<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta, branch scarthgap</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2026-06-10T13:35:21+00:00</updated>
<entry>
<title>pseudo: Upgrade 1.9.6 -&gt; 1.9.7</title>
<updated>2026-06-10T13:35:21+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2026-05-13T11:50:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b56134ff90dec996e8aae45ed7e6ad6b1d5a84a0'/>
<id>urn:sha1:b56134ff90dec996e8aae45ed7e6ad6b1d5a84a0</id>
<content type='text'>
Pulls in fixes to rename/renameat/renameat2:

Changqing Li (1):
  renameat2/renameat: only ignore when both old and new path are not in PSEUDO_INCLUDE_PATHS

Mark Hatle (4):
  run_tests.sh: Allow the user to specify specific tests to run
  tests: Add mv then hardlink testing
  rename: only ignore when both old and new path are not in PSEUDO_INCLUDE_PATHS
  Makefile.in: Bump version to 1.9.7

(From OE-Core rev: e2864ea1ac022e43af92badc701fa1e2a9571f46)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 17567738711d525d9f2b85e54ace2048901e4c34)
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>pseudo: Update 1.9.5 -&gt; 1.9.6</title>
<updated>2026-06-10T13:35:21+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2026-04-27T21:28:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ef43a8a49acf77d199c4738fc753263de3e6e85b'/>
<id>urn:sha1:ef43a8a49acf77d199c4738fc753263de3e6e85b</id>
<content type='text'>
Pulls in the changes:

  * Makefile.in: Bump version to 1.9.6
  * pseudo_util.c: Fix symlink processing for symlinkat and related
  * test: Add test symlinkat and related
  * ports/unix: realpath: Fix chroot processing
  * test: Add test cases for canonicalize functions
  * ports/unix: fts_open: Fix chroot behavior
  * ports/unix: fts_*: Certain functions were incorrectly returning stat data
  * test: Add fts test case
  * test: Add test for linkat chroot path stripping
  * linkat: Avoid a segmentation fault
  * Only copy xattrs on a rename if it's cross-filesystem

(From OE-Core rev: 1414f3513099a9a956ec4f602354aa00008e2aff)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 50e769a598e79ed4600f7362d5f40799a48f9273)
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>pseudo: Upgrade to 1.9.5</title>
<updated>2026-06-10T13:35:21+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2026-04-21T21:44:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1c69324f39dd6450437849995b6d43cbee576a19'/>
<id>urn:sha1:1c69324f39dd6450437849995b6d43cbee576a19</id>
<content type='text'>
This adds a wrapper for the __open_2 function

This was breaking shadow and the real reason for the open() call changes.
Add the missing wrapper to properly fix this.

(From OE-Core rev: 876e6497f3323d74d9ac8ce303ed5165a7fda283)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 8ea63d320aba32d3894cace9e71e850bdff1d6b2)
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>pseudo: Upgrade to 1.9.4</title>
<updated>2026-06-10T13:35:21+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2026-04-20T22:26:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=920a6803d5dbd6fb05fdd1c77a36319652d37353'/>
<id>urn:sha1:920a6803d5dbd6fb05fdd1c77a36319652d37353</id>
<content type='text'>
Update to pull in a full openat2 wrapper which works on Fedora 44.

This update includes the commits:
  * Makefile.in: Bump version to 1.9.4
  * test: Add renameat2 test cases
  * test: Add openat2 test cases
  * makewrappers/openat2: Add preserve_path option
  * openat2: Implement openat2 wrapper
  * ports/linux/guts/renameat2.c: Add comment why this isn't implemented
  * Add b4 configuration
  * pseudo_setupenvp: Handle malloc failure safely
  * pseudo_setupenvp: Allocate space for new env vars if needed

(From OE-Core rev: 9075b66e1f9161407056924954b3d5507f6d8384)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit b2bd1d114fafe1e797149e02e4c08194d529cfde)
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>tzdata/tzcode-native: upgrade 2026a -&gt; 2026b</title>
<updated>2026-06-10T13:35:21+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-04-30T19:44:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e1a33a3bf6455acbf3f0646a64c29851d47ad6f6'/>
<id>urn:sha1:e1a33a3bf6455acbf3f0646a64c29851d47ad6f6</id>
<content type='text'>
The 2026b release contains the following changes:

Briefly:
    British Columbia moved to permanent -07 on 2026-03-09.
    Some more overflow bugs have been fixed in zic.

Changes to future timestamps

    British Columbia’s 2026-03-08 spring forward was its last
    foreseeable clock change, as it moved to permanent -07 thereafter.
    (Thanks to Arthur David Olson.)  Although the change to permanent
    -07 legally took place on 2026-03-09, temporarily model the change
    to occur on 2026-11-01 at 02:00 instead.  This works around a
    limitation in CLDR v48.2 (2026-03-17).  This temporary hack is
    planned to be removed after CLDR is fixed.

Changes to code

    zic no longer mishandles a last transition to a new time type.
    zic no longer overflows a buffer when generating a TZ string like
    "PST-167:59:58PDT-167:59:59,M11.5.6/-167:59:59,M12.5.6/-167:59:59",
    which can occur with adversarial input.  (Thanks to Naveed Khan.)

    zic no longer generates a longer TZif file than necessary when
    an earlier time zone abbreviation is a suffix of a later one.
    As a nice side effect, zic no longer overflows a buffer when given
    a long series of abbreviations, each a suffix of the next.
    (Buffer overflow reported by Arthur Chan.)

    zic no longer overflows an int when processing input like ‘Zone
    Ouch 2147483648:00:00 - LMT’.  The int overflow can lead to buffer
    overflow in adversarial cases.  (Thanks to Naveed Khan.)

    zic now checks for signals more often.

(From OE-Core rev: 37dab321242e06d2940c4221e4a13e68265d696f)

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
(cherry picked from commit dda7d55396e0c5258cba58af7e990ab3813bf108)
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>linux-yocto/6.6: update CVE exclusions (6.6.127)</title>
<updated>2026-06-10T13:35:21+00:00</updated>
<author>
<name>Yoann Congal</name>
<email>yoann.congal@smile.fr</email>
</author>
<published>2026-05-27T12:04:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ec940f36ea1f915ad7185a4f79d3d0b46b0d6615'/>
<id>urn:sha1:ec940f36ea1f915ad7185a4f79d3d0b46b0d6615</id>
<content type='text'>
Regenerated to fix this warning:
WARNING: linux-yocto-6.6.127+git-r0 do_cve_check: Kernel CVE status needs updating: generated for 6.6.123 but kernel is 6.6.127

$ ./meta/recipes-kernel/linux/generate-cve-exclusions.py .../cvelistV5/ 6.6.127 &gt; meta/recipes-kernel/linux/cve-exclusion_6.6.inc

Generated at 2026-05-27 12:02:49.732909+00:00 for kernel version 6.6.127
From cvelistV5 cve_2026-05-27_0900Z

(From OE-Core rev: d0d02d0f45b4c5108ae648fb16d2a2a0dc1ae0e7)

Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>classes/base: prefer gnu-prefixed HOSTTOOLS</title>
<updated>2026-06-10T13:35:20+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2025-10-29T13:03:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=48c16cfa282b64a49287c51ace206c436801e70e'/>
<id>urn:sha1:48c16cfa282b64a49287c51ace206c436801e70e</id>
<content type='text'>
Ubuntu 25.10 has changed the default coreutils implementation from GNU
coreutils to uutils/coreutils. Unfortunately this causes build problems:

  couldn't allocate absolute path for 'null'.
  tail: cannot open 'standard input' for reading: No such file or directory
  install: failed to chown '...': Invalid argument (os error 22)

Clear build failures happen in 'install' and 'tail', but there may be
further breakage.

Luckily, Ubuntu also installs GNU coreutils with a binary prefix of
'gnu', so whilst these issues are root-caused and fixed in either pseudo
or uutils we can prefer the gnu-prefixed binaries where they are present.

[ YOCTO #16028 ]

(From OE-Core rev: b797cc729f6e6951baa988e1c04bac9fb8183a1c)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 16f2684ebeffa72b5d90525cf9102751b68c298e)
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>libarchive: Fix CVE-2026-4424</title>
<updated>2026-06-10T13:35:20+00:00</updated>
<author>
<name>Hugo SIMELIERE (Schneider Electric)</name>
<email>hsimeliere.opensource@witekio.com</email>
</author>
<published>2026-05-20T08:42:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5bfb71633fb3e086d496fe079e3f07726f881a19'/>
<id>urn:sha1:5bfb71633fb3e086d496fe079e3f07726f881a19</id>
<content type='text'>
Pick patches from [1] and [2] as mentioned in Debian report in [3].

[1] https://github.com/libarchive/libarchive/commit/d379dc0b2976b7207d1ad78f5ed3eb99a5b6d375
[2] https://github.com/libarchive/libarchive/commit/e1907c5832b6489c7b4198b0825f857c93a03c10
[3] https://security-tracker.debian.org/tracker/CVE-2026-4424

(From OE-Core rev: 7fa280872275e194152cc2d355ad39c81a477d50)

Signed-off-by: Hugo SIMELIERE (Schneider Electric) &lt;hsimeliere.opensource@witekio.com&gt;
Reviewed-by: Bruno VERNAY &lt;bruno.vernay@se.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>openssh: patch CVE-2026-35388</title>
<updated>2026-06-10T13:35:20+00:00</updated>
<author>
<name>Theo Gaige (Schneider Electric)</name>
<email>tgaige.opensource@witekio.com</email>
</author>
<published>2026-05-20T08:29:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0c7beb2bd7206dded12c873006c264a4a7657e42'/>
<id>urn:sha1:0c7beb2bd7206dded12c873006c264a4a7657e42</id>
<content type='text'>
Backport patch from [1] matching CVE description in [2] and change described
in release note [3].

[1] https://github.com/openssh/openssh-portable/commit/c805b97b67c774e0bf922ffb29dfbcda9d7b5add

[2] https://security-tracker.debian.org/tracker/CVE-2026-35388

[3] https://www.openssh.org/releasenotes.html#10.3p1

(From OE-Core rev: f8786d027cdf04072fb5f716135127c334dbea6e)

Signed-off-by: Theo Gaige (Schneider Electric) &lt;tgaige.opensource@witekio.com&gt;
Reviewed-by: Bruno Vernay &lt;bruno.vernay@se.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>openssh: patch CVE-2026-35387</title>
<updated>2026-06-10T13:35:20+00:00</updated>
<author>
<name>Theo Gaige (Schneider Electric)</name>
<email>tgaige.opensource@witekio.com</email>
</author>
<published>2026-05-20T08:29:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=473edc73e6268935d4f6cec185553aa1980809ac'/>
<id>urn:sha1:473edc73e6268935d4f6cec185553aa1980809ac</id>
<content type='text'>
Backport patch from [1] matching CVE description in [2] and change described
in release note [3].

[1] https://github.com/openssh/openssh-portable/commit/fd1c7e131f331942d20f42f31e79912d570081fa

[2] https://security-tracker.debian.org/tracker/CVE-2026-35387

[3] https://www.openssh.org/releasenotes.html#10.3p1

(From OE-Core rev: c8fb33de27b9e2be5aeaa4178ddc7b6e724f45ee)

Signed-off-by: Theo Gaige (Schneider Electric) &lt;tgaige.opensource@witekio.com&gt;
Reviewed-by: Bruno Vernay &lt;bruno.vernay@se.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
</feed>
