Commit Graph

10618 Commits

Author SHA1 Message Date
Gyorgy Sarvari
64857a709b apt: upgrade 2.6.1 -> 3.0.3
Changelog:
https://metadata.ftp-master.debian.org/changelogs/main/a/apt/apt_3.0.3_changelog

Dropped patches which are included in this release, or became obsolete:
0001-Fix-compilation-error-with-clang-libc-18.patch - included in this release
0001-Fix-musl-build.patch - included in this release
0001-Raise-cmake_minimum_required-to-3.13-to-avoid-warnin.patch - included in this release
0001-Remove-using-std-binary_function.patch - became obsolete, fixed upstream
0001-aptwebserver.cc-Include-array.patch - became obsolete, fixed upstream
0001-strutl-Add-missing-include-cstdint-gcc-15.patch - included in this release

Added a new patch to avoid compilation error with musl:
error: 'basename' was not declared in this scope; did you mean 'rename'?

Adapted DEPENDS list - gnutls and gcrypt dependencies were dropped in favor of openssl
in version 2.9.19.

Added a new PACKAGECONFIG, 'usrmerge', which displays a gentle warning if the system
isn't a usrmerge system during package installation.

Added new COMMON_ARCH CMake argument - if it is not defined, CMake is trying to
determine the value of this variable by running dpkg, which is usually a futile
endeavour. It is used in config creation, and to print some system info.

Also adapt a self test: the apt-key command has been deprecated since a while,
and in this release it was completely removed. Instead sources.list file
contains the signature data, on a per-repository basis.

(From OE-Core rev: 1413a6144679a8347a3487f1950612ee20ff382c)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 18:02:39 +01:00
Robert Yang
2713f56afe git: 2.50.1 -> 2.51.0
(From OE-Core rev: dc1eb22b6bb4130275de495a30a11e7c496a7c5a)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Khem Raj
eb1e3ff580 bindgen-cli: Upgrade to 0.72.1
Fixed bugs

- Apply a fix for a breaking change in Clang (see issue #3264 and related).

(From OE-Core rev: 2afa751883049b4fad9941780ec7159def4fc828)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Khem Raj
f31114ee2e python3-pdm: Update 2.25.4 -> 2.25.9
- Add site-packages path to pdm info and print interpreter URL in
  pdm python install -v.
- Support explicit free-threaded Python selection via version suffix t.
- Multiple lockfile/pylock improvements and hash handling fixes.
- Windows path resolution fixes for uv; CLI help formatting preserved.
- Dependencies: require packaging>22.0; bump truststore to 0.10.4.
- Misc: fix AI coding fast apply error

(From OE-Core rev: 5d693522c3aedef8fcbe8ba7ca3b112262427a51)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Khem Raj
eee031d6ce python3-lxml: upgrading to 6.0.1
Bugs fixed

LP#2116333: lxml.sax._getNsTag() could fail with an exception on malformed input.

GH#467: Some test adaptations were made for libxml2 2.15. Patch by Nick Wellnhofer.

LP2119510, GH#473: A Python compatibility test was fixed for Python 3.14+. Patch by Lumír Balhar.

GH#471: Wheels for “riscv64” on recent Python versions were added. Patch by ffgan.

GH#469: The wheel build no longer requires the wheel package unconditionally. Patch by Miro Hrončok.

Binary wheels use the library version libxml2 2.14.5.

Windows binary wheels continue to use a security patched library version libxml2 2.11.9.

(From OE-Core rev: 4194aa5de0523070f98a82b5019ba8f94107a14f)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Tim Orling
6dde49f9b9 python3-rpds-py: upgrade 0.27.0 -> 0.27.1
v0.27.1:
* Include attestations in published artifacts by @EpicWink in #160

Comparing Changes:
https://github.com/crate-py/rpds/compare/v0.27.0...v0.27.1

References:
https://github.com/crate-py/rpds/pull/160

(From OE-Core rev: aea7cc86baca60316931b11c547b66994111469b)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Tim Orling
d939a48318 python3-requests: upgrade 2.32.4 -> 2.32.5
2.32.5 (2025-08-18)

* Bugfixes
  - The SSLContext caching feature originally introduced in 2.32.0 has
    created a new class of issues in Requests that have had negative
	impact across a number of use cases. The Requests team has decided
	to revert this feature as long term maintenance of it is proving to
	be unsustainable in its current iteration.

* Deprecations
  - Added support for Python 3.14.
  - Dropped support for Python 3.8 following its end of support.

https://requests.readthedocs.io/en/latest/community/updates/#release-history

Comparing Changes:
https://github.com/psf/requests/compare/v2.32.4...v2.32.5

(From OE-Core rev: c4c2313df6c63c26ee3e5d683a8c903050212754)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Tim Orling
5013e15d63 python3-typing-extensions: upgrade 4.14.1 -> 4.15.0
Release 4.15.0 (August 25, 2025)
* No user-facing changes since 4.15.0rc1.

https://github.com/python/typing_extensions/blob/main/CHANGELOG.md#release-4150-august-25-2025

Release 4.15.0rc1 (August 18, 2025)
* Add the @typing_extensions.disjoint_base decorator, as specified in
  PEP 800. Patch by Jelle Zijlstra.
* Add typing_extensions.type_repr, a backport of annotationlib.type_repr,
  introduced in Python 3.14 (CPython PR #124551, originally by Jelle
  Zijlstra). Patch by Semyon Moroz.
* Fix behavior of type params in typing_extensions.evaluate_forward_ref.
  Backport of CPython PR #137227 by Jelle Zijlstra.

https://github.com/python/typing_extensions/blob/main/CHANGELOG.md#release-4150rc1-august-18-2025

Comparing Changes:
https://github.com/python/typing_extensions/compare/4.14.1...4.15.0

(From OE-Core rev: d7c4f8f95de6b6f74eec055886d266e5379f40d3)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Tim Orling
8fafd4fb03 python3-cryptography{-vectors}: upgrade to 45.0.7
45.0.7 - 2025-09-01

* Added a function to support an upcoming pyOpenSSL release.

https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#4507---2025-09-01

Comparing Changes:
https://github.com/pyca/cryptography/compare/45.0.6...45.0.7

(From OE-Core rev: 00787e40527786d510a06d9a4dde5d8fb7ab7d90)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Tim Orling
102dc28052 python3-maturin: upgrade 1.9.3 -> 1.9.4
1.9.4:
* Add a use-base-python option to pyproject.toml with the same behaviour
  as MATURIN_PEP517_USE_BASE_PYTHON.
* Add builtin sysconfigs for GraalPy
* Fix calculation of platform tag for FreeBSD

https://github.com/PyO3/maturin/blob/main/Changelog.md#194

Comparing Changes:
https://github.com/PyO3/maturin/compare/v1.9.3...v1.9.4

(From OE-Core rev: 445a6a281f5101acc34b5779a6b67d7ada80c6e2)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Tim Orling
ffed74363d python3-setuptools-rust: upgrade 1.11.1 -> 1.12.0
1.12.0 (2025-08-29)

* Set PYO3_BUILD_EXTENSION_MODULE environment variable when building
PyO3 extensions. #540

https://github.com/PyO3/setuptools-rust/blob/main/CHANGELOG.md#1120-2025-08-29

Reference:
https://github.com/PyO3/setuptools-rust/pull/540

Comparing Changes:
https://github.com/PyO3/setuptools-rust/compare/v1.11.1...v1.12.0

(From OE-Core rev: 05db2e8f5515198195de8acab37363bc53f9278f)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Ross Burton
f707ea0d72 tcl: also skip chanio-13.6
The io-* tests and chanio-* tests are in sync, so we should skip both
io-13.6 and chanio-13.6.

[ YOCTO #15421 ]

(From OE-Core rev: e7686fbfb2cb630b33edce48bf1982044d0bf3ea)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:11 +01:00
Markus Kurz
ac3e32c0e0 repo: upgrade 2.56 -> 2.58
For changelog, check https://gerrit.googlesource.com/git-repo

(From OE-Core rev: 1c4566ee134a055f5eb1038fb7b216b68c83089f)

Signed-off-by: Markus Kurz <m.kurz92@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:10 +01:00
Osama Abdelkader
a3c741b07c strace: skip nanosleep test
Add nanosleep to the skipped tests since it's load-sensitive

fixes:

failed ptests {'strace': ['nanosleep.gen.test', 'nanosleep.gen']}
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15524

(From OE-Core rev: b145720a0ceb1eb8eec33a62330f2b13891c508c)

Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-08 14:05:10 +01:00
Yoann Congal
aed2ed1cd2 rpm-sequoia: remove rc initialisation from run-ptest
With the previous patch "ptest-cargo: move run-ptest rc variable
initialisation", rc is initialised by the ptest-cargo class.
Remove the (now) redundant initialisation and the related comment.

(From OE-Core rev: 004df6e50d37a68e37d800d9470d8716abaa6d44)

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-01 23:07:06 +01:00
Trevor Gamblin
218348be56 python3-numpy: upgrade 2.3.1 -> 2.3.2
Release notes (https://github.com/numpy/numpy/releases/tag/v2.3.2):

|The NumPy 2.3.2 release is a patch release with a number of bug fixes
|and maintenance updates. The highlights are:
|
|    Wheels for Python 3.14.0rc1
|    PyPy updated to the latest stable release
|    OpenBLAS updated to 0.3.30
|
|This release supports Python versions 3.11-3.14

Reproducibility OK:

|2025-08-28 05:50:44,703 - oe-selftest - INFO - ----------------------------------------------------------------------
|2025-08-28 05:50:44,703 - oe-selftest - INFO - Ran 1 test in 1440.103s
|2025-08-28 05:50:44,703 - oe-selftest - INFO - OK
|2025-08-28 05:50:49,531 - oe-selftest - INFO - RESULTS:
|2025-08-28 05:50:49,531 - oe-selftest - INFO - RESULTS - reproducible.ReproducibleTests.test_reproducible_builds: PASSED (1400.47s)
|2025-08-28 05:50:49,724 - oe-selftest - INFO - SUMMARY:
|2025-08-28 05:50:49,724 - oe-selftest - INFO - oe-selftest () - Ran 1 test in 1440.103s
|2025-08-28 05:50:49,724 - oe-selftest - INFO - oe-selftest - OK - All required tests passed (successes=1, skipped=0, failures=0, errors=0)

ptests OK:

|============================================================================
|Testsuite summary
|# TOTAL: 48921
|# PASS: 46457
|# SKIP: 2426
|# XFAIL: 33
|# FAIL: 0
|# XPASS: 5
|# ERROR: 0
|DURATION: 193
|END: /usr/lib/python3-numpy/ptest
|2025-08-28T09:14
|STOP: ptest-runner
|TOTAL: 1 FAIL: 0
|root@qemux86-64:~#

(From OE-Core rev: 457ed4e564cc4535694aea8faa55a992419be07c)

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-09-01 23:07:06 +01:00
Jayasurya Maganuru
917430ed34 rust: Upgrade 1.88.0 -> 1.89.0
Rust stable version upgraded to 1.89.0
https://blog.rust-lang.org/2025/08/07/Rust-1.89.0/

* Drop merged patches with rust v1.89.0.
  - 0001-Disable-libunwind-cross-architecture-unwinding.patch
  - triagebot.patch

* Update and rebase existing patches with rust v1.89.0.
  - revert-link-std-statically-in-rustc_driver-feature.patch
  - rust-oe-selftest.patch
  - 0001-src-core-build_steps-tool.rs-switch-off-lto-for-rust.patch
  - 0001-riscv32-Define-plain-syscalls-as-their-time64-varian.patch
    (To fix build failures for riscv with musl, this patch adds
     aliases for plain syscalls to their time64 variants in libc-0.2.174,
     These changes are in addition to similar fixes already applied
     to libc-0.2.172)
  - 0001-Define-more-ioctl-codes-on-riscv32gc-unknown-linux-g.patch
    (Changes for libc-0.2.170 are no longer needed, as that version
     is not present in rust v1.89.0 vendor sources)

* OE-selftests:
  - Doc-tests fail in 55 crates,test-float-parse tests also fail.
    These tests are excluded to ensure the overall test suite passes.

   Test Results Summary:
   +-----------+--------+---------+
   | Machine   | Passed | Ignored |
   +-----------+--------+---------+
   | arm-32    | 29,239 | 1,468   |
   | arm-64    | 29,329 | 1,412   |
   | x86-32    | 29,231 | 1,449   |
   | x86-64    | 29,484 | 1,225   |
   | riscv-64  | 29,304 | 1,436   |
   +-----------+--------+---------+

(From OE-Core rev: fca454a188592c9fa854e93ff1a9c3e70a681e23)

Signed-off-by: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Peter Marko
24253d8818 openmp: add openmp to CVE_PRODUCT
Currently CVE_PRODUCT is set to llvm:llvm from common.inc.
There is historical entry for openmp in the DB.
This entry is ignored, but it shows that there can also be future ones.

(From OE-Core rev: ba94d5f1756647ce9d4ddd664bdf6fc975f952cd)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Peter Marko
ec1ae11f78 recipes: cleanup CVE_STATUS which are resolved now
The don't show up in CVE metrics anymore since they were either fixed
upstream or recipe version was upgraded meanwhile.

* bind CVE-2019-6470: cpe got corrected in nvd db
* libxml2 CVE-2023-45322: version is now higher than NVD cpe
* zlib CVE-2023-45853: version is now higher than NVD cpe
* gcc CVE-2021-37322: version is now higher than NVD cpe
* python3
  * CVE-2007-4559: version is now higher than NVD cpe
  * CVE-2019-18348: version is now higher than NVD cpe
  * CVE-2020-15523: version is now higher than NVD cpe
  * CVE-2022-26488: version is now higher than NVD cpe
  * CVE-2015-20107: version is now higher than NVD cpe
  * CVE-2023-36632: version is now higher than NVD cpe
* rust
  * CVE-2024-24576: NVD has no cpe, but we have newer version as fix
  * CVE-2024-43402: version is now higher than NVD cpe
* cups CVE-2021-25317: version is now higher than NVD cpe
* ghostscript CVE-2023-38559: version is now higher than NVD cpe
* libtirpc CVE-2021-46828: version is now higher than NVD cpe
* unzip CVE-2008-0888: version is now higher than NVD cpe
* ffmpeg CVE-2023-39018: cpe got corrected in nvd db
* libxslt CVE-2022-29824: version is now higher than NVD cpe
* libyaml
  * CVE-2024-35325: CVE is now rejected in NVD DB
  * CVE-2024-35326: CVE is now rejected in NVD DB
  * CVE-2024-35328: CVE is now rejected in NVD DB

Also add comment for iputils regarding reports for FKIE/NVD2.

Also remove some trailing spaces in python recipe.

(From OE-Core rev: 73ee9789183aa95072af2b51ac9e08203f4e33f9)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Liu Yiding
ef86bd8979 python3-jsonschema: upgrade 4.24.0 -> 4.25.0
Changelog:
=========
- Add support for the iri and iri-reference formats to the format-nongpl

(From OE-Core rev: 875e622eaa318eecd8214c2481d431e6a88e8419)

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Liu Yiding
228346b043 python3-hatch-vcs: upgrade 0.4.0 -> 0.5.0
Changelog:
==========
- Drop support for Python 3.8
- Officially support Python 3.13
- Avoid a deprecation warning emitted by a dependency when using the tag-pattern option

(From OE-Core rev: bbc00f129553e3c9ccaca0a62afdbc22eb573590)

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Liu Yiding
27d9b0412c python3-dtschema: upgrade 2025.6.1 -> 2025.8
Changelog:
==========
- Add /chosen bootsource property
- Add /chosen KHO (for Linux kernel kexec) properties
- Extend wakeup-source property to define modes
- Add system level idle states
- Add '-db' property unit suffix

(From OE-Core rev: 77bc2f5c1dad9ed4d8a269c9cb3dc8f1c63a1d86)

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Liu Yiding
434aec2b9a python3-cython: upgrade 3.1.2 -> 3.1.3
Changelog:
==========
- Some method calls with 0 or 1 argument failed to use ``PyObject_VectorCallMethod()``.
- Walrus assignments of literal Python integers could generate invalid C code.
  (Github issue :issue:`6989`)
- ``cython.pythread_type_lock`` (also used as fallback for ``cython.pymutex``)
  could stall on heavily contended locks.
  (Github issue :issue:`6999`)
- C string arrays (not pointers) always coerced to the Python default string type,
  even on explicit casts to other string types.
  (Github issue :issue:`7020`)
- Unterminated ``\N{}`` character escapes in strings could unrail the parser.
  (Github issue :issue:`7056`)
- An internal C function was not marked as ``static`` and leaked a linker symbol.
  (Github issue :issue:`6957`)
- Some Unicode letters were not recognised as lexically valid name parts.
  (Github issue :issue:`7059`)
- Compatibility with PyPy3.8 was lost by accident.
- The Linux binary wheels of 3.1.2 used SSSE3 CPU instructions which are not available on some CPUs.
  (Github issue :issue:`7038`)

(From OE-Core rev: 14c2006bce8861eaf2b65d5c71097e67d1af19cf)

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Liu Yiding
7e512323e9 python3-click: upgrade 8.2.1 -> 8.2.2
Changelog:
==========
- Fix reconciliation of default, flag_value and type parameters for
  flag options, as well as parsing and normalization of environment variables.
- Fix typing issue in BadParameter and MissingParameter exceptions for the
  parameter param_hint that did not allow for a sequence of string where the
  underlying functino _join_param_hints allows for it.
- Use the value of Enum choices to render their default value in help
  screen.
- Fix completion for the Z shell (zsh) for completion items containing
  colons.
- Don't include envvar in error hint when not configured.
- Fix a rare race in click.testing.StreamMixer's finalization that manifested
  as a ValueError on close in a multi-threaded test session.

(From OE-Core rev: 8a5a2fabac46df8ce22c6d645af6b278283c9c00)

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Peter Marko
21cedd6086 binutils: set status for CVE-2025-7545 and CVE-2025-7546
The patches linked in NVD reports are present in binutils-2_45-branch.
Technically the NVD is wrong (=2.45 should be <2.45), but fixing it in
the recipe is not problematic as all cpe-stable-backport will be
automatically removed in next upgrade so will not be "kept forever".

CVE-2025-7545
* https://nvd.nist.gov/vuln/detail/CVE-2025-7545
* https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944

CVE-2025-7546
* https://nvd.nist.gov/vuln/detail/CVE-2025-7546
* https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b

(From OE-Core rev: 0fb876e247faea84dfa8fd302b80cb7afdc575d9)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00
Khem Raj
6471b9a898 python3: Address failing ptests on musl
Take a partial patch to disable portion of test_makedev, its also applied
in alpine. NODEV does not exist on musl

Add test_null_dlsym to ignore list on musl, it needs GNU ifunc support
and musl does not implement GNU ifuncs

fixes
Failed ptests:
{'python3': ['test_null_dlsym', 'test_makedev', 'python3']}

(From OE-Core rev: c197de49d6b406be5fc79b6e17c397c834efc1b0)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:21 +01:00
Harish Sadineni
9be7072616 gcc-testsuite: Fix test failures with output pattern due to ssh warning.
when running oe-selftest for gcc some of the output pattern matchng test cases
were getting failed due to below issue.

Output line 1 was:
Warning: Permanently added '192.168.7
Should match (from /poky/poky/build-st/tmp/work-shared/gcc-15.1.0-r0/sources/
gcc-15.1.0/gcc/testsuite/gcc.dg/dg-output-file-1-lp64.txt):
This is a test output for lp64 target
Failed test for output line 1 This is a test output for lp64 target

(From OE-Core rev: 08200d7ac9d96996dbc1f913bcc0c8bee13592f8)

Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:21 +01:00
Harish Sadineni
a6ce306fd3 gcc: Oe-selftest failure analysis - fix for pr90579.c test failures
When gcc build with PIE enabled the following tests
were getting failed:
 FAIL: gcc.target/i386/pr90579.c scan-assembler vaddsd\tr\\+40
 FAIL: gcc.target/i386/pr90579.c scan-assembler vaddsd\tr\\+32
 FAIL: gcc.target/i386/pr90579.c scan-assembler vaddsd\tr\\+24
 FAIL: gcc.target/i386/pr90579.c scan-assembler vaddsd\tr\\+16

Detailed bug info & upstream fix is here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118885

Upstream Status: Backport [https://gcc.gnu.org/cgit/gcc/commit/?id=679e24f5a751663998ff7202149a749e0f7251f9]

(From OE-Core rev: 7641e08044203ac9dde9a53b91bd01f9432d11f2)

Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:21 +01:00
Khem Raj
02bf521a23 elfutils: Remove run-backtrace-dwarf from musl ptest XFAILs list
This is passing ok with gcc/libgcc on YP AB

(From OE-Core rev: c1bb95055810b272237d5a143f7e01a270e74868)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:21 +01:00
Khem Raj
0a8268ebd0 python3-rpds-py: Upgrade to 0.27.0
Allow packaging of wheels for riscv64 architecture

(From OE-Core rev: 56a32c0b0294d55e75ea54046fb1508f9ff17e4b)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:20 +01:00
Khem Raj
efbba14b4d python3: Pass PLATFORM_TRIPLET explicitly when cross compiling
Do not rely on how python detects the platform triplet

We have been lucky to get it cross-compiling since our build hosts
are also using glibc, so the headers and gcc install locations match
and the values it detects are mostly what we will need for glibc
based targets, but when we use musl e.g. the problems show up where
python3 is not able to automitically discover python modules so any
python package having compiled .so modules fail to load.

Example is ptest failures with TCLIBC = "musl"
and running core-image-ptest-python3-rpds-py

This is revamp of patch [1], currently its working for glibc
based cross-compiling because we build on linux systems which are also
glibc based, but python on musl shows the problem.
When python was upgraded to 3.12 [2], this patch was wrongly dropped
and sadly regression went unnoticed, without this patch
Python's automatic module discovery does not work when it is cross-compiled
this is because it tries host tools and compiler installation during configure
to detect it. .so modules e.g. modulename.cpython-*.so are not seen as a result.

This is seen when running python3-rpds-py ptests where it should load
rpds.cpython-313-x86_64-linux-musl.so rpds.so but it does not and the module test
fail.

root@qemux86-64:/usr/lib/python3-rpds-py/ptest# python3 -c "
 import sysconfig
 import importlib.machinery
 print('Extension suffixes:', importlib.machinery.EXTENSION_SUFFIXES)
 print('Soabi:', sysconfig.get_config_var('SOABI'))
 print('Ext suffix:', sysconfig.get_config_var('EXT_SUFFIX'))
 print('Module suffix:', sysconfig.get_config_var('SO'))
 "
Extension suffixes: ['.cpython-313.so', '.abi3.so', '.so']
Soabi: cpython-313
Ext suffix: .cpython-313.so
Module suffix: None

And after fix it is.

root@qemux86-64:~# python3 -c "
 import sysconfig
 import importlib.machinery
 print('Extension suffixes:', importlib.machinery.EXTENSION_SUFFIXES)
 print('Soabi:', sysconfig.get_config_var('SOABI'))
 print('Ext suffix:', sysconfig.get_config_var('EXT_SUFFIX'))
 print('Module suffix:', sysconfig.get_config_var('SO'))
 "
Extension suffixes: ['.cpython-313-x86_64-linux-musl.so', '.abi3.so', '.so']
Soabi: cpython-313-x86_64-linux-musl
Ext suffix: .cpython-313-x86_64-linux-musl.so
Module suffix: None

[1] https://git.openembedded.org/openembedded-core/commit/?id=407744b00d702e3133304e1b43064a5634ca02cf
[2] https://git.openembedded.org/openembedded-core/commit/?id=716d82352545d3667a658b69d65d6127678dd150

(From OE-Core rev: 7bb157e48f5e5272db7506c7eb3118209dc3b35f)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:20 +01:00
Khem Raj
a0c40abc3c elfutils: Add run-backtrace-{native|data}.sh to known failures
musl's thread startup/teardown sequences and frame-pointer handling
differ from glibc. elfutils can fail to terminate unwinds properly
in multithreaded musl apps which leads to truncated or bogus traces
and then the test's "must contain main" assertion fails.

Skip this test on musl systems

(From OE-Core rev: 6f89b8386b70d35cb27bb90348857ddecda5ed3e)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:20 +01:00
Khem Raj
72d1535163 m4: Fix ptest on musl
Fixes
../../sources/m4-1.4.20/tests/test-c32ispunct.c:261: assertion 'is == 0' failed
./test-c32ispunct.sh: line 36:   402 Aborted
(core dumped) LC_ALL="$testlocale" ${CHECKER} ./test-c32ispunct${EXEEXT} 3

FAIL: test-c32ispunct.sh

(From OE-Core rev: f39537e8b84d0640fb8a7406ebf2396b532cdb57)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:20 +01:00
Peter Marko
16287e7cb4 Revert "dpkg: set status for CVE-2025-6297"
This reverts commit 5dce840ba8.

CVE entry was corrected in NVD DB.
It looks like NVD is now getting faster and more reliable with
annotations...

(From OE-Core rev: 3a5bfe4c4db692f10aab090a73c412eb75ea1bb5)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-25 17:47:20 +01:00
Khem Raj
e7423ae09e strace: Fix uio test and ignore pwritev|pwrite64 tests on musl
The pwritev and pwrite64 are wrappers over pwritev2 syscall in
musl but strace assumes glibc behavior, ignore them for now

(From OE-Core rev: 38f4f3bfbe2f9625737af15422423b00c32ee076)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-21 10:29:56 +01:00
Osama Abdelkader
2610ae9e28 squashfs-tools: upgrade 4.7 -> 4.7.2
Changes:
Fix build with non-static include
print_pager: make inline quoted_bs_char() static

Release notes:
https://github.com/plougher/squashfs-tools/releases/tag/4.7.2

(From OE-Core rev: ccba60186ba9b71bce8f5158b423d09d9d1bb851)

Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-21 10:29:56 +01:00
Moritz Haase
20ed34abb6 libcomps: upgrade 0.1.21 -> 0.1.22
The project did not publish release notes, but the list of changes is available
at [0]. The new release brings a fix for [1] and ships the patch to build with
CMake 4+.

[0]: https://github.com/rpm-software-management/libcomps/compare/0.1.21...0.1.22
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=2331665

(From OE-Core rev: c780e8a17d80de4d2845092874153a4bb29f7493)

Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-21 10:29:56 +01:00
Peter Marko
5dce840ba8 dpkg: set status for CVE-2025-6297
NVD tracks this CVE as "Up to (excluding) 2025-06-30"
(which is fix commit date, not dpkg version)

(From OE-Core rev: 75859969b5ed7359124198eb48c480b8f6fe6f8f)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-19 09:48:36 +01:00
Alexander Kanavin
0c1cfdedd5 python3-coherent-licensed: fix upstream version check
(From OE-Core rev: f9235cef554a5fc9db474edea5fe13a78fc6b12f)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-19 09:48:36 +01:00
Peter Marko
cfb073841d python3: upgrade 3.13.6 -> 3.13.7
Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-13-7-final

Refresh patches via devtool.

(From OE-Core rev: dea1e3d080631d71150e4078a7cadcb1ef6f097a)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-18 21:14:07 +01:00
Peter Marko
02544f6e75 go: upgrade 1.24.6 -> 1.25.0
Release Announcement: [1]
Release notes: [2]
Refreshes all patches.

[1] https://groups.google.com/g/golang-announce/c/BVrdugXW05c
[2] https://go.dev/doc/go1.25

(From OE-Core rev: 89770e94434253f1b08cea542cd7bb0d553dac09)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-18 21:14:07 +01:00
Khem Raj
36c6209b32 perl: Disable builtin memcpy & string inlines with gcc/x86-64-v3
PERL built with GCC 15 and -march=x86-64-v3 fails several
op/pack.t cases due to aggressive lowering of __builtin_memcpy
and inlined/fortified string ops. In pp_pack, some in-place copies
can overlap, treating memcpy as non-overlapping yields corrupted
bytes (zeros or wrong prefixes).

The issue does not reproduce with -march=core2.

When using x86-64-v3 memcpy gets emitted very aggressively
(vectorized / reordered) and assumes no overlap.

The flags force calls through libc (overlap-safe behavior),
restoring deterministic pack/unpack and fixing the test failures.

Inline functions could be faster in execution but correctness is
more important

Fixes [YOCTO #15950]

(From OE-Core rev: 6d557b16f1e45e616c6eb208e4d7a2f2839a2e4f)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-18 21:14:07 +01:00
Osama Abdelkader
c4af97420a strace: upgrade 6.15 -> 6.16
Upgrade to the latest upstream release (2025-08-05), which includes:
- Added new -N/--arg-names option to show syscall argument names
- Implemented PTRACE_SET_SYSCALL_INFO ptrace API support from Linux 6.16
- Decoding updates for SO_RCVPRIORITY, SO_PASSRIGHTS, RTA_NH_ID, RTA_FLOWLABEL
- Enhanced statx syscall decoding and numerous new constant/ioctl updates

(From OE-Core rev: de55fbe7f8ca2567a8743dcbcd533430cc642ca4)

Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-14 10:31:11 +01:00
Gyorgy Sarvari
605373567b python3-click: upgrade 8.1.8 -> 8.2.1
Some new tests use pytest's terminal reporter internally, which requires full
"cat" and "less", busybox isn't enough - RDEPENDS is adapted accordingly.

ptest passed:
====================================
Testsuite summary
 TOTAL: 761
 PASS: 739
 SKIP: 21
 XFAIL: 1
 FAIL: 0
 XPASS: 0
 ERROR: 0
DURATION: 2
END: /usr/lib/python3-click/ptest
2025-08-13T15:51
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Changelog: https://click.palletsprojects.com/en/stable/changes/

(From OE-Core rev: 37edc3bbe87831ff08aec5d7c71f3edf92496ab0)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-14 10:31:11 +01:00
Khem Raj
f852c4e31d elfutils: Mark failing ptests on musl as xfails
Elfutils tests do not all run cleanly on musl systems. Make the current set
as baseline by making the failing tests as XFAILS. This helps to not regress
further more.

(From OE-Core rev: c962949c7d70a40f94fb41c342b7a282578069ed)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-14 10:31:10 +01:00
Khem Raj
7810f55a15 elfutils: Add provisions for marking XFAILS in ptests
elfuitls testsuites do not pass on all kind of distro features e.g.
with musl there are failures and with ld-is-lld less numer but it shows
failures too. Make run-ptest treat these as known failures.

(From OE-Core rev: 54f4588d49f5164aa8a404a1cb6a9984fd2b49cd)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-14 10:31:10 +01:00
Osama Abdelkader
a669cd2e0c go-cross-canadian: fix binaries install and GOARCH
set GOARCH to HOST_GOARCH which is set from SDKMACHINE,
since GOARCH defaults to TARGET_GOARCH, which is set from MACHINE (wrong arch).

Also fix do_install to correctly install all binaries from
${GO_BUILD_BINDIR} by using 'find -type f' to avoid issues when the
directory contains subdirectories (e.g. "linux_arm").

(From OE-Core rev: 31e3bd61c7986bc044e547aa5cb9caba7b32bf22)

Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-14 10:31:10 +01:00
Khem Raj
4d0f99a61f gcc: Upgrade to 15.2.0 release
This is a point release in GCC-15 release series with
number of bugfixes ( 123 to be exact ) as detailed here [1]

Drop backports available in this release

[1] https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&list_id=485623&resolution=FIXED&target_milestone=15.2

(From OE-Core rev: a7ed61f7b16fddce40c9b2f420783ca8838a2751)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-14 10:31:10 +01:00
Khem Raj
e9e5247f44 python3-numpy: Skip running test_validate_transcendentals ptest
This test fails [1] with x86-64-v3, surfaces when we switch default
tune for qemux86-64 to be x86-64-v3 or newer

Test seems to compare exact floating point numbers but it might not be
precise enough and comparison may fail.

[1] https://github.com/numpy/numpy/issues/27460

(From OE-Core rev: aaf986bfa93b91a64cbf1c4e23b7fe961bdbb1f7)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-14 10:31:10 +01:00
Gyorgy Sarvari
fddc590bb0 lua: upgrade 5.4.7 -> 5.4.8
License-Update: copyright year bump

ptests passed:

PASS: lua
DURATION: 0
END: /usr/lib/lua/ptest
2025-08-11T12:07
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Changelog:
https://github.com/lua/lua/compare/v5.4.7...v5.4.8

(From OE-Core rev: e44aec2610deffc5af2873cf4067a03142dfa384)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-14 10:31:10 +01:00