Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap-5.0.15 2026-01-02T15:00:05+00:00 2026-01-02T15:00:05+00:00 Steve Sakoman steve@sakoman.com 2026-01-02T14:57:59+00:00 urn:sha1:72983ac391008ebceb45edc7a8f0f6d5f4fe715c (From OE-Core rev: 6988157ad983978ffd6b12bcefedd4deaffdbbd1) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2026-01-02T14:56:54+00:00 Vijay Anusuri vanusuri@mvista.com 2025-12-29T15:44:01+00:00 urn:sha1:795103a538c5086f5f0dfcfd9c20e57f1e513811 Upstream-Status: Backport from https://github.com/golang/go/commit/3a842bd5c6aa8eefa13c0174de3ab361e50bd672 (From OE-Core rev: 2d6d68e46a430a1dbba7bd8b7d37ff56f4f5a0e6) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2026-01-02T14:56:54+00:00 Vijay Anusuri vanusuri@mvista.com 2025-12-29T15:44:00+00:00 urn:sha1:d3c87dc830a9ca59ca0fb8b646c2983d484bfcd1 Upstream-Status: Backport from https://github.com/golang/go/commit/04db77a423cac75bb82cc9a6859991ae9c016344 (From OE-Core rev: 647e151485bd10a8bbbdbae4825791723c9a5d8e) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2026-01-02T14:56:54+00:00 Vijay Anusuri vanusuri@mvista.com 2025-12-29T15:43:59+00:00 urn:sha1:a5cecb013be3ae937ac087a30ddcafe645f376df Upstream-Status: Backport from https://github.com/golang/go/commit/ca6a5545ba18844a97c88a90a385eb6335bb7526 (From OE-Core rev: 2d6b089de3ef5e062d852eb93e3ff16997e796ef) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2026-01-02T14:56:54+00:00 Changqing Li changqing.li@windriver.com 2025-12-24T05:00:12+00:00 urn:sha1:a4841fb5a255e13f03c8252f14fbc14a490b9424 Refer: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481 (From OE-Core rev: 1ac9ad3faf022684ae709f4494a430aee5fb9906) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2026-01-02T14:56:54+00:00 Jiaying Song jiaying.song.cn@windriver.com 2025-12-24T03:30:05+00:00 urn:sha1:17a65b334db0c82c8e0c9516bd9787f5c0b7fd1f References: https://nvd.nist.gov/vuln/detail/CVE-2025-54770 https://nvd.nist.gov/vuln/detail/CVE-2025-61661 https://nvd.nist.gov/vuln/detail/CVE-2025-61662 https://nvd.nist.gov/vuln/detail/CVE-2025-61663 https://nvd.nist.gov/vuln/detail/CVE-2025-61664 (From OE-Core rev: c28fa3e6421257f50d4ae283cca28fadb621f831) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-12-31T15:49:31+00:00 Martin Jansa martin.jansa@gmail.com 2025-12-17T09:41:53+00:00 urn:sha1:52ba7ab020b492b55686f139462a984ab619da9f Similar to what native and staging is doing since: https://git.openembedded.org/openembedded-core/commit/meta/classes/native.bbclass?id=d6c7b9f4f0e61fa6546d3644e27abe3e96f597e2 https://git.openembedded.org/openembedded-core/commit/meta/classes/staging.bbclass?id=1cf62882bbac543960e4815d117ffce0e53bda07 Cross task outputs can call native dependencies and even when cross recipe output doesn't change it might produce different results when the called native dependency is changed, e.g. clang-cross-${TARGET_ARCH} contains symlink to clang binary from clang-native, but when clang-native outhash is changed, clang-cross-${TARGET_ARCH} will still be considered equivalent and target recipes aren't rebuilt with new clang binary, see work around in https://github.com/kraj/meta-clang/pull/1140 to make target recipes to depend directly not only on clang-cross-${TARGET_ARCH} but clang-native as well. I have added a small testcase in meta-selftest which demostrates this issue. Not included in this change, but will send it if useful. openembedded-core $ ls -1 meta-selftest/recipes-devtools/hashequiv-test/ print-datetime-link-cross.bb print-datetime-link-native.bb print-datetime-native.bb print-datetime-usecross.bb print-datetime-usenative.bb print-datetime-native provides script which prints defined PRINT_DATETIME variable. print-datetime-link-native and print-datetime-link-cross both provide a symlink to the script from print-datetime-native. print-datetime-usenative and print-datetime-usecross are target recipes using the native and cross versions of print-datetime-link-* recipe. # clean build all is rebuilt: $ bitbake -k print-datetime-usenative print-datetime-usecross WARNING: print-datetime-native-1.0-r0 do_install: print-datetime-native current DATETIME in script is 2025-11-13_20_05 WARNING: print-datetime-link-native-1.0-r0 do_install: print-datetime-link-native current DATETIME in symlink is 2025-11-13_20_05 WARNING: print-datetime-link-cross-x86_64-1.0-r0 do_install: print-datetime-link-cross-x86_64 current DATETIME in symlink is 2025-11-13_20_05 WARNING: print-datetime-usenative-1.0-r0 do_install: print-datetime-usenative current DATETIME from print-datetime-link is 2025-11-13_20_05 WARNING: print-datetime-usecross-1.0-r0 do_install: print-datetime-usecross current DATETIME from print-datetime-link is 2025-11-13_20_05 # keep sstate-cache and hashserv.db: # print-datetime-usenative is correctly rebuilt, because print-datetime-link-native has different hash (because print-datetime-native hash changed) # print-datetime-usecross wasn't rebuilt, because print-datetime-link-cross-x86_64 doesn't include the changed hash of print-datetime-native $ bitbake -k print-datetime-usenative print-datetime-usecross WARNING: print-datetime-native-1.0-r0 do_install: print-datetime-native current DATETIME in script is 2025-11-13_20_07 WARNING: print-datetime-link-native-1.0-r0 do_install: print-datetime-link-native current DATETIME in symlink is 2025-11-13_20_07 WARNING: print-datetime-link-cross-x86_64-1.0-r0 do_install: print-datetime-link-cross-x86_64 current DATETIME in symlink is 2025-11-13_20_07 WARNING: print-datetime-usenative-1.0-r0 do_install: print-datetime-usenative current DATETIME from print-datetime-link is 2025-11-13_20_07 It's because print-datetime-link-cross-x86_64 depsig doesn't include print-datetime-native signature: $ cat tmp/work/x86_64-linux/print-datetime-link-cross-x86_64/1.0/temp/depsig.do_populate_sysroot OEOuthashBasic 18 SSTATE_PKGSPEC=sstate:print-datetime-link-cross-x86_64:x86_64-oe-linux:1.0:r0:x86_64:14: task=populate_sysroot drwx . drwx ./recipe-sysroot-native drwx ./recipe-sysroot-native/sysroot-providers -rw- 32 19fbeb373f781c2504453c1ca04dab018a7bc8388c87f4bbc59589df31523d07 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-cross-x86_64 drwx ./recipe-sysroot-native/usr drwx ./recipe-sysroot-native/usr/bin drwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux lrwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux/print-datetime-link -> ../print-datetime While print-datetime-link-native doesn't have this issue, because print-datetime-native signature is there: $ cat tmp/work/x86_64-linux/print-datetime-link-native/1.0/temp/depsig.do_populate_sysroot OEOuthashBasic 18 print-datetime-native: 60f2734a63d708489570ca719413b4662f8368abc9f4760a279a0a5481e4a17b quilt-native: 65d78a7a5b5cbbf0969798efe558ca28e7ef058f4232fcff266912d16f67a8b8 SSTATE_PKGSPEC=sstate:print-datetime-link-native:x86_64-linux:1.0:r0:x86_64:14: task=populate_sysroot drwx . drwx ./recipe-sysroot-native drwx ./recipe-sysroot-native/sysroot-providers -rw- 26 3d5458be834b2d0e4c65466b9b877d6028ae2210a56399284a23144818666f10 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-native drwx ./recipe-sysroot-native/usr drwx ./recipe-sysroot-native/usr/bin lrwx ./recipe-sysroot-native/usr/bin/print-datetime-link -> print-datetime With the cross.bbclass fix the link-cross recipe has a checksum from native recipe as well: $ cat tmp/work/x86_64-linux/print-datetime-link-cross-x86_64/1.0/temp/depsig.do_populate_sysroot OEOuthashBasic 18 print-datetime-native: 9ceb6c27342eae6b8da86c84685af38fb8927ccc19979aae75b8b1e444b11c5c quilt-native: 65d78a7a5b5cbbf0969798efe558ca28e7ef058f4232fcff266912d16f67a8b8 SSTATE_PKGSPEC=sstate:print-datetime-link-cross-x86_64:x86_64-oe-linux:1.0:r0:x86_64:14: task=populate_sysroot drwx . drwx ./recipe-sysroot-native drwx ./recipe-sysroot-native/sysroot-providers -rw- 32 19fbeb373f781c2504453c1ca04dab018a7bc8388c87f4bbc59589df31523d07 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-cross-x86_64 drwx ./recipe-sysroot-native/usr drwx ./recipe-sysroot-native/usr/bin drwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux lrwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux/print-datetime-link -> ../print-datetime And print-datetime-usecross is correctly rebuilt whenever print-datetime-native output is different. (From OE-Core rev: dccb7a185fe58a97f33e219b4db283ff4a2071d7) Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-12-31T15:49:31+00:00 Moritz Haase Moritz.Haase@bmw.de 2025-12-22T11:24:54+00:00 urn:sha1:d792f1a83e10d8f11b8824caef89079e684d56e0 Fixes YOCTO #16077 Commit 0f98fecd (a backport of 4909a46e) broke HTTPS downloads in opkg in the SDK, they now fail with: > SSL certificate problem: self-signed certificate in certificate chain The root cause is a difference in the handling of related env vars between curl-cli and libcurl. The CLI will honour CURL_CA_BUNDLE and SSL_CERT_DIR|FILE (see [0]). Those are set in the SDK via env setup scripts like [1], so curl continued to work. The library however does not handle those env vars. Thus, unless the program utilizing libcurl has implemented a similar mechanism itself and configures libcurl accordingly via the API (like for example Git in [2] and [3]), there will be no default CA bundle configured to verify certificates against. Opkg only supports setting the CA bundle path via config options 'ssl_ca_file' and 'ssl_ca_path'. Upstreaming and then backporting a patch to add env var support is not a feasible short-time fix for the issue at hand. Instead it's better to ship libcurl in the SDK with a sensible built-in default - which also helps any other libcurl users. This patch is based on a proposal by Peter.Marko@siemens.com in the related mailing list discussion at [4]. (cherry picked from commit 3f819f57aa1960af36ac0448106d1dce7f38c050) [0]: https://github.com/curl/curl/blob/400fffa90f30c7a2dc762fa33009d24851bd2016/src/tool_operate.c#L2056-L2084 [1]: https://git.openembedded.org/openembedded-core/tree/meta/recipes-support/curl/curl/environment.d-curl.sh?id=3a15ca2a784539098e95a3a06dec7c39f23db985 [2]: https://github.com/git/git/blob/6ab38b7e9cc7adafc304f3204616a4debd49c6e9/http.c#L1389 [3]: https://github.com/git/git/blob/6ab38b7e9cc7adafc304f3204616a4debd49c6e9/http.c#L1108-L1109 [4]: https://lists.openembedded.org/g/openembedded-core/topic/115993530#msg226751 (From OE-Core rev: 0e553b685c0a987a7be1eee16b7b5e3e48a036e2) Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de> CC: matthias.schiffer@ew.tq-group.com CC: Peter.Marko@siemens.com Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-12-31T15:49:31+00:00 Enrico Jörns ejo@pengutronix.de 2025-12-16T14:15:13+00:00 urn:sha1:1df6f0ae9166861d56c4e312d4f9c26ea6cdccb9 The class called 'make menuconfig' without any of the make variables and options set in EXTRA_OEMAKE, resulting in a quite different build environment than actually intended. For the kernel.bbclass this was fixed in commit 8c616bc0 ("kernel: Use consistent make flags for menuconfig") by appending ${EXTRA_OEMAKE} to KCONFIG_CONFIG_COMMAND. Instead of fixing this individually for additional recipes, we simply include ${EXTRA_OEMAKE} in KCONFIG_CONFIG_COMMAND by default. For most class users, this change is directly visible in the generated .config file: * For barebox and u-boot, the CONFIG_GCC_VERSION erroneously reflected the host GCC version before where it now correctly reflects the target toolchain's GCC. * For u-boot, also the "Compiler: " line at the beginning of the .config now prints the target toolchain instead of the host ones. * The kernel had this already set. * busybox did not produce any difference. Note that these projects might base some compile-time decisions on e.g. the actual compiler version used. Having the wrong one in the menuconfig-generated .config affects at least the visibility and consistency. Reported-by: Ulrich Ölmann <u.oelmann@pengutronix.de> (From OE-Core rev: a7dd1c221e42fd8df1d6f1c76c6a5ab7a3e19542) Signed-off-by: Enrico Jörns <ejo@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1b6ddd452837e67b500a84455a234f5edc8250a9) Signed-off-by: Enrico Jörns <ejo@pengutronix.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-12-31T15:49:31+00:00 Kamel Bouhara (Schneider Electric) kamel.bouhara@bootlin.com 2025-12-15T15:54:24+00:00 urn:sha1:12a747565998e0e5703473e26614517e4cdb8842 Add test_kernel_config_spdx and test_packageconfig_spdx to verify SPDX document generation includes kernel configuration and package feature metadata when enabled. (From OE-Core rev: a172a0e8d543796ee78bb66650726168352f1cdf) Signed-off-by: Kamel Bouhara (Schneider Electric) <kamel.bouhara@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2f0ab110d7521510c60e0493ef3cb021130758cd) Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>