Updating linux-yocto/6.17 to the latest korg -stable release that comprises
the following commits:
(From OE-Core rev: 90b0a6c1e0f34263c5b64f807ec06ef00c53e507)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Integrating the following commit(s) to linux-yocto/6.17:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: boot: only emit rdinit warning on initramfs boot
Date: Mon, 27 Oct 2025 09:47:05 -0400
commit 98aa4d5d242d3a73 [init/main.c: add warning when file specified in
rdinit is inaccessible] promoted a long time check to be visible on
boot.
The issue is that it is always issued even when an initramfs boot is
not used.
To avoid needing to completely disable CONFIG_BLK_DEV_INITRD and not
have the warning issues when an initramfs isn't used, we add checks for
the existence and size of an initramfs before allowing the warning
to be generated.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: 32b64d9e138b42aa5747f6d3328b105fbfbcc6eb)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The 6.17+ kernel cache is using a single branch for the mti malta
machines, which are what qemumips* emulate. We update our branch
specification to make them buildable.
(From OE-Core rev: 74618dfa1289ad772e5a36240d2b6d180877ed87)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: qemuarm: fix configuration audit warnings
Date: Sat, 25 Oct 2025 00:03:25 -0400
We drop options that were removed by this kernel commit:
commit 70cb6ca58fddb02e269fe743ba75d53d577b5b1c
Author: Eric Biggers <ebiggers@kernel.org>
Date: Sat Jul 12 16:22:58 2025 -0700
lib/crypto: arm/sha1: Migrate optimized code into library
Instead of exposing the arm-optimized SHA-1 code via arm-specific
crypto_shash algorithms, instead just implement the sha1_blocks()
library function. This is much simpler, it makes the SHA-1 library
functions be arm-optimized, and it fixes the longstanding issue where
the arm-optimized SHA-1 code was disabled by default. SHA-1 still
remains available through crypto_shash, but individual architectures no
longer need to handle it.
To match sha1_blocks(), change the type of the nblocks parameter of the
assembly functions from int to size_t. The assembly functions actually
already treated it as size_t.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250712232329.818226-8-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: ac82bfebde6614cbcf1d815d90d97668d2ead93d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The 6.17 kernel went through quite a bit of testing via
linux-yocto-dev, so it is a relatively well understood release.
These recipes introduce it as a fully tested reference with the
potential to replace the EOL 6.16 refs.
(From OE-Core rev: fcf5527f45b97f8699d0d6567df89461b8bb01ef)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With the linux-firmware now being an empty package there is no need in
the catch-all ${PN}-qca-misc package since developers will have to
package all firmware separately. Drop useless packages now.
(From OE-Core rev: 380ea7d79a7c7be3eee2fe4f57935787b57ab16c)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bumping the linux-libc-headers to match the recent 6.17 reference
kernel.
(From OE-Core rev: e1b1244c710a0d5b8a7373717797dfc6d301ebd7)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
https://www.openssh.org/txt/release-10.1
RP: There are some changes to confg options and new warnings but those warnings
would only trigger on older openssh before 9.0 (April 2022).
(From OE-Core rev: 251a2997b432bfba98a94e58a557c06d9c3d416d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the sed replacement rule to strictly match '/usr/bin/python'
(with no trailing characters)
The previous sed rule was too broad and could incorrectly change Python
shebangs such as in
/lib/modules/6.16.11-yocto-standard/build/scripts/macro_checker.py from
'#!/usr/bin/python3' to '#!/usr/bin/env python33'.
(From OE-Core rev: c548259dbf55f2194088e62ad018560286834e49)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of using `ls...` just enumerate the folder content with an asterisk.
No behavior change should come from this patch.
(From OE-Core rev: b1870e588958fa6957278a6c253a70fa30485764)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sets KBUILD_OUTPUT to the build directory to ensure using the valid
path in e.g. menuconfig or devshell.
An externally set KBUILD_OUTPUT could otherwise confuse the build
process and create the .config from an invalid folder.
This is what the kernel recipes also do.
(From OE-Core rev: 7e72477b8f4c323e3ea0497877c1b6486b2547a5)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes in 2025.09.0
--------------------
* Added support for SoCFPGA Agilex5 and Rockchip RK3576
* Added structured I/O support for shell commands
* Added support for booting signed Rockchip images
* Support for adding device tree overlay (.dtbo) files to FIT images
* New 'bfetch' eyecandy tool for displaying logo and system information
(similar to 'neofetch')
* Several other fixes and improvements
Changelog: https://lore.barebox.org/barebox/aNugWfoJR_2AirEx@pengutronix.de/
Migration Guide:
https://barebox.org/doc/latest/migration-guides/migration-2025.09.0.html
(From OE-Core rev: f7950986a45d9c95d91ecebe00405c0e65c83a53)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ensure the powerpc64le check is exclusive by using `elif`, preventing the
powerpc64 condition from overriding it. This keeps the ABI as elfv2 for
PPC64LE and fixes related build failures.
(From OE-Core rev: 1d4067329d0b84f94aaf2f63d282bb9c99ba5557)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
for SDK they are provided via nativesdk-binutils
latest binutils have started to build libdep plugin
as static library libdep.a which is then reported via build QA
ERROR: QA Issue: non -staticdev package contains static .a library: binutils-cross-canadian-aarch64 path '/usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-oesdk-linux/usr/lib/aarch64-oe-linux/bfd-plugins/libdep.a' [staticdev]
(From OE-Core rev: c871ad4ee62594c05d34b6ed2543d804a4ece07d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
clang-cross-canadian is just symlinking into nativesdk-clang unlike gcc which
has separate binaries and they have inbuilt dynamic linker specs. To help clang
built cross-canadian binaries add it via cmdline option here, cross-canadian
binaries are only usable on installed SDKs, and these paths get re-written with
correct SDK specific linker during SDK install relocation process.
This helps clang built cross-canadian tools e.g. from binutils-cross-canadian
be relocated correctly on SDK install.
(From OE-Core rev: d259796efd6c405dd47fabccdbce761cb29fc354)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a volatiles entry for popular x11 and adjacent utilities. This is
designed to mimic the systemd tmpfiles.d entries and prevent any one
user from creating these directories with permissions that may
negatively impact multi-user environments.
(From OE-Core rev: 36473898f0a122880aaa2220fbf98732027d759f)
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python3-cryptography (and thus, rust-native) is only needed by the
urllib3.contrib.pyopenssl module, which is not recommended for use up
the urllib3 upstream maintainers:
Module for using pyOpenSSL as a TLS backend. This module was relevant
before the standard library ssl module supported SNI, but now that
we've dropped support for Python 2.7 all relevant Python versions
support SNI so **this module is no longer recommended**.
Add a PACKAGECONFIG to control whether this module is shipped, and
disable it by default.
This removes rust-native from the default build of urllib3, which is in
the dependencies of other common modules such as requests and sphinx.
(From OE-Core rev: 055d0928ad9451d3a9c8c74c6215a59023b1116e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fitImage is no longer a supported KERNEL_IMAGETYPE. The comment is wrong.
(From OE-Core rev: a511c29a8fb26cb583edd3fb9509f435c835c8c9)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Also extend implementation to allow defining the diskid for GPT partitions.
Add unit tests for wic.py to cover new setting.
(From OE-Core rev: 0d5da9477703212d3cfb63828c5c38afdb162e43)
Signed-off-by: Steffen Greber <sgreber@lilafast.org>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Extend the test framework to verify that certain optional nodes are properly
absent from ITS files based on configuration. The _get_req_its_paths()
method now returns a tuple containing both expected and not-expected
paths, enabling negative testing of conditional components.
Test improvements:
- Add verification for absent bootscr, setup, and ramdisk image nodes
when their respective features are disabled
- Extend configuration node testing with proper kernel/fdt/ramdisk
field validation based on device tree and initramfs settings
Code cleanup:
- Remove unused tempfile module import
- Sort bb_vars keys alphabetically in _test_fitimage_py()
- Add debug output for bb_vars overrides when debug logging is enabled
- Remove trailing empty line
- Fix DTB file ordering for consistent test results
(From OE-Core rev: 90dbdacc7f22120b4a96aad2a89b363fdd944079)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts the commit (Oe-core 0d17c4fb51)
which recently introduced the FIT_LINUX_BIN variable to control kernel
section inclusion in FIT images.
The original change aimed to provide flexibility by:
- Enabling FIT images without kernel sections for specific use cases
by setting FIT_LINUX_BIN to an empty value.
- Supporting alternative kernel binary filenames instead of hardcoding
"linux.bin" in multiple places.
However, the current implementation is incomplete. The filename
customization is not implemented - the code still hardcodes "linux.bin"
and doesn't actually use the variable in a consistent way.
There is also no test coverage for this new functionality.
Rather than completing the partial implementation, Qualcomm decided to
develop a solution that better aligns with their specific requirements
and may be independent of the kernel-fit-image class.
The revert restores the previous consistent behavior with unconditional
kernel section inclusion. This saves us from adding test coverage,
documentation and maintenance for this new but currently known to be
unused and incomplete feature. This feature can be reintroduced later
if there is a clear need and a complete implementation.
(From OE-Core rev: 6eae261b6f52ebfad4d6644cbdad4afe22423ec6)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A testcase (sparse03) sometimes times out on the AB, in qemu (without kvm):
the test generates an 8GB sparse file, tars it, untars it, and then
it compares the two versions with cmp.
This process, going through 16GB of data (using one thread, with cmp) takes some
time anyway, but when there is extra load on the host machine, and qemu
can't use its core exclusively, then it can take more than 5 minutes easily
(which is the default ptest timeout).
However the full version of cmp from diffutils seems to be more efficient than
the busybox version:
When using busybox on my idle machine (w/ qemuriscv64) the test case execution
takes 150s, and it almost always times out when there is extra load.
Using diffutils, my idle machine executes the same testcase in 55s, and it
never times out even if there is high load on the host system (execution
always stayed under 3 minutes).
Due to this switch to diffutils when running ptest.
Fixes [YOCTO 15884]
(From OE-Core rev: 81f7b60fb1c5096bbc233f632040d1ea9ec5bb21)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog
(https://github.com/python-jsonschema/referencing/blob/main/docs/changes.rst):
- Declare support for Python 3.14.
- Drop support for Python 3.9 which is near EOL.
Reproducibility OK.
Builds OK. No ptests.
(From OE-Core rev: f97a45012d32a34e9353bb04a62a1041fb6cfaac)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Handles CVE-2024-8354.
Drop patch included in (backported to) this release.
Reference:
* https://security-tracker.debian.org/tracker/CVE-2024-8354
(From OE-Core rev: f9d2e0155df2fe799e5edd0b52097ee284930ba5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52615]
[https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g]
Upstream patches:
[4e2e1ea090]
(Cherry pick from commit: ec22ec26b3f40ed5e0d84d60c29d8c315cf72e23)
(From OE-Core rev: 97d60090dbe96dca423af47c8d55cc53e172fb4c)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2024-52616:
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs
randomly only once at startup, incrementing them sequentially after that. This
predictable behavior facilitates DNS spoofing attacks, allowing attackers to
guess transaction IDs.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52616]
[https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm]
Upstream patches:
[f8710bdc8b]
(Cherry pick from commit 28de3f131b17dc4165df927060ee51f0de3ada90)
(From OE-Core rev: 3d36874e2beb64ca2a089a2be942cbbbbe1fff79)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Strip debug symbols from test binaries using RUSTFLAGS='-C strip=debuginfo'
to reduce binary sizes from 300+ MB to ~140 MB.
This is especially critical for PowerPC mac99 which has a hardcoded 768MB
RAM limit in QEMU. Without stripping, test binaries uploaded to /tmp (tmpfs)
cause 'No space left on device' errors during test execution.
The size reduction also benefits all other architectures by reducing
memory pressure and upload times during testing.
(From OE-Core rev: ede3ac6f587507f98ffbe9a8b07e21e57c27c986)
Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the release notes and migration manual for 5.3.
This covers commits from bd4625cd4d ("build-appliance-image: Update to
master head revision") to 4a1f38dd8d ("bitbake: knotty, uihelper:
Remove running_pids and lastpids") in Poky.
Acked-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 5cb37206ca0dfaa0dafabb28ebd546b591c88486)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This variable was added by commit 3338330e0c46 ("u-boot: Add specifying
make options as part the config looping") in OE-Core. Document how to
use the option in UBOOT_CONFIG.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 0fc14dca55d3760491cc40ac8c136c9dbdd23dbb)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added by commit e478550c8cd8 ("openssl/fontconfig/bzip2: Use relative
symlinks instead of absolute ones (using a new class)") in OE-Core.
(From yocto-docs rev: c0dc554eba7d421023ecc68a70b7a19df38628b0)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mention the use of USE_NLS, INHIBIT_DEFAULT_DEPS and the cross-canadian
class.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: d877e54f1c85cefc00dd674d60f2db81446bd95a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Part of bitbake.conf, this variable allowing to enable or disable
translation was undocumented. Add a entry to the glossary.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 92a55345a56b5038c0344669daaa7a3a99dd0fc0)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Very similar to REQUIRED_DISTRO_FEATURES, added by commit a8ef7339ecb9
("features_check.bbclass: Add support for required TUNE_FEATURES") in
OE-Core.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 9652c101092c34233f00418fcc2a84a86fbc9a9b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Can be used in recipes that want to explicitly skip Ccache support when
the ccache class is enabled.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: b1b4adc8d4d9d23ff6fd91bca632bb0f5277e72b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This feature was added by commit cc91a0f6500e ("ccache: enable ccache
for all recipes if it is in HOSTTOOLS") in OE-Core.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 47ded4e32c28420ddb47278b299093af649fab75)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This class was added by commit 20758865e9e0 ("classes/python_pdm: add
PEP517 build class for PDM") in OE-Core.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: bbec8adf0fb2dfa8b34e631249a6d6e71aa08386)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
