* [OE-core][wrynose 01/21] libpcap: fix error message on 32-bit integer overflow
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
@ 2026-06-10 22:54 ` Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 02/21] lttng-modules: Fix trace_hrtimer_start build failure Yoann Congal
` (19 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:54 UTC (permalink / raw)
To: openembedded-core
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Upstream fix: https://github.com/the-tcpdump-group/libpcap/commit/0d8bd2f67c16637c4d25d81fb24cdcebc35afce6
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
(cherry picked from commit e5a1ba482ffcccd04fc3efc7a3ab2bc8a4155f15)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...ssages-about-32-bit-integer-overflow.patch | 158 ++++++++++++++++++
.../libpcap/libpcap_1.10.6.bb | 4 +-
2 files changed, 161 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/0001-Fix-error-messages-about-32-bit-integer-overflow.patch
diff --git a/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-error-messages-about-32-bit-integer-overflow.patch b/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-error-messages-about-32-bit-integer-overflow.patch
new file mode 100644
index 00000000000..4f2af537626
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-error-messages-about-32-bit-integer-overflow.patch
@@ -0,0 +1,158 @@
+From 217c3a07c7db694324b5c61eaaa07774735e2d7d Mon Sep 17 00:00:00 2001
+From: Denis Ovsienko <denis@ovsienko.info>
+Date: Thu, 9 Oct 2025 20:51:45 +0100
+Subject: [PATCH] Fix error messages about 32-bit integer overflow.
+
+Since commit a5cac25 stoulen() takes a pointer to a string and a
+length of the string and uses the length to report a problem about the
+string. However, by that time it has already modified the length, so
+the error message does not match the input:
+
+$ filtertest RAW '123456789012345'
+filtertest: number 1234 overflows 32 bits
+$ filtertest RAW '12345678901234567890'
+filtertest: number 123456789 overflows 32 bits
+$ filtertest RAW '123456789012345678901234567890'
+filtertest: number 1234567890123456789 overflows 32 bits
+$ filtertest RAW '0123456701234'
+filtertest: number overflows 32 bits
+$ filtertest RAW '0x100000000'
+filtertest: number overflows 32 bits
+
+Consequently, if more than one number in the filter expression is out of
+range, it can be not immediately obvious which one it is:
+
+$ filtertest RAW '4294967296 != 4294967297'
+filtertest: number overflows 32 bits
+
+To fix this, in stoulen() keep a copy of the original string length and
+use it for the error reporting. Ibid., factor the format string out and
+show the base in the message. Simplify the forward declaration. Add
+two comments to outline the clash space between certain MAC-48 addresses
+and certain octal integers. Document this syntax peculiarity in the man
+page and add a few basic reject tests.
+
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/0d8bd2f67c16637c4d25d81fb24cdcebc35afce6]
+Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
+---
+ pcap-filter.manmisc.in | 9 ++++++++-
+ scanner.l | 33 ++++++++++++++++++++++++---------
+ 2 files changed, 32 insertions(+), 10 deletions(-)
+
+diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in
+index bfb692ff..929d668d 100644
+--- a/pcap-filter.manmisc.in
++++ b/pcap-filter.manmisc.in
+@@ -18,7 +18,7 @@
+ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ .\"
+-.TH PCAP-FILTER @MAN_MISC_INFO@ "13 June 2023"
++.TH PCAP-FILTER @MAN_MISC_INFO@ "9 October 2025"
+ .SH NAME
+ pcap-filter \- packet filter syntax
+ .br
+@@ -886,6 +886,13 @@ integer constants (expressed in standard C syntax), the normal binary operators
+ a length operator, and special packet data
+ accessors. Note that all comparisons are unsigned, so that, for example,
+ 0x80000000 and 0xffffffff are > 0.
++.LP
++Note that 32-bit octal integer constants in the [010000000000 .. 037777777777]
++interval, which includes 75% of all 32-bit integers, are interpreted as MAC-48
++addresses when prepended with a single zero (e.g., 012345670123 means
++01:23:45:67:01:23). To disambiguate the expression, prepend such an octal
++number with more zeroes (0012345670123) or represent the same value using a
++decimal (1402433619) or hexadecimal (0x53977053) number.
+ .IP
+ The
+ .B %
+diff --git a/scanner.l b/scanner.l
+index 57779497..49aaeab2 100644
+--- a/scanner.l
++++ b/scanner.l
+@@ -48,8 +48,8 @@ typedef enum {
+ STOULEN_ERROR
+ } stoulen_ret;
+
+-stoulen_ret stoulen(const char *string, size_t stringlen, bpf_u_int32 *val,
+- compiler_state_t *cstate);
++stoulen_ret stoulen(const char *, const size_t, bpf_u_int32 *,
++ compiler_state_t *);
+ }
+
+ /*
+@@ -244,6 +244,12 @@ V6004 ::{N}\.{N}\.{N}\.{N}
+
+ V6 ({V680}|{V670}|{V671}|{V672}|{V673}|{V674}|{V675}|{V676}|{V677}|{V660}|{V661}|{V662}|{V663}|{V664}|{V665}|{V666}|{V650}|{V651}|{V652}|{V653}|{V654}|{V655}|{V640}|{V641}|{V642}|{V643}|{V644}|{V630}|{V631}|{V632}|{V633}|{V620}|{V621}|{V622}|{V610}|{V611}|{V600}|{V6604}|{V6504}|{V6514}|{V6524}|{V6534}|{V6544}|{V6554}|{V6404}|{V6414}|{V6424}|{V6434}|{V6444}|{V6304}|{V6314}|{V6324}|{V6334}|{V6204}|{V6214}|{V6224}|{V6104}|{V6114}|{V6004})
+
++ /*
++ * In the regexp below the "{B2}{3}" form matches all octal numbers in
++ * the [010000000000 .. 077777777777] interval that use a single leading
++ * zero. The interval includes both integer values that fit into 32
++ * bits and values that don't.
++ */
+ MAC ({B}:{B}:{B}:{B}:{B}:{B}|{B}\-{B}\-{B}\-{B}\-{B}\-{B}|{B}\.{B}\.{B}\.{B}\.{B}\.{B}|{B2}\.{B2}\.{B2}|{B2}{3})
+
+
+@@ -486,13 +492,16 @@ tcp-cwr { yylval->h = 0x80; return NUM; }
+ */
+ DIAG_ON_FLEX
+
++#define FORMAT_OVERFLOWS_32_BITS "%s number %.*s overflows 32 bits"
++
+ stoulen_ret
+-stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
++stoulen(const char *string, const size_t orig_string_len, bpf_u_int32 *val,
+ compiler_state_t *cstate)
+ {
+ bpf_u_int32 n = 0;
+ unsigned int digit;
+ const char *s = string;
++ size_t string_len = orig_string_len;
+
+ /*
+ * string is guaranteed either to be a string of decimal digits
+@@ -538,8 +547,8 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
+ * in 32 bits.
+ */
+ bpf_set_error(cstate,
+- "number %.*s overflows 32 bits",
+- (int)string_len, string);
++ FORMAT_OVERFLOWS_32_BITS,
++ "hexadecimal", (int)orig_string_len, string);
+ return STOULEN_ERROR;
+ }
+ n = (n << 4) + digit;
+@@ -573,10 +582,16 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
+ * number, and are about to add
+ * 3 more; that won't fit in
+ * 32 bits.
++ *
++ * This code path depends on using more
++ * than one leading zero for all values
++ * in the [040000000000 .. 077777777777]
++ * interval, otherwise the MAC regexp
++ * above consumes the string first.
+ */
+ bpf_set_error(cstate,
+- "number %.*s overflows 32 bits",
+- (int)string_len, string);
++ FORMAT_OVERFLOWS_32_BITS,
++ "octal", (int)orig_string_len, string);
+ return STOULEN_ERROR;
+ }
+ n = (n << 3) + digit;
+@@ -609,8 +624,8 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
+ * number that won't fit in 32 bits.
+ */
+ bpf_set_error(cstate,
+- "number %.*s overflows 32 bits",
+- (int)string_len, string);
++ FORMAT_OVERFLOWS_32_BITS,
++ "decimal", (int)orig_string_len, string);
+ return STOULEN_ERROR;
+ }
+ n = (n * 10) + digit;
+--
+2.34.1
+
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
index 9b259396f06..d381a4eb2fe 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
@@ -10,7 +10,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
DEPENDS = "flex-native bison-native"
-SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.xz"
+SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.xz \
+ file://0001-Fix-error-messages-about-32-bit-integer-overflow.patch \
+ "
SRC_URI[sha256sum] = "ec97d1206bdd19cb6bdd043eaa9f0037aa732262ec68e070fd7c7b5f834d5dfc"
inherit autotools binconfig-disabled pkgconfig
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 02/21] lttng-modules: Fix trace_hrtimer_start build failure
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 01/21] libpcap: fix error message on 32-bit integer overflow Yoann Congal
@ 2026-06-10 22:54 ` Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 03/21] perf: make libraries for install_headers configurable Yoann Congal
` (18 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:54 UTC (permalink / raw)
To: openembedded-core
From: He Zhe <zhe.he@windriver.com>
Fix the following build failure
probes/../../include/lttng/tracepoint-event-impl.h:133:6: error: conflicting
types for 'trace_hrtimer_start'; have 'void(struct hrtimer *, enum hrtimer_mode)'
133 | void trace_##_name(_proto);
| ^~~~~~
Signed-off-by: He Zhe <zhe.he@windriver.com>
[YC: this is a partial backport of
commit 7dae5f40e394 ("lttng-modules: fix build against kernel 7.1+")]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...ce-trace-noise-in-hrtimer_start-v7.1.patch | 103 ++++++++++++++++++
.../lttng/lttng-modules_2.14.4.bb | 1 +
2 files changed, 104 insertions(+)
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch
new file mode 100644
index 00000000000..a6fe47737ec
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch
@@ -0,0 +1,103 @@
+From b77f94c7a7109e70a97bf936b72d66d611187d61 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 25 May 2026 10:38:18 -0400
+Subject: [PATCH] fix: hrtimer: Reduce trace noise in hrtimer_start() (v7.1)
+
+See upstream commit:
+
+ commit f2e388a019e4cf83a15883a3d1f1384298e9a6aa
+ Author: Thomas Gleixner <tglx@kernel.org>
+ Date: Tue Feb 24 17:36:59 2026 +0100
+
+ hrtimer: Reduce trace noise in hrtimer_start()
+
+ hrtimer_start() when invoked with an already armed timer traces like:
+
+ <comm>-.. [032] d.h2. 5.002263: hrtimer_cancel: hrtimer= ....
+ <comm>-.. [032] d.h1. 5.002263: hrtimer_start: hrtimer= ....
+
+ Which is incorrect as the timer doesn't get canceled. Just the expiry time
+ changes. The internal dequeue operation which is required for that is not
+ really interesting for trace analysis. But it makes it tedious to keep real
+ cancellations and the above case apart.
+
+ Remove the cancel tracing in hrtimer_start() and add a 'was_armed'
+ indicator to the hrtimer start tracepoint, which clearly indicates what the
+ state of the hrtimer is when hrtimer_start() is invoked:
+
+ <comm>-.. [032] d.h1. 6.200103: hrtimer_start: hrtimer= .... was_armed=0
+ <comm>-.. [032] d.h1. 6.200558: hrtimer_start: hrtimer= .... was_armed=1
+
+Change-Id: I37ee0ae0af665a51fd4f92adffb6b1dcb2ecd9d2
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/b77f94c7a7109e70a97bf936b72d66d611187d61]
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ include/instrumentation/events/timer.h | 39 ++++++++++++++++++++++++--
+ 1 file changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/include/instrumentation/events/timer.h b/include/instrumentation/events/timer.h
+index f69e069b..dfc295e0 100644
+--- a/include/instrumentation/events/timer.h
++++ b/include/instrumentation/events/timer.h
+@@ -220,12 +220,43 @@ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_init,
+ )
+ )
+
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(7,1,0) || \
++ LTTNG_KERNEL_RANGE(7,0,10, 7,1,0) || \
++ LTTNG_KERNEL_RANGE(6,18,33, 6,19,0) || \
++ LTTNG_KERNEL_RANGE(6,12,91, 6,13,0) || \
++ LTTNG_KERNEL_RANGE(6,6,141, 6,7,0))
+ /**
+ * hrtimer_start - called when the hrtimer is started
+- * @timer: pointer to struct hrtimer
++ * @hrtimer: pointer to struct hrtimer
++ * @mode: the hrtimers mode
++ * @was_armed: Was armed when hrtimer_start*() was invoked
+ */
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,16,0) || \
++LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
++
++ timer_hrtimer_start,
++
++ TP_PROTO(struct hrtimer *hrtimer, enum hrtimer_mode mode, bool was_armed),
++
++ TP_ARGS(hrtimer, mode, was_armed),
++
++ TP_FIELDS(
++ ctf_integer_hex(void *, hrtimer, hrtimer)
++ ctf_integer_hex(void *, function, hrtimer->function)
++ ctf_integer(s64, expires,
++ lttng_ktime_get_tv64(hrtimer_get_expires(hrtimer)))
++ ctf_integer(s64, softexpires,
++ lttng_ktime_get_tv64(hrtimer_get_softexpires(hrtimer)))
++ ctf_enum(hrtimer_mode, unsigned int, mode, mode)
++ ctf_integer(bool, was_armed, was_armed)
++ )
++)
++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,16,0) || \
+ LTTNG_RT_KERNEL_RANGE(4,14,0,0, 4,15,0,0))
++/**
++ * hrtimer_start - called when the hrtimer is started
++ * @hrtimer: pointer to struct hrtimer
++ * @mode: the hrtimers mode
++ */
+ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+
+ timer_hrtimer_start,
+@@ -245,6 +276,10 @@ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+ )
+ )
+ #else
++/**
++ * hrtimer_start - called when the hrtimer is started
++ * @hrtimer: pointer to struct hrtimer
++ */
+ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+
+ timer_hrtimer_start,
+--
+2.34.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.14.4.bb b/meta/recipes-kernel/lttng/lttng-modules_2.14.4.bb
index 722b1ac5ddd..b2c697d365d 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.14.4.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.14.4.bb
@@ -15,6 +15,7 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
# Use :append here so that the patch is applied also when using devupstream
SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch \
file://0001-fix-adjust-range-in-btrfs-probe-for-v6.18.14.patch \
+ file://0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch \
"
SRC_URI[sha256sum] = "63deefbc15d9ce7c43d858187533367b01dcb6e8469d6b69ccb757d6d3dbb0ad"
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 03/21] perf: make libraries for install_headers configurable
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 01/21] libpcap: fix error message on 32-bit integer overflow Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 02/21] lttng-modules: Fix trace_hrtimer_start build failure Yoann Congal
@ 2026-06-10 22:54 ` Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 04/21] cups: fix CVE-2026-34978 Yoann Congal
` (17 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:54 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Older kernels don't support install_headers for all libraries.
For instance kernel 6.1 fails for two (api and symbol) with:
make: *** No rule to make target 'install_headers'. Stop.
Also sort the list when moving to variable.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 089e2571b1a220607b00a16c87c1a2dcdcde9792)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-kernel/perf/perf.bb | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index f24b44954e7..c3ef25fd999 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -169,6 +169,9 @@ PERF_EXTRA_LDFLAGS:mipsarchn32el = "-m elf32ltsmipn32"
PERF_EXTRA_LDFLAGS:mipsarchn64eb = "-m elf64btsmip"
PERF_EXTRA_LDFLAGS:mipsarchn64el = "-m elf64ltsmip"
+# override for older kernels which don't support installing headers for all libraries
+REPRODUCIBLE_HEADERS_TARGETS ?= "api bpf perf subcmd symbol"
+
do_compile() {
# Linux kernel build system is expected to do the right thing
unset CFLAGS
@@ -179,7 +182,7 @@ do_compile() {
# There are two copies of internal headers such as:
# libperf/include/internal/xyarray.h and tools/lib/perf/include/internal/xyarray.h
# For reproducibile binaries, we need to find one copy, hence force libXXX to be created first
- for i in api bpf subcmd symbol perf
+ for i in ${REPRODUCIBLE_HEADERS_TARGETS}
do
oe_runmake -C ${S}/tools/lib/$i DESTDIR=${B}/lib$i prefix= install_headers V=1
done
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 04/21] cups: fix CVE-2026-34978
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (2 preceding siblings ...)
2026-06-10 22:54 ` [OE-core][wrynose 03/21] perf: make libraries for install_headers configurable Yoann Congal
@ 2026-06-10 22:54 ` Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 05/21] cups: fix CVE-2026-34979 Yoann Congal
` (16 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:54 UTC (permalink / raw)
To: openembedded-core
From: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
In CUPS versions 2.4.16 and prior, the RSS notifier allows
path traversal in notify-recipient-uri (e.g., rss:///../job.cache),
letting a remote IPP client write RSS XML bytes outside
CacheDir/rss. Because CacheDir is group-writable by default,
the notifier (running as lp) can overwrite root-managed state
files via temp-file + rename(), leading to job cache corruption
and loss of queued jobs after restart.
Apply upstream fix to prevent path traversal in RSS notifier.
Reference:
[ https://nvd.nist.gov/vuln/detail/CVE-2026-34978 ]
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2026-34978.patch | 120 ++++++++++++++++++
2 files changed, 121 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-34978.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 2724ce72fba..e739cfa5797 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -15,6 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://0004-cups-fix-multilib-install-file-conflicts.patch \
file://volatiles.99_cups \
file://cups-volatiles.conf \
+ file://CVE-2026-34978.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2026-34978.patch b/meta/recipes-extended/cups/cups/CVE-2026-34978.patch
new file mode 100644
index 00000000000..043cab86eab
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2026-34978.patch
@@ -0,0 +1,120 @@
+From 730347c5bbd5e1271149c6739aa858c0c83a7568 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Tue, 31 Mar 2026 14:18:26 -0400
+Subject: [PATCH] Fix RSS notifier.
+
+OpenPrinting CUPS is an open source printing system for Linux and other
+Unix-like operating systems. In versions 2.4.16 and prior, the RSS
+notifier allows .. path traversal in notify-recipient-uri (e.g.,
+rss:///../job.cache), letting a remote IPP client write RSS XML bytes
+outside CacheDir/rss (anywhere that is lp-writable). In particular,
+because CacheDir is group-writable by default (typically root:lp and
+mode 0770), the notifier (running as lp) can replace root-managed state
+files via temp-file + rename(). This PoC clobbers CacheDir/job.cache
+with RSS XML, and after restarting cupsd the scheduler fails to parse
+the job cache and previously queued jobs disappear.
+
+CVE: CVE-2026-34978
+
+Upstream-Status: Backport [ https://github.com/OpenPrinting/cups/commit/730347c5bbd5e1271149c6739aa858c0c83a7568 ]
+
+Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
+
+---
+ notifier/rss.c | 20 ++++++++++++++------
+ scheduler/ipp.c | 14 +++++++++++++-
+ 3 files changed, 29 insertions(+), 7 deletions(-)
+
+diff --git a/notifier/rss.c b/notifier/rss.c
+index f17e1494c6..250ad877e7 100644
+--- a/notifier/rss.c
++++ b/notifier/rss.c
+@@ -1,11 +1,12 @@
+ /*
+ * RSS notifier for CUPS.
+ *
+- * Copyright © 2020-2024 by OpenPrinting.
+- * Copyright 2007-2015 by Apple Inc.
+- * Copyright 2007 by Easy Software Products.
++ * Copyright © 2020-2026 by OpenPrinting.
++ * Copyright © 2007-2015 by Apple Inc.
++ * Copyright © 2007 by Easy Software Products.
+ *
+- * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
++ * Licensed under Apache License v2.0. See the file "LICENSE" for more
++ * information.
+ */
+
+ /*
+@@ -80,6 +81,7 @@ main(int argc, /* I - Number of command-line arguments */
+ http_status_t status; /* HTTP GET/PUT status code */
+ char filename[1024], /* Local filename */
+ newname[1024]; /* filename.N */
++ struct stat fileinfo; /* Local file information */
+ cups_lang_t *language; /* Language information */
+ ipp_attribute_t *printer_up_time, /* Timestamp on event */
+ *notify_sequence_number,/* Sequence number */
+@@ -111,9 +113,9 @@ main(int argc, /* I - Number of command-line arguments */
+
+ if (httpSeparateURI(HTTP_URI_CODING_ALL, argv[1], scheme, sizeof(scheme),
+ username, sizeof(username), host, sizeof(host), &port,
+- resource, sizeof(resource)) < HTTP_URI_OK)
++ resource, sizeof(resource)) < HTTP_URI_OK || strstr(resource, "../") != NULL)
+ {
+- fprintf(stderr, "ERROR: Bad RSS URI \"%s\"!\n", argv[1]);
++ fprintf(stderr, "ERROR: Bad RSS URI \"%s\".\n", argv[1]);
+ return (1);
+ }
+
+@@ -209,6 +211,12 @@ main(int argc, /* I - Number of command-line arguments */
+ snprintf(filename, sizeof(filename), "%s/rss%s", cachedir, resource);
+ snprintf(newname, sizeof(newname), "%s.N", filename);
+
++ if (!lstat(filename, &fileinfo) && !S_ISREG(fileinfo.st_mode))
++ {
++ fprintf(stderr, "ERROR: Local RSS path \"%s\" is not a file.\n", filename);
++ return (1);
++ }
++
+ httpAssembleURIf(HTTP_URI_CODING_ALL, baseurl, sizeof(baseurl), "http",
+ NULL, server_name, atoi(server_port), "/rss%s", resource);
+ }
+diff --git a/scheduler/ipp.c b/scheduler/ipp.c
+index 174871741b..cb228b87c8 100644
+--- a/scheduler/ipp.c
++++ b/scheduler/ipp.c
+@@ -1,7 +1,7 @@
+ /*
+ * IPP routines for the CUPS scheduler.
+ *
+- * Copyright © 2020-2025 by OpenPrinting
++ * Copyright © 2020-2026 by OpenPrinting
+ * Copyright © 2007-2021 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
+ *
+@@ -1997,6 +1997,12 @@ add_job_subscriptions(
+ "notify-status-code", IPP_ATTRIBUTES);
+ return;
+ }
++ else if (!strcmp(scheme, "rss") && strstr(resource, "../") != NULL)
++ {
++ send_ipp_status(con, IPP_STATUS_ERROR_NOT_POSSIBLE, _("Bad notify-recipient-uri URI \"%s\"."), recipient);
++ ippAddInteger(con->response, IPP_TAG_SUBSCRIPTION, IPP_TAG_ENUM, "notify-status-code", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES);
++ return;
++ }
+ }
+ else if (!strcmp(attr->name, "notify-pull-method") &&
+ attr->value_tag == IPP_TAG_KEYWORD)
+@@ -6067,6 +6073,12 @@ create_subscriptions(
+ "notify-status-code", IPP_ATTRIBUTES);
+ return;
+ }
++ else if (!strcmp(scheme, "rss") && strstr(resource, "../") != NULL)
++ {
++ send_ipp_status(con, IPP_STATUS_ERROR_NOT_POSSIBLE, _("Bad notify-recipient-uri URI \"%s\"."), recipient);
++ ippAddInteger(con->response, IPP_TAG_SUBSCRIPTION, IPP_TAG_ENUM, "notify-status-code", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES);
++ return;
++ }
+ }
+ else if (!strcmp(attr->name, "notify-pull-method") &&
+ attr->value_tag == IPP_TAG_KEYWORD)
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 05/21] cups: fix CVE-2026-34979
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (3 preceding siblings ...)
2026-06-10 22:54 ` [OE-core][wrynose 04/21] cups: fix CVE-2026-34978 Yoann Congal
@ 2026-06-10 22:54 ` Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 06/21] cups: fix CVE-2026-34980 Yoann Congal
` (15 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:54 UTC (permalink / raw)
To: openembedded-core
From: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
In CUPS versions 2.4.16 and prior, a heap-based buffer
overflow exists in the scheduler when building filter
option strings from job attributes. A malicious IPP
client can trigger this overflow, potentially leading
to memory corruption and denial of service.
Apply upstream fix to ensure safe handling of filter
option strings and prevent buffer overflow.
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2026-34979.patch | 57 +++++++++++++++++++
2 files changed, 58 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-34979.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index e739cfa5797..78e0495d1c1 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -16,6 +16,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://volatiles.99_cups \
file://cups-volatiles.conf \
file://CVE-2026-34978.patch \
+ file://CVE-2026-34979.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2026-34979.patch b/meta/recipes-extended/cups/cups/CVE-2026-34979.patch
new file mode 100644
index 00000000000..eefb2ed43b8
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2026-34979.patch
@@ -0,0 +1,57 @@
+From 0ff8897367c7341f2500770c3977038cdd7c0214 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Tue, 31 Mar 2026 14:50:06 -0400
+Subject: [PATCH] Expand allocation of options string.
+
+OpenPrinting CUPS is an open source printing system for Linux and other
+Unix-like operating systems. In versions 2.4.16 and prior, there is a
+heap-based buffer overflow in the CUPS scheduler when building filter
+option strings from job attribute
+
+CVE: CVE-2026-34979
+
+Upstream-Status: Backport [ https://github.com/OpenPrinting/cups/commit/0ff8897367c7341f2500770c3977038cdd7c0214 ]
+
+Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
+---
+ scheduler/job.c | 16 ++++------------
+ 1 files changed, 4 insertions(+), 12 deletions(-)
+
+diff --git a/scheduler/job.c b/scheduler/job.c
+index af6390687..0494d7196 100644
+--- a/scheduler/job.c
++++ b/scheduler/job.c
+@@ -4192,18 +4192,6 @@ ipp_length(ipp_t *ipp) /* I - IPP request */
+
+ for (attr = ipp->attrs; attr != NULL; attr = attr->next)
+ {
+- /*
+- * Skip attributes that won't be sent to filters...
+- */
+-
+- if (attr->value_tag == IPP_TAG_NOVALUE ||
+- attr->value_tag == IPP_TAG_MIMETYPE ||
+- attr->value_tag == IPP_TAG_NAMELANG ||
+- attr->value_tag == IPP_TAG_TEXTLANG ||
+- attr->value_tag == IPP_TAG_URI ||
+- attr->value_tag == IPP_TAG_URISCHEME)
+- continue;
+-
+ /*
+ * Add space for a leading space and commas between each value.
+ * For the first attribute, the leading space isn't used, so the
+@@ -4279,10 +4267,14 @@ ipp_length(ipp_t *ipp) /* I - IPP request */
+
+ case IPP_TAG_TEXT :
+ case IPP_TAG_NAME :
++ case IPP_TAG_TEXTLANG :
++ case IPP_TAG_NAMELANG :
++ case IPP_TAG_MIMETYPE :
+ case IPP_TAG_KEYWORD :
+ case IPP_TAG_CHARSET :
+ case IPP_TAG_LANGUAGE :
+ case IPP_TAG_URI :
++ case IPP_TAG_URISCHEME :
+ /*
+ * Strings can contain characters that need quoting. We need
+ * at least 2 * len + 2 characters to cover the quotes and
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 06/21] cups: fix CVE-2026-34980
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (4 preceding siblings ...)
2026-06-10 22:54 ` [OE-core][wrynose 05/21] cups: fix CVE-2026-34979 Yoann Congal
@ 2026-06-10 22:54 ` Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 07/21] cups: fix CVE-2026-34990 Yoann Congal
` (14 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:54 UTC (permalink / raw)
To: openembedded-core
From: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
In CUPS versions 2.4.16 and prior, a network-exposed cupsd
with a shared target queue allows an unauthorized client
to send a Print-Job without authentication. The server
accepts a page-border value supplied as textWithoutLanguage,
preserves an embedded newline through option escaping and
reparse, and then reparses the resulting second-line PPD
text as a trusted scheduler control record. A follow-up
raw print job can therefore make the server execute an
attacker-chosen existing binary (e.g., /usr/bin/vim) as lp.
Apply upstream fix to prevent newline injection and
unauthorized execution in shared PostScript queues.
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2026-34980.patch | 88 +++++++++++++++++++
2 files changed, 89 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-34980.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 78e0495d1c1..f23411f44b5 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -17,6 +17,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://cups-volatiles.conf \
file://CVE-2026-34978.patch \
file://CVE-2026-34979.patch \
+ file://CVE-2026-34980.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2026-34980.patch b/meta/recipes-extended/cups/cups/CVE-2026-34980.patch
new file mode 100644
index 00000000000..ebf7a3a353a
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2026-34980.patch
@@ -0,0 +1,88 @@
+From 8d0f51cac24cb5bf949c5b6a221e51a150d982e3 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Tue, 31 Mar 2026 14:45:13 -0400
+Subject: [PATCH] Filter out control characters from option values.
+
+OpenPrinting CUPS is an open source printing system for Linux and other
+Unix-like operating systems. In versions 2.4.16 and prior, in a
+network-exposed cupsd with a shared target queue, an unauthorized client
+can send a Print-Job to that shared PostScript queue without
+authentication. The server accepts a page-border value supplied as
+textWithoutLanguage, preserves an embedded newline through option
+escaping and reparse, and then reparses the resulting second-line PPD:
+text as a trusted scheduler control record. A follow-up raw print job
+can therefore make the server execute an attacker-chosen existing binary
+such as /usr/bin/vim as lp.
+
+CVE: CVE-2026-34980
+
+Upstream-Status: Backport [ https://github.com/OpenPrinting/cups/commit/8d0f51cac24cb5bf949c5b6a221e51a150d982e3 ]
+
+Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
+---
+ scheduler/job.c | 41 +++++++++++++++++++++++++++++++++++------
+ 1 file changed, 37 insertions(+), 6 deletions(-)
+
+diff --git a/scheduler/job.c b/scheduler/job.c
+index 1fef9d0cd..af6390687 100644
+--- a/scheduler/job.c
++++ b/scheduler/job.c
+@@ -4118,9 +4118,21 @@ get_options(cupsd_job_t *job, /* I - Job */
+ case IPP_TAG_URI :
+ for (valptr = attr->values[i].string.text; *valptr;)
+ {
+- if (strchr(" \t\n\\\'\"", *valptr))
+- *optptr++ = '\\';
+- *optptr++ = *valptr++;
++ /*
++ * Convert tabs and newlines to spaces, filter out control chars,
++ * and escape \, ', and ".
++ */
++
++ if (isspace(*valptr & 255))
++ {
++ *optptr++ = ' ';
++ }
++ else if ((*valptr & 255) >= ' ' && *valptr != 0x7f)
++ {
++ if (strchr("\\\'\"", *valptr))
++ *optptr++ = '\\';
++ *optptr++ = *valptr++;
++ }
+ }
+
+ *optptr = '\0';
+@@ -5395,13 +5407,30 @@ update_job(cupsd_job_t *job) /* I - Job to check */
+ else if (loglevel == CUPSD_LOG_PPD)
+ {
+ /*
+- * Set attribute(s)...
++ * Set PPD keyword(s)/value(s)...
+ */
+
++ int i, /* Looping var */
++ num_keywords; /* Number of keywords */
++ cups_option_t *keywords, /* Keywords */
++ *keyword; /* Current keyword */
++
+ cupsdLogJob(job, CUPSD_LOG_DEBUG, "PPD: %s", message);
+
+- job->num_keywords = cupsParseOptions(message, job->num_keywords,
+- &job->keywords);
++ keywords = NULL;
++ num_keywords = cupsParseOptions(message, 0, &keywords);
++
++ for (i = 0, keyword = keywords; i < num_keywords; i ++)
++ {
++ /*
++ * Filter out "special" PPD keywords...
++ */
++
++ if (strcmp(keyword->name, "cupsFilter") && strcmp(keyword->name, "cupsFilter2") && strcmp(keyword->name, "cupsFinishingTemplate") && strcmp(keyword->name, "cupsIPPFinishings") && strcmp(keyword->name, "cupsIPPReason") && strcmp(keyword->name, "cupsMarkerName") && strcmp(keyword->name, "cupsMaxSize") && strncmp(keyword->name, "cupsMediaQualifier", 18) && strcmp(keyword->name, "cupsMinSize") && strcmp(keyword->name, "cupsPageSizeCategory") && strcmp(keyword->name, "cupsPortMonitor") && strcmp(keyword->name, "cupsPreFilter") && strcmp(keyword->name, "cupsPrintQuality") && strcmp(keyword->name, "APPrinterPreset"))
++ job->num_keywords = cupsAddOption(keyword->name, keyword->value, job->num_keywords, &job->keywords);
++ }
++
++ cupsFreeOptions(num_keywords, keywords);
+ }
+ else
+ {
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 07/21] cups: fix CVE-2026-34990
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (5 preceding siblings ...)
2026-06-10 22:54 ` [OE-core][wrynose 06/21] cups: fix CVE-2026-34980 Yoann Congal
@ 2026-06-10 22:54 ` Yoann Congal
2026-06-10 22:54 ` [OE-core][wrynose 08/21] cups: fix CVE-2026-39314 Yoann Congal
` (13 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:54 UTC (permalink / raw)
To: openembedded-core
From: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
In CUPS versions 2.4.16 and prior, a local unprivileged
user can coerce cupsd into authenticating to an attacker-
controlled localhost IPP service with a reusable
Authorization: Local token. That token is sufficient to
drive /admin/ requests on localhost. By combining
CUPS-Create-Local-Printer with printer-is-shared=true,
an attacker can persist a file:///... queue even though
the normal FileDevice policy rejects such URIs. Printing
to that queue allows arbitrary root file overwrite. A
proof-of-concept demonstrates dropping a sudoers fragment
to achieve root command execution.
Apply upstream fix to prevent misuse of Local authorization
tokens and block unauthorized file:/// queues.
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2026-34990.patch | 348 ++++++++++++++++++
2 files changed, 349 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-34990.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index f23411f44b5..42107774e4e 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -18,6 +18,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://CVE-2026-34978.patch \
file://CVE-2026-34979.patch \
file://CVE-2026-34980.patch \
+ file://CVE-2026-34990.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2026-34990.patch b/meta/recipes-extended/cups/cups/CVE-2026-34990.patch
new file mode 100644
index 00000000000..3f7781c19ec
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2026-34990.patch
@@ -0,0 +1,348 @@
+From e052dc44da9d12adfbebc51de4975fbadb2ce356 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Tue, 31 Mar 2026 15:55:50 -0400
+Subject: [PATCH] Don't allow local certificates over the loopback interface,
+ drop support for writing to plain files.
+
+OpenPrinting CUPS is an open source printing system for Linux and other
+Unix-like operating systems. In versions 2.4.16 and prior, a local
+unprivileged user can coerce cupsd into authenticating to an
+attacker-controlled localhost IPP service with a reusable Authorization:
+Local ... token. That token is enough to drive /admin/ requests on
+localhost, and the attacker can combine CUPS-Create-Local-Printer with
+printer-is-shared=true to persist a file: ///... queue even though the
+normal FileDevice policy rejects such URIs. Printing to that queue gives
+an arbitrary root file overwrite; the PoC below uses that primitive to
+drop a sudoers fragment and demonstrate root command execution.
+
+CVE: CVE-2026-34990
+
+Upstream-Status: Backport [ https://github.com/OpenPrinting/cups/commit/e052dc44da9d12adfbebc51de4975fbadb2ce356 ]
+
+Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
+---
+ cups/auth.c | 30 ++++++----------------
+ scheduler/auth.c | 6 ++---
+ scheduler/client.c | 4 +--
+ scheduler/ipp.c | 6 ++---
+ scheduler/job.c | 46 ++++++++++++++++++----------------
+ test/4.2-cups-printer-ops.test | 6 ++---
+ test/5.1-lpadmin.sh | 14 +++++------
+ 7 files changed, 52 insertions(+), 62 deletions(-)
+
+diff --git a/cups/auth.c b/cups/auth.c
+index 5cb419458f..14661c7bef 100644
+--- a/cups/auth.c
++++ b/cups/auth.c
+@@ -1,7 +1,7 @@
+ /*
+ * Authentication functions for CUPS.
+ *
+- * Copyright © 2020-2024 by OpenPrinting.
++ * Copyright © 2020-2026 by OpenPrinting.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products.
+ *
+@@ -92,7 +92,6 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
+ # define cups_gss_printf(major, minor, message)
+ # endif /* DEBUG */
+ #endif /* HAVE_GSSAPI */
+-static int cups_is_local_connection(http_t *http);
+ static int cups_local_auth(http_t *http);
+
+
+@@ -948,14 +947,6 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
+ # endif /* DEBUG */
+ #endif /* HAVE_GSSAPI */
+
+-static int /* O - 0 if not a local connection */
+- /* 1 if local connection */
+-cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
+-{
+- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+- return 0;
+- return 1;
+-}
+
+ /*
+ * 'cups_local_auth()' - Get the local authorization certificate if
+@@ -967,13 +958,7 @@ static int /* O - 0 if available */
+ /* -1 error */
+ cups_local_auth(http_t *http) /* I - HTTP connection to server */
+ {
+-#if defined(_WIN32) || defined(__EMX__)
+- /*
+- * Currently _WIN32 and OS-2 do not support the CUPS server...
+- */
+-
+- return (1);
+-#else
++#if !_WIN32 && !__EMX__ && defined(AF_LOCAL)
+ int pid; /* Current process ID */
+ FILE *fp; /* Certificate file */
+ char trc[16], /* Try Root Certificate parameter */
+@@ -998,7 +983,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
+ * See if we are accessing localhost...
+ */
+
+- if (!cups_is_local_connection(http))
++ if (httpAddrFamily(httpGetAddress(http)) != AF_LOCAL)
+ {
+ DEBUG_puts("8cups_local_auth: Not a local connection!");
+ return (1);
+@@ -1072,15 +1057,14 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
+ }
+ # endif /* HAVE_AUTHORIZATION_H */
+
+-# if defined(SO_PEERCRED) && defined(AF_LOCAL)
++# ifdef SO_PEERCRED
+ /*
+ * See if we can authenticate using the peer credentials provided over a
+ * domain socket; if so, specify "PeerCred username" as the authentication
+ * information...
+ */
+
+- if (http->hostaddr->addr.sa_family == AF_LOCAL &&
+- !getenv("GATEWAY_INTERFACE") && /* Not via CGI programs... */
++ if (!getenv("GATEWAY_INTERFACE") && /* Not via CGI programs... */
+ cups_auth_find(www_auth, "PeerCred"))
+ {
+ /*
+@@ -1104,7 +1088,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
+ return (0);
+ }
+ }
+-# endif /* SO_PEERCRED && AF_LOCAL */
++# endif /* SO_PEERCRED */
+
+ if ((schemedata = cups_auth_find(www_auth, "Local")) == NULL)
+ return (1);
+@@ -1164,7 +1148,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
+ return (0);
+ }
+ }
++#endif /* !_WIN32 && !__EMX__ && AF_LOCAL */
+
+ return (1);
+-#endif /* _WIN32 || __EMX__ */
+ }
+diff --git a/scheduler/auth.c b/scheduler/auth.c
+index 471de0492f..3e7041e220 100644
+--- a/scheduler/auth.c
++++ b/scheduler/auth.c
+@@ -318,7 +318,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
+ }
+ #ifdef HAVE_AUTHORIZATION_H
+ else if (!strncmp(authorization, "AuthRef ", 8) &&
+- httpAddrLocalhost(httpGetAddress(con->http)))
++ httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
+ {
+ OSStatus status; /* Status */
+ char authdata[HTTP_MAX_VALUE];
+@@ -399,7 +399,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
+ #endif /* HAVE_AUTHORIZATION_H */
+ #if defined(SO_PEERCRED) && defined(AF_LOCAL)
+ else if (PeerCred != CUPSD_PEERCRED_OFF && !strncmp(authorization, "PeerCred ", 9) &&
+- con->http->hostaddr->addr.sa_family == AF_LOCAL && con->best)
++ httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL && con->best)
+ {
+ /*
+ * Use peer credentials from domain socket connection...
+@@ -489,7 +489,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
+ }
+ #endif /* SO_PEERCRED && AF_LOCAL */
+ else if (!strncmp(authorization, "Local", 5) &&
+- httpAddrLocalhost(httpGetAddress(con->http)))
++ httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
+ {
+ /*
+ * Get Local certificate authentication data...
+diff --git a/scheduler/client.c b/scheduler/client.c
+index 51be34f448..ab35bb7566 100644
+--- a/scheduler/client.c
++++ b/scheduler/client.c
+@@ -2188,7 +2188,7 @@ cupsdSendHeader(
+ strlcpy(auth_str, "Negotiate", sizeof(auth_str));
+ }
+
+- if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
++ if (con->best && !con->is_browser && httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
+ {
+ /*
+ * Add a "trc" (try root certification) parameter for local
+@@ -2208,7 +2208,7 @@ cupsdSendHeader(
+ auth_size = sizeof(auth_str) - (size_t)(auth_key - auth_str);
+
+ #if defined(SO_PEERCRED) && defined(AF_LOCAL)
+- if (PeerCred != CUPSD_PEERCRED_OFF && httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
++ if (PeerCred != CUPSD_PEERCRED_OFF)
+ {
+ strlcpy(auth_key, ", PeerCred", auth_size);
+ auth_key += 10;
+diff --git a/scheduler/ipp.c b/scheduler/ipp.c
+index cb228b87c8..9a280e7525 100644
+--- a/scheduler/ipp.c
++++ b/scheduler/ipp.c
+@@ -5625,7 +5625,7 @@ create_local_printer(
+ * Require local access to create a local printer...
+ */
+
+- if (!httpAddrLocalhost(httpGetAddress(con->http)))
++ if (httpAddrFamily(httpGetAddress(con->http)) != AF_LOCAL)
+ {
+ send_ipp_status(con, IPP_STATUS_ERROR_FORBIDDEN, _("Only local users can create a local printer."));
+ return;
+@@ -5685,9 +5685,9 @@ create_local_printer(
+
+ ptr = ippGetString(device_uri, 0, NULL);
+
+- if (!ptr || !ptr[0])
++ if (!ptr || !ptr[0] || (strncmp(ptr, "ipp://", 6) && strncmp(ptr, "ipps://", 7)))
+ {
+- send_ipp_status(con, IPP_STATUS_ERROR_BAD_REQUEST, _("Attribute \"%s\" has empty value."), "device-uri");
++ send_ipp_status(con, IPP_STATUS_ERROR_NOT_POSSIBLE, _("Bad device-uri \"%s\"."), ptr);
+
+ return;
+ }
+diff --git a/scheduler/job.c b/scheduler/job.c
+index 0494d7196d..6599bfcf48 100644
+--- a/scheduler/job.c
++++ b/scheduler/job.c
+@@ -1163,35 +1163,39 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
+ }
+ else
+ {
++ char scheme[32], /* URI scheme */
++ userpass[32], /* URI username:password */
++ host[256], /* URI hostname */
++ resource[1024]; /* URI resource path (filename) */
++ int port; /* URI port number */
++
++ httpSeparateURI(HTTP_URI_CODING_ALL, job->printer->device_uri, scheme, sizeof(scheme), userpass, sizeof(userpass), host, sizeof(host), &port, resource, sizeof(resource));
++
+ job->print_pipes[0] = -1;
+- if (!strcmp(job->printer->device_uri, "file:/dev/null") ||
+- !strcmp(job->printer->device_uri, "file:///dev/null"))
+- job->print_pipes[1] = -1;
+- else
++ job->print_pipes[1] = -1;
++
++ if (strcmp(resource, "/dev/null"))
+ {
+- if (!strncmp(job->printer->device_uri, "file:/dev/", 10))
+- job->print_pipes[1] = open(job->printer->device_uri + 5,
+- O_WRONLY | O_EXCL);
+- else if (!strncmp(job->printer->device_uri, "file:///dev/", 12))
+- job->print_pipes[1] = open(job->printer->device_uri + 7,
+- O_WRONLY | O_EXCL);
+- else if (!strncmp(job->printer->device_uri, "file:///", 8))
+- job->print_pipes[1] = open(job->printer->device_uri + 7,
+- O_WRONLY | O_CREAT | O_TRUNC, 0600);
+- else
+- job->print_pipes[1] = open(job->printer->device_uri + 5,
+- O_WRONLY | O_CREAT | O_TRUNC, 0600);
++ if (!FileDevice)
++ {
++ abort_message = "Stopping job because file: output is disabled.";
+
+- if (job->print_pipes[1] < 0)
++ goto abort_job;
++ }
++ else if ((job->print_pipes[1] = open(resource, O_WRONLY | O_EXCL)) < 0)
+ {
+- abort_message = "Stopping job because the scheduler could not "
+- "open the output file.";
++ abort_message = "Stopping job because the scheduler could not open the output file.";
+
+ goto abort_job;
+ }
++ else
++ {
++ /*
++ * Close this file on execute...
++ */
+
+- fcntl(job->print_pipes[1], F_SETFD,
+- fcntl(job->print_pipes[1], F_GETFD) | FD_CLOEXEC);
++ fcntl(job->print_pipes[1], F_SETFD, fcntl(job->print_pipes[1], F_GETFD) | FD_CLOEXEC);
++ }
+ }
+ }
+ }
+diff --git a/test/4.2-cups-printer-ops.test b/test/4.2-cups-printer-ops.test
+index 1a011e011a..945a9bbd71 100644
+--- a/test/4.2-cups-printer-ops.test
++++ b/test/4.2-cups-printer-ops.test
+@@ -1,7 +1,7 @@
+ #
+ # Verify that the CUPS printer operations work.
+ #
+-# Copyright © 2020-2024 by OpenPrinting.
++# Copyright © 2020-2026 by OpenPrinting.
+ # Copyright © 2007-2019 by Apple Inc.
+ # Copyright © 2001-2006 by Easy Software Products. All rights reserved.
+ #
+@@ -180,7 +180,7 @@
+ ATTR uri printer-uri $method://$hostname:$port/printers/Test2
+
+ GROUP printer
+- ATTR uri device-uri file:/tmp/Test2
++ ATTR uri device-uri file:///dev/null
+ ATTR enum printer-state 3
+ ATTR boolean printer-is-accepting-jobs true
+
+@@ -206,7 +206,7 @@
+ ATTR uri printer-uri $method://$hostname:$port/printers/Test1
+
+ GROUP printer
+- ATTR uri device-uri file:/tmp/Test1
++ ATTR uri device-uri file:///dev/null
+ ATTR enum printer-state 3
+ ATTR boolean printer-is-accepting-jobs true
+ ATTR text printer-info "Test Printer 1"
+diff --git a/test/5.1-lpadmin.sh b/test/5.1-lpadmin.sh
+index aa398000a1..36f2822275 100644
+--- a/test/5.1-lpadmin.sh
++++ b/test/5.1-lpadmin.sh
+@@ -2,7 +2,7 @@
+ #
+ # Test the lpadmin command.
+ #
+-# Copyright © 2020-2024 by OpenPrinting.
++# Copyright © 2020-2026 by OpenPrinting.
+ # Copyright © 2007-2018 by Apple Inc.
+ # Copyright © 1997-2005 by Easy Software Products, all rights reserved.
+ #
+@@ -12,8 +12,8 @@
+
+ echo "Add Printer Test"
+ echo ""
+-echo " lpadmin -p Test3 -v file:/dev/null -E -m drv:///sample.drv/deskjet.ppd"
+-$runcups $VALGRIND ../systemv/lpadmin -p Test3 -v file:/dev/null -E -m drv:///sample.drv/deskjet.ppd 2>&1
++echo " lpadmin -p Test3 -v file:///dev/null -E -m drv:///sample.drv/deskjet.ppd"
++$runcups $VALGRIND ../systemv/lpadmin -p Test3 -v file:///dev/null -E -m drv:///sample.drv/deskjet.ppd 2>&1
+ if test $? != 0; then
+ echo " FAILED"
+ exit 1
+@@ -29,8 +29,8 @@ echo ""
+
+ echo "Modify Printer Test"
+ echo ""
+-echo " lpadmin -p Test3 -v file:/tmp/Test3 -o PageSize=A4"
+-$runcups $VALGRIND ../systemv/lpadmin -p Test3 -v file:/tmp/Test3 -o PageSize=A4 2>&1
++echo " lpadmin -p Test3 -v file:///dev/null -o PageSize=A4"
++$runcups $VALGRIND ../systemv/lpadmin -p Test3 -v file:///dev/null -o PageSize=A4 2>&1
+ if test $? != 0; then
+ echo " FAILED"
+ exit 1
+@@ -65,8 +65,8 @@ echo ""
+
+ echo "Add a printer for cupSNMP/IPPSupplies test"
+ echo ""
+-echo " lpadmin -p Test4 -E -v file:/dev/null -m drv:///sample.drv/zebra.ppd"
+-$runcups $VALGRIND ../systemv/lpadmin -p Test4 -E -v file:/dev/null -m drv:///sample.drv/zebra.ppd 2>&1
++echo " lpadmin -p Test4 -E -v file:///dev/null -m drv:///sample.drv/zebra.ppd"
++$runcups $VALGRIND ../systemv/lpadmin -p Test4 -E -v file:///dev/null -m drv:///sample.drv/zebra.ppd 2>&1
+ if test $? != 0; then
+ echo " FAILED"
+ exit 1
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 08/21] cups: fix CVE-2026-39314
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (6 preceding siblings ...)
2026-06-10 22:54 ` [OE-core][wrynose 07/21] cups: fix CVE-2026-34990 Yoann Congal
@ 2026-06-10 22:54 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 09/21] cups: fix CVE-2026-39316 Yoann Congal
` (12 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:54 UTC (permalink / raw)
To: openembedded-core
From: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
In CUPS versions 2.4.16 and prior, an integer underflow
exists in _ppdCreateFromIPP() (cups/ppd-cache.c). A local
unprivileged user can supply a negative job-password-supported
IPP attribute. The bounds check only caps the upper bound,
so a negative value passes validation, is cast to size_t
(wrapping to ~2^64), and is used as the length argument to
memset() on a 33-byte stack buffer. This causes an immediate
SIGSEGV in the cupsd root process. Combined with systemd's
Restart=on-failure, an attacker can repeat the crash for
sustained denial of service.
Apply upstream fix to validate negative values and prevent
integer underflow in _ppdCreateFromIPP().
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2026-39314.patch | 47 +++++++++++++++++++
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-39314.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 42107774e4e..a12965bb6e5 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -19,6 +19,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://CVE-2026-34979.patch \
file://CVE-2026-34980.patch \
file://CVE-2026-34990.patch \
+ file://CVE-2026-39314.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2026-39314.patch b/meta/recipes-extended/cups/cups/CVE-2026-39314.patch
new file mode 100644
index 00000000000..8d25a1c2e39
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2026-39314.patch
@@ -0,0 +1,47 @@
+From 928a86b1b794f738f0a3dc87561b2e054bff7ce4 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Sun, 5 Apr 2026 10:45:25 -0400
+Subject: [PATCH] Range check job-password-supported.
+
+OpenPrinting CUPS is an open source printing system for Linux and other
+Unix-like operating systems. In versions 2.4.16 and prior, an integer
+underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows
+any unprivileged local user to crash the cupsd root process by supplying
+a negative job-password-supported IPP attribute. The bounds check only
+caps the upper bound, so a negative value passes validation, is cast to
+size_t (wrapping to ~2^64), and is used as the length argument to
+memset() on a 33-byte stack buffer. This causes an immediate SIGSEGV in
+the cupsd root process. Combined with systemd's Restart=on-failure, an
+attacker can repeat the crash for sustained denial of service.
+
+CVE: CVE-2026-39314
+
+Upstream-Status: Backport [ https://github.com/OpenPrinting/cups/commit/928a86b1b794f738f0a3dc87561b2e054bff7ce4 ]
+
+Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
+---
+ cups/ppd-cache.c | 4 ++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index f5386532ca..ef6caa28a7 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -1,7 +1,7 @@
+ /*
+ * PPD cache implementation for CUPS.
+ *
+- * Copyright © 2022-2025 by OpenPrinting.
++ * Copyright © 2022-2026 by OpenPrinting.
+ * Copyright © 2010-2021 by Apple Inc.
+ *
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+@@ -3530,7 +3530,7 @@ _ppdCreateFromIPP2(
+ * Password/PIN printing...
+ */
+
+- if ((attr = ippFindAttribute(supported, "job-password-supported", IPP_TAG_INTEGER)) != NULL)
++ if ((attr = ippFindAttribute(supported, "job-password-supported", IPP_TAG_INTEGER)) != NULL && ippGetInteger(attr, 0) > 0)
+ {
+ char pattern[33]; /* Password pattern */
+ int maxlen = ippGetInteger(attr, 0);
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 09/21] cups: fix CVE-2026-39316
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (7 preceding siblings ...)
2026-06-10 22:54 ` [OE-core][wrynose 08/21] cups: fix CVE-2026-39314 Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 10/21] xserver-xorg: upgrade 21.1.21 -> 21.1.22 Yoann Congal
` (11 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
In CUPS versions 2.4.16 and prior, a use-after-free
vulnerability exists in the scheduler when temporary
printers are automatically deleted. The function
cupsdDeleteTemporaryPrinters() in scheduler/printers.c
calls cupsdDeletePrinter() without first expiring
subscriptions that reference the printer, leaving
cupsd_subscription_t.dest as a dangling pointer to freed
heap memory. The dangling pointer is subsequently
dereferenced at multiple code sites, causing a crash
(denial of service) of the cupsd daemon. With heap
grooming, this issue can be leveraged for code execution.
Apply upstream fix to expire subscriptions before
deleting printers, preventing dangling pointers and
use-after-free conditions.
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2026-39316.patch | 42 +++++++++++++++++++
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-39316.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index a12965bb6e5..194b9c2638f 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -20,6 +20,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://CVE-2026-34980.patch \
file://CVE-2026-34990.patch \
file://CVE-2026-39314.patch \
+ file://CVE-2026-39316.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2026-39316.patch b/meta/recipes-extended/cups/cups/CVE-2026-39316.patch
new file mode 100644
index 00000000000..c8d7e10ac2e
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2026-39316.patch
@@ -0,0 +1,42 @@
+From 0142eeb58e0d718b7d2e1f0d5dd214bd2192cc7f Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Sun, 5 Apr 2026 11:33:23 -0400
+Subject: [PATCH] Expire per-printer subscriptions before deleting.
+
+OpenPrinting CUPS is an open source printing system for Linux and other
+Unix-like operating systems. In versions 2.4.16 and prior, a
+use-after-free vulnerability exists in the CUPS scheduler (cupsd) when
+temporary printers are automatically deleted.
+cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls
+cupsdDeletePrinter() without first expiring subscriptions that reference
+the printer, leaving cupsd_subscription_t.dest as a dangling pointer to
+freed heap memory. The dangling pointer is subsequently dereferenced at
+multiple code sites, causing a crash (denial of service) of the cupsd
+daemon. With heap grooming, this can be leveraged for code execution.
+
+CVE: CVE-2026-39316
+
+Upstream-Status: Backport [ https://github.com/OpenPrinting/cups/commit/0142eeb58e0d718b7d2e1f0d5dd214bd2192cc7f ]
+
+Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
+---
+ scheduler/printers.c | 6 ++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/scheduler/printers.c b/scheduler/printers.c
+index 4aba6241c..50778b89a 100644
+--- a/scheduler/printers.c
++++ b/scheduler/printers.c
+@@ -644,6 +644,12 @@ cupsdDeletePrinter(
+ update ? "Job stopped due to printer being deleted." :
+ "Job stopped.");
+
++ /*
++ * Expire subscriptions on the printer...
++ */
++
++ cupsdExpireSubscriptions(p, /*job*/NULL);
++
+ /*
+ * Remove the printer from the list...
+ */
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 10/21] xserver-xorg: upgrade 21.1.21 -> 21.1.22
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (8 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 09/21] cups: fix CVE-2026-39316 Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 11/21] bind: upgrade 9.20.22 -> 9.20.23 Yoann Congal
` (10 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
License-Update:
add author to HPND-sell-MIT-disclaimer-xserver
add missing paragraph to SGI-B-2.0
Release Notes: https://lists.x.org/archives/xorg-announce/2026-April/003678.html
Includes fixes for CVE-2026-33999 CVE-2026-34000 CVE-2026-34001
CVE-2026-34002 and CVE-2026-34003
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit d4452b34849b4f06c979c394dc0c824958243861)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
.../{xserver-xorg_21.1.21.bb => xserver-xorg_21.1.22.bb} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.21.bb => xserver-xorg_21.1.22.bb} (92%)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 59c373280e9..0d8d7827124 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -2,7 +2,7 @@ SUMMARY = "The X.Org X server"
HOMEPAGE = "http://www.x.org"
SECTION = "x11/base"
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=21e33dcccf2d5034f798a8ea62622939"
+LIC_FILES_CHKSUM = "file://COPYING;md5=f8778cfcd90ece0e4b225f30182227ca"
# xf86-*-* packages depend on an X server built with the xfree86 DDX
# so we have a virtual to represent that:
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.21.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.22.bb
similarity index 92%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.21.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.22.bb
index 3781234c84b..6a9826d959a 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.21.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.22.bb
@@ -1,7 +1,7 @@
require xserver-xorg.inc
SRC_URI += " file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch"
-SRC_URI[sha256sum] = "c0cbe5545b3f645bae6024b830d1d1154a956350683a4e52b2fff5b0fa1ab519"
+SRC_URI[sha256sum] = "1a242c8917c49ba29ccc1f6021613d8a2b9805dd0d271a66ae9d09f4b0bb06b3"
# These extensions are now integrated into the server, so declare the migration
# path for in-place upgrades.
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 11/21] bind: upgrade 9.20.22 -> 9.20.23
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (9 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 10/21] xserver-xorg: upgrade 21.1.21 -> 21.1.22 Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 12/21] libsdl2: Fix compilation error with DirectFB Yoann Congal
` (9 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Solves CVE-2026-3592, CVE-2026-3039, CVE-2026-5950, CVE-2026-5947, CVE-2026-3593, CVE-2026-5946.
Release notes 9.20.23: [1]
[1] https://bind9.readthedocs.io/en/stable/changelog.html#bind-9-20-23
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(master rev: ef00c353d3c77fcfd70300fa25ed86555d011b34)
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../bind/{bind_9.20.22.bb => bind_9.20.23.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.20.22.bb => bind_9.20.23.bb} (97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.20.22.bb b/meta/recipes-connectivity/bind/bind_9.20.23.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.20.22.bb
rename to meta/recipes-connectivity/bind/bind_9.20.23.bb
index 318412a62c0..ebc4422b674 100644
--- a/meta/recipes-connectivity/bind/bind_9.20.22.bb
+++ b/meta/recipes-connectivity/bind/bind_9.20.23.bb
@@ -21,7 +21,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-m4-Backport-ax_prog_cc_for_build.m4-macros.patch \
"
-SRC_URI[sha256sum] = "cba92ff631b949655f475fe4b54290f6860fd0070d399f2279f6437c0d383ec6"
+SRC_URI[sha256sum] = "5d4475aed3f9e500ef554b2b14d972bdb83d33de214a9b3be92918ea46908371"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 12/21] libsdl2: Fix compilation error with DirectFB
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (10 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 11/21] bind: upgrade 9.20.22 -> 9.20.23 Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 13/21] libsolv: fix CVE-2026-9150 Yoann Congal
` (8 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Mark Jonas <toertel@gmail.com>
Compiling libsdl2 with DirectFB as renderer results in a compilation
error. Patch libsdl2 so DirectFB_CreateRenderer() uses the current
SDL_RenderDriver API.
Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7b989a60b10d4b1cf34b0705b64f842aaed7cdb3)
[YC: fixed patch format]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...ix-CreateRenderer-callback-signature.patch | 58 +++++++++++++++++++
.../libsdl2/libsdl2_2.32.10.bb | 5 +-
2 files changed, 62 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/0001-directfb-Fix-CreateRenderer-callback-signature.patch
diff --git a/meta/recipes-graphics/libsdl2/libsdl2/0001-directfb-Fix-CreateRenderer-callback-signature.patch b/meta/recipes-graphics/libsdl2/libsdl2/0001-directfb-Fix-CreateRenderer-callback-signature.patch
new file mode 100644
index 00000000000..4fdec5ec5cc
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/0001-directfb-Fix-CreateRenderer-callback-signature.patch
@@ -0,0 +1,58 @@
+From 1df9ae4338c43ad9dce4b27a77f807aa8d2b073b Mon Sep 17 00:00:00 2001
+From: Mark Jonas <toertel@gmail.com>
+Date: Sun, 10 May 2026 20:16:17 +0200
+Subject: [PATCH] directfb: Fix CreateRenderer callback signature
+
+Update DirectFB_CreateRenderer() to use the current SDL_RenderDriver
+API.
+
+Signed-off-by: Mark Jonas <toertel@gmail.com>
+
+Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/bb65446578187f0dd1460d5ddf02636e8a7a3b8a]
+---
+ src/video/directfb/SDL_DirectFB_render.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/src/video/directfb/SDL_DirectFB_render.c b/src/video/directfb/SDL_DirectFB_render.c
+index 3f353cce9..684f907ea 100644
+--- a/src/video/directfb/SDL_DirectFB_render.c
++++ b/src/video/directfb/SDL_DirectFB_render.c
+@@ -1130,19 +1130,17 @@ static int DirectFB_RenderWritePixels(SDL_Renderer * renderer, const SDL_Rect *
+ #endif
+
+
+-SDL_Renderer *DirectFB_CreateRenderer(SDL_Window * window, Uint32 flags)
++static int DirectFB_CreateRenderer(SDL_Renderer *renderer, SDL_Window * window, Uint32 flags)
+ {
+ IDirectFBSurface *winsurf = get_dfb_surface(window);
+ /*SDL_VideoDisplay *display = SDL_GetDisplayForWindow(window);*/
+- SDL_Renderer *renderer = NULL;
+ DirectFB_RenderData *data = NULL;
+ DFBSurfaceCapabilities scaps;
+
+ if (!winsurf) {
+- return NULL;
++ return -1;
+ }
+
+- SDL_DFB_ALLOC_CLEAR(renderer, sizeof(*renderer));
+ SDL_DFB_ALLOC_CLEAR(data, sizeof(*data));
+
+ renderer->WindowEvent = DirectFB_WindowEvent;
+@@ -1207,12 +1205,11 @@ SDL_Renderer *DirectFB_CreateRenderer(SDL_Window * window, Uint32 flags)
+ }
+ #endif
+
+- return renderer;
++ return 0;
+
+ error:
+- SDL_DFB_FREE(renderer);
+ SDL_DFB_FREE(data);
+- return NULL;
++ return -1;
+ }
+
+
+--
+2.43.0
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb
index 834cf096b97..3e3c55af2f8 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb
@@ -21,7 +21,10 @@ LIC_FILES_CHKSUM:append = " ${@bb.utils.contains('PACKAGECONFIG', 'arm-neon', 'f
PROVIDES = "virtual/libsdl2"
-SRC_URI = "https://www.libsdl.org/release/SDL2-${PV}.tar.gz"
+SRC_URI = "\
+ https://www.libsdl.org/release/SDL2-${PV}.tar.gz \
+ file://0001-directfb-Fix-CreateRenderer-callback-signature.patch \
+"
S = "${UNPACKDIR}/SDL2-${PV}"
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 13/21] libsolv: fix CVE-2026-9150
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (11 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 12/21] libsdl2: Fix compilation error with DirectFB Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 14/21] go: upgrade 1.26.2 -> 1.26.3 Yoann Congal
` (7 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Backport patch to fix CVE-2026-9150.
https://nvd.nist.gov/vuln/detail/CVE-2026-9150
Upstream fix:
https://github.com/openSUSE/libsolv/pull/616
Tested with ptest:
Before: PASSED: 29, FAILED: 0, SKIPPED: 0
After: PASSED: 29, FAILED: 0, SKIPPED: 0
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libsolv/libsolv/CVE-2026-9150.patch | 68 +++++++++++++++++++
.../libsolv/libsolv_0.7.36.bb | 1 +
2 files changed, 69 insertions(+)
create mode 100644 meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch
diff --git a/meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch b/meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch
new file mode 100644
index 00000000000..76c0c8e2586
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch
@@ -0,0 +1,68 @@
+From 360fc223b57d5aa32bf700a94e75a5f49c30437f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Wed, 22 Apr 2026 09:18:29 +0200
+Subject: [PATCH] Fix a buffer overflow when copying SHA-384/512 checksum from
+ a Debian repository
+
+When parsing Debian repository, control2solvable() copies a package
+checksum string from the repository into a stack-allocated "char
+checksum[32 * 2 + 1]" array.
+
+If the repository defined a SHA384 or SHA512 tag, a buffer overflow
+occured (as can be seen when compiling libsolv with CFLAGS='-O0 -g
+-fsanitize=address') because those tag values are longer:
+
+ $ cat /tmp/Packages
+ Package: p
+ Version: 1
+ Architecture: all
+ SHA512: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+
+ $ /tmp/b/tools/deb2solv -r /tmp/Packages
+ =================================================================
+ ==3695==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7b685ecf0071 at pc 0x7f6861683722 b
+ p 0x7fff37e3e7a0 sp 0x7fff37e3df60
+ WRITE of size 129 at 0x7b685ecf0071 thread T0
+ #0 0x7f6861683721 in strcpy.part.0 (/lib64/libasan.so.8+0x83721) (BuildId: 80bfc4ae44fdec6ef5fecfb01e2b57d28660991c)
+ #1 0x7f6861d7f34d in control2solvable /home/test/libsolv/ext/repo_deb.c:491
+ #2 0x7f6861d804ea in repo_add_debpackages /home/test/libsolv/ext/repo_deb.c:622
+ #3 0x000000400fd5 in main /home/test/libsolv/tools/deb2solv.c:134
+ #4 0x7f686123c680 in __libc_start_call_main (/lib64/libc.so.6+0x3680) (BuildId: c04494d63bca865bedf571a4075ef8867ccf9fa9)
+ #5 0x7f686123c797 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x3797) (BuildId: c04494d63bca865bedf571a4075ef8867ccf9fa9)
+ #6 0x000000400694 in _start (/tmp/b/tools/deb2solv+0x400694) (BuildId: a3350337819a51edd0c75293970d3458b5033bc9)
+
+ Address 0x7b685ecf0071 is located in stack of thread T0 at offset 113 in frame
+ #0 0x7f6861d7de2a in control2solvable /home/test/libsolv/ext/repo_deb.c:365
+
+ This frame has 1 object(s):
+ [48, 113) 'checksum' (line 371) <== Memory access at offset 113 overflows this variable
+
+This patch fixes it by enlarging the buffer to accomodate the longest
+supported digest string.
+
+This flaw was introduced with c8164bfecf2ba8bcf4c24329534d3104f19da73c
+commit ("[ABI BREAKAGE] add support for SHA224/384/512").
+
+Reported by Aisle Research.
+
+CVE: CVE-2026-9150
+Upstream-Status: Backport [https://github.com/openSUSE/libsolv/commit/c5b5db52aebde00bdeacecf4d0569c217ab3187d]
+
+Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
+---
+ ext/repo_deb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/repo_deb.c b/ext/repo_deb.c
+index d400f959..25eaf8cb 100644
+--- a/ext/repo_deb.c
++++ b/ext/repo_deb.c
+@@ -368,7 +368,7 @@ control2solvable(Solvable *s, Repodata *data, char *control)
+ char *p, *q, *end, *tag;
+ int x, l;
+ int havesource = 0;
+- char checksum[32 * 2 + 1];
++ char checksum[64 * 2 + 1];
+ Id checksumtype = 0;
+ Id newtype;
+
diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.36.bb b/meta/recipes-extended/libsolv/libsolv_0.7.36.bb
index 852e79c45e2..f3c3738d7c1 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.7.36.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.7.36.bb
@@ -11,6 +11,7 @@ DEPENDS = "expat zlib zstd"
SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https;tag=${PV} \
file://0001-compress_buf-fix-musl-segfaults.patch \
file://run-ptest \
+ file://CVE-2026-9150.patch \
"
SRCREV = "1e377699be108ec82bb798ec9c223d45d84a733c"
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 14/21] go: upgrade 1.26.2 -> 1.26.3
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (12 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 13/21] libsolv: fix CVE-2026-9150 Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 15/21] go: upgrade 1.26.3 -> 1.26.4 Yoann Congal
` (6 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Upgrade to latest 1.26.x release [1]:
$ git --no-pager log --oneline go1.26.2..go1.26.3
2dc996f71b (tag: go1.26.3) [release-branch.go1.26] go1.26.3
8282c628a0 [release-branch.go1.26] cmd/go: reject sumdb response lacking module hash
3baf3eec3b [release-branch.go1.26] all: avoid unsafe StringToUTF16Ptr on Windows
0bec63330d [release-branch.go1.26] net/mail: fix quadratic consumePhrase behavior
7136366ebf [release-branch.go1.26] cmd/go: invalidate test cache when -coverpkg dependencies change
722b68ceca [release-branch.go1.26] cmd/compile: keep blank nodes alive in b.loop
3ae315a8cd [release-branch.go1.26] os: avoid panic when RemoveAll fails to remove a symlink
c9f97f50c4 [release-branch.go1.26] html/template: fix escaping of URLs in meta content attributes
40fa774fff [release-branch.go1.26] cmd/pack: refuse to extract files with directory components
d9389d318b [release-branch.go1.26] net/mail: fix quadratic complexity in consumeComment
dd29b59a2b [release-branch.go1.26] cmd/compile: fix loopvar version detection with line directives
18fa391f45 [release-branch.go1.26] crypto/fips140: add package docs
e0f5c054cb [release-branch.go1.26] net: avoid double-free of cgo pointer when handling large DNS response
2992086cf8 [release-branch.go1.26] lib/fips140: add certified pointing to v1.0.0-c2097c7c
f43caf8712 [release-branch.go1.26] lib/fips140: update inprocess to v1.26.0
19d2ce3401 [release-branch.go1.26] runtime: fix timespec definition on 32bits systems
e9df527f06 [release-branch.go1.26] crypto/tls: wrap ML-KEM hybrids in fips140.WithoutEnforcement
73f417a37c [release-branch.go1.26] go/types, types2: handle unconstrained type parameters correctly in a few places
50856a181c [release-branch.go1.26] cmd/go: use MkdirTemp to create temp directory for "go bug"
e137885d68 [release-branch.go1.26] cmd/compile/internal/devirtualize: use pointer identity for type comparison
c9712872cc [release-branch.go1.26] crypto/internal/fips140/drbg: build tag out entropy generation on Wasm
cb994d85ff [release-branch.go1.26] cmd/fix: change -diff to exit 1 if diffs exist
95470667eb [release-branch.go1.26] net/http/httputil: reencode queries with many parameters in proxy
9b01c04815 [release-branch.go1.26] html/template: fix escaper bypass by treating empty script type as JavaScript
be12fe151c [release-branch.go1.26] runtime: use uname version check for 64-bit time on 32-bit arch codepaths
ec5ebece41 [release-branch.go1.26] all: update x/net to 705de46f
710f29a758 [release-branch.go1.26] runtime: add sysUnreserve to undo sysReserve
efdc0fb354 [release-branch.go1.26] cmd/compile: handle min integer step in loop
ba4554f03b [release-branch.go1.26] cmd/go: specify full path to go command when running go tool covdata
f4e425d342 [release-branch.go1.26] fix incorrect loop trip counts
0b4d5f85e6 [release-branch.go1.26] cmd/link: use bfd ld 2.36+ on linux/arm64 instead of gold
Fixes CVE-2026-42501, CVE-2026-39825, CVE-2026-39836, CVE-2026-42499,
CVE-2026-39820, CVE-2026-39819, CVE-2026-39817, CVE-2026-33814,
CVE-2026-39826, CVE-2026-33811 and CVE-2026-39823.
Drop patch handling gold linker as upstream implemented gold linker
availability autodetection with [3].
Release information: [2]
[1] https://github.com/golang/go/compare/go1.26.2...go1.26.3
[2] https://groups.google.com/g/golang-announce/c/qcCIEXso47M
[3] https://github.com/golang/go/commit/0b4d5f85e68ea79b61de9989f9f37a984eb11289
(From OE-Core rev: 3d8258a8d3d96dc1225172c2ff9e889fd12cf6bc)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../go/{go-1.26.2.inc => go-1.26.3.inc} | 3 +-
...e_1.26.2.bb => go-binary-native_1.26.3.bb} | 6 +-
..._1.26.2.bb => go-cross-canadian_1.26.3.bb} | 0
...{go-cross_1.26.2.bb => go-cross_1.26.3.bb} | 0
...osssdk_1.26.2.bb => go-crosssdk_1.26.3.bb} | 0
...runtime_1.26.2.bb => go-runtime_1.26.3.bb} | 0
...rcing-binutils-gold-dependency-on-aa.patch | 55 -------------------
.../go/{go_1.26.2.bb => go_1.26.3.bb} | 0
8 files changed, 4 insertions(+), 60 deletions(-)
rename meta/recipes-devtools/go/{go-1.26.2.inc => go-1.26.3.inc} (83%)
rename meta/recipes-devtools/go/{go-binary-native_1.26.2.bb => go-binary-native_1.26.3.bb} (80%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.26.2.bb => go-cross-canadian_1.26.3.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.26.2.bb => go-cross_1.26.3.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.26.2.bb => go-crosssdk_1.26.3.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.26.2.bb => go-runtime_1.26.3.bb} (100%)
delete mode 100644 meta/recipes-devtools/go/go/0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch
rename meta/recipes-devtools/go/{go_1.26.2.bb => go_1.26.3.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.26.2.inc b/meta/recipes-devtools/go/go-1.26.3.inc
similarity index 83%
rename from meta/recipes-devtools/go/go-1.26.2.inc
rename to meta/recipes-devtools/go/go-1.26.3.inc
index 8bb10bc89fe..db7b18ed2d2 100644
--- a/meta/recipes-devtools/go/go-1.26.2.inc
+++ b/meta/recipes-devtools/go/go-1.26.3.inc
@@ -15,6 +15,5 @@ SRC_URI += "\
file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
file://0010-cmd-go-clear-GOROOT-for-func-ldShared-when-trimpath-.patch \
- file://0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch \
"
-SRC_URI[main.sha256sum] = "2e91ebb6947a96e9436fb2b3926a8802efe63a6d375dffec4f82aa9dbd6fd43b"
+SRC_URI[main.sha256sum] = "1c646875d0aa8799133184ed57cf79ff24bdefe8c8820470602a9d3d6d9192b8"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.26.2.bb b/meta/recipes-devtools/go/go-binary-native_1.26.3.bb
similarity index 80%
rename from meta/recipes-devtools/go/go-binary-native_1.26.2.bb
rename to meta/recipes-devtools/go/go-binary-native_1.26.3.bb
index d9006373f6d..135c7fbf5ee 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.26.2.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.26.3.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "990e6b4bbba816dc3ee129eaeaf4b42f17c2800b88a2166c265ac1a200262282"
-SRC_URI[go_linux_arm64.sha256sum] = "c958a1fe1b361391db163a485e21f5f228142d6f8b584f6bef89b26f66dc5b23"
-SRC_URI[go_linux_ppc64le.sha256sum] = "62b7645dd2404052535617c59e91cf03c7aa28e332dbaddbe4c0d7de7bcc6736"
+SRC_URI[go_linux_amd64.sha256sum] = "2b2cfc7148493da5e73981bffbf3353af381d5f93e789c82c79aff64962eb556"
+SRC_URI[go_linux_arm64.sha256sum] = "9d89a3ea57d141c2b22d70083f2c8459ba3890f2d9e818e7e933b75614936565"
+SRC_URI[go_linux_ppc64le.sha256sum] = "dbd82b50530ead2beb1fd72215117380df3cb16332b51467116dc35b3691dd75"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.26.2.bb b/meta/recipes-devtools/go/go-cross-canadian_1.26.3.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.26.2.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.26.3.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.26.2.bb b/meta/recipes-devtools/go/go-cross_1.26.3.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.26.2.bb
rename to meta/recipes-devtools/go/go-cross_1.26.3.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.26.2.bb b/meta/recipes-devtools/go/go-crosssdk_1.26.3.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.26.2.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.26.3.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.26.2.bb b/meta/recipes-devtools/go/go-runtime_1.26.3.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.26.2.bb
rename to meta/recipes-devtools/go/go-runtime_1.26.3.bb
diff --git a/meta/recipes-devtools/go/go/0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch b/meta/recipes-devtools/go/go/0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch
deleted file mode 100644
index dda0f2bb715..00000000000
--- a/meta/recipes-devtools/go/go/0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 6d265b008e3d106b2706645e5a88cd8e2fb98953 Mon Sep 17 00:00:00 2001
-From: Dirk Müller <dirk@dmllr.de>
-Date: Wed, 09 Mar 2022 17:47:23 +0100
-Subject: [PATCH 11/11] cmd/link: stop forcing binutils-gold dependency on
- aarch64
-
-The bfd linker appears to be working just fine at least in version
-2.41 or above. Reject the known broken one instead, which
-avoids an architecture specific linker dependency that
-is cumbersome for distributions.
-
-Fixes #22040.
-
-Change-Id: I9f377e47c22ef20497479c0978c053ed5de46a38
-
-Upstream-Status: Submitted [https://go-review.googlesource.com/c/go/+/391115]
----
- src/cmd/link/internal/ld/lib.go | 21 ---------------------
- 1 file changed, 21 deletions(-)
-
-diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
-index dfc72e02c0..2a2a304113 100644
---- a/src/cmd/link/internal/ld/lib.go
-+++ b/src/cmd/link/internal/ld/lib.go
-@@ -1701,27 +1701,6 @@ func (ctxt *Link) hostlink() {
- // Use lld to avoid errors from default linker (issue #38838)
- altLinker = "lld"
- }
--
-- if ctxt.Arch.InFamily(sys.ARM64) && buildcfg.GOOS == "linux" {
-- // On ARM64, the GNU linker will fail with
-- // -znocopyreloc if it thinks a COPY relocation is
-- // required. Switch to gold.
-- // https://sourceware.org/bugzilla/show_bug.cgi?id=19962
-- // https://go.dev/issue/22040
-- altLinker = "gold"
--
-- // If gold is not installed, gcc will silently switch
-- // back to ld.bfd. So we parse the version information
-- // and provide a useful error if gold is missing.
-- name, args := flagExtld[0], flagExtld[1:]
-- args = append(args, "-fuse-ld=gold", "-Wl,--version")
-- cmd := exec.Command(name, args...)
-- if out, err := cmd.CombinedOutput(); err == nil {
-- if !bytes.Contains(out, []byte("GNU gold")) {
-- log.Fatalf("ARM64 external linker must be gold (issue #15696, 22040), but is not: %s", out)
-- }
-- }
-- }
- }
- if ctxt.Arch.Family == sys.ARM64 && buildcfg.GOOS == "freebsd" {
- // Switch to ld.bfd on freebsd/arm64.
---
-2.25.1
-
diff --git a/meta/recipes-devtools/go/go_1.26.2.bb b/meta/recipes-devtools/go/go_1.26.3.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.26.2.bb
rename to meta/recipes-devtools/go/go_1.26.3.bb
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 15/21] go: upgrade 1.26.3 -> 1.26.4
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (13 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 14/21] go: upgrade 1.26.2 -> 1.26.3 Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 16/21] python3: upgrade 3.14.4 -> 3.14.5 Yoann Congal
` (5 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Upgrade to latest 1.26.x release [1]:
$ git --no-pager log --oneline go1.26.3..go1.26.4
a9ce111d58 (tag: go1.26.4) [release-branch.go1.26] go1.26.4
babc19e1ad [release-branch.go1.26] cmd/compile: do not misscompile x+x << 63 to x << 0 on amd64
7d24489b2b [release-branch.go1.26] runtime/race: build race detector linux/arm64 syso with no-outline-atomics
ce5a3e718c [release-branch.go1.26] crypto/x509: split candidate hostname only once
ec1c380418 [release-branch.go1.26] net/textproto: escape arbitrary input when including them in errors
7f24db453a [release-branch.go1.26] mime: avoid quadratic complexity in WordDecoder.DecodeHeader
ccffd99f3c [release-branch.go1.26] cmd/fix: pull in CL 783960
26c2ac5f94 [release-branch.go1.26] crypto/internal/fips140/drbg: fix Wasm stub
Fixes CVE-2026-42504, CVE-2026-42507 and CVE-2026-27145.
Release information: [2]
[1] https://github.com/golang/go/compare/go1.26.3...go1.26.4
[2] https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw
(From OE-Core rev: b9b3b3098eece17d29d41b1923ae5a26511d9b4b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/go/{go-1.26.3.inc => go-1.26.4.inc} | 2 +-
...o-binary-native_1.26.3.bb => go-binary-native_1.26.4.bb} | 6 +++---
...cross-canadian_1.26.3.bb => go-cross-canadian_1.26.4.bb} | 0
.../go/{go-cross_1.26.3.bb => go-cross_1.26.4.bb} | 0
.../go/{go-crosssdk_1.26.3.bb => go-crosssdk_1.26.4.bb} | 0
.../go/{go-runtime_1.26.3.bb => go-runtime_1.26.4.bb} | 0
meta/recipes-devtools/go/{go_1.26.3.bb => go_1.26.4.bb} | 0
7 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.26.3.inc => go-1.26.4.inc} (90%)
rename meta/recipes-devtools/go/{go-binary-native_1.26.3.bb => go-binary-native_1.26.4.bb} (80%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.26.3.bb => go-cross-canadian_1.26.4.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.26.3.bb => go-cross_1.26.4.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.26.3.bb => go-crosssdk_1.26.4.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.26.3.bb => go-runtime_1.26.4.bb} (100%)
rename meta/recipes-devtools/go/{go_1.26.3.bb => go_1.26.4.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.26.3.inc b/meta/recipes-devtools/go/go-1.26.4.inc
similarity index 90%
rename from meta/recipes-devtools/go/go-1.26.3.inc
rename to meta/recipes-devtools/go/go-1.26.4.inc
index db7b18ed2d2..8bc6f4d4def 100644
--- a/meta/recipes-devtools/go/go-1.26.3.inc
+++ b/meta/recipes-devtools/go/go-1.26.4.inc
@@ -16,4 +16,4 @@ SRC_URI += "\
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
file://0010-cmd-go-clear-GOROOT-for-func-ldShared-when-trimpath-.patch \
"
-SRC_URI[main.sha256sum] = "1c646875d0aa8799133184ed57cf79ff24bdefe8c8820470602a9d3d6d9192b8"
+SRC_URI[main.sha256sum] = "4f668a32fbfc1132e6a881fb968c2f1dada631492a339211735fbb255a42602d"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.26.3.bb b/meta/recipes-devtools/go/go-binary-native_1.26.4.bb
similarity index 80%
rename from meta/recipes-devtools/go/go-binary-native_1.26.3.bb
rename to meta/recipes-devtools/go/go-binary-native_1.26.4.bb
index 135c7fbf5ee..3757b9f6a52 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.26.3.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.26.4.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "2b2cfc7148493da5e73981bffbf3353af381d5f93e789c82c79aff64962eb556"
-SRC_URI[go_linux_arm64.sha256sum] = "9d89a3ea57d141c2b22d70083f2c8459ba3890f2d9e818e7e933b75614936565"
-SRC_URI[go_linux_ppc64le.sha256sum] = "dbd82b50530ead2beb1fd72215117380df3cb16332b51467116dc35b3691dd75"
+SRC_URI[go_linux_amd64.sha256sum] = "1153d3d50e0ac764b447adfe05c2bcf08e889d42a02e0fe0259bd47f6733ad7f"
+SRC_URI[go_linux_arm64.sha256sum] = "ef758ae7c6cf9267c9c0ef080b8965f453d89ab2d25d9eb22de4405925238768"
+SRC_URI[go_linux_ppc64le.sha256sum] = "53f49b8c7eace2d30389327b4a516b13321f90377fdf5929a6b63174609bc22e"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.26.3.bb b/meta/recipes-devtools/go/go-cross-canadian_1.26.4.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.26.3.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.26.4.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.26.3.bb b/meta/recipes-devtools/go/go-cross_1.26.4.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.26.3.bb
rename to meta/recipes-devtools/go/go-cross_1.26.4.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.26.3.bb b/meta/recipes-devtools/go/go-crosssdk_1.26.4.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.26.3.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.26.4.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.26.3.bb b/meta/recipes-devtools/go/go-runtime_1.26.4.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.26.3.bb
rename to meta/recipes-devtools/go/go-runtime_1.26.4.bb
diff --git a/meta/recipes-devtools/go/go_1.26.3.bb b/meta/recipes-devtools/go/go_1.26.4.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.26.3.bb
rename to meta/recipes-devtools/go/go_1.26.4.bb
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 16/21] python3: upgrade 3.14.4 -> 3.14.5
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (14 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 15/21] go: upgrade 1.26.3 -> 1.26.4 Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 17/21] python3: Fix ThreadingMock call_count race condition Yoann Congal
` (4 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Release notes: [1] and [2].
Resolves following CVEs from reports:
* CVE-2026-1502
* CVE-2026-3087 (Windows specific)
* CVE-2026-3298 (Windows specific)
* CVE-2026-4786 (explicitly set, see Debian security tracker)
* CVE-2026-5713 (explicitly set, see Debian security tracker)
* CVE-2026-6019 (explicitly set, see Debian security tracker)
* CVE-2026-6100 (explicitly set, see Debian security tracker)
Also some security issues without CVE assignment.
Refresh patches.
[1] https://docs.python.org/3/whatsnew/changelog.html#python-3-14-5-final
[2] https://docs.python.org/3/whatsnew/changelog.html#python-3-14-5-release-candidate-1
(From OE-Core rev: 0df68073ebaecb968448dcf516b9085efadc6d29)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...01-Avoid-shebang-overflow-on-python-config.py.patch | 2 +-
....py-handle-stdin-I-O-errors-same-way-as-maste.patch | 2 +-
...e.pre-use-qemu-wrapper-when-gathering-profile.patch | 2 +-
...ailing-tests-due-to-load-variability-on-YP-AB.patch | 10 +++++-----
.../0001-Skip-flaky-test_default_timeout-tests.patch | 4 ++--
...-Update-test_sysconfig-for-posix_user-purelib.patch | 2 +-
...no_stdout_fileno-test-due-to-load-variability.patch | 2 +-
...01-test_active_children-skip-problematic-test.patch | 2 +-
.../0001-test_cmd-skip-bang-completion-test.patch | 2 +-
...-test_ctypes.test_find-skip-without-tools-sdk.patch | 2 +-
...test_locale.py-correct-the-test-output-format.patch | 2 +-
...test_only_active_thread-skip-problematic-test.patch | 2 +-
...repl-skip-test_unix_console.test_cursor_back_.patch | 2 +-
.../0001-test_readline-skip-limited-history-test.patch | 6 +++---
...sconfig-skip-test_sysconfig.test_sysconfigdat.patch | 2 +-
meta/recipes-devtools/python/python3/makerace.patch | 2 +-
.../python/{python3_3.14.4.bb => python3_3.14.5.bb} | 8 ++++++--
17 files changed, 29 insertions(+), 25 deletions(-)
rename meta/recipes-devtools/python/{python3_3.14.4.bb => python3_3.14.5.bb} (98%)
diff --git a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
index eaf5ea50496..c2106f94370 100644
--- a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
+++ b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
@@ -19,7 +19,7 @@ diff --git a/Makefile.pre.in b/Makefile.pre.in
index 9ec3a71..f7d5382 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -2585,6 +2585,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
+@@ -2829,6 +2829,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
@ # Substitution happens here, as the completely-expanded BINDIR
@ # is not available in configure
sed -e "s,@EXENAME@,$(EXENAME)," < $(srcdir)/Misc/python-config.in >python-config.py
diff --git a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
index 84ad2abb0bc..d9072a36f7b 100644
--- a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
+++ b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
@@ -32,7 +32,7 @@ diff --git a/Lib/pty.py b/Lib/pty.py
index 1d97994..fa8821b 100644
--- a/Lib/pty.py
+++ b/Lib/pty.py
-@@ -178,7 +178,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read):
+@@ -149,7 +149,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read):
i_buf = i_buf[n:]
if stdin_avail and STDIN_FILENO in rfds:
diff --git a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
index 39b62f6f26b..e25797f57ec 100644
--- a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
+++ b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
@@ -18,7 +18,7 @@ diff --git a/Makefile.pre.in b/Makefile.pre.in
index 3bd4495f95b..8e8fc60bc76 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -751,8 +751,7 @@ profile-run-stamp:
+@@ -857,8 +857,7 @@ profile-run-stamp:
# enabled.
$(MAKE) profile-gen-stamp
# Next, run the profile task to generate the profile information.
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
index 4a35e8854e1..a236268efb2 100644
--- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
+++ b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
@@ -30,7 +30,7 @@ diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.
index 9a72362c022..008e6a505a5 100644
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
-@@ -722,6 +722,7 @@ def test_close(self):
+@@ -774,6 +774,7 @@ class _TestProcess(BaseTestCase):
close_queue(q)
@support.requires_resource('walltime')
@@ -38,7 +38,7 @@ index 9a72362c022..008e6a505a5 100644
def test_many_processes(self):
if self.TYPE == 'threads':
self.skipTest('test not appropriate for {}'.format(self.TYPE))
-@@ -2345,6 +2346,7 @@ def _test_timeout_f(cls, barrier, results):
+@@ -2398,6 +2399,7 @@ class _TestBarrier(BaseTestCase):
except threading.BrokenBarrierError:
results.append(True)
@@ -46,7 +46,7 @@ index 9a72362c022..008e6a505a5 100644
def test_timeout(self):
"""
Test wait(timeout)
-@@ -5459,6 +5461,7 @@ def signal_and_sleep(cls, sem, period):
+@@ -5550,6 +5552,7 @@ class TestWait(unittest.TestCase):
time.sleep(period)
@support.requires_resource('walltime')
@@ -58,7 +58,7 @@ diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py
index 5312faa5077..36873d9a400 100644
--- a/Lib/test/test_time.py
+++ b/Lib/test/test_time.py
-@@ -548,6 +548,7 @@ def test_monotonic(self):
+@@ -548,6 +548,7 @@ class TimeTestCase(unittest.TestCase):
def test_perf_counter(self):
time.perf_counter()
@@ -66,7 +66,7 @@ index 5312faa5077..36873d9a400 100644
@unittest.skipIf(
support.is_wasi, "process_time not available on WASI"
)
-@@ -567,6 +568,7 @@ def test_process_time(self):
+@@ -567,6 +568,7 @@ class TimeTestCase(unittest.TestCase):
self.assertTrue(info.monotonic)
self.assertFalse(info.adjustable)
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch b/meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch
index 4e1bd833b46..d41037f9ea9 100644
--- a/meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch
+++ b/meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch
@@ -27,7 +27,7 @@ diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.
index e8064e7..9ab1f9e 100644
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
-@@ -2259,6 +2259,7 @@ class _TestBarrier(BaseTestCase):
+@@ -2424,6 +2424,7 @@ class _TestBarrier(BaseTestCase):
"""
Test the barrier's default timeout
"""
@@ -39,7 +39,7 @@ diff --git a/Lib/test/lock_tests.py b/Lib/test/lock_tests.py
index 8c8f890..43e9b90 100644
--- a/Lib/test/lock_tests.py
+++ b/Lib/test/lock_tests.py
-@@ -1165,6 +1165,7 @@ class BarrierTests(BaseTestCase):
+@@ -1215,6 +1215,7 @@ class BarrierTests(BaseTestCase):
"""
Test the barrier's default timeout
"""
diff --git a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
index adaca4ff779..6a62c6dc5b9 100644
--- a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
+++ b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
@@ -25,7 +25,7 @@ diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
index 1ade492..4e94889 100644
--- a/Lib/test/test_sysconfig.py
+++ b/Lib/test/test_sysconfig.py
-@@ -430,7 +430,7 @@ class TestSysConfig(unittest.TestCase):
+@@ -434,7 +434,7 @@ class TestSysConfig(unittest.TestCase, VirtualEnvironmentMixin):
expected = os.path.normpath(global_path.replace(base, user, 1))
# bpo-44860: platlib of posix_user doesn't use sys.platlibdir,
# whereas posix_prefix does.
diff --git a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
index 9bc8b091cc6..b186bdcb880 100644
--- a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
@@ -19,7 +19,7 @@ diff --git a/Lib/test/test_builtin.py b/Lib/test/test_builtin.py
index c5394de..ed17fb6 100644
--- a/Lib/test/test_builtin.py
+++ b/Lib/test/test_builtin.py
-@@ -2474,6 +2474,7 @@ class PtyTests(unittest.TestCase):
+@@ -2738,6 +2738,7 @@ class PtyTests(unittest.TestCase):
"byte 0xe9 in position 4: ordinal not in "
"range(128)")
diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
index 80aa29faf0e..d7202aa5757 100644
--- a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
@@ -21,7 +21,7 @@ diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.
index 008e6a505a5..746de8945f0 100644
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
-@@ -615,6 +615,7 @@ def test_cpu_count(self):
+@@ -667,6 +667,7 @@ class _TestProcess(BaseTestCase):
self.assertIsInstance(cpus, int)
self.assertGreaterEqual(cpus, 1)
diff --git a/meta/recipes-devtools/python/python3/0001-test_cmd-skip-bang-completion-test.patch b/meta/recipes-devtools/python/python3/0001-test_cmd-skip-bang-completion-test.patch
index d339e8c1981..f1ba044cc33 100644
--- a/meta/recipes-devtools/python/python3/0001-test_cmd-skip-bang-completion-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_cmd-skip-bang-completion-test.patch
@@ -18,7 +18,7 @@ diff --git a/Lib/test/test_cmd.py b/Lib/test/test_cmd.py
index dbfec42fc21..c33dab8d10d 100644
--- a/Lib/test/test_cmd.py
+++ b/Lib/test/test_cmd.py
-@@ -295,6 +295,7 @@ def do_tab_completion_test(self, args):
+@@ -295,6 +295,7 @@ class CmdTestReadline(unittest.TestCase):
self.assertIn(b'ab_completion_test', output)
self.assertIn(b'tab completion success', output)
diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
index 68e277d662e..cdcd9302d61 100644
--- a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
@@ -18,7 +18,7 @@ diff --git a/Lib/test/test_ctypes/test_find.py b/Lib/test/test_ctypes/test_find.
index 85b2861..b033203 100644
--- a/Lib/test/test_ctypes/test_find.py
+++ b/Lib/test/test_ctypes/test_find.py
-@@ -116,10 +116,12 @@ class FindLibraryLinux(unittest.TestCase):
+@@ -117,10 +117,12 @@ class FindLibraryLinux(unittest.TestCase):
# LD_LIBRARY_PATH)
self.assertEqual(find_library(libname), 'lib%s.so' % libname)
diff --git a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
index 189246911b4..201271b0c07 100644
--- a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
@@ -34,7 +34,7 @@ diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py
index da4bd79..fd9e67d 100644
--- a/Lib/test/test_locale.py
+++ b/Lib/test/test_locale.py
-@@ -501,7 +501,7 @@ class TestRealLocales(unittest.TestCase):
+@@ -500,7 +500,7 @@ class TestRealLocales(unittest.TestCase):
self.skipTest('test needs Turkish locale')
loc = locale.getlocale(locale.LC_CTYPE)
if verbose:
diff --git a/meta/recipes-devtools/python/python3/0001-test_only_active_thread-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_only_active_thread-skip-problematic-test.patch
index 4886b7e3863..bc436e077a6 100644
--- a/meta/recipes-devtools/python/python3/0001-test_only_active_thread-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_only_active_thread-skip-problematic-test.patch
@@ -17,7 +17,7 @@ diff --git a/Lib/test/test_external_inspection.py b/Lib/test/test_external_inspe
index a709b837161..7a87092c10e 100644
--- a/Lib/test/test_external_inspection.py
+++ b/Lib/test/test_external_inspection.py
-@@ -1111,6 +1111,7 @@ def test_self_trace(self):
+@@ -1154,6 +1154,7 @@ class TestGetStackTrace(unittest.TestCase):
],
)
diff --git a/meta/recipes-devtools/python/python3/0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch b/meta/recipes-devtools/python/python3/0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch
index e886c046cb7..97f78712668 100644
--- a/meta/recipes-devtools/python/python3/0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch
@@ -33,7 +33,7 @@ diff --git a/Lib/test/test_pyrepl/test_unix_console.py b/Lib/test/test_pyrepl/te
index 3b0d2637dab..5a3c8952f61 100644
--- a/Lib/test/test_pyrepl/test_unix_console.py
+++ b/Lib/test/test_pyrepl/test_unix_console.py
-@@ -172,6 +172,7 @@ def test_cursor_up_down(self, _os_write):
+@@ -186,6 +186,7 @@ class TestConsole(TestCase):
_os_write.assert_any_call(ANY, TERM_CAPABILITIES["cud"] + b":1")
con.restore()
diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
index a619d51c108..c59c6672e0c 100644
--- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
@@ -20,7 +20,7 @@ diff --git a/Lib/test/test_readline.py b/Lib/test/test_readline.py
index 537a9fb..ddf0323 100644
--- a/Lib/test/test_readline.py
+++ b/Lib/test/test_readline.py
-@@ -71,6 +71,7 @@ class TestHistoryManipulation (unittest.TestCase):
+@@ -74,6 +74,7 @@ class TestHistoryManipulation (unittest.TestCase):
@unittest.skipUnless(hasattr(readline, "append_history_file"),
"append_history not available")
@@ -28,7 +28,7 @@ index 537a9fb..ddf0323 100644
def test_write_read_append(self):
hfile = tempfile.NamedTemporaryFile(delete=False)
hfile.close()
-@@ -142,6 +143,7 @@ class TestHistoryManipulation (unittest.TestCase):
+@@ -145,6 +146,7 @@ class TestHistoryManipulation (unittest.TestCase):
self.assertEqual(readline.get_history_item(1), "entrée 1")
self.assertEqual(readline.get_history_item(2), "entrée 22")
@@ -36,7 +36,7 @@ index 537a9fb..ddf0323 100644
def test_write_read_limited_history(self):
previous_length = readline.get_history_length()
self.addCleanup(readline.set_history_length, previous_length)
-@@ -390,6 +392,7 @@ readline.write_history_file(history_file)
+@@ -393,6 +395,7 @@ readline.write_history_file(history_file)
self.assertIn(b"done", output)
diff --git a/meta/recipes-devtools/python/python3/0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch b/meta/recipes-devtools/python/python3/0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch
index 0fe9399bf1e..6dfba59a449 100644
--- a/meta/recipes-devtools/python/python3/0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch
@@ -19,7 +19,7 @@ diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
index 09eff11179e..14fcdedccba 100644
--- a/Lib/test/test_sysconfig.py
+++ b/Lib/test/test_sysconfig.py
-@@ -685,6 +685,7 @@ def test_makefile_overwrites_config_vars(self):
+@@ -689,6 +689,7 @@ class TestSysConfig(unittest.TestCase, VirtualEnvironmentMixin):
self.assertNotEqual(data['prefix'], data['base_prefix'])
self.assertNotEqual(data['exec_prefix'], data['base_exec_prefix'])
diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch
index bf73135e096..b29ea56cc34 100644
--- a/meta/recipes-devtools/python/python3/makerace.patch
+++ b/meta/recipes-devtools/python/python3/makerace.patch
@@ -20,7 +20,7 @@ diff --git a/Makefile.pre.in b/Makefile.pre.in
index be1b9ea..9ec3a71 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -2492,7 +2492,7 @@ COMPILEALL_OPTS=-j0
+@@ -2735,7 +2735,7 @@ COMPILEALL_OPTS=-j0
TEST_MODULES=@TEST_MODULES@
.PHONY: libinstall
diff --git a/meta/recipes-devtools/python/python3_3.14.4.bb b/meta/recipes-devtools/python/python3_3.14.5.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.14.4.bb
rename to meta/recipes-devtools/python/python3_3.14.5.bb
index 71f590f630f..b5c1d6fb3e8 100644
--- a/meta/recipes-devtools/python/python3_3.14.4.bb
+++ b/meta/recipes-devtools/python/python3_3.14.5.bb
@@ -40,8 +40,7 @@ SRC_URI:append:class-native = " \
file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
"
-SRC_URI[sha256sum] = "a97d5549e9ad81fe17159ed02c68774ad5d266c72f8d9a0b5a9c371fe85d902b"
-SRC_URI[sha256sum] = "d923c51303e38e249136fc1bdf3568d56ecb03214efdef48516176d3d7faaef8"
+SRC_URI[sha256sum] = "7e32597b99e5d9a39abed35de4693fa169df3e5850d4c334337ffd6a19a36db6"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
@@ -522,3 +521,8 @@ SYSROOT_PREPROCESS_FUNCS += " py3_sysroot_cleanup"
py3_sysroot_cleanup () {
rm -rf ${SYSROOT_DESTDIR}${libdir}/python${PYTHON_MAJMIN}/test
}
+
+CVE_STATUS[CVE-2026-4786] = "cpe-stable-backport: backported to v3.14.5"
+CVE_STATUS[CVE-2026-5713] = "cpe-stable-backport: backported to v3.14.5"
+CVE_STATUS[CVE-2026-6019] = "cpe-stable-backport: backported to v3.14.5"
+CVE_STATUS[CVE-2026-6100] = "cpe-stable-backport: backported to v3.14.5"
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 17/21] python3: Fix ThreadingMock call_count race condition
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (15 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 16/21] python3: upgrade 3.14.4 -> 3.14.5 Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 18/21] python3: use SKIPPED_TESTS instead of test skip patches Yoann Congal
` (3 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Sai Sneha <saisneha196@gmail.com>
ThreadingMock._increment_mock_call() was not thread-safe causing
intermittent ptest failures on qemuarm64:
FAIL: test_call_count_thread_safe
AssertionError: 983 != 1000
Each time a mock is called, Python reads the call_count, adds 1,
and writes it back. When multiple threads do this simultaneously,
some increments get lost because two threads can read the same
value before either writes back.
The fix adds a lock around this operation in ThreadingMock so
only one thread can update call_count at a time.
Reproduction and testing:
- x86 stress test (50 threads x 10000 calls x 30 runs):
Before fix: 23/30 failures, missing up to 42095 calls
After fix: 0/30 failures
- qemuarm64 (10 threads x 100 calls x 20 runs):
Before fix: 3/20 failures, missing up to 49 calls
After fix: 0/20 failures
- All 19 existing ThreadingMock tests pass
Upstream fix merged into CPython main:
https://github.com/python/cpython/pull/150176
Fixes [YOCTO #16213]
(From OE-Core rev: 6f7af3f76c8ce0a77ddc779a850071a714caff33)
Signed-off-by: Sai Sneha <saisneha196@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...eadingMock-call-count-race-condition.patch | 37 +++++++++++++++++++
.../recipes-devtools/python/python3_3.14.5.bb | 1 +
2 files changed, 38 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/0001-Fix-ThreadingMock-call-count-race-condition.patch
diff --git a/meta/recipes-devtools/python/python3/0001-Fix-ThreadingMock-call-count-race-condition.patch b/meta/recipes-devtools/python/python3/0001-Fix-ThreadingMock-call-count-race-condition.patch
new file mode 100644
index 00000000000..aba3188a59a
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0001-Fix-ThreadingMock-call-count-race-condition.patch
@@ -0,0 +1,37 @@
+From 388e023fe1197c1ffed374520ed45df4ac72b8f5 Mon Sep 17 00:00:00 2001
+From: Sai Sneha <saisneha196@gmail.com>
+Date: Thu, 21 May 2026 13:08:07 +0530
+Subject: [PATCH] Fix ThreadingMock call_count race condition
+
+ThreadingMock._increment_mock_call() was not thread-safe.
+Multiple threads calling the mock simultaneously could lose
+increments due to race conditions on call_count and other
+attributes.
+
+Fix by overriding _increment_mock_call in ThreadingMixin
+and wrapping it with the existing _mock_calls_events_lock.
+
+Upstream-Status: Backport [https://github.com/python/cpython/pull/150176]
+
+Signed-off-by: Sai Sneha <saisneha196@gmail.com>
+---
+ Lib/unittest/mock.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/Lib/unittest/mock.py b/Lib/unittest/mock.py
+index 16f3699e89..56cdc37942 100644
+--- a/Lib/unittest/mock.py
++++ b/Lib/unittest/mock.py
+@@ -3113,6 +3113,10 @@ def _mock_call(self, *args, **kwargs):
+
+ return ret_value
+
++ def _increment_mock_call(self, /, *args, **kwargs):
++ with self._mock_calls_events_lock:
++ super()._increment_mock_call(*args, **kwargs)
++
+ def wait_until_called(self, *, timeout=_timeout_unset):
+ """Wait until the mock object is called.
+
+--
+2.34.1
diff --git a/meta/recipes-devtools/python/python3_3.14.5.bb b/meta/recipes-devtools/python/python3_3.14.5.bb
index b5c1d6fb3e8..9e6738997d6 100644
--- a/meta/recipes-devtools/python/python3_3.14.5.bb
+++ b/meta/recipes-devtools/python/python3_3.14.5.bb
@@ -35,6 +35,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-Skip-flaky-test_default_timeout-tests.patch \
file://0001-test_only_active_thread-skip-problematic-test.patch \
file://0001-prefer-valid-entrypoints.patch \
+ file://0001-Fix-ThreadingMock-call-count-race-condition.patch \
"
SRC_URI:append:class-native = " \
file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 18/21] python3: use SKIPPED_TESTS instead of test skip patches
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (16 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 17/21] python3: Fix ThreadingMock call_count race condition Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-11 8:58 ` Paul Barker
2026-06-10 22:55 ` [OE-core][wrynose 19/21] python3: use += instead of :append in SKIPPED_TESTS Yoann Congal
` (2 subsequent siblings)
20 siblings, 1 reply; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Trevor Gamblin <tgamblin@baylibre.com>
Drop all 13 patches carried for skipping various known ptest failures
and replace them with usage of the SKIPPED_TESTS variable, which we have
started doing in recent commits (e.g. 40b0815dc9). Most but not all of
the test skips are due to load variability, distinguish between them by
using multiple SKIPPED_TESTS:append blocks with comments taken from the
patch files indicating their purpose. This adds 62 lines to the Python 3
recipe, but it also means that we no longer have to maintain the patch
files across version upgrades, where they often break due to changes in
the test modules upstream.
Results look the same as those from my last upgrade run:
|== Tests result: SUCCESS ==
|
|28 tests skipped:
| test.test_asyncio.test_windows_events
| test.test_asyncio.test_windows_utils test.test_gdb.test_backtrace
| test.test_gdb.test_cfunction test.test_gdb.test_cfunction_full
| test.test_gdb.test_misc test.test_gdb.test_pretty_print
| test_android test_apple test_asdl_parser test_clinic test_devpoll
| test_free_threading test_generated_cases test_idle test_kqueue
| test_launcher test_msvcrt test_startfile test_tcl test_tkinter
| test_ttk test_ttk_textonly test_turtle test_winapi
| test_winconsoleio test_winreg test_wmi
|
|9 tests skipped (resource denied):
| test_curses test_peg_generator test_smtpnet test_socketserver
| test_urllib2net test_urllibnet test_winsound test_xpickle
| test_zipfile64
|
|455 tests OK.
|
|Total duration: 3 min 9 sec
|Total tests: run=47,012 (filtered) skipped=2,336
|Total test files: run=483/492 (filtered) skipped=28 resource_denied=9
|Result: SUCCESS
|DURATION: 190
|END: /usr/lib/python3/ptest
|2026-05-29T02:22
|STOP: ptest-runner
|TOTAL: 1 FAIL: 0
(From OE-Core rev: a8b2baa6020f96468a98200619ec37c460694c4c)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...sts-due-to-load-variability-on-YP-AB.patch | 79 -----------------
...kip-flaky-test_default_timeout-tests.patch | 49 -----------
..._fileno-test-due-to-load-variability.patch | 29 -------
...ctive_children-skip-problematic-test.patch | 34 --------
...1-test_cmd-skip-bang-completion-test.patch | 31 -------
...pes.test_find-skip-without-tools-sdk.patch | 33 --------
...-test_deadlock-skip-problematic-test.patch | 27 ------
..._active_thread-skip-problematic-test.patch | 30 -------
...-test_unix_console.test_cursor_back_.patch | 46 ----------
...t_readline-skip-limited-history-test.patch | 46 ----------
...-test_shutdown-skip-problematic-test.patch | 43 ----------
...orlines-skip-due-to-load-variability.patch | 29 -------
...kip-test_sysconfig.test_sysconfigdat.patch | 32 -------
.../recipes-devtools/python/python3_3.14.5.bb | 84 +++++++++++++++----
14 files changed, 70 insertions(+), 522 deletions(-)
delete mode 100644 meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_cmd-skip-bang-completion-test.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_only_active_thread-skip-problematic-test.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
deleted file mode 100644
index a236268efb2..00000000000
--- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From aa32aef19d3a54a25dc16b3b77e29e902ee8abd7 Mon Sep 17 00:00:00 2001
-From: Yi Fan Yu <yifan.yu@windriver.com>
-Date: Thu, 1 Apr 2021 13:08:37 -0700
-Subject: [PATCH] Skip failing tests due to load variability on YP AB
-
-Skip these tests until AB-INT is solved.
-
-[YOCTO #14296]
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
-
-Skip two additional tests due to suspected load variability failures.
-
-[YOCTO #15131]
-[YOCTO #15177]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
-
-Refresh to apply on top of Python 3.14.0.
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/_test_multiprocessing.py | 3 +++
- Lib/test/test_time.py | 2 ++
- 2 files changed, 5 insertions(+)
-
-diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index 9a72362c022..008e6a505a5 100644
---- a/Lib/test/_test_multiprocessing.py
-+++ b/Lib/test/_test_multiprocessing.py
-@@ -774,6 +774,7 @@ class _TestProcess(BaseTestCase):
- close_queue(q)
-
- @support.requires_resource('walltime')
-+ @unittest.skip('timing related test, dependent on load')
- def test_many_processes(self):
- if self.TYPE == 'threads':
- self.skipTest('test not appropriate for {}'.format(self.TYPE))
-@@ -2398,6 +2399,7 @@ class _TestBarrier(BaseTestCase):
- except threading.BrokenBarrierError:
- results.append(True)
-
-+ @unittest.skip('timing related test, dependent on load')
- def test_timeout(self):
- """
- Test wait(timeout)
-@@ -5550,6 +5552,7 @@ class TestWait(unittest.TestCase):
- time.sleep(period)
-
- @support.requires_resource('walltime')
-+ @unittest.skip('timing related test, dependent on load')
- def test_wait_integer(self):
- from multiprocessing.connection import wait
-
-diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py
-index 5312faa5077..36873d9a400 100644
---- a/Lib/test/test_time.py
-+++ b/Lib/test/test_time.py
-@@ -548,6 +548,7 @@ class TimeTestCase(unittest.TestCase):
- def test_perf_counter(self):
- time.perf_counter()
-
-+ @unittest.skip('timing related test, dependent on load')
- @unittest.skipIf(
- support.is_wasi, "process_time not available on WASI"
- )
-@@ -567,6 +568,7 @@ class TimeTestCase(unittest.TestCase):
- self.assertTrue(info.monotonic)
- self.assertFalse(info.adjustable)
-
-+ @unittest.skip('timing related test, dependent on load')
- def test_thread_time(self):
- if not hasattr(time, 'thread_time'):
- if sys.platform.startswith(('linux', 'android', 'win')):
---
-2.52.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch b/meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch
deleted file mode 100644
index d41037f9ea9..00000000000
--- a/meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From baf2dda48e51fcb17a716e52cc5c4e162a6bb7d3 Mon Sep 17 00:00:00 2001
-From: Antonin Godard <antonin.godard@bootlin.com>
-Date: Mon, 19 Jan 2026 11:38:36 +0100
-Subject: [PATCH] Skip flaky test_default_timeout tests
-
-We have been observing issues with this test on the Autobuilder:
-https://bugzilla.yoctoproject.org/show_bug.cgi?id=15885
-
-The logs on the ticket above do not allow us to know which of the two
-"test_default_timeout" tests is failing, so disable both with
-self.skipTest().
-
-Excerpt from `ptest-runner python3`:
-
- test_default_timeout (test.test_multiprocessing_fork.test_manager.WithManagerTestBarrier.test_default_timeout)
- SKIP: Test the barrier's default timeout 'skip flaky timeout test'
-
-Upstream-Status: Inappropriate [OE specific, but might be related to https://github.com/python/cpython/issues/129266#issuecomment-2613058866]
-
-Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
----
- Lib/test/_test_multiprocessing.py | 1 +
- Lib/test/lock_tests.py | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index e8064e7..9ab1f9e 100644
---- a/Lib/test/_test_multiprocessing.py
-+++ b/Lib/test/_test_multiprocessing.py
-@@ -2424,6 +2424,7 @@ class _TestBarrier(BaseTestCase):
- """
- Test the barrier's default timeout
- """
-+ self.skipTest('skip flaky timeout test')
- barrier = self.Barrier(self.N, timeout=0.5)
- results = self.DummyList()
- self.run_threads(self._test_default_timeout_f, (barrier, results))
-diff --git a/Lib/test/lock_tests.py b/Lib/test/lock_tests.py
-index 8c8f890..43e9b90 100644
---- a/Lib/test/lock_tests.py
-+++ b/Lib/test/lock_tests.py
-@@ -1215,6 +1215,7 @@ class BarrierTests(BaseTestCase):
- """
- Test the barrier's default timeout
- """
-+ self.skipTest('skip flaky timeout test')
- timeout = 0.100
- barrier = self.barriertype(2, timeout=timeout)
- def f():
diff --git a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
deleted file mode 100644
index b186bdcb880..00000000000
--- a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From c5bdd39f8ebc4e6c58a47d7e424eac028eddb4ff Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Fri, 15 Sep 2023 08:48:33 -0400
-Subject: [PATCH] skip no_stdout_fileno test due to load variability
-
-Skip test_input_no_stdout_fileno so that it doesn't fail on systems
-under heavy load.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-[YOCTO #15210]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_builtin.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lib/test/test_builtin.py b/Lib/test/test_builtin.py
-index c5394de..ed17fb6 100644
---- a/Lib/test/test_builtin.py
-+++ b/Lib/test/test_builtin.py
-@@ -2738,6 +2738,7 @@ class PtyTests(unittest.TestCase):
- "byte 0xe9 in position 4: ordinal not in "
- "range(128)")
-
-+ @unittest.skip("Test may fail under heavy load")
- def test_input_no_stdout_fileno(self):
- # Issue #24402: If stdin is the original terminal but stdout.fileno()
- # fails, do not use the original stdout file descriptor
diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
deleted file mode 100644
index d7202aa5757..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 9c9aac87f48eaece5b99ea347b639c21eea84e6d Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Thu, 13 Jun 2024 10:54:31 -0400
-Subject: [PATCH] test_active_children: skip problematic test
-
-This test is failing in some tests on the Autobuilder. Since it's of a
-similar nature to other failing/hanging tests, disable it for now.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
-
-Refresh to apply on top of Python 3.14.0.
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/_test_multiprocessing.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index 008e6a505a5..746de8945f0 100644
---- a/Lib/test/_test_multiprocessing.py
-+++ b/Lib/test/_test_multiprocessing.py
-@@ -667,6 +667,7 @@ class _TestProcess(BaseTestCase):
- self.assertIsInstance(cpus, int)
- self.assertGreaterEqual(cpus, 1)
-
-+ @unittest.skip("skipping problematic test")
- def test_active_children(self):
- self.assertEqual(type(self.active_children()), list)
-
---
-2.51.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_cmd-skip-bang-completion-test.patch b/meta/recipes-devtools/python/python3/0001-test_cmd-skip-bang-completion-test.patch
deleted file mode 100644
index f1ba044cc33..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_cmd-skip-bang-completion-test.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 614e3aefec85b51a611f85a55b6760f12e29b953 Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Mon, 27 Oct 2025 09:52:46 -0400
-Subject: [PATCH] test_cmd: skip bang completion test
-
-We compile Python3 with editline support by default, which has tab completion
-but not bang completion. If building with readline,
-test_bang_completion_without_do_shell() passes. Skip the test because of this.
-
-Upstream-Status: Inappropriate [embedded-specific]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_cmd.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lib/test/test_cmd.py b/Lib/test/test_cmd.py
-index dbfec42fc21..c33dab8d10d 100644
---- a/Lib/test/test_cmd.py
-+++ b/Lib/test/test_cmd.py
-@@ -295,6 +295,7 @@ class CmdTestReadline(unittest.TestCase):
- self.assertIn(b'ab_completion_test', output)
- self.assertIn(b'tab completion success', output)
-
-+ @unittest.skip('no bang completion without readline')
- def test_bang_completion_without_do_shell(self):
- script = textwrap.dedent("""
- import cmd
---
-2.51.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
deleted file mode 100644
index cdcd9302d61..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0e9d0c58e77ef540d9601ce84a1aa79d9ce6ee9b Mon Sep 17 00:00:00 2001
-From: Tim Orling <timothy.t.orling@intel.com>
-Date: Fri, 18 Jun 2021 11:56:50 -0700
-Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk
-
-These tests need full packagegroup-core-buildessential, the
-easiest way to dynamically check for that is looking for
-'tools-sdk' in IMAGE_FEATURES.
-
-Upstream-Status: Inappropriate [oe-specific]
-
-Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
----
- Lib/test/test_ctypes/test_find.py | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/Lib/test/test_ctypes/test_find.py b/Lib/test/test_ctypes/test_find.py
-index 85b2861..b033203 100644
---- a/Lib/test/test_ctypes/test_find.py
-+++ b/Lib/test/test_ctypes/test_find.py
-@@ -117,10 +117,12 @@ class FindLibraryLinux(unittest.TestCase):
- # LD_LIBRARY_PATH)
- self.assertEqual(find_library(libname), 'lib%s.so' % libname)
-
-+ @unittest.skip("Needs IMAGE_FEATURE += \"tools-sdk\"")
- def test_find_library_with_gcc(self):
- with unittest.mock.patch("ctypes.util._findSoname_ldconfig", lambda *args: None):
- self.assertNotEqual(find_library('c'), None)
-
-+ @unittest.skip("Needs IMAGE_FEATURE += \"tools-sdk\"")
- def test_find_library_with_ld(self):
- with unittest.mock.patch("ctypes.util._findSoname_ldconfig", lambda *args: None), \
- unittest.mock.patch("ctypes.util._findLib_gcc", lambda *args: None):
diff --git a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
deleted file mode 100644
index 3336e2913a1..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 5a44f74549b32395109342e9299510c32db71068 Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Wed, 12 Jun 2024 10:29:03 -0400
-Subject: [PATCH] test_deadlock: skip problematic test
-
-This test hangs frequently when run on the Autobuilder. Disable it in
-testing until the cause can be determined.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_concurrent_futures/test_deadlock.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lib/test/test_concurrent_futures/test_deadlock.py b/Lib/test/test_concurrent_futures/test_deadlock.py
-index 3c30c45..008d6c0 100644
---- a/Lib/test/test_concurrent_futures/test_deadlock.py
-+++ b/Lib/test/test_concurrent_futures/test_deadlock.py
-@@ -90,6 +90,7 @@ class ErrorAtUnpickle(object):
- return _raise_error_ignore_stderr, (UnpicklingError, )
-
-
-+@unittest.skip("skipping problematic test")
- class ExecutorDeadlockTest:
- TIMEOUT = support.LONG_TIMEOUT
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_only_active_thread-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_only_active_thread-skip-problematic-test.patch
deleted file mode 100644
index bc436e077a6..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_only_active_thread-skip-problematic-test.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 0524821f8fcbdea2fbd90f199e7fb4950f50530f Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Tue, 3 Mar 2026 09:27:10 -0500
-Subject: [PATCH] test_only_active_thread: skip problematic test
-
-This test hangs frequently when run on the Autobuilder. Disable it in
-testing for now.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_external_inspection.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lib/test/test_external_inspection.py b/Lib/test/test_external_inspection.py
-index a709b837161..7a87092c10e 100644
---- a/Lib/test/test_external_inspection.py
-+++ b/Lib/test/test_external_inspection.py
-@@ -1154,6 +1154,7 @@ class TestGetStackTrace(unittest.TestCase):
- ],
- )
-
-+ @unittest.skip("skipping problematic test")
- @skip_if_not_supported
- @unittest.skipIf(
- sys.platform == "linux" and not PROCESS_VM_READV_SUPPORTED,
---
-2.53.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch b/meta/recipes-devtools/python/python3/0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch
deleted file mode 100644
index 97f78712668..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 66a806ea05ecaf483753de3719041944daae42b0 Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Mon, 27 Oct 2025 13:21:14 -0400
-Subject: [PATCH] test_pyrepl: skip test_unix_console.test_cursor_back_write
-
-This test was not run prior to 3.14 due to Python not having access to
-the curses resource. In 3.14, PyREPL's dependency on curses has been
-removed, instead relying on the terminfo module. This results in a
-terminal capability list that does not include ICH1, resulting in an
-"optimization" occurring from PyREPL's side that causes
-test_cursor_back_write() to fail. Specifically, the test tests the
-following writes in sequence:
-
-1. b"1"
-2. TERM_CAPABILITIES["cub"] + b":1"
-3. ANY, b"2"
-
-The first two writes are read correctly, but the result for the third
-write is seeing the equivalent of:
-
-ANY, b"21"
-
-Skip this test.
-
-Upstream-Status: Inappropriate [embedded-specific]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_pyrepl/test_unix_console.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lib/test/test_pyrepl/test_unix_console.py b/Lib/test/test_pyrepl/test_unix_console.py
-index 3b0d2637dab..5a3c8952f61 100644
---- a/Lib/test/test_pyrepl/test_unix_console.py
-+++ b/Lib/test/test_pyrepl/test_unix_console.py
-@@ -186,6 +186,7 @@ class TestConsole(TestCase):
- _os_write.assert_any_call(ANY, TERM_CAPABILITIES["cud"] + b":1")
- con.restore()
-
-+ @unittest.skip('no ich1 support in vt102 terminfo')
- def test_cursor_back_write(self, _os_write):
- events = itertools.chain(
- code_to_events("1"),
---
-2.51.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
deleted file mode 100644
index c59c6672e0c..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 1a0a145261ba4f97aaff3c0c656ac2e0ad9695a8 Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Tue, 13 Aug 2024 11:07:05 -0400
-Subject: [PATCH] test_readline: skip limited history test
-
-This test was added recently and is failing on the ptest image when
-using the default PACKAGECONFIG settings (i.e. with editline instead of
-readline).. Disable it until the proper fix is determined.
-
-A bug has been opened upstream: https://github.com/python/cpython/issues/123018
-
-Upstream-Status: Inappropriate [OE-specific]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_readline.py | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/Lib/test/test_readline.py b/Lib/test/test_readline.py
-index 537a9fb..ddf0323 100644
---- a/Lib/test/test_readline.py
-+++ b/Lib/test/test_readline.py
-@@ -74,6 +74,7 @@ class TestHistoryManipulation (unittest.TestCase):
-
- @unittest.skipUnless(hasattr(readline, "append_history_file"),
- "append_history not available")
-+ @unittest.skip("Skipping problematic test")
- def test_write_read_append(self):
- hfile = tempfile.NamedTemporaryFile(delete=False)
- hfile.close()
-@@ -145,6 +146,7 @@ class TestHistoryManipulation (unittest.TestCase):
- self.assertEqual(readline.get_history_item(1), "entrée 1")
- self.assertEqual(readline.get_history_item(2), "entrée 22")
-
-+ @unittest.skip("Skipping problematic test")
- def test_write_read_limited_history(self):
- previous_length = readline.get_history_length()
- self.addCleanup(readline.set_history_length, previous_length)
-@@ -393,6 +395,7 @@ readline.write_history_file(history_file)
- self.assertIn(b"done", output)
-
-
-+ @unittest.skip("Skipping problematic test")
- def test_write_read_limited_history(self):
- previous_length = readline.get_history_length()
- self.addCleanup(readline.set_history_length, previous_length)
diff --git a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
deleted file mode 100644
index 4e284de6137..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From b678363156b5d40e09c1d138840180e3ddc7d20b Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Wed, 8 May 2024 11:58:09 -0400
-Subject: [PATCH] test_shutdown: skip problematic test
-
-This test hangs frequently when run on the Autobuilder. Disable it in
-testing until the cause can be determined.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_concurrent_futures/test_shutdown.py | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/Lib/test/test_concurrent_futures/test_shutdown.py b/Lib/test/test_concurrent_futures/test_shutdown.py
-index 7a4065a..6b878a4 100644
---- a/Lib/test/test_concurrent_futures/test_shutdown.py
-+++ b/Lib/test/test_concurrent_futures/test_shutdown.py
-@@ -20,6 +20,7 @@ def sleep_and_print(t, msg):
- sys.stdout.flush()
-
-
-+@unittest.skip("skipping problematic test")
- class ExecutorShutdownTest:
- def test_run_after_shutdown(self):
- self.executor.shutdown()
-@@ -156,6 +157,7 @@ class ExecutorShutdownTest:
- signal.signal(signal.SIGALRM, old_handler)
-
-
-+@unittest.skip("skipping problematic test")
- class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase):
- def test_threads_terminate(self):
- def acquire_lock(lock):
-@@ -252,6 +254,7 @@ class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase
- self.assertIn(out.strip(), [b"apple", b""])
-
-
-+@unittest.skip("skipping problematic test")
- class ProcessPoolShutdownTest(ExecutorShutdownTest):
- def test_processes_terminate(self):
- def acquire_lock(lock):
diff --git a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
deleted file mode 100644
index b452c6556fa..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 9f252a691cd335341938489da32d6e2d4620d8ca Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Fri, 6 Oct 2023 10:59:44 -0400
-Subject: [PATCH] test_storlines: skip due to load variability
-
-This is yet another test that intermittently fails on the Yocto AB when
-a worker is under heavy load, so skip it during testing.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-[YOCTO #14933]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_ftplib.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
-index bed0e6d..36602be 100644
---- a/Lib/test/test_ftplib.py
-+++ b/Lib/test/test_ftplib.py
-@@ -630,6 +630,7 @@ class TestFTPClass(TestCase):
- self.client.storbinary('stor', f, rest=r)
- self.assertEqual(self.server.handler_instance.rest, str(r))
-
-+ @unittest.skip('timing related test, dependent on load')
- def test_storlines(self):
- data = RETR_DATA.replace('\r\n', '\n').encode(self.client.encoding)
- f = io.BytesIO(data)
diff --git a/meta/recipes-devtools/python/python3/0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch b/meta/recipes-devtools/python/python3/0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch
deleted file mode 100644
index 6dfba59a449..00000000000
--- a/meta/recipes-devtools/python/python3/0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From ac5635821ed9bead45a5bcddc3828e50647fbe77 Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin <tgamblin@baylibre.com>
-Date: Mon, 27 Oct 2025 14:24:24 -0400
-Subject: [PATCH] test_sysconfig: skip test_sysconfig.test_sysconfigdata_json
-
-This test seems new as of 3.14.0 and fails due to various path and flag
-differences in variables like CFLAGS. Since the test already has the
-precedent of a skip put in place for Android builds due to prefix
-changes, skip it for our situation too.
-
-Upstream-Status: Inappropriate [embedded-specific]
-
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- Lib/test/test_sysconfig.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
-index 09eff11179e..14fcdedccba 100644
---- a/Lib/test/test_sysconfig.py
-+++ b/Lib/test/test_sysconfig.py
-@@ -689,6 +689,7 @@ class TestSysConfig(unittest.TestCase, VirtualEnvironmentMixin):
- self.assertNotEqual(data['prefix'], data['base_prefix'])
- self.assertNotEqual(data['exec_prefix'], data['base_exec_prefix'])
-
-+ @unittest.skip('OE adds/modifies various flags and paths/prefixes')
- @unittest.skipIf(os.name != 'posix', '_sysconfig-vars JSON file is only available on POSIX')
- @unittest.skipIf(is_wasi, "_sysconfig-vars JSON file currently isn't available on WASI")
- @unittest.skipIf(is_android or is_apple_mobile, 'Android and iOS change the prefix')
---
-2.51.0
-
diff --git a/meta/recipes-devtools/python/python3_3.14.5.bb b/meta/recipes-devtools/python/python3_3.14.5.bb
index 9e6738997d6..2f821b130f0 100644
--- a/meta/recipes-devtools/python/python3_3.14.5.bb
+++ b/meta/recipes-devtools/python/python3_3.14.5.bb
@@ -15,25 +15,12 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://reformat_sysconfig.py \
file://0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch \
file://0001-test_locale.py-correct-the-test-output-format.patch \
- file://0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch \
- file://0001-test_ctypes.test_find-skip-without-tools-sdk.patch \
file://makerace.patch \
file://0001-sysconfig.py-use-platlibdir-also-for-purelib.patch \
file://0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch \
file://valid-dists.patch \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
file://0001-Update-test_sysconfig-for-posix_user-purelib.patch \
- file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \
- file://0001-test_storlines-skip-due-to-load-variability.patch \
- file://0001-test_shutdown-skip-problematic-test.patch \
- file://0001-test_deadlock-skip-problematic-test.patch \
- file://0001-test_active_children-skip-problematic-test.patch \
- file://0001-test_readline-skip-limited-history-test.patch \
- file://0001-test_cmd-skip-bang-completion-test.patch \
- file://0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch \
- file://0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch \
- file://0001-Skip-flaky-test_default_timeout-tests.patch \
- file://0001-test_only_active_thread-skip-problematic-test.patch \
file://0001-prefer-valid-entrypoints.patch \
file://0001-Fix-ThreadingMock-call-count-race-condition.patch \
"
@@ -252,7 +239,76 @@ do_install:append:class-nativesdk () {
create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1'
}
-SKIPPED_TESTS = "--ignore test.test_os.test_os.TimerfdTests.test_timerfd_TFD_TIMER_ABSTIME"
+# Tests failing due to load variability. Bugs were opened at
+# https://bugzilla.yoctoproject.org/ to track some of these:
+# 14296 (test_many_processes, test_process_time, test_thread_time, test_wait_integer)
+# 14933 (test_storlines)
+# 15120 (test_input_no_stdout_fileno)
+# 15131 (*TestBarrier.test_timeout)
+# 15177 (test_thread_time)
+# 15743 (test.test_os.test_os.TimerfdTests.test_timerfd_TFD_TIMER_ABSTIME)
+# 15885 (test_default_timeout)
+SKIPPED_TESTS = " \
+ --ignore *TestBarrier.test_timeout \
+ --ignore ExecutorDeadlockTest \
+ --ignore ExecutorShutdownTest \
+ --ignore ProcessPoolShutdownTest \
+ --ignore ThreadPoolShutdownTest \
+ --ignore test.test_os.test_os.TimerfdTests.test_timerfd_TFD_TIMER_ABSTIME \
+ --ignore test_active_children \
+ --ignore test_default_timeout \
+ --ignore test_input_no_stdout_fileno \
+ --ignore test_many_processes \
+ --ignore test_only_active_thread \
+ --ignore test_process_time \
+ --ignore test_storlines \
+ --ignore test_thread_time \
+ --ignore test_wait_integer \
+ --ignore test_write_read_append \
+"
+
+# We build Python3 with editline support by default, which has tab completion
+# but not bang completion. test_bang_completion_without_do_shell() passes if
+# building with readline, but we don't want to change the default, so skip the
+# test.
+SKIPPED_TESTS:append = " \
+ --ignore test_bang_completion_without_do_shell \
+"
+
+# Also fails with editline instead of readline. See:
+# https://github.com/python/cpython/issues/123018
+SKIPPED_TESTS:append = " \
+ --ignore test_write_read_limited_history \
+"
+
+# In 3.14+ PyREPL's uses terminfo instead of curses. ICH1, is not in the
+# resulting terminal capabilities, in an "optimization" occurring from PyREPL's
+# side that causes test_cursor_back_write() to fail. Specifically, the test
+# tests the following writes in sequence:
+#
+# 1. b"1"
+# 2. TERM_CAPABILITIES["cub"] + b":1"
+# 3. ANY, b"2"
+#
+# The first two writes are read correctly, but the result for the third
+# write is seeing the equivalent of:
+#
+# ANY, b"21"
+SKIPPED_TESTS:append = " \
+ --ignore test_cursor_back_write \
+"
+
+# Needs IMAGE_FEATURE += \"tools-sdk\"
+SKIPPED_TESTS:append = " \
+ --ignore test_find_library_with_gcc \
+ --ignore test_find_library_with_ld \
+"
+
+# Fails due to differences in CFLAGS as as modified during build
+SKIPPED_TESTS:append = " \
+ --ignore test_sysconfigdata_json \
+"
+
SKIPPED_TESTS:append:class-target:libc-musl = " \
-x test__locale \
-x test_c_locale_coercion \
^ permalink raw reply related [flat|nested] 24+ messages in thread* Re: [OE-core][wrynose 18/21] python3: use SKIPPED_TESTS instead of test skip patches
2026-06-10 22:55 ` [OE-core][wrynose 18/21] python3: use SKIPPED_TESTS instead of test skip patches Yoann Congal
@ 2026-06-11 8:58 ` Paul Barker
2026-06-11 10:39 ` Yoann Congal
0 siblings, 1 reply; 24+ messages in thread
From: Paul Barker @ 2026-06-11 8:58 UTC (permalink / raw)
To: yoann.congal, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 907 bytes --]
On Thu, 2026-06-11 at 00:55 +0200, Yoann Congal via
lists.openembedded.org wrote:
> From: Trevor Gamblin <tgamblin@baylibre.com>
>
> Drop all 13 patches carried for skipping various known ptest failures
> and replace them with usage of the SKIPPED_TESTS variable, which we have
> started doing in recent commits (e.g. 40b0815dc9). Most but not all of
> the test skips are due to load variability, distinguish between them by
> using multiple SKIPPED_TESTS:append blocks with comments taken from the
> patch files indicating their purpose. This adds 62 lines to the Python 3
> recipe, but it also means that we no longer have to maintain the patch
> files across version upgrades, where they often break due to changes in
> the test modules upstream.
Hi Yoann,
What's the reason for backporting this (and the following patch) to the
stable branch?
Best regards,
--
Paul Barker
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [OE-core][wrynose 18/21] python3: use SKIPPED_TESTS instead of test skip patches
2026-06-11 8:58 ` Paul Barker
@ 2026-06-11 10:39 ` Yoann Congal
0 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-11 10:39 UTC (permalink / raw)
To: Paul Barker, openembedded-core
On Thu Jun 11, 2026 at 10:58 AM CEST, Paul Barker wrote:
> On Thu, 2026-06-11 at 00:55 +0200, Yoann Congal via
> lists.openembedded.org wrote:
>> From: Trevor Gamblin <tgamblin@baylibre.com>
>>
>> Drop all 13 patches carried for skipping various known ptest failures
>> and replace them with usage of the SKIPPED_TESTS variable, which we have
>> started doing in recent commits (e.g. 40b0815dc9). Most but not all of
>> the test skips are due to load variability, distinguish between them by
>> using multiple SKIPPED_TESTS:append blocks with comments taken from the
>> patch files indicating their purpose. This adds 62 lines to the Python 3
>> recipe, but it also means that we no longer have to maintain the patch
>> files across version upgrades, where they often break due to changes in
>> the test modules upstream.
>
> Hi Yoann,
>
> What's the reason for backporting this (and the following patch) to the
> stable branch?
Hello,
Mainly, it was to make future backports easier to hopefully fix the
AB-INTs we have on python (as it would align wrynose & master for the
python recipe). But I admit this is a weak argument. I don't mind
dropping those now and revisit when we have an actual fix to backport.
>
> Best regards,
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][wrynose 19/21] python3: use += instead of :append in SKIPPED_TESTS
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (17 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 18/21] python3: use SKIPPED_TESTS instead of test skip patches Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 20/21] python3: sanitize userbase in _sysconfig_vars JSON to avoid host path leak Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 21/21] python3: reference upstream ticket in a test skip Yoann Congal
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
+= is less computationally intensive than :append so use it unless the
semantics of :append are needed.
Also remove the class-target override, this is not required as ptests
are only used in target builds.
(From OE-Core rev: 8ba5db86ac364b85fa6c1ee36fa5a037c0ee818a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/python/python3_3.14.5.bb | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/meta/recipes-devtools/python/python3_3.14.5.bb b/meta/recipes-devtools/python/python3_3.14.5.bb
index 2f821b130f0..501de75fb18 100644
--- a/meta/recipes-devtools/python/python3_3.14.5.bb
+++ b/meta/recipes-devtools/python/python3_3.14.5.bb
@@ -271,13 +271,13 @@ SKIPPED_TESTS = " \
# but not bang completion. test_bang_completion_without_do_shell() passes if
# building with readline, but we don't want to change the default, so skip the
# test.
-SKIPPED_TESTS:append = " \
+SKIPPED_TESTS += " \
--ignore test_bang_completion_without_do_shell \
"
# Also fails with editline instead of readline. See:
# https://github.com/python/cpython/issues/123018
-SKIPPED_TESTS:append = " \
+SKIPPED_TESTS += " \
--ignore test_write_read_limited_history \
"
@@ -294,22 +294,22 @@ SKIPPED_TESTS:append = " \
# write is seeing the equivalent of:
#
# ANY, b"21"
-SKIPPED_TESTS:append = " \
+SKIPPED_TESTS += " \
--ignore test_cursor_back_write \
"
# Needs IMAGE_FEATURE += \"tools-sdk\"
-SKIPPED_TESTS:append = " \
+SKIPPED_TESTS += " \
--ignore test_find_library_with_gcc \
--ignore test_find_library_with_ld \
"
# Fails due to differences in CFLAGS as as modified during build
-SKIPPED_TESTS:append = " \
+SKIPPED_TESTS += " \
--ignore test_sysconfigdata_json \
"
-SKIPPED_TESTS:append:class-target:libc-musl = " \
+SKIPPED_TESTS:append:libc-musl = " \
-x test__locale \
-x test_c_locale_coercion \
-x test_locale \
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 20/21] python3: sanitize userbase in _sysconfig_vars JSON to avoid host path leak
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (18 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 19/21] python3: use += instead of :append in SKIPPED_TESTS Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
2026-06-10 22:55 ` [OE-core][wrynose 21/21] python3: reference upstream ticket in a test skip Yoann Congal
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Bin Cao <bin.cao.cn@windriver.com>
The _sysconfig_vars__linux_x86_64-linux-gnu.json file contains a
"userbase" field that is populated from the build host user's $HOME
at build time. This leaks the build host user's home directory path
into the target rootfs.
The existing py_package_preprocess() cleanup for this JSON file only
strips known OE build path prefixes (STAGING_DIR_TARGET, RECIPE_SYSROOT,
etc.), but the userbase value comes from the build user's $HOME
environment variable which doesn't match any of those patterns.
Set userbase to an empty string in the packaged JSON. This is safe
because at runtime, sysconfig.get_config_vars() always recomputes
userbase by calling _getuserbase(), which resolves the actual target
user's ~/.local path dynamically. The static value in the JSON is
never used for runtime path resolution.
(From OE-Core rev: beb245ef60c63359cd4f5e285d2f31c5c572b51e)
Signed-off-by: Bin Cao <bin.cao.cn@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/python/python3_3.14.5.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/python/python3_3.14.5.bb b/meta/recipes-devtools/python/python3_3.14.5.bb
index 501de75fb18..919cfde9aec 100644
--- a/meta/recipes-devtools/python/python3_3.14.5.bb
+++ b/meta/recipes-devtools/python/python3_3.14.5.bb
@@ -390,6 +390,7 @@ py_package_preprocess () {
-e 's:${RECIPE_SYSROOT_NATIVE}::g' \
-e 's:${RECIPE_SYSROOT}::g' \
-e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \
+ -e 's|"userbase": ".*"|"userbase": ""|g' \
${PKGD}/${libdir}/python${PYTHON_MAJMIN}/_sysconfig_vars*.json
}
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][wrynose 21/21] python3: reference upstream ticket in a test skip
2026-06-10 22:54 [OE-core][wrynose 00/21] Patch review Yoann Congal
` (19 preceding siblings ...)
2026-06-10 22:55 ` [OE-core][wrynose 20/21] python3: sanitize userbase in _sysconfig_vars JSON to avoid host path leak Yoann Congal
@ 2026-06-10 22:55 ` Yoann Congal
20 siblings, 0 replies; 24+ messages in thread
From: Yoann Congal @ 2026-06-10 22:55 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
I've filed a ticket upstream for the libedit-related test failure in
test_bang_completion_without_do_shell(), add a reference to the comment.
(From OE-Core rev: b5c24e1491dcb9ab0f782df6be6582fbd2151724)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/python/python3_3.14.5.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/python/python3_3.14.5.bb b/meta/recipes-devtools/python/python3_3.14.5.bb
index 919cfde9aec..02bda8ddcf5 100644
--- a/meta/recipes-devtools/python/python3_3.14.5.bb
+++ b/meta/recipes-devtools/python/python3_3.14.5.bb
@@ -271,6 +271,7 @@ SKIPPED_TESTS = " \
# but not bang completion. test_bang_completion_without_do_shell() passes if
# building with readline, but we don't want to change the default, so skip the
# test.
+# https://github.com/python/cpython/issues/150922
SKIPPED_TESTS += " \
--ignore test_bang_completion_without_do_shell \
"
^ permalink raw reply related [flat|nested] 24+ messages in thread