723b80396 ("singlehtml: deprecate the 'fix_refuris' helper function (#13037)") in sphinx. Backport the revert commit as a patch in OE-Core. [1]: https://lore.kernel.org/r/d8d48a98-edb6-4e30-a49b-0a9b52b14216@bytesatwork.ch [2]: https://github.com/sphinx-doc/sphinx/issues/14221 Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c544f12073 --------------------------- busybox: Enable SELinux support if DISTRO_FEATURES contains 'selinux' If selinux is contained in DISTRO_FEATURES, enable CONFIG_SELINUX which needs a dependency on libselinux. Signed-off-by: Uwe Kleine-König Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 089bdd1b5e --------------------------- time64.inc: add links to "Y2038 in Yocto" slides and video I'm not sure if placing conference slides and video links here is okay, but I believe this is the best starting point for anyone dealing with the Y2038 problem. It will help and provide important context and action points for those needing to support 32 bit products beyond Y2038. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 640e2f9d76 --------------------------- time64.inc: clean up and add upstream tickets where issues remain Most issues were resolved via upstream version updates that bring in needed fixes: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes https://github.com/curl/curl/pull/11610 util-linux update to 2.39 that includes https://github.com/util-linux/util-linux/pull/2430 https://github.com/util-linux/util-linux/commit/3ab9e699a8d90f55e0447516b7e05a8686180467 https://github.com/util-linux/util-linux/pull/2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolves https://github.com/pyca/cryptography/issues/9370 via https://github.com/pyca/cryptography/pull/9964 perl update to 5.40.0 which includes https://github.com/Perl/perl5/pull/21379 python3 update to 3.13.0 which includes https://github.com/python/cpython/pull/118425 python3 update to 3.13.1 which includes https://github.com/python/cpython/pull/124972 python3 update to 3.14.0 which includes https://github.com/python/cpython/pull/119401 https://github.com/python/cpython/pull/125045 https://github.com/python/cpython/pull/107594 https://github.com/python/cpython/pull/125104 tcl update to 9.0.0 which includes https://github.com/tcltk/tcl/commit/4ca61724c554f02d90a0655da81372bfbb34f70d (tcl8 recipe has a simple backport of this) dbus update to 1.16.0 which includes https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/444 https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/289 openssh update to 10.0p1 which includes https://github.com/openssh/openssh-portable/pull/425 https://bugzilla.mindrot.org/show_bug.cgi?id=3684 https://marc.info/?l=openbsd-bugs&m=172561736524815&w=2 https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-October/041621.html (all reporting the same issue) gcc update to 15.1 which includes https://github.com/llvm/llvm-project/pull/99699 via https://github.com/gcc-mirror/gcc/commit/fa321004f3f6288d3ee2eefa6b02177131882dca and allows dropping special flags and exceptions for gcc-sanitizers. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4b7284b6f6 --------------------------- lttng-tools: install .expect test files with a wildcard Otherwise, there will be failures on 32 bit hosts. Note that the needed files are erroneously absent from upstream release tarballs: https://bugs.lttng.org/issues/1436 but once that is resolved, this commit will be effective. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d7103e9f49 --------------------------- lttng-tools: add missing python3-multiprocessing dependency to ptests This restores the not-running tests, and everything is again able to run (and pass). Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 27817cda4b --------------------------- lttng-tools: ensure that ptest errors are not suppressed At some recent point lttng-tools ptests have quietly regressed, and most of them aren't executed anymore. Errors are printed on the console, but aren't reported as exit code from run-ptest. The reason is that exitcode was set to what sed returned, not make. The original reason for piping through sed was to unify /tmp/tmp.xxxx outputs for easier results comparison, but (after fixing the tests) I don't see such lines anymore, and in any case ensuring such regressions are caught is more important. With this fix, run-ptest and testimage starts to fail as it should. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a2c6bf5822 --------------------------- checklayer: fix get_depgraph() hang when command fails The get_depgraph() function hangs indefinitely when a layer causes command failures (e.g. meta-virtualization) because: 1. bb.command.CommandFailed was not included in the event mask passed to set_event_mask(), so the failure event was silently dropped and the while True loop never received a terminating event. 2. There was no timeout handling for the case where wait_event() repeatedly returns None, leaving no escape from the loop. Add CommandFailed to the event mask so failure events are properly received and handled. Also add a timeout counter that raises RuntimeError after 300 consecutive seconds of no events, preventing an infinite hang. Fixes [YOCTO #16170] Signed-off-by: Tim Orling Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b63c3507f0 --------------------------- iproute2: update link to homepage The old link redirects here now. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 69f903dcff --------------------------- native: Replace e.data with d e.data was deprecated a while ago, replace the remaining references with d, they are the same thing. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 18ac84e488 --------------------------- native: Use dynamic filtering for PROVIDES Currently, PROVIDES is one of the few variables left which isn't handled by filter code dynamically. This lead to bugs if for example you have a PACKAGECONFIG value which references DISTRO_FEATURES, and DISTRO_FEATURES is being set in the the native case late by backfill. The early expansion of the value means it can use an incorrect DISTRO_FEATURES value leading to confusing errors. Convert the code to use a filter in common with the other code in the class. This does lead to some behaviour differences outside OE-Core in meta-oe for example where the PROVIDES of gd-native changed: "gd-native gd-native-tools" to "gd-native gd-tools-native" where the change is a clear improvement in correctness. This fixes issues when DISTRO_FEATURES has backfill options in place in the native case. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d386113c07 --------------------------- native: Fix DISTRO_FEATURES backfill handling in native case Currently, features listed in DISTRO_FEATURES_FILTER_NATIVE are not supported for DISTRO_FEATURES_BACKFILL as the two variables interact badly. We now have need to add some features to backfill which are in the filter_native case. This patch fixes the handling by appuing the backfill, then zeroing the variable once they are applied. This leads to them being correctly filtered. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 432b81d150 --------------------------- xinput: allow native build This is required to build x11 support for libsdl3-native Signed-off-by: Markus Volk Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e9a35f32b9 --------------------------- pseudo: Update to include a fix for systems with kernel <5.6 $ git log --oneline --no-decorate 9ab513512d8b5180a430ae4fa738cb531154cdef..43cbd8fb4914328094ccdb4bb827d74b1bac2046 43cbd8f ports/linux: define __NR_openat2 if missing Signed-off-by: Yoann Congal Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 32e9be1675 --------------------------- python3: upgrade 3.14.2 -> 3.14.3 >From release notes [1]: Security * gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650). * gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. * gh-143925: Reject control characters in data: URL media types. * gh-143919: Reject control characters in http.cookies.Morsel fields and values. * gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters. [1] https://docs.python.org/3/whatsnew/changelog.html#python-3-14-3-final Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bc0075350e --------------------------- libpng: upgrade 1.6.54 -> 1.6.55 Release notes [1]: * Fixed CVE-2026-25646 (high severity): Heap buffer overflow in `png_set_quantize`. (Reported and fixed by Joshua Inscoe.) * Resolved an oss-fuzz build issue involving nalloc. (Contributed by Philippe Antoine.) [1] https://github.com/pnggroup/libpng/blob/v1.6.55/ANNOUNCE Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f159f285ae --------------------------- rpm-sequoia: upgrade 1.10.0 -> 1.10.1 Contains two commits pertaining to signature handling: - 1ede9cdd Return NotTrusted for signatures that don't conform to the policy. - 20087fe6 Return NotTrusted for signatures that use unsupported algorithms Also, commit 06c3a76f updates Cargo.lock Signed-off-by: Adam Duskett Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: af35753610 --------------------------- zlib: upgrade 1.3.1 -> 1.3.2 Delete patch included in this version. Remove CVE_STATUS for CVE resolved in this release. Release information: [1] More details on homepage: [2] Audit details: [3] Version 1.3.2 has these key updates from 1.3.1: * Address findings of the 7ASecurity audit of zlib. * Check for negative lengths in crc32_combine functions. * Copy only the initialized window contents in inflateCopy. * Prevent the use of insecure functions without an explicit request. * Add compressBound_z and deflateBound_z functions for large values. * Use atomics to build inflate fixed tables once. * Add --undefined option to ./configure for UBSan checker. * Copy only the initialized deflate state in deflateCopy. * Zero inflate state on allocation. * Add compress_z and uncompress_z functions. * Complete rewrite of cmake support. * Remove untgz from contrib. * Vectorize the CRC-32 calculation on the s390x. * Remove vstudio projects in lieu of cmake-generated projects. * Add zipAlreadyThere() to minizip zip.c to help avoid duplicates. * Add deflateUsed() function to get the used bits in the last byte. * Fix bug in inflatePrime() for 16-bit ints. * Add a "G" option to force gzip, disabling transparency in gzread(). * Return all available uncompressed data on error in gzread.c. * Support non-blocking devices in the gz* routines. [1] https://github.com/madler/zlib/releases/tag/v1.3.2 [2] https://zlib.net/ [3] https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 755e805801 --------------------------- dpkg: 1.22.21 -> 1.23.5 Refresh patches: - 0001-build.c-ignore-return-of-1-from-tar-cf.patch - 0001-script.c-avoid-use-of-chroot.patch - 0002-Adapt-to-linux-wrs-kernel-version-which-has-characte.patch - 0004-The-lutimes-function-doesn-t-work-properly-for-all-s.patch - 0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch - arch_pm.patch - remove-tar-no-timestamp.patch Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d9ec9e20ee --------------------------- systemd: Stop supporting sysvinit compatibility Systemd has worked with sysvinit compatibility but upstream plans to remove this and hence we will no longer be able to support it. We need to remove this before the LTS since the support will certainly not be there for the lifetime of the LTS. This patch disables that usage mode and removes some of the compatibility logic. There is more that can be removed, this is meant just to signal to people it is no longer supported and start that process. Further cleanup can be made over time in later commits. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 41ddc84609 --------------------------- oeqa/selftest/overlayfs: Improve systemd test configuration We need to ensure that sysvinit and systemd are not enabled together. Tweak the tests to use INIT_MANAGER to correctly achieve this. Signed-off-by: Richard Purdie --------------------------- Commit: 332c94b91a --------------------------- oeqa/selftest/bbclasses: Drop systemd+sysvinit test This configuration is no longer possible with recent systemd changes, drop the test. Signed-off-by: Richard Purdie --------------------------- Commit: 1acd1998bb --------------------------- python3-cryptography: Disable legacy-openssl by default Disable legacy-openssl support by default to match the openssl recipe. Signed-off-by: Colin Pinnell McAllister Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: a150c3580f --------------------------- openssl: Add legacy packageconfig option Add packageconfig option to enable legacy support (disabled by default). The legacy module includes deprecated and unmaintained OpenSSL components. Drops openssl-oss-module-legacy from a runtime depends to a runtime recommends for ptest. Signed-off-by: Colin Pinnell McAllister Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: d5501e7720 --------------------------- openssl: Disable TLS 1.0/1.1 by default TLS 1.0 and TLS 1.1 have been deprecated by the IETF since 2021. Disables support by default in packageconfig, requiring users to explicitly opt-in for these deprecated protocols. Signed-off-by: Colin Pinnell McAllister Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: fd3b1efb6f --------------------------- python3: Backport TLS test fix Backports fix for Python3 that allows TLS 1.2 to be the minimum version. Signed-off-by: Colin Pinnell McAllister Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 51da1742bf --------------------------- bluez5: upgrade 5.85 -> 5.86 Changelog: - Fix issue with number of retries on authentication failures. - Fix issue with G.722 @ 16 kHz codec ID value reported by transport. - Add support for Telephony interface. - Add support for Ranging profile. - Add support for GMAP service. - Add support for TMAP service. Full changelog: https://github.com/bluez/bluez/compare/5.85...5.86 Changes relevant for the build: - mcaptest tool has been removed - sap and health profiles have been removed from the code base Signed-off-by: Guðni Már Gilbert Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 49f8a79a70 --------------------------- gnutls: upgrade 3.8.11 -> 3.8.12 Release information: [1] Solves CVE-2025-14831 and CVE-2026-1584. Remove patch included in this release. Add workaround for cross-compilation bug in release tarball. [1] https://lists.gnutls.org/pipermail/gnutls-help/2026-February/004914.html Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 72819b9e60 --------------------------- go: upgrade 1.25.7 -> 1.26.0 Release Announcement: [1] Release notes: [2] Refreshed all patches and dropped patch merged upstream. [1] https://groups.google.com/g/golang-announce/c/uVOCkuwbiD8 [2] https://go.dev/doc/go1.26 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 4003a5084d --------------------------- own-mirrors: Drop obsolete fetcher mapping These fetchers are being dropped from bitbake. Clean up the PREMIRRORS to match. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: dea5ac6b62 --------------------------- sanity: Update to account for removed fetchers Some fetch types were dropped in bitbake, update the sanity tests to match. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: c6e63cf96c --------------------------- lib/oe/recipeutils: Drop obsolete FETCHCMD These fetcher variables are being removed, drop the references. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 2c233165d4 --------------------------- oeqa/selftest/buildoptions: Drop pointless/obsolete mirror entries We've never had any of these sources on this mirror and support for several is about to be removed in the fetchers anyway. Drop the obsolete entries. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 755d1d1593 --------------------------- mirrors: Drop obsolete/inappropriate OE/YP mirror entries These fetchers aren't used by code that would end up on these mirrors and are about to be removed anyway in some cases. Drop the pointless/obsolete entries. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: f50a2005dd --------------------------- libksba: add ptest support Add ptest support to enable automated testing of libksba using ptest-runner. The implementation builds and installs test executables from the tests/ directory along with the required test data files from the samples/ directory. Test results on qemux86-64: PASS: cert-basic PASS: t-cms-parser PASS: t-crl-parser PASS: t-der-builder PASS: t-dnparser PASS: t-ocsp PASS: t-oid PASS: t-reader All 8 tests pass. Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 739583da02 --------------------------- libxkbfile: upgrade 1.1.3 -> 1.2.0 Changelog: - libxkbfile is used by the X servers and utilities to parse the XKB configuration data files. - This release adds a new XkbRF_FreeVarDefs() API, and brings over many fixes from the other copies of XKB code in the various X.Org repos. - Since no complaints were received about the added meson build system in the 1.1.3 release (February 2024), the autoconf build system has been removed in this release. Ref: [https://lists.x.org/archives/xorg-announce/2026-January/003662.html] Signed-off-by: Zhang Peng Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 394604b257 --------------------------- oe-selftest: devtool: add test for gdb pretty-printing This extends the existing devtool IDE SDK tests to verify that gdb pretty-printing is working correctly. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c187d9231c --------------------------- python3-packaging: be more specific when skipping tests on musl We don't need to skip all of test_tags.py, just the two test cases that use manylinux. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 796ce40e3e --------------------------- oeqa/selftest/devtool: add devtool modify testcase for nested gitsm Add a selftest that exercises devtool modify against git repositories that contain nested git repositories with submodules. Signed-off-by: Clement Faure Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c63fa18db3 --------------------------- devtool: avoid recursion into nested git repos with submodules Prevent devtool from recursing into nested git repositories with submodules to avoid double git submodule add operation. Signed-off-by: Clement Faure Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4f6192f316 --------------------------- cve-update-nvd2-native: Use maximum CVSS score from all sources The CVE check system was incorrectly reporting lower CVSS scores when multiple scoring sources were available in the NVD database. This occurred because the code only extracted the first element from the metrics arrays, which could be a "Secondary" source with a lower score rather than the "Primary" source or the highest available vendor score. According to the CVSS v4.0 User Guide, "In situations where multiple CVSS-B scores are applicable but only one is provided, the highest CVSS-B score must be utilized." This follows the "reasonable worst-case" principle established by the CVSS SIG. This fix iterates through all available sources (v2, v3.0, v3.1, and v4.0) and selects the maximum CVSS score to ensure the highest severity is reported. Fixes [YOCTO #15931] References: - https://www.first.org/cvss/v4.0/user-guide - https://www.first.org/cvss/v3.1/user-guide - https://www.first.org/cvss/v2/minutes/cvss-meeting-minutes-06202006.pdf Signed-off-by: Het Patel Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cb536737be --------------------------- wic/engine: error on old host debugfs for standalone directory copy When wic is used in standalone mode, it relies on host tools such as debugfs. For directory host->image copies into ext* partitions, wic uses scripted debugfs "-f" input with multiple mkdir/write commands. Older host debugfs versions (< 1.46.5) may behave unreliably in this mode and can silently miss files. This does not affect builds using debugfs from OE where the version is known to be sufficiently new. Add a debugfs version check and emit an error when an older host debugfs is detected. The error is shown once per run and halts execution. Changes in v2: - adjust the last working debugfs version to 1.46.5 Changes in v3: - switch debugfs check from warning to error Signed-off-by: Daniel Dragomir Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6b720a30f3 --------------------------- iso-codes: upgrade from 4.19.0 to 4.20.1 Changes: https://salsa.debian.org/iso-codes-team/iso-codes/-/blob/main/CHANGELOG.md License-Update: update license to LGPL-2.1-or-later. The build system is switched from autotools to meson. Note that meson is now the only supported build system for iso-codes. Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0e36687d2d --------------------------- libsolv: ptest: remove conditional checks Simplify run-ptest and do_install_ptest by removing conditional checks. If upstream renames or relocates test files, the build should fail explicitly rather than silently skipping tests, ensuring the recipe is updated appropriately. Changes: - Use testcases/* glob to automatically discover all test suites - Remove file existence checks from run-ptest - Remove file existence checks from do_install_ptest Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2623ba16b1 --------------------------- vim: fix race when installing the Swedish tutorial A mkdir might not happen, resulting in an install failure. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7ba65231a9 --------------------------- icu: upgrade from 78.1 to 78.2 icu 78.2 changes: https://github.com/unicode-org/icu/releases/tag/release-78.2 Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ccc585f94c --------------------------- libcxx: remove no-atomics from PACKAGECONFIG In commit [1], upstream has dropped _LIBCXXABI_HAS_ATOMIC_BUILTINS, clean up no-atomics from PACKAGECONFIG otherwise build for qemuarmv5 failed $ echo "MACHINE = 'qemuarmv5'" >> conf/local.conf $ bitbake libcxx ... | tmp/work/armv5e-oe-linux-gnueabi/libcxx/21.1.8/recipe-sysroot-native/usr/bin/arm-oe-linux-gnueabi/ arm-oe-linux-gnueabi-ld: cannot find -latomic: No such file or directory | arm-oe-linux-gnueabi-clang++: error: linker command failed with exit code 1 (use -v to see invocation) ... [1] https://github.com/llvm/llvm-project/commit/f8b1cc36578608f2f840d7ea8b0aa9b28fdaa492 Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6092b9a321 --------------------------- python3-numpy: upgrade 2.3.5 -> 2.4.2 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9d61764f7e --------------------------- piglit: use 'shape' in place of 'newshape' on numpy>=2.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5b5d425f2d --------------------------- libx11-compose-data: upgrade 1.8.4 -> 1.8.12 - upgrade libx11-compose-data to 1.8.12 as it is part of libx11, and libx11 already upgrade to 1.8.12 - refresh the patch 0001-Drop-x11-dependencies.patch Signed-off-by: Zhang Peng Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6913708b34 --------------------------- lttng-platforms.inc: set LTTNGMODULES with ?= Set LTTNGMODULES with ?= in lttng-platforms.inc, then it could be set in .conf files to override it. Signed-off-by: Kai Kang Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 188b469953 --------------------------- gnupg: 2.5.14 -> 2.5.17 Release-info: https://dev.gnupg.org/T7996 Compare commits updates: $ git clone https://github.com/gpg/gnupg.git $ git log --oneline gnupg-2.5.14..gnupg-2.5.17 17b514596 (tag: gnupg-2.5.17) Release 2.5.17 f2f89dc82 po: msgmerge 11b7e4139 gpg: Fix possible NULL-deref with overlong signature packets. 93fa34d9a tpm: Fix possible buffer overflow in PKDECRYPT c3e387427 po: Update Swedish translation eba28eeaa agent: Add accelerator keys for "Wrong" and "Correct". 2438271ab agent: Fix stack buffer overflow when using gpgsm and KEM c7770b0a7 gpgsm: Make multiple search patterns work with keyboxd. 71570012e gpg: Remove a dead statement. 0bcd9be9a gpg: New export-option "keep-expired-subkeys" 0e37a6779 doc: Improve the "Programmatic use of GnuPG" section. 5f4ad39b1 doc: Rename an internal function to clarity the purpose. 8d4fc7667 dirmngr: Help detection of bad keyserver configurations. d97e52cc7 scd:openpgp: register vendor 4d52 916982b8c Post release updates 7d38a23b8 (tag: gnupg-2.5.16) Release 2.5.16 a9da315fb Revert "misc: Validate the value on the use of strtol." 26c422e5b Post release updates 7ee523ac2 (tag: gnupg-2.5.15) Release 2.5.15 947ea3c41 gpg: Deprecate the option --not-dash-escaped. abe9bddaa gpg: Fix for a recently claimed harmless keyboxd change. 4ec86dca3 po: msgmerge 691fa4ecb po: Update German translation 81bb94975 keyboxd: Fix database schema migration. 267f6db56 doc: Document default symmetric algo as AES-256 5d0ba97c8 Prepare NEWS 1b3bb7dde po: Enable Georgian translation. 6c1d13ac6 gpg: Implement skip function for keyboxd to fix a validation bug. 01eaa386e keybox: Fix the not yet used uid and pk keyblock index return values. c7472b1b9 po: Update Georgian Translation. 4350fc192 Avoid the function name thread_init. 674aa5424 dirmngr: Add a compatibility flag for use with newer Libksba versions. 32a3e5f83 common:dotlock: Escalate a warning message up to INFO from DEBUG. aab29b128 kbx:sqlite: Don't call dotlock_release. d4e40e2a8 common:dotlock: Comment fixes. 68dcfec91 common:dotlock:w32: Minor fixes for Windows. e4f20ba10 commond:dotlock: Remove support of use with glib. 493276a20 po: Update Portuguese translation 216a695ce agent: Use SHADOW_INFO to silence warnings. 57affc4e9 common,agent,dirmngr,kbx:w32: Synchronous spawning daemon process. cad79e542 agent,common,dirmngr,tests: Silence warnings of a compiler. bcd87ea2b misc: Validate the value on the use of strtol. ce44fde23 Post release updates Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 78156f9ea2 --------------------------- vim: Upgrade 9.1.2128 -> 9.1.2144 Upgrade from 9.1.2128 to 9.1.2144 to include the fix for CVE-2026-25749 [1] [2]. [1] https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43 [2] https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 Signed-off-by: Mingli Yu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9c39e478fa --------------------------- strace: upgrade from 6.18-> 6.19 Release notes: https://github.com/strace/strace/releases/tag/v6.19 License-Update: copyright years refreshed Ptest results for qemux86-64/kvm: +------------+--------+---------+-------+ | Version | Passed | Ignored | Total | +------------+--------+---------+-------+ | 6.18 glibc | 1,127 | 332 | 1,459 | | 6.19 glibc | 1,129 | 332 | 1,461 | | 6.19 musl | 1,123 | 338 | 1,461 | +------------+--------+---------+-------+ Signed-off-by: Randy MacLeod Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f3e9d1326b --------------------------- libconfig: add ptest support Add ptest support to enable automated testing of libconfig using ptest-runner. The implementation uses libtool --mode=install to properly install test binaries, avoiding issues with libtool wrapper scripts. Tests are built via 'make check TESTS=' to compile without running during the build phase. The test suite includes 16 tests covering parsing, formatting, binary/hex values, escaped strings, and various edge cases. All tests pass successfully on qemux86-64 : START: ptest-runner BEGIN: /usr/lib/libconfig/ptest [TEST] ParsingAndFormatting parsing testdata/input_0.cfg parsing testdata/input_1.cfg parsing testdata/input_2.cfg parsing testdata/input_3.cfg parsing testdata/input_4.cfg parsing testdata/input_5.cfg parsing testdata/input_6.cfg parsing testdata/input_7.cfg [ OK ] ParsingAndFormatting [TEST] ParseInvalidFiles [ OK ] ParseInvalidFiles [TEST] ParseInvalidStrings [ OK ] ParseInvalidStrings [TEST] BigInt1 [ OK ] BigInt1 [TEST] BigInt2 [ OK ] BigInt2 [TEST] BigInt3 [ OK ] BigInt3 [TEST] BigInt4 [ OK ] BigInt4 [TEST] BigInt5 [ OK ] BigInt5 [TEST] BigInt6 [ OK ] BigInt6 [TEST] BigInt7 [ OK ] BigInt7 [TEST] RemoveSetting [ OK ] RemoveSetting [TEST] EscapedStrings [ OK ] EscapedStrings [TEST] OverrideSetting [ OK ] OverrideSetting [TEST] SettingLookups [ OK ] SettingLookups [TEST] ReadStream [ OK ] ReadStream [TEST] BinaryAndHex some auto big hex: 4294967296 some auto big bin: 8589934591 negativehex: -1430532899 [ OK ] BinaryAndHex 16 tests; 16 passed, 0 failed PASS: libconfig_tests DURATION: 0 END: /usr/lib/libconfig/ptest STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1010abf3e3 --------------------------- libassuan: add ptest support Add ptest support to enable automated testing of libassuan using ptest-runner. The implementation installs test programs (version, pipeconnect, fdpassing) and the shell script test (fdpassing-socket.sh). All 4 tests pass on qemux86-64: START: ptest-runner BEGIN: /usr/lib/libassuan/ptest PASS: version Received data `Your lucky number is 3552664958674928. Watch for it everywhere.' PASS: pipeconnect PASS: fdpassing PASS: fdpassing-socket.sh END: /usr/lib/libassuan/ptest STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6e0bf90e31 --------------------------- libarchive: add ptest support Add ptest support to enable automated testing of libarchive using ptest-runner. The implementation builds and installs five test suites: libarchive_test, bsdtar_test, bsdcpio_test, bsdcat_test, and bsdunzip_test, along with their test data files. Test executables for bsdtar, bsdcpio, bsdcat, and bsdunzip are provided via symlinks to the installed binaries. All tests on qemux86-64 pass: libarchive_test: 689 tests bsdtar_test: 76 tests bsdcpio_test: 49 tests bsdcat_test: 18 tests bsdunzip_test: 8 tests Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b0bec96403 --------------------------- oe-setup-build: TEMPLATECONF were not applied correctly Since a recent change to support dash, cmd_base is a set of several commands, separated by newlines. TEMPLATECONF was only effective for the first command in that set, which is not where it's needed. Putting it on its own line will ensure that it's present for everything in cmd_base. Signed-off-by: Logan Gallois Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 68d2d38483 --------------------------- classes/pkgconfig: move variable exports to the class All recipes that use pkg-config should be inheriting the class so this is a no-op change for those, and for recipes that do not use pkg-config will no longer need to rebuild if these variables are changed. Any recipes that use pkg-config but do not inherit the class will fail to build, and this is intentional: those recipes should inherit the class. This commit is simply the move of the exports, the values do not change. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7ecbb214fa --------------------------- python3-numpy: backport a Meson patch to fix pkg-config lookups When Meson uses pkg-config to introspect the Python install it resets PKG_CONFIG_PATH and PKG_CONFIG_LIBDIR to the location that the running python3 says is the library directory. However, when it writes to PKG_CONFIG_LIBDIR it uses the _target_ library directory without prefixing this with the sysroot, which breaks the build if _LIBDIR is the primary search path. This has been fixed in Meson since 1.10.0[1] but numpy has a vendored fork of Meson that is currently at 1.9.2, so backport the specific fix to solve this problem. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d4bb6a4e45 --------------------------- perf: inherit the pkgconfig class Perf uses pkg-config, so should inherit the class. Also remove the sedding of PKG_CONFIG, we pass it in as an argument to make via EXTRA_OEMAKE so the sed is redundant. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bc06157db7 --------------------------- pkgconfig: inherit the pkgconfig class Building target pkgconfig needs pkgconfig-native because pkgconfig uses pkgconfig to find libglib. Inherit the pkgconfig class so that the pkgconfig recipe does not need to know the details of how pkgconfig is integrated. Native builds use an internal copy of glib to avoid the circular dependency, and the self-dependency on pkgconfig-native is automatically pruned. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fff91e1774 --------------------------- mesa: upgrade 25.3.5 -> 26.0.0 See https://docs.mesa3d.org/relnotes/26.0.0.html for the changelog and sha256sum. This removes: - 0001-ethosu-drop-file-names-from-the-generated-file.patch, as it is merged in commit cdb6468c53ef ("ethosu: drop file names from the generated file"), - 0001-gfxstream-don-t-dump-genvk.py-args-to-generated-file.patch, as it is merged in commit 4315c28739dc ("gfxstream: don't dump genvk.py args to generated files"), - 0002-rocket-drop-file-names-from-the-generated-file.patch, as it is merged in commit 7a3bfd1f7913 ("rocket: drop file names from the generated file"), 0001-freedreno-don-t-encode-build-path-into-binaries.patch is updated to latest version in the merge request. Unfortunately, the do_patch task with the patch file directly downloaded from the merge request fails to apply it due to patch-fuzz. Instead, I downloaded the file locally and applied it with git-am and use git-format-patch to generate one that do_patch doesn't complain about. Since commit b72d347d1c3b ("meson: crocus and intel_hasvk now require clc"), both crocus and intel_hasvk require clc, so let's make this dependency explicit by requiring libclc PACKAGECONFIG to enable those drivers. KosmicKrisp is a new driver but my understanding is it's for MacOS only and we're not generated that OS, so skip adding a PACKAGECONFIG for it. r600 now doesn't require LLVM anymore since commit ebf14544102e ("r600: remove LLVM dependency") but for some reason we never added the dependency so no need to remove something that isn't there. There's a new option vulkan-manifest-per-architecture (default true) which controls whether the target machine architecture must be part of the Vulkan ICD filenames. The meson feature description states: If false, all architectures share a single JSON manifest for example lvp_icd.json, referencing the library by its basename. (Recommended for Unix OS distros installing into /usr.) Considering we install the Vulkan ICDs into /usr/share, let's make this false by default. Also, we're only building for one architecture so this probably doesn't change much except renaming. Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 089400399e --------------------------- mesa: fix missing llvm dependency for i915 i915 requires llvm at least explicitly since commit b8b38d38b1c1 ("meson: reinstate LLVM requirement for r300 and enforce it for i915 too") in mesa (available since 25.3.0). By default, Intel machines are built with gallium-llvm (see the various PACKAGECONFIG:append: in mesa.bb), so the dependencies would be met. It seems like Intel Arc discrete GPU may be supported by i915, so I'm assuming it could be possible to have a non-Intel machine have the need for the i915 driver. In any case, this is highlighting the actual dependencies so let's add gallium-llvm as a dependency for i915, as it should. Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 6dc0d1f3a8 --------------------------- mesa: upgrade 25.3.4 -> 25.3.5 Upgrade mesa to the latest stable release. See https://docs.mesa3d.org/relnotes/25.3.4.html for release notes and sha256sum. Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2c20c05b32 --------------------------- pseudo: Update to include an openat2 fix We're seeing occasional autobuilder failures with tar issues related to openat2. It appears there are definitions missing on debian 11 and opensuse 15.5 systems which mean the openat2 syscall intercept isn't compiled in. This then triggers on systems using the openat2 syscall, such as alma9 where it is used in a tar CVE fix. This updates to include the fix from upstream pseudo (along with a compile warning fix). This was tested by taking sstate for pseudo-native from a debian 11 system and using it in a build of "bitbake nativesdk-git -c install" on a alma9 system where that task failed. After this fix, it completes. Signed-off-by: Richard Purdie --------------------------- Commit: 3a8f0075d5 --------------------------- populate_sdk_ext: Ensure BB_BASHSERBVE_DB_DIR is handled correctly The new BB_BASHSERBVE_DB_DIR variable needs to be filtered when creating eSDK local.conf files since we use tricks with the hashserve DB in the eSDK to create a local cache file as part of eSDK creation. Signed-off-by: Richard Purdie --------------------------- Commit: a69e2baba8 --------------------------- devtool: ide-sdk: Support GDB pretty-printing for C++ STL types GDB requires Python scripts provided by GCC to properly display C++ STL types. This commit adds support for configuring GDB to use these pretty-printers in the ide-sdk, covering both the ide_none and ide_code plugins. The implementation locates the GCC Python helper scripts in the sysroot and injects the necessary commands into the GDB initialization files and IDE debug configurations. This ensures that when debugging C++ applications, STL containers and other complex types are displayed in a readable format. Without this: (gdb) print numbers $1 = { >> = { _M_impl = {> = {> = {}, }, >::_Vector_impl_data> = {_M_start = 0x55555556c370, _M_finish = 0x55555556c37c, _M_end_of_storage = 0x55555556c37c}, }}, } With this: (gdb) print numbers $1 = std::vector of length 3, capacity 3 = {1, 2, 3} Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: e4e8ff14ab --------------------------- cpp-example: Add std::vector example Add a standard container (std::vector) to the C++ example program to demonstrate the debugger's capability to inspect and traverse STL containers during a debugging session. This requires enabling GDB's pretty-printing feature, which depends on Python scripts shipped with the compiler. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 4019d572ec --------------------------- devtool: ide-sdk: evaluate DEBUG_PREFIX_MAP Improve the reverse mapping for searching the source files for remote debugging by taking the details from DEBUG_PREFIX_MAP into account when generating GDB's debug-file-directory mappings. This allows settings such as DEBUG_PREFIX_MAP = "" for modified recipes to be used to avoid any path remapping. Background: For packaged debug-symbols, the references to the source code need to be relocated to paths which are valid on the target system. By default, devtool ide-sdk tries to keep the relocated paths and configures the debugger to reverse map them back to the original source paths. The goal is to provide a debug setup which is a close as possible to a regular build. Usually this works well, but there are situations where the reverse mapping is not unambiguous. For example the default DEBUG_PREFIX_MAP DEBUG_PREFIX_MAP ?= "\ -ffile-prefix-map=${S}=${TARGET_DBGSRC_DIR} \ -ffile-prefix-map=${B}=${TARGET_DBGSRC_DIR} \ adds two different source paths (${S} and ${B}) to the same target path (${TARGET_DBGSRC_DIR}). If both source paths contain files with the same name, the debugger cannot determine which source file to use. For this example it is usually sufficient to only map ${S} to the target path. The source files in ${B} are probably a few generated files which are not that interesting for debugging. But depending on the project, the files in ${B} might also be relevant for debugging. Also add a hint to the generated local.conf snippet to use DEBUG_PREFIX_MAP = "" if the user wants to optimize the build for debugging. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 413ed3c3ec --------------------------- oe-selftest: devtool ide-sdk cover vscode remote debugging This adds more test coverage for devtool ide-sdk, with VSCode. The cmake test case has now a full remote debugging test on Qemu. The test checks the generated launch.json and tasks.json files, starts gdbserver and connects to it. The test verifies breakpoints, variables and source file listing. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 3b6d435fba --------------------------- devtool: ide-sdk: vscode replace scripts Write the ssh command to start gdbserver on target directly into the tasks.json. This avoids the need to create one more script file on the host. It also simplifies manual modifications of VSCode's standard tasks.json which is much more handy than modifying multiple proprietary scripts used to launch gdbserver. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 4dc41802c9 --------------------------- devtool: ide-sdk: make install_and_deploy script pass target arg Previously, the target was hardcoded in the install_and_deploy script, limiting flexibility. This change allows passing the target as a command-line argument, enabling IDEs to configure the target dynamically rather than only at IDE configuration generation time. This is a first step towards making the target configurable from the IDE. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 6dc10f282b --------------------------- devtool: ide-sdk: move code to ide_none Move code which is used by the ide_none plugin from the base class to the ide_none plugin. This is just a refactoring, no functional change. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 1191710876 --------------------------- devtool: ide-sdk: add gdbserver attach mode support Enhance remote debugging configuration to support multiple modes per executable binary. This adds support for gdbserver's attach mode as an additional debug configuration. When the binary is detected to run as a systemd service or SysV init script, an attach debug configuration is generated alongside the regular configuration that starts the process via gdbserver. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 3fafab6eef --------------------------- oe-selftest: devtool: check example services are running When running the devtool ide-sdk test with qemu, verify that the example services are actually running on the target by using pgrep to check for the example executable names. Also verify that the configuration files in /etc are owned by the proper user and group, both before and after the install_and_deploy scripts have run. This is also a check that the install_and_deploy scripts are working correctly with pseudo. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: b5ea7f3dc0 --------------------------- cpp-example: run as a service Extend the C++ example to run as systemd/SysV services This change adds service capability to the existing C++ example without modifying its original behavior. The example can now run either as: - One-shot executables (existing behavior) - Long-running services via systemd or SysV init The service runs as an unprivileged user/group, demonstrating security best practices for service development. This introduces additional complexity to the build process, particularly around proper pseudo usage in development builds. The implementation includes: - Service configuration files (systemd .service and SysV init script) - Dedicated user/group creation with appropriate permissions - JSON configuration file for runtime customization, owned by the service user - Command-line --endless flag to enable service mode - Full support for both CMake and Meson build systems This enhancement enables testing debugger configurations that attach to running processes, expanding the examples' utility for development tools. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: fe88b61e79 --------------------------- oe-selftest: devtool: DevtoolIdeSdkTests debug logging Add optional debug logging to all runCmd calls in DevtoolIdeSdkTests to improve debugging capabilities when tests fail. The logging is only enabled when the test logger is set to DEBUG level. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 6ab7e9e8e5 --------------------------- devtool: ide-sdk find bitbake-setup init-build-env With poky the oe-init-build-env script from the top level directory of the layer with the higher priority is used to setup the build environment. This does no longer work with bitbake-setup. The directory layout changed and the script is now called init-build-env. Skip the old implementation if $TOPDIR/init-build-env exists and use it instead. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: cafee0adc1 --------------------------- curl: Backport a patch to make curl work when aws support is disabled This avoids the following error when using curl from curl-native: $ oe-run-native curl-native curl https://www.example.com Getting sysroot... curl: (48) An unknown option was passed in to libcurl Signed-off-by: Peter Kjellerstedt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 85327e3a6f --------------------------- busybox: adapt busybox-udhcpd init script to new start-stop-daemon path Commit 9998d91f982cd323fa5da20edda8b1828bd4fb5d moved start-stop-daemon from /sbin to /usr/sbin. Adapt busybox-udhcpd to this change. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 5ec4156330 --------------------------- avahi: patch CVE-2025-68471 Signed-off-by: Amaury Couderc Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 9f2ed8adc3 --------------------------- avahi: patch CVE-2025-68468 Signed-off-by: Amaury Couderc Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 183d0ee54f --------------------------- avahi: patch CVE-2026-24401 Details https://nvd.nist.gov/vuln/detail/CVE-2026-24401 Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 84eff5afcf --------------------------- mtd-utils: fix ubifs packaging This change moves fsck.ubifs and mount.ubifs to correct package. Noticed when lzo was installed to ubi-less image additionally when upgrading from scarthgap to master as being dependency of fsck.ubifs. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 6f3aab6bfa --------------------------- selftest: Test installation of recipes with complex packaging When recipes have complex and dynamic packaging, it's easy to accidentally end up with one or more packages that build but can't be installed. We've seen this recently with linux-firmware [1]. Skimming through the recipes that set PACKAGESPLITFUNCS or PACKAGES_DYNAMIC or are otherwise known offenders, I've also picked out gstreamer1.0-plugins-*, kernel-modules, perl and python3 as recipes where it would be easy to end up with similar issues in the future. [1]: https://lore.kernel.org/openembedded-core/20260123163305.880111-1-dmitry.baryshkov@oss.qualcomm.com/ Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 933394adcb --------------------------- spdx30_tasks: Exclude 'doc' when exporting PACKAGECONFIG to SPDX Currently when generating an SBOM, all packages have the 'doc' feature indicated as disabled. This is in fact *not* a feature that was declared in the recipe, but instead the documentation of the PACKAGECONFIG variable. But to be safe, if somehow a feature is named 'doc' and enabled, do not exclude it when exporting PACKAGECONFIG features to SPDX. Signed-off-by: Benjamin Robin (Schneider Electric) Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 99792ab6ba --------------------------- libevent: merge inherit statements Merge the separate inherit statements into a single one for improved readability and consistency with OE style. No functional change intended. Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: a5e18714ae --------------------------- classes/buildhistory: Do not sign buildhistory commits This change adds the --no-gpg-sign option to prevent buildhistory commits from failing due to GPG signing issues. Depending on the setup, buildhistory may fail to create a commit if the user has the commit.gpgsign option enabled. For example, if the user creates a signing key that requires a password, the commit won't be created and will fail with the following error: / |error: Enter passphrase: Load key "/home//.ssh/id_ed25519": |incorrect passphrase supplied to decrypt private key? |fatal: failed to write commit object \ The bitbake command won't fail, but buildhistory won't have a commit. Also, the commit may silently fail when building inside a container due to missing packages or issues with accessing the GPG agent. This is similar to [1], and signing the buildhistory commit should be avoided to prevent such issues. 1 - https://git.openembedded.org/openembedded-core/commit/?id=7595a0a63a933af9dd9d1e458dc34a4ba80d9eae Signed-off-by: Fabio Berton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: a4fe869de5 --------------------------- cmake: upgrade 4.2.2 -> 4.2.3 Release notes are available at [0]. [0]: https://cmake.org/cmake/help/v4.2/release/4.2.html#id3 Signed-off-by: Moritz Haase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: a70dccd7d6 --------------------------- libgcrypt: upgrade 1.11.2 -> 1.12.0 License-Update: Remove occurrences of old FSF postal address[1] ChangeLog: https://github.com/gpg/libgcrypt/blob/libgcrypt-1.12.0/NEWS [1] https://github.com/gpg/libgcrypt/commit/67b8da4ef62734927e061327efa9a6f48616d114 Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 65ff15ea4e --------------------------- vulkan-volk: upgrade 1.4.335.0 -> 1.4.341.0 License-Update: copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 171a79d4c1 --------------------------- vulkan-validation-layers: upgrade 1.4.335.0 -> 1.4.341.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: aefab32037 --------------------------- vulkan-utility-libraries: upgrade 1.4.335.0 -> 1.4.341.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 71f058f7d0 --------------------------- vulkan-tools: upgrade 1.4.335.0 -> 1.4.341.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 5465f5dc27 --------------------------- vulkan-loader: upgrade 1.4.335.0 -> 1.4.341.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 2e7c96364e --------------------------- vulkan-headers: upgrade 1.4.335.0 -> 1.4.341.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 8cc203fc04 --------------------------- glslang: upgrade 1.4.335.0 -> 1.4.341.0 Changelog: =========== - Allow gl_FragDepth identifier to be redeclared - Replace 'GL_TASK(MESH)_SHADER_NV' with 'GL_TASK(MESH)_SHADER_EXT' - Scalarize swizzled MeshEXT stores - Support GL_EXT_long_vector - Add missing preamble #define for GL_EXT_nontemporal_keyword - Support GL_NV_push_constant_bank - Support GL_EXT_descriptor_heap Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: b996eda229 --------------------------- spirv-tools: upgrade 1.4.335.0 -> 1.4.341.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: af5c7b2aeb --------------------------- spirv-headers: upgrade 1.4.335.0 -> 1.4.341.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 4b59992e6f --------------------------- shaderc: upgrade 2025.5 -> 2026.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 479ccd3f12 --------------------------- repo: upgrade 2.61 -> 2.61.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 58aa839f55 --------------------------- python3-uv-build: upgrade 0.9.26 -> 0.9.28 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 33c94ff331 --------------------------- python3-psutil: upgrade 7.2.1 -> 7.2.2 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 3d8af1eeef --------------------------- python3-pip: upgrade 25.3 -> 26.0 License-Update: Copyright year updted to 2025 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 5246bf5432 --------------------------- python3-pdm-backend: upgrade 2.4.6 -> 2.4.7 Changelog: =========== - Allow user to override wheel with multiple plat tags - Switch dev-dependencies to dependency-groups Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 7611c316c2 --------------------------- python3-pathspec: upgrade 1.0.3 -> 1.0.4 Changelog: Using re2 fails if pyre2 is also installed. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: c36eaad635 --------------------------- python3-hypothesis: upgrade 6.150.3 -> 6.151.4 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: e1ee683c28 --------------------------- python3-dbusmock: upgrade 0.37.2 -> 0.38.1 Changelog: ============= - polkitd: Add RegisterAuthenticationAgentWithOptions - logind: Add SetWallMessage - README: Update outdated and broken examples, move to addCleanup() - Move all license comments to SPDX-License-Identifier - tests: Skip test_readme_examples if README.md is not present Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 2e78b6667b --------------------------- python3-cryptography: upgrade 46.0.3 -> 46.0.4 Changelog: ============ - Dropped support for win_arm64 wheels. - Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 333fb4a737 --------------------------- python3-babel: upgrade 2.17.0 -> 2.18.0 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: d6912006c5 --------------------------- libxxf86vm: upgrade 1.1.6 -> 1.1.7 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: fd426f14e3 --------------------------- libxvmc: upgrade 1.0.14 -> 1.0.15 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 38ee00584b --------------------------- libxrandr: upgrade 1.5.4 -> 1.5.5 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 767f686226 --------------------------- libxpm: upgrade 3.5.17 -> 3.5.18 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: b235ea79e6 --------------------------- libxmu: upgrade 1.2.1 -> 1.3.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: ea050910cb --------------------------- libxinerama: upgrade 1.1.5 -> 1.1.6 License-Update: 2025 added to Copyright and "All rights reserved." removed. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: a1094e22a2 --------------------------- libxext: upgrade 1.3.6 -> 1.3.7 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 6857e5e190 --------------------------- libxdamage: upgrade 1.1.6 -> 1.1.7 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: bedbd5b94a --------------------------- libxcomposite: upgrade 0.4.6 -> 0.4.7 License-Update: "All rights reserved." removed. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 45573da807 --------------------------- liburcu: upgrade 0.15.5 -> 0.15.6 Changelog: =========== * urcu-mb: Add missing TSAN annotation to _urcu_mb_read_lock_update * lfstack: Coding style cleanup * urcu-qsbr: Use CMM_SEQ_CST_FENCE for _urcu_qsbr_thread_online * urcu-mb: Use CMM_SEQ_CST_FENCE for _urcu_mb_read_lock_update * urcu-qsbr: Use CMM_SEQ_CST_FENCE for quiescent state update and offline * urcu-mb: Use CMM_SEQ_CST_FENCE for _urcu_mb_read_unlock_update_and_wakeup * Fix: Only include linux/time_types.h when __NR_futex_time64 is defined * Use __NR_futex_time64 in futex syscall wrapper Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: de328ceaa2 --------------------------- git: upgrade 2.52.0 -> 2.53.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: c52411a496 --------------------------- gi-docgen: upgrade 2025.5 -> 2026.1 Changelog: =========== - Parse method-inline for records, unions and interfaces - Use dot's `svg_inline` output format - Fix Red Hat Display italic font-face Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: f836e0d9a6 --------------------------- dos2unix: upgrade 7.5.3 -> 7.5.4 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 121dcc0c65 --------------------------- diffoscope: upgrade 306 -> 311 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 1218499d02 --------------------------- aspell: upgrade 0.60.8.1 -> 0.60.8.2 0001-modules-speller-default-vector_hash-t.hpp-fix-gcc-15.patch removed since it's included in 0.60.8.2 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 7a5237b7ae --------------------------- go: upgrade 1.25.6 -> 1.25.7 Upgrade to latest 1.25.x release [1]: $ git --no-pager log --oneline go1.25.6..go1.25.7 eaf3bc799a (tag: go1.25.7) [release-branch.go1.25] go1.25.7 c7d189e65c [release-branch.go1.25] crypto/tls: document resumption behavior across Configs 4512014530 [release-branch.go1.25] crypto/tls: revalidate whole chain on resumption on Windows and macOS d5987bff8a [release-branch.go1.25] crypto/tls: check verifiedChains roots when resuming sessions c2d04c0994 [release-branch.go1.25] crypto/tls: add verifiedChains expiration checking during resumption 6b1110a40f [release-branch.go1.25] Revert "crypto/tls: don't copy auto-rotated session ticket keys in Config.Clone" 0765a9d624 [release-branch.go1.25] crypto/x509: fix single label excluded name constraints handling b19100991a [release-branch.go1.25] cmd/go: remove user-content from doc strings in cgo ASTs. 738bc3a33c [release-branch.go1.25] cmd/compile: during regalloc, fixedreg values are always available Fixes CVE-2025-61732 and CVE-2025-68121. Release information: [2] [1] https://github.com/golang/go/compare/go1.25.6...go1.25.7 [2] https://groups.google.com/g/golang-announce/c/K09ubi9FQFk Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 1e73d0826b --------------------------- ltp: upgrade 20250930 -> 20260130 ChangeLog: https://github.com/linux-test-project/ltp/releases/tag/20260130 Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 34ffdfee81 --------------------------- mesa: remove libxml2-native dependency Native libxml2 is only needed for xmllint which in turn is only needed when build-tests meson option is enabled, which defaults to disabled and isn't enabled by the recipe. We may need to revisit this if we add ptest support in mesa I assume. Let's remove it from the DEPENDS for now. Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: e2010da0f1 --------------------------- mesa: make zlib dependency a PACKAGECONFIG zlib is a mesa meson feature which can be disabled so let's make it a PACKAGECONFIG. The motivation actually isn't about disabling it (though we now could as it's only required for a few things) but rather that this dependency is a non-native one. The issue is when a native-only (-native recipe name suffix + inherit native) recipe includes mesa.inc, it'll include the DEPENDS as well but will then depend on a non-native recipe because BitBake doesn't add a suffix to dependencies listed in DEPENDS for native-only recipes like it does for recipes with BBCLASSEXTEND = native. This is a way to circumvent the issue by making the dependency a PACKAGECONFIG dependency such that the listed DEPENDS (third parameter) will be properly modified by BitBake to have the native variant of the recipe pulled in. See[1] for more info on why this is needed. This is in preparation for the addition of a mesa-tools-native native-only package which will include mesa.inc. [1] https://lore.kernel.org/openembedded-core/07cd1d3c-4d67-4e60-b3d3-75953784f70f@cherry.de/ Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 833aa072f7 --------------------------- mesa: make expat dependency a PACKAGECONFIG expat is a mesa meson feature which can be disabled so let's make it a PACKAGECONFIG. The motivation actually isn't about disabling it (though we now could as it's only required for a few things) but rather that this dependency is a non-native one. The issue is when a native-only (-native recipe name suffix + inherit native) recipe includes mesa.inc, it'll include the DEPENDS as well but will then depend on a non-native recipe because BitBake doesn't add a suffix to dependencies listed in DEPENDS for native-only recipes like it does for recipes with BBCLASSEXTEND = native. This is a way to circumvent the issue by making the dependency a PACKAGECONFIG dependency such that the listed DEPENDS (third parameter) will be properly modified by BitBake to have the native variant of the recipe pulled in. See[1] for more info on why this is needed. Now that expat is a PACKAGECONFIG and that if it's not there expat isn't autodetected anymore by meson, having xmlconfig PACKAGECONFIG add expat as a DEPENDS (third parameter) is likely not enough anymore due to expat feature being explicitly disabled if expat is not in PACKAGECONFIG. Therefore, remove the third parameter for xmlconfig and add a comment telling the user there's a PACKAGECONFIG dependency here. Note that since this commit adds the expat PACKAGECONFIG to all recipes including mesa.inc, no change in behavior is expected. This is in preparation for the addition of a mesa-tools-native native-only package which will include mesa.inc. [1] https://lore.kernel.org/openembedded-core/07cd1d3c-4d67-4e60-b3d3-75953784f70f@cherry.de/ Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 5104df54df --------------------------- mesa: update patch status This patch was actually merged in main branch, so let's update the patch status to reflect that. Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 01a17de690 --------------------------- mesa: upgrade 25.3.3 -> 25.3.4 Upgrade mesa to the latest stable release. See https://docs.mesa3d.org/relnotes/25.3.4.html for release notes and sha256sum. Signed-off-by: Quentin Schulz Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: aae793a17e --------------------------- jquery: remove recipe Now that the reproducible selftest doesn't use this recipe, it is no longer used by any recipes that I can find. There is an alternative jquery recipe in meta-oe that is slightly different and has packaging consistent with with javascript recipes in the same layer. Signed-off-by: Ross Burton Reviewed-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: d3ee5497b1 --------------------------- oeqa/selftests/reproducible: use the jQuery CDN instead of jquery-native Instead of building jquery-native and then copying the file into the expected place in the build tree, simply tell diffoscope to load jQuery from their CDN. In the slim chance that the diffoscope report is viewed offline, the only regression is that sections cannot be collapsed. The advantage to this approach is that we no longer need to maintain a jquery-native recipe simply for the reproducible selftests. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 399ef1c3a9 --------------------------- oeqa/selftest/reproducible: clean up formatting in a long command line No code changes, just formatting. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: bd89d1c018 --------------------------- hosttools: force a --no-rosegment option if host ld supports it Please see https://bugzilla.yoctoproject.org/show_bug.cgi?id=16087 for the tricky, unpleasant details. The summary of the issue: >From Fedora 42 onwards, the --rosegment argument is passed to the linker by default when building native binaries. This triggers re-arrangement of sections by patchelf, resulting in binaries which are loaded incorrectly by older kernel versions. These "contaminated" native binaries end up in sstate and cause build failures when they are used on older distros such as AlmaLinux 8 & 9 or Rocky Linux 8 & 9. [YOCTO #16087] Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: adfb5c26f7 --------------------------- scripts/install-buildtools: Update to 5.3.1 Update to the 5.3.1 release of the 5.3 series for buildtools Signed-off-by: Aleksandar Nikolic Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 0e18934744 --------------------------- harfbuzz: upgrade 12.3.1 -> 12.3.2 Changelog: https://github.com/harfbuzz/harfbuzz/releases/tag/12.3.2 Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 78de34a957 --------------------------- utfcpp: upgrade 4.0.8 -> 4.0.9 A minor release: removing static asserts for C++98/03 builds Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: f5d2ecb6df --------------------------- mpg123: upgrade 1.33.3 -> 1.33.4 Changelog: mpg123: In terminal control, ignore 7-bit escape sequences to avoid spurious actions, e.g. when hitting cursor keys. ports/cmake: Avoid possibly conflicting use of SIZEOF_OFF_T CMake variable when embedding mpg123 with other projects using cmake and different off_t semantics. Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 61faf2f4f6 --------------------------- openssh: replace hardcoded paths by standard paths Use common definitions from bitbake.conf instead of hardcoded values for OPENSSH_HOST_KEY_DIR and OPENSSH_HOST_KEY_DIR_READONLY_CONFIG. Fixes: addd80ddfd89 ("openssh: add variable for key path") Signed-off-by: Antonin Godard Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 69ee8fd5c8 --------------------------- python3-wcwidth: upgrade 0.3.1 -> 0.5.3 Changelog: https://github.com/jquast/wcwidth/releases/tag/0.5.3 Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: f77062528d --------------------------- python3-cffi: Make test_parsing more resilient to changes in pycparser Add patch 0001-Make-test_parsing-more-resilient-to-changes-in.patch to fix ptest error when python3-pycparser updated to 3.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: ee1a997f0f --------------------------- rust: Upgrade 1.92.0 -> 1.93.0 https://blog.rust-lang.org/2026/01/22/Rust-1.93.0/ Rust changes: https://github.com/rust-lang/rust/releases/tag/1.93.0 Cargo changes: https://doc.rust-lang.org/nightly/cargo/CHANGELOG.html#cargo-193-2026-01-22 * rust-oe-selftest.patch updated for 1.93: Renamed UI test directive from add-core-stubs to add-minicore as in https://github.com/rust-lang/rust/commit/3796f7de57f5d4cf4325d1f13aeb07fdaa57983b * OE-selftests: - Exclude src/tools/remote-test-client from test suite. This unit test modifies the TEST_DEVICE_ADDR environment variable, which breaks the OE test harness that uses the same variable for QEMU remote testing. Filed a bug with upstream: https://github.com/rust-lang/rust/issues/151823 - Enable +v8a feature for cortexa57. Rust 1.93.0 added a regression test (PR #149549) to verify that the ARMv8-A system register ttbr0_el2 is recognized in inline assembly. This addresses issue #97724 where LLVM wasn't recognizing ttbr0_el2 as a valid register. Upstream Rust enables +v8a by default for all AArch64 targets (PR #105026), but Yocto's custom target specification doesn't inherit this. Adding +v8a ensures LLVM recognizes ARMv8-A system registers, fixing the test failure. Related upstream links: - PR #149549: https://github.com/rust-lang/rust/pull/149549 - Issue #97724: https://github.com/rust-lang/rust/issues/97724 - PR #105026: https://github.com/rust-lang/rust/pull/105026 Test results: rust v1.93.0 +-------------+--------+---------+ | Machine | Passed | Skipped | +-------------+--------+---------+ | qemux86-64 | 21,689 | 646 | | qemux86 | 21,439 | 896 | | qemuarm64 | 21,495 | 840 | | qemuarm | 21,421 | 914 | | qemuriscv64 | 21,466 | 869 | +-------------+--------+---------+ Test results difference (1.93.0 - 1.92.0): +-------------+--------+---------+ | Machine | Passed | Skipped | +-------------+--------+---------+ | qemux86-64 | +205 | +33 | | qemux86 | +205 | +33 | | qemuarm64 | +206 | +32 | | qemuarm | +205 | +33 | | qemuriscv64 | +205 | +33 | +-------------+--------+---------+ Signed-off-by: Hemanth Kumar M D Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 9b55e191fb --------------------------- lttng-tools: Upgrade 2.14.0 -> 2.14.1 Remove 0001-gen-ust-events-constructor-change-rpath-to-libdir-li.patch as the logic is included in 2.14.1 [1]. Remove 0001-eventfd.cpp-Remove-the-scope-resolution-operator.patch as the logic is included in 2.14.1 [2]. Remove 0001-liblttng-ctl-drop-index-allocator-symbols-from-versi.patch as the logic is included in 2.14.1 [3]. util_event_generator.sh is renamed to util_event_generator.py [4] and the .py install logic in included as below. find "${B}/tests/$d" -maxdepth 1 -type f -name "*.py" \ -exec install -t "${D}${PTEST_PATH}/tests/$d" {} + # ./run-ptest [snip] PASS: test_ust_data 8 - Validate UST event PASS: test_ust_data 9 - Create UST context PASS: test_ust_data 10 - Validate UST context PASS: test_ust_data 11 - Validate string length PASS: test_ust_data 12 - Create UST exclusion PASS: test_ust_data 13 - Create UST event with identical exclusion names fails PASS: test_ust_data 14 - Create UST exclusion PASS: test_ust_data 15 - Create UST event with different exclusion names PASS: test_ust_data 16 - Validate UST event and exclusion ============================================================================ Testsuite summary for lttng-tools 2.14.1 ============================================================================ # TOTAL: 1089 # PASS: 1089 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 [1] https://github.com/lttng/lttng-tools/commit/409ea456e181a769fc7e4b0a44823be0bdc8b9ce [2] https://github.com/lttng/lttng-tools/commit/e58aac43fc498e48eb0bfb871dd5b50e54a5e93e [3] https://github.com/lttng/lttng-tools/commit/e7eaad663489f8a12568f8ca84429b6ed64dc8c5 [4] https://github.com/lttng/lttng-tools/commit/7126bceecea9ed5d981863400ee7c4ba13042871 Signed-off-by: Mingli Yu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 61d337c966 --------------------------- oeqa/logparser: ignore comments in the test log Whilst the log format is normally pretty simple: PASS: foo SKIP: bar It's entirely possible for there to be an explanatory comment: SKIP: bar # only runs under Windows We currently use the entire string after the test state as the test name, which includes the comment. This can lead to long test names, for example: test_dtype.py:TestStructuredObjectRefcounting.test_structured_object_ create_delete[ones-1-]_#_SKIP_Python_3.12_has_immortal_ refcounts,_this_test_will_no_longer_work._See_gh-23986 Whilst these test names are very long it isn't normally a problem, but some packages have non-deterministic skip messages: test_ufunc.py:TestUfunc.test_identityless_reduction_huge_array_#_ SKIP_6.442450944_GB_memory_required,_but_3.366531072_GB_available This leads to churn in the test reports. The comment isn't needed, so strip it out when computing the test name. Note that this will result in a number of tests disappearing in the test reports, with an identical number of new tests appearing. [1] https://www.gnu.org/software/automake/manual/automake.html#Scripts_002dbased-Testsuites-1 Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: d7c8cacaa9 --------------------------- python3-unittest-automake-output: upgrade to 0.4 Notable changes: pytest: handle skipping without custom message tests: update test output based on latest pytest Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 1e6b810f60 --------------------------- gawk: trim native build configuration When we build gawk-native it is only for use in builds where the host gawk output isn't reproducible across versions[1]. As such it doesn't need support for readline or mprf, and by removing those from gawk-native we can get building gawk-native sooner. [1] oe-core c5bbf0a60b ("gawk: use native gawk when building glibc and grub") Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: d7d9044a8d --------------------------- Revert "mdadm: upgrade 4.4 -> 4.5" This reverts commit 15de700d5f3d42a3b897301a92c3ffb86c5b42a7. Unfortunately the update is causing reproducibility issues: https://autobuilder.yoctoproject.org/valkyrie/#/builders/37/builds/3317 https://valkyrie.yocto.io/pub/repro-fail/oe-reproducible-20260209-a0dgcw5d/packages/diff-html/ Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 7d24dc005f --------------------------- python3-packaging: upgrade 25.0 -> 26.0 Skip the testcase test_pylock.py as this depends on tomli_w, which isn't currently part of core. Upstream changelog: Features: * PEP 751: support pylock * PEP 794: import name metadata * Support for writing metadata to a file * Support __replace__ on Version * Support positional pattern matching for Version and SpecifierSet Behavior adaptations: * PEP 440 handling of prereleases for Specifier.contains, SpecifierSet.contains, and SpecifierSet.filter * Handle PEP 440 edge case in SpecifierSet.filter * Adjust arbitrary equality intersection preservation in SpecifierSet * Return False instead of raising for .contains with invalid version * Support arbitrary equality on arbitrary strings for Specifier and SpecifierSet's filter and contains method. * Only try to parse as Version on certain marker keys, return False on unequal ordered comparisons Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 9ab59c7cf3 --------------------------- linux-yocto/6.18: update to v6.18.8 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: d905362ff5b86 Linux 6.18.8 5b0caf3913e72 mm/vma: enforce VMA fork limit on unfaulted,faulted mremap merge too a4d9dbfc1bab1 mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge 9966c8cc987e3 irqchip/renesas-rzv2h: Prevent TINT spurious interrupt during resume 79966baabcfe9 arm64: dts: qcom: talos: Correct UFS clocks ordering 25be3c170ff8e iio: core: add separate lockdep class for info_exist_lock 2dabc85131c84 iio: core: Replace lockdep_set_class() + mutex_init() by combined call c5dbad55ce02a mm/hugetlb: fix two comments related to huge_pmd_unshare() 918ba220debc4 mm: fix some typos in mm module 908795c02dbc7 Bluetooth: btintel_pcie: Support for S4 (Hibernate) ab140fc931083 gpio: cdev: Fix resource leaks on errors in gpiolib_cdev_register() 16414341b0dd5 gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify() 919f27eb24b0e gpio: cdev: Correct return code on memory allocation failure e7200b0a4b2a5 drm/xe: fix WQ_MEM_RECLAIM passed as max_active to alloc_workqueue() 85d4652f9cdcf drm/xe: Adjust page count tracepoints in shrinker 569ed6a73e927 drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind ce2cca8e27d16 drm/amdgpu: remove frame cntl for gfx v12 07e9373739c63 can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak d374d715e338d can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak 3b1a593eab941 can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak a9503ae43256e can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak 68c62b3e53901 can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak aac95b3dd1c26 net: txgbe: remove the redundant data return in SW-FW mailbox 69b5b028fc130 net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick 326470b33c28a net: fec: account for VLAN header in frame length calculations 03faa61eb4b9c irqchip/gic-v3-its: Avoid truncating memory addresses cdb3f95a94f9f perf/x86/intel: Do not enable BTS for guests f8cf1368e0a54 rxrpc: Fix data-race warning and potential load/store tearing 8a957e6d3d262 rust: irq: always inline functions using build_assert with arguments ad60902a98181 rust: io: always inline functions using build_assert with arguments 8776dfa846d5c pmdomain:rockchip: Fix init genpd as GENPD_STATE_ON before regulator ready fd675de6bddf7 pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu bbcca5a60c88a platform/x86: hp-bioscfg: Fix automatic module loading 9f5fa78d9980f netrom: fix double-free in nr_route_frame() 92e4f11e29b98 uacce: ensure safe queue release with state management ba29b59d124e7 uacce: implement mremap in uacce_vm_ops to return -EPERM 82821a681d5dc uacce: fix isolate sysfs check condition bd2393ed77125 uacce: fix cdev handling in the cleanup path 242cbb3df97af s390/boot/vmlinux.lds.S: Ensure bzImage ends with SecureBoot trailer ea1b2081d594b s390/ap: Fix wrong APQN fill calculation f1cb33a82818d mei: trace: treat reg parameter as string f9b059bda4276 intel_th: fix device leak on output open() 3b90d099efa2b tracing: Fix crash on synthetic stacktrace field usage 6602bb4d1338e slimbus: core: fix device reference leak on report present 5f13c946ca449 slimbus: core: fix runtime PM imbalance on report present b8a2639341951 octeontx2: Fix otx2_dma_map_page() error return code d1943bc9dc950 ksmbd: smbd: fix dma_unmap_sg() nents 6e32070d29d1a arm64: Set __nocfi on swsusp_arch_resume() 7b5a52cf252a0 arm64/fpsimd: signal: Fix restoration of SVE context 70f7f54566afc arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA 4f39984176e7e arm64/fpsimd: ptrace: Fix SVE writes on !SME systems 31efbcff90884 wifi: rsi: Fix memory corruption due to not set vif driver data size 0adefb6396d7b wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() 4846b32be324f wifi: ath12k: fix dma_free_coherent() pointer 07f363f305793 wifi: ath10k: fix dma_free_coherent() pointer 448a2071a8438 drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) 41ec698854781 iommu/io-pgtable-arm: fix size_t signedness bug in unmap path 36be050f21dea mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode 6c4555bfd4383 mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function dc1a5dd80af1e ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() 31a3eba5c265a ALSA: scarlett2: Fix buffer overflow in config retrieval 29f43e8ec7bf0 ALSA: hda/realtek: Add quirk for Samsung 730QED to fix headphone 873e2360d247e ALSA: ctxfi: Fix potential OOB access in audio mixer handling 59e54709f9a97 iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl db16e7c52032c iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source de8755ae2912d iio: chemical: scd4x: fix reported channel endianness d06a4f6c2b186 iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot b6ffc2de37253 iio: adc: exynos_adc: fix OF populate on driver rebind d890234a91570 iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver 348356c91909f iio: adc: ad9467: fix ad9434 vref mask ad25bb51203d0 iio: accel: iis328dq: fix gain values fa322c8bb2ea4 iio: accel: adxl380: fix handling of unavailable "INT1" interrupt 1b68efce6dd48 migrate: correct lock ordering for hugetlb file folios 1093e0a96d168 of: platform: Use default match table for /firmware 7685286dd7a5e of: fix reference count leak in of_alias_scan() 67270881c8cf2 panic: only warn about deprecated panic_print on write access 78822628165f3 leds: led-class: Only Add LED to leds_list when it is fully ready c9aeb168e88d2 keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal 4040b84ec04a6 x86: make page fault handling disable interrupts properly e343973fab43c Octeontx2-af: Add proper checks for fwdata 236a657422a56 dpll: Prevent duplicate registrations 6c75fed550800 net/sched: act_ife: avoid possible NULL deref 3b796b1ecfd3b hinic3: Fix netif_queue_set_napi queue_index input parameter error 84ef86aa71204 vsock/virtio: cap TX credit to local buffer size 0aa25bbfd5ea5 vsock/test: fix seqpacket message bounds test ec0f1b3da8061 vsock/virtio: fix potential underflow in virtio_transport_get_credit() 095ec3482a7d3 net: openvswitch: fix data race in ovs_vport_get_upcall_stats e22381c1299f7 octeontx2-af: Fix error handling b658306ce3835 net: pcs: pcs-mtk-lynxi: report in-band capability for 2500Base-X cccf79f688de9 net: dsa: fix off-by-one in maximum bridge ID determination 05f8f55899289 net: bcmasp: Fix network filter wake for asp-3.0 de97735a40a14 bonding: provide a net pointer to __skb_flow_dissect() cb32707497d48 selftests: net: amt: wait longer for connection before sending packets 31410a01a86bc be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list f47c6e5a532cc drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors fbc8d1a39da9f drm/nouveau: add missing DCB connector types 8fd181dada6ea drm/amdgpu: fix type for wptr in ring backup c6ec1f665f8f7 drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) c85aac064f5c2 drm/amd/pm: Don't clear SI SMC table when setting power limit 91243b926ae96 drm/amd/pm: Fix si_dpm mmCG_THERMAL_INT setting 79a074be9b57e sched/fair: Fix pelt clock sync when entering idle 23c0e4bd93d0b perf: Fix refcount warning on event->mmap_count increment 9d88a79e9018c selftests/ublk: fix garbage output in foreground mode e2f4eac26f018 selftests/ublk: fix error handling for starting device 814e8643b453d selftests/ublk: fix IO thread idle check 26bf09b6320b8 ublk: fix ublksrv pid handling for pid namespaces 437553d649647 drm/xe: Update wedged.mode only after successful reset policy change 7c49c91121194 drm/xe/pm: Add scope-based cleanup helper for runtime PM e59924c266a45 drm/xe/migrate: fix job lock assert 9bba27c222e0e drm/xe/uapi: disallow bind queue sharing 54c19e7eb2636 clocksource: Reduce watchdog readout delay limit to prevent false positives 0db865321e63d Octeontx2-pf: Update xdp features 00a39a148d2fb usbnet: limit max_mtu based on device's hard_mtu e3c1040252e59 ipv6: annotate data-race in ndisc_router_discovery() 7ac345a93af31 mISDN: annotate data-race around dev->work d7beeb64be5ca net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue bb90d1799073d net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M 5e5dae04ef971 be2net: fix data race in be_get_new_eqd 7539ae6c67a75 idpf: Fix data race in idpf_net_dim b29f51399626b net: hns3: fix data race in hns3_fetch_stats 1f24dfd556401 net: phy: intel-xway: fix OF node refcount leakage 2ea06ebaa4abd idpf: read lower clock bits inside the time sandwich 87c1dacca197c ice: fix devlink reload call trace a3d99e2fbf014 ice: add missing ice_deinit_hw() in devlink reinit path ec0bfc3ed7e7f ice: Fix persistent failure in ice_get_rxfh 68462ecc40ea8 netdevsim: fix a race issue related to the operation on bpf_bound_progs list 9eb4e2396cd7f vsock/test: Do not filter kallsyms by symbol type 902fd1026ca42 drm/imagination: Wait for FW trace update command completion eb98125fa2b33 drm/mediatek: dpi: Find next bridge during probe fccaa85ffb73c drm/xe: Disable timestamp WA on VFs aa29fe8c1d86b drm/xe/vm: fix xe_vm_validation_exec() kernel-doc bc0812416e089 drm/xe/xe_late_bind_fw: fix enum xe_late_bind_fw_id kernel-doc a807e4f4f63a5 iommu/amd: Fix error path in amd_iommu_probe_device() 06657690854fa ntb: transport: Fix uninitialized mutex ecb2c8732680c ALSA: usb: Increase volume range that triggers a warning aa14451fa5d5f scsi: qla2xxx: Sanitize payload size to prevent member overflow 219f009ebfd1e scsi: core: Wake up the error handler when final completions race against each other 1a0072bd1f1e5 platform/x86/amd: Fix memory leak in wbrf_record() 5f1f79cb90f5e platform/mellanox: Fix SN5640/SN5610 LED platform data e150008568a5d riscv: suspend: Fix stimecmp update hazard on RV32 c4b55a4c600fa riscv: clocksource: Fix stimecmp update hazard on RV32 82fb54efe7e0f kconfig: fix static linking of nconf c2d2cf710dc3e regmap: Fix race condition in hwspinlock irqsave routine f6d6b3f172df1 spi: spi-sprd-adi: Fix double free in probe error path 5d7c7e1fb3ec2 interconnect: debugfs: initialize src_node and dst_node to empty strings bcb9803aa1db7 iio: adc: ad7606: Fix incorrect type for error return variable 489b88567f24d iio: adc: ad7280a: handle spi_setup() errors in probe() 81ed6e42d6e55 iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection bdf0bf73006ea io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop 8f7c9dbeaa0be timekeeping: Adjust the leap state for the correct auxiliary timekeeper 2fc23eaea11a7 mm: restore per-memcg proactive reclaim with !CONFIG_NUMA f723037e2bfe3 mm/rmap: fix two comments related to huge_pmd_unshare() 69c4e241ff135 mm/hugetlb: fix hugetlb_pmd_shared() 193922a23d729 platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro 800b2767905d6 platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names 83eae3692c353 drm, drm/xe: Fix xe userptr in the absence of CONFIG_DEVICE_PRIVATE 3f4ed5e2b8f11 fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() ec56b9f1c1b9b comedi: Fix getting range information for subdevices 16 to 255 3fe8abec037f5 x86/kfence: avoid writing L1TF-vulnerable PTEs 930114425065f rxrpc: Fix recvmsg() unconditional requeue f60ba4a97ae3f slab: fix kmalloc_nolock() context check for PREEMPT_RT 37a63671df78f arm64: dts: rockchip: Configure MCLK for analog sound on NanoPi M5 df546b3311582 arm64: dts: rockchip: Fix headphones widget name on NanoPi M5 7eb3e77873605 arm64: dts: rockchip: fix unit-address for RK3588 NPU's core1 and core2's IOMMU 3569a00f66a87 arm64: dts: rockchip: Fix voltage threshold for volume keys for Pinephone Pro 18d2d227ccd77 arm64: dts: rockchip: remove dangerous max-link-speed from helios64 c8039a60c31dc arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s 808d8755fc6e6 ARM: dts: microchip: sama7d65: fix size-cells property for i2c3 5f403d64af721 ARM: dts: microchip: sama7d65: fix the ranges property for flx9 cd3c1f823e213 i2c: spacemit: drop IRQF_ONESHOT flag from IRQ request 24c441f0e24da scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() a5e4d969392ce scsi: storvsc: Process unsupported MODE_SENSE_10 bfe76b0f9f3e9 Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA 2c61ca3c5bed6 Input: i8042 - add quirks for MECHREVO Wujie 15X Pro 5d5b227c92721 Revert "nfc/nci: Add the inconsistency check between the input data length and count" 3f5ef08f302cc w1: fix redundant counter decrement in w1_attach_slave_device() e6b2609af21b5 w1: therm: Fix off-by-one buffer overflow in alarms_store 169164fe51b27 comedi: dmm32at: serialize use of paged registers 2501c49306238 serial: Fix not set tty->port race condition 0b7383aceaad1 serial: 8250_pci: Fix broken RS485 for F81504/508/512 f4748bfa3d3e2 wifi: mac80211: don't perform DA check on S1G beacon 9532ff0d0e90f crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec 77f1afd0bb4d5 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag 16ed73c1282d3 net/sched: Enforce that teql can only be used as root qdisc ed80f605edd6c octeontx2: cn10k: fix RX flowid TCAM mask handling 6a81e2db09691 ipvlan: Make the addrs_lock be per port 32d417497b79e l2tp: avoid one data-race in l2tp_tunnel_del_work() a635ae2a9fdb8 pwm: max7360: Populate missing .sizeof_wfhw in max7360_pwm_ops 4230e8cd2f1b4 pwm: Ensure ioctl() returns a negative errno on error 0f6e1ff56cd27 veth: fix data race in veth_get_ethtool_stats 9b75dff8446ec fou: Don't allow 0 for FOU_ATTR_IPPROTO. 18da5acb3c03d tools: ynl: Specify --no-line-number in ynl-regen.sh. 5437a279804ce gue: Fix skb memleak with inner IP protocol 0. 392b28d404b74 amd-xgbe: avoid misleading per-packet error log 0c4adb1f391a7 sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT c3edc14da81a8 can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error 4f727c422b7fc net: freescale: ucc_geth: Return early when TBI PHY can't be found 5ebc24f9dbe4f selftests: net: fib-onlink-tests: Convert to use namespaces by default d4ce79e6dce2a l2tp: Fix memleak in l2tp_udp_encap_recv(). 43dee6f7ef1d2 bonding: limit BOND_MODE_8023AD to Ethernet devices b9f0896f8e229 net: usb: dm9601: remove broken SR9700 support 63ef9b300bd09 vsock/virtio: Coalesce only linear skb 88037973c8ef6 igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue 41d7a27c47b8a igc: fix race condition in TX timestamp read for register 0 a38d2c624639c igc: Restore default Qbv schedule when changing channels 695c909d1815b ice: Fix incorrect timeout ice_release_res() 753171a695b93 ice: Avoid detrimental cleanup for bond during interface stop 0bc8d94bf6694 ice: initialize ring_stats->syncp c35a0cb145f2c wifi: ath12k: Fix wrong P2P device link id issue 06ac2aa13f701 wifi: ath12k: fix dead lock while flushing management frames c8e5f49667f5f wifi: ath12k: Fix scan state stuck in ABORTING after cancel_remain_on_channel 1aa6698924595 wifi: ath12k: cancel scan only on active scan vdev 887032ba3ff23 ata: libata: Print features also for ATAPI devices d5529d36e7646 ata: libata: Add DIPM and HIPM to ata_dev_print_features() early return 93f484d63f873 ata: libata: Add cpr_log to ata_dev_print_features() early return 7fe7e7858b32d ata: libata-sata: Improve link_power_management_supported sysfs attribute 05db73211387f ata: libata: Call ata_dev_config_lpm() for ATAPI devices 62ced8e065787 ata: ahci: Do not read the per port area for unimplemented ports a57459614aa69 wifi: ath12k: don't force radio frequency check in freq_to_idx() d395afac28adb pmdomain: qcom: rpmhpd: Add MXC to SC8280XP 0f56c3f23ed56 dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO 4818f28cd9023 btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE 6abad2eb9a1bd Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() 4f6884288e4b7 perf parse-events: Fix evsel allocation failure 83eeeb8c1acb7 arm64: dts: rockchip: Fix wrong register range of rk3576 gpu 2d73b3ed28be1 arm64: dts: qcom: sm8650: Fix compile warnings in USB controller node 0e5ad343afa30 arm64: dts: qcom: sm8550: Fix compile warnings in USB controller node 27357b61522f7 arm64: dts: qcom: sc8280xp: Add missing VDD_MXC links Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: fc75960c7f --------------------------- linux-yocto/6.18: beaglebone black: boot and graphics fixes Integrating the following commit(s) to linux-yocto/6.18: 1/2 [ Author: Kevin Hao Email: haokexin@gmail.com Subject: net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue Date: Wed, 4 Feb 2026 14:27:57 +0800 commit c0b5dc73a38f954e780f93a549b8fe225235c07a from net Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.") removed the RTNL lock for IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP operations. However, this change triggered the following call trace on my BeagleBone Black board: WARNING: net/8021q/vlan_core.c:236 at vlan_for_each+0x120/0x124, CPU#0: rpcbind/496 RTNL: assertion failed at net/8021q/vlan_core.c (236) Modules linked in: CPU: 0 UID: 997 PID: 496 Comm: rpcbind Not tainted 6.19.0-rc6-next-20260122-yocto-standard+ #8 PREEMPT Hardware name: Generic AM33XX (Flattened Device Tree) Call trace: unwind_backtrace from show_stack+0x28/0x2c show_stack from dump_stack_lvl+0x30/0x38 dump_stack_lvl from __warn+0xb8/0x11c __warn from warn_slowpath_fmt+0x130/0x194 warn_slowpath_fmt from vlan_for_each+0x120/0x124 vlan_for_each from cpsw_add_mc_addr+0x54/0xd8 cpsw_add_mc_addr from __hw_addr_ref_sync_dev+0xc4/0xec __hw_addr_ref_sync_dev from __dev_mc_add+0x78/0x88 __dev_mc_add from igmp6_group_added+0x84/0xec igmp6_group_added from __ipv6_dev_mc_inc+0x1fc/0x2f0 __ipv6_dev_mc_inc from __ipv6_sock_mc_join+0x124/0x1b4 __ipv6_sock_mc_join from do_ipv6_setsockopt+0x84c/0x1168 do_ipv6_setsockopt from ipv6_setsockopt+0x88/0xc8 ipv6_setsockopt from do_sock_setsockopt+0xe8/0x19c do_sock_setsockopt from __sys_setsockopt+0x84/0xac __sys_setsockopt from ret_fast_syscall+0x0/0x5 This trace occurs because vlan_for_each() is called within cpsw_ndo_set_rx_mode(), which expects the RTNL lock to be held. Since modifying vlan_for_each() to operate without the RTNL lock is not straightforward, and because ndo_set_rx_mode() is invoked both with and without the RTNL lock across different code paths, simply adding rtnl_lock() in cpsw_ndo_set_rx_mode() is not a viable solution. To resolve this issue, we opt to execute the actual processing within a work queue, following the approach used by the icssg-prueth driver. Fixes: 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.") Signed-off-by: Kevin Hao Cc: stable@vger.kernel.org Link: https://patch.msgid.link/20260203-bbb-v5-1-ea0ea217a85c@gmail.com Signed-off-by: Jakub Kicinski Signed-off-by: Bruce Ashfield ] 2/2 [ Author: Kevin Hao Email: haokexin@gmail.com Subject: drm/tilcdc: Set preferred depth Date: Wed, 4 Feb 2026 14:27:58 +0800 The commit c91acda3a380 ("drm/gem: Check for valid formats") adds a check for valid pixel formats on drm_gem_fb_create(), but this breaks the X server on the beaglebone black board. We have set 'DefaultDepth' to 16 in our xorg.conf. In the X modesetting driver, the drmmode_get_default_bpp() is used to guess the default depth/bpp. First it tries to get them via DRM_CAP_DUMB_PREFERRED_DEPTH ioctl, and if it fail, then try to create a FB with 'depth = 24' and 'bpp = 32' to check whether this depth/dpp is a valid combo. Before the kernel commit c91acda3a380, the FB always can be created successfully. This will avoid the bpp to be set to 24 forcibly. But after kernel commit c91acda3a380, the FB will not be created successfully due to the check of the valid pixel format. Then the bpp is set to 24, but the 'depth = 16' and 'bpp = 24' combo is not a valid pixel format. Fix this issue by explicitly setting the preferred_depth in this driver. With this change, the modesetting driver would choose the correct depth/bpp combo based on our setting in xorg.conf. Fixes: c91acda3a380 ("drm/gem: Check for valid formats") Cc: stable@vger.kernel.org Signed-off-by: Kevin Hao Link: https://lore.kernel.org/r/20240317033918.535716-1-haokexin@gmail.com/ Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 32d4a63598 --------------------------- linux-yocto/6.18: update CVE exclusions (6.18.8) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2026-1896 - 0 updated CVEs: Date: Wed, 4 Feb 2026 23:41:08 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 89986802b3 --------------------------- linux-yocto/6.18: update CVE exclusions (6.18.7) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 10 changes (10 new | 0 updated): - 10 new CVEs: CVE-2025-11065, CVE-2025-11687, CVE-2025-14459, CVE-2025-14525, CVE-2025-14969, CVE-2025-9520, CVE-2025-9521, CVE-2025-9522, CVE-2026-0810, CVE-2026-1190 - 0 updated CVEs: Date: Mon, 26 Jan 2026 19:39:25 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 4a5d0919ef --------------------------- linux-yocto/6.18: update to v6.18.7 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: 5dfbc5357c34b Linux 6.18.7 d6a25e6ee3ec3 iommu/sva: include mmu_notifier.h header 2d1bf4a7b8ed8 Revert "functionfs: fix the open/removal races" 3098f8f7c7b06 mm/page_alloc: prevent pcp corruption with SMP=n baea24956aea9 mm/page_alloc: batch page freeing in decay_pcp_high 2a72a8ddf1888 mm/page_alloc/vmstat: simplify refresh_cpu_vm_stats change detection 9ac63333d6007 btrfs: fix deadlock in wait_current_trans() due to ignored transaction type 7e58addb8e053 HID: intel-ish-hid: Fix -Wcast-function-type-strict in devm_ishtp_alloc_workqueue() 3d72fadb764c4 HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume blocking 9f0a7ab700f86 iommu/sva: invalidate stale IOTLB entries for kernel address space b3039c526f3e1 mm: introduce deferred freeing for kernel page tables a1593c90896ba x86/mm: use pagetable_free() c32806bf45b62 mm: introduce pure page table freeing function b63c129bc3adb x86/mm: use 'ptdesc' when freeing PMD pages 83ce8bf84846a mm: actually mark kernel page table pages 1ca0f9e97f315 mm: add a ptdesc flag to mark kernel page tables b3bbbf9da38c2 dmaengine: ti: k3-udma: fix device leak on udma lookup 30352277d8e09 dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation 61e8970b0de16 dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation f45b1d8bf9d0a dmaengine: stm32: dmamux: fix OF node leak on route allocation failure 3ef52d31cce8b dmaengine: stm32: dmamux: fix device leak on route allocation 8dd65e98ce209 dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() 926d1666420c2 dmaengine: sh: rz-dmac: fix device leak on probe failure 55a67ba5ac4ce dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() 9249462c55d56 dmaengine: lpc32xx-dmamux: fix device leak on route allocation 1e47d80f6720f dmaengine: lpc18xx-dmamux: fix device leak on route allocation a7226fd61def7 dmaengine: idxd: fix device leaks on compat bind and unbind dd5d96722a967 dmaengine: fsl-edma: Fix clk leak on alloc_chan_resources failure eabe40f8a53c2 dmaengine: dw: dmamux: fix OF node leak on route allocation failure 9b3cff9f4007a dmaengine: cv1800b-dmamux: fix device leak on route allocation 2ed1a9de1f2d7 dmaengine: bcm-sba-raid: fix device leak on probe f3c23b7e94134 dmaengine: at_hdmac: fix device leak on of_dma_xlate() 3706be7cbcd5f dmaengine: apple-admac: Add "apple,t8103-admac" compatible fc53a66227af0 LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy() 5defcc2f9c22e LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() e94ec9661c582 LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() a227c3c98f092 LoongArch: dts: loongson-2k2000: Add default interrupt controller address cells 8a692ca14f4ca LoongArch: dts: loongson-2k1000: Fix i2c-gpio node names dea25e8f6b744 LoongArch: dts: loongson-2k1000: Add default interrupt controller address cells aa866e4a13080 LoongArch: dts: loongson-2k0500: Add default interrupt controller address cells 621fcd0aec180 drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() cf60e6b1bf0c3 drm/sysfb: Remove duplicate declarations 9c676c7a054bc drm/panel: simple: restore connector_type fallback f7940d3ec1dc6 drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel d4373630fd331 drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare a92ef24071f39 drm/amdkfd: fix a memory leak in device_queue_manager_init() 0080a3f3fd917 drm/amdgpu: make sure userqs are enabled in userq IOCTLs 531b1b83cfa0b drm/amdgpu: Fix gfx9 update PTE mtype flag b705daaf5f8c4 drm/amd: Clean up kfd node on surprise disconnect 568c29c7c7c83 drm/amd/display: Initialise backlight level values from hw 26ed15a42b743 drm/amd/display: Bump the HDMI clock to 340MHz c1cc55ea5e956 LoongArch: dts: Describe PCI sideband IRQ through interrupt-extended 5b14ce4975a02 LoongArch: Fix PMU counter allocation for mixed-type event groups 78b4eb99751eb mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure 9dc11b365e4eb mm/damon/sysfs: cleanup intervals subdirs on attrs dir setup failure 725d4fdaa01bd mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure 253b8f56667ff mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure 23b061f421eef mm/damon/core: remove call_control in inactive contexts 0e8838c91e24f mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free 2ff7e1d125f79 mm/zswap: fix error pointer free in zswap_cpu_comp_prepare() 2a0db14ff1bc7 mm: numa,memblock: include for 'numa_nodes_parsed' b5cb343f0c3d0 mm: kmsan: fix poisoning of high-order non-compound pages 17f95d348589b nvme: fix PCIe subsystem reset controller state transition 43d8f1f001072 x86/resctrl: Fix memory bandwidth counter width for Hygon 1144298c10089 x86/resctrl: Add missing resctrl initialization for Hygon 0b4c0fbbe00b7 i2c: riic: Move suspend handling to NOIRQ phase bd4e97674582a tcpm: allow looking for role_sw device in the main node 51afd139fac44 EDAC/i3200: Fix a resource leak in i3200_probe1() 3981650922417 EDAC/x38: Fix a resource leak in x38_probe1() d53b8e05be46a hrtimer: Fix softirq base check in update_needs_ipi() 06e26287f2e34 ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref d1b24a57662b6 ext4: fix ext4_tune_sb_params padding 5caac66da5ba8 ASoC: codecs: wsa881x: fix unnecessary initialisation 2de213de61031 nvme-pci: disable secondary temp for Wodposit WPBSNM8 a045dab08049e USB: serial: ftdi_sio: add support for PICAXE AXE027 cable 37bbcfa2bac9b USB: serial: option: add Telit LE910 MBIM composition 525779e2df9e5 USB: OHCI/UHCI: Add soft dependencies on ehci_platform 6e4663c6ec273 usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor 5468051245c23 usb: dwc3: Check for USB4 IP_NAME 01120b22c57c5 usb: gadget: uvc: fix req_payload_size calculation aee473246134b usb: gadget: uvc: fix interval_duration calculation 34f6634dba87e xhci: sideband: don't dereference freed ring when removing sideband endpoint 11c82acb4876c usb: host: xhci-tegra: Use platform_get_irq_optional() for wake IRQs 69d1c05268a86 phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 b74edae2a0c7a phy: fsl-imx8mq-usb: fix typec orientation switch when built as module e26755512623f phy: rockchip: inno-usb2: fix disconnection in gadget mode 33194f81b6867 phy: freescale: imx8m-pcie: assert phy reset during power on efe92ee7a111f phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() 8b125923f4ea5 phy: ti: gmii-sel: fix regmap leak on probe failure d51f1db5a5f8c phy: rockchip: inno-usb2: fix communication disruption in gadget mode 5a08dc1d8de3f x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers 568aeb3476c77 lib/buildid: use __kernel_read() for sleepable context ccc578d2e1540 virtio-net: don't schedule delayed refill worker ccd18d250ad8f xfs: Fix the return value of xfs_rtcopy_summary() bca07e57e4729 xfs: set max_agbno to allow sparse alloc of last full inode chunk 9aef476717994 ftrace: Do not over-allocate ftrace memory ab09a7816c746 tools/testing/selftests: fix gup_longterm for unknown fs 3a1c3cd770f48 tools/testing/selftests: add forked (un)/faulted VMA merge tests 6ca76572c6049 tools/testing/selftests: add tests for !tgt, src mremap() merges 6121b7564c725 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts d922e7c5bb642 can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit. 9f669a38ca708 can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak f1718da051282 null_blk: fix kmemleak by releasing references to fault configfs items ded801af28a99 ALSA: hda/realtek: Add quirk for HP Pavilion x360 to enable mute LED 819268882628f ALSA: hda/tas2781: Skip UEFI calibration on ASUS ROG Xbox Ally X 670cd1c2384ac ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer 522a38f455bff selftests: kvm: try getting XFD and XSAVE state out of sync 580581bd4af55 selftests: kvm: replace numbered sync points with actions 2674004ddc1fb scsi: core: Fix error handler encryption support 3667af036eead selftests/bpf: Fix selftest verif_scale_strobemeta failure with llvm22 f57953023f736 HID: usbhid: paper over wrong bNumDescriptor field 0754d5caac719 sched: Deadline has dynamic priority f32d9e475a41f sched/deadline: Avoid double update_rq_clock() cf40c73ab25bc i2c: imx-lpi2c: change to PIO mode in system-wide suspend/resume progress 11ae04ebbe6e5 i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA 612cbe1aebb32 soundwire: bus: fix off-by-one when allocating slave IDs 829b00481734d dmaengine: omap-dma: fix dma_pool resource leak in error paths d91cee31906a8 selftests/landlock: Properly close a file descriptor cdcaec67c55ef phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) f73f911a4cdf0 landlock: Fix wrong type usage a45001796aa00 selftests/landlock: Remove invalid unix socket bind() c589bc6433667 selftests/landlock: Fix TCP bind(AF_UNSPEC) test case 75ef8c94d4303 landlock: Fix TCP handling of short AF_UNSPEC addresses 15dfbe9079987 phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors 7c27eaf183563 phy: stm32-usphyc: Fix off by one in probe() 4ac15caa27ff8 phy: qcom-qusb2: Fix NULL pointer dereference on early suspend d279f7e17b6d4 phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it f93c703368921 dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing be655c3736b35 dmaengine: tegra-adma: Fix use-after-free 5e7ad329d259c dmaengine: xilinx: xdma: Fix regmap max_register 974f241095aaf dmaengine: mmp_pdma: fix DMA mask handling 94413a84067c3 NFS: Fix size read races in truncate, fallocate and copy offload 8bc6d92b9a3ed drivers/dax: add some missing kerneldoc comment fields for struct dev_dax aec20f3aa684b mips: fix HIGHMEM initialization 2a582a2ca8dae mm, kfence: describe @slab parameter in __kfence_obj_info() cf85a91aa82ea textsearch: describe @list member in ts_ops search cf6d059b53728 mm: describe @flags parameter in memalloc_flags_save() e1a30e1ab33fc drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 3d05c5e101521 drm/amdkfd: No need to suspend whole MES to evict process 226d5d24c7ce1 drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 e17e32903684e drm/amd/display: Show link name in PSR status message a1aedf4053af7 drm/amdgpu: fix drm panic null pointer when driver not support atomic 7481e7b9d7366 ASoC: tlv320adcx140: fix word length 53bd838ed5950 ASoC: tlv320adcx140: fix null pointer 07d6d21b85137 ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type e9d8f11652fa0 net/sched: sch_qfq: do not free existing class in qfq_change_class() a3a4296d8b5b1 selftests: drv-net: fix RPS mask handling for high CPU numbers 8b6dcb565e419 ipv6: Fix use-after-free in inet6_addr_del(). 722de94521614 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() 11dd9a9ef4dc4 net: hv_netvsc: reject RSS hash key programming without RX indirection table 78ee2958b096c ALSA: hda/cirrus_scodec_test: Fix test suite name aaa969ffe3b4d ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip e1a4a4795c5a1 net: airoha: Fix typo in airoha_ppe_setup_tc_block_cb definition d441696397088 net: phy: motorcomm: fix duplex setting error for phy leds aa4c066229b05 net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback 1b3ed6c512cfd cxl/hdm: Fix potential infinite loop in __cxl_dpa_reserve() 6cb008f1bb23e btrfs: fix memory leaks in create_space_info() error paths fcae8e1b9acd8 net/mlx5e: Restore destroying state bit after profile cleanup 66a25f6b7c0bf net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv a3d4f87d41f51 net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv e05b8084a20f6 net/mlx5e: Fix crash on profile change rollback failure f39ab11f118b2 vsock/test: add a final full barrier after run all tests 554201ed0a8f4 ipv4: ip_gre: make ipgre_header() robust d6072557b90e0 block: zero non-PI portion of auto integrity buffer 6dbead9c76771 macvlan: fix possible UAF in macvlan_forward_source() da6d0370eb74e net: update netdev_lock_{type,name} b9f915340f25c ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() 17071fb5cb9c2 net: bridge: annotate data-races around fdb->{updated,used} 368251745679e Bluetooth: hci_sync: enable PA Sync Lost event 39f83f1077231 btrfs: send: check for inline extents in range_is_hole_in_parent() 65241e3ddda60 btrfs: release path before iget_failed() in btrfs_read_locked_inode() 48f6cec8aa56b cxl/port: Fix target list setup for multiple decoders sharing the same dport 374b095e265fa nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec 6c5124a609890 can: etas_es58x: allow partial RX URB allocation to succeed 5584aa64e8062 ipv4: ip_tunnel: spread netdev_lockdep_set_classes() 754cfada1bbcb PM: EM: Fix incorrect description of the cost field in struct em_perf_state 9a88b6c3c8695 drm/rockchip: vop2: Only wait for changed layer cfg done when there is pending cfgdone bits 47244c00bc545 drm/rockchip: vop2: Add delay between poll registers d6ea0b7394a44 NFS/localio: Deal with page bases that are > PAGE_SIZE 0674f22eef471 drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions a91bdd21d5efb drm/vmwgfx: Fix KMS with 3D on HW version 10 282061a7f9f30 drm/bridge: dw-hdmi-qp: Fix spurious IRQ on resume 51926204465e7 pnfs/blocklayout: Fix memory leak in bl_parse_scsi() ed5d3f2f6885e pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() 19b4d9ab5e778 NFS: Fix a deadlock involving nfs_release_folio() d6c75aa9d6070 pNFS: Fix a deadlock when returning a delegation during open() b7f9587f317d9 xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set df1fae862639f xfrm: Fix inner mode lookup in tunnel mode GSO segmentation 704cced8eda44 io_uring: move local task_work in exit cancel loop ae48108c2310f virtio_net: Fix misalignment bug in struct virtnet_info a255ec07f91d4 drm/gud: fix NULL fb and crtc dereferences on USB disconnect 67dfd9e8567cc ASoC: codecs: wsa883x: fix unnecessary initialisation afd7591a4ca92 ASoC: codecs: wsa884x: fix codec initialisation 6711f723018cc rust: bitops: fix missing _find_* functions on 32-bit ARM eea6f395ca502 x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 c6a38672067b9 Revert "gfs2: Fix use of bio_chain" a685f246ad790 nvme-apple: add "apple,t8103-nvme-ans2" as compatible a2542fe353a40 efi/cper: Fix cper_bits_to_str buffer handling and return value 58796d352d746 firmware: imx: scu-irq: Set mu_resource_id before get handle Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 88c6cb0e98 --------------------------- linux-yocto/6.16: drop reference recipes We are going to release the LTS with only 6.18 as the versioned reference kernel. 6.16 is EOL upstream so won't be updated in the future. Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 8107ecdeea --------------------------- linux-yocto/6.12: drop reference recipes We are going to release the LTS with only 6.18 as the versioned reference kernel. 6.12 will continue to be updated and used in previous release branches. Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: f66a754a17 --------------------------- linux-yocto/6.12: update CVE exclusions (6.12.67) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 4 changes (0 new | 4 updated): - 0 new CVEs: - 4 updated CVEs: CVE-2025-71178, CVE-2026-0925, CVE-2026-24435, CVE-2026-24439 Date: Mon, 26 Jan 2026 19:55:24 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 54ca79961e --------------------------- linux-yocto/6.12: update to v6.12.67 Updating linux-yocto/6.12 to the latest korg -stable release that comprises the following commits: abf529abd660d Linux 6.12.67 7c734ad868cea mm/fake-numa: handle cases with no SRAT info df63d31e9ae02 mm/page_alloc: prevent pcp corruption with SMP=n 22056349e8ec9 mm/page_alloc: batch page freeing in decay_pcp_high 48273ed85fa0a mm/page_alloc/vmstat: simplify refresh_cpu_vm_stats change detection ce358252a943c dmaengine: fsl-edma: Fix clk leak on alloc_chan_resources failure 027d42b97e6eb phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() 10f07114483d6 phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path c5b13f0b10faa mm: numa,memblock: include for 'numa_nodes_parsed' a76f5cafcca47 mm/fake-numa: allow later numa node hotplug d1beb4dd8b8d4 mm: kmsan: fix poisoning of high-order non-compound pages 2d402c6cc966e selftests/bpf: Test invalid narrower ctx load 058a0da4f6d91 bpf: Reject narrower access to pointer ctx fields 16236b0b4a08f mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure b831557a0d20d mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure 5ee8005f72c4b xfs: set max_agbno to allow sparse alloc of last full inode chunk 8b0bb145d3bc2 btrfs: fix deadlock in wait_current_trans() due to ignored transaction type 68f7f10156fca HID: intel-ish-hid: Fix -Wcast-function-type-strict in devm_ishtp_alloc_workqueue() e79b03d386341 HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume blocking 23133e0470d28 dmaengine: ti: k3-udma: fix device leak on udma lookup f810132e82558 dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation e50b9bf91d1f3 dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation f45cafe3b6bfb dmaengine: stm32: dmamux: fix OF node leak on route allocation failure 2fb10259d4efb dmaengine: stm32: dmamux: fix device leak on route allocation 9969db4816aed dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() 01b1d781394fc dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() 618a8229911ea dmaengine: lpc32xx-dmamux: fix device leak on route allocation 992eb8055a6e5 dmaengine: lpc18xx-dmamux: fix device leak on route allocation 0c97ff108f825 dmaengine: idxd: fix device leaks on compat bind and unbind 8f7a391211381 dmaengine: dw: dmamux: fix OF node leak on route allocation failure db6f1d6d31711 dmaengine: bcm-sba-raid: fix device leak on probe 6a86cf2c09e14 dmaengine: at_hdmac: fix device leak on of_dma_xlate() aca18ac3332b0 dmaengine: apple-admac: Add "apple,t8103-admac" compatible 5319234215729 LoongArch: dts: loongson-2k2000: Add default interrupt controller address cells 4df476a33687b LoongArch: dts: loongson-2k1000: Fix i2c-gpio node names 9cce27181e9ad LoongArch: dts: loongson-2k1000: Add default interrupt controller address cells 94b010200a3c9 LoongArch: dts: loongson-2k0500: Add default interrupt controller address cells ef4af7597fd8b drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() 04218cd68d150 drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel 6a4e619c4209e drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare 819c417a30aa7 drm/amdkfd: fix a memory leak in device_queue_manager_init() 8140ac7c55e75 drm/amd: Clean up kfd node on surprise disconnect ae5b1d291c814 drm/amd/display: Bump the HDMI clock to 340MHz df7a49b328928 LoongArch: Fix PMU counter allocation for mixed-type event groups 5651c0c391c00 mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure 654fa76032eee mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free 550c228cb0e83 mm/zswap: fix error pointer free in zswap_cpu_comp_prepare() a705886ac8ef2 nvme: fix PCIe subsystem reset controller state transition 05cea40d333bd x86/resctrl: Fix memory bandwidth counter width for Hygon 56377881cd94d x86/resctrl: Add missing resctrl initialization for Hygon 469f8fe4c87e4 i2c: riic: Move suspend handling to NOIRQ phase eaff85ada8526 tcpm: allow looking for role_sw device in the main node df643bfe1d808 EDAC/i3200: Fix a resource leak in i3200_probe1() 4433ddc3700ce EDAC/x38: Fix a resource leak in x38_probe1() 0e66a004a3632 hrtimer: Fix softirq base check in update_needs_ipi() 8e8542c539927 ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref 60f7e00894350 ASoC: codecs: wsa881x: fix unnecessary initialisation 2617495ba77ba nvme-pci: disable secondary temp for Wodposit WPBSNM8 7f78a77c3e16a USB: serial: ftdi_sio: add support for PICAXE AXE027 cable fe9175e9127f4 USB: serial: option: add Telit LE910 MBIM composition 5400370f29b68 USB: OHCI/UHCI: Add soft dependencies on ehci_platform 17b7ddee0eb40 usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor f07f660d52cf7 usb: dwc3: Check for USB4 IP_NAME 40a753a906787 phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 28ec201d87454 phy: rockchip: inno-usb2: fix disconnection in gadget mode 24d759976a4a7 phy: freescale: imx8m-pcie: assert phy reset during power on 66fcfceee2549 phy: ti: gmii-sel: fix regmap leak on probe failure 9659ba4217de2 phy: rockchip: inno-usb2: fix communication disruption in gadget mode bba9e08d189e4 x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers b11dfb7708f21 lib/buildid: use __kernel_read() for sleepable context 87c3ced649fef xfs: Fix the return value of xfs_rtcopy_summary() cb2a610867bc3 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts ca99392876e4e can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit. 08624b7206ddb can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak d59ba448ccd59 null_blk: fix kmemleak by releasing references to fault configfs items e3073d119c0bb ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer bfa97e3cc0692 scsi: core: Fix error handler encryption support 42ba3197a5d2b io_uring: move local task_work in exit cancel loop 7934cb03dc233 drm/amd/display: mark static functions noinline_for_stack f394aa2e4217e ASoC: codecs: wsa883x: fix unnecessary initialisation bdced577da71b bridge: mcast: Fix use-after-free during router port configuration bb719f86be14b HID: usbhid: paper over wrong bNumDescriptor field 36c627d3a2ba6 i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA 4b93712e96be1 dmaengine: omap-dma: fix dma_pool resource leak in error paths 69566a1b88d91 selftests/landlock: Properly close a file descriptor 0a7f3d4c9d5d4 phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) 64bf182dfb429 selftests/landlock: Remove invalid unix socket bind() 68495f89a19b6 selftests/landlock: Fix TCP bind(AF_UNSPEC) test case fe2401c5d8215 phy: ti: da8xx-usb: Handle devm_pm_runtime_enable() errors b91c9f6bfb04e phy: stm32-usphyc: Fix off by one in probe() d50a9b7fd0729 phy: qcom-qusb2: Fix NULL pointer dereference on early suspend 742de96d936ee phy: drop probe registration printks 00dc370dfba94 phy: phy-snps-eusb2: refactor constructs names 2b36202354f7f phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it 99dccb81cba85 dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing cb2c9c4bb1322 dmaengine: tegra-adma: Fix use-after-free 606ea969e7829 dmaengine: xilinx: xdma: Fix regmap max_register a1bf8ea50cbc4 mm, kfence: describe @slab parameter in __kfence_obj_info() d11475ea5c2a5 textsearch: describe @list member in ts_ops search 7a01b91ad6327 mm: describe @flags parameter in memalloc_flags_save() efb769dd9e479 drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 e35a9085b4808 ASoC: tlv320adcx140: fix word length 61757f5191daa ASoC: tlv320adcx140: fix null pointer fa4744e659e14 ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type 362e269bb03f7 net/sched: sch_qfq: do not free existing class in qfq_change_class() 1e9d2b422fb68 selftests: drv-net: fix RPS mask handling for high CPU numbers 2684610a9c9c5 ipv6: Fix use-after-free in inet6_addr_del(). 4cd55c609e85a net: hv_netvsc: reject RSS hash key programming without RX indirection table 29a3c30b911f0 ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip aa05a8371ae4a net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback bb4fa4c0b54aa btrfs: fix memory leaks in create_space_info() error paths 190d5a7c4fe42 btrfs: introduce btrfs_space_info sub-group d046ff8e554e4 btrfs: factor out check_removing_space_info() from btrfs_free_block_groups() 3351d4825185b btrfs: factor out init_space_info() from create_space_info() 32e93a14170a2 net/mlx5e: Restore destroying state bit after profile cleanup a7625bacaa8c8 net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv dcb2ad755a16c net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv dad52950b409d net/mlx5e: Fix crash on profile change rollback failure b7e11383ef3cf vsock/test: add a final full barrier after run all tests aa57bfea4674e ipv4: ip_gre: make ipgre_header() robust 8518712a2ca95 macvlan: fix possible UAF in macvlan_forward_source() dfd1f962f2773 net: update netdev_lock_{type,name} df5ffde966931 ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() 6dabb5b89ccec net: bridge: annotate data-races around fdb->{updated,used} db00636643e66 btrfs: send: check for inline extents in range_is_hole_in_parent() 3def524315071 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec ba45e3d6b02c9 can: etas_es58x: allow partial RX URB allocation to succeed c6dc745bba80e PM: EM: Fix incorrect description of the cost field in struct em_perf_state b0c5a56de1951 drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions 0e036606b29fb pnfs/blocklayout: Fix memory leak in bl_parse_scsi() 86da7efd12295 pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() 49d352bc263fe NFS: Fix a deadlock involving nfs_release_folio() a316fd9d3065b pNFS: Fix a deadlock when returning a delegation during open() a2a3c7bf2c0cd xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set f93a187c255f5 xfrm: Fix inner mode lookup in tunnel mode GSO segmentation cce714dffcc6e ASoC: codecs: wsa884x: fix codec initialisation f577508cc8a0a x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 d6bb04690b5be Revert "gfs2: Fix use of bio_chain" 81dcb27e9b596 efi/cper: Fix cper_bits_to_str buffer handling and return value 1f819393de23f firmware: imx: scu-irq: Set mu_resource_id before get handle Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 96548d97cb --------------------------- python3-cryptography: Add legacy-openssl packageconfig Fixes [YOCTO #15416] The OpenSSL legacy provider supplies algorithms that are either used infrequently or have been deemed insecure by modern standards. The Python3 cryptography module can optionally support this provider via the openssl-ossl-module-legacy package. Currently, the cryptography module builds with legacy provider support enabled by default, regardless of whether the legacy modules are actually included in the system. This patch makes that dependency explicit by introducing a legacy-openssl packageconfig option that: * Ensures runtime dependency on openssl-ossl-module-legacy when enabled * Allows users to disable legacy algorithm support via build configuration * Aligns python3-cryptography's defaults with OpenSSL's current defaults The packageconfig option defaults to enabled for consistency with OpenSSL's current configuration and to avoid breaking existing deployments. A future security improvement will disable legacy modules by default in OpenSSL, at which point this packageconfig can also default to disabled. Signed-off-by: Colin Pinnell McAllister Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 92352e209d --------------------------- alsa-utils: fix packaging of alsabat If bat is in PACKAGECONFIG two additional binaries are created which by the dynamic package split creates two additional packages. However due to explicitely adding the file alsabat-test.sh to the alsabat package the alsa-utils-alsabat-test package now is empty and not created. Complete commit 4c6d5f96990d ("alsa-utils: fix packaging") which fixed the same issue for all other affected packages. Fixes: 26a28ee79350 ("alsa-utils: dynamically split the packages instead of doing it manually") Signed-off-by: Max Krummenacher Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: f8525224cb --------------------------- create-spdx-2.2.bbclass: Add CVE_CHECK_IGNORE to fixed CVEs The list of CVEs fixed by patches goes to the field *sourceInfo* in the SBOM. But this list does not contain the CVEs marked for ignoring with the Bitbake variable *CVE_CHECK_IGNORE*. Many recipes (e.g. openssh, glibc, python) contain such entries and these are missing in the SBOM. Therefore, add them to the list. Signed-off-by: Jörg Sommer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 090821f68f --------------------------- systemd: properly package new container files Since last systemd upgrade these files are packaged in systemd package and thus systemd-container is unconditionally installed in all images as dependency of systemd package. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: f757ae4dad --------------------------- license_image: extend to SDK coverage Extend the license_image.bbclass to create package and license manifests for the SDK host and target sysroots and copy common licenses to the sdk. Signed-off-by: Samuli Piippo Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: f5432d1c45 --------------------------- libsolv: add ptest support Add ptest support to enable automated testing of libsolv using ptest-runner. The implementation uses upstream's test infrastructure: testsolv binary, runtestcases.sh script, and testcase data. The test suite runs 28 test categories covering solver functionality, package dependencies, and repository handling. All 28 upstream tests pass successfully on qemux86-64: START: ptest-runner BEGIN: /usr/lib/libsolv/ptest conflict.t ....................................... Passed forcebest.t ...................................... Passed PASS: allowuninstall job.t ............................................ Passed learnt.t ......................................... Passed recommends.t ..................................... Passed requires.t ....................................... Passed strongrecommends.t ............................... Passed update.t ......................................... Passed yumobs.t ......................................... Passed PASS: alternative ptf.t ............................................ Passed retracted.t ...................................... Passed PASS: blacklist choice1.t ........................................ Passed choice1b.t ....................................... Passed choice2.t ........................................ Passed choice2b.t ....................................... Passed choice3.t ........................................ Passed choice3b.t ....................................... Passed choice4.t ........................................ Passed choice5.t ........................................ Passed choice6.t ........................................ Passed choice7.t ........................................ Passed PASS: choicerules default.t ........................................ Passed enhanced.t ....................................... Passed oldversion.t ..................................... Passed suggested.t ...................................... Passed versioned.t ...................................... Passed versioned2.t ..................................... Passed PASS: choose cleandeps_dup.t .................................. Passed cleandeps_in.t ................................... Passed cleandeps_up.t ................................... Passed cleandeps_up3.t .................................. Passed mistake.t ........................................ Passed PASS: cleandeps and.t ............................................ Passed andor.t .......................................... Passed if.t ............................................. Passed ifelse.t ......................................... Passed ifelse_rec.t ..................................... Passed or.t ............................................. Passed orand.t .......................................... Passed PASS: cplxdeps dup_allowuninstall.t ............................. Passed dup_multiversion1.t .............................. Passed dup_multiversion2.t .............................. Passed dup_multiversion3.t .............................. Passed dup_noarchchange.t ............................... Passed dup_orphan1.t .................................... Passed dup_orphan2.t .................................... Passed dup_orphan3.t .................................... Passed PASS: distupgrade caret.t .......................................... Passed testevr.t ........................................ Passed PASS: evrcmp excludefromweak-obsoletes.t ...................... Passed excludefromweak.t ................................ Passed PASS: excludefromweak recommends.t ..................................... Passed recommends2.t .................................... Passed requires.t ....................................... Passed single.t ......................................... Passed supplements.t .................................... Passed PASS: favor best.t ........................................... Passed installed.t ...................................... Passed new1.t ........................................... Passed new2.t ........................................... Passed normal.t ......................................... Passed PASS: focus forcebest_dup.t .................................. Passed forcebest_in.t ................................... Passed forcebest_up.t ................................... Passed PASS: forcebest best.t ........................................... Passed dup.t ............................................ Passed PASS: lock infarch_install_best.t ........................... Passed lockstep_install.t ............................... Passed lockstep_update.t ................................ Passed PASS: lockstep multiversion.t ................................... Passed update.t ......................................... Passed update2.t ........................................ Passed PASS: multiversion namespaceprovides.t .............................. Passed PASS: namespace pubg1.t .......................................... Passed pubg2.t .......................................... Passed PASS: proof recommended_conflicts.t .......................... Passed recommended_multirepo.t .......................... Passed recommended_oldversion.t ......................... Passed recommended_targeted.t ........................... Passed recommended_version.t ............................ Passed suggested_conflicts.t ............................ Passed suggested_multirepo.t ............................ Passed suggested_oldversion.t ........................... Passed suggested_targeted.t ............................. Passed suggested_version.t .............................. Passed PASS: recommendations assert.t ......................................... Passed mm-test.t ........................................ Passed reuse.t .......................................... Passed PASS: sat disable: unknown package 'E-1-1.src@available' disable: unknown package 'F-1-1.src@available' selection_canon_rpm.t ............................ Passed selection_filelist.t ............................. Passed selection_matchdeps.t ............................ Passed selection_matchsolvable.t ........................ Passed selection_name.t ................................. Passed selection_provides.t ............................. Passed PASS: selection strictrepoprio.t ................................. Passed PASS: strictrepoprio break.t .......................................... Passed disfavored.t ..................................... Passed strongr.t ........................................ Passed PASS: strongrecommends targeted_color.t ................................. Passed targeted_dup.t ................................... Passed targeted_up.t .................................... Passed PASS: targeted nested.t ......................................... Passed str2dep.t ........................................ Passed PASS: testcase supplements_implicitobsoleteusescolors.t ......... Passed PASS: weakdeps dup.t ............................................ Passed dup2.t ........................................... Passed forcebest_in.t ................................... Passed forcebest_up.t ................................... Passed PASS: whatprovideswithdisabled split.t .......................................... Passed split2.t ......................................... Passed PASS: yumobs DURATION: 7 END: /usr/lib/libsolv/ptest STOP: ptest-runner Note: runtestcases.sh requires bash as it uses bash-specific features. Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: cc90f8c3b9 --------------------------- lto.inc: introduce LTO_DEFAULT variable to support per-package overrides with Clang Currently, LTO variable is set with a toolchain-clang override directly. This causes priority issues where package-specific overrides (e.g., LTO:pn-perl = "") are ignored when the Clang toolchain is active, making it difficult to disable LTO for specific failing recipes. This patch refactors the logic by introducing an intermediate `LTO_DEFAULT` variable. - `LTO_DEFAULT` handles the toolchain-specific flags (GCC vs Clang). - `LTO` is assigned `LTO_DEFAULT` as a default value. This structure allows `LTO` to be cleanly overridden by recipe-specific overrides (like `pn-${PN}`) regardless of the active toolchain. Added a toolchain-gcc override for alsa-lib because -flto-partition=none is not supported by Clang. Signed-off-by: mark.yang Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: f223bd675a --------------------------- uki.bbclass: fix building of UKI images with multiple initramfs fstypes If INITRAMFS_FSTYPES contains more than one entry, ukify build command will fail as INITRD_ARCHIVE will contain extra strings. Use only the first initramfs type, letting the user to specify other fstypes in INITRAMFS_FSTYPES. The INITRD_ARCHIVE variable is removed and merged into the code to resolve the issue as we don't need a separate variable. Signed-off-by: Dmitry Baryshkov Signed-off-by: Antonin Godard Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 72d1f9ec6f --------------------------- u-boot: relocate SRC_URI_RISCV into recipe In a custom u-boot recipe that requires u-boot-common.inc, the config fragments end up in SRC_URI. However, the custom recipe's FILESPATH does not contain the path to oe-core's u-boot directory (as expected), which leads to the error below: ERROR: .../build/../meta-custom/recipes-bsp/u-boot/u-boot-custom_2025.10.bb: Unable to get checksum for u-boot-custom SRC_URI entry u-boot-riscv-isa_clear.cfg: file could not be found The following paths were searched: (...) Move SRC_URI_RISCV - along with the appends - out of the common definitions. Signed-off-by: João Marcos Costa Signed-off-by: Antonin Godard Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: e1526079d2 --------------------------- wic: extra-partition: introduce variable matching sourceparams The current extra_partition plugin uses predictable variable names (the configuration must predict the image partition label or uuid). This has two inconveniences: - an extra partition that has a specific label (or uuid) is doomed with the associated variable. The partition cannot be configured unless the label (or uuid) is changed. - two partitions with same label from distincts .wks cannot have different content. This allows the new suffix _name_%s to be appended to IMAGE_EXTRA_PARTITION_FILES. This variable will be preferred whenever the .wks specifies a name in the --sourceparams option. For example: an image may define: IMAGE_EXTRA_PARTITION_FILES_name_foo = "bar.conf" and the .wks line have line: part --source extra_partition --sourceparams "name=foo" Signed-off-by: Louis Rannou Reviewed-by: Pierre-Loup GOSSE Signed-off-by: Antonin Godard Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: fba82acf55 --------------------------- oeqa/selftest: wic: improve extra-partition plugin tests Increase the number of inputs to check several files can be copied. Change the partition type to GPT in order to avoid logical partitions. Test various file systems and check the wic image partitions match. Simplify 'wic ls' commands (remove pipes) and use '-n' to specify wic-tools sysroot and avoid host contamination. Also dedent the code just after the wic image is built to close the .wks temporary file when its goal is achieved. Signed-off-by: Louis Rannou Signed-off-by: Antonin Godard Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: bb21c6a429 --------------------------- spdx30_tasks: Add concluded license support with SPDX_CONCLUDED_LICENSE Add hasConcludedLicense relationship to SBOM packages with support for manual license conclusion override via SPDX_CONCLUDED_LICENSE variable. The concluded license represents the license determination after manual or external license analysis. This should be set manually in recipes or layers when: 1. Manual license review identifies differences from the declared LICENSE 2. External license scanning tools detect additional license information 3. Legal review concludes a different license applies The hasConcludedLicense relationship is ONLY added to the SBOM when SPDX_CONCLUDED_LICENSE is explicitly set. When unset or empty, no concluded license is included in the SBOM, correctly indicating that no license analysis was performed (per SPDX semantics). When differences from the declared LICENSE are found, users should: 1. Preferably: Correct the LICENSE field in the recipe and contribute the fix upstream to OpenEmbedded 2. Alternatively: Set SPDX_CONCLUDED_LICENSE locally in your layer when upstream contribution is not immediately possible or when the license conclusion is environment-specific The implementation checks both package-specific overrides (SPDX_CONCLUDED_LICENSE:${PN}) and the global variable, allowing per-package license conclusions when needed. The concluded license expression is automatically de-duplicated by add_license_expression() to avoid redundant license objects in the SBOM. The variable is initialized in spdx-common.bbclass with comprehensive documentation explaining its purpose, usage guidelines, and examples. Example usage in recipe or layer: SPDX_CONCLUDED_LICENSE = "MIT & Apache-2.0" SPDX_CONCLUDED_LICENSE:${PN} = "MIT & Apache-2.0" Signed-off-by: Stefano Tondo Reviewed-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: c48e7308c1 --------------------------- cargo-update-recipe-crates: Properly close target file after writing In do_update_crates(), properly close the target_file after writing to it using the "with" statement. Signed-off-by: Martin Schwan Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 1ef39b3fa7 --------------------------- cargo-update-recipe-crates: Don't fail for partially empty Cargo.lock Do not fail if only some Cargo.lock files are empty. Only fail, if there are absolutely no dependencies found in any Cargo.lock. This fixes the following error message, which would occur with "bitbake -c update_crates python3-orjson": ERROR: python3-orjson-3.10.17-r0 do_update_crates: Execution of '.../python3-orjson/3.10.17/temp/run.do_update_crates.70693' failed with exit code 1 ERROR: Logfile of failure stored in: .../python3-orjson/3.10.17/temp/log.do_update_crates.70693 Log data follows: | DEBUG: Executing python function extend_recipe_sysroot | NOTE: Direct dependencies are ['.../sources/oe-core/../oe-core/meta/recipes-devtools/quilt/quilt-native_0.69.bb:do_populate_sysroot', 'virtual:native:.../sources/oe-core/../oe-core/meta/recipes-devtools/patch/patch_2.8.bb:do_populate_sysroot', 'virtual:native:.../sources/oe-core/../oe-core/meta/recipes-devtools/python/python3_3.13.9.bb:do_populate_sysroot'] | NOTE: Installed into sysroot: [] | NOTE: Skipping as already exists in sysroot: ['gettext-minimal-native', 'cmake-native', 'libtool-native', 'quilt-native', 'texinfo-dummy-native', 'openssl-native', 'expat-native', 'ncurses-native', 'util-linux-libuuid-native', 'zlib-native', 'libedit-native', 'make-native', 'patch-native', 'perl-native', 'python3-native', 'bzip2-native', 'xz-native', 'zstd-native', 'attr-native', 'gdbm-native', 'libffi-native', 'sqlite3-native'] | DEBUG: Python function extend_recipe_sysroot finished | DEBUG: Executing shell function do_update_crates | Traceback (most recent call last): | File "", line 41, in | File "", line 12, in get_crates | ValueError: Unable to find any candidate crates that use crates.io | | The above exception was the direct cause of the following exception: | | Traceback (most recent call last): | File "", line 43, in | ValueError: Cannot parse '.../python3-orjson/3.10.17/sources/orjson-3.10.17/include/cargo/simdutf8-0.1.5/Cargo.lock' | WARNING: exit code 1 from a shell command. ERROR: Task (.../sources/oe-core/../meta-openembedded/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb:do_update_crates) failed with exit code '1' Signed-off-by: Martin Schwan Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 6ce19709f7 --------------------------- oe/utils: filter license packages The packages_filter_out_system() function is used in PACKAGESPLITFUNCS to filter out "system" packages (-dbg, -dev). The filtered packages should include license packages (-lic) as well, when they are generated with LICENSE_CREATE_PACKAGE = "1", otherwise the license packages will get pulled into images unintentionally. Signed-off-by: Samuli Piippo Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: dedc9e3fd5 --------------------------- ffmpeg: ignore 10 CVEs First group of CVEs got a bogus cpe update listing all tags since v7.0. All CVEs were fixed in v7.0 except CVE-2025-22921 fixed in v8.0. Second group has date CPE (2025-01-13) instead of version (v8.0). Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 327546cc0f --------------------------- libsndfile1: patch CVE-2025-56226 Pick patches from both PRs linked in issue mentioned in NVD report. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cf63518d20 --------------------------- vim: upgrade 9.1.1683 -> 9.1.2128 Removes CVE-2025-66476 from CVE metrics. It's fixed in 9.1.1947, but only affects Vim for Windows. Rebased patches and resolved conflicts. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 31fc221d23 --------------------------- python3-wheel: upgrade 0.46.1 -> 0.46.3 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5f34357b6e --------------------------- qemu: fix regression for ppc64 The qemu upstream commit, fcac98d0 (linux-user: Remove ELF_HWCAP2), accidently introduced a regression. It used get_elf_hwcap where get_elf_hwcap2 should be used. With recent qemu upgrade in Yocto (10.1.3 -> 10.2.0), qemuppc64 build is basically broken. There are a lot of do_configure failures with error message like below: Fatal glibc error: CPU lacks ISA 3.00 support (POWER9 or later required) Backport a patch to fix this issue. Note that although the problem was only revealed for qemuppc64, some arm and arm64 machines will also likely get the same issue, as in qemu source we have: linux-user/aarch64/target_elf.h:#define HAVE_ELF_HWCAP2 1 linux-user/arm/target_elf.h:#define HAVE_ELF_HWCAP2 1 linux-user/ppc/target_elf.h:#define HAVE_ELF_HWCAP2 1 Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 15de700d5f --------------------------- mdadm: upgrade 4.4 -> 4.5 Changelog: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/CHANGELOG.md?h=mdadm-4.5 Replaced 0001-restripe.c-Use-_FILE_OFFSET_BITS-to-enable-largefile.patch with 0001-raid6check.c-restripe.c-Use-64-bit-off_t-across-both.patch as partial changes from first patch are part of the upstream version[1]. Dropped patches that are part of upstream version - xmalloc.patch [2] - 0001-Makefile-install-mdcheck.patch [3] Also refreshed other patches. [1] https://github.com/md-raid-utilities/mdadm/commit/787cc1b60130b8031be59e49d54463c58cd8cf74 [2] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/raid6check.c?h=mdadm-4.5&id=e0df6c4c984d564e9e40913727e916a6cd8f466e [3] https://github.com/md-raid-utilities/mdadm/commit/934d81184880d2231b0d7b3836b12358516ea35c Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6c89f2bcd5 --------------------------- libxml2: add follow-up patch for CVE-2026-0992 References: * https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/377 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 471368d01b --------------------------- inetutils: patch CVE-2026-24061 Pick patches per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2026-24061 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7109e5d85a --------------------------- meta/files/layers.schema.json: use URI shortcut for some remotes Among the three sources, only two have a single remote. So we can replace their entire structure 'remote' -> 'origin' -> 'uri' with a shorter one (property 'uri' only). Signed-off-by: Corentin Guillevic Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 55761539e0 --------------------------- oe-setup-layers: support inline URI Most of the time, when we describe a remote, the layer data (also used by the script bitbake-setup) looks like this: "bitbake": { "git-remote": { "remotes": { "origin": { "uri": "https://git.openembedded.org/bitbake" } }, ... } } i.e. an URI with the common name 'origin'. Alternatively, we could simplify this, by using a shorter structure with the property 'uri' only: "bitbake": { "git-remote": { "uri": "https://git.openembedded.org/bitbake ", ... } } These properties can be used together. Signed-off-by: Corentin Guillevic Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bad92fd26c --------------------------- Revert "libconfig: add ptest support" This reverts commit 4c31a7b410fc9c14815c6853431c7bd56c0e173c. It is cauding package_qa and reproducibility issues: ERROR: lib32-libconfig-1.8.2-r0 do_package_qa: QA Issue: File /usr/lib/libconfig/ptest/tests/libconfig_tests in package lib32-libconfig-ptest contains reference to TMPDIR [buildpaths] ERROR: lib32-libconfig-1.8.2-r0 do_package_qa: QA Issue: /usr/lib/libconfig/ptest/tests/libconfig_tests contained in package lib32-libconfig-ptest requires /bin/bash, but no providers found in RDEPENDS:lib32-libconfig-ptest? [file-rdeps] https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3165 Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 45803eac7e --------------------------- expat: upgrade 2.7.3 -> 2.7.4 Changelog [1]: Security fixes: #1131 CVE-2026-24515 -- Function XML_ExternalEntityParserCreate failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference (CWE-476) from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions XML_ExternalEntityParserCreate and XML_SetUnknownEncodingHandler for an application to be vulnerable. #1075 CVE-2026-25210 -- Add missing check for integer overflow related to buffer size determination in function doContent Bug fixes: #1073 lib: Fix missing undoing of group size expansion in doProlog failure cases #1107 xmlwf: Fix a memory leak #1104 WASI: Fix format specifiers for 32bit WASI SDK Other changes: #1105 lib: Fix strict aliasing #1106 lib: Leverage feature "flexible array member" of C99 #1051 lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX #1109 lib|xmlwf: Return NULL instead of 0 for pointers #1068 lib|Windows: Clean up use of macro _MSC_EXTENSIONS with MSVC #1112 lib: Remove unused import #1110 xmlwf: Warn about XXE in --help output (and man page) #1102 #1103 WASI: Stop using getpid ... and additional docs/autotools/cmake/infrastructure changes [1] https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes Signed-off-by: Peter Marko Signed-off-by: Richard Purdie --------------------------- Commit: 4c31a7b410 --------------------------- libconfig: add ptest support Add ptest support to enable automated testing of libconfig using ptest-runner. The implementation uses libtool --mode=install to properly install test binaries, avoiding issues with libtool wrapper scripts. Tests are built via 'make check TESTS=' to compile without running during the build phase. The test suite includes 16 tests covering parsing, formatting, binary/hex values, escaped strings, and various edge cases. All tests pass successfully on qemux86-64 : START: ptest-runner BEGIN: /usr/lib/libconfig/ptest [TEST] ParsingAndFormatting parsing testdata/input_0.cfg parsing testdata/input_1.cfg parsing testdata/input_2.cfg parsing testdata/input_3.cfg parsing testdata/input_4.cfg parsing testdata/input_5.cfg parsing testdata/input_6.cfg parsing testdata/input_7.cfg [ OK ] ParsingAndFormatting [TEST] ParseInvalidFiles [ OK ] ParseInvalidFiles [TEST] ParseInvalidStrings [ OK ] ParseInvalidStrings [TEST] BigInt1 [ OK ] BigInt1 [TEST] BigInt2 [ OK ] BigInt2 [TEST] BigInt3 [ OK ] BigInt3 [TEST] BigInt4 [ OK ] BigInt4 [TEST] BigInt5 [ OK ] BigInt5 [TEST] BigInt6 [ OK ] BigInt6 [TEST] BigInt7 [ OK ] BigInt7 [TEST] RemoveSetting [ OK ] RemoveSetting [TEST] EscapedStrings [ OK ] EscapedStrings [TEST] OverrideSetting [ OK ] OverrideSetting [TEST] SettingLookups [ OK ] SettingLookups [TEST] ReadStream [ OK ] ReadStream [TEST] BinaryAndHex some auto big hex: 4294967296 some auto big bin: 8589934591 negativehex: -1430532899 [ OK ] BinaryAndHex 16 tests; 16 passed, 0 failed PASS: libconfig_tests DURATION: 0 END: /usr/lib/libconfig/ptest STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5114cae0a5 --------------------------- lttng-modules: Fix CONFIG_TRACEPOINTS patch The check for CONFIG_TRACEPOINTS is guarded by a check for CONFIG_LOCALVERSION. But what happens if your .config has CONFIG_LOCALVERSION="" ? Then the check never runs and you try and build the module even though CONFIG_TRACEPOINTS is missing. Update the guard to check for either CONFIG_LOCALVERSION or CONFIG_LOCALVERSION_AUTO. Signed-off-by: Ryan Eatmon Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 60c62c4de3 --------------------------- uboot: Deprecate legacy UBOOT_CONFIG flow Mark the legacy flow for settings the UBOOT_CONFIG options in a comma separated list. This code will still work through wrynose, but will be removed once wrynose is released. Add warnings to point people in the right direction for fixing their configs: WARNING: Legacy use of UBOOT_CONFIG[foo] = "foo_config,foo_image,foo_binary" is deprecated. Please move to using UBOOT_CONFIG_* variables: WARNING: UBOOT_CONFIG[foo] = "foo_config" WARNING: UBOOT_CONFIG_IMAGE_FSTYPES[foo] = "foo_image" WARNING: UBOOT_CONFIG_BINARY[foo] = "foo_binary" WARNING: Legacy use of UBOOT_CONFIG[bar] = "bar_config,bar_image" is deprecated. Please move to using UBOOT_CONFIG_* variables: WARNING: UBOOT_CONFIG[bar] = "bar_config" WARNING: UBOOT_CONFIG_IMAGE_FSTYPES[bar] = "bar_image" WARNING: Legacy use of UBOOT_CONFIG[bing] = "bing_config,,bing_binary" is deprecated. Please move to using UBOOT_CONFIG_* variables: WARNING: UBOOT_CONFIG[bing] = "bing_config" WARNING: UBOOT_CONFIG_BINARY[bing] = "bing_binary" Signed-off-by: Ryan Eatmon Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 5116d9822a --------------------------- cargo-c: update 0.10.19 -> 0.10.20 Changes are here: https://github.com/lu-zero/cargo-c/compare/v0.10.19..v0.10.20 Signed-off-by: Deepesh Varatharajan Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: bb01604a11 --------------------------- epiphany: upgrade 48.5 -> 49.2 ChangeLog: https://gitlab.gnome.org/GNOME/epiphany/-/blob/49.2/NEWS Add a dependency on blueprint-compiler-native. Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4212392ca7 --------------------------- blueprint-compiler: add recipe Blueprint-compiler is a markup language and compiler for GTK 4 user interfaces. Move it from meta-openembedded to openembedded-core as it is required by epiphany 49.2. The original author Liu Yiding, is willing to continue maintaining the recipe. Add him as maintainer for this. CC: Liu Yiding Signed-off-by: Yi Zhao Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 66ee166039 --------------------------- openssl: upgrade 3.5.4 -> 3.5.5 Resolved patch conflicts. Release information [1]: OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. (CVE-2025-11187) * Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467) * Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID. (CVE-2025-15468) * Fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB. (CVE-2025-15469) * Fixed TLS 1.3 CompressedCertificate excessive memory allocation. (CVE-2025-66199) * Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160) * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418) * Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419) * Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420) * Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function. (CVE-2025-69421) * Fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795) * Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796) [1] https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-354-and-openssl-355-27-jan-2026 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 330160efaa --------------------------- avahi: Backport fix CVE-2025-68276 Include the patch linked in the NVD report: https://github.com/avahi/avahi/pull/806/commits/0c013e2e819be3bda74cecf48b5f64956cf8a760 Signed-off-by: Adarsh Jagadish Kamini Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: dbb0a89fff --------------------------- python3-wcwidth: Upgrade 0.2.14 -> 0.3.1 Upgrade to release 0.3.1: Add benchmarking using codspeed.io improve width() performance >From release 0.3.0: - Migrate from setup.py + setuptools to pyproject.toml + hatchling - Small improvements to update-tables.py and wcwidth-browser.py - New: iter_graphemes() - New: width() terminal-aware string measurement - New: ljust(), rjust(), center() justify text - New: wrap() - improve wcswidth() performance ~30% - New ambigous_width=1 argument - New strip_sequences() and cut() functions - Width 0 for Default_Ignorable_Code_Point characters - Bugfix for Prepended_Concatenation_Mark characters Fixes: WARNING: python3-wcwidth-0.3.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with hatchling.build, use the correct class [pep517-backend] Signed-off-by: Leon Anavi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d59abb5639 --------------------------- glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched These were fixed with last hash update and start to appearing in CVE reports. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ebf9dd05e9 --------------------------- glibc: stable 2.42 branch updates $ git log --oneline 453e6b8dbab935257eb0802b0c97bca6b67ba30e..912d89a766847649a3857985a3b5e6065c51bfd4 912d89a766 (HEAD, origin/release/2.42/master) Switch currency symbol for the bg_BG locale to euro cbf39c26b2 posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281 / BZ 33814) Testing Results: +--------------+--------+--------+------+ | Result | Before | After | Diff | +--------------+--------+--------+------+ | PASS | 6814 | 6818 | +4 | | XPASS | 4 | 4 | 0 | | FAIL | 139 | 136 | -3 | | XFAIL | 16 | 16 | 0 | | UNSUPPORTED | 164 | 164 | 0 | +--------------+--------+--------+------+ Changes in failed testcases: malloc/tst-malloc-fork-deadlock-malloc-check FAIL PASS malloc/tst-malloc_info FAIL PASS malloc/tst-malloc_info-malloc-largetcache FAIL PASS nptl/tst-getpid3 FAIL PASS posix/tst-wait3 PASS FAIL Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 31eb31c598 --------------------------- apt: Set gid to nogroup Without --no-user-group, it tries to assign "_apt" gid which ends up with an error as shown below when using static gid values and "_apt" is not defined in USERADD_GID_TABLES. | apt was skipped: Recipe apt, package apt: normal groupname "_apt" does not have a static ID defined. Conventionally "_apt" does not have its own gid but rather uses "nogroup". For that reason '_apt' gid is also removed from meta-selftest/files/static-group. Signed-off-by: Jaeyoon Jung Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e73f150955 --------------------------- build-sysroots: Add sysroot tasks to default build and remove warning Add both do_build_native_sysroot and do_build_target_sysroot to the do_build dependency chain, allowing "bitbake build-sysroots" to populate both sysroots automatically. This is now safe to do since the previous commit added lockfiles to serialize these tasks, preventing the race condition where they could interfere with each other when run concurrently. Remove the do_build_warn task which instructed users to call the tasks explicitly, as this is no longer necessary. The warning was not clear. For somebody who knwos about the race condition, it was obvious that they should call the tasks explicitly, but for all other users this was just confusing. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: acc8416744 --------------------------- build-sysroots: Serialize native and target sysroot population Calling (what devtool ide-sdk --mode shared does internally): bitbake meta-ide-support:do_build cmake-example:do_populate_sysroot bitbake build-sysroots:do_build_target_sysroot \ build-sysroots:do_build_native_sysroot can fail with errors like: Exception: subprocess.CalledProcessError: Command '.../tmp/sysroots/qemux86-64/usr/bin/postinst-base-passwd' returned non-zero exit status 1. Subprocess output: .../tmp/sysroots/x86_64/usr/sbin/useradd Running groupadd commands... NOTE: cmake-example: Performing groupadd with [--root ../tmp/sysroots/qemux86-64 --system cmake-example] awk: error while loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory ERROR: cmake-example: groupadd command did not succeed. The root cause is a race condition between do_build_target_sysroot and do_build_native_sysroot. When run in parallel, do_build_target_sysroot executes postinstall scripts (e.g., useradd) that invoke awk, while do_build_native_sysroot is concurrently installing gawk-native into the shared native sysroot (which is in PATH for do_build_target_sysroot). Since sstate artifact installation is not atomic, awk binaries can be installed before their dependent libraries. If do_build_target_sysroot picks up the newly installed but incomplete awk, it fails with missing library errors. The situation is created by a mix of: - gawk-native in ASSUME_PROVIDED (use host awk) - glibc depending on gawk-replacement-native (builds gawk-native) - Both tasks populating the same shared native sysroot directory Fix this by adding a lockfile to both tasks, ensuring they cannot run concurrently and avoiding the race condition where partially installed native tools are accessed. While lockfiles are generally avoided in BitBake due to performance concerns, this is acceptable here since these tasks are not on a critical performance path. [YOCTO #16135] Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c77f0b29b1 --------------------------- devtool: deploy: Reset PATH after strip_execs We need to modify os.environ so that strip_execs() finds the correct binaries to run. We shouldn't leave this modification in place for the rest of the program execution though. Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1551136333 --------------------------- devtool: deploy: Run pseudo with correct PATH When running FAKEROOTCMD (i.e. pseudo), we need to use the same PATH as we would use if we were running inside bitbake instead of the host environment's PATH. This ensures that we don't pick up any host executables that may have problems with pseudo (such as the uutils implementations of common system utilities used in Ubuntu 25.10). Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 58b9f90779 --------------------------- report-error.bbclass: replace 'codecs.open()' with 'open()' With newer Python versions, codecs.open() is deprecated: https://docs.python.org/3/library/codecs.html#codecs.open Replace it with the preferred call to open(). Signed-off-by: Trevor Gamblin Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: fe38fc0df1 --------------------------- package_deb.bbclass: replace 'codecs.open()' with 'open()' With newer Python versions, codecs.open() is deprecated: https://docs.python.org/3/library/codecs.html#codecs.open Replace it with the preferred call to open(). Signed-off-by: Trevor Gamblin Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 9316834803 --------------------------- busybox: fix a incomplete condition check When deleting syslog sysvinit related config files, also check if 'systemd' is being enabled, after the change, it behaves same with the check logic in rm_sysvinit_initddir. ${sysconfdir}/syslog.conf is also a sysvinit related config file, also delete it. Signed-off-by: Ming Liu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 555e0b2498 --------------------------- python3-yamllint: upgrade 1.37.1 -> 1.38.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 6df5012420 --------------------------- python3-uv-build: upgrade 0.9.18 -> 0.9.26 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: d34026c907 --------------------------- python3-sphinx-rtd-theme: upgrade 3.0.2 -> 3.1.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 98ec7f4f64 --------------------------- python3-pyparsing: upgrade 3.3.1 -> 3.3.2 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 4e486d307d --------------------------- python3-pyasn1: upgrade 0.6.1 -> 0.6.2 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 84f975614e --------------------------- python3-pdm: upgrade 2.26.4 -> 2.26.6 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: d1724b0cd2 --------------------------- python3-meson-python: upgrade 0.18.0 -> 0.19.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 3a4be7b677 --------------------------- python3-markdown: upgrade 3.10 -> 3.10.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: cd42d1cacd --------------------------- python3-hypothesis: upgrade 6.149.0 -> 6.150.3 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 3b75735924 --------------------------- p11-kit: upgrade 0.25.10 -> 0.26.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 2cc882d636 --------------------------- meson: upgrade 1.10.0 -> 1.10.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: ca5ee30e5c --------------------------- harfbuzz: upgrade 12.3.0 -> 12.3.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: d39f2ebcb6 --------------------------- bind: upgrade 9.20.17 -> 9.20.18 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 3aeb82742b --------------------------- stress-ng: update 0.19.06 -> 0.20.00 Changelog: https://github.com/ColinIanKing/stress-ng/releases/tag/V0.20.00 Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: c4fdea8c7b --------------------------- glew: update 2.2.0 -> 2.3.1 Dropped patches which are part of upstream version - 0001-Fix-build-race-in-Makefile.patch [1] - no-strip.patch [2] [1] https://github.com/nigels-com/glew/commit/767e0316450911f1158bd4f7fd8dcd066bae5c55 [2] https://github.com/nigels-com/glew/commit/d7693eea09ac76c67f5f3aa538bb911ce2291e2c Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 29097b18ca --------------------------- rgb: update 1.1.0 -> 1.1.1 License-Update: updated md5 hash because of commit[1] [1] https://gitlab.freedesktop.org/xorg/app/rgb/-/commit/fb06ee0b71ec15d63b6ee4797f954187ec014a37 The license change is removing the "All rights reserved" string from the copyright, no license change. Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 7ac04f4746 --------------------------- cmake: upgrade 4.2.1 -> 4.2.2 Changelog: https://cmake.org/cmake/help/v4.2/release/4.2.html#id2 Signed-off-by: Liu Yiding Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: c41462ef8a --------------------------- libxml2: patch CVE-2026-0989 Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 [2] https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: addd80ddfd --------------------------- openssh: add variable for key path This patch adds a variable for the key directory path. This is especially useful when working with a read-only file system where you want to specify the location e.g. on a r/w partition. To be consistent, the change was also done for the read write path. For changing the path simply create a bbappend and override the variable. Signed-off-by: Patrick Vogelaar Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 0316decd30 --------------------------- glib-2.0: patch CVE-2026-0988 Pick relevant commit from [2] linked from [1]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3851 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4944 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 067b935773 --------------------------- linux-firmware: correct wil6210 dependency The LICENSE.QualcommAtheros_ath10k is already packages as linux-firmware-ath10k-license package, making OE skip linux-firmware-qualcommatheros-ath10k-license (because it's now empty) and thus making linux-firmware-wil6210 uninstallable. Drop the duplicate licence package and use linux-firmware-ath10k-license instead. Signed-off-by: Dmitry Baryshkov Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: b80b52cd07 --------------------------- qemurunner.py: replace 'codecs.open()' with 'open()' With newer Python versions, codecs.open() is deprecated, leading to the following warning: |Stderr: |/srv/pokybuild/tgamblin-qemux86/openembedded-core/meta/lib/oeqa/utils/qemurunner.py:133: DeprecationWarning: codecs.open() is deprecated. Use open() instead. | with codecs.open(self.logfile + extension, "ab") as f: Note that if we try to be explicit and make the 'errors' keyword 'strict' (as the codecs.open() call defaulted to), we see other warnings: |ValueError: binary mode doesn't take an errors argument Signed-off-by: Trevor Gamblin Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: f4b2eb3c29 --------------------------- python3-pygobject: fix compile error with old GCC If the build is done with GCC 10 (eg a native build on Debian 11) then the build fails: gi/pygi-resulttuple.c:337:1: error: label at end of compound statement Backport a patch from upstream to add a missing semicolon. [ YOCTO #16147 ] Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 9b956f6b5a --------------------------- python3-pyelftools: add python3-logging to RDEPENDS python3-logging is needed as a runtime dependency of python3-pyelftools else the readelf.py script run into the following error : ``` Traceback (most recent call last): File "/usr/bin/readelf.py", line 31, in from elftools.elf.elffile import ELFFile File "/usr/lib/python3.12/site-packages/elftools/elf/elffile.py", line 29, in from ..dwarf.dwarfinfo import DWARFInfo, DebugSectionDescriptor, DwarfConfig File "/usr/lib/python3.12/site-packages/elftools/dwarf/dwarfinfo.py", line 17, in from .structs import DWARFStructs File "/usr/lib/python3.12/site-packages/elftools/dwarf/structs.py", line 10, in from logging.config import valid_ident ModuleNotFoundError: No module named 'logging' ``` Signed-off-by: Theo GAIGE Reviewed-by: Louis Rannou Signed-off-by: Mathieu Dubois-Briand --------------------------- Commit: 4c0a41389b --------------------------- libmd: add ptest for 'libmd' Adapt the compile 'test' phony target from Makefile and deploy as ptest for libmd. It takes less than 30seconds for ptest completion Signed-off-by: Naman Jain Signed-off-by: Antonin Godard --------------------------- Commit: 1797741aad --------------------------- bitbake.conf: remove DEBUG_PREFIX_MAP from TARGET_LDFLAGS Now that the previous bug affecting binary reproducibility has been addressed [1], we can revert this patch. This will resolve issues with cgo applications becoming unreprodcible. Currently go considers link arguments to be sacred, meaning any change should produce a different binary output. They ensure this by baking link arguments into the intermediary output, changing the content ID of that step. As such, the marco prefixes inadvertently end up adding build paths to the output binary instead of removing them if they are passed as link arguments to cgo applications. These paths are later stripped out again, but at this point the content ID of the dependency has changed and thus the build ID of the end application will be affected by the cascade of hash changes. See the upstream bug for more information [2]. This reverts commit fddaecc88979967d0e00e2fafdbaaabec030da9f. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101473 [2] https://github.com/golang/go/issues/77218 Signed-off-by: Randolph Sapp Signed-off-by: Antonin Godard --------------------------- Commit: f0d8ff0bfb --------------------------- linux-yocto-dev: update to 6.19 Bumping the -dev kernel to 6.19. Boot and tests have been run on all major architectures. Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: f7a4e8c8a2 --------------------------- linux-yocto/6.18: update CVE exclusions (6.18.6) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 14 changes (0 new | 14 updated): - 0 new CVEs: - 14 updated CVEs: CVE-2024-23147, CVE-2024-23148, CVE-2024-23156, CVE-2024-23157, CVE-2024-37000, CVE-2024-37006, CVE-2025-13335, CVE-2025-63896, CVE-2025-9452, CVE-2025-9456, CVE-2025-9457, CVE-2025-9458, CVE-2026-1225, CVE-2026-1332 Date: Thu, 22 Jan 2026 14:20:53 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 048edccc6c --------------------------- linux-yocto/6.18: update to v6.18.6 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: b6fe42bc55af Linux 6.18.6 69695f5331d4 spi: cadence-quadspi: Prevent lost complete() call during indirect read 81531bdea972 scsi: sg: Fix occasional bogus elapsed time that exceeds timeout 90f5dd44d9bf ASoC: fsl_sai: Add missing registers to cache default b3f89f6582e0 ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL 65f6ae1fdf22 ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 003994f3b014 ALSA: usb-audio: Update for native DSD support quirks 530ec35c211e block: validate pi_offset integrity limit 79dd3f1d9dd3 can: j1939: make j1939_session_activate() fail if device is no longer registered 9fd86747daa6 drm/amdkfd: Fix improper NULL termination of queue restore SMI event string 6fcfcf792ce8 spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ 6db8e186c977 drm/amd/display: Fix DP no audio issue 6a2049b7391b accel/amdxdna: Block running under a hypervisor a70fd483c4b9 ata: libata-core: Disable LPM on ST2000DM008-2FR102 09d6074995c1 netfilter: nf_tables: avoid chain re-validation if possible 9e2fcfc32467 powercap: fix sscanf() error return value handling d33cc39e9f7e powercap: fix race condition in register_control_type() cbbf6c1fe62b net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant 737be05a7657 bpf: Fix reference count leak in bpf_prog_test_run_xdp() 31e37f44b606 bpf, test_run: Subtract size of xdp_frame from allowed metadata size 7ea26e6dcabc gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths 7882637ea5cc gpio: mpsse: add quirk support 472d900c8bca gpio: mpsse: ensure worker is torn down 4374a1cac13e btrfs: fix beyond-EOF write handling 9cb1a586c78a btrfs: use variable for end offset in extent_writepage_io() 3b7ca18f3509 btrfs: truncate ordered extent when skipping writeback past i_size ebdc99345399 erofs: fix file-backed mounts no longer working on EROFS partitions c65f0bafc98f erofs: don't bother with s_stack_depth increasing for now 234409e0db77 irqchip/gic-v5: Fix gicv5_its_map_event() ITTE read endianness 72e28774e964 ublk: fix use-after-free in ublk_partition_scan_work 949647e7771a arp: do not assume dev_hard_header() does not change skb->head d93ba83fc3f5 net: enetc: fix build warning when PAGE_SIZE is greater than 128K ce6eef731aba net: usb: pegasus: fix memory leak in update_eth_regs_async() 51ffd447bc37 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset 1251bbdb8f5b wifi: mac80211_hwsim: fix typo in frequency notification 72f93dc6d1a6 net: airoha: Fix schedule while atomic in airoha_ppe_deinit() 9e17d06663f3 HID: quirks: work around VID/PID conflict for appledisplay fb08fec72131 sparc/PCI: Correct 64-bit non-pref -> pref BAR resources 397691633112 trace: ftrace_dump_on_oops[] is not exported, make it static 6c0d642e8c58 block: don't merge bios with different app_tags 086e2928c1da net: netdevsim: fix inconsistent carrier state after link/unlink 334bbbbf4c80 selftests: drv-net: Bring back tool() to driver __init__s 67550a1130b6 net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy 06dc322dcb20 net: sfp: return the number of written bytes for smbus single byte access 0c63d5683eae udp: call skb_orphan() before skb_attempt_defer_free() 2d6cde9953f9 Revert "dsa: mv88e6xxx: make serdes SGMII/Fiber tx amplitude configurable" 0ad6d6e50e9d idpf: fix aux device unplugging when rdma is not supported by vport 258e7c55f939 idpf: cap maximum Rx buffer size bfeb4dfc8050 idpf: Fix error handling in idpf_vport_open() ab92fa4dd81b idpf: Fix RSS LUT NULL ptr issue after soft reset 9abe73eff87d idpf: Fix RSS LUT configuration on down interfaces b29a5a7dd1f4 idpf: Fix RSS LUT NULL pointer crash on early ethtool operations fe33b4252e4b idpf: fix issue with ethtool -n command display 1aedff70a5e9 idpf: fix memory leak of flow steer list on rmmod a514c374edcd idpf: fix error handling in the init_task on load 23391db8a00c idpf: fix memory leak in idpf_vc_core_deinit() ec602a2a4071 idpf: fix memory leak in idpf_vport_rel() ac122f5fb050 idpf: detach and close netdevs while handling a reset a9f5b61591d3 idpf: convert vport state to bitmap 14c4fea11536 idpf: keep the netdev when a reset fails 309a4c2fa676 PCI/VGA: Don't assume the only VGA device on a system is `boot_vga` c114a32a2e70 net: fix memory leak in skb_segment_list for GRO packets 177c71d2709f riscv: pgtable: Cleanup useless VA_USER_XXX definitions 5bfaf4fa3dc2 riscv: cpufeature: Fix Zk bundled extension missing Zknh 8a6b410e3d0f net: airoha: Fix npu rx DMA definitions 6d1b61b8e1e4 btrfs: fix NULL pointer dereference in do_abort_log_replay() 07effd536ddc btrfs: only enforce free space tree if v1 cache is required for bs < ps cases 92a559085114 btrfs: release path before initializing extent tree in btrfs_read_locked_inode() 0185dc4b5b0e vsock: Make accept()ed sockets use custom setsockopt() 543f8537b470 drm/amd/pm: force send pcie parmater on navi1x a1c0a4ccbe6d drm/amd/pm: fix wrong pcie parameter on navi1x deee9dfb111a perf: Ensure swevent hrtimer is properly destroyed 088ca99dbb03 inet: frags: drop fraglist conntrack references a5e2d902f64c virtio_net: fix device mismatch in devm_kzalloc/devm_kfree e3c738138975 bnxt_en: Fix potential data corruption with HW GRO/LRO 8181c79757cc net: wwan: iosm: Fix memory leak in ipc_mux_deinit() f2c4bcfa193e net/ena: fix missing lock when update devlink params b46675e1c593 net/mlx5e: Dealloc forgotten PSP RX modify header d35ab9fb5794 net/mlx5e: Don't print error message due to invalid module cba6cc0f4654 net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group 658496325824 net/mlx5: Lag, multipath, give priority for routes with smaller network prefix 8bdc624bf33d netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates e00b169eaac5 net: sock: fix hardened usercopy panic in sock_recv_errqueue fe71b71f0fe0 net: phy: mxl-86110: Add power management and soft reset support 1511ba2d6846 inet: ping: Fix icmp out counting f490af47bbee net: mscc: ocelot: Fix crash when adding interface under a lag b53fca69f455 bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress 326a4b7e61d0 net: marvell: prestera: fix NULL dereference on devlink_alloc() failure 8bdafdf49000 netfilter: nf_conncount: update last_gc only when GC has been performed 7f066cba650c netfilter: nf_tables: fix memory leak in nf_tables_newrule() 58dac9b28a57 gpio: pca953x: handle short interrupt pulses on PCAL devices fb674c8f1a5d gpiolib: fix race condition for gdev->srcu aaa24eeb63ad gpiolib: rename GPIO chip printk macros 97531f8e50d9 gpiolib: remove unnecessary 'out of memory' messages 75bfb05067d6 netfilter: nft_synproxy: avoid possible data-race on update operation 704c0258f0d7 netfilter: nft_set_pipapo: fix range overlap detection 499c0db5862f arm64: dts: mba8mx: Fix Ethernet PHY IRQ support 646d415f9860 arm64: dts: imx8qm-ss-dma: correct the dma channels of lpuart 4977cac699a4 arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics i.MX8M Plus DHCOM 5b5ef7049ebe arm64: dts: freescale: tx8p-ml81: fix eqos nvmem-cells f267ced2bcb0 arm64: dts: freescale: moduline-display: fix compatible 2c3f04f1f70c ARM: dts: imx6q-ba16: fix RTC interrupt level 88244021003b arm64: dts: add off-on-delay-us for usdhc2 regulator c200328fd57f arm64: dts: imx8qm-mek: correct the light sensor interrupt type to low level 42b66f4557a2 crypto: qat - fix duplicate restarting msg during AER error 7fd534abaa39 pinctrl: mediatek: mt8189: restore previous register base name array order 5b5482c0e5ee netfs: Fix early read unlock of page with EOF in middle b95a6e3b0d5d HID: Intel-thc-hid: Intel-thc: Fix wrong register reading a5eeebb994bf HID: Intel-thc-hid: Intel-thc: fix dma_unmap_sg() nents value 737f341080f4 gpio: it87: balance superio enter/exit calls in error path 43c2e3670334 gpu: nova-core: select RUST_FW_LOADER_ABSTRACTIONS 93900292af11 arm64: dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings c5ebc38066ce arm64: dts: ti: k3-am642-phyboard-electra-x27-gpio1-spi1-uart3: Fix schema warnings 0d4087c74869 arm64: dts: ti: k3-am642-phyboard-electra-peb-c-010: Fix icssg-prueth schema warning f09b0f705bd7 of: unittest: Fix memory leak in unittest_data_add() c8385851a543 btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() 99e057f3d3ef btrfs: fix NULL dereference on root when tracing inode eviction 1ee62906cbd9 btrfs: qgroup: update all parent qgroups when doing quick inherit 7d59377ada9f btrfs: fix qgroup_snapshot_quick_inherit() squota bug 5f0fd06d7571 scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" f1e2d448ccc1 scsi: ufs: core: Fix EH failure after W-LUN resume error 3a96f7f2677a scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset 382028023669 scsi: mpi3mr: Prevent duplicate SAS/SATA device entries in channel 1 aba03b371632 smb/client: fix NT_STATUS_NO_DATA_DETECTED value d4959a7900af smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value e2c146263966 smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value f1ae589310e1 drm/amd/display: shrink struct members 93ee5471731b ALSA: hda/realtek: Add support for ASUS UM3406GA ab775cc784f6 NFS: Fix up the automount fs_context to use the correct cred 8e73e0ee4530 ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) d82f6d1d43b3 NFSv4: ensure the open stateid seqid doesn't go backwards 6930c0229fb3 dm-snapshot: fix 'scheduling while atomic' on real-time kernels 232948cf600f dm-verity: disable recursive forward error correction fea0f86e4613 alpha: don't reference obsolete termio struct for TC* constants 9f53cfb9f4c2 ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels 8ad9e930fb91 csky: fix csky_cmpxchg_fixup not working c88717b10792 ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback a1d420370a24 ublk: reorder tag_set initialization before queue allocation 5647d42c47b5 libceph: make calc_target() set t->paused, not just clear it 10b7c7281036 libceph: reset sparse-read state in osd_fault() 9e0101e57534 libceph: return the handler error from mon_handle_auth_done() f21c3fdb9683 libceph: make free_choose_arg_map() resilient to partial allocation 6348d70af847 libceph: replace overzealous BUG_ON in osdmap_apply_incremental() 2d653bb63d59 libceph: prevent potential out-of-bounds reads in handle_auth_done() b97be67dc06e wifi: mac80211: restore non-chanctx injection behaviour e3c35177103e wifi: avoid kernel-infoleak from struct iw_point 5c12a13522f4 Revert "drm/mediatek: dsi: Fix DSI host and panel bridge pre-enable order" b7a883b0135d PM: hibernate: Fix crash when freeing invalid crypto compressor ea7a54393d50 pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping 391adca8e213 PCI: meson: Report that link is up while in ASPM L0s and L1 states 2b9c15286a17 io_uring/io-wq: fix incorrect io_wq_for_each_worker() termination logic 3aa67687d558 gpio: rockchip: mark the GPIO controller as sleeping b88191562d92 drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] 227997d16a53 drm/tidss: Fix enable/disable order 124b9d19e1d5 drm/pl111: Fix error handling in pl111_amba_probe 8a8bf7ed8230 drm/atomic-helper: Export and namespace some functions 1f50931f79dc drm/amdgpu: Fix query for VPE block_type and ip_count b023b3f236e8 drm/amd/display: Apply e4479aecf658 to dml 1d8b1ac985c9 arm64: dts: imx95: correct I3C2 pclk to IMX95_CLK_BUSWAKEUP 00d880c469b7 ALSA: hda/tas2781: properly initialize speaker_id for TAS2563 cb73d37ac18b ALSA: ac97: fix a double free in snd_ac97_controller_register() c12df0f5ca41 Revert "drm/atomic-helper: Re-order bridge chain pre-enable and post-disable" 0ce45b2426f9 nouveau: don't attempt fwsec on sb on newer platforms. 64a0d47e0c32 riscv: boot: Always make Image from vmlinux, not vmlinux.unstripped 5b7f91acffd2 tracing: Add recursion protection in kernel stack trace recording 425886b1f830 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag 844f521604bd counter: 104-quad-8: Fix incorrect return value in IRQ handler a0b28dd06a9a lib/crypto: aes: Fix missing MMU protection for AES S-box 30a98c97f787 rust_binder: remove spin_lock() in rust_shrink_free_page() 86e49948b0e6 mei: me: add nova lake point S DID d52af58dd463 btrfs: always detect conflicting inodes when logging inode refs 0174d5466cae bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup e86c4ee5a029 arm64: Fix cleared E0POE bit after cpu_suspend()/resume() ffa2be496ef6 net: do not write to msg_get_inq in callee d82796a57cc0 net: 3com: 3c59x: fix possible null dereference in vortex_probe1() 4ae815bfcfad atm: Fix dma_free_coherent() size 0f7fb819d63f NFSD: Remove NFSERR_EAGAIN db78fa4b9f1f NFSD: net ref data still needs to be freed even if net hasn't startup e06c9f6c0f55 nfsd: check that server is running in unlock_filesystem 099a880ef541 nfsd: use correct loop termination in nfsd4_revoke_states() 53f07d095e7e nfsd: provide locking for v4_end_grace a339b0168251 NFSD: Fix permission check for read access to executable-only files Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 4e194c6741 --------------------------- linux-yocto/6.12: update CVE exclusions (6.12.66) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 10 changes (5 new | 5 updated): - 5 new CVEs: CVE-2026-22278, CVE-2026-23761, CVE-2026-23762, CVE-2026-23763, CVE-2026-23764 - 5 updated CVEs: CVE-2021-47746, CVE-2021-47748, CVE-2025-64097, CVE-2025-69821, CVE-2026-1328 Date: Thu, 22 Jan 2026 16:23:30 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: e38a672c14 --------------------------- linux-yocto/6.12: update to v6.12.66 Updating linux-yocto/6.12 to the latest korg -stable release that comprises the following commits: f6044d1fd846 Linux 6.12.66 9e3f8fa53348 bpf: test_run: Fix ctx leak in bpf_prog_test_run_xdp error path f8b406198778 ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback 47e676ce4d68 tpm2-sessions: Fix out of range indexing in name_size 42440155fe27 spi: cadence-quadspi: Prevent lost complete() call during indirect read 3762535fbbc0 scsi: sg: Fix occasional bogus elapsed time that exceeds timeout 0810c8e94d6b ASoC: fsl_sai: Add missing registers to cache default 1d2a10913089 ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL 8072299bf13f ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 44ed8fae346f ALSA: usb-audio: Update for native DSD support quirks ba6f0d1832ee can: j1939: make j1939_session_activate() fail if device is no longer registered 47206d70d1fb drm/amdkfd: Fix improper NULL termination of queue restore SMI event string 1c06d85c3d51 spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ f609041424d5 drm/amd/display: Fix DP no audio issue 9f6cf07687be ata: libata-core: Disable LPM on ST2000DM008-2FR102 14fa3d1927f1 netfilter: nf_tables: avoid chain re-validation if possible feb28b6827ec powercap: fix sscanf() error return value handling 3835d59f6999 powercap: fix race condition in register_control_type() 7b60aed82db1 net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant fb9ef40cccdb bpf: Fix reference count leak in bpf_prog_test_run_xdp() 6447e697cfa8 bpf, test_run: Subtract size of xdp_frame from allowed metadata size 6611a73b2991 bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN 0eb6e9d3b724 bpf: Make variables in bpf_prog_test_run_xdp less confusing 202c5b915e22 bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than 4K 5c647749bce3 btrfs: fix beyond-EOF write handling afbb57899612 btrfs: use variable for end offset in extent_writepage_io() a915072e5ac3 btrfs: truncate ordered extent when skipping writeback past i_size 7216d78ca34f btrfs: remove btrfs_fs_info::sectors_per_page ced5459df05a btrfs: add extra error messages for delalloc range related errors fb4fa3f9012b btrfs: subpage: dump the involved bitmap when ASSERT() failed 9ed14c3b787b btrfs: fix error handling of submit_uncompressed_range() fcc04c92cbb5 ALSA: ac97: fix a double free in snd_ac97_controller_register() 71138011dc01 ALSA: ac97bus: Use guard() for mutex locks 7388ba6e5ccd erofs: fix file-backed mounts no longer working on EROFS partitions d47b03775d55 erofs: don't bother with s_stack_depth increasing for now dd6ccec088ad arp: do not assume dev_hard_header() does not change skb->head de77d2cd178a net: enetc: fix build warning when PAGE_SIZE is greater than 128K 471dfb97599e net: usb: pegasus: fix memory leak in update_eth_regs_async() 43497313d0da net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset 3d67e8c22685 HID: quirks: work around VID/PID conflict for appledisplay 4969d6fa61af net: netdevsim: fix inconsistent carrier state after link/unlink d916df47a031 idpf: cap maximum Rx buffer size a4212d6732e3 idpf: fix memory leak in idpf_vport_rel() be3d31276199 idpf: keep the netdev when a reset fails 3264881431e3 net: fix memory leak in skb_segment_list for GRO packets 92ff65c660eb riscv: pgtable: Cleanup useless VA_USER_XXX definitions 1eeaaeceafcf btrfs: only enforce free space tree if v1 cache is required for bs < ps cases 6762937a8b45 vsock: Make accept()ed sockets use custom setsockopt() f1029391e604 bnxt_en: Fix potential data corruption with HW GRO/LRO 57f1dd8fa966 net: wwan: iosm: Fix memory leak in ipc_mux_deinit() 9e0f54294fae net/mlx5e: Don't print error message due to invalid module b71d08b96864 netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates 005671c60fcf net: sock: fix hardened usercopy panic in sock_recv_errqueue 50f65526b33d inet: ping: Fix icmp out counting 03fb1708b7d1 net: mscc: ocelot: Fix crash when adding interface under a lag 269c9283ff7f bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress 3950054c9512 net: marvell: prestera: fix NULL dereference on devlink_alloc() failure 26a82dce2bee netfilter: nf_conncount: update last_gc only when GC has been performed e1a436981ac9 netfilter: nf_tables: fix memory leak in nf_tables_newrule() cdafa52ad39b gpio: pca953x: handle short interrupt pulses on PCAL devices d4f333a0155d gpio: pca953x: Add support for level-triggered interrupts dd42e23b6d9e netfilter: nft_synproxy: avoid possible data-race on update operation 16b4508e8717 netfilter: nft_set_pipapo: fix range overlap detection b397bb9c34ac arm64: dts: mba8mx: Fix Ethernet PHY IRQ support 97fdde3189b6 arm64: dts: imx8qm-ss-dma: correct the dma channels of lpuart 35b38dd6a792 arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics i.MX8M Plus DHCOM 88d60cff3000 ARM: dts: imx6q-ba16: fix RTC interrupt level 3e458210ee2c arm64: dts: add off-on-delay-us for usdhc2 regulator 06b1dfa40090 crypto: qat - fix duplicate restarting msg during AER error 8f6afb166402 arm64: dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings 75e2bc2985f4 drm/amd/display: Apply e4479aecf658 to dml 163df8d79a0d drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files 582ba48e4a4c btrfs: fix NULL dereference on root when tracing inode eviction ec3695dd0acd btrfs: tracepoints: use btrfs_root_id() to get the id of a root 53df7a4c3a56 btrfs: qgroup: update all parent qgroups when doing quick inherit b9b19fecad7d btrfs: fix qgroup_snapshot_quick_inherit() squota bug dedec6e6b421 scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" 496ca70a15f4 scsi: ufs: core: Fix EH failure after W-LUN resume error f373695d62e0 scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset 261233f765d2 smb/client: fix NT_STATUS_NO_DATA_DETECTED value 596d1b968660 smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value b1dd68601676 smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value e83af97d5c39 drm/amd/display: shrink struct members a8559efcd576 NFS: Fix up the automount fs_context to use the correct cred 71029266093b ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) e1df03e293a0 NFSv4: ensure the open stateid seqid doesn't go backwards 6a1099604b0c dm-snapshot: fix 'scheduling while atomic' on real-time kernels f002df3a3305 alpha: don't reference obsolete termio struct for TC* constants 1b645cd729ef ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels 7010683101b5 csky: fix csky_cmpxchg_fixup not working 32dc49f49ea0 drm/xe: Ensure GT is in C0 during resumes e724d0261b7c drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally f09cd209359a tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). 6f468f6ff233 libceph: make calc_target() set t->paused, not just clear it e94075e950a6 libceph: reset sparse-read state in osd_fault() d2c4a5f69966 libceph: return the handler error from mon_handle_auth_done() c4c2152a858c libceph: make free_choose_arg_map() resilient to partial allocation 6c6cec3db3b4 libceph: replace overzealous BUG_ON in osdmap_apply_incremental() 2802ef3380fa libceph: prevent potential out-of-bounds reads in handle_auth_done() f94f95b81736 wifi: mac80211: restore non-chanctx injection behaviour 024f71a57d56 wifi: avoid kernel-infoleak from struct iw_point fcb7500bfa24 pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping 321e17ff3142 gpio: rockchip: mark the GPIO controller as sleeping 7500ab83bad2 drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] bc96db7051cc drm/pl111: Fix error handling in pl111_amba_probe 90b4b130a20d drm/amdgpu: Fix query for VPE block_type and ip_count 49a66829dd36 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag c61440f1e741 counter: 104-quad-8: Fix incorrect return value in IRQ handler 196e8fd7424b lib/crypto: aes: Fix missing MMU protection for AES S-box 97130283b83f mei: me: add nova lake point S DID 0c2413c69129 btrfs: always detect conflicting inodes when logging inode refs 8b402146e3a8 arm64: Fix cleared E0POE bit after cpu_suspend()/resume() 2f05f7737e16 net: 3com: 3c59x: fix possible null dereference in vortex_probe1() 1320d94a4df1 atm: Fix dma_free_coherent() size 3f5d7f3865c6 NFSD: Remove NFSERR_EAGAIN 8c1cf63ed465 NFSD: net ref data still needs to be freed even if net hasn't startup d95499900fe5 nfsd: check that server is running in unlock_filesystem 03c68f94fad1 nfsd: use correct loop termination in nfsd4_revoke_states() ba4811c8b433 nfsd: provide locking for v4_end_grace 6b7ad17f4dd5 NFSD: Fix permission check for read access to executable-only files Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: b6490ff2da --------------------------- linux-yocto/6.12: update CVE exclusions (6.12.65) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 10 changes (7 new | 3 updated): - 7 new CVEs: CVE-2025-61937, CVE-2025-61943, CVE-2025-64691, CVE-2025-64729, CVE-2025-64769, CVE-2025-65117, CVE-2025-65118 - 3 updated CVEs: CVE-2025-7195, CVE-2025-9903, CVE-2025-9904 Date: Fri, 16 Jan 2026 00:42:12 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: f2d250a607 --------------------------- linux-yocto/6.12: update to v6.12.65 Updating linux-yocto/6.12 to the latest korg -stable release that comprises the following commits: 39cb076c7dc7 Linux 6.12.65 b00d41629d81 Revert "iommu/amd: Skip enabling command/event buffers for kdump" 69f542a54578 pwm: stm32: Always program polarity 828b59fdf8ef virtio_console: fix order of fields cols and rows 1b9c118fe318 sched/fair: Proportional newidle balance c6ae271bc5fd sched/fair: Small cleanup to update_newidle_cost() 52aa889c6f57 sched/fair: Small cleanup to sched_balance_newidle() 4888e1dcc341 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. b03136582acb cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes c4d18e9540bf drm/amdgpu: Forward VMID reservation errors 585dbb5cdbb8 net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration 7b240a8935d5 wifi: mac80211: Discard Beacon frames to non-broadcast address 1c7c3a9314d8 mptcp: ensure context reset on disconnect() 58a32633d124 mm: consider non-anon swap cache folios in folio_expected_ref_count() 11f66b84fa7e mm: simplify folio_expected_ref_count() 914769048818 mm/page_alloc: change all pageblocks migrate type on coalescing 79f80a7a4784 mptcp: fallback earlier on simult connection Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: d5cfa342d0 --------------------------- barebox/barebox-tools: upgrade 2025.12.0 -> 2026.01.0 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 0331b8b93d --------------------------- gpgme: ensure manpage generation is deterministic In a similar way to the previous commits with pod2man, gpgme will not generate manpages on a clean build but will on rebuilds due to do_package -> rpm-native -> ... -> libgpg-error-native, where the libgpg-error-native recipe provides the yat2m tool. To ensure that we generate manpages deterministicly, depend on this recipe. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9317356fe2 --------------------------- wget: ensure manpage generation is deterministic Add pod2man-native to DEPENDS to ensure that pod2man is always available and manpage generation is deterministic. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9b8a8285c7 --------------------------- wget: merge .bb/.inc There's just a single recipe file that uses the .inc, so merge them. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 255f0bcc16 --------------------------- ffmpeg: ensure manpage generation is deterministic Add pod2man-native to DEPENDS to ensure that pod2man is always available and manpage generation is deterministic. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 1d1e55d200 --------------------------- perl: provide pod2man Many recipes uses pod2man to generate manpages from an almost human-readable source format, which is part of the perl recipe. This means that we have recipes that don't install manpages, or more accurately don't install manpages if built from clean but _do_ if they are a rebuild (because do_package -> rpm-native -> perl-native means the sysroot now has pod2man in). The obvious fix here is to DEPEND on perl-native but that an often look like a redundant dependency that can be removed as removing it doesn't cause problems (I'm fairly confident I'm responsible for patches like this). So, add a PROVIDES of pod2man to perl, so that recipes can DEPEND on pod2man-native and this dependency is both obvious as to it's purpose and easily removed if the manpages change source format. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 65683a5ffd --------------------------- glibc: stable 2.42 branch updates git log --oneline e34453cd6a8c592c325756ff3c7ac0afd3975cb4..453e6b8dbab935257eb0802b0c97bca6b67ba30e 453e6b8dba (HEAD, origin/release/2.42/master) resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915) b0ec8fb689 memalign: reinstate alignment overflow check (CVE-2026-0861) f122d0b4d1 nptl: Optimize trylock for high cache contention workloads (BZ #33704) a1d3294a5b support: Exit on consistency check failure in resolv_response_add_name 8dfb84ad4e support: Fix FILE * leak in check_for_unshare_hints in test-container 2a0873aa81 sprof: fix -Wformat warnings on 32-bit hosts efdf4c0c87 sprof: check pread size and offset for overflow b11411fe2e posix: Fix invalid flags test for p{write,read}v2 8aaf4b732d ppc64le: Power 10 rawmemchr clobbers v20 (bug #33091) 2dbf973fe0 ppc64le: Restore optimized strncmp for power10 6b2957cfe8 ppc64le: Restore optimized strcmp for power10 828b8d23f3 AArch64: Fix and improve SVE pow(f) special cases 710d7a2e83 AArch64: fix SVE tanpi(f) [BZ #33642] 0c9430ed97 AArch64: Fix instability in AdvSIMD sinh ec041b1f53 AArch64: Fix instability in AdvSIMD tan 97297120ce AArch64: Optimise SVE scalar callbacks 17c3eab387 aarch64: fix includes in SME tests de1fe81f47 aarch64: fix cfi directives around __libc_arm_za_disable bf499c2a49 x86: fix wmemset ifunc stray '!' (bug 33542) 71874f167a aarch64: tests for SME 256030b984 aarch64: clear ZA state of SME before clone and clone3 syscalls 6de12fc9ad aarch64: define macro for calling __libc_arm_za_disable ab8c1b5d62 x86: Detect Intel Nova Lake Processor bf48b17a28 x86: Detect Intel Wildcat Lake Processor 18fd689cdc nptl: Fix MADV_GUARD_INSTALL logic for thread without guard page (BZ 33356) 46b4e37c9e nss: Group merge does not react to ERANGE during merge (bug 33361) 1166170d95 libio: Define AT_RENAME_* with the same tokens as Linux Testing Results: +--------------+--------+--------+------+ | Result | Before | After | Diff | +--------------+--------+--------+------+ | PASS | 6890 | 6890 | 0 | | XPASS | 4 | 4 | 0 | | FAIL | 123 | 123 | 0 | | XFAIL | 16 | 16 | 0 | | UNSUPPORTED | 104 | 104 | 0 | +--------------+--------+--------+------+ Signed-off-by: Hemanth Kumar M D Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 3bece75685 --------------------------- less: upgrade 685 -> 691 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: fc27232232 --------------------------- alsa-ucm-conf: upgrade 1.2.15.2 -> 1.2.15.3 Changelog: https://www.alsa-project.org/wiki/Changes_v1.2.15.2_v1.2.15.3 Signed-off-by: Wang Mingyu [AG: add changelog in commit message] Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: e6f1467997 --------------------------- alsa-lib: upgrade 1.2.15.2 -> 1.2.15.3 Changelog: https://www.alsa-project.org/wiki/Changes_v1.2.15.2_v1.2.15.3 Signed-off-by: Wang Mingyu [AG: add changelog in commit message] Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 253da2e6fc --------------------------- lto.inc: add clang specific LTO configuration This commit adds support for Clang-specific LTO options. 1. -fuse-linker-plugin is not supported by Clang. 2. -ffat-lto-objects is used to ensure that object files (.o) are generated as ELF even when LTO is applied. During the dwarfsrcfiles process, if LTO is used with the Clang toolchain, static library object files are skipped if they are LLVM bitcode instead of ELF. Therefore, it is recommended to add this to LTOEXTRA if necessary. 3. Adding 'thin-lto' to DISTRO_FEATURES enables -flto=thin. Signed-off-by: mark.yang Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b4b1538395 --------------------------- libxml2: Fix CVE-2026-0992 Backport a patch [1] to fix CVE-2026-0992. [1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d Signed-off-by: Mingli Yu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 20d68d0d96 --------------------------- libxml2: Fix CVE-2026-0990 Backport a patch [1] to fix CVE-2026-0990. [1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982 Signed-off-by: Mingli Yu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 8394729be2 --------------------------- oeqa/runtime: Update tests for maturin * The output from maturin has changed in newer releases. * Bump guessing-game version to 0.3.0 * Update to abi3 Python3 >= 3.9 support. NOTE: The "maturin develop" step builds around 45 crates and needs enough RAM to run. You will also probably want the performance of KVM. For QEMU/testimage, you will want the following in local.conf (or a similar .conf file): QEMU_USE_KVM = 'True' QB_MEM = '-m 2048' Signed-off-by: Tim Orling Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9a560f9010 --------------------------- lib/oeqa/files/maturin: update guessing_game Update to include changes in upstream Maturin Tutorial [1] and for newer Rust and Python. Cargo.toml: * version: 0.1.0 -> 0.3.0 (to align with [2]) * edition: 2021 -> 2024 * Dependencies: - rand: 0.8.5 -> 0.9.0 - pyo3: 0.21.2 -> 0.27.2 - abi3-py38 -> abi3-py39 (Python 3.8 reached EOL in October 2024) pyproject.toml: * restrict maturin to >=1.7 to ensure PyO3 27.0+ and python 3.13+ support src/lib.rs: * rand 0.9 API change: rand::thread_rng() was removed. Use rand::rng() or the convenience function rand::random_range(). * PyO3 0.27 has breaking API changes from 0.21. The #[pymodule] function signature changed from fn module_name(py: Python, m: &PyModule) to fn module_name(m: &Bound<'_, PyModule>). With help from Claude.ai [1] https://www.maturin.rs/tutorial.html [2] https://github.com/moto-timo/guessing-game/releases/tag/v0.3.0 Signed-off-by: Tim Orling Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: e0ab523422 --------------------------- python3-maturin: upgrade 1.10.2 -> 1.11.5 Release Notes: https://github.com/PyO3/maturin/blob/main/Changelog.md#1115 * 1.11.5 - Allow combining --compatibility pypi with other --compatibility values (#2928) * 1.11.4 - Support armv6l and armv7l in pypi compatibility (#2926) - Improve the reliability of maturin's own CI * 1.11.3 - Fix manylinux2014 compliance check (#2922) * 1.11.2 - Fix failed release * 1.11.1 - Fix compiled artifacts being excluded by source path matching (#2910) - Better error reporting for missing interpreters (#2918) - Ignore unreadable excluded directories (#2916) * 1.11.0 - Yanked - Note: This release was yanked to a regression: #2909 - Refactor ModuleWriter to be easier to implement and use - Add Android cross compilation support, fix wheel tags for Android - Update generate-ci to macos-15-intel and add windows arm support - Deprecate 'upload' and 'publish' CLI commands Comparing changes: https://github.com/PyO3/maturin/compare/v1.10.2...v1.11.5 Signed-off-by: Tim Orling Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 7b1aa0caea --------------------------- gcc: fix patch format This is the only gcc patch which doesn't work with git am: ``` git am gcc-15.2.0-r0/sources/*.patch ... Applying: Signed-off-by: Harish Sadineni fatal: empty ident name (for <>) not allowed ``` Signed-off-by: Etienne Cordonnier Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: a13e299cd4 --------------------------- time64/pipewire: Use consistent TIME defines Pipewire crashes when other dependent libraries are built with the different TIME and FILE_OFFSET defines. Related bug report: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/5055 Signed-off-by: Vyacheslav Yurkov Signed-off-by: Barnabás Pőcze Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 6c31c2a731 --------------------------- build-appliance-image: Update to master head revisions Signed-off-by: Richard Purdie --------------------------- Commit: 831fcbebf3 --------------------------- flac: fix compile failed on musl While not including security_flags.inc $ echo "TCLIBC = 'musl'" >> conf/local.conf $ echo "MACHINE = 'qemux86'" >> conf/local.conf $ bitbake flac ... | libtool: link: (cd .libs/libFLAC++-static.lax/libFLAC-static.a && i686-oe-linux-musl-gcc-arx "/buildarea5/hjia/oe-core/build/tmp/work/core2-32-oe-linux-musl/flac/1.5.0/build/src/libFLAC++/ ../libFLAC/.libs/libFLAC-static.a") | build/tmp/work/core2-32-oe-linux-musl/flac/1.5.0/recipe-sysroot-native/usr/bin/ i686-oe-linux-musl/../../libexec/i686-oe-linux-musl/gcc/i686-oe-linux-musl/15.2.0/ld: .libs/metadata.o: in function `FLAC::Metadata::VorbisCo mment::set_comment(unsigned int, FLAC::Metadata::VorbisComment::Entry const&)': | /usr/src/debug/flac/1.5.0/src/libFLAC++/metadata.cpp:913:(.text+0x2032): undefined reference to `__stack_chk_fail_local' ... Refer [1], make gcc pass -lssp_nonshared to the linker whether including security_flags.inc or not [1] https://www.openwall.com/lists/musl/2018/09/11/2 Signed-off-by: Hongxu Jia Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: a0ab3d1c4f --------------------------- initramfs-framework: add handover of PID 1's arguments Although many PID 1 programs parse /proc/cmdline, let's follow the standard convention and forward the command-line arguments received from the kernel to the next PID 1 program. Signed-off-by: Ulrich Ölmann Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: ec14816cc5 --------------------------- gstreamer1.0-plugins-good: Add Qt6 QML plugin support GStreamer 1.26 supports both Qt5 and Qt6 QML video sink plugins. Add PACKAGECONFIG[qt6] to enable the Qt6 plugin alongside the existing Qt5 support. The Qt5 plugin builds ext/qt/ directory, while Qt6 builds ext/qt6/. Both can coexist and are controlled by separate meson options (-Dqt5 and -Dqt6). Signed-off-by: Telukula Jeevan Kumar Sahu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 273ddefaf3 --------------------------- yocto-check-layer: Add docstring to test_readme method Signed-off-by: Ricardo Ungerer Signed-off-by: Richard Purdie --------------------------- Commit: 2ef78bb6ed --------------------------- yocto-check-layer: Fix README email check So far the test_readme have been use of re.match to find an email address in the README file. This only matches if the email address is at the start of the file. This commit changes this to re.search to find email addresses anywhere in the README file. Signed-off-by: Ricardo Ungerer Signed-off-by: Richard Purdie --------------------------- Commit: 9fe883ce4c --------------------------- yocto-check-layer: Add messages in test_readme assertions Assertions in test_readme does not provide context message when they fail. Which leads to errors like: File "/media/workspace/yocto_master/openembedded-core/scripts/lib/checklayer/cases/common.py", line 41, in test_readme self.assertTrue(email_regex.match(data)) AssertionError: None is not true This patch adds context messages to the assertions to help identify the issue when they fail. Signed-off-by: Ricardo Ungerer Signed-off-by: Richard Purdie --------------------------- Commit: 587e5d5aad --------------------------- systemd: do not let do_fetch depend on PACKAGECONFIG It's unnecessary to make SRC_URI contains something like: ${@bb.utils.contains('PACKAGECONFIG', 'xxx', 'file://xxx', '', d)} This does not give us any benefit and it makes do_fetch depend on PACKAGECONFIG, which means changing of PACKAGECONFIG will result in rerunn of do_fetch. Besides, the related codes in do_install already does the necessary checks. Signed-off-by: Chen Qi Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 2581dad215 --------------------------- default-providers: remove ltp entry We have a default provider for ltp on the basis that there is an alternative in meta-oe called ltp-ddt, but this was removed in 2017[1]. [1] meta-oe ec9e5ed062 ("recipes: remove blacklisted recipes") Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9c18cb1d4d --------------------------- libpng: upgrade 1.6.53 -> 1.6.54 Handles CVE-2026-22695 and CVE-2026-22801. License-Update: copyright years refreshed Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: d3e4f89552 --------------------------- go: upgrade 1.25.5 -> 1.25.6 Upgrade to latest 1.25.x release [1]: $ git --no-pager log --oneline go1.25.5..go1.25.6 69801b25b9 (tag: go1.25.6) [release-branch.go1.25] go1.25.6 9d497df196 [release-branch.go1.25] archive/zip: reduce CPU usage in index construction afa9b66ac0 [release-branch.go1.25] net/url: add urlmaxqueryparams GODEBUG to limit the number of query parameters 2526187481 [release-branch.go1.25] cmd/go/internal/work: sanitize flags before invoking 'pkg-config' 082365aa55 [release-branch.go1.25] cmd/go: update VCS commands to use safer flag/argument syntax 4be38528a6 [release-branch.go1.25] crypto/tls: don't copy auto-rotated session ticket keys in Config.Clone 525dd85363 [release-branch.go1.25] crypto/tls: reject trailing messages after client/server hello ddcf27fc8c [release-branch.go1.25] Revert "errors: optimize errors.Join for single unwrappable errors" 14f50f6e3e [release-branch.go1.25] cmd/compile: handle propagating an out-of-range jump table index 4e531b2f14 [release-branch.go1.25] runtime: mark getfp as nosplit 6f07a57145 [release-branch.go1.25] runtime/race: set missing argument frame for ppc64x atomic And/Or wrappers ea603eea37 [release-branch.go1.25] os: allow direntries to have zero inodes on Linux 93f5d1c27e [release-branch.go1.25] os,internal/poll: don't call IsNonblock for consoles and Stdin d5bfdcbc47 [release-branch.go1.25] crypto/tls: use inner hello for earlyData when using QUIC and ECH Fixes CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119 and CVE-2025-61730. Release information: [2] [1] https://github.com/golang/go/compare/go1.25.5...go1.25.6 [2] https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 5e6030f970 --------------------------- mesa: upgrade 25.3.1 -> 25.3.3 Upgrade Mesa to the latest stable release, picking up several fixes (mostly anv, radv and pan/panvk/panfrost drivers). Signed-off-by: Dmitry Baryshkov Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 3b05f58586 --------------------------- mesa: drop VDPAU remnants Mesa 25.3.x dropped support for VDPAU. Commit 88e26a937549 ("mesa: upgrade 25.2.5 -> 25.3.1") has dropped most of VDPAU-related items, but it didn't drop mesa-vdpau-drivers package (nor did it drop VDPAU bits from mesa-dev). Drop those remnants. Fixes: 88e26a937549 ("mesa: upgrade 25.2.5 -> 25.3.1") Signed-off-by: Dmitry Baryshkov Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 39fe1758ff --------------------------- qemu: 10.1.3 -> 10.2.0 Upgrade qemu from 10.1.3 to 10.2.0: * remove backported 0012 patch * update context for patches 0002 and 0010 Signed-off-by: Kai Kang Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 55f82653de --------------------------- lsb.py: strip ' from os-release file In gentoo the file looks like this: NAME='Gentoo' ID='gentoo' PRETTY_NAME='Gentoo Linux' VERSION='2.18' VERSION_ID='2.18' HOME_URL='https://www.gentoo.org/' SUPPORT_URL='https://www.gentoo.org/support/' BUG_REPORT_URL='https://bugs.gentoo.org/' ANSI_COLOR='1;32' ' were added with: https://github.com/gentoo/gentoo/commit/2f590e35c9d3d13d5673163527120b2de97fdc80 before that the os-release file looked like this: NAME=Gentoo ID=gentoo PRETTY_NAME="Gentoo Linux" ANSI_COLOR="1;32" HOME_URL="https://www.gentoo.org/" SUPPORT_URL="https://www.gentoo.org/support/" BUG_REPORT_URL="https://bugs.gentoo.org/" VERSION_ID="2.18" The ' is stripped from the ID later in distro_identifier with: # Filter out any non-alphanumerics and convert to lowercase distro_id = re.sub(r'\W', '', distro_id).lower() but not from version which results in a weird NATIVELSBSTRING like: NATIVELSBSTRING = "gentoo-'2.18'" And similarly the directory name in sstate-cache: oe-core $ ls -d sstate-cache/gentoo-* "sstate-cache/gentoo-'2.18'" sstate-cache/gentoo-2.18 Signed-off-by: Martin Jansa Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 81c469a0e9 --------------------------- harfbuzz: Upgrade 12.2.0 -> 12.3.0 CVE: CVE-2026-22693 Signed-off-by: Yasir Al-Latifi Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: c9d501388f --------------------------- oe-selftest: runqemu: use zst rootfs for test Use .tar.zst as rootfs IMAGE_FSTYPES in the runqemu selftest to make the test quicker and more relevant to current usage. Simplify changing the IMAGE_FSTYPES for the test. Improve the test speed by using get_bb_vars to get multiple bb vars at once. Signed-off-by: Adrian Freihofer Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 3a6172fbb6 --------------------------- runqemu: support .tar.zst, .tar,xz, .tar rootfs archives Split the tar types into a separate list and use it where needed. Signed-off-by: Adrian Freihofer Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 804a238c8a --------------------------- createrepo-c: upgrade 1.2.1 -> 1.2.2 Full list of changes in this release is available at [0]. [0]: https://github.com/rpm-software-management/createrepo_c/releases/tag/1.2.2 Signed-off-by: Moritz Haase Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 8a59c0c601 --------------------------- gn: upgrade to latest revision Signed-off-by: Khem Raj Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 5fa86d75b8 --------------------------- re2c: upgrade 4.3.1 -> 4.4 Signed-off-by: Khem Raj Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 0d0ec25e1c --------------------------- opensbi: bump to 1.8.1 This intermediate release has following fixes: - Typo fix in comments of sbi_hartindex_to_hartid() - Fix hart protection abstraction for platforms without PMP Allow the platform to boot without PMP, but it is still necessary to enable PMP on QEMU; otherwise, there will be nothing to protect the M-mode firmware (OpenSBI) from lower privilege modes. Signed-off-by: Thomas Perrot Tested-by: Michael Opdenacker Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 4c6d5f9699 --------------------------- alsa-utils: fix packaging In the previous refactoring of this package[1] I forgot to add provides when merging some packages, which meant that installation of alsa-utils wouldn't succeed: - nothing provides alsa-utils-aplaymidi needed by alsa-utils-1.2.15.1-r0.cortexa57 from oe-repo - nothing provides alsa-utils-aplaymidi2 needed by alsa-utils-1.2.15.1-r0.cortexa57 from oe-repo - nothing provides alsa-utils-arecordmidi needed by alsa-utils-1.2.15.1-r0.cortexa57 from oe-repo - nothing provides alsa-utils-arecordmidi2 needed by alsa-utils-1.2.15.1-r0.cortexa57 from oe-repo - nothing provides alsa-utils-axfer needed by alsa-utils-1.2.15.1-r0.cortexa57 from oe-repo This is because the auto-splitting generates a package for each of the binaries, but there are explicit FILES that take priority which result in the binaries being in another package. However, the dependencies still exist. We could filter the package list after the split, but it is easier to add RPROVIDES for arecord and a*midi to the relevant packages, so that the dependencies are satisfied. Also axfer is a separate tool, so put that in its own package instead of merging with aplay. Finally, add a PR, as it appears that dynamically-generated packaging isn't enough to change the hash, and the wrong packages were being pulled from sstate. Signed-off-by: Ross Burton Tested-by: Ryan Eatmon Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b0592c51b6 --------------------------- zlib: ignore CVE-2026-22184 This is CVE for example tool contrib/untgz. This is not compiled in Yocto zlib recipe. This CVE has controversial CVSS3 score of 9.8. Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 0baab9204f --------------------------- fontconfig: backport a patch to fix a build race There's a build race where some objects don't explicitly depend on the generated header ftalias.h being created: In file included from ../sources/fontconfig-2.17.1/src/fcpat.c:23: ../sources/fontconfig-2.17.1/src/fcint.h:129:12: fatal error: fcalias.h: No such file or directory 129 | # include "fcalias.h" Backport a patch from upstream to add the missing dependencies. [ YOCTO #16134 ] Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 0acce89f26 --------------------------- fontconfig: remove obsolete workaround We don't need to delete two stale files from the source tree anymore, as they are no longer shipped in the tarballs[1]. [1] fontconfig 31269e35 ("Do not ship fcobjshash.h") Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 20f2ea3756 --------------------------- coreutils: Backport fix for lseek_copy loop We've seen intermittent failures on the autobuilder related to creating hddimg images after updating to coreutils 9.9. The error message seen is: install: cannot lseek '.../core-image-minimal/1.0/sources/core-image-minimal-1.0/hddimg/rootfs.img': Invalid argument This corresponds to an invalid argument passed to lseek() in the create_hole() function in src/copy-file-data.c in coreutils. This in turn is being given bad arguments due to incorrect handling of loop variables in lseek_copy(). The upstream bug report [1] refers to an infinite loop, which isn't quite what we're seeing, but the cause is likely the same. So, we're applying the upstream fixes. [1]: https://github.com/coreutils/coreutils/issues/159 [YOCTO #16120] Signed-off-by: Paul Barker Signed-off-by: Richard Purdie --------------------------- Commit: 9382dee2a5 --------------------------- python3: skip flaky test_default_timeout test We have been observing intermittent issues with this test on the Autobuilder: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15885 This is probably due to the Autobuilder being heavily loaded at the time of the test. The logs on the ticket above do not allow us to know which of the two "test_default_timeout" tests is failing, so disable both with self.skipTest(). Excerpt from `ptest-runner python3`: test_default_timeout (test.test_multiprocessing_fork.test_manager.WithManagerTestBarrier.test_default_timeout) SKIP: Test the barrier's default timeout 'skip flaky timeout test' [YOCTO #15885] Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 524f4bbb11 --------------------------- pseudo: Update to 1.9.3 release Pulls in the following changes: Makefile.in: Bump version to 1.9.3 configure: Minor code quality changes pseudo: code quality scan - resolved various potential issues makewrappers: improve error handling and robustness Update COPYRIGHT files ports/linux/pseudo_wrappers.c: Call the wrappers where possible ports/linux/pseudo_wrappers.c: Workaround compile error on Debian 11 ports/linux/pseudo_wrappers.c: Reorder the syscall operations ports/unix/guts/realpath.c: Fix indents pseudo_util.c: Skip realpath like expansion for /proc on Linux test/test-proc-pipe.sh: Add test case for proc pipes ports/unix/guts/realpath.c: realpath fails if the resolved path doesn't exist Signed-off-by: Richard Purdie Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 22c3ebacd3 --------------------------- dpkg: Fix ADMINDIR dpkg has a hard coded path (from build time) for the ADMINDIR, for some reason the "set_root" function was using this hard coded value instead of the value from apt.conf or the environment. Follow the example of db_dir.c and use the environment if set. Adjust the matching oe package_manager functions to set the ADMINDIR, even though the apt.conf sets --admindir. Note it's unclear if the --admindir value that is set is reasonable or not. Signed-off-by: Mark Hatle [AG: add Upstream-Status - Submitted to patch] Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: c6e2bfc538 --------------------------- selftest: uboot: Add selftests for new UBOOT_CONFIG flow This adds seven new selftests to verify the functionality of the overhauled UBOOT_CONFIG flow. Signed-off-by: Ryan Eatmon Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 9e96d3dede --------------------------- u-boot: Add support for UBOOT_CONFIG_FRAGMENTS and UBOOT_FRAGMENTS There are config fragments that live in the u-boot source tree. UBOOT_FRAGMENTS will globally add a set of fragments to the configure. UBOOT_CONFIG_FRAGMENTS makes use of the overhauled config flow to add support for specifying alternative fragments for each variation build. Signed-off-by: Ryan Eatmon Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: cd9e730448 --------------------------- u-boot: Overhaul UBOOT_CONFIG flow The existing flow for setting UBOOT_CONFIG options is a little confusing. The comma separated list is difficult to remember which slot is used for which option, and the order of the options cannot be changed just added on to. This commit overhauls the UBOOT_CONFIG flow while maintaining the backwards compatibility with the existing settings. Rather than use a comma separated list, a new set of placeholder variables have been defined where the same config flags can be used to specify all of the needed changes: UBOOT_CONFIG = "foo bar" UBOOT_CONFIG[foo] = "config1,fstype1,binary1" UBOOT_CONFIG[bar] = "config2,fstype2,binary2" becomes: UBOOT_CONFIG = "foo bar" UBOOT_CONFIG[foo] = "config1" UBOOT_CONFIG[bar] = "config2" UBOOT_CONFIG_IMAGE_FSTYPES[foo] = "fstype1" UBOOT_CONFIG_IMAGE_FSTYPES[bar] = "fstype2" UBOOT_CONFIG_BINARY[foo] = "binary1" UBOOT_CONFIG_BINARY[bar] = "binary2" The previous addition of makeopts has been removed and replaced with: UBOOT_CONFIG_MAKE_OPTS[config] = "opts" Signed-off-by: Ryan Eatmon Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a7386d071d --------------------------- qemurunner: Improve qmp module detection. Instead of using logfile to detect where qmp is located we can pass sysroot_native directly to the qemurunner so it can find the qmp module itself. Signed-off-by: Tom Geelen Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b013d62d10 --------------------------- buildhistory: fix handling of RDEPENDS style strings RDEPENDS style strings are regex searched for entries matching the usual, allowed package names (plus possible version flags). RPROVIDES however, is also allowed to contain actual file paths like '/bin/sh', which get broken by the current implementation. Use bb.utils to handle RDEPENDS style stings. Signed-off-by: Adam Blank Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 6de3d2602f --------------------------- oeqa/selftest/wic: test recursive dir copy on ext partitions Extend the wic selftests to cover recursive directory copying into ext partitions. Previously, copying a directory into an ext partition could appear to succeed, but attempting to access the directory contents would fail with: -l: Ext2 inode is not a directory This was fixed in commit 4fc3b42774 ("wic/engine: fix copying directories into wic image with ext* partition"). This test now verifies that directories copied with "wic cp" into an ext4 partition: - are created with correct inode types - can be listed recursively with "wic ls" - preserve files and subdirectories - can be copied back out of the image without data loss A simple directory structure is used in this test: wic-test-cp-ext-dir/ ├── topfile.txt └── subdir/ └── subfile.txt Signed-off-by: Daniel Dragomir Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1ed38aff5f --------------------------- wic/engine: fix copying directories into wic image with ext* partition wic uses debugfs to write on ext* partitions, but debugfs can only write to the current working directory and it cannot copy complete directory trees. Running 'wic ls' on a copied directory show this: -l: Ext2 inode is not a directory Fix this by creating a command list for debugfs (-f parameter) when recursive parsing the host directory in order to create a similar directory structure (mkdir) and copy files (write) on each level into the destination directory from the wic's ext* partition. Signed-off-by: Daniel Dragomir Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 23b94797cb --------------------------- libinput: expand PACKAGECONFIG The 1.30 release added support for Lua plugins, so add a disabled-by-default PACKAGECONFIG for the Lua plugin support. Move mtdev from being always on to an enabled-by-default PACKAGECONFIG. Merge the udevdir evaluation directly into EXTRA_OEMESON, there's no need for it to be a separate variable. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 650bb45251 --------------------------- runqemu-extract-sdk: support tar.zst format Building `core-image-minimal-dev` with Poky Whinlatter, the rootfs tarball is compressed with zstd by default, meaning this script won't work out of the box with it. Signed-off-by: Alex Bradbury Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 32dfd18209 --------------------------- libpcre2: Limit the undefined-version to non-native variants Native variant maybe built with GNU linker which does not recognize. Fixes build on ubuntu 22.04 /home/kraj200/yoe/build/tmp/hosttools/ld: unrecognized option '--undefined-version' Signed-off-by: Khem Raj Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 4dc01e0162 --------------------------- systemd-compat-units: generate masks at build time Originally, this recipe masked the units at rootfs-time by looking to see if the init script to be masked existed, and masking it if so. That however suffers from a race condition where the postinst script may be executed before the package that provides a script has been installed so this was changed to be an on-target postinst[1], so we know that all of the packages have been installed. However, this now means that you can't have an image that install this package _and_ is read-only, because we have an on-target postinst to execute. There's also another problem that with on-target package management, it would be possible to install a package that should be masked after the postinst has been executed, so the mask won't exist. Taking a step back, a systemd unit mask is just a symlink to /dev/null with the right name in the right path. So instead of masking in a post- install script, we can generate all the masks at build-time. This change reduces this package to just a number of symlinks, with no post-install scripts. [ YOCTO #16109 ] [1] oe-core e88f22da19 ("systemd-compat-units: execute postinst on target") Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: a5fd6d700d --------------------------- python3: add new files to compression As of Python 3.14, there is a new top-level compression module that contains the gzip and tarfile modules from previous versions, along with a new _common module. However, for compatibility reasons the project is also leaving a copy of the gzip and tarfile modules in the original positions (to be handled in a future deprecation cycle). Signed-off-by: Trevor Gamblin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9dfe1e7722 --------------------------- python3: add _ast_unparse to core Without this, we will see import errors for modules that use annotationlib like so: |../../python3.14/annotationlib.py:487: in __repr__\n' | return ast.unparse(self.__ast_node__)\n' | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n' |../../python3.14/ast.py:622: in unparse\n' | from _ast_unparse import Unparser as _Unparser\n' |E ModuleNotFoundError: No module named '_ast_unparse'\n" Signed-off-by: Trevor Gamblin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 01982411b5 --------------------------- python3: add _py_warnings, annotationlib to core Without adding these, there will be numerous packages that will have to add python3-misc to their RDEPENDS just to dispel some warnings, like: |root@qemux86-64:~# python3 |Python 3.14.2 (main, Dec 5 2025, 16:49:16) [GCC 15.2.0] on linux |Type "help", "copyright", "credits" or "license" for more information. |warning: can't use pyrepl: No module named 'annotationlib' and errors like: |>>> import logging |Traceback (most recent call last): | File "", line 1, in | File "/usr/lib/python3.14/logging/__init__.py", line 26, in | import sys, os, time, io, re, traceback, warnings, weakref, collections.abc | File "/usr/lib/python3.14/traceback.py", line 8, in | import warnings | File "/usr/lib/python3.14/warnings.py", line 15, in | from _py_warnings import ( |ModuleNotFoundError: No module named '_py_warnings' Add them to python3-core rather than requiring another split. Signed-off-by: Trevor Gamblin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 43fcf226c7 --------------------------- python3: upgrade 3.14.0 -> 3.14.2 Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-14-2-final Builds OK: |BUILDALL-QEMU LOG FOR python3 |START TIME: 2025-12-12_14:47:51 |HOSTNAME: megalith |HOST OS: Fedora Linux 43 (Server Edition) |HOST KERNEL: 6.17.10-300.fc43.x86_64 |=============== |BUILD RESULTS: |[glibc] |PASS: qemuarm |PASS: qemuarm64 |PASS: qemuarmv5 |PASS: qemuloongarch64 |PASS: qemumips |PASS: qemumips64 |PASS: qemuppc |PASS: qemuppc64 |PASS: qemuriscv32 |PASS: qemuriscv64 |PASS: qemux86-64 |PASS: qemux86 |[musl] |PASS: qemuarm |PASS: qemuarm64 |PASS: qemuarmv5 |FAIL: qemuloongarch64 |PASS: qemumips |PASS: qemumips64 |PASS: qemuppc |PASS: qemuppc64 |PASS: qemuriscv32 |PASS: qemuriscv64 |PASS: qemux86-64 |PASS: qemux86 |=============== |PASSED: 23 |FAILED: 1 Reproducibility OK: |2025-12-12 14:18:33,082 - oe-selftest - INFO - Adding: "include selftest.inc" in /home/tgamblin/workspace/yocto/openembedded-core/build-st/conf/local.conf |2025-12-12 14:18:33,082 - oe-selftest - INFO - Adding: "include bblayers.inc" in bblayers.conf |2025-12-12 14:18:33,083 - oe-selftest - INFO - test_reproducible_builds (reproducible.ReproducibleTests.test_reproducible_builds) |2025-12-12 14:19:11,420 - oe-selftest - INFO - Building reproducibleA (sstate allowed)... |2025-12-12 14:23:50,788 - oe-selftest - INFO - Building reproducibleB-extended (sstate NOT allowed)... |2025-12-12 14:45:12,673 - oe-selftest - INFO - Checking deb packages for differences... |2025-12-12 14:45:13,888 - oe-selftest - INFO - Reproducibility summary for deb: same=2261 different=0 different_excluded=0 missing=0 total=2261 |unused_exclusions=[] |2025-12-12 14:45:13,888 - oe-selftest - INFO - Checking ipk packages for differences... |2025-12-12 14:45:15,874 - oe-selftest - INFO - Reproducibility summary for ipk: same=2261 different=0 different_excluded=0 missing=0 total=2261 |unused_exclusions=[] |2025-12-12 14:45:15,875 - oe-selftest - INFO - Checking rpm packages for differences... |2025-12-12 14:45:17,945 - oe-selftest - INFO - Reproducibility summary for rpm: same=2261 different=0 different_excluded=0 missing=0 total=2261 |unused_exclusions=[] |2025-12-12 14:45:17,946 - oe-selftest - INFO - ... ok |2025-12-12 14:46:22,556 - oe-selftest - INFO - ---------------------------------------------------------------------- |2025-12-12 14:46:22,556 - oe-selftest - INFO - Ran 1 test in 1670.130s |2025-12-12 14:46:22,556 - oe-selftest - INFO - OK |2025-12-12 14:46:25,595 - oe-selftest - INFO - RESULTS: |2025-12-12 14:46:25,595 - oe-selftest - INFO - RESULTS - reproducible.ReproducibleTests.test_reproducible_builds: PASSED (1604.86s) |2025-12-12 14:46:27,441 - oe-selftest - INFO - SUMMARY: |2025-12-12 14:46:27,441 - oe-selftest - INFO - oe-selftest () - Ran 1 test in 1670.130s |2025-12-12 14:46:27,441 - oe-selftest - INFO - oe-selftest - OK - All required tests passed (successes=1, skipped=0, failures=0, errors=0) ptests look OK: |== Tests result: SUCCESS == | |28 tests skipped: | test.test_asyncio.test_windows_events | test.test_asyncio.test_windows_utils test.test_gdb.test_backtrace | test.test_gdb.test_cfunction test.test_gdb.test_cfunction_full | test.test_gdb.test_misc test.test_gdb.test_pretty_print | test_android test_apple test_asdl_parser test_clinic test_devpoll | test_free_threading test_generated_cases test_idle test_kqueue | test_launcher test_msvcrt test_startfile test_tcl test_tkinter | test_ttk test_ttk_textonly test_turtle test_winapi | test_winconsoleio test_winreg test_wmi | |8 tests skipped (resource denied): | test_curses test_peg_generator test_smtpnet test_socketserver | test_urllib2net test_urllibnet test_winsound test_zipfile64 | |455 tests OK. | |Total duration: 3 min 45 sec |Total tests: run=46,462 skipped=2,384 |Total test files: run=483/491 skipped=28 resource_denied=8 |Result: SUCCESS |DURATION: 225 |END: /usr/lib/python3/ptest |2025-12-12T19:14 |STOP: ptest-runner |TOTAL: 1 FAIL: 0 Signed-off-by: Trevor Gamblin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 0df84b2549 --------------------------- python_pep517: add --prefix to nativepython3 call With Python 3.14, the default assumptions about install path in python_pep517 no longer seem to apply, and as a result we see QA errors during Python package builds like: |ERROR: python3-unittest-automake-output-0.3-r0 do_package: QA Issue: python3-unittest-automake-output: Files/directories were installed but not shipped in any package: | /home | /home/tgamblin | /home/tgamblin/workspace | /home/tgamblin/workspace/yocto | /home/tgamblin/workspace/yocto/openembedded-core | /home/tgamblin/workspace/yocto/openembedded-core/build | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3 | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14 | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao-0.3.dist-info | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/__init__.py | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/pytest.py | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/unittest | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/__pycache__ | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/unittest/__init__.py | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/unittest/__main__.py | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/unittest/__pycache__ | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/unittest/__pycache__/__init__.cpython-314.pyc | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/unittest/__pycache__/__main__.cpython-314.pyc | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/__pycache__/__init__.cpython-314.pyc | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao/__pycache__/pytest.cpython-314.pyc | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao-0.3.dist-info/entry_points.txt | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao-0.3.dist-info/WHEEL | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao-0.3.dist-info/METADATA | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao-0.3.dist-info/licenses | /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/python3-unittest-automake-output/0.3/recipe-sysroot-native/usr/lib/python3.14/site-packages/putao-0.3.dist-info/licenses/LICENSE |Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. |python3-unittest-automake-output: 34 installed and not shipped files. [installed-vs-shipped] We need to add the --prefix flag to the nativepython3 call so that it avoids using the native Python's sysconfig prefix. Signed-off-by: Trevor Gamblin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: bbef3eb5e4 --------------------------- python3targetconfig: export _PYTHON_PROJECT_BASE See: https://github.com/python/cpython/commit/2950bc50af8f As of 3.14.0, Python's sysconfig module looks for _PYTHON_PROJECT_BASE to be set when cross-compiling, or otherwise it'll find and use the native interpreter's paths when calling get_path() and filling out _CONFIG_VARS. Set _PYTHON_PROJECT_BASE to "${B}" in python3targetconfig's setup_target_config() to help avoid issues with incorrect paths in rpm and other recipes that depend on this class. Signed-off-by: Trevor Gamblin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 56318067ab --------------------------- python3: upgrade 3.13.11 -> 3.14.0 Changelog: https://docs.python.org/3.14/whatsnew/changelog.html#python-3-14-0-final - Recipe changes: - Remove '0001-Generate-data-for-OpenSSL-3.4-and-add-it-to-multissl.patch' as this fix was submitted upstream and is included in 3.14.0. - Modify three existing patches to apply on 3.14.0: - 0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch - 0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch - 0001-test_active_children-skip-problematic-test.patch - Add three new ptest skip patches: - 0001-test_cmd-skip-bang-completion-test.patch - editline issues with tab completion off of bangs (!). - 0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch - change in curses dependency in PyREPL leads to issues with a test that expects the ICH1 terminal capability. - 0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch - OE builds customize prefixes and compiler flags in a way that the test doesn't expect. - Add zstd to the DEPENDS since Python3 now provides support for the Zstandard compression standard. - In py_package_preprocess(), handle reproducibility issues with the _sysconfig_vars*.json files that the build generates by stripping paths from them. Modify python3-manifest.json to reflect the removal/replacement of stringold with a new string module directory. Also update python3-dir Python version to 3.14. Reproducibility looks OK: |2025-12-03 17:23:39,179 - oe-selftest - INFO - Reproducibility summary for deb: same=2261 different=0 different_excluded=0 missing=0 total=2261 |unused_exclusions=[] |2025-12-03 17:23:39,179 - oe-selftest - INFO - Checking ipk packages for differences... |2025-12-03 17:23:41,631 - oe-selftest - INFO - Reproducibility summary for ipk: same=2261 different=0 different_excluded=0 missing=0 total=2261 |unused_exclusions=[] |2025-12-03 17:23:41,631 - oe-selftest - INFO - Checking rpm packages for differences... |2025-12-03 17:23:43,952 - oe-selftest - INFO - Reproducibility summary for rpm: same=2261 different=0 different_excluded=0 missing=0 total=2261 |unused_exclusions=[] |2025-12-03 17:23:43,952 - oe-selftest - INFO - ... ok |2025-12-03 17:24:32,829 - oe-selftest - INFO - ---------------------------------------------------------------------- |2025-12-03 17:24:32,830 - oe-selftest - INFO - Ran 1 test in 1616.811s |2025-12-03 17:24:32,830 - oe-selftest - INFO - OK |2025-12-03 17:24:36,170 - oe-selftest - INFO - RESULTS: |2025-12-03 17:24:36,170 - oe-selftest - INFO - RESULTS - reproducible.ReproducibleTests.test_reproducible_builds: PASSED (1567.51s) |2025-12-03 17:24:38,017 - oe-selftest - INFO - SUMMARY: |2025-12-03 17:24:38,017 - oe-selftest - INFO - oe-selftest () - Ran 1 test in 1616.811s |2025-12-03 17:24:38,018 - oe-selftest - INFO - oe-selftest - OK - All required tests passed (successes=1, skipped=0, failures=0, errors=0) ptests look OK (with new skips): |== Tests result: SUCCESS == | |28 tests skipped: | test.test_asyncio.test_windows_events | test.test_asyncio.test_windows_utils test.test_gdb.test_backtrace | test.test_gdb.test_cfunction test.test_gdb.test_cfunction_full | test.test_gdb.test_misc test.test_gdb.test_pretty_print | test_android test_apple test_asdl_parser test_clinic test_devpoll | test_free_threading test_generated_cases test_idle test_kqueue | test_launcher test_msvcrt test_startfile test_tcl test_tkinter | test_ttk test_ttk_textonly test_turtle test_winapi | test_winconsoleio test_winreg test_wmi | |8 tests skipped (resource denied): | test_curses test_peg_generator test_smtpnet test_socketserver | test_urllib2net test_urllibnet test_winsound test_zipfile64 | |455 tests OK. | |Total duration: 3 min 5 sec |Total tests: run=46,110 skipped=2,364 |Total test files: run=483/491 skipped=28 resource_denied=8 |Result: SUCCESS |DURATION: 186 |END: /usr/lib/python3/ptest |2025-12-04T00:20 |STOP: ptest-runner |TOTAL: 1 FAIL: 0 buildall-qemu result: BUILDALL-QEMU LOG FOR python3 START TIME: 2025-12-03_10:08:36 HOSTNAME: megalith HOST OS: Fedora Linux 43 (Server Edition) HOST KERNEL: 6.17.8-300.fc43.x86_64 =============== BUILD RESULTS: [glibc] PASS: qemuarm PASS: qemuarm64 PASS: qemuarmv5 PASS: qemuloongarch64 PASS: qemumips PASS: qemumips64 PASS: qemuppc PASS: qemuppc64 PASS: qemuriscv32 PASS: qemuriscv64 PASS: qemux86-64 PASS: qemux86 [musl] PASS: qemuarm PASS: qemuarm64 PASS: qemuarmv5 FAIL: qemuloongarch64 PASS: qemumips PASS: qemumips64 PASS: qemuppc PASS: qemuppc64 PASS: qemuriscv32 PASS: qemuriscv64 PASS: qemux86-64 PASS: qemux86 =============== PASSED: 23 FAILED: 1 License-Update: Update copyright example in body Signed-off-by: Trevor Gamblin Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: bb4e0f4ae3 --------------------------- orc: upgrade 0.4.41 -> 0.4.42 1.Changelog - Initial 64-bit RISC-V support (Maksymilian Knust, Filip Wasil) - Add 64-bit LoongArch support (Jin Bo, Hecai Yuan) - Implement release and reuse of temporary registers for some targets (Jorge Zapata) - x86: Implement EVEX encoding and an opcode validation system (Jorge Zapata) - x86: Opcode refactor, improved constant handling and various other fixes (Jorge Zapata) - x86: add missing rounding operands for AVX and SSE (L. E. Segovia) - x86: Implement 64-bit single move constant load (L. E. Segovia) - includes: stop exporting the private compiler and OrcTarget definitions (Jorge Zapata) - Use hotdoc instead of gtk-doc to generate the documentation (Jorge Zapata) - ORC_DEBUG_FATAL environment variable allows abort on log messages of a certain level (Carlos Falgueras García) - Error message improvements and NEON backend clean-ups (Alexander Slobodeniuk) - Fix a few valgrind issues (Doug Nazar) - Build: enable tools such as orcc and orc-bugreport by default (Nirbheek Chauhan) - Various build fixes (L. E. Segovia, Sebastian Dröge) 2.Documentation are no longer built with gtk_doc, it was replaced by hotdoc. https://gitlab.freedesktop.org/gstreamer/orc/-/commit/0ad1f5884c654b614cf1ddd114a7ec9140311a3a This means documentation will no longer be built in the recipe or packaged in the output packages. Signed-off-by: Liu Yiding Signed-off-by: Richard Purdie --------------------------- Commit: 80d567b560 --------------------------- webkitgtk: upgrade 2.50.0 -> 2.50.4 Refresh patches - 0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch - 0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch - 0001-Fix-build-errors-on-RISCV-https-bugs.webkit.org-show.patch - fix-ftbfs-riscv64.patch - reproducibility.patch - sys_futex.patch - t6-not-declared.patch Drop backport fix-musl-compilation.patch which already exists in 2.50.4 Signed-off-by: Alexander Kanavin - Fix compile failure on qemux86 [1] to drop fix_op_instanceof_handler_for_32-bit_C-loop_build.patch, which conflicts with upstream solution [2] - Fix compile failure on qemuriscv64 ... Source/ThirdParty/skia/modules/skcms/src/Transform_inl.h:810:71: error: cannot tail-call: tail call production failed 810 | DECLARE_STAGE(name, arg, [[clang::musttail]] return (*list.fn)(list, ctx, src, dst, \ | ~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~ 811 | r, g, b, a, i)) | ~~~~~~~~~~~~~~ ... [1] https://autobuilder.yoctoproject.org/valkyrie/#/builders/6/builds/2907 [2] https://github.com/WebKit/WebKit/commit/fcaa289f6015595a638eb96b9f728eaaa7b13ab8 Signed-off-by: Hongxu Jia Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9dd521737c --------------------------- libcap-ng: upgrade 0.8.5 -> 0.9 1. Changelog https://github.com/stevegrubb/libcap-ng/releases/tag/v0.9 2. Drop file://0001-Fix-python-path-when-invoking-py-compile-54.patch as it was merged upstream. 3. Add pkgconfig to solve following configure error: ../sources/libcap-ng-0.9/configure: line 14862: syntax error near unexpected token `LIBBPF,libbpf,' ../sources/libcap-ng-0.9/configure: line 14862: `PKG_CHECK_MODULES(LIBBPF,libbpf,' Signed-off-by: Liu Yiding Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 719713495e --------------------------- seatd: upgrade 0.9.1 -> 0.9.2 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: a04e457111 --------------------------- repo: upgrade 2.60.1 -> 2.61 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 7216e43410 --------------------------- python3-websockets: upgrade 15.0.1 -> 16.0 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 70824a1757 --------------------------- python3-urllib3: upgrade 2.6.2 -> 2.6.3 Changelog: ========== - Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. - Started treating Retry-After times greater than 6 hours as 6 hours by default. - Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 794c97ac16 --------------------------- python3-pdm: upgrade 2.26.2 -> 2.26.4 Changelog: =========== - Make sure cursor closing for fixing PyPy different gc mode also add PyPy in CI. - Fix a bug that old HTTP cache directories cause PDM to crash when trying to clear them. - Port to hishel 1.0.0. - Update .gitignore file in the default template. - Correct the sysconfig variables for Python standalone build installations. - Ignore packages.vcs.requested-revision if it's None when formatting pylock.toml. - Fix test failures with uv test cases using non-venv Python interpreters. Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 8f40d6de4f --------------------------- python3-pathspec: upgrade 0.12.1 -> 1.0.3 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 5abcf2f258 --------------------------- python3-jsonschema: upgrade 4.25.1 -> 4.26.0 Changelog: Decrease import time by delaying importing of urllib.request Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 6b4748800c --------------------------- python3-build: upgrade 1.3.0 -> 1.4.0 Changelog: =========== - Add --quiet flag - Add option to dump PEP 517 metadata with --metadata - Support UV environment variable - Remove a workaround for 3.14b1 - In 3.14 final release, color defaults to True already - Pass sp-repo-review - In pytest configuration, log_level is better than log_cli_level - Split up typing and mypy - Use types-colorama - In docs, first argument for _has_dependency is a name - Fix test failure when flit-core is installed Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 03b4b9a729 --------------------------- libtasn1: upgrade 4.20.0 -> 4.21.0 Changelog: ============= - Undocumented asn1Decoding --debug flag removed - Code coverage for src/ went from 35% to 82% - Fix of ASN.1 typo in manual - NEWS renamed to NEWS.md and uses markdown syntax. - Update gnulib files and various build/maintenance fixes. - Fix for vulnerability CVE-2025-13151 Stack-based buffer overflow Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: d24cb054b1 --------------------------- libnotify: upgrade 0.8.7 -> 0.8.8 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 32c566a7fa --------------------------- ifupdown: upgrade 0.8.44 -> 0.8.45 License-Update: Fix 'old-fsf-address-in-copyright-file' lintian warning Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 2b3d184990 --------------------------- hwdata: upgrade 0.402 -> 0.403 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 5e0cba155e --------------------------- alsa-utils: upgrade 1.2.15.1 -> 1.2.15.2 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: fbc408fa26 --------------------------- alsa-ucm-conf: upgrade 1.2.15.1 -> 1.2.15.2 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: ee269c3a23 --------------------------- alsa-lib: upgrade 1.2.15.1 -> 1.2.15.2 Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 5a36c58f73 --------------------------- linux-yocto/6.18: arm: fix defconfig configuration audit warning Integrating the following commit(s) to linux-yocto/6.18: 1/1 [ Author: Mikko Rapeli Email: mikko.rapeli@linaro.org Subject: arm64: defconfig: remove SLIM_QCOM_CTRL Date: Tue, 23 Dec 2025 16:06:45 +0200 It has been removed by commit 7cbba32a2d62 ("slimbus: qcom: remove unused qcom controller driver") Fixes: 7cbba32a2d62 ("slimbus: qcom: remove unused qcom controller driver") Reviewed-by: Krzysztof Kozlowski Signed-off-by: Mikko Rapeli Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 621db0e343 --------------------------- linux-yocto/6.12: update CVE exclusions (6.12.64) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 21 changes (3 new | 18 updated): - 3 new CVEs: CVE-2026-22200, CVE-2026-22784, CVE-2026-22785 - 18 updated CVEs: CVE-2025-12379, CVE-2025-13393, CVE-2025-63314, CVE-2025-66689, CVE-2025-68276, CVE-2025-68468, CVE-2025-68471, CVE-2025-68472, CVE-2025-68622, CVE-2025-68656, CVE-2025-68657, CVE-2025-69169, CVE-2025-8110, CVE-2026-0674, CVE-2026-0676, CVE-2026-0822, CVE-2026-21858, CVE-2026-22251 Date: Mon, 12 Jan 2026 18:46:34 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: dbba15426a --------------------------- linux-yocto/6.12: update to v6.12.64 Updating linux-yocto/6.12 to the latest korg -stable release that comprises the following commits: 1a4a7249e794 Linux 6.12.64 c8cdc025a6d2 block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() 51297686e00f iomap: allocate s_dio_done_wq for async reads as well b1671989173d mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() 7ca5ed830df4 mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() d13c133704a6 mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() ce19b1716361 vfio/pci: Disable qword access to the PCI ROM bar 527a73d111a6 media: amphion: Remove vpu_vb_is_codecconfig 915775d03710 media: amphion: Make some vpu_v4l2 functions static ce6f2d63edcd media: amphion: Add a frame flush mode for decoder b92c19675f63 media: mediatek: vcodec: Use spinlock for context list protection lock a219c54a15c4 powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages 1d71d509b413 mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() 451b0ed48e1f mm/balloon_compaction: we cannot have isolated pages in the balloon list 38aa6ca6285f PCI: brcmstb: Fix disabling L0s capability b4e2b74f6978 PCI: brcmstb: Set MLW based on "num-lanes" DT property if present 8d185636a629 PCI: brcmstb: Reuse pcie_cfg_data structure ebdbe19336f2 ASoC: renesas: rz-ssi: Fix rz_ssi_priv::hw_params_cache::sample_width 985131a81ef6 ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime 28b2ec0662a8 soundwire: stream: extend sdw_alloc_stream() to take 'type' parameter 2cd2003f7b36 block: handle zone management operations completions 1fe39f503041 ASoC: renesas: rz-ssi: Fix channel swap issue in full duplex mode f5b7f49bd237 gve: defer interrupt enabling until NAPI registration d579cc549298 hrtimers: Make hrtimer_update_function() less expensive 6b60113d7702 idpf: remove obsolete stashing code a7a7bff258e1 idpf: stop Tx if there are insufficient buffer resources e3e11c9db165 idpf: replace flow scheduling buffer ring with buffer pool 702c417b5719 idpf: simplify and fix splitq Tx packet rollback error path 2d799d58d402 idpf: improve when to set RE bit logic e8f9e3ec17a2 idpf: add support for Tx refillqs in flow scheduling mode b82cc442aa53 idpf: trigger SW interrupt when exiting wb_on_itr mode f2a43c70e517 idpf: add support for SW triggered interrupts d7d4c3884c99 wifi: mt76: mt7925: add handler to hif suspend/resume event cce9746046c9 wifi: mt76: mt7925: fix CLC command timeout when suspend/resume 08c5a901fdf0 wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend 620f9d7bcf77 media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio adcef72bc9bc x86/microcode/AMD: Select which microcode patch to load 6be62c78aed5 tty: fix tty_port_tty_*hangup() kernel-doc 70390c48d6eb serial: core: Fix serial device initialization d1944bab8e0c usbnet: Fix using smp_processor_id() in preemptible code warnings 5d1be493d111 net: use dst_dev_rcu() in sk_setup_caps() 8e8d6bf68633 ipv6: adopt dst_dev() helper 1e28e7701b10 net: ipv6: ioam6: use consistent dst names 8355eea2a2e9 drm/panthor: Flush shmem writes before mapping buffers CPU-uncached 31ff67982c5f md/raid10: wait barrier before returning discard request with REQ_NOWAIT 4ab2cd906e4e netfilter: nft_ct: add seqadj extension for natted connections f21e4cc4a6ba gpiolib: acpi: Add quirk for Dell Precision 7780 8b822b35ac6e gpiolib: acpi: Add quirk for ASUS ProArt PX13 c1af28f23ab2 gpiolib: acpi: Add a quirk for Acer Nitro V15 b2023685b2de gpiolib: acpi: Move quirks to a separate file 134d014bc64f gpiolib: acpi: Add acpi_gpio_need_run_edge_events_on_boot() getter 7d76825dcd8a gpiolib: acpi: Handle deferred list via new API c53dffad8607 gpiolib: acpi: Switch to use enum in acpi_gpio_in_ignore_list() d01cdf642524 f2fs: fix to propagate error from f2fs_enable_checkpoint() 341f6a26bfa9 f2fs: dump more information for f2fs_{enable,disable}_checkpoint() 621dc9eb90a5 f2fs: add timeout in f2fs_enable_checkpoint() cccd92ec7e34 f2fs: clear SBI_POR_DOING before initing inmem curseg fdca9bfd6206 serial: xilinx_uartps: fix rs485 delay_rts_after_send 589ec2d37e38 serial: xilinx_uartps: Use helper function hrtimer_update_function() 12493e7e888d hrtimers: Introduce hrtimer_update_function() f548c5ebe656 drm/displayid: add quirk to ignore DisplayID checksum errors d4dd6694d102 sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() 44273abc2fea sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() a3b7eb67225c tpm2-sessions: Fix tpm2_read_public range checks aa85f48dfc55 block: freeze queue when updating zone resources 65484682b1b0 ARM: dts: microchip: sama7g5: fix uart fifo size to 32 5f140b525180 svcrdma: bound check rq_pages index in inline path 6673d1d818f0 mm/ksm: fix exec/fork inheritance support for prctl 984dc07404e2 mptcp: pm: ignore unknown endpoint flags 2494b4d8a1ba serial: core: Restore sysfs fwnode information 1060180f3619 serial: core: fix OF node leak 0bf1a02494c7 f2fs: fix to avoid updating compression context during writeback 5796c5382101 f2fs: drop inode from the donation list when the last file is closed 1eb0b130196b f2fs: use global inline_xattr_slab instead of per-sb slab cache baf1a27e5664 f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() e750e2f2a2dd xhci: dbgtty: fix device unregister: fixup 2299e3ba1247 tty: introduce and use tty_port_tty_vhangup() helper 686e3762980f jbd2: fix the inconsistency between checksum and data in memory for journal sb e61f636cc310 sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks 5b9cc2bbde85 erofs: fix unexpected EIO under memory pressure bddd95054e33 sched/eevdf: Fix min_vruntime vs avg_vruntime c8d4f4c2528b btrfs: don't rewrite ret from inode_permission a94048d99318 gfs2: fix freeze error handling 7578200fa923 lib/crypto: riscv/chacha: Avoid s0/fp register 8a8c1e06c838 drm/imagination: Disallow exporting of PM/FW protected objects 64e39e3806bf drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb 24d55ac8e31d drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer 471baae774a3 drm/msm/dpu: Add missing NULL pointer check for pingpong interface 700cd81dc5af drm/xe: Drop preempt-fences when destroying imported dma-bufs. dd3278ebfc04 drm/xe: Use usleep_range for accurate long-running workload timeslicing d420cea5199a drm/xe: Adjust long-running workload timeslices to reasonable values 641797734d07 drm/xe/oa: Disallow 0 OA property values 4f26159adc9c drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table 106af2a55b85 drm/mgag200: Fix big-endian support 5a81095d3e1b drm/ttm: Avoid NULL pointer deref for evicted BOs a742fa0aa216 drm/i915: Fix format string truncation warning f9465376fe19 drm/amdkfd: Trap handler support for expert scheduling mode b5971d0cc503 drm/amdkfd: bump minimum vgpr size for gfx1151 df130b75e955 drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace 3eb34432ea94 drm/mediatek: Fix probe device leaks 49ec28aaa334 drm/mediatek: Fix probe memory leak bd5ce36c4181 drm/mediatek: Fix probe resource leaks 27e44ca6465e drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() c6d30b65b7a4 drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() 5c831abdf742 drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident 0a82fb3f5827 drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() 6417428ce5da drm/buddy: Separate clear and dirty free block trees 1b339b19eec2 drm/buddy: Optimize free block management with RB tree e317afd8db9e drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers 5fc5506edfe0 drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling 2ba843759a3a drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma c0cd4bfb729b drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling f9a4ec64a626 Revert "drm/amd: Skip power ungate during suspend for VPE" f5c055c28415 net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() 8fc4632fb508 net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write 96634d108a17 net: usb: sr9700: fix incorrect command used to write single register cb0255265fa0 nfsd: Drop the client reference in client_states_open() 0d666db731e9 LoongArch: BPF: Sign extend kfunc call arguments fcaafcc27ba5 LoongArch: BPF: Zero-extend bpf_tail_call() index bb92a3af3ce5 LoongArch: Refactor register restoration in ftrace_common_return 73feae0c71bd fjes: Add missing iounmap in fjes_hw_init() 26c8bebc2f25 e1000: fix OOB in e1000_tbi_should_accept() 5cb34bb5fd72 RDMA/cm: Fix leaking the multicast GID table reference acadd4097d25 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly c9d0f5a18bd7 samples/ftrace: Adjust LoongArch register restore order in direct calls 2197c4c6bda5 tools/mm/page_owner_sort: fix timestamp comparison for stable sorting 802934da00a8 x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo 7fbea59f737e mm/page_owner: fix memory leak in page_owner_stack_fops->release() 36cdde5c28c9 idr: fix idr_alloc() returning an ID out of range 181bb6766762 lockd: fix vfs_test_lock() calls 365178de51ac kasan: unpoison vms[area] addresses with a common tag c00ca876e073 kasan: refactor pcpu kasan vmalloc unpoison 69676792c23f mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN 3d2c0eb67819 compiler_types.h: add "auto" as a macro for "__auto_type" a4a4599b9164 pmdomain: imx: Fix reference count leak in imx_gpc_probe() 365cd49669a6 mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() ffec0aa4750f mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() e74033baf900 mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() b4993197d6cb mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() 360077a2aa33 mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() 62d66eb0ce63 mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() 4ec993020fb5 mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() 9d6f085d5ec1 mm/damon/tests/core-kunit: handle memory failure from damon_test_target() 19b20ac8b4c5 mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() 24d20b65e36f mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() de18eec7420f mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() 5574c977b5cb mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() 8a2944f5a54f mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() f4d24ea32f49 LoongArch: Use unsigned long for _end and _text 6d5ec5a2b2b9 LoongArch: Use __pmd()/__pte() for swap entry conversions caffc71aad48 LoongArch: Fix build errors for CONFIG_RANDSTRUCT c26d621b3ebb LoongArch: Correct the calculation logic of thread_count 553e8f9e1845 LoongArch: Add new PCI ID for pci_fixup_vgadev() 1dcb2f27efb2 media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() 59f8c23f2bc2 media: i2c: adv7842: Remove redundant cancel_delayed_work in probe 4f58e5cddcb5 media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe b7ef6b263cf9 media: amphion: Cancel message work before releasing the VPU core 6d0e77882c4c media: vpif_display: fix section mismatch 51fe47b112d2 media: vpif_capture: fix section mismatch 29aaec521e54 media: videobuf2: Fix device reference leak in vb2_dc_alloc error path 3d0ec859e009 media: verisilicon: Protect G2 HEVC decoder against invalid DPB index 3680da86c180 media: TDA1997x: Remove redundant cancel_delayed_work in probe d2f8e900e676 media: samsung: exynos4-is: fix potential ABBA deadlock on init 2844c564a065 media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled db4d27e6bbbf media: platform: mtk-mdp3: fix device leaks at probe 634a5a133ac2 media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() 44aedcb25125 media: cec: Fix debugfs leak on bus_register() failure a135dfe84a58 fbdev: tcx.c fix mem_map to correct smem_start offset b58f85225be0 fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing 77c8170a62f8 fbdev: gbefb: fix to use physical address instead of dma address 1e1104eb8aa2 dm-bufio: align write boundary on physical block size 857876418308 dm-ebs: Mark full buffer dirty even on partial write e914da9be061 firmware: stratix10-svc: Add mutex in stratix10 memory management 60dde0960e3e media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() bfa153eae8da powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION 92686ff2e857 perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error 2aa65e353fb5 parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() 5e38e72dbcdc parisc: entry.S: fix space adjustment on interruption for 64-bit userspace dced78b91861 mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips bce08eb15115 mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips ea3ccb6ed0e8 mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips 528bad89e963 mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips dc99e18fe52f mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips 80c502df26c4 mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips 846ceb1a9446 mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions add7da91ccf4 media: verisilicon: Fix CPU stalls on G2 bus error db7ab3323846 media: rc: st_rc: Fix reset control resource leak 8dda29c9950b mfd: max77620: Fix potential IRQ chip conflict when probing two devices 9b9e152a87ca mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup eb1f3a6ab3ef clk: samsung: exynos-clkout: Assign .num before accessing .hws 777a1ddeb915 block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs 407f9bd00585 leds: leds-lp50xx: Enable chip before any communication 5c02ebdf24ee leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs 5b0ceb3ee343 leds: leds-lp50xx: Allow LED 0 to be added to module bank ffdec4686eae leds: leds-cros_ec: Skip LEDs without color components 895123c309a3 powerpc/64s/slb: Fix SLB multihit issue during SLB preload acba48ba51bc powerpc, mm: Fix mprotect on book3s 32-bit 3968852076ed arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator 40fa3b520171 PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths 47d1f7e78592 fgraph: Check ftrace_pids_enabled on registration for early filtering cad08168f139 fgraph: Initialize ftrace_ops->private for function graph ops f1d629bda89d HID: logitech-dj: Remove duplicate error logging c2c3f1a3fd74 iommu: disable SVA when CONFIG_X86 is set 9f620cf7496f iommu/tegra: fix device leak on probe_device() 2deb48f25b91 iommu/sun50i: fix device leak on of_xlate() 5b696fd46ffe iommu/qcom: fix device leak on of_xlate() f1a8835964f4 iommu/omap: fix device leaks on probe_device() df5b0080583e iommu/mediatek: fix device leak on of_xlate() 9d90e4e8986b iommu/mediatek-v1: fix device leaks on probe() 11cd45ac86fb iommu/mediatek-v1: fix device leak on probe_device() 4287295758f4 iommu/ipmmu-vmsa: fix device leak on of_xlate() 480f40ba50f1 iommu/exynos: fix device leak on of_xlate() c2e050e7872c iommu/apple-dart: fix device leak on of_xlate() 1970ddf9f70d iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() 168d50e1d82b iommu/amd: Fix pci_segment memleak in alloc_pci_segment() cfcd57cc9e5c ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. 0eb81013e47d ASoC: qcom: q6adm: the the copp device only during last instance cc1a9a33a90b ASoC: qcom: q6asm-dai: perform correct state check before closing 488643e5605d ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr 60ffd2bc1997 ASoC: codecs: lpass-tx-macro: fix SM6115 support bae74771fc5d ASoC: stm32: sai: fix OF node leak on probe 27cae2a7fe06 ASoC: stm32: sai: fix clk prepare imbalance on probe failure c908cde32dc2 ASoC: stm32: sai: fix device leak on probe c69790a51b52 ASoC: codecs: wcd939x: fix regmap leak on probe failure b56476d8e9d1 ntfs: Do not overwrite uptodate pages b6f446e12e69 selftests/ftrace: traceonoff_triggers: strip off names 9eb1ee1f2acb blk-mq: skip CPU offline notify on unmapped hctx 29abf51fdf77 RDMA/bnxt_re: fix dma_free_coherent() pointer ff552378e80d RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation 676907004256 ksmbd: Fix memory leak in get_file_all_info() 20597b7229ae md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() d9118a67547f md: Fix static checker warning in analyze_sbs 8f2f65ee99f7 RDMA/bnxt_re: Fix to use correct page size for PDE table e7f29946157a RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send 20436f2742a9 RDMA/core: always drop device refcount in ib_del_sub_device_and_put() 116a7a351dce RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() 33834f51220e RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() 580edee9f39d RDMA/efa: Remove possible negative shift bf197c7c79ef RDMA/irdma: avoid invalid read in irdma_net_event 1dc33ad08673 ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT b409ba9e1e63 net: rose: fix invalid array index in rose_kill_by_device() ee4183501ea5 ipv4: Fix reference count leak when using error routes with nexthop objects bf3709738d8a ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() 45ee0462b883 net: stmmac: fix the crash issue for zero copy XDP_TX action aa743b0d9844 octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" db4c26adf711 platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing a09b30ddd4ae vfio/pds: Fix memory leak in pds_vfio_dirty_enable() 18b6574d4c64 net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct 98a12c2547a4 net: usb: asix: validate PHY address before use 2c39c0b6de01 kbuild: fix compilation of dtb specified on command-line without make rule b37927e834bb net: dsa: b53: skip multicast entries for fdb_dump() 5934f280ac57 firewire: nosy: Fix dma_free_coherent() size 00fe09364caf genalloc.h: fix htmldocs warning 36561b86cb25 smc91x: fix broken irq-context in PREEMPT_RT 68f66d67d8d5 selftests: net: fix "buffer overflow detected" for tap.c 6492ad6439ff net: usb: rtl8150: fix memory leak on usb_submit_urb() failure 9842946cdab6 amd-xgbe: reset retries and mode on RX adapt failures 8f25951a891f net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() 107d245f84cb team: fix check for port enabled in team_queue_override_port_prio_changed() d95544ee2bd6 platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic b1718c819ffa platform/x86: msi-laptop: add missing sysfs_remove_group() 70984f8717ef platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names 5fe210533e34 ip6_gre: make ip6gre_header() robust 5116f61ab118 net: openvswitch: Avoid needlessly taking the RTNL on vport destroy 72bc82bd1cdb net: mdio: aspeed: add dummy read to avoid read-after-write issue 1e54c19eaf84 Bluetooth: btusb: revert use of devm_kzalloc in btusb ccbb96434d88 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt 655fdbcbbf00 idpf: reduce mbx_task schedule delay to 300us f36de3045d00 iavf: fix off-by-one issues in iavf_config_rss_reg() 550664e83989 i40e: validate ring_len parameter against hardware-specific values 9fe48a3c9ddd i40e: fix scheduling in set_rx_mode d12d193fe1e4 wifi: mac80211: do not use old MBSSID elements 0c67efb56d04 wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() 9765d6eb8298 wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() 1f8ae2e99a9d wifi: rtw88: limit indirect IO under powered off for RTL8822CS fbba8b00bbe4 fuse: fix readahead reclaim deadlock 1ef70a0b104a iommu/mediatek: fix use-after-free on probe deferral 34cd26b1d86d x86/msi: Make irq_retrigger() functional for posted MSI 94f03afbb771 ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 96221a072d5d hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU a9fb6e8835a2 hwmon: (w83791d) Convert macros to functions to avoid TOCTOU 5596f3eb41b4 hwmon: (max6697) fix regmap leak on probe failure 2aa6eb6666af hwmon: (max16065) Use local variable to avoid TOCTOU a5f4cfd2f2df interconnect: qcom: sdx75: Drop QPIC interconnect and BCM nodes 36f3cc056dd8 i2c: amd-mp2: fix reference leak in MP2 PCI device 85d7acd41381 platform/x86: intel: chtwc_int33fe: don't dereference swnode args fcab5c2672f8 rpmsg: glink: fix rpmsg device leak 5c8f2499c5e1 soc: amlogic: canvas: fix device leak on lookup eb0df8cf030e soc: apple: mailbox: fix device leak on lookup 90e176b3e791 soc: qcom: ocmem: fix device leak on lookup b38487a29e12 soc: qcom: pbs: fix device leak on lookup caf1e989f56e soc: samsung: exynos-pmu: fix device leak on regmap lookup 8b497efd6bf2 tracing: Fix fixed array of synthetic event f65555032246 virtio: vdpa: Fix reference count leak in octep_sriov_enable() 24a58ffc444c amba: tegra-ahb: Fix device leak on SMMU enable f0cab88ff870 crypto: caam - Add check for kcalloc() in test_len() 5a4b65523608 crypto: af_alg - zero initialize memory allocated via sock_kmalloc 4398797b3aa1 dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets 2c29bc88f221 dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets e48e50bec7b6 dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets bf6738307d15 dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets c83b7222e193 dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets 51e075834cc4 dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets 3e911a40ac5d dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets b71781f41cff arm64: Revamp HCR_EL2.E2H RES1 detection 84e5006115cb KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu() cdd6fb56e93f KVM: arm64: Initialize HCR_EL2.E2H early debfbc047196 sched/rt: Fix race in push_rt_task 9433ba79c2ec hsr: hold rcu and dev lock for hsr_get_port_ndev f8bb150f228f pinctrl: renesas: rzg2l: Fix ISEL restore on resume 3139828f6b75 ALSA: wavefront: Clear substream pointers on close 04520b4422fd ALSA: wavefront: Use guard() for spin locks e6ba921b1779 ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() 05a609c1e5ed drm/displayid: pass iter to drm_find_displayid_extension() 0f38ce08dde9 drm/amd/display: Fix scratch registers offsets for DCN351 29ff286cd520 drm/amd/display: Fix scratch registers offsets for DCN35 9e7d3b8542d1 drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() 90706235f14d Revert "drm/amd/display: Fix pbn to kbps Conversion" 4ce784e8d223 io_uring: fix min_wait wakeups for SQPOLL c1669c03bfbc io_uring/poll: correctly handle io_poll_add() return value on update a39b53ee7fa5 gpio: regmap: Fix memleak in error path in gpio_regmap_register() b56975f46341 s390/ipl: Clear SBP flag when bootprog is set d478f50727c3 btrfs: don't log conflicting inode if it's a dir moved in the current transaction f0c0a681ffb7 powerpc/kexec: Enable SMT before waking offline CPUs a2c6f25ab98b SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf e8623e9c451e svcrdma: use rc_pageoff for memcpy byte offset adef4a2ff334 svcrdma: return 0 on success from svc_rdma_copy_inline_range 0dacf9ce7954 nfsd: Mark variable __maybe_unused to avoid W=1 build break bf4e671c6515 NFSD: NFSv4 file creation neglects setting ACL fcb8d118e149 NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap 7b82a1d6ae86 net/handshake: restore destructor on submit failure 82f7416bcbd9 fsnotify: do not generate ACCESS/MODIFY events on child for special files 0b7cc0a99035 net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write d60624e909f2 r8169: fix RTL8117 Wake-on-Lan in DASH mode 46cd9c3b67a1 PM: runtime: Do not clear needs_force_resume with enabled runtime PM 3437c775bf20 tracing: Do not register unsupported perf events 1e2d3aa19c79 xfs: fix a UAF problem in xattr repair 561e0756f1bf xfs: fix stupid compiler warning 3a07cb7636cd xfs: fix a memory leak in xfs_buf_item_init() 35ddb0b62400 KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits de39f5a4be13 KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) 3eaa520d282b KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit 4dac2f321e05 KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN 5d018c1eac35 KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation 70487dfde0cc KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN 254d7963badd KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE e746e5194705 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer 5707aaba681d KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() 90d3e9c62a45 KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 359188420175 powerpc: Add reloc_offset() to font bitmap pointer used for bootx_printf() 5d0d8c292531 libceph: make decode_pool() more resilient against corrupted osdmaps 60560d13ff36 parisc: Do not reprogram affinitiy on ASP chip 9ef28943471a scs: fix a wrong parameter in __scs_magic 4701493ba376 platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver 244e4e60e375 KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) e24aedae7165 ocfs2: fix kernel BUG in ocfs2_find_victim_chain a69c7fd603bf media: vidtv: initialize local pointers upon transfer of memory ownership 89dbbe6ff323 KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot 030b9cdcb542 tools/testing/nvdimm: Use per-DIMM device handle 473550e71565 f2fs: fix return value of f2fs_recover_fsync_data() baf461563a8d f2fs: fix uninitialized one_time_gc in victim_sel_policy 19d7ac99e101 f2fs: fix age extent cache insertion skip on counter overflow c89845fae250 f2fs: invalidate dentry cache on failed whiteout creation 4f244c64efe6 f2fs: fix to avoid updating zero-sized extent in extent cache 6c3bab5c6261 f2fs: fix to avoid potential deadlock 3b15d5f12935 f2fs: ensure node page reads complete before f2fs_put_super() finishes 0229d07a7220 scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error 7ae98a3cf428 scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow 0d36db68fdb8 scsi: target: Reset t_task_cdb pointer in error case d0835714042d NFSD: use correct reservation type in nfsd4_scsi_fence_client a41dc180b6e1 scsi: aic94xx: fix use-after-free in device removal path b10ebbfd59a5 scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" 2abf4525593b cpufreq: nforce2: fix reference count leak in nforce2 6e606c2673e9 cpuidle: governors: teo: Drop misguided target residency check 7bcbac8dd76a serial: sh-sci: Check that the DMA cookie is valid 0618fbaf4222 mei: gsc: add dependency on Xe driver ef66e2074130 intel_th: Fix error handling in intel_th_output_open 74883565c621 char: applicom: fix NULL pointer dereference in ac_ioctl 8313323e3e96 usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() d8d17ff57924 usb: dwc3: keep susphy enabled during exit to avoid controller faults 50d0d2239d4b usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe 6bcbffda814e usb: gadget: lpc32xx_udc: fix clock imbalance in error path 5d3df03f7054 usb: phy: isp1301: fix non-OF device reference imbalance 69f9a0701abc usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal 8bd518ea03b8 USB: lpc32xx_udc: Fix error handling in probe 5a338aa9dab3 usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() c062deb480f5 usb: ohci-nxp: fix device leak on probe failure 2a38605427f2 phy: broadcom: bcm63xx-usbh: fix section mismatches 759456cef254 media: pvrusb2: Fix incorrect variable used in trace message fe3e129ab498 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() bbf91bd694fe usb: usb-storage: Maintain minimal modifications to the bcdDevice range. 0ca9fb4335e7 mptcp: avoid deadlock on fallback while reinjecting 9cc0ba7934a9 mptcp: schedule rtx timer only after pushing data e1f1ce0442a4 selftests: mptcp: pm: ensure unknown flags are ignored 1f65b924c5f2 media: v4l2-mem2mem: Fix outdated documentation bd1aff606099 jbd2: use a weaker annotation in journal handling 22ea3cb34dc9 jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key 4f6f4e5a3328 ext4: align max orphan file size with e2fsprogs limit 419812d8e675 ext4: fix incorrect group number assertion in mb_check_buddy 9a424b99d561 ext4: clear i_state_flags when alloc inode 5b154e901fda ext4: xattr: fix null pointer deref in ext4_raw_inode() db9ee13fab02 ext4: fix string copying in parse_apply_sb_mount_options() b69492161c05 tpm: Cap the number of PCR banks 4d1c44cd9823 ktest.pl: Fix uninitialized var in config-bisect.pl 5c7265d31501 fs/ntfs3: fix mount failure for sparse runs in run_unpack() f6dd017bde25 kallsyms: Fix wrong "big" kernel symbol type read from procfs 6458658807c3 floppy: fix for PAGE_SIZE != 4KB 0a65cac1d86e block: rate-limit capacity change info log e768e889561e wifi: mt76: Fix DTS power-limits on little endian systems bfe512fb5b68 s390/dasd: Fix gendisk parent after copy pair swap 129b3bc14901 lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit af225540e7d6 perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() b679e1985dcb mmc: sdhci-msm: Avoid early clock doubling during HS400 transition d0564ab15dda x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems e232269d5115 io_uring: fix filename leak in __io_openat_prep() 9b015f2918b9 KEYS: trusted: Fix a memory leak in tpm2_load_cmd 5679cc90bb54 cifs: Fix memory and information leak in smb3_reconfigure() 4f23082b371a vhost/vsock: improve RCU read sections around vhost_vsock_get() af8b6fb41064 block: rnbd-clt: Fix signedness bug in init_dev() ee374ebb5e8e scsi: scsi_debug: Fix atomic write enable module param description e3e33ac2eb69 MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits aaa642f20ad7 platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks 142b2e74186f nvme-fabrics: add ENOKEY to no retry criteria for authentication failures 855a444013cf nvme-fc: don't hold rport lock when putting ctrl 3b4c4f26e87c i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware 939b6c52f46c clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src 6b4f044d9cd8 libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map 3f7a5d52a4ea serial: sprd: Return -EPROBE_DEFER when uart clock is not ready 56664ab5ca28 usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. 5f839f9c8037 usb: xhci: limit run_graceperiod for only usb 3.0 devices f421105c99e8 iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains 3042a57a8e8b usb: typec: ucsi: Handle incorrect num_connectors capability 015200bb776f usbip: Fix locking bug in RT-enabled kernels 28442546f2d2 exfat: zero out post-EOF page cache on file extension df3ca04116db exfat: fix remount failure in different process environments d8218e3f39a7 reset: fix BIT macro reference f7b6370d0fbe via_wdt: fix critical boot hang due to unnamed resource allocation edadf1d7f919 fuse: Invalidate the page cache after FOPEN_DIRECT_IO write b4f4212436ba fuse: Always flush the page cache before FOPEN_DIRECT_IO write 45100a1a9b31 scsi: qla2xxx: Use reinit_completion on mbx_intr_comp 3354e116ccc1 scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive c203c1ea9467 scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled a5b26e4a08a9 powerpc/addnote: Fix overflow on 32-bit builds 83127df037ca clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 8869c4962570 scsi: smartpqi: Add support for Hurray Data new controller PCI device 89d33906cb93 ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx c379ec2361ad firmware: imx: scu-irq: Init workqueue before request mbox channel b7200a265d14 scsi: ufs: host: mediatek: Fix shutdown/suspend race condition 2ab207530ce3 ipmi: Fix __scan_channels() failing to rescan channels 8f4156b242f8 ipmi: Fix the race between __scan_channels() and deliver_response() 7ced0c07791f nfsd: fix memory leak in nfsd_create_serv error paths 43c1b514422e nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_ 6abdb63db720 nfsd: update percpu_ref to manage references on nfsd_net 47c4976513f1 ASoC: ak4458: remove the reset operation in probe and remove a8ad320efb66 ALSA: usb-mixer: us16x08: validate meter packet indices 6874a88306a5 ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path 3837413ab3f4 ALSA: vxpocket: Fix resource leak in vxpocket_probe error path 14e5a8878d4f x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures 1742974c24a9 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() 276bbd6061c6 dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml 52a3f9051d4a mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds fd750d686674 mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig 743cebcbd1b2 spi: fsl-cpm: Check length parity before switching to 16 bit mode ed781eaa9e04 ACPI: CPPC: Fix missing PCC check for guaranteed_perf a11f596653f8 ACPI: PCC: Fix race condition by removing static qualifier d844aeba5945 soc/tegra: fuse: Do not register SoC device on ACPI boot ed2c2c84a2b4 can: gs_usb: gs_can_open(): fix error handling 507b7333ac1a xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails 24709064ee47 Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table ed8c61b89be0 Input: alps - fix use-after-free bugs caused by dev3_register_work 3a7cd1397c20 Input: lkkbd - disable pending work before freeing device 84e4d3543168 Input: ti_am335x_tsc - fix off-by-one error in wire_order validation 04e9249d31f5 HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen d26af6d14da4 ksmbd: fix buffer validation by including null terminator size in EA length 02e06785e85b ksmbd: Fix refcount leak when invalid session is found on session lookup a6f4cfa37838 ksmbd: skip lock-range check on equal size to avoid size==0 underflow e5718a35eb03 hwmon: (ltc4282): Fix reset_history file permissions b963636331fb drm/xe/oa: Limit num_syncs to prevent oversized allocations e281d1fd6903 drm/xe: Limit num_syncs to prevent oversized allocations 24be3b815554 block: rnbd-clt: Fix leaked ID in init_dev() 2ae324db9f49 spi: cadence-quadspi: Fix clock disable on probe failure path 0849560e52c5 arm64: kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder ec599026acb6 x86/xen: Fix sparse warning in enlighten_pv.c d30f46717fa5 x86/xen: Move Xen upcall handler ea55a61d7275 drm/panel: sony-td4353-jdi: Enable prepare_prev_first 1ed476f3836e MIPS: Fix a reference leak bug in ip22_check_gio() ca29fc28fb44 drm/xe: Restore engine registers before restarting schedulers after GT reset d0326fd9dfc1 drm/me/gsc: mei interrupt top half should be in irq disabled context 94f9c07b5675 hwmon: (tmp401) fix overflow caused by default conversion rate value 68d62e5bebbd hwmon: (ibmpex) fix use-after-free in high/low store 415d1638c742 hwmon: (dell-smm) Limit fan multiplier to avoid overflow 95cca255a7a5 net: hns3: add VLAN id validation before using 96a1b2988119 net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx 429f946a7af3 net: hns3: using the num_tqps in the vf driver to apply for resources 08c37829c01f net: enetc: do not transmit redirected XDP frames when the link is down e1641177e7fb net/handshake: duplicate handshake cancellations leak socket 0e40549e321d net/mlx5: Serialize firmware reset with devlink c3f606107a34 net/mlx5: fw_tracer, Handle escaped percent properly 45bd283b1d69 net/mlx5: fw_tracer, Validate format string parameters 4f929a9db234 net/mlx5: Drain firmware reset in shutdown callback dc7325cc50e6 net/mlx5: fw reset, clear reset requested on drain_fw_reset 7bea09f60f2a ethtool: Avoid overflowing userspace buffer on stats query e6c122cffcbb iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED b627f7703f07 iommufd/selftest: Make it clearer to gcc that the access is not out of bounds 724f6df514f7 iommufd/selftest: Update hw_info coverage for an input data_type ec519fbf6dd8 iommufd/selftest: Add coverage for reporting max_pasid_log2 via IOMMU_HW_INFO a085b36b7a71 selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel 20594fe15722 netfilter: nf_tables: remove redundant chain validation on register store 2503f11fbf88 netfilter: nf_nat: remove bogus direction check 2d6fd8a8dd92 nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() cca2ed931b73 net/sched: ets: Remove drr class from the active list if it changes to strict 4ec29714aa4e caif: fix integer underflow in cffrml_receive() 25ab24df31f7 ipvs: fix ipv4 null-ptr-deref in route error path 0b88be7211d2 netfilter: nf_conncount: fix leaked ct in error paths 70e23c094de5 broadcom: b44: prevent uninitialized value usage 2ecfc4433acd net: openvswitch: fix middle attribute validation in push_nsh() action 4b83902a1e67 bnxt_en: Fix XDP_TX path 216afc198484 mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats ed8141b206bd mlxsw: spectrum_router: Fix neighbour use-after-free 3c8828fc9bf5 mlxsw: spectrum_router: Fix possible neighbour reference count leak c98eeb05d7d9 ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() 06bfb66a7c8b net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change 8d1ccba4b171 netrom: Fix memory leak in nr_sendmsg() 278b8a9cd448 net: fec: ERR007885 Workaround for XDP TX path 9e2e02ca7b2c gfs2: Fix use of bio_chain edc2512e8d26 Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT 381a6fdfb3b9 Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE a087c7cb86a7 Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 ee3a1e7882e5 Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 b87b6c1d8b9e Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV ccc787810415 ksmbd: vfs: fix race on m_flags in vfs_cache 21a3d01fc6db ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency 2770b46167b6 smb/server: fix return value of smb2_ioctl() ab24e7802dcf gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" 122fdb8d3d86 gfs2: fix remote evict for read-only filesystems 986908a28730 btrfs: scrub: always update btrfs_scrub_progress::last_physical 5dadd27e80c4 wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet f423753269a0 wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load 1ec6f2e3d5e4 wifi: cfg80211: use cfg80211_leave() in iftype change ca6bf76ae4dc wifi: cfg80211: stop radar detection in cfg80211_leave() f4001ba4a8ca wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU fcd6855b70e6 fs/ntfs3: check for shutdown in fsync 87027decfe73 hfsplus: fix volume corruption issue for generic/073 edfb2e602b5b hfsplus: Verify inode mode when loading from disk 457f795e7abd hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create 187d06bcdf31 hfsplus: fix volume corruption issue for generic/070 4fff9a625da9 ntfs: set dummy blocksize to read boot_block when mounting eeb154b999fe kbuild: Use objtree for module signing key path 4fa631188267 fs/ntfs3: Support timestamps prior to epoch 5da872dc712e livepatch: Match old_sympos 0 and 1 in klp_find_func() 93735b3a72f0 cpuidle: menu: Use residency threshold in polling state override decisions 7488bf981808 cpufreq: s5pv210: fix refcount leak 84a8b8f53bbb ACPI: fan: Workaround for 64-bit firmware bug 0055505fa66e cpufreq: dt-platdev: Add JH7110S SOC to the allowlist 59e60f6d3aac ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only 0d8bb0812692 ACPICA: Avoid walking the Namespace if start_node is NULL 73a52f7fd913 x86/ptrace: Always inline trivial accessors 81343616e712 sched/fair: Revert max_newidle_lb_cost bump dbc61834b041 sched/deadline: only set free_cpus for online runqueues e1028fb38b32 perf/x86/amd: Check event before enable to avoid GPF c186564c96dc scripts/faddr2line: Fix "Argument list too long" error 7d107be58b5c iomap: account for unaligned end offsets when truncating read range 12053695c8ef iomap: adjust read range correctly for non-block-aligned positions 4b0fe71fb396 shmem: fix recovery on rename failures e065fc63ecc1 btrfs: fix memory leak of fs_devices in degraded seed device path 26eb399edcbd bpf, arm64: Do not audit capability check in do_jit() c3446d541616 btrfs: fix a potential path leak in print_data_reloc_error() a8f13833135b btrfs: do not skip logging new dentries when logging a new name Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 16364e1271 --------------------------- linux-yocto/6.18: drm: xlnx: zynqmp_kms: set preferred_depth to 16 bpp Integrating the following commit(s) to linux-yocto/6.18: c66fba07b7dd drm: xlnx: zynqmp_kms: set preferred_depth to 16 bpp Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: bfd3b56b2e --------------------------- linux-yocto/6.18: update CVE exclusions (6.18.5) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 6 changes (2 new | 4 updated): - 2 new CVEs: CVE-2025-46068, CVE-2025-46070 - 4 updated CVEs: CVE-2025-46066, CVE-2025-46067, CVE-2025-71063, CVE-2026-0851 Date: Mon, 12 Jan 2026 16:41:36 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: a72f100783 --------------------------- linux-yocto/6.18: update to v6.18.5 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: dc554c8fb361 Linux 6.18.5 7a28d65e4beb nfs/localio: fix regression due to out-of-order __put_cred 98a26893fad4 sched/fair: Proportional newidle balance d4ffb9ce8e65 sched/fair: Small cleanup to update_newidle_cost() c7ca7e0ff6f0 sched/fair: Small cleanup to sched_balance_newidle() f1a77dfc3b04 mptcp: ensure context reset on disconnect() 3aa9aac0e8b7 Linux 6.18.4 2d48340ccc9d Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" 1ba137c89ff0 mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() a9040eac434b vfio/pci: Disable qword access to the PCI ROM bar e7a7d7e629c2 LoongArch: BPF: Enhance the bpf_arch_text_poke() function 845306163962 powercap: intel_rapl: Add support for Nova Lake processors 77aa0f5223ff powercap: intel_rapl: Add support for Wildcat Lake platform 142dbd7ed190 block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() 28a6c420f0e7 erofs: fix unexpected EIO under memory pressure e8469ef3d480 drm/imagination: Disallow exporting of PM/FW protected objects 5487edb7b8ed drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb c79ee71f4598 drm/pagemap, drm/xe: Ensure that the devmem allocation is idle before use 548f139d3c17 drm/xe/svm: Fix a debug printout 63f23aa2fbb8 drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer 3165fcd7a1cb drm/msm: add PERFCTR_CNTL to ifpc_reglist 35ea3282136a drm/msm/dpu: Add missing NULL pointer check for pingpong interface 8d9df6d3fa49 drm/xe: Drop preempt-fences when destroying imported dma-bufs. e85d0e02121d drm/xe: Use usleep_range for accurate long-running workload timeslicing a7229c1ebeed drm/xe: Adjust long-running workload timeslices to reasonable values 3570a24eb05e drm/xe/eustall: Disallow 0 EU stall property values f19cb78876f9 drm/xe/oa: Disallow 0 OA property values a965d4869eef drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table 7b2e6ca71681 drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE 635c8d6e72f6 drm/mgag200: Fix big-endian support b94182b3d722 drm/ttm: Avoid NULL pointer deref for evicted BOs 71be8825e83c drm/tilcdc: Fix removal actions in case of failed probe 5457bdfab729 drm/i915: Fix format string truncation warning eb1494204d71 drm/amdkfd: Trap handler support for expert scheduling mode 7f26af7bf9b7 drm/amdkfd: bump minimum vgpr size for gfx1151 7445db6a7d5a drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace 7e56e90b988c drm/nouveau/gsp: Allocate fwsec-sb at boot 07bcf0498047 drm/bridge: ti-sn65dsi83: ignore PLL_UNLOCK errors ec648d8c2db7 drm/rockchip: vop2: Use OVL_LAYER_SEL configuration instead of use win_mask calculate used layers 355d4d4ffaf8 drm/amd: Fix unbind/rebind for VCN 4.0.5 fa6cd9230444 drm/mediatek: ovl_adaptor: Fix probe device leaks b3e922278622 drm/mediatek: mtk_hdmi: Fix probe device leaks 8f059592969d drm/mediatek: Fix probe device leaks e048e15c97e8 drm/mediatek: Fix probe memory leak 54291161eeaa drm/mediatek: Fix probe resource leaks 4fcb7f89479b drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() 78bc88fda96c drm/rockchip: Set VOP for the DRM DMA device 7cdb9a9da935 drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() e2e980f09133 drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() 391f53db1445 drm/buddy: Separate clear and dirty free block trees e983164f179e drm/buddy: Optimize free block management with RB tree 2c9ba2fbcd97 drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers b89cd47c4c92 drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling 16a3106cff4a drm/amdgpu/sdma6: Update SDMA 6.0.3 FW version to include UMQ protected-fence fix 431b9cd09363 drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma 0b48f98f092b drm/amdgpu: Forward VMID reservation errors 8b74d0d7f6a5 drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling 60da8c352cdc Revert "drm/amd: Skip power ungate during suspend for VPE" 3dad9330f71f platform/x86: alienware-wmi-wmax: Add support for Alienware 16X Aurora 7ba7c591ce05 platform/x86: alienware-wmi-wmax: Add AWCC support for Alienware x16 d1cb71222a27 platform/x86: alienware-wmi-wmax: Add support for new Area-51 laptops ace965a38625 platform/x86: samsung-galaxybook: Fix problematic pointer cast 64b6cd5f7b5a net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() f3a8a7c1aa27 net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write 2431c1e4765a net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration c9a8cd3ac85c net: usb: sr9700: fix incorrect command used to write single register a78ee50545ee nfsd: Drop the client reference in client_states_open() 1285073c878a nfsd: use ATTR_DELEG in nfsd4_finalize_deleg_timestamps() c07dc84ed67c nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() a6493ebd6dd5 LoongArch: BPF: Adjust the jump offset of tail calls 85fdef3dcc10 LoongArch: BPF: Enable trampoline-based tracing for module functions 8b3c00c06018 LoongArch: BPF: Save return address register ra to t0 before trampoline 321993a874f5 LoongArch: BPF: Sign extend kfunc call arguments 2617bbdead63 LoongArch: BPF: Zero-extend bpf_tail_call() index 35bb95c80ddd LoongArch: Refactor register restoration in ftrace_common_return 48f927768092 gve: defer interrupt enabling until NAPI registration 726fca79cb55 fjes: Add missing iounmap in fjes_hw_init() b282b2a9eed8 erspan: Initialize options_len before referencing options. ee7c125fb3e8 e1000: fix OOB in e1000_tbi_should_accept() a21704df4024 wifi: mac80211: Discard Beacon frames to non-broadcast address de5eb6b65e9f wifi: iwlwifi: Fix firmware version handling 3ba6d01c4b3c RDMA/cm: Fix leaking the multicast GID table reference 0b948afc1ded RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly 3b8caba93267 rust: maple_tree: rcu_read_lock() in destructor to silence lockdep 7d7010f5f0ee samples/ftrace: Adjust LoongArch register restore order in direct calls 6f9af862a859 selftests/mm: fix thread state check in uffd-unit-tests 4df537e2478d tools/mm/page_owner_sort: fix timestamp comparison for stable sorting 54e9bd5025a0 x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo 4bae7111bf29 mm: consider non-anon swap cache folios in folio_expected_ref_count() 05a8edf607be mm/page_owner: fix memory leak in page_owner_stack_fops->release() a794d65b1321 mm/page_alloc: change all pageblocks migrate type on coalescing fcbe159c9060 idr: fix idr_alloc() returning an ID out of range 7da6f40d2662 lockd: fix vfs_test_lock() calls a843e4155c83 kernel/kexec: fix IMA when allocation happens in CMA area 282ac3cf9bc7 kernel/kexec: change the prototype of kimage_map_segment() d16a38f3d908 kasan: unpoison vms[area] addresses with a common tag 9548f154f79c kasan: refactor pcpu kasan vmalloc unpoison 234ede2960d5 mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN 25f1ae942c09 mptcp: fallback earlier on simult connection 6cce897a37dc compiler_types.h: add "auto" as a macro for "__auto_type" 089e50f29eee af_unix: don't post cmsg for SO_INQ unless explicitly asked for 87f09d9245f1 pmdomain: imx: Fix reference count leak in imx_gpc_probe() 744e1bdd1471 pmdomain: mtk-pm-domains: Fix spinlock recursion fix in probe 11ccb3476ead mm/damon/tests/core-kunit: handle alloc failure on damos_test_commit_filter() 792515de4e9d mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() 4b0389369065 mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() 3987bd5706c9 mm/damon/tests/core-kunit: handle alloc failures on damos_test_filter_out() 7d0299ff8883 mm/damon/tests/core-kunit: handle alloc failures on damon_test_set_filters_default_reject() 1e88ea252355 mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() 8ce6a884fd4b mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() 65807e05960b mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() 753c12ff6d25 mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() 8ac54bafd439 mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() 63669f6b729f mm/damon/tests/core-kunit: handle memory failure from damon_test_target() d0870d0fe613 mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() ead9dd2174e9 mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() 9c46f119b70d mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() b55a42c605af mm/damon/tests/core-kunit: fix memory leak in damon_test_set_filters_default_reject() 6e0090114d66 mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() 89532a71288c mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() 6fd615cb0440 mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() 33cf4171196d mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() ef17c7e2acda LoongArch: Use unsigned long for _end and _text f92ac4ad6c86 LoongArch: Use __pmd()/__pte() for swap entry conversions 73a0059dcf26 LoongArch: Fix build errors for CONFIG_RANDSTRUCT 1f8330dcdc60 LoongArch: Fix arch_dup_task_struct() for CONFIG_RANDSTRUCT a6021c133ed8 LoongArch: Correct the calculation logic of thread_count eea343099fac LoongArch: Add new PCI ID for pci_fixup_vgadev() f736a3f4787b media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() 3e858938b0e6 media: mediatek: vcodec: Use spinlock for context list protection lock 378deae752a2 media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio 2e9b9a658d42 media: i2c: adv7842: Remove redundant cancel_delayed_work in probe 4d3c49fea279 media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe 4d08b38a9828 media: amphion: Cancel message work before releasing the VPU core b9b29dae5962 media: amphion: Remove vpu_vb_is_codecconfig 6132c3e55926 media: vpif_display: fix section mismatch 5d25f923bdb4 media: vpif_capture: fix section mismatch 19f7dfa0c1d2 media: videobuf2: Fix device reference leak in vb2_dc_alloc error path 3cbf9ef5ce84 media: verisilicon: Protect G2 HEVC decoder against invalid DPB index 49446f8e73e2 media: TDA1997x: Remove redundant cancel_delayed_work in probe f65ef4b8415e media: samsung: exynos4-is: fix potential ABBA deadlock on init ca31135ad666 media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled 31ba1a4d7a5d media: platform: mtk-mdp3: fix device leaks at probe a003505a5c8c media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() 7cd1d942b87e media: iris: Refine internal buffer reconfiguration logic for resolution change d786859abab3 media: cec: Fix debugfs leak on bus_register() failure 4357fa7bc03c fbdev: tcx.c fix mem_map to correct smem_start offset 1470cccf067e fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing f21b17cb5ed5 fbdev: gbefb: fix to use physical address instead of dma address 527f5ea4ced1 dm pcache: fix segment info indexing 87f7a7e2ed57 dm pcache: fix cache info indexing c7d8c1018aa6 dm-bufio: align write boundary on physical block size e36fd1a4c2ec dm-ebs: Mark full buffer dirty even on partial write 69a5f0fa6e55 firmware: stratix10-svc: Add mutex in stratix10 memory management b693d48a6ed0 media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() 8fb48de871a5 powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION 40a2a25aff5c powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages 8a241df8cf6d power: supply: max77705: Fix potential IRQ chip conflict when probing two devices c540db17e4af perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error b635895918d8 PCI: meson: Fix parsing the DBI register region 96ce6629d470 PCI: brcmstb: Fix disabling L0s capability a66cd0e5e034 parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() 1d0cebc41d83 parisc: entry.S: fix space adjustment on interruption for 64-bit userspace 116f511839e1 nvmet: pci-epf: move DMA initialization to EPC init callback 7d94efe68518 NFSD: Make FILE_SYNC WRITEs comply with spec 71f630e36754 mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips 7708a5031a40 mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips c54fec6b0cb9 mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips ac1a8b2244dd mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips 609b73efab92 mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips 0066afc04fd9 mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips 69a585efbf9c mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions 65b96ed954b4 arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS 29dc88cc131d arm64: dts: st: Add memory-region-names property for stm32mp257f-ev1 0b963a6b6137 arm64: dts: ti: k3-am62d2-evm: Fix PMIC padconfig 51615b85109b arm64: dts: ti: k3-am62d2-evm: Fix regulator properties e768a9d22d38 media: verisilicon: Fix CPU stalls on G2 bus error e9918c6a0044 media: rc: st_rc: Fix reset control resource leak 10eecb592afc mfd: max77620: Fix potential IRQ chip conflict when probing two devices e4077fcb1479 mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup deb4bc9fc8d0 clk: qcom: Fix dependencies of QCS_{DISP,GPU,VIDEO}CC_615 8f41129c4b5b clk: qcom: Fix SM_VIDEOCC_6350 dependencies 34322b533390 clk: qcom: mmcc-sdm660: Add missing MDSS reset a317f63255eb clk: samsung: exynos-clkout: Assign .num before accessing .hws 1c678ce2f56b block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs 4d29edea4921 leds: leds-lp50xx: Enable chip before any communication c99352597531 leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs dcd4efe48178 leds: leds-lp50xx: Allow LED 0 to be added to module bank 67bfbc5a558c leds: leds-cros_ec: Skip LEDs without color components 2c3edc2b7aa3 mm, swap: do not perform synchronous discard during allocation 4ae1e46d8a29 powerpc/64s/slb: Fix SLB multihit issue during SLB preload 96bdd7ba179f powerpc, mm: Fix mprotect on book3s 32-bit f1765578621f arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator 382895a28851 PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths 1a793f06aa69 fgraph: Check ftrace_pids_enabled on registration for early filtering c0a565f133f3 fgraph: Initialize ftrace_ops->private for function graph ops 7c8b636d3ce7 hisi_acc_vfio_pci: Add .match_token_uuid callback in hisi_acc_vfio_pci_migrn_ops 36b5f6b52ca7 HID: logitech-dj: Remove duplicate error logging 1e9cf600da98 hwmon: (dell-smm) Fix off-by-one error in dell_smm_is_visible() c341dee80b5d iommu: disable SVA when CONFIG_X86 is set b16243e7164c iommu/tegra: fix device leak on probe_device() bd2f551f575c iommu/sun50i: fix device leak on of_xlate() 6b8390fcef61 iommu/qcom: fix device leak on of_xlate() d496519ccd7e iommu/omap: fix device leaks on probe_device() c2a13167991f iommu/mediatek: fix device leak on of_xlate() fa3cb4012fb2 iommu/mediatek-v1: fix device leaks on probe() 574635a02526 iommu/mediatek-v1: fix device leak on probe_device() ba202227f98d iommu/ipmmu-vmsa: fix device leak on of_xlate() b35eeae8a566 iommu/exynos: fix device leak on of_xlate() 9bb0b50a759e iommu/apple-dart: fix device leak on of_xlate() 67c5f84f9b1c iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() 47bed96dc7d5 iommu/amd: Fix pci_segment memleak in alloc_pci_segment() 00ed0cc57232 ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. 372796af87d3 ASoC: qcom: q6adm: the the copp device only during last instance cd5691807ba6 ASoC: qcom: q6asm-dai: perform correct state check before closing c5c85ef27db6 ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr 150352153ac9 ASoC: codecs: Fix error handling in pm4125 audio codec driver fb7d608aa7c4 ASoC: cs35l41: Always return 0 when a subsystem ID is found b79b8613c0c4 ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime a619ebcf3e97 ASoC: codecs: lpass-tx-macro: fix SM6115 support 341902036870 ASoC: codecs: pm4125: Remove irq_chip on component unbind 28bcaff809cb ASoC: codecs: pm4125: Fix potential conflict when probing two devices 15424b48e226 ASoC: codecs: wcd937x: Fix error handling in wcd937x codec driver 21d87fde367a ASoC: renesas: rz-ssi: Fix rz_ssi_priv::hw_params_cache::sample_width 4d2ae0495c75 ASoC: renesas: rz-ssi: Fix channel swap issue in full duplex mode 3752afcc6d80 ASoC: stm32: sai: fix OF node leak on probe 88636450c4ad ASoC: stm32: sai: fix clk prepare imbalance on probe failure 88baed15284e ASoC: stm32: sai: fix device leak on probe 042169940f6a ASoC: codecs: wcd939x: fix regmap leak on probe failure 791bc3890d6f ntfs: Do not overwrite uptodate pages 7c87afd13484 block: handle zone management operations completions caf7a6e95854 selftests/ftrace: traceonoff_triggers: strip off names 7d8a5b44b9f2 blk-mq: skip CPU offline notify on unmapped hctx 4f6e92b7c2a7 RDMA/bnxt_re: fix dma_free_coherent() pointer e4ee11c00d23 RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation cf49ffdf57b6 IB/rxe: Fix missing umem_odp->umem_mutex unlock on error path d026f47db686 ksmbd: Fix memory leak in get_file_all_info() d260dff568ad drm/xe/guc: READ/WRITE_ONCE g2h_fence->done 63dfbcd59b4b ublk: scan partition in async way 92f024b8d47a ublk: implement NUMA-aware memory allocation e5abb6af905d md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() b53635e0e42b md: Fix static checker warning in analyze_sbs e0321917c03b RDMA/bnxt_re: Fix to use correct page size for PDE table e6d8d31d6e87 kunit: Enforce task execution in {soft,hard}irq contexts 369a161c4872 RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() ac4567773ce5 RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send 08e98ad766b1 drm/gem-shmem: Fix the MODULE_LICENSE() string fe8d45608042 RDMA/core: always drop device refcount in ib_del_sub_device_and_put() b20d6455f537 RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() 868197d9f85b RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() 277f1f4a80b4 RDMA/efa: Remove possible negative shift d9b9affd103f RDMA/irdma: avoid invalid read in irdma_net_event 94dda131004e RDMA/mana_ib: check cqe length for kernel CQs 20710399c9b5 RDMA/irdma: Fix irdma_alloc_ucontext_resp padding 263255a62cea RDMA/ucma: Fix rdma_ucm_query_ib_service_resp struct padding 787515ccb229 ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT 92d900aac3a5 net: rose: fix invalid array index in rose_kill_by_device() ffd335167d7e net: fib: restore ECMP balance from loopback e3fc381320d0 ipv4: Fix reference count leak when using error routes with nexthop objects 73744ad5696d ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() 5e5988736a95 net: stmmac: fix the crash issue for zero copy XDP_TX action 442848e457f5 octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" 7f18ebf8c455 platform/x86/intel/pmt/discovery: use valid device pointer in dev_err_probe 79cab730dbaa platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing fe9339b33e2b vfio/pds: Fix memory leak in pds_vfio_dirty_enable() 4904161220d4 tools/sched_ext: fix scx_show_state.py for scx_root change 6081ef09c54e net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct bf8a0f3b787c net: usb: asix: validate PHY address before use 93a880f73b88 net: mdio: rtl9300: use scoped for loops 937c7172d1e3 mcb: Add missing modpost build support 0c1df928f0b8 kbuild: fix compilation of dtb specified on command-line without make rule 6ddf3ae19574 net: dsa: b53: skip multicast entries for fdb_dump() 3b3ddded9c86 bng_en: update module description f7d95f9ee070 firewire: nosy: Fix dma_free_coherent() size 3411103f6b3e genalloc.h: fix htmldocs warning b6018d5c1a8f smc91x: fix broken irq-context in PREEMPT_RT 277b256f579a platform/x86/intel/pmt: Fix kobject memory leak on init failure 66299520bb6e net: wangxun: move PHYLINK dependency 9b91553a30a6 selftests: net: fix "buffer overflow detected" for tap.c 151403e90384 net: usb: rtl8150: fix memory leak on usb_submit_urb() failure e4e5c21a9cd5 selftests: drv-net: psp: fix test names in ipver_test_builder() 018071d06c3b selftests: drv-net: psp: fix templated test names in psp_ip_ver_test_builder() 6602403b2fa1 amd-xgbe: reset retries and mode on RX adapt failures ddbb72c338d9 net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() 0e766b77ba50 net: dsa: properly keep track of conduit reference 0b4fa7ac1306 net: airoha: Move net_devs registration in a dedicated routine b71187648ef2 team: fix check for port enabled in team_queue_override_port_prio_changed() 4defca287bae platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic 8f2ba8ac9ca5 platform/x86: msi-laptop: add missing sysfs_remove_group() f1c7923932bb platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names 26cca984de64 powerpc/tools: drop `-o pipefail` in gcc check scripts 91a2b25be07c ip6_gre: make ip6gre_header() robust f31557fb1b35 net: openvswitch: Avoid needlessly taking the RTNL on vport destroy 05359659c110 net: mdio: aspeed: add dummy read to avoid read-after-write issue fdf7c640fb8a Bluetooth: btusb: revert use of devm_kzalloc in btusb d084061f3360 Bluetooth: MGMT: report BIS capability flags in supported settings 5476f7f8a311 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt 5d8b9d38a767 cpuset: fix warning when disabling remote partition 5a7ba7e66b54 idpf: reduce mbx_task schedule delay to 300us 85230d7ab57e idpf: fix LAN memory regions command on some NVMs 3095228e1320 iavf: fix off-by-one issues in iavf_config_rss_reg() 5e703706b6ea i40e: validate ring_len parameter against hardware-specific values db54feefa859 i40e: fix scheduling in set_rx_mode f9cb8a49f7a5 sched_ext: fix uninitialized ret on alloc_percpu() failure 182a2786d248 wifi: mac80211: do not use old MBSSID elements 7ea38152a289 wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() 90a15ff32464 wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() e5c129a05531 wifi: rtw88: limit indirect IO under powered off for RTL8822CS 7f1f50c2055b drm/amdgpu: don't attach the tlb fence for SI 99204fdc989c drm/displayid: add quirk to ignore DisplayID checksum errors 61c0901cbd72 drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident 2af2abbcbf85 KVM: s390: Fix gmap_helper_zap_one_page() again 2a30b3c9eae1 mm/huge_memory: merge uniform_split_supported() and non_uniform_split_supported() aeabe44c5019 sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks b29d5e3a5625 sched/eevdf: Fix min_vruntime vs avg_vruntime fc83284e7527 sched/core: Add comment explaining force-idle vruntime snapshots d75aa97c90da x86/microcode/AMD: Select which microcode patch to load 5a7ba9b599fc drm: nova: depend on CONFIG_64BIT 0522222f2ac2 sched/proxy: Yield the donor task Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 983cb2171e --------------------------- scripts/oe-git-archive: Ensure new push parameter is specified Fixes a regresion in "oeqa/gitarchive: Fix git push URL parameter" due to a missing parameter. Signed-off-by: Richard Purdie --------------------------- Commit: ed2a345982 --------------------------- libyaml: add ptest support Add ptest support for libyaml to enable running the test suite on target devices. This includes: - test-version: Verifies library version information - test-reader: Tests YAML reading functionality All 2 upstream tests pass successfully: START: ptest-runner BEGIN: /usr/lib/libyaml/ptest checking utf-8 sequences... a simple test: + (no error) an empty line: + (no error) u-0 is a control character: + (reader error: control characters are not allowed: #0 at 0) u-80 is a control character: + (reader error: control characters are not allowed: #80 at 0) u-800 is valid: + (no error) u-10000 is valid: + (no error) 5 bytes sequences are not allowed: + (reader error: invalid leading UTF-8 octet: #F8 at 0) 6 bytes sequences are not allowed: + (reader error: invalid leading UTF-8 octet: #FC at 0) u-7f is a control character: + (reader error: control characters are not allowed: #7F at 0) u-7FF is valid: + (no error) u-FFFF is a control character: + (reader error: control characters are not allowed: #FFFF at 0) u-1FFFFF is too large: + (reader error: invalid Unicode character: #1FFFFF at 0) u-3FFFFFF is 5 bytes: + (reader error: invalid leading UTF-8 octet: #FB at 0) u-7FFFFFFF is 6 bytes: + (reader error: invalid leading UTF-8 octet: #FD at 0) u-D7FF: + (no error) u-E000: + (no error) u-FFFD: + (no error) u-10FFFF: + (no error) u-110000: + (reader error: invalid Unicode character: #110000 at 0) first continuation byte: + (reader error: invalid leading UTF-8 octet: #80 at 0) last continuation byte: + (reader error: invalid leading UTF-8 octet: #BF at 0) 2 continuation bytes: + (reader error: invalid leading UTF-8 octet: #80 at 0) 3 continuation bytes: + (reader error: invalid leading UTF-8 octet: #80 at 0) 4 continuation bytes: + (reader error: invalid leading UTF-8 octet: #80 at 0) 5 continuation bytes: + (reader error: invalid leading UTF-8 octet: #80 at 0) 6 continuation bytes: + (reader error: invalid leading UTF-8 octet: #80 at 0) 7 continuation bytes: + (reader error: invalid leading UTF-8 octet: #80 at 0) sequence of all 64 possible continuation bytes: + (reader error: invalid leading UTF-8 octet: #80 at 0) + (reader error: invalid leading UTF-8 octet: #81 at 0) + (reader error: invalid leading UTF-8 octet: #82 at 0) + (reader error: invalid leading UTF-8 octet: #83 at 0) + (reader error: invalid leading UTF-8 octet: #84 at 0) + (reader error: invalid leading UTF-8 octet: #85 at 0) + (reader error: invalid leading UTF-8 octet: #86 at 0) + (reader error: invalid leading UTF-8 octet: #87 at 0) + (reader error: invalid leading UTF-8 octet: #88 at 0) + (reader error: invalid leading UTF-8 octet: #89 at 0) + (reader error: invalid leading UTF-8 octet: #8A at 0) + (reader error: invalid leading UTF-8 octet: #8B at 0) + (reader error: invalid leading UTF-8 octet: #8C at 0) + (reader error: invalid leading UTF-8 octet: #8D at 0) + (reader error: invalid leading UTF-8 octet: #8E at 0) + (reader error: invalid leading UTF-8 octet: #8F at 0) + (reader error: invalid leading UTF-8 octet: #90 at 0) + (reader error: invalid leading UTF-8 octet: #91 at 0) + (reader error: invalid leading UTF-8 octet: #92 at 0) + (reader error: invalid leading UTF-8 octet: #93 at 0) + (reader error: invalid leading UTF-8 octet: #94 at 0) + (reader error: invalid leading UTF-8 octet: #95 at 0) + (reader error: invalid leading UTF-8 octet: #96 at 0) + (reader error: invalid leading UTF-8 octet: #97 at 0) + (reader error: invalid leading UTF-8 octet: #98 at 0) + (reader error: invalid leading UTF-8 octet: #99 at 0) + (reader error: invalid leading UTF-8 octet: #9A at 0) + (reader error: invalid leading UTF-8 octet: #9B at 0) + (reader error: invalid leading UTF-8 octet: #9C at 0) + (reader error: invalid leading UTF-8 octet: #9D at 0) + (reader error: invalid leading UTF-8 octet: #9E at 0) + (reader error: invalid leading UTF-8 octet: #9F at 0) + (reader error: invalid leading UTF-8 octet: #A0 at 0) + (reader error: invalid leading UTF-8 octet: #A1 at 0) + (reader error: invalid leading UTF-8 octet: #A2 at 0) + (reader error: invalid leading UTF-8 octet: #A3 at 0) + (reader error: invalid leading UTF-8 octet: #A4 at 0) + (reader error: invalid leading UTF-8 octet: #A5 at 0) + (reader error: invalid leading UTF-8 octet: #A6 at 0) + (reader error: invalid leading UTF-8 octet: #A7 at 0) + (reader error: invalid leading UTF-8 octet: #A8 at 0) + (reader error: invalid leading UTF-8 octet: #A9 at 0) + (reader error: invalid leading UTF-8 octet: #AA at 0) + (reader error: invalid leading UTF-8 octet: #AB at 0) + (reader error: invalid leading UTF-8 octet: #AC at 0) + (reader error: invalid leading UTF-8 octet: #AD at 0) + (reader error: invalid leading UTF-8 octet: #AE at 0) + (reader error: invalid leading UTF-8 octet: #AF at 0) + (reader error: invalid leading UTF-8 octet: #B0 at 0) + (reader error: invalid leading UTF-8 octet: #B1 at 0) + (reader error: invalid leading UTF-8 octet: #B2 at 0) + (reader error: invalid leading UTF-8 octet: #B3 at 0) + (reader error: invalid leading UTF-8 octet: #B4 at 0) + (reader error: invalid leading UTF-8 octet: #B5 at 0) + (reader error: invalid leading UTF-8 octet: #B6 at 0) + (reader error: invalid leading UTF-8 octet: #B7 at 0) + (reader error: invalid leading UTF-8 octet: #B8 at 0) + (reader error: invalid leading UTF-8 octet: #B9 at 0) + (reader error: invalid leading UTF-8 octet: #BA at 0) + (reader error: invalid leading UTF-8 octet: #BB at 0) + (reader error: invalid leading UTF-8 octet: #BC at 0) + (reader error: invalid leading UTF-8 octet: #BD at 0) + (reader error: invalid leading UTF-8 octet: #BE at 0) + (reader error: invalid leading UTF-8 octet: #BF at 0) 32 first bytes of 2-byte sequences {0xc0-0xdf}: + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) + (reader error: invalid trailing UTF-8 octet: #20 at 1) 16 first bytes of 3-byte sequences {0xe0-0xef}: + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) 8 first bytes of 4-byte sequences {0xf0-0xf7}: + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) 4 first bytes of 5-byte sequences {0xf8-0xfb}: + (reader error: invalid leading UTF-8 octet: #F8 at 0) + (reader error: invalid leading UTF-8 octet: #F9 at 0) + (reader error: invalid leading UTF-8 octet: #FA at 0) + (reader error: invalid leading UTF-8 octet: #FB at 0) 2 first bytes of 6-byte sequences {0xfc-0xfd}: + (reader error: invalid leading UTF-8 octet: #FC at 0) + (reader error: invalid leading UTF-8 octet: #FD at 0) sequences with last byte missing {u-0}: + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: invalid leading UTF-8 octet: #F8 at 0) + (reader error: invalid leading UTF-8 octet: #FC at 0) sequences with last byte missing {u-...FF}: + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: incomplete UTF-8 octet sequence at 0) + (reader error: invalid leading UTF-8 octet: #FB at 0) + (reader error: invalid leading UTF-8 octet: #FD at 0) impossible bytes: + (reader error: invalid leading UTF-8 octet: #FE at 0) + (reader error: invalid leading UTF-8 octet: #FF at 0) + (reader error: invalid leading UTF-8 octet: #FE at 0) overlong sequences {u-2f}: + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid leading UTF-8 octet: #F8 at 0) + (reader error: invalid leading UTF-8 octet: #FC at 0) maximum overlong sequences: + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid leading UTF-8 octet: #F8 at 0) + (reader error: invalid leading UTF-8 octet: #FC at 0) overlong representation of the NUL character: + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid length of a UTF-8 sequence at 0) + (reader error: invalid leading UTF-8 octet: #F8 at 0) + (reader error: invalid leading UTF-8 octet: #FC at 0) single UTF-16 surrogates: + (reader error: invalid Unicode character: #D800 at 0) + (reader error: invalid Unicode character: #DB7F at 0) + (reader error: invalid Unicode character: #DB80 at 0) + (reader error: invalid Unicode character: #DBFF at 0) + (reader error: invalid Unicode character: #DC00 at 0) + (reader error: invalid Unicode character: #DF80 at 0) + (reader error: invalid Unicode character: #DFFF at 0) paired UTF-16 surrogates: + (reader error: invalid Unicode character: #D800 at 0) + (reader error: invalid Unicode character: #D800 at 0) + (reader error: invalid Unicode character: #DB7F at 0) + (reader error: invalid Unicode character: #DB7F at 0) + (reader error: invalid Unicode character: #DB80 at 0) + (reader error: invalid Unicode character: #DB80 at 0) + (reader error: invalid Unicode character: #DBFF at 0) + (reader error: invalid Unicode character: #DBFF at 0) other illegal code positions: + (reader error: control characters are not allowed: #FFFE at 0) + (reader error: control characters are not allowed: #FFFF at 0) checking utf-8 sequences: 0 fail(s) checking boms... no bom (utf-8): + bom (utf-8): + bom (utf-16-le): + bom (utf-16-be): + checking boms: 0 fail(s) checking a long utf8 sequence... checking a long utf8 sequence: 0 fail(s) checking a long utf16 sequence... checking a long utf16 sequence: 0 fail(s) PASS: test-reader sizeof(token) = 80 sizeof(event) = 104 sizeof(parser) = 480 PASS: test-version DURATION: 0 END: /usr/lib/libyaml/ptest STOP: ptest-runner Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c78f5ae4a5 --------------------------- create-pull-request: Keep commit hash to be pulled in cover email The cover email mangling in create-pull-request was cutting off the actual commit hash to be pulled, making it difficult to verify that the changes a maintainer merges exactly match those intended by the pull request author. The extra lines we want to include are, for example from a recent whinlatter stable branch PR: for you to fetch changes up to 6c4c6d39ea3202d756acc13f8ce81b114a468541: cups: upgrade from 2.4.14 to 2.4.15 (2025-12-29 09:49:31 -0800) Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fea3c445a9 --------------------------- testimage: Print last lines of kernel log on test fail Testimage test fails are often a consequence of issues inside of the virtual machine, such as the OOM killer firing. Showing the last kernel log lines on the main log output should help to debug these fails. Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: da4ac27c53 --------------------------- oe-selftest: improved junit test Verify junit with improved image status and error Signed-off-by: Miroslav Cernak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: afcb98ec8a --------------------------- resulttool: junit: improve ptest status handling and log While using resulttool's JUnit export, several issues surfaced and are addressed here: - Avoid KeyError when ptest results are missing by guarding access to ptest_summary e.g., KeyError: 'bzip2' - Report actual failures as FAILED instead of SKIPPED and list the failing testcase names (e.g., DataSQLite-testrunner, Foundation-testrunner). - Include testcase names in failure output rather than only the ptest name, improving first-read diagnosability. - Make multiline failure details readable: put full traces in JUnit output; for attribute-only messages that cannot contain newlines, collapse “\n” to spaces to avoid “ ” artifacts in GitLab. This produces a more accurate and readable JUnit report, prevents crashes when ptestresult.* lacks entries, and makes CI output actionable on first read. Signed-off-by: Miroslav Cernak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1b231aeabf --------------------------- oe-selftest: add resulttool junit test Verify imagetests, and ptest with inlined as well as ptests with attached log files work as expected. Signed-off-by: Adrian Freihofer Signed-off-by: Miroslav Cernak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2abe2d701c --------------------------- resulttool: junit support ptests Support image tests and ptest. Therefore some additional hirarchies get introduced to the junit.xml file. Ptest log files can be written to a file per ptest and referred from junit.xml as ATTACHMENT or the log message can be inline in the system-out element. The following is an example generated with --attach-log-files parameter. [[ATTACHMENT|ptest-logs/foo.log]] This works at least with GitLab's junit parser. With GitLab inline system-out tags are not (yet?) fully supported by GitLab. The details are discussed here: https://gitlab.com/gitlab-org/gitlab/-/issues/440341 Support ptests - Handle ptestresult.sections A log file per ptest is generated. This allows to make the detailed ptest log available via file attribute of the junit's testcase class. - Skip ptestresults items. - Rendering all ptestresult sections quickly leads to overloaded test reports with almost no information (only test status per test). Handling the ptestresult.sections instead looks more useful especially for larger test pipelines. - This fixes a crash because they do not have a duration atribute. Improve the command line parser. Calling just resulttool junit from a bitbake environment finds the testresults.json in $BUILDDIR and writes the corresponding junit.xml into the same directory. Signed-off-by: Adrian Freihofer Signed-off-by: Miroslav Cernak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1d70a77b7f --------------------------- oeqa/runtime/cases/ptest.py: use to_boolean for PTEST_EXPECT_FAILURE When PTEST_EXPECT_FAILURE is set to "0", "False" or unset, the expected behavior is that ptest should succeed. So we need to use to_boolean. Signed-off-by: Chen Qi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 7d869c9c5a --------------------------- oeqa/gitarchive: Push tag before copying log files Resulttool creates a git tag in the yocto-testresults git and then copies log files to a newly created folder on the NFS share, whose name is controlled by the name of this git tag. As tags are unique, the folder name is also unique, preventing any clash between different builds. Today, the tag is pushed from the calling script, so after the folder is copied. This can lead to some issues if for any reason the tag is not pushed. This might also lead to some race condition. Allow to push the tag before coying data, in order to prevent these issues, and add a warning if the calling script choose to not push the tag but still copy the log files on the NFS share. Fixes [YOCTO #15696] Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 024f08629f --------------------------- oeqa/gitarchive: Fix git push URL parameter The gitarchive() function takes a `push` parameter than can be either a boolean or a string. But this parameter is then passed to expand_tag_strings(), which clearly expect it to be a string if it is defined. Split this in two arguments: a `push` boolean value and a `push_remote` optional string. Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 08c3877f4d --------------------------- kea: remove keactrl from package The keactrl script is used to run Kea from installation directory and is primarily intended for developers[1][2]. It should not be shipped to kea package. Remove it before packaging. A related patch is also removed. [1] https://gitlab.isc.org/isc-projects/kea/-/blob/master/src/bin/keactrl/keactrl.in?ref_type=heads#L10 [2] https://kea.readthedocs.io/en/latest/arm/keactrl.html Signed-off-by: Yi Zhao Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 7f9d9297a8 --------------------------- kea: replace keactrl with kea daemons in initscripts The keactrl script is used to run Kea from installation directory and is primarily intended for developers[1][2]. The initscripts should call kea daemon directly, rather than through the keactrl script. Also add a volatile file to create runtime and state directories. [1] https://gitlab.isc.org/isc-projects/kea/-/blob/master/src/bin/keactrl/keactrl.in?ref_type=heads#L10 [2] https://kea.readthedocs.io/en/latest/arm/keactrl.html Signed-off-by: Yi Zhao Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: d7c2df65f0 --------------------------- kea: fix creating runtime directory in service files Create runtime and state directories using RuntimeDirectory and StateDirectory in systemd service files, rather than creating them via ExecStartPre. This is a standard approach for systemd[1]. When the server starts, systemd will automatically create these directories. Also, add more configuration files to CONFFILES. [1] https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory= Signed-off-by: Yi Zhao Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 184bb4e114 --------------------------- sqlite3: upgrade 3.51.1 -> 3.51.2 Signed-off-by: Liu Yiding Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9e85e2b427 --------------------------- opensbi: bump to 1.8 This release has: - Safe and reverse list iteration - Stack protector support - Allocate heap housekeeping nodes dynamically - IPI device ratings - Andes QiLai SoC support - SpacemiT K1 SoC support - ESWIN Computing EIC7700 SoC support - Moved Ariane and Openpiton to generic platform - SiFive CLINT v2 support - Simple FDT based cache library - SiFive PL2 cache controller driver - SiFive Extensible Cache (EC) driver - SiFive TMC0 based HSM driver - SiFive SMC0 based system suspend driver - MPXY RPMI mailbox driver for voltage service group - MPXY RPMI mailbox driver for device power service group - MPXY RPMI mailbox driver for performance service group - HART protection abstraction Overall, this release has various domain related improvements and also adds multiple platform support. Additionally, enable PMP support on QEMU using rva23s64, as PMP is disabled by default, which causes the hart isolation configuration to fail [1]. [1] https://lists.nongnu.org/archive/html/qemu-riscv/2026-01/msg00048.html Signed-off-by: Thomas Perrot Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: c137d3637b --------------------------- docbook-xml-dtd4: fix the fetching failure Updating SRC_URI, the old archive url is deprecated. Signed-off-by: Khai Dang Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 602e28b481 --------------------------- patch.bbclass: Show full path when a patch fails to apply If a patch fails to apply, it helps to know the full path to it. This is especially true if multiple versions of the patch exists, e.g., due to overrides via bbappends. Signed-off-by: Peter Kjellerstedt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1411281de2 --------------------------- python3-hatchling: remove redundant logic There's no need to remove the self-dependency as bitbake does that, and the assignment of PYTHONPATH is no longer needed as pypa-build does the right thing when invoking the in-tree hatchling. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: ff207034f5 --------------------------- devtool: package: Drop unnecessary import The package module in devtool never actually used subprocess. Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 82c9d870df --------------------------- oeqa-runtime: avoid crash in run_network_serialdebug for missing netstat If netstat is not installed on the host, the function fails. Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b3c0e588d3 --------------------------- oeqa-runtime: fix run_network_serialdebug This is a global function and thus does not have self object. Executing it leads to "NameError: name 'self' is not defined". Change it to take parent object which contains all data which is needed to execute it. Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 874b2d301d --------------------------- spdx: Add yocto PURLs Adds code to add PURLs to packages based on the PURL specification for Yocto packages [1]. The SPDX_PACKAGE_URL variable is renamed SPDX_PACKAGE_URLS to make it clear that it can now be a list of PURLs. SPDX_PACKAGE_URL is retained, but marked as deprecated. [1]: https://github.com/package-url/purl-spec/blob/main/types-doc/yocto-definition.md Signed-off-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e8ea34a3e8 --------------------------- grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 References: https://nvd.nist.gov/vuln/detail/CVE-2025-54770 https://nvd.nist.gov/vuln/detail/CVE-2025-61661 https://nvd.nist.gov/vuln/detail/CVE-2025-61662 https://nvd.nist.gov/vuln/detail/CVE-2025-61663 https://nvd.nist.gov/vuln/detail/CVE-2025-61664 Signed-off-by: Jiaying Song Signed-off-by: Steve Sakoman Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 86941c74cc --------------------------- linux-firmware: sort Qualcomm QCA firmware entries Move entries for Qualcomm QCA2066 firmware to the first place, keeping all QCA firmware entries sorted Signed-off-by: Dmitry Baryshkov Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 16c9fc1288 --------------------------- linux-firmware: upgrade 20251125 -> 20260110 Add Qualcomm GPU firmware, Qualcomm QCC2072 firmware, Renesas R-Car PCIe PHY firmware and Airoha AN8811hb PHY firmware. License for Qualcomm X1E80100 Audio DSP firmware has changed from LICENSE.qcom to LICENSE.qcom-2. License-Update: copyright years, new firmware Signed-off-by: Dmitry Baryshkov Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b6573405a7 --------------------------- kbd: use zlib to decompress files Upstream used zlib to decompress files [1], add PACKAGECONFIG zlib to avoid host contamination. Backport a patch from upstream [2] to fix compile failure while zlib is used [1] https://git.kernel.org/pub/scm/linux/kernel/git/legion/kbd.git/commit/?id=7fdd8debe37ae52812b77d82e08713bd62c607f4 [2] https://github.com/legionus/kbd/commit/2f9a4e56c2ef245fbe840677aad9d5932e17f50d Signed-off-by: Hongxu Jia Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: beb0a16ac4 --------------------------- icu: split at '.' instead of '-' for major version With version 78.1, icu adopted '.' as separator between major and minor version. With the upgrade commit, ICU_MAJOR_VER wasn't updated and still tried to split versions with '-' instead of '.'. Fix by using '.' as separator. The error was missed with poky, because PACKAGECONFIG does not contain make-icudata. See do_make_icudata:class-target () { ${@bb.utils.contains('PACKAGECONFIG', 'make-icudata', '', 'exit 0', d)} [...] install -Dm644 ${S}/data/out/icudt${ICU_MAJOR_VER}l.dat ${S}/data/in/icudt${ICU_MAJOR_VER}l.dat } for which the install -Dm644 [...] command above would fail when PACKAGECONFIG contains make-icudata. Fixes: 479d48503dd2 ("upgrade 77-1 -> 78.1") Signed-off-by: Yannic Moog Signed-off-by: Richard Purdie --------------------------- Commit: 436ce9eb94 --------------------------- maintainers.inc: update e-mail address for hwdata and libdisplay-info Signed-off-by: Hiago De Franco Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e0133f6409 --------------------------- pulseaudio: depend on alsa-utils-alsa-info as that is the new package name alsa-utils-scripts no longer exists, depend on alsa-utils-alsa-info instead. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9823a7b4f8 --------------------------- alsa-utils: reorder recipe Move SRC_URI and inherits up to be more like the idiomatic order. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 26a28ee793 --------------------------- alsa-utils: dynamically split the packages instead of doing it manually Instead of hard-coding a long list of packages and the FILES, we can use do_split_packages to do the bulk of the work for us. Leave the SUMMARY (and add some which were missing) and the FILES that are needed to catch extra files for each package. This removes the alsa-utils-scripts package which only existed to isolate the bash depedencies, and instead adds separate -alsaconf and -alsa-info packages for each of the scripts. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 9e36cebca8 --------------------------- alsa-utils: clean up udev PACKAGECONFIG The default value for the udev rules location is looked up using pkg-config, so there's no need to make this line very long by doing it again. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 63d268f6f8 --------------------------- alsa-utils: no need to install scripts manually These were manually installed when they were part of a separate alsa-utils-scripts recipe, but now that recipe no longer exists they will be installed by automake. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 71b09aac70 --------------------------- alsa-utils: build more manpages with rst2man alsa-utils uses both xmlto and rst2man (from docutils) to build manpages, but we were only enabling xmlto. Enable/disable both xmlto and rst2man depending on whether manpages are being requested. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: e162234fc7 --------------------------- gdbm: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: cd8651b032 --------------------------- xz: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 95a71d9291 --------------------------- parted: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: e59c7aea49 --------------------------- libpng: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 704cdf573b --------------------------- popt: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: e631b784b7 --------------------------- numactl: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: ddca815ff0 --------------------------- lzo: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 73023f7e49 --------------------------- libpcre: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Also use install instead of cp to install more files. Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 1dc0e5e240 --------------------------- libevent: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 675e8c7301 --------------------------- gnutls: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 141d4b8c00 --------------------------- libusb1: use libtool to install test binaries If libtool builds a binary it's best to use libtool to install it, as otherwise you might install a wrapper script or need to make assumptions about where libtool has put the real binary (as this isn't always .libs) Signed-off-by: Ross Burton Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: ddb4c4a0cd --------------------------- libarchive: upgrade 3.8.4 -> 3.8.5 Fixes regression of fix for CVE-2025-60753 Release notes [1]: Libarchive 3.8.5 is a bugfix release. Notable bugxies: * bsdtar: fix regression from 3.8.4 zero-length pattern issue bugfix (#2809) * various small bugfixes in code and documentation [1] https://github.com/libarchive/libarchive/releases/tag/v3.8.5 Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b2498921a7 --------------------------- python3-sphinx: change RDEPENDS Change RDEPENDS from python3-roman-numerals-py to python3-roman-numerals as upstream name has changed. Signed-off-by: Liu Yiding Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: faff756e82 --------------------------- python3-roman-numerals-py: upgrade 3.1.0 -> 4.1.0 1. Upstream has renamed roman_numerals-py to roman_numerals https://pypi.org/project/roman-numerals-py/4.1.0/ 2. Changelog https://github.com/AA-Turner/roman-numerals/blob/master/CHANGES.rst Signed-off-by: Liu Yiding Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 606dadfa99 --------------------------- curl: Update to 8.18.0 Addresses six CVEs from 8.17.0: * CVE-2025-13034 * CVE-2025-14017 * CVE-2025-14524 * CVE-2025-14819 * CVE-2025-15079 * CVE-2025-15224 https://curl.se/ch/8.18.0.html Signed-off-by: Robert Joslyn Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 569a36c432 --------------------------- python3-uritools: upgrade 5.0.0 -> 6.0.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a314290fb7 --------------------------- python3-testtools: upgrade 2.8.1 -> 2.8.2 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: f8fdf8452f --------------------------- python3-sphinx: upgrade 9.0.4 -> 9.1.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 26b1a09b60 --------------------------- python3-ruamel-yaml: upgrade 0.18.17 -> 0.19.1 License-Update: Copyright year updated to 2026. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0b0f8bc3e9 --------------------------- python3-pyparsing: upgrade 3.2.5 -> 3.3.1 License-Update: Added copyright line to LICENSE file Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a9db8f4916 --------------------------- python3-psutil: upgrade 7.1.3 -> 7.2.1 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b1d80a23fd --------------------------- python3-hypothesis: upgrade 6.148.7 -> 6.149.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4f3c5e9beb --------------------------- python3-docutils: upgrade 0.22.3 -> 0.22.4 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 518e081476 --------------------------- python3-cython: upgrade 3.2.3 -> 3.2.4 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 3f8b52902a --------------------------- python3-certifi: upgrade 2025.11.12 -> 2026.1.4 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e59d74e6dd --------------------------- fastfloat: upgrade 8.1.0 -> 8.2.2 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 36cd4712d5 --------------------------- ed: upgrade 1.22.3 -> 1.22.4 License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2b2e8da897 --------------------------- barebox/barebox-tools: upgrade 2025.11.0 -> 2025.12.0 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a7f24b82ea --------------------------- at-spi2-core: upgrade 2.58.2 -> 2.58.3 Changelog: Fix atk_get_major_version etc not linking on C++. Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 91d49a31e2 --------------------------- u-boot: upgrade 2025.10 -> 2026.01 Upgrade to U-Boot 2026.01. Signed-off-by: Fabio Estevam Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1f2e8e2cd0 --------------------------- librsvg: upgrade 2.61.0 -> 2.61.3 Add a patch that addresses a reproducibility issue with ptests. Further tweaks to ptest installation so that the tests can find the needed data. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 437da2e939 --------------------------- igt-gpu-tools: upgrade 2.1 -> 2.3 Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b7a698d81b --------------------------- util-linux: Disable flaky script/options-size test The test case for the --output-limit / -o option to `script` is flaky due to the way the output limit is handled. Depending on how buffer boundaries line up, the command may output different numbers of characters, but the test case expects the output to always be identical. This has been raised upstream [1], as there are multiple options for fixing this - we can change the behaviour of script, or we can relax the test case. Changing the behaviour of script may impact users so we don't want to rush ahead and do that. For now, we're going to disable the test case. [1]: https://msgid.link/978c83bdf7596879458f39f1789da016150a72d4.camel@pbarker.dev Fixes [YOCTO #15188] Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d73739a561 --------------------------- libxml2: backport -timeout flag for testlimits [YOCTO #15912] A commit was recently merged upstream to make the testlimits test's timeout configurable. This test fails intermittently on the AB under heavy load (particularly on qemuriscv64), so backport the change and adjust the timeout from two seconds to five. Signed-off-by: Trevor Gamblin Signed-off-by: Richard Purdie --------------------------- Commit: d17afaf34d --------------------------- tcl: skip all socket tests We've had more intermittent failures in the socket tests, most likely due to overly-tight timing requirements that we cannot achieve. We should continue to talk with upstream about relaxing the timing windows, but for now skip all socket tests (socket, socket_inet, socket_inet6) [ YOCTO #15495 ] Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 9c41887f2a --------------------------- tcl: improve test execution loop There's no need to run tests/all.tcl if we're going to immediately tell it to run just one test file. Instead just run the test file directly. This reduces a lot of noise from the log output. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --------------------------- Commit: 483005f752 --------------------------- rust-target-config.bbclass: apply signature exclusions only to native/nativesdk Applying these exclusions to target builds and expecting that rebuilds happen when they should relies on incidental mechanisms like paths or other variables using the excluded ones. Rather than think of possible scenarions where it works, and where it doesn't, let's not exclude the variables from target builds, so task signature calculation can be relied on. [YOCTO #16132] Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 9993e62f35 --------------------------- rust-target-config.bbclass: add RUST_TARGET_ABI to sstate signature exclusions This was overlooked in https://lists.openembedded.org/g/openembedded-core/message/218953 and caused non-reusable sstate for rust-native when the target is one of risc-v machines. [YOCTO #16132] Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 757adcba7e --------------------------- libnl: skip a flaky route_1 ptest [YOCTO #16118] Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: 8acdbefd0a --------------------------- pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' The pseudo update was causing hangs in builds, pull in the fix. Signed-off-by: Richard Purdie --------------------------- Commit: 0c3c20b9f2 --------------------------- Reapply "glibc: Enable NFS local file locking for glibc tests" This reverts commit 0ed4776533145c901611d7f4f942490e33481335. The change was not causing the glibc test hangs. --------------------------- Commit: e51d5e19cb --------------------------- unfs3: Fix race issue causing a glibc test hang When running glibc tests under user mode NFS, tst-syslog was causing a hang. The hang was traced to unfsd exitting with a buffer overflow being detected. This was traced down to mksocket() where we'd see: socket path '/media/build/poky/build/build-st-2118464/tmp/work/x86-64-v3-poky-linux/glibc-testsuite/2.42+git/build-x86_64-poky-linux/testroot.root/dev/log' is too long at 141 vs 108 There is a length check in mknod_args() but obj may not be setup at this point by cat_name() since the functions can be executed out of order according to C. To avoid this, make the order explict. This means the length is checked and we avoid the buffer overflow. This will likely cause the glibc test to fail however it won't hang, which is a win. [YOCTO #16113] Signed-off-by: Richard Purdie --------------------------- Commit: 4a407d65dd --------------------------- linux-yocto/6.18: mtd: use refcount to prevent corruption Integrating the following commit(s) to linux-yocto/6.18: 1/1 [ Author: Liwei Song Email: liwei.song@windriver.com Subject: Revert "mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition" Date: Wed, 24 Dec 2025 15:32:34 +0800 This reverts commit 957b188b585a4f1f9f3a39198b06a6fd62d6827d. The issue that this patch is trying to resolve has been fixed by upstream commit 19bfa9ebebb5 ("mtd: use refcount to prevent corruption") so this local patch can be reverted, if not, it will cause an unbalanced refcnt issue when open/close mtd device. Signed-off-by: Liwei Song Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 3fbe5ee171 --------------------------- linux-yocto/6.18: update CVE exclusions (6.18.3) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 7 changes (4 new | 3 updated): - 4 new CVEs: CVE-2025-59156, CVE-2025-59157, CVE-2025-59158, CVE-2025-59955 - 3 updated CVEs: CVE-2025-39497, CVE-2025-7195, CVE-2025-9900 Date: Mon, 5 Jan 2026 17:48:14 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 176e56b3d2 --------------------------- linux-yocto/6.18: update to v6.18.3 Updating linux-yocto/6.18 to the latest korg -stable release that comprises the following commits: a607c8f74434 Linux 6.18.3 b79938863f43 fuse: missing copy_finish in fuse-over-io-uring argument copies e0d6de83a4cc fuse: fix readahead reclaim deadlock a6d1f1ace16d fuse: fix io-uring list corruption for terminated non-committed requests f6c08d3aa441 iommu/mediatek: fix use-after-free on probe deferral bf58ef1c4cd3 block: freeze queue when updating zone resources ce909de4416e ARM: dts: microchip: sama7g5: fix uart fifo size to 32 699d66165f6c ARM: dts: microchip: sama7d65: fix uart fifo size to 32 c2423add6242 ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 4fc2f8fbfdd4 hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU c8cf0c2bdccc hwmon: (w83791d) Convert macros to functions to avoid TOCTOU ffd46e7f2b87 hwmon: (max6697) fix regmap leak on probe failure ef901d211dcc hwmon: (max16065) Use local variable to avoid TOCTOU 5b804b8f1e0d io_uring/rsrc: fix lost entries after cloned range c95e4c4caf9a interconnect: qcom: sdx75: Drop QPIC interconnect and BCM nodes 5fa6c144d3fb i2c: amd-mp2: fix reference leak in MP2 PCI device fb5b47ad5387 lib/crypto: riscv: Depend on RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS 19d61f032c7e platform/x86: intel: chtwc_int33fe: don't dereference swnode args 17be376bb250 pwm: rzg2l-gpt: Allow checking period_tick cache value only if sibling channel is enabled f80e4e91b010 rpmsg: glink: fix rpmsg device leak 88b71cd0aa39 rtla/timerlat_bpf: Stop tracing on user latency 81bf2780ba43 soc: amlogic: canvas: fix device leak on lookup 25073a05068e soc: apple: mailbox: fix device leak on lookup b28fd17adfb2 soc: qcom: ocmem: fix device leak on lookup 951515391b8f soc: qcom: pbs: fix device leak on lookup b2d6246ef36f soc: samsung: exynos-pmu: fix device leak on regmap lookup 3ce2b4aec8cd tracing: Fix fixed array of synthetic event 479af0d9c6ba vfio: Fix ksize arg while copying user struct in vfio_df_ioctl_bind_iommufd() 8716a841d1da virtio: vdpa: Fix reference count leak in octep_sriov_enable() 3846f8f781cc zloop: make the write pointer of full zones invalid 35eb1ec73f57 zloop: fail zone append operations that are targeting full zones 1d18fb5c71f6 amba: tegra-ahb: Fix device leak on SMMU enable 70cf3d6fe71a crypto: arm64/ghash - Fix incorrect output from ghash-neon b674e3522b67 crypto: caam - Add check for kcalloc() in test_len() 51a5ab36084f crypto: af_alg - zero initialize memory allocated via sock_kmalloc c549b9e0b877 dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets 1bff3e35ed44 dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets d06674a1ca79 dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets 4eee447b5bd4 dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets f3510ba5e265 dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets c3823d1243d3 dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets 37f52c4554f3 dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets 149b97dc3295 drm/displayid: pass iter to drm_find_displayid_extension() f9e805fa1fe8 drm/amd/display: Fix scratch registers offsets for DCN351 7d5df9dd6343 drm/amd/display: Fix scratch registers offsets for DCN35 ede98c3943cd drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() 9837f8d57a54 Revert "drm/amd/display: Fix pbn to kbps Conversion" acb3a68f2170 gpio: loongson: Switch 2K2000/3000 GPIO to BYTE_CTRL_MODE 5f8dc9f0327e gpiolib: acpi: Add quirk for Dell Precision 7780 efdcbc1b1035 gpio: regmap: Fix memleak in error path in gpio_regmap_register() 0f5940176ad6 s390/ipl: Clear SBP flag when bootprog is set 5fcdaa29e599 cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated a35788ddf8df btrfs: don't log conflicting inode if it's a dir moved in the current transaction 0d5c9e901ad4 powerpc/kexec: Enable SMT before waking offline CPUs 1c8bb965e9b0 SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf 2a77c8dd49bc svcrdma: use rc_pageoff for memcpy byte offset 4846a4c6acb9 svcrdma: return 0 on success from svc_rdma_copy_inline_range 433bb1344ef6 nfsd: Mark variable __maybe_unused to avoid W=1 build break da1ccfc4c452 svcrdma: bound check rq_pages index in inline path 7d17693eb79d ASoC: SOF: ipc4-topology: Convert FLOAT to S32 during blob selection 42ed4c781019 NFSD: Clear TIME_DELEG in the suppattr_exclcreat bitmap 506059202510 ALSA: hda/realtek: Add Asus quirk for TAS amplifiers 134436e66019 ASoC: SOF: ipc4-topology: Prefer 32-bit DMIC blobs for 8-bit formats as well 214b39648006 NFSD: NFSv4 file creation neglects setting ACL b8db16f97d08 NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap b225325be7b2 net/handshake: restore destructor on submit failure 7a93edb23bcf fsnotify: do not generate ACCESS/MODIFY events on child for special files 7b9ea7aa24bd net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write 779fa2a063d4 r8169: fix RTL8117 Wake-on-Lan in DASH mode 681fd588733c lib/crypto: riscv: Add poly1305-core.S to .gitignore 5bb88024409e arm64/gcs: Flush the GCS locking state on exec 7992a8c94689 PM: runtime: Do not clear needs_force_resume with enabled runtime PM 6df47e5bb9b6 tracing: Do not register unsupported perf events cec87632c34a xfs: validate that zoned RT devices are zone aligned d29ed9ff972a xfs: fix a UAF problem in xattr repair 92f6a7b6cfda xfs: fix the zoned RT growfs check for zone alignment 0f3b87c66d89 xfs: fix stupid compiler warning 55c28a875425 xfs: fix a memory leak in xfs_buf_item_init() 0c01fa83c09b KVM: selftests: Add missing "break" in rseq_test's param parsing caf68b6da389 KVM: x86: Apply runtime updates to current CPUID during KVM_SET_CPUID{,2} aedf23821663 KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits acffd1cee688 KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) 6617e02cf8df KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit 3fe48378e53f KVM: TDX: Explicitly set user-return MSRs that *may* be clobbered by the TDX-Module da28922a8c60 KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN 2c3719a04b04 KVM: Fix last_boosted_vcpu index assignment bug 691ff7e13f0d KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation 2853896ef465 KVM: selftests: Forcefully override ARCH from x86_64 to x86 201b4a7ebbe0 KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN c1f8d4d41ed3 KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE e23f46f1a971 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer a16ccbffb144 KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() 16fa73b11a94 KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 b3b320a900a5 powerpc: Add reloc_offset() to font bitmap pointer used for bootx_printf() 2acb8517429a libceph: make decode_pool() more resilient against corrupted osdmaps 37a691ed7942 lib/crypto: riscv/chacha: Avoid s0/fp register 3383f16f7870 dm-pcache: advance slot index before writing slot c8f810e20f4b parisc: Do not reprogram affinitiy on ASP chip a19fb3611e4c scs: fix a wrong parameter in __scs_magic f8b136296722 media: iris: Add sanity check for stop streaming 24a2062257bb platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver f73b74dafa3c KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) 7acc0390e0dd ocfs2: fix kernel BUG in ocfs2_find_victim_chain 30f4d4e5224a media: vidtv: initialize local pointers upon transfer of memory ownership 65d4e5af2a2e mm/slub: reset KASAN tag in defer_free() before accessing freed memory cb51bef465d8 KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot dd6e519ba91e pinctrl: renesas: rzg2l: Fix ISEL restore on resume a1223a72c419 tools/testing/nvdimm: Use per-DIMM device handle 4560db9678a2 f2fs: fix return value of f2fs_recover_fsync_data() 51659b91898f f2fs: fix to not account invalid blocks in get_left_section_blocks() 2efb6b9c5bd2 f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() 57e36f84f2b5 f2fs: fix uninitialized one_time_gc in victim_sel_policy b355d300f51b f2fs: fix age extent cache insertion skip on counter overflow e6d828eae00e f2fs: use global inline_xattr_slab instead of per-sb slab cache 0dde30753c1e f2fs: invalidate dentry cache on failed whiteout creation bac23833220a f2fs: fix to avoid updating zero-sized extent in extent cache 40409e089b41 f2fs: fix to propagate error from f2fs_enable_checkpoint() 86a85a7b622e f2fs: fix to avoid potential deadlock 0df713a9c082 f2fs: fix to avoid updating compression context during writeback 0b36fae23621 f2fs: ensure node page reads complete before f2fs_put_super() finishes 3fb2db6f50ea scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error a0d4e9e24474 scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow 8edbb9e371af scsi: target: Reset t_task_cdb pointer in error case 8c5ce5fafe9c NFSD: use correct reservation type in nfsd4_scsi_fence_client 751c19635c2b scsi: aic94xx: fix use-after-free in device removal path 1c728951bc76 scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" 8f92817b6f10 cpufreq: nforce2: fix reference count leak in nforce2 87f11fea5acb cpuidle: governors: teo: Drop misguided target residency check 17157612e40d serial: sh-sci: Check that the DMA cookie is valid 190dc4b74800 serial: xilinx_uartps: fix rs485 delay_rts_after_send 320578703ebe serial: core: Fix serial device initialization c255a5164c58 serial: core: Restore sysfs fwnode information 864deb6cf1c0 mei: gsc: add dependency on Xe driver 670c2d09ac57 mei: Fix error handling in mei_register 4157f7bba629 intel_th: Fix error handling in intel_th_output_open 1f53652922cd dt-bindings: slimbus: fix warning from example f83e3e9f8918 char: applicom: fix NULL pointer dereference in ac_ioctl 687ccc341f63 xhci: dbgtty: fix device unregister: fixup fd00f88ef36b usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() 1f069425f4f0 usb: dwc3: keep susphy enabled during exit to avoid controller faults 5a45d75da3b7 usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe 9f4bc5c30402 usb: gadget: lpc32xx_udc: fix clock imbalance in error path 7501ecfe3e52 usb: phy: isp1301: fix non-OF device reference imbalance 2e7c47e2eb3c usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal cefaad839a38 USB: lpc32xx_udc: Fix error handling in probe d377fe40ff5a usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() 8422cdf91db1 usb: typec: ucsi: huawei-gaokin: add DRM dependency a9cd9a4846ef usb: ohci-nxp: fix device leak on probe failure 987c0ddfe8bb phy: broadcom: bcm63xx-usbh: fix section mismatches b07bfaf62d07 media: pvrusb2: Fix incorrect variable used in trace message ac92151ff249 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() 207d2d90ad87 usb: usb-storage: Maintain minimal modifications to the bcdDevice range. 50f47c02be41 mptcp: avoid deadlock on fallback while reinjecting 77ea2657b470 mptcp: schedule rtx timer only after pushing data ea0129061d61 selftests: mptcp: pm: ensure unknown flags are ignored ec4358c72491 mptcp: pm: ignore unknown endpoint flags 344789964c6c mm/slab: introduce kvfree_rcu_barrier_on_cache() for cache destruction 2766fae7c4c6 dma-mapping: Fix DMA_BIT_MASK() macro being broken d519d23a6b1c crash: let architecture decide crash memory export to iomem_resource 20eda7c74b69 tpm2-sessions: Fix tpm2_read_public range checks 04a3aa6e8c5f tpm2-sessions: Fix out of range indexing in name_size cebbf5d16bb2 mm/huge_memory: add pmd folio to ds_queue in do_huge_zero_wp_pmd() d710b4a2c713 media: v4l2-mem2mem: Fix outdated documentation 2c636fb02af2 mm/ksm: fix exec/fork inheritance support for prctl 3997b3147c7b block: Remove queue freezing from several sysfs store callbacks f0dba761b282 jbd2: use a weaker annotation in journal handling 4a9e50d881f5 jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key b59fa6011480 ext4: align max orphan file size with e2fsprogs limit e70d561d9d83 ext4: fix incorrect group number assertion in mb_check_buddy 8cde2072825b ext4: clear i_state_flags when alloc inode ce5f54c065a4 ext4: xattr: fix null pointer deref in ext4_raw_inode() ecb7e5603b57 ext4: check if mount_opts is NUL-terminated in ext4_ioctl_set_tune_sb() 5bbacbbf1ca4 ext4: fix string copying in parse_apply_sb_mount_options() 8626a78ce7dd printk: Avoid irq_work for printk_deferred() on suspend be8ba672cc5a printk: Allow printk_trigger_flush() to flush all types b107196729ff fs: PM: Fix reverse check in filesystems_freeze_callback() 858344bc9210 tpm: Cap the number of PCR banks 2b78da4cc75d ktest.pl: Fix uninitialized var in config-bisect.pl b3b036bac7c9 fs/ntfs3: fix mount failure for sparse runs in run_unpack() 419b1ea754c9 kallsyms: Fix wrong "big" kernel symbol type read from procfs 17900c56e263 crypto: scatterwalk - Fix memcpy_sglist() to always succeed 3312f03e9948 floppy: fix for PAGE_SIZE != 4KB cbaae7bb64d4 jbd2: fix the inconsistency between checksum and data in memory for journal sb 8dd553771afe block: rate-limit capacity change info log 3715bb43ccd3 gfs2: fix freeze error handling 98d65b62ddf8 btrfs: don't rewrite ret from inode_permission 498e286941b9 wifi: mt76: Fix DTS power-limits on little endian systems aceaa18f791a s390/dasd: Fix gendisk parent after copy pair swap 3b95fdb75d74 lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit 0eeaa2ba3b43 perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() bacecf370e0c efi: Add missing static initializer for efi_mm::cpus_allowed_lock 265fad7d9c42 phy: exynos5-usbdrd: fix clock prepare imbalance 344057b2605d dt-bindings: clock: mmcc-sdm660: Add missing MDSS reset 9285d0483063 mmc: sdhci-msm: Avoid early clock doubling during HS400 transition 4bb9164e8f21 x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems 2ad1e2faebbd sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() 5ddd444484be sched_ext: Fix bypass depth leak on scx_enable() failure ff67270a177f sched_ext: Fix the memleak for sch->helper objects 514d605ab6ce sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() 3192204aa77f printk: Avoid scheduling irq_work on suspend 7fbfb85b05bc io_uring: fix filename leak in __io_openat_prep() dcb0d8bf1771 io_uring: fix min_wait wakeups for SQPOLL 13a8f7b88c2d io_uring/poll: correctly handle io_poll_add() return value on update 3dfe2e1531c8 clk: keystone: syscon-clk: fix regmap leak on probe failure 9e7c63c69f57 KEYS: trusted: Fix a memory leak in tpm2_load_cmd c30ed32690b2 rust: io: add typedef for phys_addr_t 52df55b21ede rust: io: move ResourceSize to top-level io module 0bf59179bdef rust: io: define ResourceSize as resource_size_t 93b3274587e8 samples: rust: fix endianness issue in rust_driver_pci 48298e1ba378 rust: dma: add helpers for architectures without CONFIG_HAS_DMA bee1f36801db rust_binder: avoid mem::take on delivered_deaths 505e8c7f6ca1 rust/drm/gem: Fix missing header in `Object` rustdoc bb82aaee1690 cifs: Fix memory and information leak in smb3_reconfigure() f8b19571b1db vhost/vsock: improve RCU read sections around vhost_vsock_get() 74dd8b66f9d2 block: rnbd-clt: Fix signedness bug in init_dev() 13456b4f1033 ublk: clean up user copy references on ublk server exit 2c46497eb148 drm/msm/a6xx: move preempt_prepare_postamble after error check 19648135e904 drm/msm: adreno: fix deferencing ifpc_reglist when not declared e64d5d45ffa8 scsi: scsi_debug: Fix atomic write enable module param description 7f39b9d0e86e MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits 6455d25857f2 platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks c3cd1d514eb0 hwmon: (emc2305) fix double put in emc2305_probe_childs_from_dt 6c95c2e00996 nvme-fabrics: add ENOKEY to no retry criteria for authentication failures 76bced5efbf4 hwmon: (emc2305) fix device node refcount leak in error path 4f7d90c7184a nvme-fc: don't hold rport lock when putting ctrl 3b96dc29e385 platform/x86: wmi-gamezone: Add Legion Go 2 Quirks ef7653481a05 i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware 7b8581442457 clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src 9a9a9b88a8d8 libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map ad9f0f01373c serial: sprd: Return -EPROBE_DEFER when uart clock is not ready e63d2173887c usb: xhci: Don't unchain link TRBs on quirky HCs e375aa7f5a1e usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. 6dc09b9b211b usb: xhci: limit run_graceperiod for only usb 3.0 devices 41374236a556 iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains 132fe187e0d9 usb: typec: ucsi: Handle incorrect num_connectors capability 1681cf6da695 usbip: Fix locking bug in RT-enabled kernels 967ac825b4f6 exfat: zero out post-EOF page cache on file extension ff3e06e80c9e exfat: fix remount failure in different process environments f04d53f6e3ff reset: fix BIT macro reference b49c766856fb functionfs: fix the open/removal races c6a2dd4f2e4e via_wdt: fix critical boot hang due to unnamed resource allocation ea0c31c52143 fuse: Invalidate the page cache after FOPEN_DIRECT_IO write b88dd8517ec8 fuse: Always flush the page cache before FOPEN_DIRECT_IO write 05f9aa19fdc1 scsi: qla2xxx: Use reinit_completion on mbx_intr_comp 6407b63db802 scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive 45185214175c scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled 095704d7f334 powerpc/addnote: Fix overflow on 32-bit builds d45fcd38c692 clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 5f9a7a00a2be scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI 4ca4c0b6c34f scsi: smartpqi: Add support for Hurray Data new controller PCI device 15108657bce0 ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx dbbf6d471306 um: init cpu_tasks[] earlier 64b989a051b0 firmware: imx: scu-irq: Init workqueue before request mbox channel 9f2ff08737c4 scsi: ufs: host: mediatek: Fix shutdown/suspend race condition eb8d9fb6280d ipmi: Fix __scan_channels() failing to rescan channels 235ae3fc9e9c ipmi: Fix the race between __scan_channels() and deliver_response() 8a9c52cbaf96 ASoC: ops: fix snd_soc_get_volsw for sx controls aa0449550e1e ASoC: SDCA: support Q7.8 volume format 523c21a04c17 nfsd: fix memory leak in nfsd_create_serv error paths 74fd0ae1a7de ASoC: ak4458: remove the reset operation in probe and remove eaa95228b8a5 ALSA: usb-mixer: us16x08: validate meter packet indices 499057a7cc6b ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path 042e9e86d8e1 ALSA: vxpocket: Fix resource leak in vxpocket_probe error path 2068cf6f8276 ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode 425672fdb7b6 x86/mm/tlb/trace: Export the TLB_REMOTE_WRONG_CPU enum in 82b6dfc0aa60 x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures f01e9f891c37 x86/msi: Make irq_retrigger() functional for posted MSI 34c0e95524d6 x86/bug: Fix old GCC compile fails 6220d38a08f8 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() e1be561f6b14 dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml 2ebf2e631d53 mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds 87e74671ddbc mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig be0b613198e6 spi: fsl-cpm: Check length parity before switching to 16 bit mode 7e086c97dd2b ACPI: CPPC: Fix missing PCC check for guaranteed_perf 4cb75cd4eeb4 ACPI: PCC: Fix race condition by removing static qualifier 76033cf8c2e4 platform/x86: intel_pmc_ipc: fix ACPI buffer memory leak 4a4193d9c6dd soc/tegra: fuse: Do not register SoC device on ACPI boot bb958a1320b5 can: gs_usb: gs_can_open(): fix error handling da852f46c76e xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails 8722085fd23b Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table a9c115e017b2 Input: alps - fix use-after-free bugs caused by dev3_register_work cffc4e29b1e2 Input: lkkbd - disable pending work before freeing device 40e3042de43f Input: ti_am335x_tsc - fix off-by-one error in wire_order validation 9d9eab0eb2bf Input: xpad - add support for CRKD Guitars cae029e0575d Input: apple_z2 - fix reading incorrect reports after exiting sleep 14b1a6009e48 HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen 6dc8cf6e7998 ksmbd: fix buffer validation by including null terminator size in EA length 8cabcb4dd3dc ksmbd: Fix refcount leak when invalid session is found on session lookup 571204e4758a ksmbd: skip lock-range check on equal size to avoid size==0 underflow 3041d93301ca hwmon: (ltc4282): Fix reset_history file permissions 0821f3ad2d6e arm64: dts: mediatek: Apply mt8395-radxa DT overlay at build time 66dce411c7e9 amd/iommu: Preserve domain ids inside the kdump kernel 1e5b2d2138f6 drm/xe/oa: Always set OAG_OAGLBCTXCTRL_COUNTER_RESUME 338849090ee6 drm/xe/oa: Limit num_syncs to prevent oversized allocations 1d200017f55f drm/xe: Limit num_syncs to prevent oversized allocations cfc473f29eb5 block: rnbd-clt: Fix leaked ID in init_dev() 0460e09a6142 ublk: fix deadlock when reading partition table 474cf21e0c0e ublk: refactor auto buffer register in ublk_dispatch_req() 5907d423400e ublk: add `union ublk_io_buf` with improved naming 0f6f3cf11bfe ublk: add parameter `struct io_uring_cmd *` to ublk_prep_auto_buf_reg() a4315e409ab0 io_uring: fix nr_segs calculation in io_import_kbuf 0ab22a1796e0 spi: cadence-quadspi: Fix clock disable on probe failure path dac58c012c47 drm/amdgpu: fix a job->pasid access race in gpu recovery f51cc7aeb3d0 arm64: kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder 0901f5fe2a01 x86/xen: Fix sparse warning in enlighten_pv.c 09fe52c728e0 drm/panel: sony-td4353-jdi: Enable prepare_prev_first 548e158dbf57 MIPS: Fix a reference leak bug in ip22_check_gio() 63cc97bd85e3 drm/xe: Restore engine registers before restarting schedulers after GT reset 4c8a881044e1 drm/xe: Increase TDF timeout f72c9ecd4b25 drm/me/gsc: mei interrupt top half should be in irq disabled context 754b10c067f0 drm/xe: fix drm_gpusvm_init() arguments 3a3612dc7055 drm/xe: Apply Wa_14020316580 in xe_gt_idle_enable_pg() f6ec2d5c21b1 drm/xe: Fix freq kobject leak on sysfs_create_files failure ea62d22f5772 hwmon: (tmp401) fix overflow caused by default conversion rate value 5aa213920166 hwmon: (ibmpex) fix use-after-free in high/low store e52b375b7dae hwmon: (dell-smm) Limit fan multiplier to avoid overflow 5e4481ef397e spi: mpfs: Fix an error handling path in mpfs_spi_probe() c062e2785bbe spi: microchip: rename driver file and internal identifiers f55201fb3bec block: fix race between wbt_enable_default and IO submission ef8178f81002 block: use {alloc|free}_sched data methods 93869ded0ccc block: introduce alloc_sched_data and free_sched_data elevator methods aa81ed74af25 block: move elevator tags into struct elevator_resources 22f98de8fa78 block: unify elevator tags and type xarrays into struct elv_change_ctx 322d0132d8b5 selftests: ublk: fix overflow in ublk_queue_auto_zc_fallback() 9c0dc1d40b69 drm/tests: Handle EDEADLK in set_up_atomic_state() 5ffc53a58a75 drm/tests: Handle EDEADLK in drm_test_check_valid_clones() c35d4fba2e0b drm/tests: hdmi: Handle drm_kunit_helper_enable_crtc_connector() returning EDEADLK 91a51d01be5c net: hns3: add VLAN id validation before using f02f283ebfaf net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx 62f28d79a618 net: hns3: using the num_tqps in the vf driver to apply for resources 918aafade36d net: enetc: do not transmit redirected XDP frames when the link is down 3c330f1dee3c net/handshake: duplicate handshake cancellations leak socket 4af9c2cd9a84 net/mlx5e: Don't include PSP in the hard MTU calculations 52f7785dad93 net/mlx5e: Trigger neighbor resolution for unresolved destinations 2d2e05d3c2af net/mlx5e: Use ip6_dst_lookup instead of ipv6_dst_lookup_flow for MAC init a935b5993b9e net/mlx5: Serialize firmware reset with devlink d173741ab4cb net/mlx5: fw_tracer, Handle escaped percent properly 8c35c2448086 net/mlx5: fw_tracer, Validate format string parameters 2d2d97d8a644 net/mlx5: Drain firmware reset in shutdown callback 5af49c5c3bdb net/mlx5: fw reset, clear reset requested on drain_fw_reset 4066b5b54629 ethtool: Avoid overflowing userspace buffer on stats query 730a125ec467 can: j1939: make j1939_sk_bind() fail if device is no longer registered b166b8e0a381 iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED 9bec0d706487 iommufd/selftest: Make it clearer to gcc that the access is not out of bounds 365417a77d38 selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel 95b2dac3aaee netfilter: nf_tables: remove redundant chain validation on register store 79ea9102e66b netfilter: nf_nat: remove bogus direction check c59137e1314d nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() 43d9a530c8c0 net/sched: ets: Remove drr class from the active list if it changes to strict 21fdcc00656a caif: fix integer underflow in cffrml_receive() 82abf247e013 selftests: netfilter: prefer xfail in case race wasn't triggered 689a627d1478 ipvs: fix ipv4 null-ptr-deref in route error path 4bd2b89f4028 netfilter: nf_conncount: fix leaked ct in error paths c70df25214ac inet: frags: flush pending skbs in fqdir_pre_exit() 58e7108971fa inet: frags: add inet_frag_queue_flush() 1b5c3b8826d4 inet: frags: avoid theoretical race in ip_frag_reinit() 9ed53331e418 selftests: net: tfo: Fix build warning aa3f345dbac2 selftests: net: Fix build warnings 008fd87cd708 selftest: af_unix: Support compilers without flex-array-member-not-at-end support 1d18e7155f64 broadcom: b44: prevent uninitialized value usage 698f389552ab net: ti: icssg-prueth: add PTP_1588_CLOCK_OPTIONAL dependency c999153bfb2d net: openvswitch: fix middle attribute validation in push_nsh() action f17e0c120848 bnxt_en: Fix XDP_TX path 4049a6ace209 mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats 675c5aeadf64 mlxsw: spectrum_router: Fix neighbour use-after-free fcb9e2e5cf04 mlxsw: spectrum_router: Fix possible neighbour reference count leak d2495f529d60 net/mlx5: Fix double unregister of HCA_PORTS component 7aa2085ca72b ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() 90206ede6318 net: phy: RTL8211FVD: Restore disabling of PHY-mode EEE e3859271c72c net: phy: realtek: create rtl8211f_config_phy_eee() helper c6a23498f795 net: phy: realtek: eliminate priv->phycr1 variable ce370d988122 net: phy: realtek: allow CLKOUT to be disabled on RTL8211F(D)(I)-VD-CG d064d95c74d3 net: phy: realtek: eliminate has_phycr2 variable 7ec73f0e1600 net: phy: realtek: eliminate priv->phycr2 variable e12c912f92cc net/mlx5e: Avoid unregistering PSP twice f4a16bb7f8b5 net/mlx5: make enable_mpesw idempotent 45466141da3c net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change 51f5fbc1681b netrom: Fix memory leak in nr_sendmsg() ef4943d8c55c net: fec: ERR007885 Workaround for XDP TX path 6938e2fb4b4b gfs2: Fix use of bio_chain e84d2d5f3680 Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT 81b702a5486c Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE a35109f796db Bluetooth: btusb: add new custom firmwares a8c7343e2a04 Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 c5f173e20fdd Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 112a000505b8 Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV ee63729760f5 ksmbd: vfs: fix race on m_flags in vfs_cache 063cbbc6f595 ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency d8c5009bf41d smb/server: fix return value of smb2_ioctl() 32c3960b4212 gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" a2046f5916c2 gfs2: fix remote evict for read-only filesystems 66e2f3c1aefe hfsplus: fix volume corruption issue for generic/101 306d8449af7c btrfs: scrub: always update btrfs_scrub_progress::last_physical f5323b43019d wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet 9c6f9b2a80ed wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load 0283fac52b42 wifi: cfg80211: use cfg80211_leave() in iftype change c3ab9657866f wifi: cfg80211: stop radar detection in cfg80211_leave() 40257a2ef1bc wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU d5fb4e2c9bb0 fs/ntfs3: check for shutdown in fsync 282214ddf847 hfsplus: fix volume corruption issue for generic/073 91f114bffa36 hfsplus: Verify inode mode when loading from disk 5882e7c8cdbb hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create 772e0a8809f1 hfsplus: fix volume corruption issue for generic/070 b3c151fe8f54 ntfs: set dummy blocksize to read boot_block when mounting f44e3d622d74 kbuild: Use objtree for module signing key path 5859a556db4b fs/ntfs3: Support timestamps prior to epoch 1c553c454f54 crypto: ccp - Add support for PCI device 0x115A c9266cafb277 livepatch: Match old_sympos 0 and 1 in klp_find_func() ab665eb99971 scripts: kdoc_parser.py: warn about Python version only once 3ef4a51315a9 x86/microcode: Mark early_parse_cmdline() as __init 63859f6da00d cpuidle: menu: Use residency threshold in polling state override decisions e486de4c945d cpufreq: s5pv210: fix refcount leak f916f071e41c ACPI: fan: Workaround for 64-bit firmware bug 3d9ecabe2953 cpufreq: dt-platdev: Add JH7110S SOC to the allowlist 29014a19d417 ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only f91dad0a3b38 ACPICA: Avoid walking the Namespace if start_node is NULL bb4c2f559e57 x86/ptrace: Always inline trivial accessors aab3236ff1da sched/fair: Revert max_newidle_lb_cost bump 3ed049fbfb4d sched/deadline: only set free_cpus for online runqueues 43c2e5c2acaa perf/x86/amd: Check event before enable to avoid GPF ec73412f61d3 scripts/faddr2line: Fix "Argument list too long" error bfa4924cbc52 iomap: account for unaligned end offsets when truncating read range 142194fb21af iomap: adjust read range correctly for non-block-aligned positions 4642686699a4 shmem: fix recovery on rename failures 6fd59082b626 btrfs: fix changeset leak on mmap write after failure to reserve metadata 6564f76a9efe btrfs: fix memory leak of fs_devices in degraded seed device path d0e177e176e7 bpf: Fix verifier assumptions of bpf_d_path's output buffer b7a2957ace3d bpf: Fix truncated dmabuf iterator reads 75fffc9fef36 bpf, arm64: Do not audit capability check in do_jit() f79a80c7fc06 btrfs: fix a potential path leak in print_data_reloc_error() 815abd170966 btrfs: do not skip logging new dentries when logging a new name 78d82960b939 Linux 6.18.2 1823e08f76c6 ALSA: wavefront: Fix integer overflow in sample size validation 590bd2a7acba ALSA: wavefront: Clear substream pointers on close 343fa9800cf9 ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() 3646c928bb77 ALSA: hda/tas2781: fix speaker id retrieval for multiple probes acacb5b7109a ALSA: hda/realtek: Add match for ASUS Xbox Ally projects 1e1b3207a53e ALSA: dice: fix buffer overflow in detect_stream_formats() d6d0caff738f usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required a880ef71a1c8 usb: typec: ucsi: fix use-after-free caused by uec->work 6507f1810d3c usb: phy: Initialize struct usb_phy list_head a902fc01813a usb: typec: ucsi: fix probe failure in gaokun_ucsi_probe() 93193a1a0077 usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt 1f2f0ff3cacb efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs 742082e59fcc efi/cper: Adjust infopfx size to accept an extra space a980fec3d5eb efi/cper: Add a new helper function to print bitmasks 67d5a5e20259 perf/x86/intel: Fix NULL event dereference crash in handle_pmi_common() f2091f479f5b ocfs2: fix memory leak in ocfs2_merge_rec_left() d0fab03390ae cpu: Make atomic hotplug callbacks run with interrupts disabled on UP efd65e2e2fd9 irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() da07fa873059 perf/core: Fix missing read event generation on task exit 35287d31e083 scsi: ufs: core: Fix an error handler crash 9e434426cc23 scsi: imm: Fix use-after-free bug caused by unfinished delayed work ea98ced74f50 dm log-writes: Add missing set_freezable() for freezable kthread 992710902de4 dm-raid: fix possible NULL dereference with undefined raid type f80cf70de912 ASoC: amd: acp: update tdm channels for specific DAI ef0cd7b69492 block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock 97ee36e58a8c drm/i915/fbdev: Hold runtime PM ref during fbdev BO creation cabc9d26c06f drm/{i915, xe}/fbdev: deduplicate struct drm_mode_fb_cmd2 init 6f36ae55d245 drm/{i915, xe}/fbdev: pass struct drm_device to intel_fbdev_fb_alloc() bc600ef08326 drm/i915/fbdev: make intel_framebuffer_create() error return handling explicit c287d34592cc drm/xe/fbdev: use the same 64-byte stride alignment as i915 fb074e5c4f3e ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() 8f9e51cf2a2a ALSA: firewire-motu: add bounds check in put_user loop for DSP events d48f75972d39 regulator: spacemit: Align input supply name with the DT binding 4a7915a26d19 rtc: max31335: Fix ignored return value in set_alarm f67ae28e9ac3 rtc: gamecube: Check the return value of ioremap() 0c1239fb5c42 drm/amdkfd: Use huge page size to check split svm range alignment 4058530b4294 ALSA: uapi: Fix typo in asound.h comment d8fae0475d95 dma/pool: eliminate alloc_pages warning in atomic_pool_expand bfef208916d7 i2c: spacemit: fix detect issue 581a9f4c1cd8 docs: hwmon: fix link to g762 devicetree binding f81f7e1344c4 gpio: tb10x: fix OF_GPIO dependency 829adc469a18 nfs/localio: remove 61 byte hole from needless ____cacheline_aligned 1959d1265e24 nfs/localio: remove alignment size checking in nfs_is_local_dio_possible 5dfdc0ba0544 cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 c61af12157ef cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB1 ec8ccaa4d33e drm/nouveau: fix circular dep oops from vendored i2c encoder 731e1beb10c4 drm/nouveau: refactor deprecated strcpy cdda0d06f865 ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events 8fee481ee6c0 regulator: fixed: Rely on the core freeing the enable GPIO bc6761c02255 drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() 0e777da54152 io_uring/kbuf: use READ_ONCE() for userspace-mapped memory 6a960b58df61 nvme-auth: use kvfree() for memory allocated with kvcalloc() 7193407bc445 block: fix memory leak in __blkdev_issue_zero_pages 2864db01b3e5 block: fix comment for op_is_zone_mgmt() to include RESET_ALL 0accacccba19 drm/panel: novatek-nt35560: avoid on-stack device structure 7b9187711394 blk-mq: Abort suspend when wakeup events are pending 6acd144fa8b1 f2fs: revert summary entry count from 2048 to 512 in 16kb block support 9a3192f81819 ASoC: ak5558: Disable regulator when error happens a15353ac167f ASoC: ak4458: Disable regulator when error happens a52d027b4d6b ASoC: amd: acp: Audio is not resuming after s0ix 488ef9dd5c09 ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() 2606e7e090fe platform/x86: asus-wmi: use brightness_set_blocking() for kbd led c3430e94a0a2 fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() 6d335d8a26bf NFS: Fix inheritance of the block sizes when automounting df9b003a2eca NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags c30cb13edcbf Revert "nfs: ignore SB_RDONLY when mounting nfs" 10d58baf7d0e Revert "nfs: clear SB_RDONLY before getting superblock" 699e32e42faf Revert "nfs: ignore SB_RDONLY when remounting nfs" c646ebff3fa5 drm/panthor: Prevent potential UAF in group creation 38694f9aae00 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid a7d914e1f9b4 NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state 97b93a595be0 NFS: Initialise verifiers for visible dentries in nfs_atomic_open() 32b7ba23b4df NFS: Initialise verifiers for visible dentries in readdir and lookup 4836f912acc7 fs/nls: Fix utf16 to utf8 conversion f0f456c327f5 NFS: Avoid changing nlink when file removes and attribute updates race 530f1ba28793 kbuild: install-extmod-build: Properly fix CC expansion when ccache is used 2e1c79299036 rtc: amlogic-a4: fix double free caused by devm b18d3c3ce852 f2fs: maintain one time GC mode is enabled during whole zoned GC cycle 52eb1c76c0dc platform/x86:intel/pmc: Update Arrow Lake telemetry GUID 41a59772b500 sched/core: Fix psi_dequeue() for Proxy Execution 8061d3b7bb91 sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out fe9a3154bb5b 9p: fix cache/debug options printing in v9fs_show_options 15a6572117f0 fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() 850f134a4c81 perf stat: Allow no events to open if this is a "--null" run b9ceff1ca3ef pinctrl: single: Fix incorrect type for error return variable 654841dd211b perf hist: In init, ensure mem_info is put on error paths badf751a785d perf kvm: Fix debug assertion 501a16c1ddb2 perf tools: Fix split kallsyms DSO counting 30f874b8a92f perf tools: Mark split kallsyms DSOs as loaded 88fc3dd6e631 exfat: fix divide-by-zero in exfat_allocate_bitmap d009ff8959d2 exfat: fix refcount leak in exfat_find bd4da8f59dbb perf jitdump: Add sym/str-tables to build-ID generation 3ed6c458530a net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop 1ce413fd4d04 net: dsa: xrs700x: reject unsupported HSR configurations 4a7f375f625d net: hsr: create an API to get hsr port type b07e2f191d88 net: dsa: b53: fix BCM5325/65 ARL entry VIDs 0d0116335eba net: dsa: b53: fix BCM5325/65 ARL entry multicast port masks 8e881dfd5255 net: dsa: b53: add support for bcm63xx ARL entry format e5a6a2475901 net: dsa: b53: fix CPU port unicast ARL entries for BCM5325/65 e23860a4bf1e net: dsa: b53: use same ARL search result offset for BCM5325/65 c15c2c2b72ac net: dsa: b53: add support for 5389/5397/5398 ARL entry format 4e8f43e63878 net: dsa: b53: move ARL entry functions into ops struct e0c63c85e007 net: dsa: b53: split reading search entry into their own functions f3affeb3c7d0 net: dsa: b53: provide accessors for accessing ARL_SRCH_CTL 5e86ebfb4306 net: dsa: b53: move writing ARL entries into their own functions ed2f26bf281b net: dsa: b53: move reading ARL entries into their own function 397fdaf790ce net: dsa: b53: b53_arl_read{,25}(): use the entry for comparision 6f2311c6cb9f net: dsa: b53: fix extracting VID from entry for BCM5325/65 c25b00402080 net: dsa: b53: fix VLAN_ID_IDX write size for BCM5325/65 210226ce6ca6 um: Disable KASAN_INLINE when STATIC_LINK is selected 0a1254e59754 smb: client: relax WARN_ON_ONCE(SMBDIRECT_SOCKET_*) checks in recv_done() and smbd_conn_upcall() 7c4f55905cfb smb: server: relax WARN_ON_ONCE(SMBDIRECT_SOCKET_*) checks in recv_done() and smb_direct_cm_handler() 7d077222555e smb: smbdirect: introduce SMBDIRECT_CHECK_STATUS_{WARN,DISCONNECT}() c9ae2463c529 smb: smbdirect: introduce SMBDIRECT_DEBUG_ERR_PTR() helper 36c6c788173e clk: keystone: fix compile testing 61e684ef4c2b md/raid5: fix IO hang when array is broken with IO inflight de4a27113099 remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs 14980281ebff rqspinlock: Use trylock fallback when per-CPU rqnode is busy 43b6c312b8ff rqspinlock: Enclose lock/unlock within lock entry acquisitions 03ee076352cf mtd: lpddr_cmds: fix signed shifts in lpddr_cmds 760bc6ceda8e net: netpoll: initialize work queue before error checks 4cc8dd1aafac selftests: bonding: add delay before each xvlan_over_bond connectivity check f61d6d4e1508 net: phy: aquantia: check for NVMEM deferral cadb28f8b3fd landlock: Fix handling of disconnected directories addbb8ddb443 vfio/pci: Use RCU for error/request triggers to avoid circular locking 3e2fc1e57a53 arm64/pageattr: Propagate return value from __change_memory_common 81841da1f30f spi: ch341: fix out-of-bounds memory access in ch341_transfer_one 44309fda9c60 mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors 3a11d8ae00c9 net: stmmac: fix rx limit check in stmmac_rx_zc() 4ac26aafdc8c net: vxlan: prevent NULL deref in vxlan_xmit_one 6d080f810ffd iavf: Implement settime64 with -EOPNOTSUPP 77ea3d8ac3d3 netfilter: nft_connlimit: update the count if add was skipped f6904ed15ed1 netfilter: nf_conncount: rework API to use sk_buff directly 87a453f31c63 netfilter: flowtable: check for maximum number of encapsulations in bridge vlan 3c0493f81dfa Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" f2888bfb9003 arm64: dts: mediatek: mt8195: Fix address range for JPEG decoder core 1 64099b5c0aeb regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex ed3cc640b4f1 ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend b4eb208dee57 ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend ad3e7ec8e21e ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend 104a6ed7a4c0 ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend 1f11f4e8b7f7 soc: samsung: exynos-pmu: Fix structure initialization 749c2b72a2ba spi: airoha-snfi: en7523: workaround flash damaging if UART_TXD was short to GND a2f79598c6c1 ASoC: Intel: catpt: Fix error path in hw_params() 9223cdb994d9 virtio: clean up features qword/dword terms ce46f6a8d624 vdpa/pds: use %pe for ERR_PTR() in event handler registration 09853ba0977f vhost: Fix kthread worker cgroup failure handling ba8a48b7be20 vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues d94497989a9c virtio: fix map ops comment 99ae54bbb475 virtio: fix virtqueue_set_affinity() docs 5fdd8443c0a4 virtio: standardize Returns documentation style ed4dade6223d virtio: fix grammar in virtio_map_ops docs 6c5dfc6f33de virtio: fix grammar in virtio_queue_info docs e3e6c543e695 virtio: fix whitespace in virtio_config_ops 201ca193b492 virtio: fix typo in virtio_device_ready() comment a8d39a172781 virtio: fix kernel-doc for mapping/free_coherent functions 3c30975c9aba virtio_vdpa: fix misleading return in void function 1b70f280c39e of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node 2a3f91ef20ec selftests/net: packetdrill: pass send_omit_free to MSG_ZEROCOPY tests a537ffa7f44b ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation f0022551745d bpf: Fix exclusive map memory leak c1b149b698e2 selftests/landlock: Fix makefile header list 4e2a8fb1ce6c ublk: prevent invalid access with DEBUG 7639d3983166 ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 17fc4443ee12 hwmon: sy7636a: Fix regulator_enable resource leak on error path 627a55ec0039 drm/amdkfd: assign AID to uuid in topology for SPX mode 843bdaf0bfdd drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() 2f4f72e580b5 misc: rp1: Fix an error handling path in rp1_probe() e901d77f8994 fs: lift the FMODE_NOCMTIME check into file_update_time_flags eda80f733fbd fs: refactor file timestamp update logic 2f62a4e39588 greybus: gb-beagleplay: Fix timeout handling in bootloader functions c9083b2fce6b firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER ee0fa63171ba ASoC: fsl_xcvr: clear the channel status control memory 49e7347f4644 gfs2: Prevent recursive memory reclaim 79bc3bdf36bc ASoC: nau8325: add missing build config 1123b37d8947 ASoC: codecs: nau8325: Silence uninitialized variables warnings 4876a36bc639 ASoC: nau8325: use simple i2c probe function 110337fa5f06 clocksource/drivers/nxp-stm: Prevent driver unbind 755927ae1769 clocksource/drivers/nxp-stm: Fix section mismatches 7da0b7f66a20 clocksource/drivers/nxp-pit: Prevent driver unbind 364752785f7d clocksource/drivers/arm_arch_timer_mmio: Prevent driver unbind 9876d55a0445 clocksource/drivers/stm: Fix double deregistration on probe failure cbc8d54c7313 clocksource/drivers/ralink: Fix resource leaks in init error path 0a3d0e948663 drm/panthor: Avoid adding of kernel BOs to extobj list 46cd9849e520 arm64: dts: amlogic: meson-g12b: Fix L2 cache reference for S922X CPUs 73573f7e5284 RDMA/irdma: Fix SRQ shadow area address initialization 63f755a2ef55 RDMA/irdma: Remove doorbell elision logic 951870eee2dc RDMA/irdma: Do not set IBK_LOCAL_DMA_LKEY for GEN3+ aac0552d66c2 RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY 4b71f69c4914 RDMA/irdma: Add missing mutex destroy b0258b9ecbc0 RDMA/irdma: Fix SIGBUS in AEQ destroy e0331f477c19 RDMA/irdma: Add a missing kfree of struct irdma_pci_f for GEN2 4b8abcc87373 RDMA/irdma: Fix data race in irdma_free_pble 118894098d4e RDMA/irdma: Fix data race in irdma_sc_ccq_arm cefb67ea27f9 iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal 57c6cea2073c backlight: lp855x: Fix lp855x.h kernel-doc warnings 08c9dc6b0f2c backlight: led-bl: Add devlink to supplier LEDs ad26a7ef0488 wifi: ieee80211: correct FILS status codes c67775cf0da2 iomap: allocate s_dio_done_wq for async reads as well 74c0c1af04ee iomap: always run error completions in user context f8a794ea740d um: Don't rename vmap to kernel_vmap 60ac9e5820b9 drm/nouveau: restrict the flush page to a 32-bit address 644ddd0d96d1 PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition f5190da518be btrfs: fix leaf leak in an error path in btrfs_del_items() d65f49f772cf btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() 742b90eaf394 btrfs: fix racy bitfield write in btrfs_clear_space_info_full() 364685c4c2d9 btrfs: fix double free of qgroup record after failure to add delayed ref head 3b796d3f16c1 selftests/bpf: Allow selftests to build with older xxd 489a8f559faf bpftool: Allow bpftool to build with openssl < 3 3d12cc5d13f6 iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables 56296da5e6bf staging: fbtft: core: fix potential memory leak in fbtft_probe_common() 1bdf06f25a49 firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc 4d42aba0ee49 mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() f4c57afff3b0 wifi: mt76: mt7996: Add missing locking in mt7996_mac_sta_rc_work() abdedd46dc58 wifi: mt76: mt7996: skip ieee80211_iter_keys() on scanning link remove c319967690d4 wifi: mt76: mt7996: skip deflink accounting for offchannel links 70656b45467c wifi: mt76: Move mt76_abort_scan out of mt76_reset_device() 46f0648e261c wifi: mt76: mt7996: grab mt76 mutex in mt7996_mac_sta_event() b4b789d24319 wifi: mt76: mt7996: fix EMI rings for RRO 1a4b481a21ae wifi: mt76: mt7996: fix using wrong phy to start in mt7996_mac_restart() 7d6cd8f51ad8 wifi: mt76: mt7996: fix MLO set key and group key issues 9a43ed9ab800 wifi: mt76: mt7996: fix MLD group index assignment e5c42efeb162 wifi: mt76: mt7996: set link_valid field when initializing wcid d64e6f27260e wifi: mt76: mt7996: fix teardown command for an MLD peer ee94375d06b5 wifi: mt76: mt7996: fix several fields in mt7996_mcu_bss_basic_tlv() 95bb36f8d6b3 wifi: mt76: mt7996: fix implicit beamforming support for mt7992 74bb080717a3 wifi: mt76: mt7996: fix max nss value when getting rx chainmask 2cde732373a7 Revert "wifi: mt76: mt792x: improve monitor interface handling" d2d11298dfc3 wifi: mt76: mt7996: Remove useless check in mt7996_msdu_page_get_from_cache() d582d0e988d6 wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks cbeca0b7ea20 wifi: mt76: mt7996: Remove unnecessary link_id checks in mt7996_tx b8f34c1c5c4f wifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx() 791520a8e54e ASoC: tas2781: correct the wrong period 23ca40088490 ASoC: tas2781: Correct the wrong chip ID for reset variable check fd9c3a1c963f crypto: ahash - Zero positive err value in ahash_update_finish aa9dc3d80dd5 crypto: ahash - Fix crypto_ahash_import with partial block data ce649d74650a RDMA/bnxt_re: Pass correct flag for dma mr creation 32fdf021f6c9 RDMA/bnxt_re: Fix the inline size for GenP7 devices 620472e6b303 erofs: limit the level of fs stacking for file-backed mounts 46198ad00429 erofs: correct FSDAX detection 1fa7e6e78bd6 RISC-V: KVM: Fix guest page fault within HLV* instructions 469b0b8ce088 PM / devfreq: hisi: Fix potential UAF in OPP handling 2873d804b4f3 crypto: ccree - Correctly handle return of sg_nents_for_len 9b3f71cf02e0 crypto: starfive - Correctly handle return of sg_nents_for_len a6c22c91b628 bpf: properly verify tail call behavior 982ef82af998 selftests/bpf: Update test_tag to use sha256 a8cf555fd773 selftests/bpf: Improve reliability of test_perf_branches_no_hw() 833e49fa2dd4 selftests/bpf: skip test_perf_branches_hw() on unsupported platforms 93787117dcf1 regulator: pca9450: Fix error code in probe() 442f55d47d58 usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE dda165e3be9d usb: dwc2: fix hang during suspend if set as peripheral cc0d2b85447c usb: dwc2: fix hang during shutdown if set as peripheral 3681b60224e8 usb: chaoskey: fix locking for O_NONBLOCK 32952c4f4d1b ima: Handle error code returned by ima_filter_rule_match() 97ee9b4f32c8 rtla: Fix -a overriding -t argument 93409bddc50b rtla/tests: Fix osnoise test calling timerlat 89f6fb920e2c rtla/tests: Extend action tests to 5s 22b5096abc98 RAS: Report all ARM processor CPER information to userspace 5ebf0fe7eaef wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() ee5b0b28c993 clk: spacemit: Set clk_hw_onecell_data::num before using flex array 04c79e05e13c cpuset: Treat cpusets in attaching as populated 872b3ffc5107 net: phy: adin1100: Fix software power-down ready condition 59bea0e26b8c selftests/bpf: Use ASSERT_STRNEQ to factor in long slab cache names 340a73d8b664 ASoC: SDCA: Fix missing dash in HIDE DisCo property fd6835c98ea6 phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits 348c9b3d47a6 phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth 26efe0db47e5 phy: rockchip: samsung-hdptx: Fix reported clock rate in high bpc mode a614c316a8c2 phy: freescale: Initialize priv->lock b36ba24f7d6d phy: rockchip: naneng-combphy: Fix PCIe L1ss support RK3562 c6dda44381ed phy: rockchip: naneng-combphy: Fix PCIe L1ss support RK3528 97525d3a7f8b phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() ae5f4c7397d0 leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM 0d8e2c04a2ec of/fdt: Fix incorrect use of dt_root_addr_cells in early_init_dt_check_kho() 38c8c945c2c2 of/fdt: Fix the len check in early_init_dt_check_for_usable_mem_range() f326efdcab7f of/fdt: Fix the len check in early_init_dt_check_for_elfcorehdr() 7045d5970e16 of/fdt: Consolidate duplicate code into helper functions d0482ca91d76 mfd: mt6358-irq: Fix missing irq_domain_remove() in error path f620f2a12012 mfd: mt6397-irq: Fix missing irq_domain_remove() in error path f75dc8cb4117 tools/rtla: Fix --on-threshold always triggering efdb8e298907 tools/rtla: Fix unassigned nr_cpus a6fb8785b179 wifi: mac80211: fix CMAC functions not handling errors 055e892aac14 iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb 3cf1f2364849 iommu/vt-d: Set INTEL_IOMMU_FLOPPY_WA depend on BLK_DEV_FD 6fccca4dbebc net: phy: realtek: create rtl8211f_config_rgmii_delay() 5fa1c8226b45 scsi: qla2xxx: Fix improper freeing of purex item 638779b17521 scsi: ufs: rockchip: Reset controller on PRE_CHANGE of hce enable notify f4b45dc5eeb3 pwm: bcm2835: Make sure the channel is enabled after pwm_request() 1ade1edef373 perf arm_spe: Fix memset subclass in operation 3e5b25da0b41 ipv6: clear RA flags when adding a static route 77d179867bcc spi: sophgo: Fix incorrect use of bus width value macros d8995c4d86ac drm/msm/a6xx: Improve MX rail fallback in RPMH vote init e24720c82338 drm/msm/a6xx: Fix the gemnoc workaround 45ca97e4ec9b drm/msm/a6xx: Flush LRZ cache before PT switch 295ba29e49f6 drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue 4a3a5c2e93c7 fs/ntfs3: Prevent memory leaks in add sub record 169361f0e0bc fs/ntfs3: out1 also needs to put mi 11e221124be0 net: stmmac: Fix VLAN 0 deletion in vlan_del_hw_rx_fltr() 6b405443b6ab powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format 1fcbf18558c5 powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit 2579c356ccd3 bpf: Fix invalid prog->stats access when update_effective_progs fails 26815698b6fb net: stmmac: dwmac-sophgo: Add phy interface filter d2b57ba17164 net: phy: Add helper for fixing RGMII PHY mode based on internal mac delay c9d1c4152e6d wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() 9ea941e8bba6 PCI: stm32: Fix EP page_size alignment 0e82816b6896 PCI: stm32: Fix LTSSM EP race with start link 7b1e3cb2070e drm/msm/a2xx: stop over-complaining about the legacy firmware 966fcbb8c803 drm/msm: fix missing NULL check after kcalloc in crashstate_get_bos() 0bc9149da210 drm/msm: Fix NULL pointer dereference in crashstate_get_vm_logs() d36f07b8e590 block/blk-throttle: Fix throttle slice time for SSDs e5e0f94996f0 arm64: dts: imx95-tqma9596sa: reduce maximum FlexSPI frequency to 66MHz 8f1db86ea95c arm64: dts: imx95-tqma9596sa: fix TPM5 pinctrl node name f677cd77319b NFSD/blocklayout: Fix minlength check in proc_layoutget bc2b1bbc0329 tracefs: fix a leak in eventfs_create_events_dir() 30db8309b703 fuse_ctl_add_conn(): fix nlink breakage in case of early failure e1cc8886b628 iio: core: Clean up device correctly on iio_device_alloc() failure 97d817c11450 iio: core: add missing mutex_destroy in iio_dev_release() 4d9bebb2e9b6 watchdog: starfive: Fix resource leak in probe error path e2b25922e566 watchdog: wdat_wdt: Fix ACPI table leak in probe function ab3e7a78d83a mshv: Fix create memory region overlap check 380805973808 mshv: Fix deposit memory in MSHV_ROOT_HVCALL 942268e2726a bpf: Check skb->transport_header is set in bpf_skb_check_mtu 59bad3c98cad selftests/bpf: Fix failure paths in send_signal test 7547576c6209 bpf: Handle return value of ftrace_set_filter_ip in register_fentry 4a9b0581757a bpf: Prevent nesting overflow in bpf_try_get_buffers 6394fc65d7bc kbuild: don't enable CC_CAN_LINK if the dummy program generates warnings 07cfb9c3f6d0 PCI: Prevent resource tree corruption when BAR resize fails 020ecb16e578 soc/tegra: fuse: speedo-tegra210: Update speedo IDs 9c58e23af951 ps3disk: use memcpy_{from,to}_bvec index 7102ea1e816a drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype 41ba9d25d965 arm64: dts: qcom: qrb2210-rb1: Fix UART3 wakeup IRQ storm 036bae52e5c1 pwm: Use %u to printf unsigned int pwm_chip::npwm and pwm_chip::id a2fb63bc252a pwm: Simplify printf to emit chip->npwm in $debugfs/pwm 13dcd6308cb8 s390/fpu: Fix false-positive kmsan report in fpu_vstl() 94a9c0c42cce crypto: iaa - Fix incorrect return value in save_iaa_wq() 42a2a70a12e4 arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C 63d98a936f0f arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A 3eeb44415063 arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A ee6dda36b499 soc: renesas: rz-sysc: Populate readable_reg/writeable_reg in regmap config 58f2087a7ccd soc: renesas: r9a09g056-sys: Populate max_register 59a8b59c5a49 PCI: keystone: Exit ks_pcie_probe() for invalid mode 4a03d69cece1 bpf: Free special fields when update [lru_,]percpu_hash maps 2f13baf62bbd accel/amdxdna: Fix deadlock between context destroy and job timeout 677b91705b35 accel/amdxdna: Clear mailbox interrupt register during channel creation 8e2121a40c39 arm64/mm: Allow __create_pgd_mapping() to propagate pgtable_alloc() errors 659dd9c8cd59 leds: netxbig: Fix GPIO descriptor leak in error paths 54a7e8311274 scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls 5c1fb3fd05da scsi: qla2xxx: Clear cmds after chip reset b47b1e1889c8 ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() d7ea2b4d0b70 ocfs2: use correct endian in ocfs2_dinode_has_extents e5c52c320577 ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() e0a7eab9165a lib/vsprintf: Check pointer before dereferencing in time_and_date() 8cacdb0f0bca clk: renesas: r9a06g032: Fix memory leak in error path 0dcbf7d6e901 clk: renesas: r9a09g077: Propagate rate changes to parent clocks 4dd34a24b68e drm/tidss: Move OLDI mode validation to OLDI bridge mode_valid hook b1d4bb43691c drm/tidss: Remove max_pclk_khz and min_pclk_khz from tidss display features b2abcb89865b perf tools: Fix missing feature check for inherit + SAMPLE_READ e485e76864b6 coresight: etm4x: Properly control filter in CPU idle with FEAT_TRF 2daa7706a000 coresight: etm4x: Add context synchronization before enabling trace 352faa1d6387 coresight: etm4x: Correct polling IDLE bit 9698a89977fb coresight: etm3x: Always set tracer's device mode on target CPU e45178e98848 coresight: etm4x: Always set tracer's device mode on target CPU 4305e94270fa coresight: Change device mode to atomic type 192e8ce302f1 fs/ntfs3: Initialize allocated memory before use 4717e7860649 io_uring/zcrx: call netdev_queue_get_dma_dev() under instance lock de11c3e5908b net: export netdev_get_by_index_lock() c9e805f6a35d nbd: defer config unlock in nbd_genl_connect 51b823d7723f wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() 48a7d427eb65 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse 74e9f302f31f powerpc/32: Fix unpaired stwcx. on interrupt exit f834bd9fb83e powerpc/kdump: Fix size calculation for hot-removed memory ranges 990016bd5d02 cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs 9d37fe37dfa0 md: init bioset in mddev_init a66e5f556bd7 md: delete md_redundancy_group when array is becoming inactive cd2898f0fd8e scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() ee8b0b284ccf drm/panthor: Fix potential memleak of vma structure ab5e8ebeee1c ntfs3: init run lock for extend inode d0c9effd82f2 coresight: tmc: add the handle of the event to the path 131097fe8b7d ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties 8ccdf3a6cde1 RDMA/rtrs: server: Fix error handling in get_or_create_srv 83f23bf28e1b dt-bindings: PCI: amlogic: Fix the register name of the DBI region 986d67f2d72a iio: imu: bmi270: fix dev_err_probe error msg e463548fd80e staging: most: remove broken i2c driver 1a5c5a2f88e8 scsi: smartpqi: Fix device resources accessed after device removal f7c6c26a9977 scsi: stex: Fix reboot_notifier leak in probe error path 742012f6bf29 nbd: defer config put in recv_work f0fae1debeb9 md: avoid repeated calls to del_gendisk f98b191f7812 md: fix rcu protection in md_wakeup_thread 59392f424f84 md: delete mddev kobj before deleting gendisk kobj 10be1301ae69 regulator: core: disable supply if enabling main regulator fails 16d8e53a8f78 perf/x86/intel: Correct large PEBS flag check 6b089028bff1 perf/x86: Fix NULL event access and potential PEBS record loss e2a1f510e599 io_uring: use WRITE_ONCE for user shared memory b9422f46d9c5 arm64: dts: rockchip: Fix USB Type-C host mode for Radxa ROCK 5B+/5T 40a1e0142096 hfs: fix potential use after free in hfs_correct_next_unused_CNID() ba2726d43d3b accel/amdxdna: Fix dma_fence leak when job is canceled c94c069c0b12 ext4: correct the checking of quota files before moving extents c7ca777c5879 wifi: ath12k: Fix timeout error during beacon stats retrieval 9922a95abfc1 mfd: da9055: Fix missing regmap_del_irq_chip() in error path 87cc6fe79c3e wifi: rtw89: usb: fix leak in rtw89_usb_write_port() bcf44fe565bf wifi: rtw89: usb: use common error path for skbs in rtw89_usb_rx_handler() 9253f39bcf9a locktorture: Fix memory leak in param_set_cpumask() a89d6e83f0e8 efi/libstub: Fix page table access in 5-level to 4-level paging transition ac3cd83b02c7 x86/boot: Fix page table access in 5-level to 4-level paging transition cda077a19f5c coresight: ETR: Fix ETR buffer use-after-free issue 414c982faffa arm64: tegra: Add pinctrl definitions for pcie-ep nodes 040ce00735c1 entry,unwind/deferred: Fix unwind_reset_info() placement a1b7235ba438 ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible ecd2c6686f49 ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible 97f035128363 ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels 29e886ee371b ARM: dts: am33xx: Add missing serial console speed b454e6282cbf libbpf: Fix parsing of multi-split BTF 01bbf25c7672 spi: tegra210-quad: Fix timeout handling 83143f9df885 cleanup: fix scoped_class() 0ec4aaf5f3f5 iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show e31c902d7854 ns: initialize ns_list_node for initial namespaces ad804f43873a ns: add NS_COMMON_INIT() 6a6f1e983edc firmware: ti_sci: Set IO Isolation only if the firmware is capable 0612704b6f6d drm/panthor: Fix UAF on kernel BO VA nodes 05bfa79dec11 drm/panthor: Fix race with suspend during unplug 6c1da9ae2c12 drm/panthor: Fix UAF race between device unplug and FW event processing 1ec19ea88284 drm/panthor: Fix group_free_queue() for partially initialized queues 1292bd488a81 drm/panthor: Handle errors returned by drm_sched_entity_init() 1254303ef82c fs/9p: Don't open remote file with APPEND mode when writeback cache is used 8d11a6c811a5 scsi: target: Fix LUN/device R/W and total command stats e4a462b4e996 scsi: target: Do not write NUL characters into ASCII configfs output fb8f2b55a101 power: supply: apm_power: only unset own apm_get_power_status 69675b2d6041 power: supply: qcom_battmgr: support disabling charge control 2614ebcf2bca power: supply: qcom_battmgr: clamp charge control thresholds eade8ea73b91 power: supply: wm831x: Check wm831x_set_bits() return value a77929363637 power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() 52d3f2076122 power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() 1cea1ca5e8d4 power: supply: max17040: Check iio_read_channel_processed() return code 97ec116a7e57 power: supply: cw2015: Check devm_delayed_work_autocancel() return code 8c473255e5ee power: supply: rt5033_charger: Fix device node reference leaks d4b3a4c2aa7b timers/migration: Fix imbalanced NUMA trees cc25b81fe0ea timers/migration: Remove locking on group connection e21665bac15c timers/migration: Convert "while" loops to use "for" d7eaed82c21e clk: qcom: tcsrcc-glymur: Update register offsets for clock refs d733e1e6ed71 perf record: skip synthesize event when open evsel failed 8d88ab9f2088 perf lock contention: Load kernel map before lookup 76103ac4b4b9 drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() d41ba8c6f667 cgroup: add cgroup namespace to tree after owner is set e620258d7d5e arm64: dts: renesas: sparrow-hawk: Fix full-size DP connector node name and labels 18fe7b456f99 interconnect: debugfs: Fix incorrect error handling for NULL path 14700e6b28f3 accel/amdxdna: Fix incorrect command state for timed out job 30f32fa4d233 arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller 3fcb47f405e9 interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS e442e820e953 wifi: ath12k: unassign arvif on scan vdev create failure 41b623129175 wifi: ath12k: enforce vdev limit in ath12k_mac_vdev_create() 4f93750fa588 wifi: ath12k: fix error handling in creating hardware group 36faecac7a2c wifi: ath12k: fix reusing m3 memory d0bb3db7b295 wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() cbd5021199db random: use offstack cpumask when necessary 8ddff9989f06 i3c: master: svc: Prevent incomplete IBI transaction c704ccb558ee i3c: fix refcount inconsistency in i3c_master_register 670b96964730 arm64: dts: ti: k3-j784s4: Fix I2C pinmux pull configuration ae7a542dbab5 pidfs: add missing BUILD_BUG_ON() assert on struct pidfd_info eab1b59664ee pidfs: add missing PIDFD_INFO_SIZE_VER1 d71333ffdd37 accel/ivpu: Fix race condition when unbinding BOs 48efc0303ac9 drm: nova: select NOVA_CORE 3dc8f5c1956b pinctrl: stm32: fix hwspinlock resource leak in probe function 921eed200c8f soc: qcom: smem: fix hwspinlock resource leak in probe error paths 4e45bd3f95fa clk: qcom: gcc-qcs615: Update the SDCC clock to use shared_floor_ops aa857ba3ef52 tools/nolibc/dirent: avoid errno in readdir_r 35eb1ae22c79 tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set 22da82674af6 accel/ivpu: Remove skip of dma unmap for imported buffers d53bfb48f6d0 x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() 390a08dd68e6 drm/rcar-du: dsi: Fix missing parameter in RXSETR_...EN macros 5b56a1234223 task_work: Fix NMI race condition 75446d62696c perf/x86/intel/cstate: Remove PC3 support from LunarLake 4669a8db976c bpf: Fix stackmap overflow check in __bpf_get_stackid() 8fc78e468f9e bpf: Refactor stack map trace depth calculation into helper function 8f4e27e87096 mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove 34de3867bdfd mtd: nand: relax ECC parameter validation check af76d442a543 Revert "mtd: rawnand: marvell: fix layouts" 1564c04afa92 wifi: iwlwifi: mld: add null check for kzalloc() in iwl_mld_send_proto_offload() 3e3cb7625176 drm/amdgpu/userq: fix SDMA and compute validation 77ac34b838e2 drm/amdgpu: add userq object va track helpers ee3ff9742a44 ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties 479a71edb7b3 ARM: dts: renesas: gose: Remove superfluous port property bc4c14a3863c RDMA/rxe: Fix null deref on srq->rq.queue after resize failure a10b6eb5c5e5 arm64: dts: qcom: qcm2290: Fix camss register prop ordering 7a26bcbe469c sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). 2cf1278e942b phy: mscc: Fix PTP for VSC8574 and VSC8572 cc12e90519c2 perf hwmon_pmu: Fix uninitialized variable warning bd55d0019067 arm64: dts: qcom: sm8250-samsung-common: correct reserved pins 21c7d04fa88d arm64: dts: qcom: sdm845-starqltechn: Fix i2c-gpio node name 20d56cf50da2 arm64: dts: qcom: sc8280xp: Fix shifted GPI DMA channels a2d1270ee7ef arm64: dts: qcom: x1-dell-thena: remove dp data-lanes e4badd5c24f7 arm64: dts: qcom: x1-dell-thena: Add missing pinctrl for eDP HPD f8d49ad15f58 arm64: dts: qcom: qcm6490-shift-otter: Add missing reserved-memory d30ffee3c9f8 arm64: dts: qcom: sm8750-mtp: move PCIe GPIOs to pcieport0 node 436017ec6bee arm64: dts: qcom: sm8650: set ufs as dma coherent d9360ce07ea1 arm64: dts: qcom: qcm6490-fairphone-fp5: Add supplies to simple-fb node 63f8119b2ca1 arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider f4e3cbc96b86 arm64: dts: qcom: sdm845-starqltechn: fix max77705 interrupts ff24f6314f1c arm64: dts: qcom: sdm845-starqltechn: remove (address|size)-cells 6044e4081959 tools/nolibc: x86: fix section mismatch caused by asm "mem*" functions b5cc20b665cf arm64: dts: qcom: lemans: Add missing quirk for HS only USB controller 7ecbc8f8b2da arm64: dts: qcom: x1e80100: Add missing quirk for HS only USB controller ca3630751d7f arm64: dts: qcom: x1e80100: Fix compile warnings for USB HS controller a705920161fb firmware: imx: scu-irq: fix OF node leak in 01caee81ca7b arm64: dts: ti: k3-am62p: Fix memory ranges for GPU b8b3bdfb1076 PCI: endpoint: pci-epf-test: Fix sleeping function being called from atomic context 2f902d08e1f3 leds: upboard: Fix module alias c91eee346089 ice: remove duplicate call to ice_deinit_hw() on error paths ac4d0d4c469c ice: move ice_deinit_dev() to the end of deinit paths 3cef143aba04 ice: extract ice_init_dev() from ice_init() 8cea2a81db58 ice: move ice_init_pf() out of ice_init_dev() 6a7d04909a95 ice: move udp_tunnel_nic and misc IRQ setup into ice_init_pf() 46d0b034b15d ice: ice_init_pf: destroy mutexes and xarrays on memory alloc failure 0380ea173bf9 ice: move ice_init_interrupt_scheme() prior ice_init_pf() fa6626905668 ice: move service task start out of ice_init_pf() 62e122809aed accel/amdxdna: Fix uninitialized return value d0a5b5d56438 wifi: ath12k: restore register window after global reset 04d808a6efb5 tools/power turbostat: Regression fix Uncore MHz printed in hex 0f984f5f8126 s390/ap: Don't leak debug feature files if AP instructions are not available 27c62aeef710 scsi: ufs: core: Move the ufshcd_enable_intr() declaration 1acc6fc225a9 s390/smp: Fix fallback CPU detection 6b1a0da75932 wifi: ath11k: fix peer HE MCS assignment 18d4706956b7 wifi: ath11k: fix VHT MCS assignment 5c75e55e43e8 crypto: hisilicon/qm - restore original qos values b7090a5c1531 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id 599b5f3f4224 soc: qcom: gsbi: fix double disable caused by devm 37b8870d96d4 clk: qcom: camcc-sm7150: Fix PLL config of PLL2 680df1f60e02 clk: qcom: camcc-sm6350: Fix PLL config of PLL2 b2427d5693c3 clk: qcom: gcc-ipq5424: Correct the icc_first_node_id 25dddde65642 clk: qcom: gcc-glymur: Update the halt check flags for pipe clocks 6d9ed274d8da clk: qcom: gcc-sm8750: Add a new frequency for sdcc2 clock 27fa51ddddb3 clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other 69671a253ffe clk: qcom: camcc-sm8550: Specify Titan GDSC power domain as a parent to other 9ff72116e6c8 tty: serial: imx: Only configure the wake register when device is set as wakeup source 78bf5afa25d6 uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe 712102126091 PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 4b9404cc439d arm64: dts: exynos: gs101: fix sysreg_apm reg property 1321c33a8fc5 arm64: dts: exynos: gs101: fix clock module unit reg sizes 9d231ef85d9a perf annotate: Check return value of evsel__get_arch() properly 7ba92dd7206b arm64: dts: imx95-15x15-evk: add fan-supply property for pwm-fan a482d0033916 arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1 7e13775ed0b7 arm64: dts: imx8mp-venice-gw702x: remove off-board uart 152044f4b08d arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl a45df9009fa8 arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props fbea4c63b538 bpf: Do not let BPF test infra emit invalid GSO types to stack 204f13654142 block/mq-deadline: Switch back to a single dispatch list 95b122036d7a block/mq-deadline: Introduce dd_start_request() a43afb170963 PCI: sg2042: Fix a reference count issue in sg2042_pcie_remove() 12b413f5460c crypto: aead - Fix reqsize handling 67c42f3ec0bd perf parse-events: Make X modifier more respectful of groups b346cdd95f7a firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc d98d38c7f8ca iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member fdbf4423bb81 arm64: dts: qcom: ipq5424: correct the TF-A reserved memory to 512K b40a4eb4a054 ntfs3: Fix uninit buffer allocated by __getname() 81ffe9a265df ntfs3: fix uninit memory after failed mi_read in mi_format_new 841b3868a64f crypto: authenc - Correctly pass EINPROGRESS back up to the caller 58c47ba6f329 irqchip: Pass platform device to platform drivers d2e28c3ed2e2 irqchip: Drop leftover brackets defdeae61607 irqchip/qcom-irq-combiner: Fix section mismatch d4caa2df1f08 irqchip/starfive-jh8100: Fix section mismatch 3f1ac747652f irqchip/renesas-rzg2l: Fix section mismatch 60597d44de5f irqchip/imx-mu-msi: Fix section mismatch 99e8c4978410 irqchip/irq-brcmstb-l2: Fix section mismatch 6769909e3ed8 irqchip/irq-bcm7120-l2: Fix section mismatch 2f36222dbc04 irqchip/irq-bcm7038-l1: Fix section mismatch e74c71452437 irqchip/bcm2712-mip: Fix section mismatch 2f525dea50f2 irqchip/bcm2712-mip: Fix OF node reference imbalance 01f109716638 sched/fair: Forfeit vruntime on yield ca2a33cee1ef wifi: ath12k: fix TX and RX MCS rate configurations in HE mode d911fa97dab3 wifi: ath12k: fix VHT MCS assignment ab0554f51e5f wifi: ath12k: Fix MSDU buffer types handling in RX error path 99fc0689a588 wifi: ath11k: restore register window after global reset b1497ea24639 wifi: ath10k: move recovery check logic into a new work 72f8a15524f3 gpu: nova-core: gsp: do not unwrap() SGEntry 5248b34df18c gpu: nova-core: gsp: remove useless conversion 27858e788377 perf parse-events: Fix legacy cache events if event is duplicated in a PMU fe14b92fb97c accel/ivpu: Fix race condition when mapping dmabuf 157d7d16f817 objtool: Fix weak symbol detection bee781b8c03e objtool: Fix standalone --hacks=jump_label 80b75beb1619 remoteproc: imx_rproc: Fix runtime PM cleanup and improve remove path 4e02cff54ba0 HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() ac35eed93429 drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler() b1c7a8145137 clk: renesas: cpg-mssr: Read back reset registers to assure values latched f57b5f2ad106 clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback 1d49bdea86e3 pinctrl: renesas: rzg2l: Fix PMC restore d07b4af12015 ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook e558173196b0 pinctrl: qcom: glymur: Fix the gpio and egpio pin functions 0c1e8e2c6e06 pinctrl: qcom: glymur: Drop unnecessary platform data from match table b5b479a13b90 perf bpf_counter: Fix opening of "any"(-1) CPU events caceff35c24a USB: Fix descriptor count when handling invalid MBIM extended descriptor e506f976c914 tools/nolibc: handle NULL wstatus argument to waitpid() 19e359b18ae3 bpf: Fix handling maps with no BTF and non-constant offsets for the bpf_wq d8edc163ccf5 bpf: Fix sleepable context for async callbacks 20798610f0e2 bpf: Cleanup unused func args in rqspinlock implementation 1f0ca9d3e7c3 drm/vgem-fence: Fix potential deadlock on release ec6ca941783a accel/ivpu: Fix DCT active percent format c9ef5ccd8bd9 accel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context() 94c56e7f63c2 accel/ivpu: Rework bind/unbind of imported buffers f94792340ecc drm/panel: visionox-rm69299: Don't clear all mode flags 28540b8f226b drm/panel: visionox-rm69299: Fix clock frequency for SHIFT6mq 270f4eb14e0f accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail 3bb9d125972c accel/amdxdna: Call dma_buf_vmap_unlocked() for imported object 359653edd537 accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array() 79197c6007f2 gpu: host1x: Fix race in syncpt alloc/free cf008f5bd3d5 smack: fix bug: setting task label silently ignores input garbage 60e8d4998941 smack: fix bug: unprivileged task can create labels 70c5be42f691 smack: fix bug: invalid label of unix socket file f1dbb370eca5 smack: always "instantiate" inode in smack_inode_init_security() 3c4f1ca5bd91 smack: deduplicate xattr setting in smack_inode_init_security() 06025d5e707f smack: deduplicate "does access rule request transmutation" cf036137162c smack: fix bug: SMACK64TRANSMUTE set on non-directory Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 1a98565a4a --------------------------- linux-yocto/6.18: libpf prepare for new glibc Integrating the following commit(s) to linux-yocto/6.18: 1/1 [ Author: Mikhail Gavrilov Email: mikhail.v.gavrilov@gmail.com Subject: libbpf: Fix -Wdiscarded-qualifiers under C23 Date: Sat, 6 Dec 2025 14:28:25 +0500 glibc ≥ 2.42 (GCC 15) defaults to -std=gnu23, which promotes -Wdiscarded-qualifiers to an error. In C23, strstr() and strchr() return "const char *". Change variable types to const char * where the pointers are never modified (res, sym_sfx, next_path). Suggested-by: Florian Weimer Suggested-by: Andrii Nakryiko Signed-off-by: Mikhail Gavrilov Link: https://lore.kernel.org/r/20251206092825.1471385-1-mikhail.v.gavrilov@gmail.com Signed-off-by: Alexei Starovoitov Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: bdecbf350c --------------------------- linux-yocto/6.12: update CVE exclusions (6.12.63) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 10 changes (9 new | 1 updated): - 9 new CVEs: CVE-2025-68687, CVE-2025-68688, CVE-2025-68689, CVE-2025-68690, CVE-2025-68691, CVE-2025-68692, CVE-2025-68693, CVE-2025-68694, CVE-2025-68695 - 1 updated CVEs: CVE-2025-7195 Date: Wed, 24 Dec 2025 04:07:32 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: bc8a080729 --------------------------- linux-yocto/6.12: update to v6.12.63 Updating linux-yocto/6.12 to the latest korg -stable release that comprises the following commits: 567bd8cbc2fe6 Linux 6.12.63 6e611d9cf0723 ASoC: codecs: nau8325: Silence uninitialized variables warnings 5588b7c86efff ALSA: wavefront: Fix integer overflow in sample size validation c0a1fe1902ad2 ALSA: dice: fix buffer overflow in detect_stream_formats() 8404a1b1f5f16 usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required 6c36af8083503 usb: phy: Initialize struct usb_phy list_head 6f31b2ca1e483 usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt 4b89397807eb0 tcp_metrics: use dst_dev_net_rcu() 90c47a1a526c2 net: dst: introduce dst->dev_rcu 8401fe8638491 net: lan743x: Allocate rings outside ZONE_DMA 429bf3f04c24a LoongArch: Add machine_kexec_mask_interrupts() implementation a4b7a958c908a ocfs2: fix memory leak in ocfs2_merge_rec_left() 3873afcb57614 irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() 31ab2aad7a7b7 scsi: imm: Fix use-after-free bug caused by unfinished delayed work 4d7944f49b7cc efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs 448fd9d43a122 efi/cper: Adjust infopfx size to accept an extra space 0294effcc106c efi/cper: Add a new helper function to print bitmasks c3590c7812000 dm log-writes: Add missing set_freezable() for freezable kthread 138603953aab3 dm-raid: fix possible NULL dereference with undefined raid type 49278ca55ccf0 block: return unsigned int from queue_dma_alignment 3baeec23a82e7 block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock 592c4fe953d7d ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() 0d71b3c2ed742 ALSA: firewire-motu: add bounds check in put_user loop for DSP events 5998ad91f8722 rtc: gamecube: Check the return value of ioremap() c5bb128353e12 drm/amdkfd: Use huge page size to check split svm range alignment 79331b0b4df10 ALSA: uapi: Fix typo in asound.h comment fb41332a7a8b5 dma/pool: eliminate alloc_pages warning in atomic_pool_expand b23111ec50d86 docs: hwmon: fix link to g762 devicetree binding 341d5aa3f0592 cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 7cd9ed8132d38 drm/nouveau: refactor deprecated strcpy 6275fd726d53a ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events d532934cf11ad regulator: fixed: Rely on the core freeing the enable GPIO 3371a55632b84 drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() 19478fd933414 nvme-auth: use kvfree() for memory allocated with kvcalloc() 453e4b0c84d0d block: fix memory leak in __blkdev_issue_zero_pages b8da217fc9280 block: fix comment for op_is_zone_mgmt() to include RESET_ALL be83e65542635 blk-mq: Abort suspend when wakeup events are pending 91aa13e108c75 ASoC: ak5558: Disable regulator when error happens 436602fc10f7e ASoC: ak4458: Disable regulator when error happens 7131bff8d2198 ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() 5c51a11c1aee0 platform/x86: asus-wmi: use brightness_set_blocking() for kbd led 76b7524ece4a5 fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() a3dbaa09db4f5 NFS: Fix inheritance of the block sizes when automounting d867a77a939a1 Expand the type of nfs_fattr->valid 612cc98698d66 NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags 2704453bd1fbb Revert "nfs: ignore SB_RDONLY when mounting nfs" 1caf1aa241f7f Revert "nfs: clear SB_RDONLY before getting superblock" acd4088a25800 Revert "nfs: ignore SB_RDONLY when remounting nfs" 59947dff0fb7c NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid fa561b29b7a85 NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state ef97a2a5c1d56 nfs/vfs: discard d_exact_alias() af4c780b9f1fd NFS: Initialise verifiers for visible dentries in nfs_atomic_open() 85d84f6c98fcb NFS: Initialise verifiers for visible dentries in readdir and lookup 0aba4b43a27bf fs/nls: Fix utf16 to utf8 conversion ef7a9c2fae325 NFS: Avoid changing nlink when file removes and attribute updates race dfa39de442ecd f2fs: maintain one time GC mode is enabled during whole zoned GC cycle 3573b62002723 f2fs: add gc_boost_gc_greedy sysfs node 4236c017c4cec f2fs: add gc_boost_gc_multiple sysfs node 4c5181b9e1a99 f2fs: introduce reserved_pin_section sysfs entry d4a4abba45849 f2fs: sysfs: add encoding_flags entry 7cc6b80df66f6 f2fs: add carve_out sysfs node 65e42a7084d1a f2fs: fix to avoid running out of free segments 9933e05f508e0 f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages 58ecedab080c4 f2fs: keep POSIX_FADV_NOREUSE ranges 3e50b6e2b118d platform/x86:intel/pmc: Update Arrow Lake telemetry GUID cee20212a7b09 sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out b15affae51ed9 9p: fix cache/debug options printing in v9fs_show_options d4b20e53b67cc fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() 15a6847f28085 pinctrl: single: Fix incorrect type for error return variable 495f3e9155716 perf hist: In init, ensure mem_info is put on error paths e8097bd44a52d perf tools: Fix split kallsyms DSO counting d6cbe9b36f368 perf tools: Mark split kallsyms DSOs as loaded 0b6216f9b3d1c net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop 2c011aea3d28b net: dsa: xrs700x: reject unsupported HSR configurations dccbe4fab76f1 net: hsr: create an API to get hsr port type ef964411c8ca7 net: hsr: Create and export hsr_get_port_ndev() 57364f7d6d921 net: hsr: remove synchronize_rcu() from hsr_add_port() f906362c605bc net: hsr: remove one synchronize_rcu() from hsr_del_port() b61d747c0a749 clk: keystone: fix compile testing fa73dbe02e052 md/raid5: fix IO hang when array is broken with IO inflight a553e969dc9c4 remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs 6e1acbe563ddd mtd: lpddr_cmds: fix signed shifts in lpddr_cmds bd8bb75d859a1 selftests: bonding: add delay before each xvlan_over_bond connectivity check 0b6795286e7a1 selftests: bonding: add ipvlan over bond testing b7e669dce505a net: phy: aquantia: check for NVMEM deferral 45d7cf5174e4b vfio/pci: Use RCU for error/request triggers to avoid circular locking cad6c0fd6f3c0 spi: ch341: fix out-of-bounds memory access in ch341_transfer_one f6f13e468b725 mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors 7c3ba62a4d29f net: stmmac: fix rx limit check in stmmac_rx_zc() b29ddccf36946 netfilter: nft_connlimit: update the count if add was skipped 3558faee8aace netfilter: nf_conncount: rework API to use sk_buff directly 9f953b045886c netfilter: flowtable: check for maximum number of encapsulations in bridge vlan c80fa09cba1f5 Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" d050ffbf22212 resource: introduce is_type_match() helper and use it 9a15982a2c099 resource: replace open coded resource_intersection() a9864d42ebcdd regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex 2d2fd5b65b1ed ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend bac13d9609b50 ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend 03d6aa9e43d89 ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend 5cc0fd103918c ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend 7be6791043574 spi: airoha-snfi: en7523: workaround flash damaging if UART_TXD was short to GND 9ff7ef2efae33 ASoC: Intel: catpt: Fix error path in hw_params() 7bc42097e9729 vdpa/pds: use %pe for ERR_PTR() in event handler registration 0cea55e0272cb vhost: Fix kthread worker cgroup failure handling 30be771c090a8 vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues 807b0fb13a80a virtio: fix virtqueue_set_affinity() docs 6cdca761ef227 virtio: fix grammar in virtio_queue_info docs bdc76b2c1cf50 virtio: fix whitespace in virtio_config_ops 3a4894736e6b0 virtio: fix typo in virtio_device_ready() comment 5f5cb2c99ae97 virtio_vdpa: fix misleading return in void function 094e8f78c6335 of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node ade5800a8d325 ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation d6d3371611d28 ublk: prevent invalid access with DEBUG 438f9673f3cb1 ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 0927f7b4dcb9d hwmon: sy7636a: Fix regulator_enable resource leak on error path 332825d72dcb3 drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() 1b3eb9500fc55 greybus: gb-beagleplay: Fix timeout handling in bootloader functions 80c2106b09d3b firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER 6f1a1e7b5a48f ASoC: fsl_xcvr: clear the channel status control memory edb2b25561862 gfs2: Prevent recursive memory reclaim ceb8ee5ed4507 ASoC: nau8325: add missing build config 78b923fa3de32 ASoC: nau8325: use simple i2c probe function c59358338c0b9 drm/panthor: Avoid adding of kernel BOs to extobj list 6567f40a75adb RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY ef043432e4ec1 RDMA/irdma: Fix data race in irdma_free_pble abd2675d9aac4 RDMA/irdma: Fix data race in irdma_sc_ccq_arm 64144891d882c iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal 45285d357287b backlight: lp855x: Fix lp855x.h kernel-doc warnings 0e63ea4378489 backlight: led-bl: Add devlink to supplier LEDs 452eec7f208f5 wifi: ieee80211: correct FILS status codes 3b5f35085f815 iomap: always run error completions in user context 133900d61dacd iomap: factor out a iomap_dio_done helper 96eab6610cb3a um: Don't rename vmap to kernel_vmap 168592b56cae4 drm/nouveau: restrict the flush page to a 32-bit address ee1aedaef571f PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition 14dd377ab65f1 btrfs: fix leaf leak in an error path in btrfs_del_items() 1b1284e4f30e8 iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables e0d1555bb0828 staging: fbtft: core: fix potential memory leak in fbtft_probe_common() 50b878db54c85 firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc 278bfed4529a0 mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() 1df9aeb2a4f03 ASoC: tas2781: correct the wrong period 7b5f15a32912f RDMA/bnxt_re: Pass correct flag for dma mr creation c996c81cecb6c RDMA/bnxt_re: Fix the inline size for GenP7 devices 34447aeedbaea erofs: limit the level of fs stacking for file-backed mounts 349f101d3f967 RISC-V: KVM: Fix guest page fault within HLV* instructions 1e38b525909b4 crypto: ccree - Correctly handle return of sg_nents_for_len 0c3854d65cc44 crypto: starfive - Correctly handle return of sg_nents_for_len ef5e709c0494f selftests/bpf: Improve reliability of test_perf_branches_no_hw() 510282952d7c6 selftests/bpf: skip test_perf_branches_hw() on unsupported platforms ef065c4d4a2d8 usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE f8408e1e54dda usb: dwc2: fix hang during suspend if set as peripheral 23c928493dc5d usb: dwc2: fix hang during shutdown if set as peripheral cc9b6180a4c44 usb: dwc2: disable platform lowlevel hw resources during shutdown 1358e9fecb89c usb: chaoskey: fix locking for O_NONBLOCK c2238d487a640 ima: Handle error code returned by ima_filter_rule_match() 2599ad5e33b62 RAS: Report all ARM processor CPER information to userspace 4758770a673c6 wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() a0e2c571e8504 cpuset: Treat cpusets in attaching as populated d8b726ee9d937 net: phy: adin1100: Fix software power-down ready condition 42d6ee65cdc89 phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits 3200ec35a050b phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth 9f23c97c45dd1 phy: freescale: Initialize priv->lock 8fee9a8cb58fa phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() 3c5869f5fd366 leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM 579a91ff0845e mfd: mt6358-irq: Fix missing irq_domain_remove() in error path 80daa408957ac mfd: mt6397-irq: Fix missing irq_domain_remove() in error path 199aea40b8680 wifi: mac80211: fix CMAC functions not handling errors 903e36c9e952f iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb 8e9f0a0717ba3 scsi: qla2xxx: Fix improper freeing of purex item 157cf2b51d74f pwm: bcm2835: Make sure the channel is enabled after pwm_request() 96e436a051993 perf arm_spe: Fix memset subclass in operation c8fe12ed4da96 perf arm-spe: Extend branch operations 03f642caab84b ipv6: clear RA flags when adding a static route a2339a354d115 drm/msm/a6xx: Improve MX rail fallback in RPMH vote init ae43fd9d556ea drm/msm/a6xx: Fix the gemnoc workaround 630f2ce9c7cc6 drm/msm/a6xx: Flush LRZ cache before PT switch 4f4f7b5797883 drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue e5bb424266927 fs/ntfs3: Prevent memory leaks in add sub record c4af1cd7f22a3 fs/ntfs3: out1 also needs to put mi 8d04afc9da642 powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format f6573f4049f78 powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit 539137e3038ce bpf: Fix invalid prog->stats access when update_effective_progs fails ee7db11742b30 wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() 241dcbe651b07 drm/msm/a2xx: stop over-complaining about the legacy firmware de38f64811973 block/blk-throttle: Fix throttle slice time for SSDs bbc709db0ca76 NFSD/blocklayout: Fix minlength check in proc_layoutget 3bcb274a192fc tracefs: fix a leak in eventfs_create_events_dir() 362438cfc52d5 watchdog: starfive: Fix resource leak in probe error path 0c1646149f4ed watchdog: wdat_wdt: Fix ACPI table leak in probe function 30ce906557a21 bpf: Check skb->transport_header is set in bpf_skb_check_mtu ef87c16884126 selftests/bpf: Fix failure paths in send_signal test 027ab4cbe3bd0 bpf: Handle return value of ftrace_set_filter_ip in register_fentry 1dd5d772bcaf8 ps3disk: use memcpy_{from,to}_bvec index a25a953b6911e drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype 33d9ec273d60b crypto: iaa - Fix incorrect return value in save_iaa_wq() 6816cd35ca5aa arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C 7225af2545d77 arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A 117327d2051ae arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A d258d7e5d3c94 PCI: keystone: Exit ks_pcie_probe() for invalid mode 3bf1378747e25 bpf: Free special fields when update [lru_,]percpu_hash maps 345e130c0b28d leds: netxbig: Fix GPIO descriptor leak in error paths 0401a20abbd65 scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls 9b2e70df6dd02 ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() e5c2503696ec2 ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() c2a0862ad4c36 lib/vsprintf: Check pointer before dereferencing in time_and_date() aa07a5df8cf17 clk: renesas: r9a06g032: Fix memory leak in error path 38e5e8b4d645e coresight: etm4x: Add context synchronization before enabling trace 11c5672a04d09 coresight: etm4x: Extract the trace unit controlling bebb32a222280 coresight: etm4x: Correct polling IDLE bit fef8b751d8d05 coresight: Change device mode to atomic type c9b99c948b4fb nbd: defer config unlock in nbd_genl_connect 199c3a2725add wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() 230621ffdb361 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse d8a3693c58ae3 powerpc/32: Fix unpaired stwcx. on interrupt exit d8c573471ec0b powerpc/kdump: Fix size calculation for hot-removed memory ranges 37d511e849139 cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs 90138ed922e57 scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() 98ae4025dea14 drm/panthor: Fix potential memleak of vma structure 6e17555728bc4 ntfs3: init run lock for extend inode 054e5045f1563 ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties 2e2b5aba8ad77 RDMA/rtrs: server: Fix error handling in get_or_create_srv 71786f697121d dt-bindings: PCI: amlogic: Fix the register name of the DBI region eccc02ba17475 scsi: smartpqi: Fix device resources accessed after device removal 8616943e0729a scsi: stex: Fix reboot_notifier leak in probe error path 6b69593f72e1b nbd: defer config put in recv_work 21989cb5034c8 md: fix rcu protection in md_wakeup_thread b991eda2a7f1b regulator: core: disable supply if enabling main regulator fails a0f1e48023c8f perf/x86/intel: Correct large PEBS flag check a7abd40cbfcfd ext4: correct the checking of quota files before moving extents 520de30d8c92b mfd: da9055: Fix missing regmap_del_irq_chip() in error path 22b5b6262958a locktorture: Fix memory leak in param_set_cpumask() 2390e90a5cd2f efi/libstub: Fix page table access in 5-level to 4-level paging transition b299217115f54 x86/boot: Fix page table access in 5-level to 4-level paging transition 2e1132b0832ea ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible 99da0f593d0b0 ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible 6110aca23ded7 ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels 627be3c40095e libbpf: Fix parsing of multi-split BTF 551060efb156c spi: tegra210-quad: Fix timeout handling 5a0060ddfc1fc drm/panthor: Fix UAF on kernel BO VA nodes ae6e58069d846 drm/panthor: Fix race with suspend during unplug 31db188355a49 drm/panthor: Fix UAF race between device unplug and FW event processing 1ed88300c3330 drm/panthor: Fix group_free_queue() for partially initialized queues 82484ee4f02f0 drm/panthor: Handle errors returned by drm_sched_entity_init() e5b181c4ea852 fs/9p: Don't open remote file with APPEND mode when writeback cache is used 288fa0d792bcc scsi: target: Do not write NUL characters into ASCII configfs output e8fe1cd91ec88 power: supply: apm_power: only unset own apm_get_power_status f8897c84d9be6 power: supply: wm831x: Check wm831x_set_bits() return value 1b8769af5dc1c power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() e52391c353028 power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() 076481e5ee775 power: supply: max17040: Check iio_read_channel_processed() return code 748c3b8a68121 power: supply: cw2015: Check devm_delayed_work_autocancel() return code 853e3e566595c power: supply: rt5033_charger: Fix device node reference leaks 3a3dff0a73ba2 perf record: skip synthesize event when open evsel failed 25b5ee3439cfc perf lock contention: Load kernel map before lookup 76a339268d75c drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() f674cb00630ab interconnect: debugfs: Fix incorrect error handling for NULL path b528a34aaf487 arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller 3b946560c90d1 interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS 4351b8664583d wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() b9f9fbc3777a2 i3c: master: svc: Prevent incomplete IBI transaction d3bacdd55ec93 i3c: fix refcount inconsistency in i3c_master_register 6b860ae7cd95d pinctrl: stm32: fix hwspinlock resource leak in probe function 60d1c1d4d9258 soc: qcom: smem: fix hwspinlock resource leak in probe error paths 5bfe033a1b775 tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set d6bec89235d73 x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() ee96f47123495 task_work: Fix NMI race condition 329f8323d3a55 perf/x86/intel/cstate: Remove PC3 support from LunarLake d1f424a77b6bd bpf: Fix stackmap overflow check in __bpf_get_stackid() 0c472ae306761 bpf: Refactor stack map trace depth calculation into helper function d6d416f3b822f perf: Remove get_perf_callchain() init_nr argument f5a4950ad270c mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove 87e02ae9ad15e mtd: nand: relax ECC parameter validation check bfbb87096b953 Revert "mtd: rawnand: marvell: fix layouts" 1d79c9aa5397a ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties dfa2bdcf7893a ARM: dts: renesas: gose: Remove superfluous port property b8f6eeb87a76b RDMA/rxe: Fix null deref on srq->rq.queue after resize failure 283a90add79fa sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). a720fb15bd06a phy: mscc: Fix PTP for VSC8574 and VSC8572 41d2074ca8689 arm64: dts: qcom: qcm6490-shift-otter: Add missing reserved-memory 11fc271a600a4 arm64: dts: qcom: sm8650: set ufs as dma coherent 3309c64e0ecd6 arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider 4173401d2fd8b arm64: dts: qcom: x1e80100: Add missing quirk for HS only USB controller 7335bfb012594 arm64: dts: qcom: x1e80100: Fix compile warnings for USB HS controller 17b65e48030ef firmware: imx: scu-irq: fix OF node leak in d5b0d62a2ee8f arm64: dts: ti: k3-am62p: Fix memory ranges for GPU d1376bcacc820 s390/ap: Don't leak debug feature files if AP instructions are not available ecb0b9f92503b s390/smp: Fix fallback CPU detection 097c870b91817 wifi: ath11k: fix peer HE MCS assignment 7ee69f3590714 wifi: ath11k: fix VHT MCS assignment ecd1ca3bd8bdd crypto: hisilicon/qm - restore original qos values c73be4f51eed9 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id 7e7135c842872 soc: qcom: gsbi: fix double disable caused by devm 3cc3f161201b7 soc: Switch back to struct platform_driver::remove() 23e8fc7c9543a clk: qcom: camcc-sm7150: Fix PLL config of PLL2 01b20bb5313d7 clk: qcom: camcc-sm6350: Fix PLL config of PLL2 d55e7dec3c2f7 clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other 9bfd3a7d31ba7 clk: qcom: camcc-sm8550: Specify Titan GDSC power domain as a parent to other fa963643a8906 uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe f93f66ffcb0d5 PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 0ac1d13b2442c arm64: dts: exynos: gs101: fix sysreg_apm reg property c8c93fe1c444a perf annotate: Check return value of evsel__get_arch() properly cc67b6d82b122 arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1 7c8dc554965f7 arm64: dts: imx8mp-venice-gw702x: remove off-board uart 54235eadb2284 arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl ad7356c7ead8b arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props da06fa2308fe5 block/mq-deadline: Switch back to a single dispatch list 53d0a52ccc9cb block/mq-deadline: Introduce dd_start_request() a38a8be61000e firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc 9e745721342cb iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member fe89feb2bdce1 inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() e1480cc48d416 inet: Avoid ehash lookup race in inet_ehash_insert() 6b9cbefb73c35 rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() d96461c6c6a31 clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets 6a2af03a6e58f dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets 3a877b22edbed dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets 4b1fd82848fdf ntfs3: Fix uninit buffer allocated by __getname() 7ce8f2028dfcc ntfs3: fix uninit memory after failed mi_read in mi_format_new 752e578549ff1 crypto: authenc - Correctly pass EINPROGRESS back up to the caller 9268a215905af irqchip/qcom-irq-combiner: Fix section mismatch f761c6e6db3ad irqchip/starfive-jh8100: Fix section mismatch d604a43972ca2 irqchip/renesas-rzg2l: Fix section mismatch 3054c0fcb4bb0 irqchip/imx-mu-msi: Fix section mismatch 987028716f9dd irqchip/irq-brcmstb-l2: Fix section mismatch 75f13a37fcf5f irqchip/irq-bcm7120-l2: Fix section mismatch c30d7fa84614f irqchip/irq-bcm7038-l1: Fix section mismatch d5843e1530d8d sched/fair: Forfeit vruntime on yield 735e232cd9cc9 wifi: ath11k: restore register window after global reset 6d9ff97af0151 wifi: ath10k: move recovery check logic into a new work 78d6455b04bc3 wifi: ath10k: Add missing include of export.h 5b9c7e103728b wifi: ath10k: Avoid vdev delete timeout when firmware is already down aea8e105743be objtool: Fix weak symbol detection 5be8a348528b7 objtool: Fix standalone --hacks=jump_label f0581990dbf3a HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() fe4b23d94f3ac drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler() 95f29bada0505 clk: renesas: cpg-mssr: Read back reset registers to assure values latched c0b15580c17f0 clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register efa305a20eb96 clk: renesas: Use str_on_off() helper 26fa515baf084 clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback d87a89c5a7eba pinctrl: renesas: rzg2l: Fix PMC restore 1f925f9047a4f USB: Fix descriptor count when handling invalid MBIM extended descriptor 338e388c0d80f drm/vgem-fence: Fix potential deadlock on release 470da7a2c29c6 accel/ivpu: Fix DCT active percent format e4341b780b22f accel/ivpu: Make function parameter names consistent e7bf47d73cd87 drm/panel: visionox-rm69299: Don't clear all mode flags a3c1fa8fe761e accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail b5890eb95ebb3 accel/ivpu: Prevent runtime suspend during context abort work 4e6e07ce0197a gpu: host1x: Fix race in syncpt alloc/free f0a9ef99fb3c4 smack: fix bug: setting task label silently ignores input garbage ac9fce2efabad smack: fix bug: unprivileged task can create labels b68902daf0994 smack: fix bug: invalid label of unix socket file ad396a05d9851 smack: always "instantiate" inode in smack_inode_init_security() abf20a13507fe smack: deduplicate xattr setting in smack_inode_init_security() d684f66dd729e smack: fix bug: SMACK64TRANSMUTE set on non-directory 74a813e575ef5 smack: deduplicate "does access rule request transmutation" Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: a71b566486 --------------------------- linux-yocto/6.18: genericarm64: remove SLIM_QCOM_CTR Integrating the following commit(s) to linux-yocto/.: 1/1 [ Author: Mikko Rapeli Email: mikko.rapeli@linaro.org Subject: genericarm64.cfg: remove SLIM_QCOM_CTRL Date: Tue, 23 Dec 2025 15:26:44 +0200 It has been removed from 6.17 kernel in commit 7cbba32a2d62c3c18128c04f88b1901d702bb2bf Signed-off-by: Mikko Rapeli Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --------------------------- Commit: 51f1388dd1 --------------------------- pseudo: Update to pull in openat2 and efault return code changes Pulls in the following fixes: * makewrappers: Enable a new efault option * ports/linux/openat2: Add dummy wrapper * test-syscall: Add a syscall test * ports/linux/pseudo_wrappers: Avoid openat2 usage via syscall which should fix issues with the tar CVE fix on Centos/Alma/Rocky 9 distros that uses openat2 as well as the efault issue breaking rust based uutils. Signed-off-by: Richard Purdie --------------------------- Commit: 235e6d49e5 --------------------------- libpcap: upgrade 1.10.5 -> 1.10.6 Solves CVE-2025-11961 and CVE-2025-11964. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: b26f8fcea9 --------------------------- libxslt: mark CVE-2025-7424 as fixed NVD DB lists this CVE as version-less (common for Redhat CVEs). Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 4fa9f8b37e --------------------------- xz: upgrade 5.8.1 -> 5.8.2 License-Update: Update GPLv2 and LGPLv2.1 copies from gnu.org * https://github.com/tukaani-project/xz/commit/6d287a3ae90e1b990294f3d5264003d81e853c5e Release Notes: * https://github.com/tukaani-project/xz/releases/tag/v5.8.2 * liblzma: - Fix the build on ARM64 on glibc versions older than 2.24 (2016). They don't have HWCAP_CRC32 in . - Disable CLMUL CRC code when building for 32-bit x86 with old MSVC versions. This avoids a compiler bug. The exact compiler version in which the issue was fixed is unknown, but VS 2022 17.13 (MSVC 19.43.34808) is known to work, so CLMUL CRC on 32-bit x86 is disabled with MSVC versions older than that. * xz: - Add a workaround for Red Hat Enterprise Linux 9 kernel bug which made xz fail with "xz: Failed to enable the sandbox". It only occurs with xz 5.8.0 and 5.8.1 binaries built for other distros. For example, running Debian 13 in a container on RHEL/CentOS 9 would trigger the issue. The bug was introduced in RHEL 9 kernel 5.14.0-603.el9 (2025-07-30) and fixed in 5.14.0-648.el9 (2025-12-05). However, as of writing, the fixed kernel isn't available to RHEL 9 users yet, so including the workaround in this xz release seems reasonable. The workaround will be removed when it's no longer needed. xzdec was also affected by this issue. - On AIX, don't use fsync() on directories because it fails. - Fix the build on Emscripten. - Fix the build on clang-cl on Windows. - Take resource limits (RLIMIT_DATA, RLIMIT_AS, and RLIMIT_VMEM) into account when determining the default memory usage limit for multithreaded mode. This should prevent xz from failing when a resource limit has been set to a value that is less than 1/4 of total RAM. Other memory limits can still trigger the same issue, for example, Linux cgroup v2 memory.max. * Build systems: - When symbol versioning is enabled, pass --undefined-version to the linker if the option is supported. This fixes the build when using LLVM's lld and some liblzma features have been disabled at build time. - ARM64: Fix autodetection of fast unaligned memory access when using GCC and -mstrict-align is in effect. Previously the build systems would incorrectly guess that unaligned access is fast, which would result in much slower binaries than needed. The fix is a workaround for GCC bug 111555; autodetection already worked with Clang. - LoongArch: Autodetect if fast unaligned memory access is supported. This can improve compression speed by 15 % (but not decompression speed). * Translations: - Update the Spanish translation. - Add Swedish man page translations. - Update Italian, Korean, Romanian, Serbian, and Ukrainian man page translations. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 1e5dff5e01 --------------------------- dropbear: upgrade 2025.88 -> 2025.89 Solves CVE-2025-14282 and CVE-2019-6111. Release notes: * https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2025.89 Drop patch included in this release and refresh other patches. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 2b485d354b --------------------------- libpcre2: Fix linking with LLD linker version scripts are at odds with LLD at times and its strict about undefined symbols even though they will be provided by c startup files. Fixes | riscv64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol '_fini' failed: symbol not defined | riscv64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol '_init' failed: symbol not defined | riscv64-yoe-linux-clang: error: linker command failed with exit code 1 (use -v to see invocation) | make[1]: *** [Makefile:1948: libpcre2-32.la] Error 1 | make[1]: Leaving directory '/mnt/b/yoe/master/build/tmp/work/riscv64imafdc-yoe-linux/libpcre2/10.47/build' Signed-off-by: Khem Raj Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 0ae08dc70f --------------------------- systemd: fix excess systemd -> ukify -> python dependency The systemd package contains a symlink to ukify binary under the libdir/systemd. This symlink forces the systemd -> systemd-ukify dependency, which also pulls in a set of python packages, which might be undesirable for the small isntallations. Move the symlink to the systemd-ukify package, removing this dependency and preventing the excess growth of the rootfs / initramfst. Fixes: e92427496210 ("systemd: package 'ukify' seperately") Cc: Koen Kooi Signed-off-by: Dmitry Baryshkov Acked-by: Martin Jansa Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: aa7576e06a --------------------------- python3: upgrade 3.13.9 -> 3.13.11 Handles CVE-2025-6075 (in 3.13.10) and CVE-2025-12084 (in 3.13.11). Release information: * https://www.python.org/downloads/release/python-31310/ * Python 3.13.10 is the tenth maintenance release of 3.13, containing around 300 bugfixes, build improvements and documentation changes since 3.13.9. * https://www.python.org/downloads/release/python-31311/ * Python 3.13.11 is the eleventh maintenance release of 3.13. This is an expedited release to fix the following regressions: * gh-142206: Exceptions in multiprocessing in running programs while upgrading Python. * gh-142218: Segmentation faults and assertion failures in insertdict. * gh-140797: Crash when using multiple capturing groups in re.Scanner * And these security fixes: * gh-142145: Remove quadratic behavior in node ID cache clearing (CVE-2025-12084) * gh-119451: Fix a potential denial of service in http.client * gh-119452: Fix a potential virtual memory allocation denial of service in http.server Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 08e93850d5 --------------------------- bindgen-cli: extend BBCLASSEXTEND to include nativesdk To support building Rust bindings in the SDK environment, bindgen needs to be available for the `nativesdk` class as well. This is required as part of making Rust available, where bindgen is a common dependency for generating Rust FFI bindings from C headers during cross-compilation. Signed-off-by: Harish Sadineni Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 947bd6ba96 --------------------------- oe-selftest: case.py: remove unused imports Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 998ebfc77d --------------------------- oeqa: runtime: go: Increase test_go_compile/test_go_module timeout These tests tend do take a bit of time, and this is probably why they have been seen failing a few times in the past months. Rising the timeout from 5 to 10 minutes appears to help. Fixes [YOCTO #15999] Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 42a90c96b2 --------------------------- ovmf: upgrade 202508 -> 202511 Upstream has dropped support for 32 bit x86: https://github.com/tianocore/edk2/commit/2a6708a786eb0f0e9b979cd93c5dc12c42e337a1 Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --------------------------- Commit: c66f4a1480 --------------------------- package.py: skip dwarfsrcfiles for Clang LTO static libraries When using Clang toolchain with LTO enabled, static libraries (.a) contain LLVM bitcode objects instead of ELF objects. dwarfsrcfiles cannot process these files and fails with "not a valid ELF file" error. Rather than catching the error message, guard the dwarfsrcfiles call by checking for the specific conditions: static library (using is_static_lib() magic check) + clang toolchain + lto in DISTRO_FEATURES. When all conditions are met, skip the call silently. Signed-off-by: mark.yang Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 623c20ff1e --------------------------- overlayfs: Remove helper unit Since systemd v256 workdir and upperdir are automatically created if they don't exist, so we don't need an additional helper unit anymore. Ref: https://github.com/systemd/systemd/commit/6c75eff6afd90596d09a33a9275be292db4e3380 Signed-off-by: Vyacheslav Yurkov Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 54a81bcd2c --------------------------- alsa-ucm-conf: upgrade 1.2.15 -> 1.2.15.1 Upstream changes: various fixes https://www.alsa-project.org/wiki/Changes_v1.2.15_v1.2.15.1 Signed-off-by: Michael Opdenacker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 933deb2597 --------------------------- alsa-utils: upgrade 1.2.15 -> 1.2.15.1 Upstream changes: alsactl and aplay fixes https://www.alsa-project.org/wiki/Changes_v1.2.15_v1.2.15.1 Remove no longer necessary patch: 0001-alsactl-fix-build-when-in-subdirectory.patch Signed-off-by: Michael Opdenacker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d7debf0443 --------------------------- alsa-lib: upgrade 1.2.15 -> 1.2.15.1 Upstream changes: various fixes https://www.alsa-project.org/wiki/Changes_v1.2.15_v1.2.15.1 Remove no longer needed patch: 0001-ucm-use-closefrom-instead-of-close_range.patch Signed-off-by: Michael Opdenacker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 8a264cb75a --------------------------- selftest: devtool: Set PATH when running pseudo When running pseudo outside of bitbake, we need to use the same PATH as we would use if we were running inside bitbake instead of the host environment's PATH. This is particularly important on Ubuntu 25.10 where 'ls' on this host's PATH is provided by uutils and we have setup links in HOSTTOOLS_DIR to ensure that the gnu coreutils implementation is used instead. Fixes [YOCTO #16099] Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: 479d48503d --------------------------- icu: upgrade 77-1 -> 78.1 Upstream has adopted the . as version separator, so custom recipe logic can be dropped. License-Update: additional files under MIT. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: a8ddda6033 --------------------------- libtheora: set CVE_PRODUCT In the NVD database, the product name of libtheora is theora. This was set to ensure that cve-check works correctly. Signed-off-by: Ken Kurematsu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: fa4afc31df --------------------------- oe-selftest: fitimage: support FIT_CONF_MAPPINGS Add some quick tests for the FIT_CONF_MAPPINGS handling in fitimage.py Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: e30f809a50 --------------------------- kernel-fitimage: Add FIT_CONF_MAPPINGS for flexible DTB configuration Having a 1-1 mapping between DTB names and configuration nodes names in FIT images does not always work. Make this a bit more flexible by allowing users to specify mappings to rename configuration nodes or add extra configuration nodes for existing DTBs. The new FIT_CONF_MAPPINGS variable accepts a space-separated list of mapping commands: - dtb-conf:DTB_NAME:NEW_NAME Renames the configuration node for a specific DTB. - dtb-extra-conf:DTB_NAME:EXTRA_NAME Creates an additional configuration node for an existing DTB. Example usage: FIT_CONF_MAPPINGS = "\ dtb-extra-conf:am335x-bonegreen:bonegreen \ dtb-conf:am335x-boneblack:bbblack" This generates three configuration nodes from two DTBs: am335x-bonegreen, bonegreen (extra), and bbblack (renamed). The implementation validates all mappings and ensures they match existing DTBs, failing with clear error messages for invalid or unused mappings. Also removes leftover debug warning that was printing DTB configuration details during FIT image generation. Signed-off-by: Adrian Freihofer Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --------------------------- Commit: d925d67061 --------------------------- fitimage: Add FIT_MKIMAGE_EXTRA_OPTS for flexible mkimage arguments Currently, mkimage options in U-Boot recipes are fixed, which limits flexibility for platforms that require additional mkimage arguments. Introduce FIT_MKIMAGE_EXTRA_OPTS to allow passing extra options to mkimage during image generation. This is a generic need because different SoCs and boot configurations often require mkimage flags beyond the defaults. By exposing this variable, we provide a clean and extensible mechanism for developers to meet hardware-specific and security requirements without hardcoding options in recipes. Example: UBOOT_MKIMAGE_EXTRA_OPTS = "-B 8 -E" will result in the mkimage command being invoked as: `mkimage -B 8 -E -f fit-image.its fitImage` - `-E` enables external data in FIT images, which is essential for modular boot setups, secure boot workflows, and reducing image size. - `-B 8` enforces 8-byte alignment, ensuring compatibility with boot ROM requirements, improving memory access efficiency, and supporting predictable offsets for multi-component FIT images. Signed-off-by: Kavinaya S Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-797_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-796_default.lock.xml ## judo-auto-test --------------------------- Commit: 7937d98 --------------------------- CSNMR-5557 Implement Network Diag Enable and Cfg keywords # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-796_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-795_default.lock.xml ## judo-security --------------------------- Commit: 38f53ec --------------------------- CSNMR-5558: add MFG yubikey 29609883 params files # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-795_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-793_default.lock.xml ## judo-cfg-agents --------------------------- Commit: ff91fea --------------------------- Bugfix: Capture/print errors when trying to publish Without this change, the errors are only printed on agent shutdown/crash. The exceptions thrown here are not limited to SchemaValidation errors, as TypeErrors can be thrown due to JSON serialisation failures, so just capture any/all exceptions. --------------------------- Commit: 798153e --------------------------- Bugfix: the list of expected devices in a unit will never change Could only ever change if the detected device variant changes, and that will only happen on the agent restarting. --------------------------- Commit: 1a728e8 --------------------------- system_properties: Add phoenix UHF detection --------------------------- Commit: a161927 --------------------------- Bugfix: Use device variant provided by env --------------------------- Commit: 250e532 --------------------------- Bugfix: Ensure subprocess returns strings, not byte-sequences bytes are not JSON-serialisable, and callers were expecting/assuming strings anyway. --------------------------- Commit: d3850bd --------------------------- Sumo/Kendo variants update from requirements Placeholders for phoenix and TR300 detection. ## meta-judo --------------------------- Commit: 4233785 --------------------------- SUMO-551: Add porpoise-services recipe to Sumo image Includes the 'tricat' daemon and CLI app for managing Bluetooth. --------------------------- Commit: 77baad6 --------------------------- SUMO-551: Define new Sumo Bluetooth packagegroup ## meta-judo-bsp --------------------------- Commit: ed69c00 --------------------------- SUMO-551: Add readme's for low-level Bluetooth design details Record details on how the Bluetooth FW updates and runtime management are implemented. --------------------------- Commit: 3ba97ad --------------------------- SUMO-551: Add driver for PPS signal from GNSS receiver Passed into 'Porpoise' tricat application for synchronising time over Bluetooth with remote devices. --------------------------- Commit: 9b7f9ce --------------------------- SUMO-551: Customise porpoise-services recipe for Sumo - Switch all SRCREVs to commit-hashes. - Fix setting ${S}, upstream/Yocto change. - Add systemd service to auto-start `tricatd`. - Modify JSON configuration to work with Sumo HW. - Requires `.b01` FW files so deploy them in the trident FW recipe. - Remove Porpoise-specific binaries/dependencies/tools. --------------------------- Commit: 89ebb9a --------------------------- SUMO-551: Add porpoise-services recipe Provides Bluetooth runtime management as part of the Corsica/ Cousteau project/design. Copied directly from ORCA project: https://bitbucket.trimble.tools/projects/ORCA/repos/porpoise-meta/browse/recipes-porpoise/porpoise-services/porpoise-services.bb --------------------------- Commit: bf321d7 --------------------------- Bugfix: Fix ordering of machine overrides for Sumo Ensure 'sumo' is the most-specific machine type so `:sumo` overrides take the highest priority. --------------------------- Commit: d090ab9 --------------------------- SUMO-551: Add Trident production BT FW --------------------------- Commit: 4f3efa6 --------------------------- SUMO-551: Rename BT compliance FW recipe In preparation for adding the production/Trident FW. ## meta-judo-proprietary --------------------------- Commit: ce47ab4 --------------------------- Bugfix: Allow Sumo (and Kendo) devices in system_properties Prior to this, Sumo devices were being handled as unknown devices and missing any/all HW components, breaking the webUI. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-793_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-792_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-792_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-791_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-791_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-790_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-790_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-789_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-789_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-788_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-788_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-787_default.lock.xml ## meta-bedrock --------------------------- Commit: 24dc37d --------------------------- Update layer compat for wrynose Upstream has changed the LAYERSERIES_CORENAMES from whinlatter to wrynose on the master branch. Signed-off-by: Theodore A. Roth --------------------------- Commit: 2475121 --------------------------- Revert "crun: Fix QA error which is breaking the builds" This reverts commit 4ce9cb28aa5875e989a0e954d0b6ac78778dcb9d. No longer needed as issue has been addressed upstream. Signed-off-by: Theodore A. Roth # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-787_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-786_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-786_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-785_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-785_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-784_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-784_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-783_default.lock.xml ## judo-cfg-agents --------------------------- Commit: b14dfc7 --------------------------- CSNMR-5428: Add support for GNSS Reset GNSS supports the following GNSS reset levels: * PVT: The PVT Engine (RTK/RTX) is restarted without restarting tracking or rebooting the GNSS subsystem. * SV_DATA: Clears stored ephemeris and almanac data and reboots the GNSS subsystem. * FULL: Restores the receiver to factory state. This will clear Ephemeris and Almanac data, clear all logged data, reformat storage, restore factory settings and reboot the GNSS subsystem. For each of the reset levels, the following steps are taken: 1. GNSS Manager Agent stops bd992-handler 2. Perform BD reset a. bd992-handler reset [serial_port] [reset_level] b. Where reset_level is PVT, SV_DATA, or FULL c. Wait for reset to complete 3. GNSS Manager Agent starts bd992-handler ## judo-design-docs --------------------------- Commit: b4b328d --------------------------- CSNMR-5428: Update GNSS Manager Docs for GNSS Reset Update GNSS Manager design documentation for GNSS Reset. ## judo-radio-utils --------------------------- Commit: e9f54c3 --------------------------- CSNMR-5628: Remove functional test start and stop scripts The setup and teardown actions performed by these scripts are now performed by the MQTT test console. --------------------------- Commit: 3046c99 --------------------------- CSNMR-5628: Add Phoenix functional test service This changeset adds a service which runs the Phoenix handler, receiving data on the frequency used in the functional test and publishing that data on the port used for observable data output, so that the data can pass through the firewall and be received by the test monitor/controller. --------------------------- Commit: 703f44e --------------------------- CSNMR-5628: run-phoenix-suhf.py: Allow configuring output address The firewall allows outgoing traffic on port 12101 for observables data from the UHF radio. This changeset allows the output address to be configured for this port so that observable data can be received by the functional test controller, while retaining the default behaviour of sending observable data on 0.0.0.0:1234. --------------------------- Commit: d43e789 --------------------------- CSNMR-5628: Add send-observables systemd service Making send-observables a systemd service avoids the complexity of managing the process directly in tests. ## meta-judo-bsp --------------------------- Commit: c31c1c9 --------------------------- CSNMR-5628: judo-radio-utils: Update SRCREV This changeset also adds systemd services for running the secondary Judo unit's Mikimoto UHF transmitter and the UUT's Phoenix UHF receiver. These are used during functional testing of the UUT's Phoenix UHF receiver. --------------------------- Commit: cbd8df9 --------------------------- CSNMR-5628: gpioset-services: Enable Sumo UHF LNA on boot ## meta-judo-proprietary --------------------------- Commit: 702f8c4 --------------------------- CSNMR-5428: Update SRCREV Update SRCREV for judo-cfg-agents --------------------------- Commit: 4f72db8 --------------------------- CSNMR-5428: Update SRCREV for rust-gnss Update rust-gnss SRCREV to add GNSS reset support to 4c0485a14818bd315b6043e059ab6c4340d97642 --------------------------- Commit: 874ba56 --------------------------- CSNMR-5628: python3-mqtt-api: Manage run-phoenix-suhf in functional tests using systemd service --------------------------- Commit: 4cd307c --------------------------- CSNMR-5628: python3-mqtt-api: Manage send-observables in functional tests using systemd service --------------------------- Commit: 72579a7 --------------------------- CSNMR-5628: python3-mqtt-api: Use enable-uhf service to sequence TR49 power in functional tests # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-783_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-782_default.lock.xml ## judo-auto-test --------------------------- Commit: 61d072d --------------------------- CSNMR-5622 Improve canbus tests and fix failures - Unskip test for CSNMR-5621: fix root cause of failure. A single shared buffer holds incoming MQTT messages; each new subscribe replaced it, so tests sometimes read from the previous subscribe’s (empty) buffer. Fix by aligning subscribe/listen usage so the correct buffer is used. - Improve canbus test flow and robustness. ## yocto-docs --------------------------- Commit: f2811603d --------------------------- set_versions.py: fix codestyle/formatting issues Fix issues reported by pycodestyle (long lines, spurious or missing whitespaces, underindented lines), and add the missing description of the get_abbrev_hash() function. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 6c8961015 --------------------------- set_versions.py: move the poky_mapping dict where it is used The poky_mapping dict isn't used until after the replacements dict is created. Move it's definitions to where it's used. Also fix a codestyle issue while we're at it (whitespace before ":"). Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 98815cee1 --------------------------- set_versions.py: use bitbake mappings from remote releases.json After [1] we can now use the bitbake version mappings maintained in the remote releases.json file, allowing to reduce maintenance effort here. [1]: Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-782_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-781_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-781_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-780_default.lock.xml ## judo-cfg-agents --------------------------- Commit: 1eea9e8 --------------------------- CSNMR-5564: Change firmware_ota_agent to check internet connectivity This changes the agent to only access the internet for identity certificates and firmware updates when there is internet connectivity. The reason for this is the cloud access functions can take a long time and might interfere with local firmware updates. Once internet is available, those cloud checks are usually fast and take a few seconds. In agent.py: It adds a new class to receive internet diagnostic messages to notify the manager when internet is available. The call to device_update_identity_cert() is removed where the environment is updated. Instead, the manager gets the cert when it needs to check for firmware so that both operations are controlled by the same logic. The class SetEnvCfgEvent is instatiated after the FirmwareOtaUpdateManager so that internal settings do not get overridden with defaults in the manager. In manager.py The function setDeviceParams is broken into two parts. It still sets the environment _device_params for stage or prod. But the cloud_params are extracted in the new _extract_base_url() after the certificate is downloaded. Finally, the check_update has two new additions. 1. It tests if the _internet_connected flag is set. If not it schedules another try for later. 2. It downloads the identity certificate if it is the first try or if the environment has changed. If that download fails, it schedules another try. --------------------------- Commit: cee59f6 --------------------------- CSNMR-5564: Fix local firmware update to not check for certificates This is the main fix for the local updates that were timing out because the call to update_env() was taking a long time. Now it does not check for a certificate when stop_cloud_update and install_update commands are sent. --------------------------- Commit: 837fdda --------------------------- CSNMR-5564: Check for firmware update after broker connection This change moves the initial firmware check to after the agent is connected to zenoh to enable it to check internet status. It also has the benefit of making the initial startup faster. ## meta-judo --------------------------- Commit: 41dab7e --------------------------- CSNMR-4696: recovery: Fix DHCP server race on boot When booting into recovery mode, there is a race condition with starting the dhcp server and the mounting of the `/var/lib` path. The `/var/lib` must be read-write before the DHCP server can be started. There are multiple services that rely on `/var/lib` being read/write, so improving the startup service dependencies allows the system to boot up into recovery and provide DHCP services to connected devices. Signed-off-by: Theodore A. Roth ## meta-judo-proprietary --------------------------- Commit: 6ac2412 --------------------------- CSNMR-5564: Update SRCREV for judo-cfg-agents # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-780_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-779_default.lock.xml ## manifest-judo --------------------------- Commit: d34f237 --------------------------- SUMO-552 commit message summaries for builds All of these scripts are designed for stand-alone use. They are **not** part of the build process (at least not yet). All of these scripts scrape the git history of all the Judo repositories, to list commits used for a build. The repositories must already checked out or updated (using the Android repo tool). - buildinfo_summaries.py uses the `/etc/os-release` and `etc/buildinfo` from an live Judo/Timo/Sumo, to get the messages. This script will grab the necessary files from the DUT, via ssh. - xml_lock_summaries.py uses a default.lock.xml from the Bamboo artifacts, to get the messages. The default.lock.xml must be manually downloaded. - xml_lock_summary_diff.py uses two default.lock.xml from the Bamboo artifacts, to get the messages for all commits called out by hashes in the two default.lock.xml files. The default.lock.xml files must be manually downloaded. - scripts/bamboo_fw_download.py: download Bamboo firmware artifacts (.raucb, optional .wic.xz) via REST API and PAT; supports multiple plan keys (Judo-HS-Prod, RPi, Sumo), label expansion from HTML browse pages, pre-signed S3 URLs, --force, -v/--verbose. - scripts/*.md: requirements for the script (purpose, inputs, core behavior, CLI, constants, dependencies, etc). Note: All the scripts in this commit were created with AI, which is why the scripts/*.md files have been included, even though they are not directly used. ## yocto-docs --------------------------- Commit: 5d711350a --------------------------- ref-manual/system-requirements: add fedora 43 as supported distro Fedora 43 is now properly tested for Poky[1], so let's add it to the list of supported distros. [1] https://git.yoctoproject.org/meta-yocto/commit/?id=4c156ef673f8ff7c967b2b34dd1d366e1b74d41c Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: b92cffd3e --------------------------- ref-manual/system-requirements: update list of EoL distros we still test Fedora 41 is EoL since end of 2025[1] and Ubuntu 25.04 since mid January 2026[2], so let's add them to the list of distros we're testing but don't receive updates for. [1] https://docs.fedoraproject.org/en-US/releases/eol/#_unsupported_fedora_linux_releases [2] https://documentation.ubuntu.com/project/release-team/list-of-releases/#end-of-life Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 5afd21a88 --------------------------- overview-manual/concepts: list other possible class directories Classes can be located in three different directories since Langdale (4.1), so let's update which directories you can find in a distribution layer. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0d05dedd6 --------------------------- ref-manual: delete claim PACKAGE_EXCLUDE does not support .deb The current explanation of "PACKAGE_EXCLUDE" claims that this variable does not support .deb packaging; this is incorrect. Signed-off-by: Robert P. J. Day Tested-by: Antonin Godard Signed-off-by: Antonin Godard --------------------------- Commit: 73b3beb99 --------------------------- overview-manual: escape wildcard in inline markup This change escapes the wildcard in 'recipes-*' to properly italicize the string Signed-off-by: Kristiyan Chakarov Signed-off-by: Antonin Godard --------------------------- Commit: 5bebe38a8 --------------------------- set_versions.py: build with versions from releases.json Build using the releases.json file obtained from https://dashboard.yoctoproject.org/releases.json. If this file is already downloaded, don't fetch it again. If we fail fetching the file, use default values (and print a warning). Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-779_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-778_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-778_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-777_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-777_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-776_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-776_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-775_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-775_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-774_default.lock.xml ## judo-bd992-fw --------------------------- Commit: e86f0c1 --------------------------- CSNMR-5600: update BD images for stella Update BD images for stella to 6.60-0.27 Stella Checksum = 0x3EFE8B8D ## meta-judo --------------------------- Commit: 34694d1 --------------------------- CSNMR-5600: Add GNSS stella firmware update Update stella firmware GNSS override configuration to 6.60-0.27 ## meta-judo-proprietary --------------------------- Commit: d442f89 --------------------------- CSNMR-5600: update SRCREV Update SRCREV for bd992-fw-update repo which holds stella 6.60-0.27 image. --------------------------- Commit: a444478 --------------------------- CSNMR-5600: update Stella firmware from 6.60-0.24 to 6.60-0.27 Install Stella firmware image 6.60-0.27 # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-774_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-773_default.lock.xml ## manifest-judo --------------------------- Commit: b4b9ea3 --------------------------- CSNMR-5203: Propagate build errors up to bamboo We are not properly propagating yocto build errors up to bamboo from the docker containers. As such, bamboo always thinks the build succeeded and then tried to run the regression tests when it should not and the tests fail. This is confussing since it looks like the tests failed, when that is not actually where the failure was. Signed-off-by: Theodore A. Roth # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-773_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-772_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-772_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-771_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-771_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-770_default.lock.xml ## judo-auto-test --------------------------- Commit: a4c4c31 --------------------------- CSNMR-5621 Skip canbus test ## judo-radio-utils --------------------------- Commit: afc66c6 --------------------------- SUMO-553: Add read-5v-psu-amps.py and run-phoenix-suhf.py helpers With some minor modifications, these scripts have been copied from the attachments to SUMO-553. ## meta-judo-bsp --------------------------- Commit: ea481c9 --------------------------- SUMO-553: judo-radio-utils: update SRCREV This changeset also adds the python3-smbus2 dependency to the judo-radio-utils recipe, as it is required by the read-5v-psu-amps.py script. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-770_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-769_default.lock.xml ## judo-cfg-agents --------------------------- Commit: a9b04bd --------------------------- CSNMR-5426: Add soft_reset to system_control_agent Add soft reset to system_control_agent using systemd stop and start commands from a soft_reset.sh script. system_control_agent sends the SUCCESS_COMMAND_EXECUTED event notification on accepted soft_reset command start. ## meta-judo-proprietary --------------------------- Commit: bab1362 --------------------------- CSNMR-5426: Update SRCREV soft_reset for system_control Update SRCREV for soft_reset support in system_control_agent. Add bash script that needs to run as a separate process to perform a system control soft_reset. Services being restarted are all cfg-agent agents except for licensing. Do not restart licensing agent as it needs to start and be ready before the other agents start. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-769_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-767_default.lock.xml ## manifest-judo --------------------------- Commit: 12b5296 --------------------------- CSNMR-5413: OS snapshot capture after test jobs Add pull-dut-os-snapshot.py to capture the DUT OS snapshot via MQTT after each test run. The script subscribes to system_properties for the device ID, triggers a snapshot, waits for completion, and downloads the resulting archive to the Bamboo workspace. Each test wrapper (firmware, radio/GNSS, cell) now calls the snapshot script inside the TEST_CORE_IMAGE block. The snapshot exit code is ignored; a required Bamboo artifact enforces that the snapshot was produced, failing the job at artifact collection if missing. Signed-off-by: Brady Hill # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-767_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-766_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-766_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-765_default.lock.xml ## judo-radio-utils --------------------------- Commit: a8fcdd0 --------------------------- CSNMR-5538: Fix HaLow subnet The default HaLow subnet is 192.168.44.0/24, not 192.168.200.0/24. --------------------------- Commit: 4a096b7 --------------------------- CSNMR-5538: Remove HaLow AP/STA setup scripts Setting up the HaLow AP and STA can now be done using the MQTT API. ## meta-judo --------------------------- Commit: 7c99eca --------------------------- CSNMR-5538: Add halow-uhf-rf-path-ctl utility to Sumo image The halow-uhf-rf-path-ctl utility configures the RF path shared by the HaLow and UHF radios on Sumo hardware. --------------------------- Commit: d266da2 --------------------------- CSNMR-5538: Enable load-nrc service on boot Running the load-nrc service to load the HaLow driver on boot seems to produce reliable results, and is simpler than running the service manually. ## meta-judo-bsp --------------------------- Commit: 7ae5eac --------------------------- CSNMR-5538: Configure Sumo HaLow/UHF shared RF path on boot This changeset adds a service which configures the shared HaLow/UHF RF path on Sumo when the device boots. This service is a temporary solution to configuring this part of the hardware, and this commit should be reverted once the RF path is configured via the MQTT API. --------------------------- Commit: 67197f2 --------------------------- CSNMR-5538: Add Sumo HaLow/UHF shared RF path config utility --------------------------- Commit: f210b3b --------------------------- CSNMR-5538: judo-radio-utils: update SRCREV This changeset also removes the HaLow AP and STA services used by the functional test, as HaLow is now configured using the MQTT API. ## meta-judo-proprietary --------------------------- Commit: 5d3d493 --------------------------- CSNMR-5538: Minimise restarting of UUT MQTT brokers This changeset adds code to start-tmux-monitor-controller which avoids restarting the MQTT brokers on the UUT and secondary unit if the associated bridge is already configured. --------------------------- Commit: 7a1a406 --------------------------- CSNMR-5538: Fix HaLow subnet The default HaLow subnet is 192.168.44.0/24, not 192.168.200.0/24. --------------------------- Commit: 4d6d4d1 --------------------------- CSNMR-5538: Initialize HaLow in emc-test-monitoring This changeset reinstates the HaLow initialization in the emc-test-monitoring script and removes the associated code from start-tmux-monitor-controller.sh. It also tears down the HaLow AP and STA when the test console is shut down. ## mqtt-api --------------------------- Commit: 55244de --------------------------- CSNMR-5538: Set up and tear down HaLow interface in controller scripts # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-765_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-764_default.lock.xml ## manifest-judo --------------------------- Commit: 7625499 --------------------------- scripts: Remove judo-build hash server from configuration The hash server on the judo-build server no longer exists, and attempting to contact it generates warning messages in the build log. This change fixes the following warnings in the build output (and other similar warnings in specific recipes): WARNING: Error contacting Hash Equivalence Server judo-build.ap.trimblecorp.net:8686: [Errno -2] Name or service not known # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-764_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-763_default.lock.xml ## meta-judo --------------------------- Commit: 98fe292 --------------------------- CSNMR-5588: Update the Judo web UI to version 0.24.10 The recipes are renamed with the new version and the Artifactory checksums are changed to match the new files. --------------------------- Commit: f8eab82 --------------------------- Fix judo-web-ui.conf to not cache v0 pages There can be times when the v0 web UI displays cached versions of files. This change adds the necessary header to v0 responses to avoid caching. It may still be necessary to hit Ctrl-F5 to do a hard reload if an older version was installed that did not have this caching fix. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-763_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-762_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-762_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-761_default.lock.xml ## judo-auto-test --------------------------- Commit: ec85a83 --------------------------- CSNMR-5590 Remove duplicate ping tests - Multiple ping tests were imlemented in RF. eth_4we_1, eth_2we_1, eth_2we_2, and eth_bd992. Remove these tests from Slash as they are no longer needed there. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-761_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-760_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-760_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-759_default.lock.xml ## judo-bd992-fw --------------------------- Commit: fc7599b --------------------------- CSNMR-5214: update BD images for stella Update BD images for stella to 6.60-0.24 Stella Checksum = 0x179D32E4 ## judo-cfg-agents --------------------------- Commit: 6a8c581 --------------------------- CSNMR-5214: Add support for Stella firmware update Check for Stella or BD992 to determine static GNSS configuration file. Generate GNSS configuration adjusting the Stella firmware image and firmware checksum on a unit with Stella. Add GNSS Mgr check for cfg change. To avoid unnecessary GNSS restarts, GNSS configuration does the following: 1. Update and merge GNSS configurations 2. get current GNSS configuration 3. compare merged and current configuration 4. restart GNSS handlers if configuration has changed. ## judo-design-docs --------------------------- Commit: 5b71ecd --------------------------- CSNMR-5214 Update GNSS Design Documentation Updated the GNSS Manager design documentation to support dynamic runtime parameter changes. The system now generates a unified configuration by merging static base files, runtime-generated logging settings, and optional manual overrides using a "last-one-wins" priority hierarchy for matching keys. ## meta-judo --------------------------- Commit: 150049c --------------------------- CSNMR-5214: Add GNSS auto stella firmware update Add GNSS automatic firmware update for stella. If unit has a stella, then the GNSS Manager will read a stella configuration override file to generate a GNSS configuration with the stella firmware image file and firmware checksum. If there is a stella firmware checksum mismatch, the bd992-handler will automatically update the stella firmware. ## meta-judo-proprietary --------------------------- Commit: 617f1d8 --------------------------- CSNMR-5214: Add SRCREV for Stella auto fw update GNSS Manager agent checks for Stella or BD992 to determine generate GNSS configuration overriding the Stella firmware image and firmware checksum on a units with Stella. --------------------------- Commit: 0104484 --------------------------- CSNMR-5214: Add Stella firmware image to Judo OS Add Stella 6.60_0.24 firmware image to Judo OS --------------------------- Commit: ef76cd6 --------------------------- CSNMR-5214 Update to latest rust-gnss Update rust-gnss to SRCREV_rust-gnss = "bd4b506b1a9ced7cbba19c33ff44736dbf1e94dc" which includes: bd4b506b1 Add HL_nGPIO_CTL to phoenix-handler 8d433fcc0 Try harder to get fw checksum to avoid unnecessary installs # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-759_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-758_default.lock.xml ## judo-auto-test --------------------------- Commit: 13445d0 --------------------------- CSNMR-5585 Unskip Reboot Initiates License Refresh RF testcase - CSNMR-5534 was implemented so unskip the reboot. test. After the reboot completes and the License Process State reaches complete. There is an additional check to verify that the source of the restored license is from the cloud. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-758_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-757_default.lock.xml ## judo-api-specs --------------------------- Commit: 8860f14 --------------------------- CSNMR-5490: add first pass of API conventions docs Added a note on conventions and link to syntax conventions doc. --------------------------- Commit: a936f19 --------------------------- CSNMR-5490: add first pass cfg/event API template Added first pass template-cfg-event.yml file. Using this file as a base for new APIs will help keep API additions in line with the syntax conventions. --------------------------- Commit: 7e91a20 --------------------------- fixup: remove unused tag from asyncapi.yml --------------------------- Commit: 6d6fcab --------------------------- CSNMR-5498: fix statusCode and casing in gnss_reset messages ## meta-judo-bsp --------------------------- Commit: 9e25513 --------------------------- CSNMR-5454: program-uhf-fpga: Update FPGA image # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-757_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-756_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-756_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-755_default.lock.xml ## judo-api-specs --------------------------- Commit: 7018613 --------------------------- CSNMR-5567: remove x-channel-name from asyncapi spec Removed x-channel-name extensions from all asyncapi definitions. This extension is deprecated and now unused. ## judo-cfg-agents --------------------------- Commit: 77ab641 --------------------------- CSNMR-5572: add MP1087 model support to system properties Added a duplication of the MP1086 component sets for MP1087. MP1087 hardware is essentially the same as MP1086, we just need to accept both models. Potential refactor of variant and suffix is a later question for Sumo development. ## meta-judo --------------------------- Commit: 6b5b9a9 --------------------------- CSNMR-5567: update SRCREV judo-api-specs ## meta-judo-proprietary --------------------------- Commit: 404ce47 --------------------------- CSNMR-5572: update SRCREV # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-755_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-754_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-754_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-753_default.lock.xml ## judo-api-specs --------------------------- Commit: fba598f --------------------------- CSNMR-5302: Add signalBars to the wifi diagnostic spec In addition to the rssi signal strength, this adds signalBars for ease of displaying signal strength. The version is updated to 0.64.0. ## judo-auto-test --------------------------- Commit: 8310ed5 --------------------------- CSNMR-5578 Fix can_bus.robot test - The CI fails the mp1010_mqtt_api/canbus.robot tests. Root cause is the enable parameter for the publish message is set to a RF ${True}/${False} and not true/false as required by in the payload. The fix is to set the values correctly ## judo-cfg-agents --------------------------- Commit: dd1c520 --------------------------- CSNMR-4051: Add 80211/Wifi/Halow diagnostics info implementation Diagnostic code is implemented in the ieee80211_agent to produce the event_diag_80211_info message. The reason it is in the agent and not in the diags_agent is to keep this code close to the agent it monitors. The diagnostic class could be moved to the diags agent easily if needed. Messages are published for wifi and halow radios. At the moment, the halow message is mostly blank unless the halow radio gets turned on with "sudo modprobe nrc". This diagnostic code does a lot of command line queries to gather information with parsing steps. The unit tests cover all the conditionals so there are a lot of tests. ## meta-judo --------------------------- Commit: e4af1da --------------------------- CSNMR-5302: Update SRCREV for judo-api-specs ## meta-judo-proprietary --------------------------- Commit: a4e402a --------------------------- CSNMR-4051: Update SRCREV for judo-cfg-agents # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-753_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-752_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-752_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-751_default.lock.xml ## judo-rest-api --------------------------- Commit: 645a0b6 --------------------------- CSNMR-5448: Add file patch REST service This new patch service runs as a separate process from the Judo-rest-api. The reason is so it can be started and stopped on its own. Later, a license check may be done to enable the service. The new patch service takes a file and attempts to uncompress it. It returns error messages and logs activity to a file in /cfg/patch/mp_patch_history.log. Unit tests are added for basic functionality. ## judo-web-ui --------------------------- Commit: 378e08f --------------------------- Hide the API Debug section with a toggle button on the v0 page The Judo API Debug section is now hidden because it is rarely used. It can be shown with a toggle button. It is still useful for testing communication with the back end. --------------------------- Commit: a3eb190 --------------------------- CSNMR-5448: Add a File Patch Service section to the v0 web UI A new section is added to the v0 web UI to allow a patch zip file to be sent to the device. It shows a panel with patch log file contents. A test folder is created with a simple test zip file that can be used to test the service. ## meta-judo --------------------------- Commit: b195607 --------------------------- CSNMR-5448: Add Judo Patch Service files and update SRCREV This change brings in a service file named judo-patch.service to start the judo-patch service. Even though it is part of the judo-rest-api, the patch service runs independently because later there may be a license check before the service will start. The patch service allows .tar.gz patch files to be installed on the device. The judo-web-ui.conf file modifies lighttpd to send the api call to the patch service instead of the standard judo-rest-api. It also provides an alias for the mp_patch_history.log file so that the web UI can load the log file. The judo-web-ui and pythong-judo-rest-api SRCREV is updated to get the corresponding change for the v0 web UI. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-751_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-750_default.lock.xml ## judo-auto-test --------------------------- Commit: 9fa319f --------------------------- CSNMR-5395 Add CANBus robot test CSNMR-5395 Version of canbus robot test CSNMR-5395-CANBus Robot test # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-750_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-749_default.lock.xml ## meta-judo --------------------------- Commit: 05328a1 --------------------------- CSNMR-5514: Update Judo web UI to version 0.24.7 The recipes for the web UI and the recovery web UI are renamed with the new version and the Artifictory check sums are updated. ## meta-judo-proprietary --------------------------- Commit: 80fcc22 --------------------------- CSNMR-5537: Initialize Wi-Fi in emc-test-monitoring This changeset reinstates the Wi-Fi initialization in the emc-test-monitoring script and removes the associated code from start-tmux-monitor-controller.sh. It also tears down the Wi-Fi AP and STA when the test console is shut down. ## mqtt-api --------------------------- Commit: 95b7aa1 --------------------------- CSNMR-5537: Add functional test teardown script This script currently only disables the Wi-Fi interfaces on the UUT and secondary unit. It will be extended to disabling the HaLow interfaces on these units as part of CSNMR-5538, and can be used for any other teardown that may be required in future. --------------------------- Commit: 7507c7c --------------------------- CSNMR-5537: Add wait_for_net_interface_state to controller console This is used to ensure that wireless IP connections (Wi-Fi and HaLow) are disestablished before exiting the test console following a test session, by waiting for the interface to go down. --------------------------- Commit: 3f9ec82 --------------------------- CSNMR-5537: Add wait_for_dhcp_address_in_range to controller console This is used to ensure that wireless IP connections (Wi-Fi and HaLow) are established during setup before starting the test session, by waiting for the access point to issue an IP address to the station via DHCP. --------------------------- Commit: 3401cff --------------------------- CSNMR-5537: Set up secondary unit as Wi-Fi AP in EMC tests # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-749_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-748_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-748_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-746_default.lock.xml ## manifest-judo --------------------------- Commit: 2d54883 --------------------------- New kernel lock on builds to help with ec2 scaling Signed-off-by: Brady Hill # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-746_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-745_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-745_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-744_default.lock.xml ## meta-judo --------------------------- Commit: 85bb68d --------------------------- BEDROCK-191: device-id-cert-tools: Set preferred version Judo should not yet use the latest version of device-id-cert-tools (`0.1.2+git`), so we need to explicitly select the older version. Before we switch to the latest version (which we need for IAM support), more testing of it is needed. Signed-off-by: Theodore A. Roth # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-744_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-743_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-743_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-741_default.lock.xml ## meta-bedrock --------------------------- Commit: dee7577 --------------------------- BEDROCK-191: certmgmt: Update recipe to support 0.0.8 and 0.1.2 Between 0.0.8 and 0.1.1 of device-id-cert-tools, there was a major refactoring of the code base to add support for IAM as the future of profiles and bootstrap. Instead of just updating the recipe from 0.0.8 to 0.1.2, we need to continue to support the 0.0.8 code base as Judo should not consume the refactored code since it has not been tested on devices yet. We need to integrate the new code base into bedrock first to facilitate testing on RPI devices. For now, the default behavior will see builds getting the 0.0.8 code base unless the following is set in `local.conf` or `user.conf`: PREFERRED_VERSION_device-id-cert-tools = "0.1.2%" This will force using the `device-id-cert-tools_git.bb` version of the recipe. We will be doing that for bedrock builds so that we can test the new code base on real devices. Signed-off-by: Theodore A. Roth --------------------------- Commit: 435e3fb --------------------------- BEDROCK-191: certmgmt: Fix adding hsm-init-yubikey.py When setting the FILES variable for the device package, need to append instead of assign in the .bbappend so as not to clobber the value set in the main recipe. This was causing the files defined in the main recipe to not be included in the device sub-package. Signed-off-by: Theodore A. Roth # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-741_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-740_default.lock.xml ## judo-cfg-agents --------------------------- Commit: c4357b0 --------------------------- CSNMR-5462: extend cell service stops in MFG API Added a restart of the ModemManager service just after the MFG API modem AT command handler takes down a bunch of cell services. Added celldiags_agent and NetworkManager to the stop list. In the last OS release to the CM the first issued modem AT command was failing 40 % of the time. Stopping celldiags and Network manager reduced the occurences. Restarting ModemManager after killing cell services fully resolved the issue. Serial port conflicts and half finishing ModemManager interactions were likely the cause. ## meta-judo-proprietary --------------------------- Commit: 70d69a0 --------------------------- CSNMR-5462: update SRCREV # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-740_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-739_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-739_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-738_default.lock.xml ## judo-api-specs --------------------------- Commit: 80a7854 --------------------------- CSNMR-5523: Add minLength and maxLength to ssid field of 80211 spec The 80211 radios may have a SSID field 0 to 32 octets (bytes), so this change helps document the allowable size. ## meta-judo --------------------------- Commit: b1788c7 --------------------------- CSNMR-5523: Update SRCREV for judo-api-specs # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-738_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-737_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-737_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-736_default.lock.xml ## judo-web-ui --------------------------- Commit: c9af362 --------------------------- CSNMR-5002: Add v0 web UI dialog for gnss logging configuration The v0 web page has index.html and judo.js updated and gnss_log.js added to include a form for gnss logging configuration. It sends a message to the Judo that will be picked up the the gnss_manager agent. The agent will pass the information to the bd922-handler to configure the BD GNSS receiver logging settings. ## meta-judo --------------------------- Commit: 202d645 --------------------------- CSNMR-5002 Move judo-web-ui SRCREV to an include file Both judo-web-ui and judo-web-ui-recovery rely on the same SRCREV, so it is now moved to an include file so that it is updated once. The judo-api-specs SRCREV is also updated. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-736_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-735_default.lock.xml ## judo-cfg-agents --------------------------- Commit: ec6e9cd --------------------------- CSNMR-5002: Add Logging to GNSS Mgr Add GNSS Logging support to GNSS Manager Agent to control BD Logging with "schedule" support of Disabled, Always, and Continuous. Add runtime generation of GNSS configuration files. The generated GNSS configuration file (.toml) will be located in '/cfg/sysconfig'. The generated configuration is a merge of the static base GNSS configuration files in '/etc/gnss' and the GNSS logging runtime configuration parameters The static GNSS base files are selected as before from the GNSS machine type cfg and GNSS lease cfg. The GNSS runtime cfg is generated from the GNSS logging cfg. The runtime configuration "wins" over the static GNSS cfg files if there are any commen keys. ## meta-judo-proprietary --------------------------- Commit: 896d158 --------------------------- CSNMR-5002: Add GNSS Logging support to GNSS Mgr Add GNSS Logging support to GNSS Manager Agent. ## yocto-docs --------------------------- Commit: d97cfeaa5 --------------------------- tools/containerfiles: fix docker warning The current Containerfiles produce the following warning with docker: 1 warning found (use docker --debug to expand): - UndefinedVar: Usage of undefined variable '$PWD' (line 12) Remove $PWD and set the WORKDIR so that our pip3_docs.sh script finds the virtual env. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ba351b354 --------------------------- convert SVGs to PDF and PNG using sphinxcontrib.rsvgconverter plugin The sphinxcontrib.rsvgconverter plugin allows to generate a PDF or PNG from an SVG. This is what we already do manually via Make targets but it isn't good enough. Sphinx generates a cache upon first parsing and stores it in a doctrees directory. Sphinx claims that it can be shared between all builders[1]. For glob patterns in image or figure directives, Sphinx will look for all possible matches in the source tree and store those in a "candidates" map for each file, along with the associated mimetype. When building, Sphinx will then look in this map to try to find a match in the current builder's supported_image_types. If none is found, the build will fail. The latexpdf (using the LaTeXBuilder) target does not support SVGs by default[2]. We used Make to generate PDFs from them before generating the doc PDF though (see PDFs variable and %.pdf in Makefile) and that type is supported by default[2]. The epub (via the Epub3Builder) target does support SVGs by default[3] but we disabled their support in commit ff3876ca4910 ("conf.py: use PNG first in EPUB output"). We used Make to generate PNGs from them before generating the doc epub though (see PNGs variable and %.png in Makefile) and that type is supported (c.f. Epub3Builder.supported_image_types in our conf.py). The issue is that this is done transparently from Sphinx. When we generate the PDFs or PNGs variants of the SVGs, we put them in-tree directly along their source file. Then, when caching, Sphinx will find both the source file and the appropriate variant. However, the cache isn't updated if there are new files in the tree and the source rST files aren't modified. So, the cache will not have its map updated and we won't be able to find the new variant when building for a non-SVG-compatible builder. Take the following scenario: - start from a clean source file (fresh clone or git clean -ffdx) - build the html target (which supports SVGs by default[4]) - sphinx will find all the files in the source tree matching the glob pattern in ".. image:: test.*", in our case only an SVG since the PDFs and PNGs are only generated for the latexpdf and epub targets respectively. The cache will only store the path to the SVG file because it is the only source file that matches the glob, - attempt to build the epub target (which doesn't support SVGs, only PNGs) - Sphinx checks for the file to include for '.. image:: test.*' and finds an SVG in the cache map and then check the list of supported image types for the Epub3Builder and find that it doesn't support that. It cannot find anything satisfying the dependency and thus fails to build. This scenario can easily be reproduced by running the `make all` command since the html builder will be used first, then epub and finally latexpdf. The `make publish` target works by chance, because the epub builder is built first and will cache SVG + PNG for each glob, then the latexpdf builder is built and supports PNGs so that's fine and then html, which supports SVG as well. To fix this issue, we could simply always generate PDFs and PNGs of all SVGs in the source tree, but this isn't ideal. Instead, let's use an ImageConverter from a Sphinx plugin. This allows to map a plugin as being able to generate a file of type Y from a file of type X. When Sphinx wants to build an image, it'll try to find the image with the type the current builder supports in the cache. If it cannot, it's going to try to find an ImageConverter plugin that is able to convert one of the image types in cache with one of the image types the current builder supports. Then Sphinx will call this plugin to generate the file and put it into the build directory (not in the source!). This allows to simplify the Makefile as well and is a much cleaner approach. The epub target is removed as the catch-all target contains the same instructions as the epub target we remove in this commit. sphinxcontrib.rsvgconverter is a plugin from sphinxcontrib-svg2pdfconverter python module. SVGs to PNGs is only supported since 2.0.0. [1] https://www.sphinx-doc.org/en/master/man/sphinx-build.html#cmdoption-sphinx-build-d [2] https://www.sphinx-doc.org/en/master/usage/builders/index.html#sphinx.builders.latex.LaTeXBuilder.supported_image_types [3] https://www.sphinx-doc.org/en/master/usage/builders/index.html#sphinx.builders.epub3.Epub3Builder.supported_image_types [4] https://www.sphinx-doc.org/en/master/usage/builders/index.html#sphinx.builders.html.StandaloneHTMLBuilder Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 4fbae0147 --------------------------- consistently use pip packages for all distros Until now, Debian and Ubuntu had special instructions for installing Python packages to build the docs. Specifically, the packages that all other distros are installing via pip were installed from the package feed (apt). In the next commit, a new Python module will be required, which isn't available in the package feed. We thus have two options, have a pip3 Debian/Ubuntu-specific set of instructions to install this one package, or migrate packages currently installed through the package manager to use pip like other distros. To lower maintenance burden and the possibility of missing to update both "generic" and "Debian/Ubuntu" variants of pip instructions, the latter was chosen. Suggested-by: Antonin Godard Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 16599c4f6 --------------------------- use a venv for installing packages with pip In a few commits, we'll migrate Debian/Ubuntu to use pip packages. However, Debian rejects pip commands outside of virtual environments. It is generally best practice to use virtual environments with pip, so let's migrate distros that currently use pip to use virtual environments as well. Because BitBake is a Python project and requires a few Python packages that we currently install with distro package managers, it would be best to also include system packages via --system-site-packages when creating the virtual environment such that the user would either be able to build the docs or run BitBake, from the same venv. Unfortunately, one of the packages[1] we'll include in an upcoming commit breaks sphinxcontrib namespace package and thus we cannot have a mix of sphinxcontrib-namespaced packages in and outside the venv. Let's create a completely empty venv for now until the offending package is fixed (see pending merge request[2]). Let's instruct the user to install the docs venv in a relative directory (likely the root of the yocto-docs git repo) instead of guessing a safe location (/tmp may or may not be an actual volatile directory depending on the distro). [1] https://github.com/missinglinkelectronics/sphinxcontrib-svg2pdfconverter/ [2] https://github.com/missinglinkelectronics/sphinxcontrib-svg2pdfconverter/pull/34 Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 8354f3b5b --------------------------- Makefile: use python3 -m sphinx instead of sphinx-build sphinx-build is a "script"[1][2] which is then made available on the system as a binary, upon installing the sphinx package. You can have multiple instances of sphinx installed, e.g. system-wide via the traditional distro package manager or in a venv. In the case of a venv, if you have sphinx already installed in your host system, source the venv activate script and then install sphinx via pip inside the venv, sphinx-build command will still point at the sphinx from the host system. The work-around is either to run the venv activate script again, run `hash -r` or `rehash` in your current shell, or call python3 -m sphinx instead of the Python script. Let's do the latter as it's the easiest/least-user-facing solution. This works because python3 interpreter will be the one from the venv, and it sets the appropriate paths for loading modules (use only packages from the venv by default, or prefer them if --system-site-packages is passed). [1] https://github.com/sphinx-doc/sphinx/blob/v9.1.0/pyproject.toml#L99 [2] https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#creating-executable-scripts Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 8cc5a1302 --------------------------- qemu.rst: parsing of the code-block was not done Because the '::' at the previous line starts a literal block. Signed-off-by: Jan Vermaete Signed-off-by: Antonin Godard --------------------------- Commit: ff3cfb0ed --------------------------- ref-manual: add SPDX_INCLUDE_KERNEL_CONFIG and SPDX_INCLUDE_PACKAGECONFIG Adding documentation for the new variables to export the Linux kernel configuration and recipe PACKAGECONFIG features into the SPDX document. Signed-off-by: Kamel Bouhara (Schneider Electric) [AG: fix variable ordering https://lore.kernel.org/r/DGO3PZFM5WDO.3C92IW83D5RXA@bootlin.com] Signed-off-by: Antonin Godard --------------------------- Commit: 6ab93e2eb --------------------------- dev-manual: delete references to "tar" package format There is no "tar" packaging format anymore, so delete these references. Signed-off-by: Robert P. J. Day Signed-off-by: Antonin Godard --------------------------- Commit: 3f4ed1d41 --------------------------- Makefile: pass -silent to latexmk This should drastically decrease the number of lines in the docs build logs, which currently can go up to 1700000 lines on the Autobuilder[1]. [1]: https://autobuilder.yoctoproject.org/valkyrie/#/builders/34/builds/400/steps/6/logs/stdio Signed-off-by: Antonin Godard --------------------------- Commit: 538b55418 --------------------------- what-i-wish-id-known.rst: replace figure by the new SVG We have a new SVG figure for the Yocto Project workflow figure, which was updated with d2aaf54bee49 ("overview-manual: convert YP-flow-diagram.png to SVG"). The one in the "What I wish I’d known about Yocto Project" is the same. Remove the PNG and make a reference to the new one. Signed-off-by: Antonin Godard --------------------------- Commit: 2817a9077 --------------------------- tools/host_packages_scripts/tlmgr_docs_pdf.sh: install perl Fix an issue reported by Quentin on IRC: The LaTeX files are in _build/latex. Run 'make' in that directory to run these through (pdf)latex (use `make latexpdf' here to do that automatically). make[1]: Entering directory '/docs/documentation/_build/latex' latexmk -pdf -dvi- -ps- 'theyoctoproject.tex' Can't locate Time/HiRes.pm in @INC (you may need to install the Time::HiRes module) (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /opt/docs-build-tex-tools/tl/bin/x86_64-linux/latexmk line 97. BEGIN failed--compilation aborted at /opt/docs-build-tex-tools/tl/bin/x86_64-linux/latexmk line 97. make[1]: *** [Makefile:28: theyoctoproject.pdf] Error 2 make[1]: Leaving directory '/docs/documentation/_build/latex' make: *** [Makefile:74: latexpdf] Error 2 make: Leaving directory '/docs/documentation' We require perl for the latexpdf target to complete successfully. Add it to the tlmgr_docs_pdf.sh script. Tested-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 3f052ae60 --------------------------- docs-wide: remove Bazaar fetcher references Remove the Bazaar fetcher references as it was deprecated in [1]. This fixes the following build issue on master: .../ref-manual/variables.rst:1506: WARNING: term not in glossary: 'bitbake:BZRDIR' [ref.term] [1]: https://git.openembedded.org/bitbake/commit/?id=8e057d54f09ca0a1fb64c716da6b66f0ce4555b0 Signed-off-by: Antonin Godard --------------------------- Commit: c9f83bb2e --------------------------- ref-manual/classes.rst: fix broken links to U-Boot documentation In the chapter describing the "uboot-sign" class Signed-off-by: Michael Opdenacker Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-735_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-734_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-734_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-733_default.lock.xml ## judo-api-specs --------------------------- Commit: ee6df44 --------------------------- CSNMR-5534: Change name of license_source to source to match spec conventions ## meta-judo --------------------------- Commit: c191789 --------------------------- CSNMR-5534: Update SRCREV # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-733_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-732_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-732_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-731_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-731_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-730_default.lock.xml ## judo-api-specs --------------------------- Commit: c920c83 --------------------------- CSNMR-5534: Add license source field to license status update ## judo-auto-test --------------------------- Commit: 19916a6 --------------------------- CSNMR-5393 - Implement CAN bus configuration handling keywords - Add keywords to enable/didable can interface and get can interface setting using MQTT ## judo-cfg-agents --------------------------- Commit: af5bc45 --------------------------- CSNMR-5534: Add tracked source of refresh request to license process state message ## meta-judo --------------------------- Commit: 1b13fa3 --------------------------- CSNMR-5534: Update SRCREV --------------------------- Commit: 71f969b --------------------------- Bugfix: Use correct nrc7394 halow module FW file The `nrc7394` module fails to initialise with the default FW file, so install/deploy `nrc7394_cspi_eeprom.bin` and update the driver to load that file by default. ## meta-judo-proprietary --------------------------- Commit: 2a0f2d2 --------------------------- CSNMR-5534: Update SRCREV ## nrc7394_sw_pkg --------------------------- Commit: 7068a25 --------------------------- Bugfix: Fix default FW file The default non-EEPROM FW fails to initialise the Halow module with the below error (has a HW revision 0f 0x0000). ``` Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: size of bd file is 8464 Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: Major 01 Minor 04 Total len 2100 Num_Data_Groups 0024 Checksum B3FF Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: target version is not matched(0 : 2) Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: target version is not matched(0 : 3) Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: target version is not matched(0 : 1) Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: target version is not matched(0 : 4) Feb 17 23:14:38 mp1010 kernel: nrc80211 spi3.0: BD file is invalid! Stop loading FW ``` # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-730_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-729_default.lock.xml ## yocto-docs --------------------------- Commit: 7570d210e --------------------------- _templates/footer.html: show a dynamically created id of the docs Since we have switched to branch tips for all versions of the active releases, having the information of which commit id of yocto-docs was built is useful. Show it in the footer as a link to git.yoctoproject.org/yocto-docs. When a tag is built, create a link to the tag instead. When building on a floating commit, this will create an invalid link, but this never happens when publishing the documentation, only for local development. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: 065e70a62 --------------------------- set_versions.py: set a more accurate DISTRO value The changes from the previous commit make the current value inaccurate in some situations, especially since this variable is used in some commands. Take these situations into account and compute a more accurate value for DISTRO. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: a8749670e --------------------------- switchers.js: rework the logic and improve it Rework the generation of the switcher menu, and also fix it. It's not obvious how this could be split for easier review, as many parts depend on one another, so this is what this patch changes and fixes: - The menu only contains branch tips versions of the documentation for supported releases now - even though the latest tag is displayed in the menu. This approach will fix the lack of release notes for the latest version of an active branch, as release notes are always published after the yocto-docs repository is tagged. - Show a commit id when building on a separate commit that is not a branch tip or not a tag. This should only ever happen when building locally (not for the published version). - All stable/LTS versions are displayed in the menu UNLESS the current version for which we are viewing is part of them, in which case it's shown last in the menu. - Rework the logic to show outdated or obsolete versions to conform with the above changes, but overall it behaves the same: - granted that Kirkstone is an active release, and 4.0.32 is the latest tag for this release, the "outdated" banner is displayed if we browse any version of Kirkstone inferior to 4.0.32. - browsing any version not part of the active releases (all LTS versions + the stable branch) will show the "obsolete" banner. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --------------------------- Commit: b0a9cf917 --------------------------- set_versions.py: remove duplicate and unneeded logic The following commit will make it unneeded to pass the version to the script directly, as it will be automatically deduced no matter which branch we're on. We can therefore the ourversion assignment. We still want the "getlatest" special argument, so read it from sys.argv directly. Add a comment mentioning that the order here is important for getlatest to work. Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-729_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-728_default.lock.xml ## judo-radio-utils --------------------------- Commit: 460c5cb --------------------------- CSNMR-4649 Functional Test Updates for Swift Modify halow-test-us-*-open.sh to add arguments for not running wpa_supplicant or hostapd. Create a systemd service file for managing these services. ## meta-bedrock --------------------------- Commit: 77281fb --------------------------- BEDROCK-183: Force setting adminuser password on first login Signed-off-by: Theodore A. Roth --------------------------- Commit: dc50134 --------------------------- BEDROCK-183: openssh: Remove debug-tweaks Upstream has removed `debug-tweaks` as allowed value of `IMAGE_FEATURES`. Signed-off-by: Theodore A. Roth --------------------------- Commit: 7843d41 --------------------------- packagegroup-bedrock-core: Remove openssl-ossl-module-legacy Upstream has disabled legacy-openssl by default, so the need to pull in the openssl-ossl-module-legacy-module for the python3-cryptography package is no longer needed. The upstream changes were breaking the bedrock builds. Signed-off-by: Theodore A. Roth --------------------------- Commit: d25d879 --------------------------- Add systemd-analyze to os images This enables the ability to analyze the boot sequence and timing on a device. Signed-off-by: Theodore A. Roth ## meta-judo --------------------------- Commit: 5ae3694 --------------------------- CSNMR-4649: Add openssh-misc package to CI image This package provides the ssh-agent and ssh-add utilities which allow setting up SSH connections to the UUT and secondary unit for tests which are not yet supported by the MQTT API. --------------------------- Commit: bbf9402 --------------------------- CSNMR-4649: Add Sumo test setup RPi to hostname lookup ## meta-judo-bsp --------------------------- Commit: ab82d76 --------------------------- CSNMR-4649: judo-radio-utils: Package systemd service directories The systemd service directories need to be packaged by this recipe because they now contain services for starting the HaLow AP and STA for functional testing. --------------------------- Commit: 18a12f7 --------------------------- CSNMR-4649: judo-radio-utils: Update SRCREV ## meta-judo-proprietary --------------------------- Commit: 3532a4b --------------------------- CSNMR-4649: Bridge UUT and secondary unit MQTT brokers to RPi broker This change is necessary because the test controller and monitor expect to receive messages from both units on the RPi broker and send commands to both units using the same broker. --------------------------- Commit: 5d463af --------------------------- CSNMR-4649: Tweak keyfile name in ssh-add helper message --------------------------- Commit: 0c262ed --------------------------- CSNMR-4649: python3-mqtt-api: update SRCREV --------------------------- Commit: 56aef79 --------------------------- CSNMR-4649 Functional Test Updates for Swift - emc-test-monitoring: - update IP addresses to match compliance scripts (we will want to revert the ip address changes long term) - change the cell ping interval to 3, to cut down on bandwidth usage - start-tmux-monitor-controller: - Configure UHF, Halow, and WiFi - Check for ssh agent to be running, which is recommended for ssh config of UHF, Halow and WiFi. - Don't run mqtt-select-device-id.py, if uut_id.env file exists - tweak the tmux window split ratios ## mqtt-api --------------------------- Commit: 1808b88 --------------------------- CSNMR-4649: mqtt-api-controller.py: Enable functional test service on UUT at startup --------------------------- Commit: 3e6fdfb --------------------------- CSNMR-4649: mqtt-select-device-id.py: Allow selecting Sumo device IDs --------------------------- Commit: 88dde3e --------------------------- CSNMR-4649: mqtt-api-monitor: Use event_diag_gnss_data for GNSS tests --------------------------- Commit: 015cdc4 --------------------------- CSNMR-4649: mqtt-api-controller: Allow exiting session without stopping existing requests --------------------------- Commit: 26d382a --------------------------- CSNMR-4649: scripts: Add scripts for setting up HaLow and Wi-Fi STAs --------------------------- Commit: 5e1aeec --------------------------- CSNMR-4649: scripts: Exit after setting up Wi-Fi/HaLow AP This change makes the controller shell scripts for setting up Wi-Fi and HaLow APs exit after the AP is set up. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-728_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-727_default.lock.xml ## cfg-mgr --------------------------- Commit: a16b400 --------------------------- CSNMR-4816: Increase timeout value for entitlement checks due to increased traffic --------------------------- Commit: 2ba6e90 --------------------------- CSNMR-4816: Add startup check to cache role entitlement * This enables async updates to the role entitlements and prevents thread blocking caused timeout errors on entitlement checks --------------------------- Commit: caf2f23 --------------------------- CSNMR-4816: Allow license timeouts to trigger activation and expiration timeouts --------------------------- Commit: 66d169e --------------------------- CSNMR-4816: Remove hash check for license flag * This change makes it easier for users to add opt out flags via serial, as they do not need a specific file to trigger the flag, any file in the expected location will trigger the opt out ## judo-auto-test --------------------------- Commit: 72f9b67 --------------------------- CSNMR-4816 Skip licensing test for CSNMR-5534 - Skipped the licensing->Reboot Initiates License Refresh test due to tests inablilty to detect if the license was updated via cloud. --------------------------- Commit: 3c92cef --------------------------- CSNMR-4816 Fix test Reboot Initiates License Refresh - A bug was introduced with CSNMR-4816 updates that caused a race condition in the test where after reboot the payload used to validate the entitlements could be stale and cause a false result. New keywords where added to the library to wait for certain conditions are met before doing the validation --------------------------- Commit: 848d8b7 --------------------------- CSNMR-4816 Add new keywords - Added 3 new keywords: - is_license_process_state - get_diag_license_process_state - wait_for_license_process_state ## judo-cfg-agents --------------------------- Commit: 969efb1 --------------------------- CSNMR-4816: Check access token on connect before confirming remote connection --------------------------- Commit: 9401cae --------------------------- CSNMR-4816: Fix UHF agent licensing issue * UHF agent was not checking license validation on startup, which caused the check to not be properly cached * This caused subsequent misses checking UHF entitlement status --------------------------- Commit: b88e219 --------------------------- CSNMR-4816: Increase the license forced refresh period for internal testing purposes --------------------------- Commit: 5f1fd74 --------------------------- CSNMR-4816: Enable stage env by default for licensing * This is a temporary change to make the early phase of testing easier until the prod lms env is ready for use * This removes the requirement that users manually set the environment ## meta-judo-proprietary --------------------------- Commit: 13a689a --------------------------- CSNMR-4816: Update SRCREV for judo-cfg-agent and cfg-mgr --------------------------- Commit: c3ca1e7 --------------------------- CSNMR-4816: Fix list formatting in judo-cfg-agent # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-727_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-726_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-726_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-725_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-725_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-724_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-724_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-723_default.lock.xml ## judo-auto-test --------------------------- Commit: 9b10ab0 --------------------------- CSNMR-5515 Remove depricated keywords - Removed the depricated keywords from the judo_mqttlibrary --------------------------- Commit: 03ba649 --------------------------- CSNMR-5515 Fix lint problems in RF tests - Fixed multiple lint problems in the RF test suites. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-723_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-722_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-722_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-721_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-721_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-720_default.lock.xml ## asyncapi-spec-obj --------------------------- Commit: 9a969e5 --------------------------- ValidationError: Prevent error generator exhaustion This changeset fixes a bug which caused some ValidationError exceptions to be raised containing no validation errors. This happened because the generator of error messages being passed to the ValidationError constructor was being exhausted before the exception message could be created. This change prevents that from happening by storing a list of validation error messages in the ValidationError instance instead of the original generator object, allowing the list of messages to be iterated over multiple times. --------------------------- Commit: f451e08 --------------------------- .gitignore: ignore build and reports folders ## meta-judo-bsp --------------------------- Commit: aab6bc5 --------------------------- Bugfix: Set radio regulator to a fixed voltage Defining a 'fixed' regulator with differing min and max voltages is not supported and was preventing the radio and all derived regulators (Wi-Fi regulators in particular) from being initialized properly, this does not affect the HW in any way as the regulators are not SW controlled, just cleaning up a harmless warning. --------------------------- Commit: 83f4dc9 --------------------------- DeviceTree: remove non-removable property from Wi-Fi With a GPIO-controlled power supply (`WF_BT_PWR_EN` GPIO) the Wi-Fi module is effectively removable and removing the `non-removable` property ensures the kernel will detect and initialize the Wi-Fi interface whenever it is powered up. --------------------------- Commit: 4248776 --------------------------- Wifi Silex SDMAC: configurable IO voltages Ongoing issues are preventing the Wi-Fi module from operating at 1v8 IO voltages, but there is still a need to be able to test fixes. Allow Wi-Fi IO voltages to be configured via the presence of a `enable_wifi_1v8` file in the boot partition, (i.e `/boot/enable_wifi_1v8`) that results in an overlay being applied to the kernel DeviceTree by U-boot. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-720_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-719_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-719_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-718_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-718_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-717_default.lock.xml ## judo-auto-test --------------------------- Commit: b5097e5 --------------------------- CSNMR-5493 Add Install New Licence test cases - New test case that test the ability to obtain licenses from the license server if no licenses are currently applied to the device. --------------------------- Commit: 4183750 --------------------------- CSNMR-5493 Add Delete All Licenses keyword - Added a keyword called Delete All Licenses which publishes a remove_licenses topic to the Judo device --------------------------- Commit: 36b40c4 --------------------------- Fixed __init__.py SystemControlLib misspelling The spelling for SystemContrlLib in __init__.py did not match the class name trying to import the library as systemcntl_lib.SystemControlLib # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-717_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-716_default.lock.xml ## judo-auto-test --------------------------- Commit: 5587434 --------------------------- CSNMR-5331 Add GNSS lease keep-alive to test cases - Added GNSS keep-alive to test cases to keep the GNSS lease from expiring prematurely before the HF GSOF check can be completed ## meta-bedrock --------------------------- Commit: f3a0aa0 --------------------------- BEDROCK-195: hostapd: Fix to avoid invalid long SSIDs The hostapd daemon will fail to start if the SSID is set to a value longer than 32 characters. Example failure: Feb 11 13:47:30 bedrock-f60d58706fb34fc3-x1 hostapd[635]: Line 1: invalid SSID 'bedrock-f60d58706fb34fc3-x1-7c7749' Feb 11 13:47:30 bedrock-f60d58706fb34fc3-x1 hostapd[635]: 1 errors found in configuration file '/tmp/hostapd.conf' If the SSID is too long, it will be truncated to 32 characters. Signed-off-by: Theodore A. Roth --------------------------- Commit: 4ce9cb2 --------------------------- crun: Fix QA error which is breaking the builds Quells the following QA error: ERROR: crun-v1.24.0+git-r0 do_package_qa: QA Issue: crun: recipe doesn't inherit features_check [unhandled-features-check] This needs to be submitted to upstream meta-virtualization. Signed-off-by: Theodore A. Roth # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-716_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-715_default.lock.xml ## judo-security --------------------------- Commit: 4488171 --------------------------- Replace jabil references with mfg and/or manufacturing # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-715_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-714_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-714_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-713_default.lock.xml ## manifest-judo --------------------------- Commit: 4d1783c --------------------------- SUMO-483: Update notes on enabling compliance feature ## meta-judo --------------------------- Commit: 9474a6b --------------------------- Bugfix: Store container data in /data partition Was previously trying to store in the user home, but that only worked for non-root users as the root users home is now `/root` and there is no R/W overlay for it. --------------------------- Commit: 1bab4a6 --------------------------- SUMO-483: Add bluetooth CW recipe when compliance feature present Convert compliance feature from a MACHINE feature to a DISTRO feature. ## meta-judo-bsp --------------------------- Commit: 8a67899 --------------------------- SUMO-483: Convert ath10k_compliance feature to compliance the `compliance` feature now enables compliance FW and scripts for more than just the Wi-Fi module, currently adds support for running BT in compliance modes too. ## meta-judo-proprietary --------------------------- Commit: 62ceaaa --------------------------- Bugfix: Install Wi-Fi certification scripts to root home Install into where-ever the `ROOT_HOME` variable points rather than a hard-coded `/home/root` path (as the root home is now `/root` by default). --------------------------- Commit: baeef89 --------------------------- SUMO-483: BT compliance tools and script Leverages work done for ORCA/Porpoise and modifies it to work on MP10XX devices. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-713_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-712_default.lock.xml ## meta-judo-bsp --------------------------- Commit: bc33235 --------------------------- program-uhf-fpga: Remove references to Jenkins --------------------------- Commit: cf28d45 --------------------------- CSNMR-5436: program-uhf-fpga: Update to latest nightly FPGA build # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-712_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-711_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-711_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-710_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-710_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-709_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-709_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-708_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-708_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-707_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-707_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-706_default.lock.xml ## yocto-docs --------------------------- Commit: 98840d241 --------------------------- migration-guides/migration-5.3.rst: add note on *FLAGS behavior change Add a note on how existing *FLAGS += assignments can lead to unexpected behavior in the 5.3 release notes. Cc: Richard Purdie Signed-off-by: Antonin Godard --------------------------- Commit: f40dc0b42 --------------------------- set_versions.py: check that we build from the git repository Check that we are building from a Git clone of yocto-docs, not a bare directory, which is not supported as we need to tags to be fetched. Inform the user how to clone the documentation too. Fixes [YOCTO #15834] Signed-off-by: Antonin Godard # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-706_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-705_default.lock.xml ## meta-judo-proprietary --------------------------- Commit: 5aeace2 --------------------------- CSNMR-5265: Update rust-gnss for Stella and Sumo Update Judo rust-gnss SRCREV from: ef2f9dff19cef99d63e19c1a5fbbded18bb46296 to: d9360226a12947b7dd8035f2d9b83ee929a0540a CSNMR-5265: Add support for timo/sumo/kendo RxIDs SUMO-493 : Add sumo board ref to pinmux hardware check # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-705_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-704_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-704_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-703_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-703_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-702_default.lock.xml ## meta-judo-bsp --------------------------- Commit: 70286cb --------------------------- CSNMR-5454: suhf-sword: reset FPGA on driver startup This changeset updates the SRCREV for Scabbard to integrate control of the FPGA_RESET line into suhf_driver, and adds the libgpiod dependency to the recipe. --------------------------- Commit: 0f13d92 --------------------------- CSNMR-5454: Mark FPGA_RESET pin as active high The FPGA_RESET pin is actually active high, so the 'n' at the start of the pin name is not correct. ## scabbard-judo --------------------------- Commit: 1b859e3 --------------------------- CSNMR-5454: Toggle FPGA_RESET line on suhf_driver startup # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-702_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-701_default.lock.xml ## judo-auto-test --------------------------- Commit: 38b2413 --------------------------- Skip GNSS UHF radio test cases - Skipping the test_feed_correction_data_from_uhf_to_gnss tests are failing Error: AssertionError: GNSS receiver fix mode is not RTKFixed after 60 seconds. See CSNMR-4669 # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-701_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-700_default.lock.xml ## judo-cfg-agents --------------------------- Commit: 5e5feff --------------------------- CSNMR-5478: Remove required id field from license xml schema ## meta-judo-proprietary --------------------------- Commit: 3e1cc76 --------------------------- CSNMR-5478: Update SRCREV # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-700_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-699_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-699_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-698_default.lock.xml ## meta-bedrock --------------------------- Commit: 24fb9e3 --------------------------- BEDROCK-190: Use nginx instead of lighttpd The nginx http server supports openssl engines and providers for pkcs#11 storage/access of privates keys for https. This also introduces a basic bedrock-web-ui package to install static web pages for the server to host. The web ui package uses a virtual webserver config dependency to decouple it from a specific web server, so in theory, end users can select which web server to use via setting `PREFERRED_RPROVIDER_virtual-webserver-config`. Signed-off-by: Theodore A. Roth ## yocto-docs --------------------------- Commit: 095981c08 --------------------------- migration-guides: add release notes for 4.0.32 Signed-off-by: Lee Chee Yang Signed-off-by: Antonin Godard --------------------------- Commit: e95e60ef8 --------------------------- migration-guides: add release notes for 5.3.1 Signed-off-by: Lee Chee Yang [AG: oecore -> openembedded-core https://lore.kernel.org/r/DGAAISXQEM8B.1JQP7X9NMQ5HA@bootlin.com] Signed-off-by: Antonin Godard --------------------------- Commit: 5fd9d1602 --------------------------- document the OPENSSH_HOST_KEY_DIR and OPENSSH_HOST_KEY_DIR_READONLY_CONFIG variable Added by commit addd80ddfd89 ("openssh: add variable for key path") in OE-Core. Signed-off-by: Patrick Vogelaar Signed-off-by: Antonin Godard --------------------------- Commit: 749b79b1a --------------------------- ref-manual/variables.rst: document new FIT image variables - FIT_MKIMAGE_EXTRA_OPTS: new variable to pass extra mkimage options - FIT_CONF_MAPPINGS for flexible DTB mappings Signed-off-by: Adrian Freihofer Signed-off-by: Antonin Godard --------------------------- Commit: 37667bcc6 --------------------------- brief-yoctoprojectqs/index.rst: remove extra word from text The sentence in brief-yoctoprojectqs/index.rst contained a duplicated word ("dependencies it"). This change removes the extra word to improve clarity for new users following the quick start guide. Signed-off-by: Mohammad Rahimi Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 411122812 --------------------------- dev-manual/packages.rst: fix example recipe version The example recipe taken above is hello-world on version 1.0 (because PV equals "1.0+git". Fix this issue. Signed-off-by: Antonin Godard --------------------------- Commit: 7a0324b6a --------------------------- dev-manual/packages.rst: rename r0.0 to r0 when PR server is not enabled When we don't have a PR server enabled, we don't have leading ".0" to the PKGR variable, as this is added by the PR server. Signed-off-by: Antonin Godard --------------------------- Commit: 09f0430bc --------------------------- dev-manual/packages.rst: pr server: fix and explain why r0.X increments on SRCREV change The current example of the SRCREV change triggering a gitX bump is wrong, as both gitX and r0.X get incremented. Why this is happening is explained in bug 15729, which I copy here: > +gitX+ is indeed related to changes in the source code. > > r0.X is bumped each time the checksum of the do_package task of the > simple-hello-world-git recipe changes. This happens here: > https://git.openembedded.org/openembedded-core/tree/meta/classes-global/package.bbclass?id=235e6d49e5888ad04416219e10b6df91a738661a#n306 > > This line sets the value of PRAUTO and represents the number X found in > r0.X. It will in the end make it into EXTENDPRAUTO, which itself makes > to PKGR == r0.X. > > This line calls getPR(version, pkgarch, checksum). Between test case 5 > and 6, only the checksum changes. This checksum is the checksum of the > do_package task (gotten from get_do_package_hash() above). > > Now, let's dump what changed with regards to this task between two > consecutive runs, using the sigdata file in build/tmp/stamps/: > > ``` > [...] > Variable fetcher_hashes_dummyfunc value changed from '2650ad6714c3f3248abfe9d3daf1196f307ed494' to '4af682a50174f5deb0397847da97d7cdba4ad067' > ``` > > The last line shows that the value of fetcher_hashes_dummyfunc changed > from '2650ad6714c3f3248abfe9d3daf1196f307ed494' to > '4af682a50174f5deb0397847da97d7cdba4ad067'. Those are the commit hashes > in the git history of the simple-hello-world-git repository. > > Now you can see why this 0.X gets bumped, is because of the SRCREV change. Fix the example, and detail what gets changed and why. [YOCTO #15729] Cc: Robert Berger Signed-off-by: Antonin Godard --------------------------- Commit: d3f9b0a5a --------------------------- ref-manual: Document updated UBOOT_CONFIG flow The UBOOT_CONFIG flow was updated in oe-core [1]. Document all of the new variables and preferred method of specifying the various controls for each config. [1] https://git.openembedded.org/openembedded-core/commit/?id=cd9e7304481b24b27df61c03ad73496d18e4d47c Signed-off-by: Ryan Eatmon [AG: Typo fixes https://lore.kernel.org/r/DG1YKKEBYK3R.1RDFPILOIHIOP@bootlin.com] Signed-off-by: Antonin Godard # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-698_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-697_default.lock.xml ## judo-api-specs --------------------------- Commit: f395c2b --------------------------- CSNMR-5363: Add system time message to the asyncapi spec A diagnostic system time event is added with the path {groupId}/event/diag/sys/time. This message uses the base_event_msg properties and the timestamp comes for free. There are no additional properties. The message will be produced once per minute. The version is updated to 0.62.0. ## judo-cfg-agents --------------------------- Commit: ef63e7d --------------------------- CSNMR-5363: Add system time message emitter to the diags_agent This change produces the asyncapi message for event_diag_sys_time. It is a simple message with just a timestamp field and deviceId. The code publishes an empty dict and the base class adds the required fields. A unit test is included. ## meta-judo --------------------------- Commit: 68d26bb --------------------------- CSNMR-5363: Update SRCREV for judo-api-specs ## meta-judo-proprietary --------------------------- Commit: 4fc9bfc --------------------------- CSNMR-5363: Update SRCREV for judo-cfg-agents # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-697_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-696_default.lock.xml ## meta-judo --------------------------- Commit: bc0ece9 --------------------------- CSNMR-5340: Set version of main to 0.27 --------------------------- Commit: ab0f466 --------------------------- SUMO-279: ms9xx-bridge -> rust-gnss refactor Handle the renamed packages in the packagegroups, and only include the command-line tools in -devel images. ## meta-judo-bsp --------------------------- Commit: d66b514 --------------------------- SUMO-491: GNSS: use internal TCXO Stella receivers have an upgraded internal TCXO and do not require the external one (that is being de-popped) to meet our accuracy requirements. Can force all devices to use the internal TCXO (including devices with BD992 receivers) as all MP10XX devices are going to be upgraded to Stella receivers before release to customers. Legacy/development devices with BD992 receivers will still function fine for development purposes, but will suffer performance issues in extreme conditions (mainly temperature extremes?). --------------------------- Commit: 9cfc28e --------------------------- SUMO-491: Refactor GNSS power management service Properly sequence GNSS power/reset and bootstrap option GPIOs on device startup. Ensure the receiver is powered up before starting the GNSS 'handler' service and ensure restarts of this service propagate out to the handler service. ## meta-judo-proprietary --------------------------- Commit: da5089d --------------------------- SUMO-279: Disable UHF agent on Sumo Support for configuring Phoenix radio to be added in SUMO-540. --------------------------- Commit: f6862e6 --------------------------- SUMO-279: ms9xx-handler -> rust-gnss refactor Renames/replaces the existing `ms9xx-bridge` recipe as that builds many more binaries than just the MS9xx bridge, including `phoenix-handler`. Split artifacts into individual packages so they can be individually selected/installed. Remove the unused patch that was fixed in the latest `rust-gnss` update, see meta-judo-proprietary commit `a5cc084602f80c72f21a0d97f1efd5d43de0dc31` # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-696_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-695_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-695_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-694_default.lock.xml ## judo-auto-test --------------------------- Commit: d1bcf48 --------------------------- CSNMR-5068: Remove issue from tests/test_wifi.py:test_default_wifi_configuration skip marker This changeset removes CSNMR-5068 from the list of issues causing this test to be skipped. Note that CSNMR-5069 has not been completed, so this test will not run yet. --------------------------- Commit: ef07358 --------------------------- CSNMR-4238: Remove stray dependence on separate uut_mqtt_id fixture --------------------------- Commit: d0a908e --------------------------- CSNMR-4669: Remain in RTKFixed mode for non-zero time Removing the UHF correction stream from the GNSS receiver as soon as it reports RTKFixed position mode causes the receiver to get stuck in that mode even when the correction stream is removed. Having the test maintain the correction stream to the receiver for 20 seconds after it enters RTKFixed position mode fixes this behaviour. --------------------------- Commit: ad16040 --------------------------- CSNMR-4669: Ensure UUT is not in RTKFixed mode before test If this not done, the UHF radio could be enabled before checking that the BD992 is not in RTKFixed mode, making the test invalid (as the BD992 is not switching to RTKFixed mode as a result of receiving valid correction data). Ensuring that the UUT is not in RTKFixed mode is more correct than ensuring that it is in GNSS mode, as the UUT is not guaranteed to return to GNSS mode when the UHF correction data stream is lost, depending on how it is configured and which other correction sources are available. --------------------------- Commit: 3a62040 --------------------------- CSNMR-4669: Add useful error message to test_feed_correction_data_from_uhf_to_gnss --------------------------- Commit: 92f95f0 --------------------------- CSNMR-4669: Reinstate skipped test --------------------------- Commit: c31e770 --------------------------- CSNMR-5324: Reinstate skipped test # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-694_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-693_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-693_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-692_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-692_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-691_default.lock.xml ## manifest-judo --------------------------- Commit: 0a7c2fc --------------------------- BEDROCK-194 yocto mirrors used in manifest-judo Signed-off-by: Brady Hill ## yocto-docs --------------------------- Commit: 3ec23e9fb --------------------------- what-i-wish-id-known.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: b0eed805b --------------------------- test-manual/understand-autobuilder.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: dfe9140b6 --------------------------- test-manual/reproducible-builds.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 783aa4d14 --------------------------- ref-manual/yocto-project-supported-features.rst: remove obsolete poky repo reference Poky -> meta-yocto link replacement. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 805b666f0 --------------------------- ref-manual/system-requirements.rst: fix wrong path to install-buildtools Reported-by: Quentin Schulz Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ca6a30277 --------------------------- ref-manual/system-requirements.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 66fb4d577 --------------------------- ref-manual/release-process.rst: remove repeated "in the" Reported-by: Quentin Schulz Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: e7231e74a --------------------------- ref-manual/release-process.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: a2e67529c --------------------------- ref-manual/features.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 173edb82b --------------------------- ref-manual/faq.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Rework the difference between Poky and OpenEmbedded. Copy the note from terms.rst regarding the now obsolete Poky repository. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 1923550cd --------------------------- ref-manual/devtool-reference.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 91605ea5c --------------------------- dev-manual/vulnerabilities.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Mention that only vulnerabilities in OpenEmbedded-Core are tracked as that's where the packages are. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0bcfcf8c7 --------------------------- dev-manual/upgrading-recipes.rst: move meta-openembedded to bitbake-builds/layers It makes more sense as we expect the layout to be that way. Suggested-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 67ae0525f --------------------------- dev-manual/upgrading-recipes.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: f0c6ba3f4 --------------------------- dev-manual/qemu.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: faf322d8d --------------------------- dev-manual/python-development-shell.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d2cddd8c5 --------------------------- dev-manual/packages.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 1820232eb --------------------------- dev-manual/licenses.rst: instruct to use git-archive instead of removing .git Removing .git directories is destructive. Instruct to use git archive instead. Suggested-by: Quentin Schulz Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: f0b3659e6 --------------------------- dev-manual/licenses.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 6ec9ce47f --------------------------- dev-manual/init-manager.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 04af92638 --------------------------- dev-manual/custom-template-configuration-directory.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Adapt paths to match to encouraged Source Directory layout. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 421ec4742 --------------------------- dev-manual/custom-distribution.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 6e440c9ae --------------------------- dev-manual/build-quality.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 6c8d49202 --------------------------- contributor-guide/identify-component.rst: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0cb6e102f --------------------------- README: replace obsolete substitution variables Replace obsolete substitution variables by current ones from poky.yaml.in. Suggested-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d95db54e4 --------------------------- README: remove obsolete poky repo references Refresh the document now that the Poky repository is obsolete. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 29bd24aee --------------------------- test-manual/runtime-testing.rst: remove obsolete poky repo references Remove reference to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d26aab08b --------------------------- sdk-manual/intro.rst: remove obsolete poky repo references Remove the mention of the Poky git repository. Refer to the existing setup instructions. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d7ce0ad51 --------------------------- sdk-manual/appendix-obtain.rst: remove obsolete poky repo references Rename the source directory to project, as specified in its new definition in terms.rst. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 4c0e97afe --------------------------- ref-manual/variables.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 89818234a --------------------------- ref-manual/tasks.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 83d88fa2c --------------------------- ref-manual/structure.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases. Add a introductory directory layout at the top that is reflected in the following section. This document no longer uses Poky as its source directory, so all paths are explicitly mentioned, to highlight the separation between core components. This lead to some re-organization of some sections. Signed-off-by: Antonin Godard --------------------------- Commit: 63d0fc075 --------------------------- ref-manual/images.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 864a7ec1e --------------------------- ref-manual/classes.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 178d31924 --------------------------- overview-manual/yp-intro.rst: remove obsolete poky repo references Remove references to the Poky repository. This document had a lot of reference to it, so a lot was removed. The "Reference Distribution (Poky)" section was removed as there already was a "Reference Embedded Distribution (Poky)" below. This section was simplified as now Poky is just a distro, not a repo. The historical section was also updated to mention the obsolete Poky repo. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 345003a75 --------------------------- overview-manual/development-environment.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Replace the poky examples for the Git section by yocto-docs. Signed-off-by: Antonin Godard --------------------------- Commit: 91e96f5c0 --------------------------- overview-manual/concepts.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Signed-off-by: Antonin Godard --------------------------- Commit: 2a2de4da9 --------------------------- migration-guides/migration-1.4.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: bedbbb69a --------------------------- kernel-dev/common.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: e8b03ddb0 --------------------------- dev-manual/wic.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: de6d0a16d --------------------------- dev-manual/wayland.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 71f9a3f78 --------------------------- dev-manual/temporary-source-code.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: b184acb48 --------------------------- dev-manual/securing-images.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0dceb6dd9 --------------------------- dev-manual/new-recipe.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 3da2e7bb3 --------------------------- dev-manual/libraries.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ff8595ec8 --------------------------- dev-manual/layers.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Signed-off-by: Antonin Godard --------------------------- Commit: 40af24177 --------------------------- dev-manual/layers.rst: re-organize the document The first section of the layers document shows how to manually create a layer step-by-step, and references bitbake-layers create-layer at the end. Change the approach of this section to show how to use the bitbake-layers create-layer command to create a layer, and then explain how a layer is organized and configured. This avoids repetition, and we should encourage users to use pre-built tools when they can do things in a less error-prone way. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d96a93b1c --------------------------- dev-manual/external-toolchain.rst: remove obsolete poky repo references Remove the single poky repository reference in this document, after the poky repository was obsoleted. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 8a8a4d77e --------------------------- dev-manual/error-reporting-tool.rst: remove obsolete poky repo references Remove the single poky repository reference in this document, after the poky repository was obsoleted. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 27cfed1fc --------------------------- dev-manual/debugging.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 2c45968fd --------------------------- dev-manual/building.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 472a5c353 --------------------------- contributor-guide/submit-changes.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases. Signed-off-by: Antonin Godard --------------------------- Commit: b47987aba --------------------------- kernel-dev/advanced.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases, and refer to bitbake-setup or the manual setup in the intro. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 05a506686 --------------------------- bsp-guide/bsp.rst: remove obsolete poky repo references Remove references to the Poky repository, replace by OpenEmbedded-Core in most cases, and refer to bitbake-setup or the manual setup in the intro. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 68586e603 --------------------------- dev-manual/start.rst: remove obsolete poky repo references The Poky repository has stopped being updated in favor of bitbake-setup or manual clones of the required repositories. Simplify the document by making references to these guides as well as removing sections that are covered in the references documents. Keep a "Initializing the Build Environment" as this task is common and referenced in different places in the documentation. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: a7c169229 --------------------------- dev-manual/poky-manual-setup.rst: remove obsolete poky repo references The commit "dev-manual/start.rst: simplify the document after poky obsolescence" removed some of the information related to source archives published on downloads.yoctoproject.org. Mention it in this document as it makes sense to use those when manually setting up a Poky build. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0b909e6c8 --------------------------- transitioning-to-a-custom-environment.rst: remove obsolete poky repo references - Use :term: for Poky. - Mention use of fragments instead of local.conf. - Remove Yocto < 2.4 reference. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d7d5ddeda --------------------------- tree-wide: figures: remove title PNGs We used to have banners at the top of each main section before we migrated to Sphinx and those aren't used anymore, so let's remove them from the tree. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: fdc14a205 --------------------------- ref-manual/terms.rst: refresh the OpenEmbedded build system definition Remove the mention of Poky containing BitBake, just mention BitBake. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: b42c033bf --------------------------- dev-manual/poky-manual-setup.rst: mention the Source Directory After switching to the new definition of "Source Directory", i.e. the base directory for your project (which used to be poky), mention it in this document on manually setting up the layers for a project. As stated in terms.rst, use "project" for the directory name. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 9ad8a0aa7 --------------------------- ref-manual/terms.rst: simplify the Source Directory definition Now that we no longer have Poky around, simplify the Source Directory definition: - Make references to existing documents that show how to create this Source Directory. - This directory contains sources, the layout in which they are presented does not matter so much, as it can be different and/or freeform depending on whether we use bitbake-setup or not. The definition chooses "bitbake-builds" as the name of the source directory and is the one that should be used when showing examples in the documentation. A typical Source Directory would look like the following: bitbake-builds/ ├── build/ └── layers/ Other parts of the documentation referencing to this as the Poky repository still have to be updated. This will also mean that this definition will be used a lot less across the documentation: in most cases, when the "Source Directory" is referenced as the Poky repository, it can be replaced by OpenEmbedded-Core, Bitbake, the documentation, or meta-yocto. We'll keep this definition around regardless, as it can be useful to denote this group of directories in a more general sense. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: dd328b79a --------------------------- ref-manual/terms.rst: refresh the OpenEmbedded-Core definition After the Poky repository obsolescence, refresh the OpenEmbedded-Core definition. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 476780d77 --------------------------- ref-manual/terms.rst: refresh the Build Directory definition After the Poky repository obsolescence, refresh the build directory definition. Fix the formatting and indenting issues while at it. Reviewed-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 6256a73d7 --------------------------- migration-guides: add release notes for 5.0.15 Signed-off-by: Lee Chee Yang Signed-off-by: Antonin Godard --------------------------- Commit: 52ec12522 --------------------------- sdk-manual: appendix-obtain: fix default path for eSDK installer script The eSDK installer script installs in poky_sdk directory but under the user's home directory so let's make that explicit. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ede411d70 --------------------------- sdk-manual: using: fix SDK filename example I'm pretty sure we meant to use the DISTRO poky.yaml.in placeholder which can only be replaced when surrounding by & and ; characters. Therefore let's fix this oversight. Also, the example isn't actually pointing at the snapshot, but the actual release, so let's reword that as well so it matches the example. I decided to do that instead of adding +snapshot to the filename because the example in the next section is actually using that same filename so for consistency it seemed more appropriate. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 41ee642c3 --------------------------- sdk-manual: appendix-obtain: use parsed-literal block for naming convention of the installer scripts It's easier on the eye to use a parsed-literal block for highlighting things that must be changed than simply stating the word, so this makes use of a parsed-literal block instead of a simple inline code-block and also highlight in italic which words are placeholders. Also make the explanation below the literal-block use the same highlighting (italic). Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: ffaea8391 --------------------------- sdk-manual: delete sdk-title PNG It hasn't been used since the migration to Sphinx so let's remove it. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 39fb14879 --------------------------- sdk-manual: replace sdk-environment PNG with SVG This replaces the PNG figure with an SVG. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 77b24b4a8 --------------------------- sdk-manual: appendix-obtain: replace eSDK directory structure PNG with a parsed-literal block This PNG is totally unnecessary and makes accessibility much worse, so let's simply replace the PNG with a parsed-literal block showing the same directory layout with the same highlighted placeholders. While at it, update the layout to match the more recent one (5.0.15) and have it alphabetically sorted (mixed files and directories). The placeholders are highlighted the same way inside and outside the parsed-literal block for consistency. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 0c68497ec --------------------------- sdk-manual: appendix-obtain: replace directory structure PNG with a parsed-literal block This PNG is totally unnecessary and makes accessibility much worse, so let's simply replace the PNG with a parsed-literal block showing the same directory layout with the same highlighted placeholders. While at it, update the layout to match the more recent one (5.0.15) and have it alphabetically sorted (mixed files and directories). The placeholders are highlighted the same way inside and outside the parsed-literal block for consistency. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: d682bce63 --------------------------- sdk-manual: appending-customizing: use none lexer for BitBake code blocks No lexer exists for BitBake right now, so let's simply disable the lexer entirely by using the "none" lexer. I'm using "none" instead of "text" to be able to "easily" replace none code blocks the day a BitBake lexer exists. I "reserve" "text" for actual text content (e.g. a filename, or the output of a command line without the command line). Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 10d40604c --------------------------- sdk-manual: working-projects: properly highlight code code-blocks There are some blocks containing C code so highlight them as C with the "c" lexer. For autotool'ed files, there's no lexer available so "none" will do just fine. Finally, there's one Makefile code block so highlight it with the "makefile" lexer. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 04c883216 --------------------------- sdk-manual: fix improper indent of general form of tarball installer scripts poky-glibc-host_system-image_type-arch-toolchain-ext-release_version.sh is in a code-block and thus requires to be indented (it is). Sphinx knows a block has ended when the indentation of the next line is smaller than in the block, otherwise it's all in the same block. The explanation of the replaceable parts in the tarball installer script filename should be text and not part of the block, so let's do that. While at it, reformat by putting each replaceable part in a bullet list, highlight the replaceable part or what it can replaced with as well as putting the replacement on the same line instead of making it a quote by having them indented in the bullet list. Finally, replace the literal block (::) with a parsed-literal block so we can highlight the placeholders appropriately. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: c6039ce11 --------------------------- sdk-manual: fix incorrect highlight language for console code-blocks When unspecified in conf.py via the highlight_language variable (and highlight variable for code-blocks), the lexer used for literal blocks is "default" which tries to highlight the block as Python code. These blocks aren't Python but simple command lines prefixed by a prompt so let's use the "console" lexer to properly highlight. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard --------------------------- Commit: 72354c270 --------------------------- sdk-manual: fix incorrect highlight language for text code-blocks When unspecified in conf.py via the highlight_language variable (and highlight variable for code-blocks), the lexer used for literal blocks is "default" which tries to highlight the block as Python code. These blocks aren't Python but either simply the console output or a file name (which we should probably just double tick-quote instead), so let's render those blocks with the "text" lexer. Signed-off-by: Quentin Schulz Signed-off-by: Antonin Godard # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-691_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-690_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-690_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-689_default.lock.xml ## cfg-mgr --------------------------- Commit: 51b8ab3 --------------------------- CSNMR-4963: Add a timestamp to all outgoing event messages All agents that rely on the BaseCfgEvent and BaseEventEmitter classes will now get a timestamp field in the outgoing messages. If the agent already includes a timestamp field in the payload's top level, then that will be the one that is kept in the final published message since it is closer to the actual event. The asyncapi base_event_msg spec defines the timestamp as optional, so the transition to adding this timestamp will be seamless. Applications will work for older versions that don't have a timestamp, and this version will begin producing it. Unit tests are updated. ## judo-api-specs --------------------------- Commit: 96f7528 --------------------------- CSNMR-4963: Add timestamp spec for all outgoing event messages By adding timestamp to the base_event_msg spec, all outgoing event messages may now have a timestamp with a defined format. It is optional so that the spec is compatible with older versions of the spec and code implementations. A corresponding change is expected to be made in the cfg-mgr base classes to automatically add a timestamp. Although agents can optionally add this timestamp to get a slightly more accurate time for when the event took place. The timestamp has date-time format (ISO 8601) like produced by the Python datetime.now().isoformat() function. ## judo-cfg-agents --------------------------- Commit: a4d141a --------------------------- CSNMR-4963: Update unit tests to handle the new timestamp field Cfg-mgr now adds a timestamp field to all messages published with the BaseEventEmitter and BaseCfgEvent classes. The unit tests failed when comparing expected output with actual output payloads. This change is to fix the unit tests to drop the timestamp before doing the comparisons. --------------------------- Commit: fb0cbb4 --------------------------- CSNMR-4963: Update reference to cfg-mgr The cfg-mgr libraries are updated and this changes pyproject.toml to reference the updated hash. The cfg-mgr base BaseEventEmitter class now adds a timestamp to outgoing event messages. ## meta-judo --------------------------- Commit: 6dcf9b4 --------------------------- CSNMR-4963: Update SRCREV for judo-api-specs ## meta-judo-proprietary --------------------------- Commit: fede53b --------------------------- CSNMR-4963: Update SRCREV for cfg-mgr and judo-cfg-agents # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-689_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-687_default.lock.xml ## manifest-judo --------------------------- Commit: 5fe14e4 --------------------------- Remove sumo logic from bamboo-build There was previous logic that pinned sumo to only build a couple images instead of what was passed into the script arguments. That logic has been removed and it will build anything passed in as an argument Signed-off-by: Brady Hill # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-687_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-686_default.lock.xml ## judo-auto-test --------------------------- Commit: b036731 --------------------------- CSNMR-5479 Increase timeout for SUB Event Diag Sys Resource test - Fix the intermittent timeout that occurs when sending 'event/diag/sys/resources' toping and waiting for a response. The was increased from 30s to 45s # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-686_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-685_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-685_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-684_default.lock.xml ## judo-cfg-agents --------------------------- Commit: caf9ffb --------------------------- CSNMR-5407: Fix the snapshot tar to keep going on errors A case was found where the tar.add function could not open a listed file and cancelled the snapshot. Since we want to get the snapshot even if a file could not be read, it now continues after logging a warning with an error message. Unit tests are updated to test the new exception handler. Some redundant unit tests are removed. ## meta-judo-proprietary --------------------------- Commit: a002332 --------------------------- CSNMR-5407: Update SRCREV for judo-cfg-agents # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-684_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-683_default.lock.xml # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-683_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-682_default.lock.xml ## judo-auto-test --------------------------- Commit: 06f9f1d --------------------------- CSNMR-5434 Refactor judmwttlibrary featurelibs for new keywords - Refactor all of the feature libs to use the new refactored single word keywords --------------------------- Commit: ec26b88 --------------------------- CSNMR-5434 Refactor judomqttlibrary single word keywords - Refactored single word keywords in mqttcommand.py and abstract_device_lib.py to be multi-word and more descriptive of what the keyword actually does. The keywords affected were connect(), disconnect(), publish(), and subscribe(). Additionally this resolves issues with linter warning that Robot Framework keywords are not to spec. - Retained origial single work keywords for backward compatibility and marked as depricated. Then from these each old keyword calls the new improved keyword name - Updated incorrect keyword examples --------------------------- Commit: 1f786bb --------------------------- CSNMR-5444 Add repeating pub gnss lease keyword - Added keywords gnss.resource file which contains keywords to support GNSS operations - Added Repeat Publish GNSS Lease keyword. This keyword basically allows GNSS Lease keep-alive by sending a gnss lease publish for some number times with a wait period between each send. # Commit summaries (start not end) from CC-JUDO-BUILDJUDOHSPROD-682_default.lock.xml vs CC-JUDO-BUILDJUDOHSPROD-681_default.lock.xml ## manifest-judo --------------------------- Commit: cefa5d6 --------------------------- CI: bugfix: artifact Sumo full bundles